Saturday, 23 December 2006

Postfix Cleanup

The number of users and domains being hosted on Siona has been growing for quite a while. We're now up to 29 users and 13 domains. Being an order of magnitude beyond the single-user/single-domain setup means there are some complications even though the server configuration is pretty basic.

For example, it is getting important to ensure that domains only deliver mail for a subset of the users. For a while, the domains were all just being appended to the "mydestination" attribute in the Postfix configuration which meant that a) any changes required a mail server restart and b) there was no way to separate which users where in which domains.

A while ago, new domains were being added to the "virtual_alias_domain" hash file. This is really the way to go since modifying the list of domains and modifying the valid relay recipients was easy and allowed control over who was in which domains. The process is still manual, 13 domains is not that much to manage, but it is much easier.

So the latest cleanup issue in the configuration was to move all the extra domains out of the "mydestination" attribute and into the "virtual_alias_domains" hash file where they belong. Well, it was interesting. I had to check through the logs to see which users were actually receiving mail in which domains. Not too tricky at least.

It is really unfortunate that some of the old names, like "uro.mine.nu" and "dulcea.nibble.bz" still have to be maintained. It would be nice to retire those old domains. But the cost of keeping them is way less significant then the energy required to ensure that everyone has current email addresses for all the users.

So other then moving all logical domains to virtual domains, the other change was that I changed the server to no longer relay mail on the basis of "mynetworks". The SASL authenticated SMTP is working great so there's no need to just white-list the LAN. It's cool :D I'm excited because this is the way SMTP should be! Servers only accepting mail if they are either going to deliver the mail or if the connecting user or host is authenticated! Every SMTP server should be setup like this! There are fewer and fewer excuses to accept mail from an un-authenticated connection and more and more reason to validate all mail all the time.

All-in-all, the cleaned up Postfix config is a much better setup for my current and future needs. It's good :)

Popular Posts