On 6/9/2020 4:26 PM, Scott A. Wozny wrote:
In the context of looking at implementing Postscreen, I’ve read
through the postscreen readme, the master.cf man page, and postfix
architectural overview docs, but I have some remaining service
related questions I might appeal to one of the gurus on the list to
help me with.
In a default master.cf file’s first non-comment line, the smtp
service uses the smtpd command. I’m not clear why the smtp (client)
service would use the smtpd (server) binary. Is there an old
convention that drives the naming to be apparently contradictory or
am I missing something in my interpretation?
This is an inet type service, so the first column refers to an
ip:port to listen on, or a service name from /etc/services.
Unix type are transports, the first column is a name for selecting
that transport.
In the postscreen instructions, one of the first steps is to comment
out the smtp service line above and uncomment the one that uses the
postscreen command instead. I get why, since postscreen is supposed
to “screen” out bad clients before letting them talk to smtpd later.
Is there anything in this configuration file that indicates this or
is the handoff to smtpd built into postscreen itself?
Why is there an smtpd service that gets enabled during a postscreen
implementation when there wasn’t one before? More specifically,
without an smtpd service before, what service was serving smtpd for
new smtp connections? The “smtp” service (that seems to actually be
smtpd) listed first in the file?
The inet smtpd is replaces with a pass smtpd.
The unix type smtp outgoing is not involved.
In the smtpd service I just mentioned, this type is pass and not
unix. When I looked up the 2 service types in the documentation,
they both say, “The service listens on a UNIX-domain stream socket,
and is accessible to local clients only.” but the pass type goes on
to say, “It receives one open connection (file descriptor passing)
per connection request.” I’ve done some further googling, but I
can’t figure out what this means in terms of practical use. Can
someone explain the practical difference between a unix type service
and a pass type service?
Postscreen hands off the connection to the smtpd process using the
pass type.
Finally, there is ANOTHER service named smtp further down the file
between proxywrite and relay that ACTUALLY uses smtp as the command
but is of type unix (which, for a client, makes sense). What is the
purpose of this instance of service named smtp (like, is it the
“real” smtp service used for packaging and sending smtp messages?)
and how is it that it does not “conflict” with the instance of smtp
service discussed above? Under what conditions am I allowed to
create services that have names which conflict? Only when the types
are different (and then, only with certain “different type”
combinations)? Or is there a first use rule on services which means
that the smtp service above is the only one that get used?
The smtp transport is a unix type service and is responsible for
sending out mail.
-- Noel Jones
