DevHeads.net

Understanding master.cf

I’m setting up a new postfix based on sources (via MacPorts) and master has this configuration snippet:

smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-o receive_override_options=no_address_mappings
dnsblog unix - - n - 0 dnsblog
tlsproxy unix - - n - 0 tlsproxy

My certificates live outside the chroot jail, but I expected tlsproxy to handle it (and it is not chrooted). Instead, my log says:

Oct 05 11:35:21 mail postfix/smtpd[2218]: cannot load Certification Authority data, CAfile="/etc/certificates/www.rna.nl.F1BCD75E0F6DD3B3B0145CB328699BDEEF21FA5C.chain.pem": disabling TLS support

Does chrooting smtpd require a local copy of certificates inside the chroot jail? Or can this be ignored because I use postscreen to handle port 25? But then, why does my log say:

Oct 05 11:41:50 mail postfix/smtpd[2338]: connect from unknown[192.168.2.67]

instead of

Oct 05 11:41:50 mail postscreen[2338]: connect from unknown[192.168.2.67]

if I connect to port 25 from another machine? How do I know I’m connected to postscreen, not to smtpd?

(Note, syslog is completely broken on macOS, so I depend on logging to mail log files). I’m running postfix 3.4.6.

Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ