Hi, Good idea.
I'll soon install a centralized logs server (with rsync) for logs retention an alalysis, maybe I will use this server to update Postfix files. It will be in the trusted network, so, I will generate SSH Keys. The private Key will be stored in the trusted network, and the public Key on each Postfix server (DMZ). All I need is to create a script that synchronize the files et then run the Make (remote) command. This seems to be the most suitable solution for me. Thanks everybody, Luis mouss-4 wrote: > > Le 26/02/2011 08:46, Luis Esteves a écrit : >> >> Yes, relay_domains, sender_access, ....and more. >> >> Maybe the easier solution is to use the ssh/keys, but is it not dangerous >> to >> store private keys on a DMZ ? >> > > Use a trusted host in a trusted place to push the configuration to all > your servers. This is typically done from a management zone connected > using a management network. > > so on the trusted host, you can have an ssh agent so that you don't need > to type your pass phrase too often, but still lock the key when you > don't need it. > > as for communicating with the servers, you have many options. > > - you can use sql, possibly with replication > - you can use rsync over ssh to copy/sync files to the servers > - if you need to run commands from time to time, use cron with a local > script. this script could check for changes and run custom commands. > - if you need to run specific commands "now": you can use ssh with a > forced command to restrict the damage should the key be compromised/theft. > - another way to restrict the list of commands is sudo > - ... etc > > > >> [snip] > > -- View this message in context: http://old.nabble.com/Update-Postfix-transport-file-on-multiple-servers-tp31008507p31038128.html Sent from the Postfix mailing list archive at Nabble.com.
