Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: [SOLVED] Permanent Postfix main.cf Changes Under ZCS 5.0.x

  1. #1
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default [SOLVED] Permanent Postfix main.cf Changes Under ZCS 5.0.x

    We just upgraded to ZCS 5.0.4.

    While we expected our Postfix main.cf tweaks under 4.5.11 to have disappeared during the upgrade, it seems the previous method of using "postconf -e <variable>=<value>" followed a "postfix restart" doesn't survive a server restart.

    We see there are a lot of new Postfix variables set in localconfig.xml.

    Is editing localconfig.xml now the correct way to make permanent tweaks to Postfix?

    We'd like to set the following:

    <key name="postfix_smtpd_hard_error_limit">
    <value>4</value>
    <key name="postfix_smtpd_soft_error_limit">
    <value>2</value>
    <key name="postfix_smtpd_error_sleep_time">
    <value>30s</value>
    <key name="postfix_proxy_interfaces">
    <value>[Server Public IP Address]</value>

    (The first three together we find to be an effective anti-UCE technique.)

    We are not finding anything in the Administrators Manual or the Support Portal about this.

    Thanks!
    Mark

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Sorry, not in-front of my server but are these variables available from the zmlocalconfig ? So please try :-

    Code:
    zmlocalconfig -s | grep -i postfix

  3. #3
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Quote Originally Posted by uxbod View Post
    Sorry, not in-front of my server but are these variables available from the zmlocalconfig ? So please try :-

    Code:
    zmlocalconfig -s | grep -i postfix
    That command gets you the current postfix main.cf variables set via localconfig.xml of course, but what I am asking is how do we permanently set additional variables.

    Not exactly sure what you mean by "not in-front of my server", but we find the first three variables effective against connections from mail servers performing "dictionary" attacks.

    By "dictionary" attack, I mean where a remote server continuously connects to try to send email to a series of clearly guessed, but invalid, recipients (e.g. "john@, james@, kevin@, louis@, etc., etc.)

    Sure, Postfix rejects the connection due to invalid recipient, but doing so requires repeated ldap lookups and also consumes an smtp connection for the duration.

    When the above three main.cf variables are in place, Postfix just silently does not respond to the sending mail server for thirty seconds, giving legitimate email connections a better opportunity to get through, and reducing the resources used on the server.

    In actual fact, Postfix does this by default anyway, but the default soft error limit is 10 and the default sleep time is 1 second.

    So, we really aren't introducing any new Postfix behavior here; just "adjusting" somewhat already existing behavior.

    And, it's not our idea; we gleaned it from the excellent No Starch Press book "The Book of Postfix".

    Hope that helps!

    All the best,
    Mark

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Mark

    You don't need to edit the file, you can enter them as follows:

    Code:
    zmlocalconfig -e postfix_smtpd_hard_error_limit=3
    zmlocalconfig -e postfix_smtpd_soft_error_limit=2
    try that (plus the rest of your changes) and see if it does what you need, it also updates the config file.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Bill,

    just for my own understanding when using the zmlocalconfig -e that will put the entries in for you even if they don't exist ? do these changes persist across upgrades ?

    Thx.

  6. #6
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Quote Originally Posted by phoenix View Post
    Mark

    You don't need to edit the file, you can enter them as follows:

    Code:
    zmlocalconfig -e postfix_smtpd_hard_error_limit=3
    zmlocalconfig -e postfix_smtpd_soft_error_limit=2
    try that (plus the rest of your changes) and see if it does what you need, it also updates the config file.
    Hi Bill,

    Thanks for the above!

    We ran the above commands (and few others) and saw the changes in ~/conf/localconfig.xml OK.

    We then ran:
    Code:
    zmmtactl reload
    as the zimbra user followed by:

    Code:
    /opt/zimbra/postfix/sbin/postconf -n
    as root, but didn't see our changes. Looking at /opt/zimbra/postfix/conf/main.cf directly confirmed our changes in localconfig.xml didn't propagate to main.cf.

    Is there any way short of doing a
    Code:
    zmcontrol stop
    zmcontrol start
    to implement these changes?

    Thanks!
    Mark

  7. #7
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    If you do a postconf -e with those same variables, and then a postfix reload they should take effect. And now that you have them in the localconfig.xml they will remain persistent across restarts.

  8. #8
    Join Date
    May 2006
    Posts
    196
    Rep Power
    9

    Default

    I don't think that changes via postconf -e are persistent across updates.
    I just upgraded a customer from 5.0.1 to 5.04 and had to run
    posfconf -e again to allow plaintext auth to the smtp server. So at least this one is not carried over. (I ran all the commands again and did not check all the other setting, so I am only sure about this one)

    Christian

  9. #9
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    The postconf ones will not be persistent, but LMStone has also added them to the localconfig.xml via zmlocalconfig -e. Using postconf was more to get them in quickly to the running config without having to restart all the ZCS services. All that would be required is a zmmtactl reload I think.

  10. #10
    Join Date
    Sep 2006
    Location
    477 Congress Street | Portland, ME 04101
    Posts
    1,374
    Rep Power
    11

    Default

    Beauty Mate!

    Running postconf -e [blah] followed by a ./postfix restart enabled us to put the changes we wanted into immediate effect.

    That we already did a zmlocalconfig -e [blah] for the same main.cf parameters we are hoping means the changes will persist across restarts; we don't want to do a zmcontrol stop/start during normal working hours.

    Cheers!
    Mark
    Last edited by LMStone; 04-08-2008 at 06:58 PM. Reason: Clarity

Similar Threads

  1. postdrop fail to create file after upgrade to 5.0.3
    By echoadisan in forum Installation
    Replies: 23
    Last Post: 07-15-2013, 04:02 PM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 05:52 AM
  3. Does adding smtpd_milters to main.cf in postfix work?
    By visualsoftspace in forum Installation
    Replies: 2
    Last Post: 12-07-2007, 10:19 AM
  4. Replies: 41
    Last Post: 10-29-2007, 03:36 PM
  5. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 04:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •