From: Wietse Venema on
Mike Morris:
[ Charset ISO-8859-1 unsupported, converting... ]
> On 08/01/2010 09:29 AM, Wietse Venema wrote:
> > Mike Morris:
> >> Hi,
> >>
> >> I'm working on a mail server deployment that will only have one server
> >> for MX and SASL submission purposes. Generally I like to have separate
> >> Postfix instances to handle a specific task. In this case I'm running
> >> in to problems when the submission instance uses the same IP address as
> >> the MX instance. (Due to a limited IP address pool there is currently
> >> only one routable IP address assigned to this server.)
> >>
> >> Using the submission instance to send a message to a recipient address
> >> for which the server is also the MX host triggers Postfix' loop
> >> detection. Mail for foreign addresses is relayed correctly. I realize
> >> this can be done easily enough without using multiple instances. Is
> >> there a way to work around this so that an MX instance and submission
> >> instance can share single IP address? I've gotten used to the queue,
> >
> > If you use different MTAs, then use different myhostname AND
> > different inet_interfaces settings. Otherwise it is just too easy
> > to screw up and have a high-speed mail system meltdown/explosion/etc.
> >
> > Postfix is not just about "secure" for some vague definition of
> > secure, it is about making a safe to use, so that it does not rip
> > off your arms and legs when you make a trivial mistake.
> >
> > Wietse
> Fair enough. I'll see what can be done about a second IP address.

Or enable the commented-out submission service (port 587) in the
default file. With this, use port 587 for submission,
and port 25 for final delivery.


From: Wietse Venema on
Mike Morris:
> approach. Out of curiosity, what would your reasons be for suggesting
> running postscreen with 2.7 rather than using a 2.8 snapshot? Wouldn't
> similar instability concerns about the latter apply to the former?

The difference is that stable release features not change except
in case of emergency, so you can upgrade from one stable Postfix
version to the next without having to reconfigure Postfix. And when
features do have to change, there is a great deal of backwards

The snapshot releases introduce new features, and those can still
change in incompatible ways. For example, postscreen is a prototype
that I threw together in a few weeks so that I could present some
new measurements at a conference. Once this program is finished
sites will almost certainly need to update configuration files.