425 lines
15 KiB
Groff
425 lines
15 KiB
Groff
.TH OQMGR 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
oqmgr
|
|
\-
|
|
old Postfix queue manager
|
|
.SH "SYNOPSIS"
|
|
.na
|
|
.nf
|
|
\fBoqmgr\fR [generic Postfix daemon options]
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The \fBoqmgr\fR(8) daemon awaits the arrival of incoming mail
|
|
and arranges for its delivery via Postfix delivery processes.
|
|
The actual mail routing strategy is delegated to the
|
|
\fBtrivial\-rewrite\fR(8) daemon.
|
|
This program expects to be run from the \fBmaster\fR(8) process
|
|
manager.
|
|
|
|
Mail addressed to the local \fBdouble\-bounce\fR address is
|
|
logged and discarded. This stops potential loops caused by
|
|
undeliverable bounce notifications.
|
|
.SH "MAIL QUEUES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBoqmgr\fR(8) daemon maintains the following queues:
|
|
.IP \fBincoming\fR
|
|
Inbound mail from the network, or mail picked up by the
|
|
local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory.
|
|
.IP \fBactive\fR
|
|
Messages that the queue manager has opened for delivery. Only
|
|
a limited number of messages is allowed to enter the \fBactive\fR
|
|
queue (leaky bucket strategy, for a fixed delivery rate).
|
|
.IP \fBdeferred\fR
|
|
Mail that could not be delivered upon the first attempt. The queue
|
|
manager implements exponential backoff by doubling the time between
|
|
delivery attempts.
|
|
.IP \fBcorrupt\fR
|
|
Unreadable or damaged queue files are moved here for inspection.
|
|
.IP \fBhold\fR
|
|
Messages that are kept "on hold" are kept here until someone
|
|
sets them free.
|
|
.SH "DELIVERY STATUS REPORTS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBoqmgr\fR(8) daemon keeps an eye on per\-message delivery status
|
|
reports in the following directories. Each status report file has
|
|
the same name as the corresponding message file:
|
|
.IP \fBbounce\fR
|
|
Per\-recipient status information about why mail is bounced.
|
|
These files are maintained by the \fBbounce\fR(8) daemon.
|
|
.IP \fBdefer\fR
|
|
Per\-recipient status information about why mail is delayed.
|
|
These files are maintained by the \fBdefer\fR(8) daemon.
|
|
.IP \fBtrace\fR
|
|
Per\-recipient status information as requested with the
|
|
Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command.
|
|
These files are maintained by the \fBtrace\fR(8) daemon.
|
|
.PP
|
|
The \fBoqmgr\fR(8) daemon is responsible for asking the
|
|
\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to
|
|
send delivery reports.
|
|
.SH "STRATEGIES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The queue manager implements a variety of strategies for
|
|
either opening queue files (input) or for message delivery (output).
|
|
.IP "\fBleaky bucket\fR"
|
|
This strategy limits the number of messages in the \fBactive\fR queue
|
|
and prevents the queue manager from running out of memory under
|
|
heavy load.
|
|
.IP \fBfairness\fR
|
|
When the \fBactive\fR queue has room, the queue manager takes one
|
|
message from the \fBincoming\fR queue and one from the \fBdeferred\fR
|
|
queue. This prevents a large mail backlog from blocking the delivery
|
|
of new mail.
|
|
.IP "\fBslow start\fR"
|
|
This strategy eliminates "thundering herd" problems by slowly
|
|
adjusting the number of parallel deliveries to the same destination.
|
|
.IP "\fBround robin\fR"
|
|
The queue manager sorts delivery requests by destination.
|
|
Round\-robin selection prevents one destination from dominating
|
|
deliveries to other destinations.
|
|
.IP "\fBexponential backoff\fR"
|
|
Mail that cannot be delivered upon the first attempt is deferred.
|
|
The time interval between delivery attempts is doubled after each
|
|
attempt.
|
|
.IP "\fBdestination status cache\fR"
|
|
The queue manager avoids unnecessary delivery attempts by
|
|
maintaining a short\-term, in\-memory list of unreachable destinations.
|
|
.SH "TRIGGERS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
On an idle system, the queue manager waits for the arrival of
|
|
trigger events, or it waits for a timer to go off. A trigger
|
|
is a one\-byte message.
|
|
Depending on the message received, the queue manager performs
|
|
one of the following actions (the message is followed by the
|
|
symbolic constant used internally by the software):
|
|
.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR"
|
|
Start a deferred queue scan. If a deferred queue scan is already
|
|
in progress, that scan will be restarted as soon as it finishes.
|
|
.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR"
|
|
Start an incoming queue scan. If an incoming queue scan is already
|
|
in progress, that scan will be restarted as soon as it finishes.
|
|
.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR"
|
|
Ignore deferred queue file time stamps. The request affects
|
|
the next deferred queue scan.
|
|
.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR"
|
|
Purge all information about dead transports and destinations.
|
|
.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR"
|
|
Wakeup call, This is used by the master server to instantiate
|
|
servers that should not go away forever. The action is to start
|
|
an incoming queue scan.
|
|
.PP
|
|
The \fBoqmgr\fR(8) daemon reads an entire buffer worth of triggers.
|
|
Multiple identical trigger requests are collapsed into one, and
|
|
trigger requests are sorted so that \fBA\fR and \fBF\fR precede
|
|
\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run,
|
|
one would request \fBA F D\fR; in order to notify the queue manager
|
|
of the arrival of new mail one would request \fBI\fR.
|
|
.SH "STANDARDS"
|
|
.na
|
|
.nf
|
|
RFC 3463 (Enhanced status codes)
|
|
RFC 3464 (Delivery status notifications)
|
|
.SH "SECURITY"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The \fBoqmgr\fR(8) daemon is not security sensitive. It reads
|
|
single\-character messages from untrusted local users, and thus may
|
|
be susceptible to denial of service attacks. The \fBoqmgr\fR(8) daemon
|
|
does not talk to the outside world, and it can be run at fixed low
|
|
privilege in a chrooted environment.
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to the \fBsyslogd\fR(8)
|
|
or \fBpostlogd\fR(8) daemon.
|
|
Corrupted message files are saved to the \fBcorrupt\fR queue
|
|
for further inspection.
|
|
|
|
Depending on the setting of the \fBnotify_classes\fR parameter,
|
|
the postmaster is notified of bounces and of other trouble.
|
|
.SH BUGS
|
|
.ad
|
|
.fi
|
|
A single queue manager process has to compete for disk access with
|
|
multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of
|
|
inbound mail can negatively impact outbound delivery rates.
|
|
.SH "CONFIGURATION PARAMETERS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Changes to \fBmain.cf\fR are not picked up automatically,
|
|
as \fBoqmgr\fR(8)
|
|
is a persistent process. Use the command "\fBpostfix reload\fR" after
|
|
a configuration change.
|
|
|
|
The text below provides only a parameter summary. See
|
|
\fBpostconf\fR(5) for more details including examples.
|
|
|
|
In the text below, \fItransport\fR is the first field in a
|
|
\fBmaster.cf\fR entry.
|
|
.SH "COMPATIBILITY CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Available before Postfix version 2.5:
|
|
.IP "\fBallow_min_user (no)\fR"
|
|
Allow a sender or recipient address to have `\-' as the first
|
|
character.
|
|
.PP
|
|
Available with Postfix version 2.7 and later:
|
|
.IP "\fBdefault_filter_nexthop (empty)\fR"
|
|
When a content_filter or FILTER request specifies no explicit
|
|
next\-hop destination, use $default_filter_nexthop instead; when
|
|
that value is empty, use the domain in the recipient address.
|
|
.SH "ACTIVE QUEUE CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBqmgr_clog_warn_time (300s)\fR"
|
|
The minimal delay between warnings that a specific destination is
|
|
clogging up the Postfix active queue.
|
|
.IP "\fBqmgr_message_active_limit (20000)\fR"
|
|
The maximal number of messages in the active queue.
|
|
.IP "\fBqmgr_message_recipient_limit (20000)\fR"
|
|
The maximal number of recipients held in memory by the Postfix
|
|
queue manager, and the maximal size of the short\-term,
|
|
in\-memory "dead" destination status cache.
|
|
.SH "DELIVERY CONCURRENCY CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBqmgr_fudge_factor (100)\fR"
|
|
Obsolete feature: the percentage of delivery resources that a busy
|
|
mail system will use up for delivery of a large mailing list
|
|
message.
|
|
.IP "\fBinitial_destination_concurrency (5)\fR"
|
|
The initial per\-destination concurrency level for parallel delivery
|
|
to the same destination.
|
|
.IP "\fBdefault_destination_concurrency_limit (20)\fR"
|
|
The default maximal number of parallel deliveries to the same
|
|
destination.
|
|
.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
|
|
A transport\-specific override for the
|
|
default_destination_concurrency_limit parameter value, where
|
|
\fItransport\fR is the master.cf name of the message delivery
|
|
transport.
|
|
.PP
|
|
Available in Postfix version 2.5 and later:
|
|
.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR"
|
|
A transport\-specific override for the initial_destination_concurrency
|
|
parameter value, where \fItransport\fR is the master.cf name of
|
|
the message delivery transport.
|
|
.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR"
|
|
How many pseudo\-cohorts must suffer connection or handshake
|
|
failure before a specific destination is considered unavailable
|
|
(and further delivery is suspended).
|
|
.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR"
|
|
A transport\-specific override for the
|
|
default_destination_concurrency_failed_cohort_limit parameter value,
|
|
where \fItransport\fR is the master.cf name of the message delivery
|
|
transport.
|
|
.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR"
|
|
The per\-destination amount of delivery concurrency negative
|
|
feedback, after a delivery completes with a connection or handshake
|
|
failure.
|
|
.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR"
|
|
A transport\-specific override for the
|
|
default_destination_concurrency_negative_feedback parameter value,
|
|
where \fItransport\fR is the master.cf name of the message delivery
|
|
transport.
|
|
.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR"
|
|
The per\-destination amount of delivery concurrency positive
|
|
feedback, after a delivery completes without connection or handshake
|
|
failure.
|
|
.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR"
|
|
A transport\-specific override for the
|
|
default_destination_concurrency_positive_feedback parameter value,
|
|
where \fItransport\fR is the master.cf name of the message delivery
|
|
transport.
|
|
.IP "\fBdestination_concurrency_feedback_debug (no)\fR"
|
|
Make the queue manager's feedback algorithm verbose for performance
|
|
analysis purposes.
|
|
.SH "RECIPIENT SCHEDULING CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBdefault_destination_recipient_limit (50)\fR"
|
|
The default maximal number of recipients per message delivery.
|
|
.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
|
|
A transport\-specific override for the
|
|
default_destination_recipient_limit parameter value, where
|
|
\fItransport\fR is the master.cf name of the message delivery
|
|
transport.
|
|
.SH "OTHER RESOURCE AND RATE CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBminimal_backoff_time (300s)\fR"
|
|
The minimal time between attempts to deliver a deferred message;
|
|
prior to Postfix 2.4 the default value was 1000s.
|
|
.IP "\fBmaximal_backoff_time (4000s)\fR"
|
|
The maximal time between attempts to deliver a deferred message.
|
|
.IP "\fBmaximal_queue_lifetime (5d)\fR"
|
|
Consider a message as undeliverable, when delivery fails with a
|
|
temporary error, and the time in the queue has reached the
|
|
maximal_queue_lifetime limit.
|
|
.IP "\fBqueue_run_delay (300s)\fR"
|
|
The time between deferred queue scans by the queue manager;
|
|
prior to Postfix 2.4 the default value was 1000s.
|
|
.IP "\fBtransport_retry_time (60s)\fR"
|
|
The time between attempts by the Postfix queue manager to contact
|
|
a malfunctioning message delivery transport.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBbounce_queue_lifetime (5d)\fR"
|
|
Consider a bounce message as undeliverable, when delivery fails
|
|
with a temporary error, and the time in the queue has reached the
|
|
bounce_queue_lifetime limit.
|
|
.PP
|
|
Available in Postfix version 2.5 and later:
|
|
.IP "\fBdefault_destination_rate_delay (0s)\fR"
|
|
The default amount of delay that is inserted between individual
|
|
message deliveries to the same destination and over the same message
|
|
delivery transport.
|
|
.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
|
|
A transport\-specific override for the default_destination_rate_delay
|
|
parameter value, where \fItransport\fR is the master.cf name of
|
|
the message delivery transport.
|
|
.PP
|
|
Available in Postfix version 3.1 and later:
|
|
.IP "\fBdefault_transport_rate_delay (0s)\fR"
|
|
The default amount of delay that is inserted between individual
|
|
message deliveries over the same message delivery transport,
|
|
regardless of destination.
|
|
.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
|
|
A transport\-specific override for the default_transport_rate_delay
|
|
parameter value, where the initial \fItransport\fR in the parameter
|
|
name is the master.cf name of the message delivery transport.
|
|
.SH "SAFETY CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBqmgr_daemon_timeout (1000s)\fR"
|
|
How much time a Postfix queue manager process may take to handle
|
|
a request before it is terminated by a built\-in watchdog timer.
|
|
.IP "\fBqmgr_ipc_timeout (60s)\fR"
|
|
The time limit for the queue manager to send or receive information
|
|
over an internal communication channel.
|
|
.PP
|
|
Available in Postfix version 3.1 and later:
|
|
.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR"
|
|
A safety limit that prevents address verification requests from
|
|
overwhelming the Postfix queue.
|
|
.SH "MISCELLANEOUS CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
|
|
The default location of the Postfix main.cf and master.cf
|
|
configuration files.
|
|
.IP "\fBdefer_transports (empty)\fR"
|
|
The names of message delivery transports that should not deliver mail
|
|
unless someone issues "\fBsendmail \-q\fR" or equivalent.
|
|
.IP "\fBdelay_logging_resolution_limit (2)\fR"
|
|
The maximal number of digits after the decimal point when logging
|
|
sub\-second delay values.
|
|
.IP "\fBhelpful_warnings (yes)\fR"
|
|
Log warnings about problematic configuration settings, and provide
|
|
helpful suggestions.
|
|
.IP "\fBprocess_id (read\-only)\fR"
|
|
The process ID of a Postfix command or daemon process.
|
|
.IP "\fBprocess_name (read\-only)\fR"
|
|
The process name of a Postfix command or daemon process.
|
|
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
|
|
The location of the Postfix top\-level queue directory.
|
|
.IP "\fBsyslog_facility (mail)\fR"
|
|
The syslog facility of Postfix logging.
|
|
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
|
|
A prefix that is prepended to the process name in syslog
|
|
records, so that, for example, "smtpd" becomes "prefix/smtpd".
|
|
.PP
|
|
Available in Postfix version 3.0 and later:
|
|
.IP "\fBconfirm_delay_cleared (no)\fR"
|
|
After sending a "your message is delayed" notification, inform
|
|
the sender when the delay clears up.
|
|
.PP
|
|
Available in Postfix 3.3 and later:
|
|
.IP "\fBservice_name (read\-only)\fR"
|
|
The master.cf service name of a Postfix daemon process.
|
|
.PP
|
|
Available in Postfix 3.5 and later:
|
|
.IP "\fBinfo_log_address_format (external)\fR"
|
|
The email address form that will be used in non\-debug logging
|
|
(info, warning, etc.).
|
|
.SH "FILES"
|
|
.na
|
|
.nf
|
|
/var/spool/postfix/incoming, incoming queue
|
|
/var/spool/postfix/active, active queue
|
|
/var/spool/postfix/deferred, deferred queue
|
|
/var/spool/postfix/bounce, non\-delivery status
|
|
/var/spool/postfix/defer, non\-delivery status
|
|
/var/spool/postfix/trace, delivery status
|
|
.SH "SEE ALSO"
|
|
.na
|
|
.nf
|
|
trivial\-rewrite(8), address routing
|
|
bounce(8), delivery status reports
|
|
postconf(5), configuration parameters
|
|
master(5), generic daemon options
|
|
master(8), process manager
|
|
postlogd(8), Postfix logging
|
|
syslogd(8), system logging
|
|
.SH "README FILES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Use "\fBpostconf readme_directory\fR" or
|
|
"\fBpostconf html_directory\fR" to locate this information.
|
|
.na
|
|
.nf
|
|
QSHAPE_README, Postfix queue analysis
|
|
.SH "LICENSE"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH "AUTHOR(S)"
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
Wietse Venema
|
|
Google, Inc.
|
|
111 8th Avenue
|
|
New York, NY 10011, USA
|