Robert Lopez put forth on 10/30/2009 6:57 PM:
> It is not clear to me what the benefit of multiple files is beyond
> this association.
Organization and ease of management for one. For example:
smtpd_client_restrictions =
check_recipient_access hash:/etc/postfix/access
check_client_access hash:/etc/postfix/access
pcre:/etc/postfix/check_client_fqdn.pcre
hash:/etc/postfix/coolsavings.access
hash:/etc/postfix/richk-1.access
cidr:/etc/postfix/cidr_files/china.cidr
cidr:/etc/postfix/cidr_files/korea.cidr
cidr:/etc/postfix/cidr_files/russia.cidr
cidr:/etc/postfix/cidr_files/ukraine.cidr
cidr:/etc/postfix/cidr_files/malaysia.cidr
cidr:/etc/postfix/cidr_files/belarus.cidr
cidr:/etc/postfix/cidr_files/indonesia.cidr
cidr:/etc/postfix/cidr_files/hongkong.cidr
cidr:/etc/postfix/cidr_files/africa.cidr
cidr:/etc/postfix/cidr_files/romania.cidr
cidr:/etc/postfix/cidr_files/thailand.cidr
cidr:/etc/postfix/cidr_files/poland.cidr
cidr:/etc/postfix/cidr_files/spammer.cidr
cidr:/etc/postfix/cidr_files/hurricane-electric.cidr
cidr:/etc/postfix/cidr_files/richk-1.cidr
pcre:/etc/postfix/access.pcre
My access file contains some whitelist email addresses, some whitelist
domains, some blacklist domains, and some whitelist and blacklist IP
addresses, so I do have some consolidation in the one file and I use it
in multiple restriction classes. However, it's by far my smallest table
file. Some of my cidr files are pretty large. Note that I'm using the
IPdeny (http://www.ipdeny.com) data and rejecting entire countries' smtp
connections. Some of those files have thousands of entries. Note also
that I'm using multiple table types, hash, cidr, and pcre. It's better
to use multiple files in this kind of setup.
> This may be another point where I am confused. I am thinking relay is when a
> postfix server accepts email for u...@cnm.edu and then rewrites that address
> to what is found in a table for the user where the email is then sent
> to u...@other.domain.
> I may have to read that a few times to get it all straight.
No, relay strictly means Postfix is not the final destination for a
given domain, thus Postfix relays the email to the appropriate server,
or rejects the email if Postfix is not configured to relay for a given
domain. See:
http://www.postfix.org/postconf.5.html#relay_domains
> Is that "cnm.edu ESMTP" or default?
It's a simple banner message displayed to a remote host when it connects
to deliver mail to your MX. You don't need to define it. Postfix does
it for you. Just delete that line from main.cf. Humans never see it
anyway, unless they telnet to your port TCP 25 for testing or something.
Here's an example of the Postfix default banner (mine):
220 greer.hardwarefreak.com ESMTP Postfix
Here's the banner on Wietse's server. Wietse is the creator of Postfix.
220 spike.porcupine.org ESMTP Postfix (2.7-20091023)
IMHO, there's really no good reason to change the default banner.
--
Stan
