Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Postfix Documentation
Previous Page Home Next Page

Policy client/server configuration

The Postfix delegated policy client can connect to a TCP socket or to a UNIX-domain socket. Examples:

inet:127.0.0.1:9998
unix:/some/where/policy
unix:private/policy

The first example specifies that the policy server listens on a TCP socket at 127.0.0.1 port 9998. The second example specifies an absolute pathname of a UNIX-domain socket. The third example specifies a pathname relative to the Postfix queue directory; use this for policy servers that are spawned by the Postfix master daemon.

To create a policy service that listens on a UNIX-domain socket called "policy", and that runs under control of the Postfix spawn(8) daemon, you would use something like this:

 1 /etc/postfix/
master.cf:
 2     policy  unix  -       n       n       -       -       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/
main.cf:
 6     
smtpd_recipient_restrictions =
 7         ... 
 8         
reject_unauth_destination 
 9         
check_policy_service unix:private/policy 
10         ...
11     policy_time_limit = 3600

NOTES:

  • Lines 2, 11: the Postfix spawn(8) daemon by default kills its child process after 1000 seconds. This is too short for a policy daemon that may run for as long as an SMTP client is connected to an SMTP server process. The default time limit is overruled in main.cf with an explicit "policy_time_limit" setting. The name of the parameter is the name of the master.cf entry ("policy") concatenated with the "_time_limit" suffix.

  • Lines 8, 9: always specify " check_policy_service" AFTER " reject_unauth_destination" or else your system could become an open relay.

  • Solaris UNIX-domain sockets do not work reliably. Use TCP sockets instead:

 1 /etc/postfix/
master.cf:
 2     127.0.0.1:9998  inet  n       n       n       -       -       spawn
 3       user=nobody argv=/some/where/policy-server
 4 
 5 /etc/postfix/
main.cf:
 6     
smtpd_recipient_restrictions =
 7         ... 
 8         
reject_unauth_destination 
 9         
check_policy_service inet:127.0.0.1:9998
10         ...
11     127.0.0.1:9998_time_limit = 3600

Other configuration parameters that control the client side of the policy delegation protocol:

Postfix Documentation
Previous Page Home Next Page