Postfix master.cf versus main.cf
I see a lot of the time that the same settings can be specified in both main.cf, and also in master.cf using the -o prefix.
My question is, does one override the other, and if so, which file is given priority if the same setting (with a different value) is found in both?
For instance, if
smtpd_tls_auth_only=yes
was specified in main.cf, but
-o smtpd_tls_auth_only=no
was specified in master.cf, which one would postfix pay attention to?
Solution 1:
As documented,
-o name=value
Override the named main.cf configuration
parameter.
main.cf
sets the default values used by all services defined in master.cf; -o options in master.cf can override these on a per-service basis.
Solution 2:
Basically settings in main.cf are valid and used globally unless they are overridden in master.cf for specific Postfix daemons (smtpd, trivial-rewrite, cleanup, pickup, ...). You may specify, for example, smtp_tls_security_level = may
in main.cf and disable it for the submission port bound to localhost for the smtpd
daemon:
localhost:submission inet n - - - - smtpd
-o smtpd_tls_security_level=none
But for the submission port on an external IP address you may enforce encryption:
1.2.3.4:submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o ...
In certain situations you might have to override a global setting, for example when using Amavisd, address mappings (alias expansion, etc) need to be disabled when sending mail through the Amavisd smtpd
daemon. Otherwise recipients might receive duplicate messages:
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o ...
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
-o ...
Of course, during regular operation, outside of Amavis, you want address mappings, so by default they are enabled in main.cf.