I'm currently deploying yet another Postfix MTA and this time I'd like to thin down the master.cf
and disable unneeded services to reduce the potential attack surface, and get a better understanding of it in the process.
The MTA should receive emails to virtual users, deliver them to the appropriate maildir and finally relay mail from authenticated users.
Switching to OpenSMTPd (with which my entire configuration can be expressed in a single 15-line file) isn't possible as of right now (no milter support) so I'm stuck with Postfix.
The horror in question :
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
There isn't any man page that describes a minimal configuration, and the man pages of each service don't really tell whether a module is required or not (for some it's easy enough to figure it out, for others it's next to impossible without endless trial and error).
My current failed attempt is the following (submission port omitted, for now I'm only trying to get the mail delivery working) :
smtp inet n - - - - smtpd
cleanup unix n - - - 0 cleanup
qmgr unix - - - 300 1 qmgr
rewrite unix - - - - - trivial-rewrite
proxymap unix - - - - - proxymap
virtual unix - n - - - virtual
anvil unix - - - - 1 anvil
local unix - n - - - local
This kinda works, except all received mail is only delivered (to maildir) on restarting Postfix, and I'm pretty sure it's incomplete and can't handle bounces, so I'm still looking for an answer.
Best Answer
I wouln't recommend you to remove service from the default master.cf. You have been bitten by it when you tried minimalist config.
One reason why postfix has many service is security. One of advantage is postfix run by separate daemon/service to do specific task. So, postfix
master
can adjust permission and privilege per postfix service. For example qmgr(8) daemon does not talk to the outside world, and it can be run at fixed low privilege in a chrooted environment.Anyway I don't have time to do endless trial and error in order to know what's postfix service that can be disabled. So I give you some info about some service and grouping it by several groups.