I prefer changing configuration files through a configuration utility if possible. It tends to introduce a lower amount of errors and the approach lends itself well for automation with Puppet or Chef. With Postfix the available utility is postconf. I’ve been using it for changing main.cf entries and it works really well. However changing master.cf I still did by hand until I started searching for a way to do do this through an utility as well. As it turns out postconf can also handle master.cf entries. I created this blogpost to provide an example for like minded people. The example below creates the submission interface with the settings I use. The submission entry is created through postconf -M and the subsequent parameters are added with postconf -P.
sudo postconf -M submission/inet="submission inet n - n - - smtpd" sudo postconf -P "submission/inet/syslog_name=postfix/submission" sudo postconf -P "submission/inet/smtpd_tls_security_level=encrypt" sudo postconf -P "submission/inet/smtpd_etrn_restrictions=reject" sudo postconf -P "submission/inet/smtpd_sasl_type=dovecot" sudo postconf -P "submission/inet/smtpd_sasl_path=private/auth" sudo postconf -P "submission/inet/smtpd_sasl_security_options=noanonymous" sudo postconf -P "submission/inet/smtpd_sasl_local_domain=$myhostname" sudo postconf -P "submission/inet/smtpd_sasl_auth_enable=yes" sudo postconf -P "submission/inet/milter_macro_daemon_name=ORIGINATING" sudo postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject" sudo postconf -P "submission/inet/smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject"
Thats it, the entry is created in master.cf and looks as follows
submission inet n - n - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_etrn_restrictions=reject -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain= -o smtpd_sasl_auth_enable=yes -o milter_macro_daemon_name=ORIGINATING -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
Very easy and a repeatable process.