Hi Noel,
Thanks very much for your reply. For some reason, I had assumed that the service name was dictated by convention, not the contents of /etc/services. I DID have a nagging question about how Postfix knew to listen on 25 and 587, but I assumed it was a system default and I had just never stumbled across the override parameter. This makes everything else fall into line in my mind. Your explanation then helped me realize that sockets are named exactly as they are in the ss -a output incorporating the private and public prefix. I had previously only worked with and identified sockets by their location in the file system which was a close match, but the ss output demonstrates the direct link I was missing. :) I’m still not super clear on the difference between the unix and pass types, but now that I have a MUCH better understanding of the service structure overall, I’m perfectly content to leave that for another day. Much obliged, Scott ________________________________ From: [email protected] <[email protected]> on behalf of Noel Jones <[email protected]> Sent: June 9, 2020 5:58 PM To: [email protected] <[email protected]> Subject: Re: Questions about the master.cf file On 6/9/2020 4:26 PM, Scott A. Wozny wrote: > In the context of looking at implementing Postscreen, I’ve read > through the postscreen readme, the master.cf man page, and postfix > architectural overview docs, but I have some remaining service > related questions I might appeal to one of the gurus on the list to > help me with. > > > In a default master.cf file’s first non-comment line, the smtp > service uses the smtpd command. I’m not clear why the smtp (client) > service would use the smtpd (server) binary. Is there an old > convention that drives the naming to be apparently contradictory or > am I missing something in my interpretation? This is an inet type service, so the first column refers to an ip:port to listen on, or a service name from /etc/services. Unix type are transports, the first column is a name for selecting that transport. > > > In the postscreen instructions, one of the first steps is to comment > out the smtp service line above and uncomment the one that uses the > postscreen command instead. I get why, since postscreen is supposed > to “screen” out bad clients before letting them talk to smtpd later. > Is there anything in this configuration file that indicates this or > is the handoff to smtpd built into postscreen itself? > > > Why is there an smtpd service that gets enabled during a postscreen > implementation when there wasn’t one before? More specifically, > without an smtpd service before, what service was serving smtpd for > new smtp connections? The “smtp” service (that seems to actually be > smtpd) listed first in the file? The inet smtpd is replaces with a pass smtpd. The unix type smtp outgoing is not involved. > > > In the smtpd service I just mentioned, this type is pass and not > unix. When I looked up the 2 service types in the documentation, > they both say, “The service listens on a UNIX-domain stream socket, > and is accessible to local clients only.” but the pass type goes on > to say, “It receives one open connection (file descriptor passing) > per connection request.” I’ve done some further googling, but I > can’t figure out what this means in terms of practical use. Can > someone explain the practical difference between a unix type service > and a pass type service? Postscreen hands off the connection to the smtpd process using the pass type. > > > Finally, there is ANOTHER service named smtp further down the file > between proxywrite and relay that ACTUALLY uses smtp as the command > but is of type unix (which, for a client, makes sense). What is the > purpose of this instance of service named smtp (like, is it the > “real” smtp service used for packaging and sending smtp messages?) > and how is it that it does not “conflict” with the instance of smtp > service discussed above? Under what conditions am I allowed to > create services that have names which conflict? Only when the types > are different (and then, only with certain “different type” > combinations)? Or is there a first use rule on services which means > that the smtp service above is the only one that get used? The smtp transport is a unix type service and is responsible for sending out mail. -- Noel Jones
