How do we make changes to postfix configs that are update safe? I want to do things like disable SRS server wide (not just per domain) and reject ip's with no proper rdns entries, etc. Do I simply have to make my changes and then disable updates from scrollout? I think i might just have to because of all the new "features" that seem to be added that simply cause me headaches.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For certain PostFix settings outside the main.cf, Scrollout has xxxx_custom files that you can edit and they do not get modified during updates (e.g. transport_custom, recipient_access_custom). You will need to postmap those files when you modify them and reload PostFix.
Its recommended to not manually adjust the master.cf and main.cf, but if you MUST...
For core PostFix settings (main.cf, etc), what I did was set the file as immutable via chattr +i. This essentially makes the file read-only, even by root. This risk with this is, when you change the security levels in the GUI, it makes changes to main.cf. If you have it locked, your level changes wont be effective. Additionally, as PostFix gets updated/patched, there may need to be changes made to main.cf that cant take place if the file is locked.
Alternatively, once you get SF1 set where you like it via GUI, make your required changes, then save a copy (main.myfile), then anytime you run an upgrade or adjust a level, run a differental check between the new main.cf and your copy, and manually merge your settings back in to the updated file.
As for the features that give you headaches, please create or update posts on here so Marius and other users can either fix the issues, or provide workarounds.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
How do we make changes to postfix configs that are update safe? I want to do things like disable SRS server wide (not just per domain) and reject ip's with no proper rdns entries, etc. Do I simply have to make my changes and then disable updates from scrollout? I think i might just have to because of all the new "features" that seem to be added that simply cause me headaches.
For certain PostFix settings outside the main.cf, Scrollout has xxxx_custom files that you can edit and they do not get modified during updates (e.g. transport_custom, recipient_access_custom). You will need to postmap those files when you modify them and reload PostFix.
Its recommended to not manually adjust the master.cf and main.cf, but if you MUST...
For core PostFix settings (main.cf, etc), what I did was set the file as immutable via chattr +i. This essentially makes the file read-only, even by root. This risk with this is, when you change the security levels in the GUI, it makes changes to main.cf. If you have it locked, your level changes wont be effective. Additionally, as PostFix gets updated/patched, there may need to be changes made to main.cf that cant take place if the file is locked.
Alternatively, once you get SF1 set where you like it via GUI, make your required changes, then save a copy (main.myfile), then anytime you run an upgrade or adjust a level, run a differental check between the new main.cf and your copy, and manually merge your settings back in to the updated file.
As for the features that give you headaches, please create or update posts on here so Marius and other users can either fix the issues, or provide workarounds.