manage submission/smtps services?

Discussion in 'Developers' Forum' started by Jesse Norell, Apr 14, 2020.

  1. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

    I'm soliciting comments on having ISPConfig manage the submission and smtps services in /etc/postfix/master.cf.

    I am updating this merge request and find it would be very handy to set different smtpd_*_restrictions for smtpd on port 25 vs client submissions on port 465 and 587 - simple enough of a concept, and I'd be happy to discuss specific use cases (they all come down to having more restrictions for incoming mail from the public/internet than you apply to your authorized clients).

    Con: Right now ISPConfig manages other services which it adds to master.cf, but it doesn't manage nor setup submission nor smtps, that is all done manually according to Perfect Server guides; if ISPConfig were to begin managing those options, at minimum the Perfect Server guides would all need updated.

    Pro: Installation would be one step simpler, as users wouldn't have to manually enable those.

    Con: Most folks will have identical/simple options enabled, but surely some will have custom settings in use; if ISPConfig were to begin managing those options, it both could change those few users' settings unexpectedly, and there is currently no provision to override it (no conf-custom equivalent for individual customization). Likely settings ISPConfig manages could be merged with what exists, but inevitably there will be individual cases of overlap.

    Pro: Most folks would simply have improved mail handling for non-authenticated mail (a little less spam/junk, nothing revolutionary, and I have no numbers to even guess at how much).

    Con: Time requirements to develop/test.

    Pro: I don't know of a better alternative offhand, assuming ISPConfig were implement certain measures in port 25. (Eg. you could make ISPConfig have a configuration option to enable something like fqdn check on port 25, but to enable that would require notifying users that they should change their own submission/smtps to not require fqdn for authorized users - not a great process.)

    Thoughts/comments? Thanks...
     
  2. Jesse Norell

    Jesse Norell ISPConfig Developer ISPConfig Developer

  3. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    i have just some smtpd_restriction_classes in smtpd_recipient_restrictions which can be disabled / enabled per mail-address (spf, rbl....). i'm not sure which additional paramters are set in my postfix-configs and if they change the default-settings from postfix (usually, i don't touch them and they are in use for a few years ;) ).
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Basically we have the new official auto-installer (which is nearly finished or it was finished but needs some adjustments again due to availability of PHP 7.4), which does the changes in master.cf.

    https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller

    So not sure if we should put that function into ISPConfig installer itself as it probably would break a lot of existing setups, at least those where users manually adjusted master.cf settings in the past. Maybe it's better to make some plans on how master.cf shall get altered for a more advanced setup and then implement these changes in the auto installer?
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    you can use postconf, to change the master.cf, too. i think, we can uses this in the same way as the installer / updater changes the main.cf
     

Share This Page