= Postfix Design =
The Postfix system has a sophisticated and opinionated design.
<<TableOfContents>>
----
== System ==
Postfix is a coordination of '''daemons''' and '''queues'''.
The queues are:
* '''maildrop''' for local mail posted by `sendmail(1)`
* '''hold''' for mail that required administrater intervention
* '''incoming''' for mail recieved
* '''active''' for delivery
* '''deferred''' for mail that temporarily failed to deliver
Local mail sent by `sendmail(1)` is passed to `postdrop(1)`, which enqueues mail into maildrop. `pickup(8)` then passes mail from maildrop to `cleanup(8)`.
Received mail, whether by `smtpd(8)` or `qmqpd(8)`, is passed directly to `cleanup(8)`.
`cleanup(8)` passes back and forth with `trivial-rewrite(8)` and enqueues mail into incoming.
`qmgr(8)` moves mail from incoming into active and deferred, and schedules delivery by any of `smtp(8)`, `lmtp(8)`, `local(8)`, `virtual(8)`, or `pipe(8)`.
`master(8)` manages all daemons.
----
== Master ==
The `master(8)` configuration file (a.k.a. `master(5)`) looks like:
{{{
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
postlog unix-dgram n - n - 1 postlogd
}}}
A line beginning with `#` is ignored. A line beginning with whitespace is considered a continuation of the previous line. In this manner, un-commented or re-commenting a line that otherwise begins with whitespace is the method for activating and deactivating options that refer to the preceding service. All other lines should indicate a '''service''' that is active.
----
== Services ==
Services have implied ports.
* `lmtp` implies port 24
* `smtp` implies port 25
* `smtps` implies port 465 and implicit [[Encryption/TLS|TLS]]
* `submission` implies port 587 and [[Encryption/STARTTLS|STARTTLS]]
----
CategoryRicottone