postconf -d Does Not Agree with Postfix Configuration Parameters List

9 posts / 0 new
Last post
#1 Tue, 10/02/2018 - 10:39
KitchM

postconf -d Does Not Agree with Postfix Configuration Parameters List

When getting the output of postconf -d, there are many items missing from the published list of available parameters. If one assumes that the missing parameters are not needed, that might explain part of it. However, when the missing items contain references to items such as DANE and TLS settings, one might well question if the settings are correct.

Also, there are many included parameters which are not recognized by Postfix. (Were they ever?) The user is left to wonder if they should be there.

How can the user know what is required by Webmin/Virtualmin as opposed to industry standards?

By the way, I referenced the list at http://www.postfix.org/postconf.5.html.

Wed, 10/10/2018 - 16:40
KitchM

No one has any ideas about this?

Thu, 10/11/2018 - 04:52
noisemarine

1/ You could probably be more specific with your enquiry. At the moment it's somewhat in the handwave vicinity that probably has the regulars here thinking "I'm not touching that".

2/ The output of postconf -d will be the result of what is compiled into postfix. You could ask the postfix developers or the package maintainer for your distribution if you feel there are discrepancies.

3/ Virtualmin has a post-install setup that has reasonable defaults for a basic system that will host multiple domains. Webmin is just a web front end to administer services. Both require some level of skill and knowledge on the part of the user, especially if the user needs more than a basic system.

Thu, 10/18/2018 - 10:42
KitchM

Thanks for the response.

  1. It should be clear to knowledgeable people that this is a software issue. Sorry that I cannot find any better way to make it clearer.
  2. I believe your assumption that these settings came along with Postfix is incorrect. Surely you realize that there are settings placed into it by Webmin/Virtualmin.
  3. Webmin/Virtualmin internal code makes changes to these things that are not normally done by administrators. Without the knowledge of what changes what, the admin will never know why his or her settings are different from standard expectations.

The gotchas are always the unexpected settings by Webmin/Virtualmin underlying code.

Wed, 10/24/2018 - 18:55
Joe
Joe's picture

Kitch, if you're not going to take (correct) advice from other users, things are gonna be real hard.

From the postconf manpage:

       -d     Print  main.cf default parameter settings instead of actual set‐
              tings.  Specify -df to fold long  lines  for  human  readability
              (Postfix 2.9 and later).

As noisemarine said, that is the default (compiled-in) settings provided by the Postfix package. If you want to see the current configuration, just use postconf. It reads main.cf, and merges the user-defined settings with the compiled in defaults.

The changes we make during installation can be seen here (and in main.cf itself, which you could diff against a fresh install of postfix if you want a concise list of changes we make): https://github.com/virtualmin/Virtualmin-Config/blob/master/lib/Virtualm...

--

Check out the forum guidelines!

Fri, 12/28/2018 - 12:39
KitchM

Evidently I am not able to make myself clear on the issue.

Mon, 12/31/2018 - 06:32
noisemarine

Please help us to understand your enquiry. :)

Sat, 01/12/2019 - 12:51
Jfro

Read some postconf...

http://www.postfix.org/wip.html

http://www.postfix.org/postconf.1.html

-d

Print default parameter settings instead of actual settings.

https://linux.die.net/man/1/postconf

Dane is not default , you have to use DNSSEC which i'm not a supporter of that very to old security cr..p.

TLS and some other PCI compliance things also not 100% ready, you have to make changes there, i used duckduckiego to get the pci compliance , but then old mailclients can't mail anymore if using TLS1.0 or other to old things.

Sun, 01/13/2019 - 10:19
KitchM

Thanks, Jfro. Feel free to contact me directly at kitchm@tutanota.com.

Topic locked