1312 lines
54 KiB
Groff
1312 lines
54 KiB
Groff
.TH SMTPD 8
|
|
.ad
|
|
.fi
|
|
.SH NAME
|
|
smtpd
|
|
\-
|
|
Postfix SMTP server
|
|
.SH "SYNOPSIS"
|
|
.na
|
|
.nf
|
|
\fBsmtpd\fR [generic Postfix daemon options]
|
|
|
|
\fBsendmail \-bs\fR
|
|
.SH DESCRIPTION
|
|
.ad
|
|
.fi
|
|
The SMTP server accepts network connection requests
|
|
and performs zero or more SMTP transactions per connection.
|
|
Each received message is piped through the \fBcleanup\fR(8)
|
|
daemon, and is placed into the \fBincoming\fR queue as one
|
|
single queue file. For this mode of operation, the program
|
|
expects to be run from the \fBmaster\fR(8) process manager.
|
|
|
|
Alternatively, the SMTP server be can run in stand\-alone
|
|
mode; this is traditionally obtained with "\fBsendmail
|
|
\-bs\fR". When the SMTP server runs stand\-alone with non
|
|
$\fBmail_owner\fR privileges, it receives mail even while
|
|
the mail system is not running, deposits messages directly
|
|
into the \fBmaildrop\fR queue, and disables the SMTP server's
|
|
access policies. As of Postfix version 2.3, the SMTP server
|
|
refuses to receive mail from the network when it runs with
|
|
non $\fBmail_owner\fR privileges.
|
|
|
|
The SMTP server implements a variety of policies for connection
|
|
requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR
|
|
and \fBRCPT TO\fR commands. They are detailed below and in the
|
|
\fBmain.cf\fR configuration file.
|
|
.SH "SECURITY"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The SMTP server is moderately security\-sensitive. It talks to SMTP
|
|
clients and to DNS servers on the network. The SMTP server can be
|
|
run chrooted at fixed low privilege.
|
|
.SH "STANDARDS"
|
|
.na
|
|
.nf
|
|
RFC 821 (SMTP protocol)
|
|
RFC 1123 (Host requirements)
|
|
RFC 1652 (8bit\-MIME transport)
|
|
RFC 1869 (SMTP service extensions)
|
|
RFC 1870 (Message size declaration)
|
|
RFC 1985 (ETRN command)
|
|
RFC 2034 (SMTP enhanced status codes)
|
|
RFC 2554 (AUTH command)
|
|
RFC 2821 (SMTP protocol)
|
|
RFC 2920 (SMTP pipelining)
|
|
RFC 3030 (CHUNKING without BINARYMIME)
|
|
RFC 3207 (STARTTLS command)
|
|
RFC 3461 (SMTP DSN extension)
|
|
RFC 3463 (Enhanced status codes)
|
|
RFC 3848 (ESMTP transmission types)
|
|
RFC 4409 (Message submission)
|
|
RFC 4954 (AUTH command)
|
|
RFC 5321 (SMTP protocol)
|
|
RFC 6531 (Internationalized SMTP)
|
|
RFC 6533 (Internationalized Delivery Status Notifications)
|
|
RFC 7505 ("Null MX" No Service Resource Record)
|
|
.SH DIAGNOSTICS
|
|
.ad
|
|
.fi
|
|
Problems and transactions are logged to \fBsyslogd\fR(8)
|
|
or \fBpostlogd\fR(8).
|
|
|
|
Depending on the setting of the \fBnotify_classes\fR parameter,
|
|
the postmaster is notified of bounces, protocol problems,
|
|
policy violations, and of other trouble.
|
|
.SH "CONFIGURATION PARAMETERS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8)
|
|
processes run for only a limited amount of time. Use the command
|
|
"\fBpostfix reload\fR" to speed up a change.
|
|
|
|
The text below provides only a parameter summary. See
|
|
\fBpostconf\fR(5) for more details including examples.
|
|
.SH "COMPATIBILITY CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following parameters work around implementation errors in other
|
|
software, and/or allow you to override standards in order to prevent
|
|
undesirable use.
|
|
.ad
|
|
.fi
|
|
.IP "\fBbroken_sasl_auth_clients (no)\fR"
|
|
Enable interoperability with remote SMTP clients that implement an obsolete
|
|
version of the AUTH command (RFC 4954).
|
|
.IP "\fBdisable_vrfy_command (no)\fR"
|
|
Disable the SMTP VRFY command.
|
|
.IP "\fBsmtpd_noop_commands (empty)\fR"
|
|
List of commands that the Postfix SMTP server replies to with "250
|
|
Ok", without doing any syntax checks and without changing state.
|
|
.IP "\fBstrict_rfc821_envelopes (no)\fR"
|
|
Require that addresses received in SMTP MAIL FROM and RCPT TO
|
|
commands are enclosed with <>, and that those addresses do
|
|
not contain RFC 822 style comments or phrases.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
|
|
Request that the Postfix SMTP server rejects mail from unknown
|
|
sender addresses, even when no explicit reject_unlisted_sender
|
|
access restriction is specified.
|
|
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
|
|
What remote SMTP clients the Postfix SMTP server will not offer
|
|
AUTH support to.
|
|
.PP
|
|
Available in Postfix version 2.2 and later:
|
|
.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR"
|
|
Lookup tables, indexed by the remote SMTP client address, with
|
|
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
|
|
etc.) that the Postfix SMTP server will not send in the EHLO response
|
|
to a
|
|
remote SMTP client.
|
|
.IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR"
|
|
A case insensitive list of EHLO keywords (pipelining, starttls,
|
|
auth, etc.) that the Postfix SMTP server will not send in the EHLO
|
|
response
|
|
to a remote SMTP client.
|
|
.IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR"
|
|
Postpone the start of an SMTP mail transaction until a valid
|
|
RCPT TO command is received.
|
|
.PP
|
|
Available in Postfix version 2.3 and later:
|
|
.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
|
|
Force the Postfix SMTP server to issue a TLS session id, even
|
|
when TLS session caching is turned off (smtpd_tls_session_cache_database
|
|
is empty).
|
|
.PP
|
|
Available in Postfix version 2.6 and later:
|
|
.IP "\fBtcp_windowsize (0)\fR"
|
|
An optional workaround for routers that break TCP window scaling.
|
|
.PP
|
|
Available in Postfix version 2.7 and later:
|
|
.IP "\fBsmtpd_command_filter (empty)\fR"
|
|
A mechanism to transform commands from remote SMTP clients.
|
|
.PP
|
|
Available in Postfix version 2.9 \- 3.6:
|
|
.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
|
|
Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
|
|
time limits, from a
|
|
time limit per read or write system call, to a time limit to send
|
|
or receive a complete record (an SMTP command line, SMTP response
|
|
line, SMTP message content line, or TLS protocol message).
|
|
.PP
|
|
Available in Postfix version 3.0 and later:
|
|
.IP "\fBsmtpd_dns_reply_filter (empty)\fR"
|
|
Optional filter for Postfix SMTP server DNS lookup results.
|
|
.PP
|
|
Available in Postfix 3.5 and later:
|
|
.IP "\fBinfo_log_address_format (external)\fR"
|
|
The email address form that will be used in non\-debug logging
|
|
(info, warning, etc.).
|
|
.PP
|
|
Available in Postfix version 3.6 and later:
|
|
.IP "\fBsmtpd_relay_before_recipient_restrictions (see 'postconf -d' output)\fR"
|
|
Evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions.
|
|
.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
|
|
Optional setting that avoids lookups in the \fBservices\fR(5) database.
|
|
.PP
|
|
Available in Postfix version 3.7 and later:
|
|
.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR"
|
|
Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
|
|
time limits, from a time limit per plaintext or TLS read or write
|
|
call, to a combined time limit for receiving a complete SMTP request
|
|
and for sending a complete SMTP response.
|
|
.IP "\fBsmtpd_min_data_rate (500)\fR"
|
|
The minimum plaintext data transfer rate in bytes/second for
|
|
DATA and BDAT requests, when deadlines are enabled with
|
|
smtpd_per_request_deadline.
|
|
.SH "ADDRESS REWRITING CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
See the ADDRESS_REWRITING_README document for a detailed
|
|
discussion of Postfix address rewriting.
|
|
.IP "\fBreceive_override_options (empty)\fR"
|
|
Enable or disable recipient validation, built\-in content
|
|
filtering, or address mapping.
|
|
.PP
|
|
Available in Postfix version 2.2 and later:
|
|
.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
|
|
Rewrite or add message headers in mail from these clients,
|
|
updating incomplete addresses with the domain name in $myorigin or
|
|
$mydomain, and adding missing headers.
|
|
.SH "BEFORE-SMTPD PROXY AGENT"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Available in Postfix version 2.10 and later:
|
|
.IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR"
|
|
The name of the proxy protocol used by an optional before\-smtpd
|
|
proxy agent.
|
|
.IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR"
|
|
The time limit for the proxy protocol specified with the
|
|
smtpd_upstream_proxy_protocol parameter.
|
|
.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
As of version 1.0, Postfix can be configured to send new mail to
|
|
an external content filter AFTER the mail is queued. This content
|
|
filter is expected to inject mail back into a (Postfix or other)
|
|
MTA for further delivery. See the FILTER_README document for details.
|
|
.IP "\fBcontent_filter (empty)\fR"
|
|
After the message is queued, send the entire message to the
|
|
specified \fItransport:destination\fR.
|
|
.SH "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
As of version 2.1, the Postfix SMTP server can be configured
|
|
to send incoming mail to a real\-time SMTP\-based content filter
|
|
BEFORE mail is queued. This content filter is expected to inject
|
|
mail back into Postfix. See the SMTPD_PROXY_README document for
|
|
details on how to configure and operate this feature.
|
|
.IP "\fBsmtpd_proxy_filter (empty)\fR"
|
|
The hostname and TCP port of the mail filtering proxy server.
|
|
.IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR"
|
|
How the Postfix SMTP server announces itself to the proxy filter.
|
|
.IP "\fBsmtpd_proxy_options (empty)\fR"
|
|
List of options that control how the Postfix SMTP server
|
|
communicates with a before\-queue content filter.
|
|
.IP "\fBsmtpd_proxy_timeout (100s)\fR"
|
|
The time limit for connecting to a proxy filter and for sending or
|
|
receiving information.
|
|
.SH "BEFORE QUEUE MILTER CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
As of version 2.3, Postfix supports the Sendmail version 8
|
|
Milter (mail filter) protocol. These content filters run
|
|
outside Postfix. They can inspect the SMTP command stream
|
|
and the message content, and can request modifications before
|
|
mail is queued. For details see the MILTER_README document.
|
|
.IP "\fBsmtpd_milters (empty)\fR"
|
|
A list of Milter (mail filter) applications for new mail that
|
|
arrives via the Postfix \fBsmtpd\fR(8) server.
|
|
.IP "\fBmilter_protocol (6)\fR"
|
|
The mail filter protocol version and optional protocol extensions
|
|
for communication with a Milter application; prior to Postfix 2.6
|
|
the default protocol is 2.
|
|
.IP "\fBmilter_default_action (tempfail)\fR"
|
|
The default action when a Milter (mail filter) response is
|
|
unavailable (for example, bad Postfix configuration or Milter
|
|
failure).
|
|
.IP "\fBmilter_macro_daemon_name ($myhostname)\fR"
|
|
The {daemon_name} macro value for Milter (mail filter) applications.
|
|
.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR"
|
|
The {v} macro value for Milter (mail filter) applications.
|
|
.IP "\fBmilter_connect_timeout (30s)\fR"
|
|
The time limit for connecting to a Milter (mail filter)
|
|
application, and for negotiating protocol options.
|
|
.IP "\fBmilter_command_timeout (30s)\fR"
|
|
The time limit for sending an SMTP command to a Milter (mail
|
|
filter) application, and for receiving the response.
|
|
.IP "\fBmilter_content_timeout (300s)\fR"
|
|
The time limit for sending message content to a Milter (mail
|
|
filter) application, and for receiving the response.
|
|
.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after completion of an SMTP connection.
|
|
.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP HELO or EHLO command.
|
|
.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP MAIL FROM command.
|
|
.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after the SMTP RCPT TO command.
|
|
.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to version 4 or higher Milter (mail
|
|
filter) applications after the SMTP DATA command.
|
|
.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to version 3 or higher Milter (mail
|
|
filter) applications after an unknown SMTP command.
|
|
.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after the end of the message header.
|
|
.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
|
|
The macros that are sent to Milter (mail filter) applications
|
|
after the message end\-of\-data.
|
|
.PP
|
|
Available in Postfix version 3.1 and later:
|
|
.IP "\fBmilter_macro_defaults (empty)\fR"
|
|
Optional list of \fIname=value\fR pairs that specify default
|
|
values for arbitrary macros that Postfix may send to Milter
|
|
applications.
|
|
.PP
|
|
Available in Postfix version 3.2 and later:
|
|
.IP "\fBsmtpd_milter_maps (empty)\fR"
|
|
Lookup tables with Milter settings per remote SMTP client IP
|
|
address.
|
|
.SH "GENERAL CONTENT INSPECTION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following parameters are applicable for both built\-in
|
|
and external content filters.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBreceive_override_options (empty)\fR"
|
|
Enable or disable recipient validation, built\-in content
|
|
filtering, or address mapping.
|
|
.SH "EXTERNAL CONTENT INSPECTION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following parameters are applicable for both before\-queue
|
|
and after\-queue content filtering.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_authorized_xforward_hosts (empty)\fR"
|
|
What remote SMTP clients are allowed to use the XFORWARD feature.
|
|
.SH "SASL AUTHENTICATION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Postfix SASL support (RFC 4954) can be used to authenticate remote
|
|
SMTP clients to the Postfix SMTP server, and to authenticate the
|
|
Postfix SMTP client to a remote SMTP server.
|
|
See the SASL_README document for details.
|
|
.IP "\fBbroken_sasl_auth_clients (no)\fR"
|
|
Enable interoperability with remote SMTP clients that implement an obsolete
|
|
version of the AUTH command (RFC 4954).
|
|
.IP "\fBsmtpd_sasl_auth_enable (no)\fR"
|
|
Enable SASL authentication in the Postfix SMTP server.
|
|
.IP "\fBsmtpd_sasl_local_domain (empty)\fR"
|
|
The name of the Postfix SMTP server's local SASL authentication
|
|
realm.
|
|
.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR"
|
|
Postfix SMTP server SASL security options; as of Postfix 2.3
|
|
the list of available
|
|
features depends on the SASL server implementation that is selected
|
|
with \fBsmtpd_sasl_type\fR.
|
|
.IP "\fBsmtpd_sender_login_maps (empty)\fR"
|
|
Optional lookup table with the SASL login names that own the
|
|
envelope sender
|
|
(MAIL FROM) addresses.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR"
|
|
What remote SMTP clients the Postfix SMTP server will not offer
|
|
AUTH support to.
|
|
.PP
|
|
Available in Postfix version 2.1 and 2.2:
|
|
.IP "\fBsmtpd_sasl_application_name (smtpd)\fR"
|
|
The application name that the Postfix SMTP server uses for SASL
|
|
server initialization.
|
|
.PP
|
|
Available in Postfix version 2.3 and later:
|
|
.IP "\fBsmtpd_sasl_authenticated_header (no)\fR"
|
|
Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received
|
|
message header.
|
|
.IP "\fBsmtpd_sasl_path (smtpd)\fR"
|
|
Implementation\-specific information that the Postfix SMTP server
|
|
passes through to
|
|
the SASL plug\-in implementation that is selected with
|
|
\fBsmtpd_sasl_type\fR.
|
|
.IP "\fBsmtpd_sasl_type (cyrus)\fR"
|
|
The SASL plug\-in type that the Postfix SMTP server should use
|
|
for authentication.
|
|
.PP
|
|
Available in Postfix version 2.5 and later:
|
|
.IP "\fBcyrus_sasl_config_path (empty)\fR"
|
|
Search path for Cyrus SASL application configuration files,
|
|
currently used only to locate the $smtpd_sasl_path.conf file.
|
|
.PP
|
|
Available in Postfix version 2.11 and later:
|
|
.IP "\fBsmtpd_sasl_service (smtp)\fR"
|
|
The service name that is passed to the SASL plug\-in that is
|
|
selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR.
|
|
.PP
|
|
Available in Postfix version 3.4 and later:
|
|
.IP "\fBsmtpd_sasl_response_limit (12288)\fR"
|
|
The maximum length of a SASL client's response to a server challenge.
|
|
.PP
|
|
Available in Postfix 3.6 and later:
|
|
.IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR"
|
|
If non\-empty, a filter for the SASL mechanism names that the
|
|
Postfix SMTP server will announce in the EHLO response.
|
|
.SH "STARTTLS SUPPORT CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Detailed information about STARTTLS configuration may be
|
|
found in the TLS_README document.
|
|
.IP "\fBsmtpd_tls_security_level (empty)\fR"
|
|
The SMTP TLS security level for the Postfix SMTP server; when
|
|
a non\-empty value is specified, this overrides the obsolete parameters
|
|
smtpd_use_tls and smtpd_enforce_tls.
|
|
.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
|
|
The SASL authentication security options that the Postfix SMTP
|
|
server uses for TLS encrypted SMTP sessions.
|
|
.IP "\fBsmtpd_starttls_timeout (see 'postconf -d' output)\fR"
|
|
The time limit for Postfix SMTP server write and read operations
|
|
during TLS startup and shutdown handshake procedures.
|
|
.IP "\fBsmtpd_tls_CAfile (empty)\fR"
|
|
A file containing (PEM format) CA certificates of root CAs trusted
|
|
to sign either remote SMTP client certificates or intermediate CA
|
|
certificates.
|
|
.IP "\fBsmtpd_tls_CApath (empty)\fR"
|
|
A directory containing (PEM format) CA certificates of root CAs
|
|
trusted to sign either remote SMTP client certificates or intermediate CA
|
|
certificates.
|
|
.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
|
|
Force the Postfix SMTP server to issue a TLS session id, even
|
|
when TLS session caching is turned off (smtpd_tls_session_cache_database
|
|
is empty).
|
|
.IP "\fBsmtpd_tls_ask_ccert (no)\fR"
|
|
Ask a remote SMTP client for a client certificate.
|
|
.IP "\fBsmtpd_tls_auth_only (no)\fR"
|
|
When TLS encryption is optional in the Postfix SMTP server, do
|
|
not announce or accept SASL authentication over unencrypted
|
|
connections.
|
|
.IP "\fBsmtpd_tls_ccert_verifydepth (9)\fR"
|
|
The verification depth for remote SMTP client certificates.
|
|
.IP "\fBsmtpd_tls_cert_file (empty)\fR"
|
|
File with the Postfix SMTP server RSA certificate in PEM format.
|
|
.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
|
|
List of ciphers or cipher types to exclude from the SMTP server
|
|
cipher list at all TLS security levels.
|
|
.IP "\fBsmtpd_tls_dcert_file (empty)\fR"
|
|
File with the Postfix SMTP server DSA certificate in PEM format.
|
|
.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
|
|
File with DH parameters that the Postfix SMTP server should
|
|
use with non\-export EDH ciphers.
|
|
.IP "\fBsmtpd_tls_dh512_param_file (empty)\fR"
|
|
File with DH parameters that the Postfix SMTP server should
|
|
use with export\-grade EDH ciphers.
|
|
.IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR"
|
|
File with the Postfix SMTP server DSA private key in PEM format.
|
|
.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR"
|
|
File with the Postfix SMTP server RSA private key in PEM format.
|
|
.IP "\fBsmtpd_tls_loglevel (0)\fR"
|
|
Enable additional Postfix SMTP server logging of TLS activity.
|
|
.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
|
|
The minimum TLS cipher grade that the Postfix SMTP server will
|
|
use with mandatory TLS encryption.
|
|
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
|
|
Additional list of ciphers or cipher types to exclude from the
|
|
Postfix SMTP server cipher list at mandatory TLS security levels.
|
|
.IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR"
|
|
TLS protocols accepted by the Postfix SMTP server with mandatory TLS
|
|
encryption.
|
|
.IP "\fBsmtpd_tls_received_header (no)\fR"
|
|
Request that the Postfix SMTP server produces Received: message
|
|
headers that include information about the protocol and cipher used,
|
|
as well as the remote SMTP client CommonName and client certificate issuer
|
|
CommonName.
|
|
.IP "\fBsmtpd_tls_req_ccert (no)\fR"
|
|
With mandatory TLS encryption, require a trusted remote SMTP client
|
|
certificate in order to allow TLS connections to proceed.
|
|
.IP "\fBsmtpd_tls_wrappermode (no)\fR"
|
|
Run the Postfix SMTP server in TLS "wrapper" mode,
|
|
instead of using the STARTTLS command.
|
|
.IP "\fBtls_daemon_random_bytes (32)\fR"
|
|
The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
|
|
process requests from the \fBtlsmgr\fR(8) server in order to seed its
|
|
internal pseudo random number generator (PRNG).
|
|
.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
|
|
The OpenSSL cipherlist for "high" grade ciphers.
|
|
.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
|
|
The OpenSSL cipherlist for "medium" or higher grade ciphers.
|
|
.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
|
|
The OpenSSL cipherlist for "NULL" grade ciphers that provide
|
|
authentication without encryption.
|
|
.PP
|
|
Available in Postfix version 2.3..3.7:
|
|
.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
|
|
The OpenSSL cipherlist for "low" or higher grade ciphers.
|
|
.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
|
|
The OpenSSL cipherlist for "export" or higher grade ciphers.
|
|
.PP
|
|
Available in Postfix version 2.5 and later:
|
|
.IP "\fBsmtpd_tls_fingerprint_digest (see 'postconf -d' output)\fR"
|
|
The message digest algorithm to construct remote SMTP client\-certificate
|
|
fingerprints or public key fingerprints (Postfix 2.9 and later) for
|
|
\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR.
|
|
.PP
|
|
Available in Postfix version 2.6 and later:
|
|
.IP "\fBsmtpd_tls_protocols (see 'postconf -d' output)\fR"
|
|
TLS protocols accepted by the Postfix SMTP server with opportunistic
|
|
TLS encryption.
|
|
.IP "\fBsmtpd_tls_ciphers (medium)\fR"
|
|
The minimum TLS cipher grade that the Postfix SMTP server
|
|
will use with opportunistic TLS encryption.
|
|
.IP "\fBsmtpd_tls_eccert_file (empty)\fR"
|
|
File with the Postfix SMTP server ECDSA certificate in PEM format.
|
|
.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR"
|
|
File with the Postfix SMTP server ECDSA private key in PEM format.
|
|
.IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR"
|
|
The Postfix SMTP server security grade for ephemeral elliptic\-curve
|
|
Diffie\-Hellman (EECDH) key exchange.
|
|
.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
|
|
The elliptic curve used by the Postfix SMTP server for sensibly
|
|
strong
|
|
ephemeral ECDH key exchange.
|
|
.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
|
|
The elliptic curve used by the Postfix SMTP server for maximally
|
|
strong
|
|
ephemeral ECDH key exchange.
|
|
.PP
|
|
Available in Postfix version 2.8 and later:
|
|
.IP "\fBtls_preempt_cipherlist (no)\fR"
|
|
With SSLv3 and later, use the Postfix SMTP server's cipher
|
|
preference order instead of the remote client's cipher preference
|
|
order.
|
|
.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
|
|
List or bit\-mask of OpenSSL bug work\-arounds to disable.
|
|
.PP
|
|
Available in Postfix version 2.11 and later:
|
|
.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
|
|
The name of the \fBtlsmgr\fR(8) service entry in master.cf.
|
|
.PP
|
|
Available in Postfix version 3.0 and later:
|
|
.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR"
|
|
Algorithm used to encrypt RFC5077 TLS session tickets.
|
|
.PP
|
|
Available in Postfix version 3.2 and later:
|
|
.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
|
|
The prioritized list of elliptic curves, that should be enabled in the
|
|
Postfix SMTP client and server.
|
|
.PP
|
|
Available in Postfix version 3.4 and later:
|
|
.IP "\fBsmtpd_tls_chain_files (empty)\fR"
|
|
List of one or more PEM files, each holding one or more private keys
|
|
directly followed by a corresponding certificate chain.
|
|
.IP "\fBtls_server_sni_maps (empty)\fR"
|
|
Optional lookup tables that map names received from remote SMTP
|
|
clients via the TLS Server Name Indication (SNI) extension to the
|
|
appropriate keys and certificate chains.
|
|
.PP
|
|
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
|
|
.IP "\fBtls_fast_shutdown_enable (yes)\fR"
|
|
A workaround for implementations that hang Postfix while shutting
|
|
down a TLS session, until Postfix times out.
|
|
.PP
|
|
Available in Postfix version 3.8 and later:
|
|
.IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
|
|
The prioritized list of finite\-field Diffie\-Hellman ephemeral
|
|
(FFDHE) key exchange groups supported by the Postfix SMTP client and
|
|
server.
|
|
.PP
|
|
Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
|
|
.IP "\fBtls_config_file (default)\fR"
|
|
Optional configuration file with baseline OpenSSL settings.
|
|
.IP "\fBtls_config_name (empty)\fR"
|
|
The application name passed by Postfix to OpenSSL library
|
|
initialization functions.
|
|
.PP
|
|
Available in Postfix version 3.9 and later:
|
|
.IP "\fBsmtpd_tls_enable_rpk (no)\fR"
|
|
Request that remote SMTP clients send an RFC7250 raw public key
|
|
instead of an X.509 certificate, when asking for or requiring client
|
|
authentication.
|
|
.SH "OBSOLETE STARTTLS CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following configuration parameters exist for compatibility
|
|
with Postfix versions before 2.3. Support for these will
|
|
be removed in a future release.
|
|
.IP "\fBsmtpd_use_tls (no)\fR"
|
|
Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
|
|
but do not require that clients use TLS encryption.
|
|
.IP "\fBsmtpd_enforce_tls (no)\fR"
|
|
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
|
|
and reject all plaintext commands except HELO, EHLO, XCLIENT,
|
|
STARTTLS, NOOP, QUIT, and (Postfix >= 3.9) HELP.
|
|
.IP "\fBsmtpd_tls_cipherlist (empty)\fR"
|
|
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
|
|
cipher list.
|
|
.SH "SMTPUTF8 CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
|
|
.IP "\fBsmtputf8_enable (yes)\fR"
|
|
Enable preliminary SMTPUTF8 support for the protocols described
|
|
in RFC 6531, RFC 6532, and RFC 6533.
|
|
.IP "\fBstrict_smtputf8 (no)\fR"
|
|
Enable stricter enforcement of the SMTPUTF8 protocol.
|
|
.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
|
|
Detect that a message requires SMTPUTF8 support for the specified
|
|
mail origin classes.
|
|
.PP
|
|
Available in Postfix version 3.2 and later:
|
|
.IP "\fBenable_idna2003_compatibility (no)\fR"
|
|
Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
|
|
when converting UTF\-8 domain names to/from the ASCII form that is
|
|
used for DNS lookups.
|
|
.SH "VERP SUPPORT CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
With VERP style delivery, each recipient of a message receives a
|
|
customized copy of the message with his/her own recipient address
|
|
encoded in the envelope sender address. The VERP_README file
|
|
describes configuration and operation details of Postfix support
|
|
for variable envelope return path addresses. VERP style delivery
|
|
is requested with the SMTP XVERP command or with the "sendmail
|
|
\-V" command\-line option and is available in Postfix version 1.1
|
|
and later.
|
|
.IP "\fBdefault_verp_delimiters (+=)\fR"
|
|
The two default VERP delimiter characters.
|
|
.IP "\fBverp_delimiter_filter (\-=+)\fR"
|
|
The characters Postfix accepts as VERP delimiter characters on the
|
|
Postfix \fBsendmail\fR(1) command line and in SMTP commands.
|
|
.PP
|
|
Available in Postfix version 1.1 and 2.0:
|
|
.IP "\fBauthorized_verp_clients ($mynetworks)\fR"
|
|
What remote SMTP clients are allowed to specify the XVERP command.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_authorized_verp_clients ($authorized_verp_clients)\fR"
|
|
What remote SMTP clients are allowed to specify the XVERP command.
|
|
.SH "TROUBLE SHOOTING CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The DEBUG_README document describes how to debug parts of the
|
|
Postfix mail system. The methods vary from making the software log
|
|
a lot of detail, to running some daemon processes under control of
|
|
a call tracer or debugger.
|
|
.IP "\fBdebug_peer_level (2)\fR"
|
|
The increment in verbose logging level when a nexthop destination,
|
|
remote client or server name or network address matches a pattern
|
|
given with the debug_peer_list parameter.
|
|
.IP "\fBdebug_peer_list (empty)\fR"
|
|
Optional list of nexthop destination, remote client or server
|
|
name or network address patterns that, if matched, cause the verbose
|
|
logging level to increase by the amount specified in $debug_peer_level.
|
|
.IP "\fBerror_notice_recipient (postmaster)\fR"
|
|
The recipient of postmaster notifications about mail delivery
|
|
problems that are caused by policy, resource, software or protocol
|
|
errors.
|
|
.IP "\fBinternal_mail_filter_classes (empty)\fR"
|
|
What categories of Postfix\-generated mail are subject to
|
|
before\-queue content inspection by non_smtpd_milters, header_checks
|
|
and body_checks.
|
|
.IP "\fBnotify_classes (resource, software)\fR"
|
|
The list of error classes that are reported to the postmaster.
|
|
.IP "\fBsmtpd_reject_footer (empty)\fR"
|
|
Optional information that is appended after each Postfix SMTP
|
|
server
|
|
4XX or 5XX response.
|
|
.IP "\fBsoft_bounce (no)\fR"
|
|
Safety net to keep mail queued that would otherwise be returned to
|
|
the sender.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR"
|
|
What remote SMTP clients are allowed to use the XCLIENT feature.
|
|
.PP
|
|
Available in Postfix version 2.10 and later:
|
|
.IP "\fBsmtpd_log_access_permit_actions (empty)\fR"
|
|
Enable logging of the named "permit" actions in SMTP server
|
|
access lists (by default, the SMTP server logs "reject" actions but
|
|
not "permit" actions).
|
|
.SH "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
As of Postfix version 2.0, the SMTP server rejects mail for
|
|
unknown recipients. This prevents the mail queue from clogging up
|
|
with undeliverable MAILER\-DAEMON messages. Additional information
|
|
on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README
|
|
documents.
|
|
.IP "\fBshow_user_unknown_table_name (yes)\fR"
|
|
Display the name of the recipient table in the "User unknown"
|
|
responses.
|
|
.IP "\fBcanonical_maps (empty)\fR"
|
|
Optional address mapping lookup tables for message headers and
|
|
envelopes.
|
|
.IP "\fBrecipient_canonical_maps (empty)\fR"
|
|
Optional address mapping lookup tables for envelope and header
|
|
recipient addresses.
|
|
.IP "\fBsender_canonical_maps (empty)\fR"
|
|
Optional address mapping lookup tables for envelope and header
|
|
sender addresses.
|
|
.PP
|
|
Parameters concerning known/unknown local recipients:
|
|
.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
|
|
The list of domains that are delivered via the $local_transport
|
|
mail delivery transport.
|
|
.IP "\fBinet_interfaces (all)\fR"
|
|
The local network interface addresses that this mail system
|
|
receives mail on.
|
|
.IP "\fBproxy_interfaces (empty)\fR"
|
|
The remote network interface addresses that this mail system receives mail
|
|
on by way of a proxy or network address translation unit.
|
|
.IP "\fBinet_protocols (see 'postconf -d' output)\fR"
|
|
The Internet protocols Postfix will attempt to use when making
|
|
or accepting connections.
|
|
.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
|
|
Lookup tables with all names or addresses of valid local
|
|
recipients.
|
|
.IP "\fBunknown_local_recipient_reject_code (550)\fR"
|
|
The numerical Postfix SMTP server response code when a recipient
|
|
address is local, and $local_recipient_maps specifies a list of
|
|
lookup tables that does not match the recipient.
|
|
.PP
|
|
Parameters concerning known/unknown recipients of relay destinations:
|
|
.IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR"
|
|
What destination domains (and subdomains thereof) this system
|
|
will relay mail to.
|
|
.IP "\fBrelay_recipient_maps (empty)\fR"
|
|
Optional lookup tables with all valid addresses in the domains
|
|
that match $relay_domains.
|
|
.IP "\fBunknown_relay_recipient_reject_code (550)\fR"
|
|
The numerical Postfix SMTP server reply code when a recipient
|
|
address matches $relay_domains, and relay_recipient_maps specifies
|
|
a list of lookup tables that does not match the recipient address.
|
|
.PP
|
|
Parameters concerning known/unknown recipients in virtual alias
|
|
domains:
|
|
.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
|
|
Postfix is the final destination for the specified list of virtual
|
|
alias domains, that is, domains for which all addresses are aliased
|
|
to addresses in other local or remote domains.
|
|
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
|
|
Optional lookup tables that are often searched with a full email
|
|
address (including domain) and that apply to all recipients: \fBlocal\fR(8),
|
|
virtual, and remote; this is unlike alias_maps that are only searched
|
|
with an email address localpart (no domain) and that apply
|
|
only to \fBlocal\fR(8) recipients.
|
|
.IP "\fBunknown_virtual_alias_reject_code (550)\fR"
|
|
The Postfix SMTP server reply code when a recipient address matches
|
|
$virtual_alias_domains, and $virtual_alias_maps specifies a list
|
|
of lookup tables that does not match the recipient address.
|
|
.PP
|
|
Parameters concerning known/unknown recipients in virtual mailbox
|
|
domains:
|
|
.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR"
|
|
Postfix is the final destination for the specified list of domains;
|
|
mail is delivered via the $virtual_transport mail delivery transport.
|
|
.IP "\fBvirtual_mailbox_maps (empty)\fR"
|
|
Optional lookup tables with all valid addresses in the domains that
|
|
match $virtual_mailbox_domains.
|
|
.IP "\fBunknown_virtual_mailbox_reject_code (550)\fR"
|
|
The Postfix SMTP server reply code when a recipient address matches
|
|
$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list
|
|
of lookup tables that does not match the recipient address.
|
|
.SH "RESOURCE AND RATE CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following parameters limit resource usage by the SMTP
|
|
server and/or control client request rates.
|
|
.IP "\fBline_length_limit (2048)\fR"
|
|
Upon input, long lines are chopped up into pieces of at most
|
|
this length; upon delivery, long lines are reconstructed.
|
|
.IP "\fBqueue_minfree (0)\fR"
|
|
The minimal amount of free space in bytes in the queue file system
|
|
that is needed to receive mail.
|
|
.IP "\fBmessage_size_limit (10240000)\fR"
|
|
The maximal size in bytes of a message, including envelope information.
|
|
.IP "\fBsmtpd_recipient_limit (1000)\fR"
|
|
The maximal number of recipients that the Postfix SMTP server
|
|
accepts per message delivery request.
|
|
.IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR"
|
|
When the Postfix SMTP server wants to send an SMTP server
|
|
response, how long the Postfix SMTP server will wait for an underlying
|
|
network write operation to complete; and when the Postfix SMTP
|
|
server Postfix wants to receive an SMTP client request, how long
|
|
the Postfix SMTP server will wait for an underlying network read
|
|
operation to complete.
|
|
.IP "\fBsmtpd_history_flush_threshold (100)\fR"
|
|
The maximal number of lines in the Postfix SMTP server command history
|
|
before it is flushed upon receipt of EHLO, RSET, or end of DATA.
|
|
.PP
|
|
Available in Postfix version 2.3 and later:
|
|
.IP "\fBsmtpd_peername_lookup (yes)\fR"
|
|
Attempt to look up the remote SMTP client hostname, and verify that
|
|
the name matches the client IP address.
|
|
.PP
|
|
The per SMTP client connection count and request rate limits are
|
|
implemented in co\-operation with the \fBanvil\fR(8) service, and
|
|
are available in Postfix version 2.2 and later.
|
|
.IP "\fBsmtpd_client_connection_count_limit (50)\fR"
|
|
How many simultaneous connections any client is allowed to
|
|
make to this service.
|
|
.IP "\fBsmtpd_client_connection_rate_limit (0)\fR"
|
|
The maximal number of connection attempts any client is allowed to
|
|
make to this service per time unit.
|
|
.IP "\fBsmtpd_client_message_rate_limit (0)\fR"
|
|
The maximal number of message delivery requests that any client is
|
|
allowed to make to this service per time unit, regardless of whether
|
|
or not Postfix actually accepts those messages.
|
|
.IP "\fBsmtpd_client_recipient_rate_limit (0)\fR"
|
|
The maximal number of recipient addresses that any client is allowed
|
|
to send to this service per time unit, regardless of whether or not
|
|
Postfix actually accepts those recipients.
|
|
.IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR"
|
|
Clients that are excluded from smtpd_client_*_count/rate_limit
|
|
restrictions.
|
|
.PP
|
|
Available in Postfix version 2.3 and later:
|
|
.IP "\fBsmtpd_client_new_tls_session_rate_limit (0)\fR"
|
|
The maximal number of new (i.e., uncached) TLS sessions that a
|
|
remote SMTP client is allowed to negotiate with this service per
|
|
time unit.
|
|
.PP
|
|
Available in Postfix version 2.9 \- 3.6:
|
|
.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR"
|
|
Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
|
|
time limits, from a
|
|
time limit per read or write system call, to a time limit to send
|
|
or receive a complete record (an SMTP command line, SMTP response
|
|
line, SMTP message content line, or TLS protocol message).
|
|
.PP
|
|
Available in Postfix version 3.1 and later:
|
|
.IP "\fBsmtpd_client_auth_rate_limit (0)\fR"
|
|
The maximal number of AUTH commands that any client is allowed to
|
|
send to this service per time unit, regardless of whether or not
|
|
Postfix actually accepts those commands.
|
|
.PP
|
|
Available in Postfix version 3.7 and later:
|
|
.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR"
|
|
Change the behavior of the smtpd_timeout and smtpd_starttls_timeout
|
|
time limits, from a time limit per plaintext or TLS read or write
|
|
call, to a combined time limit for receiving a complete SMTP request
|
|
and for sending a complete SMTP response.
|
|
.IP "\fBsmtpd_min_data_rate (500)\fR"
|
|
The minimum plaintext data transfer rate in bytes/second for
|
|
DATA and BDAT requests, when deadlines are enabled with
|
|
smtpd_per_request_deadline.
|
|
.IP "\fBheader_from_format (standard)\fR"
|
|
The format of the Postfix\-generated \fBFrom:\fR header.
|
|
.PP
|
|
Available in Postfix version 3.8 and later:
|
|
.IP "\fBsmtpd_client_ipv4_prefix_length (32)\fR"
|
|
Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
|
|
by IPv4 network blocks with the specified network prefix.
|
|
.IP "\fBsmtpd_client_ipv6_prefix_length (84)\fR"
|
|
Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
|
|
by IPv6 network blocks with the specified network prefix.
|
|
.PP
|
|
Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
|
|
.IP "\fBsmtpd_forbid_unauth_pipelining (Postfix >= 3.9: yes)\fR"
|
|
Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
|
|
command pipelining constraints.
|
|
.PP
|
|
Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
|
|
.IP "\fBsmtpd_forbid_bare_newline (Postfix >= 3.9: normalize)\fR"
|
|
Reject or restrict input lines from an SMTP client that end in
|
|
<LF> instead of the standard <CR><LF>.
|
|
.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR"
|
|
Exclude the specified clients from smtpd_forbid_bare_newline
|
|
enforcement.
|
|
.PP
|
|
Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and
|
|
later:
|
|
.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR"
|
|
The numerical Postfix SMTP server response code when rejecting a
|
|
request with "smtpd_forbid_bare_newline = reject".
|
|
.SH "TARPIT CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
When a remote SMTP client makes errors, the Postfix SMTP server
|
|
can insert delays before responding. This can help to slow down
|
|
run\-away software. The behavior is controlled by an error counter
|
|
that counts the number of errors within an SMTP session that a
|
|
client makes without delivering mail.
|
|
.IP "\fBsmtpd_error_sleep_time (1s)\fR"
|
|
With Postfix version 2.1 and later: the SMTP server response delay after
|
|
a client has made more than $smtpd_soft_error_limit errors, and
|
|
fewer than $smtpd_hard_error_limit errors, without delivering mail.
|
|
.IP "\fBsmtpd_soft_error_limit (10)\fR"
|
|
The number of errors a remote SMTP client is allowed to make without
|
|
delivering mail before the Postfix SMTP server slows down all its
|
|
responses.
|
|
.IP "\fBsmtpd_hard_error_limit (normal: 20, overload: 1)\fR"
|
|
The maximal number of errors a remote SMTP client is allowed to
|
|
make without delivering mail.
|
|
.IP "\fBsmtpd_junk_command_limit (normal: 100, overload: 1)\fR"
|
|
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
|
|
SMTP client can send before the Postfix SMTP server starts to
|
|
increment the error counter with each junk command.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR"
|
|
The number of recipients that a remote SMTP client can send in
|
|
excess of the limit specified with $smtpd_recipient_limit, before
|
|
the Postfix SMTP server increments the per\-session error count
|
|
for each excess recipient.
|
|
.SH "ACCESS POLICY DELEGATION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
As of version 2.1, Postfix can be configured to delegate access
|
|
policy decisions to an external server that runs outside Postfix.
|
|
See the file SMTPD_POLICY_README for more information.
|
|
.IP "\fBsmtpd_policy_service_max_idle (300s)\fR"
|
|
The time after which an idle SMTPD policy service connection is
|
|
closed.
|
|
.IP "\fBsmtpd_policy_service_max_ttl (1000s)\fR"
|
|
The time after which an active SMTPD policy service connection is
|
|
closed.
|
|
.IP "\fBsmtpd_policy_service_timeout (100s)\fR"
|
|
The time limit for connecting to, writing to, or receiving from a
|
|
delegated SMTPD policy server.
|
|
.PP
|
|
Available in Postfix version 3.0 and later:
|
|
.IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR"
|
|
The default action when an SMTPD policy service request fails.
|
|
.IP "\fBsmtpd_policy_service_request_limit (0)\fR"
|
|
The maximal number of requests per SMTPD policy service connection,
|
|
or zero (no limit).
|
|
.IP "\fBsmtpd_policy_service_try_limit (2)\fR"
|
|
The maximal number of attempts to send an SMTPD policy service
|
|
request before giving up.
|
|
.IP "\fBsmtpd_policy_service_retry_delay (1s)\fR"
|
|
The delay between attempts to resend a failed SMTPD policy
|
|
service request.
|
|
.PP
|
|
Available in Postfix version 3.1 and later:
|
|
.IP "\fBsmtpd_policy_service_policy_context (empty)\fR"
|
|
Optional information that the Postfix SMTP server specifies in
|
|
the "policy_context" attribute of a policy service request (originally,
|
|
to share the same service endpoint among multiple check_policy_service
|
|
clients).
|
|
.SH "ACCESS CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The SMTPD_ACCESS_README document gives an introduction to all the
|
|
SMTP server access control features.
|
|
.IP "\fBsmtpd_delay_reject (yes)\fR"
|
|
Wait until the RCPT TO command before evaluating
|
|
$smtpd_client_restrictions, $smtpd_helo_restrictions and
|
|
$smtpd_sender_restrictions, or wait until the ETRN command before
|
|
evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions.
|
|
.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
|
|
A list of Postfix features where the pattern "example.com" also
|
|
matches subdomains of example.com,
|
|
instead of requiring an explicit ".example.com" pattern.
|
|
.IP "\fBsmtpd_client_restrictions (empty)\fR"
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of a client connection request.
|
|
.IP "\fBsmtpd_helo_required (no)\fR"
|
|
Require that a remote SMTP client introduces itself with the HELO
|
|
or EHLO command before sending the MAIL command or other commands
|
|
that require EHLO negotiation.
|
|
.IP "\fBsmtpd_helo_restrictions (empty)\fR"
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of a client HELO command.
|
|
.IP "\fBsmtpd_sender_restrictions (empty)\fR"
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of a client MAIL FROM command.
|
|
.IP "\fBsmtpd_recipient_restrictions (see 'postconf -d' output)\fR"
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of a client RCPT TO command, after smtpd_relay_restrictions.
|
|
.IP "\fBsmtpd_etrn_restrictions (empty)\fR"
|
|
Optional restrictions that the Postfix SMTP server applies in the
|
|
context of a client ETRN command.
|
|
.IP "\fBallow_untrusted_routing (no)\fR"
|
|
Forward mail with sender\-specified routing (user[@%!]remote[@%!]site)
|
|
from untrusted clients to destinations matching $relay_domains.
|
|
.IP "\fBsmtpd_restriction_classes (empty)\fR"
|
|
User\-defined aliases for groups of access restrictions.
|
|
.IP "\fBsmtpd_null_access_lookup_key (<>)\fR"
|
|
The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the
|
|
null sender address.
|
|
.IP "\fBpermit_mx_backup_networks (empty)\fR"
|
|
Restrict the use of the permit_mx_backup SMTP access feature to
|
|
only domains whose primary MX hosts match the listed networks.
|
|
.PP
|
|
Available in Postfix version 2.0 and later:
|
|
.IP "\fBsmtpd_data_restrictions (empty)\fR"
|
|
Optional access restrictions that the Postfix SMTP server applies
|
|
in the context of the SMTP DATA command.
|
|
.IP "\fBsmtpd_expansion_filter (see 'postconf -d' output)\fR"
|
|
What characters are allowed in $name expansions of RBL reply
|
|
templates.
|
|
.PP
|
|
Available in Postfix version 2.1 and later:
|
|
.IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
|
|
Request that the Postfix SMTP server rejects mail from unknown
|
|
sender addresses, even when no explicit reject_unlisted_sender
|
|
access restriction is specified.
|
|
.IP "\fBsmtpd_reject_unlisted_recipient (yes)\fR"
|
|
Request that the Postfix SMTP server rejects mail for unknown
|
|
recipient addresses, even when no explicit reject_unlisted_recipient
|
|
access restriction is specified.
|
|
.PP
|
|
Available in Postfix version 2.2 and later:
|
|
.IP "\fBsmtpd_end_of_data_restrictions (empty)\fR"
|
|
Optional access restrictions that the Postfix SMTP server
|
|
applies in the context of the SMTP END\-OF\-DATA command.
|
|
.PP
|
|
Available in Postfix version 2.10 and later:
|
|
.IP "\fBsmtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)\fR"
|
|
Access restrictions for mail relay control that the Postfix
|
|
SMTP server applies in the context of the RCPT TO command, before
|
|
smtpd_recipient_restrictions.
|
|
.SH "SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Postfix version 2.1 introduces sender and recipient address verification.
|
|
This feature is implemented by sending probe email messages that
|
|
are not actually delivered.
|
|
This feature is requested via the reject_unverified_sender and
|
|
reject_unverified_recipient access restrictions. The status of
|
|
verification probes is maintained by the \fBverify\fR(8) server.
|
|
See the file ADDRESS_VERIFICATION_README for information
|
|
about how to configure and operate the Postfix sender/recipient
|
|
address verification service.
|
|
.IP "\fBaddress_verify_poll_count (normal: 3, overload: 1)\fR"
|
|
How many times to query the \fBverify\fR(8) service for the completion
|
|
of an address verification request in progress.
|
|
.IP "\fBaddress_verify_poll_delay (3s)\fR"
|
|
The delay between queries for the completion of an address
|
|
verification request in progress.
|
|
.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR"
|
|
The sender address to use in address verification probes; prior
|
|
to Postfix 2.5 the default was "postmaster".
|
|
.IP "\fBunverified_sender_reject_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when a recipient
|
|
address is rejected by the reject_unverified_sender restriction.
|
|
.IP "\fBunverified_recipient_reject_code (450)\fR"
|
|
The numerical Postfix SMTP server response when a recipient address
|
|
is rejected by the reject_unverified_recipient restriction.
|
|
.PP
|
|
Available in Postfix version 2.6 and later:
|
|
.IP "\fBunverified_sender_defer_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when a sender address
|
|
probe fails due to a temporary error condition.
|
|
.IP "\fBunverified_recipient_defer_code (450)\fR"
|
|
The numerical Postfix SMTP server response when a recipient address
|
|
probe fails due to a temporary error condition.
|
|
.IP "\fBunverified_sender_reject_reason (empty)\fR"
|
|
The Postfix SMTP server's reply when rejecting mail with
|
|
reject_unverified_sender.
|
|
.IP "\fBunverified_recipient_reject_reason (empty)\fR"
|
|
The Postfix SMTP server's reply when rejecting mail with
|
|
reject_unverified_recipient.
|
|
.IP "\fBunverified_sender_tempfail_action ($reject_tempfail_action)\fR"
|
|
The Postfix SMTP server's action when reject_unverified_sender
|
|
fails due to a temporary error condition.
|
|
.IP "\fBunverified_recipient_tempfail_action ($reject_tempfail_action)\fR"
|
|
The Postfix SMTP server's action when reject_unverified_recipient
|
|
fails due to a temporary error condition.
|
|
.PP
|
|
Available with Postfix 2.9 and later:
|
|
.IP "\fBaddress_verify_sender_ttl (0s)\fR"
|
|
The time between changes in the time\-dependent portion of address
|
|
verification probe sender addresses.
|
|
.SH "ACCESS CONTROL RESPONSES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The following parameters control numerical SMTP reply codes
|
|
and/or text responses.
|
|
.IP "\fBaccess_map_reject_code (554)\fR"
|
|
The numerical Postfix SMTP server response code for
|
|
an \fBaccess\fR(5) map "reject" action.
|
|
.IP "\fBdefer_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is rejected by the "defer" restriction.
|
|
.IP "\fBinvalid_hostname_reject_code (501)\fR"
|
|
The numerical Postfix SMTP server response code when the client
|
|
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
|
|
restriction.
|
|
.IP "\fBmaps_rbl_reject_code (554)\fR"
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
|
|
reject_rhsbl_reverse_client, reject_rhsbl_sender or
|
|
reject_rhsbl_recipient restriction.
|
|
.IP "\fBnon_fqdn_reject_code (504)\fR"
|
|
The numerical Postfix SMTP server reply code when a client request
|
|
is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
|
|
or reject_non_fqdn_recipient restriction.
|
|
.IP "\fBplaintext_reject_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when a request
|
|
is rejected by the \fBreject_plaintext_session\fR restriction.
|
|
.IP "\fBreject_code (554)\fR"
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is rejected by the "reject" restriction.
|
|
.IP "\fBrelay_domains_reject_code (554)\fR"
|
|
The numerical Postfix SMTP server response code when a client
|
|
request is rejected by the reject_unauth_destination recipient
|
|
restriction.
|
|
.IP "\fBunknown_address_reject_code (450)\fR"
|
|
The numerical response code when the Postfix SMTP server rejects a
|
|
sender or recipient address because its domain is unknown.
|
|
.IP "\fBunknown_client_reject_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when a client
|
|
without valid address <=> name mapping is rejected by the
|
|
reject_unknown_client_hostname restriction.
|
|
.IP "\fBunknown_hostname_reject_code (450)\fR"
|
|
The numerical Postfix SMTP server response code when the hostname
|
|
specified with the HELO or EHLO command is rejected by the
|
|
reject_unknown_helo_hostname restriction.
|
|
.PP
|
|
Available in Postfix version 2.0 and later:
|
|
.IP "\fBdefault_rbl_reply (see 'postconf -d' output)\fR"
|
|
The default Postfix SMTP server response template for a request that is
|
|
rejected by an RBL\-based restriction.
|
|
.IP "\fBmulti_recipient_bounce_reject_code (550)\fR"
|
|
The numerical Postfix SMTP server response code when a remote SMTP
|
|
client request is blocked by the reject_multi_recipient_bounce
|
|
restriction.
|
|
.IP "\fBrbl_reply_maps (empty)\fR"
|
|
Optional lookup tables with RBL or RHSBL response templates.
|
|
.PP
|
|
Available in Postfix version 2.6 and later:
|
|
.IP "\fBaccess_map_defer_code (450)\fR"
|
|
The numerical Postfix SMTP server response code for
|
|
an \fBaccess\fR(5) map "defer" action, including "defer_if_permit"
|
|
or "defer_if_reject".
|
|
.IP "\fBreject_tempfail_action (defer_if_permit)\fR"
|
|
The Postfix SMTP server's action when a reject\-type restriction
|
|
fails due to a temporary error condition.
|
|
.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR"
|
|
The Postfix SMTP server's action when reject_unknown_helo_hostname
|
|
fails due to a temporary error condition.
|
|
.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR"
|
|
The Postfix SMTP server's action when reject_unknown_sender_domain
|
|
or reject_unknown_recipient_domain fail due to a temporary error
|
|
condition.
|
|
.SH "MISCELLANEOUS CONTROLS"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
.IP "\fBconfig_directory (see 'postconf -d' output)\fR"
|
|
The default location of the Postfix main.cf and master.cf
|
|
configuration files.
|
|
.IP "\fBdaemon_timeout (18000s)\fR"
|
|
How much time a Postfix daemon process may take to handle a
|
|
request before it is terminated by a built\-in watchdog timer.
|
|
.IP "\fBcommand_directory (see 'postconf -d' output)\fR"
|
|
The location of all postfix administrative commands.
|
|
.IP "\fBdouble_bounce_sender (double\-bounce)\fR"
|
|
The sender address of postmaster notifications that are generated
|
|
by the mail system.
|
|
.IP "\fBipc_timeout (3600s)\fR"
|
|
The time limit for sending or receiving information over an internal
|
|
communication channel.
|
|
.IP "\fBmail_name (Postfix)\fR"
|
|
The mail system name that is displayed in Received: headers, in
|
|
the SMTP greeting banner, and in bounced mail.
|
|
.IP "\fBmail_owner (postfix)\fR"
|
|
The UNIX system account that owns the Postfix queue and most Postfix
|
|
daemon processes.
|
|
.IP "\fBmax_idle (100s)\fR"
|
|
The maximum amount of time that an idle Postfix daemon process waits
|
|
for an incoming connection before terminating voluntarily.
|
|
.IP "\fBmax_use (100)\fR"
|
|
The maximal number of incoming connections that a Postfix daemon
|
|
process will service before terminating voluntarily.
|
|
.IP "\fBmyhostname (see 'postconf -d' output)\fR"
|
|
The internet hostname of this mail system.
|
|
.IP "\fBmynetworks (see 'postconf -d' output)\fR"
|
|
The list of "trusted" remote SMTP clients that have more privileges than
|
|
"strangers".
|
|
.IP "\fBmyorigin ($myhostname)\fR"
|
|
The domain name that locally\-posted mail appears to come
|
|
from, and that locally posted mail is delivered to.
|
|
.IP "\fBprocess_id (read\-only)\fR"
|
|
The process ID of a Postfix command or daemon process.
|
|
.IP "\fBprocess_name (read\-only)\fR"
|
|
The process name of a Postfix command or daemon process.
|
|
.IP "\fBqueue_directory (see 'postconf -d' output)\fR"
|
|
The location of the Postfix top\-level queue directory.
|
|
.IP "\fBrecipient_delimiter (empty)\fR"
|
|
The set of characters that can separate an email address
|
|
localpart, user name, or a .forward file name from its extension.
|
|
.IP "\fBsmtpd_banner ($myhostname ESMTP $mail_name)\fR"
|
|
The text that follows the 220 status code in the SMTP greeting
|
|
banner.
|
|
.IP "\fBsyslog_facility (mail)\fR"
|
|
The syslog facility of Postfix logging.
|
|
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
|
|
A prefix that is prepended to the process name in syslog
|
|
records, so that, for example, "smtpd" becomes "prefix/smtpd".
|
|
.PP
|
|
Available in Postfix version 2.2 and later:
|
|
.IP "\fBsmtpd_forbidden_commands (CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}})\fR"
|
|
List of commands that cause the Postfix SMTP server to immediately
|
|
terminate the session with a 221 code.
|
|
.PP
|
|
Available in Postfix version 2.5 and later:
|
|
.IP "\fBsmtpd_client_port_logging (no)\fR"
|
|
Enable logging of the remote SMTP client port in addition to
|
|
the hostname and IP address.
|
|
.PP
|
|
Available in Postfix 3.3 and later:
|
|
.IP "\fBservice_name (read\-only)\fR"
|
|
The master.cf service name of a Postfix daemon process.
|
|
.PP
|
|
Available in Postfix 3.4 and later:
|
|
.IP "\fBsmtpd_reject_footer_maps (empty)\fR"
|
|
Lookup tables, indexed by the complete Postfix SMTP server 4xx or
|
|
5xx response, with reject footer templates.
|
|
.PP
|
|
Available in Postfix 3.10 and later:
|
|
.IP "\fBsmtpd_hide_client_session (no)\fR"
|
|
Do not include SMTP client session information in the Postfix
|
|
SMTP server's Received: message header.
|
|
.SH "SEE ALSO"
|
|
.na
|
|
.nf
|
|
anvil(8), connection/rate limiting
|
|
cleanup(8), message canonicalization
|
|
tlsmgr(8), TLS session and PRNG management
|
|
trivial\-rewrite(8), address resolver
|
|
verify(8), address verification service
|
|
postconf(5), configuration parameters
|
|
master(5), generic daemon options
|
|
master(8), process manager
|
|
postlogd(8), Postfix logging
|
|
syslogd(8), system logging
|
|
.SH "README FILES"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
Use "\fBpostconf readme_directory\fR" or
|
|
"\fBpostconf html_directory\fR" to locate this information.
|
|
.na
|
|
.nf
|
|
ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
|
|
ADDRESS_REWRITING_README, Postfix address manipulation
|
|
BDAT_README, Postfix CHUNKING support
|
|
FILTER_README, external after\-queue content filter
|
|
LOCAL_RECIPIENT_README, blocking unknown local recipients
|
|
MILTER_README, before\-queue mail filter applications
|
|
SMTPD_ACCESS_README, built\-in access policies
|
|
SMTPD_POLICY_README, external policy server
|
|
SMTPD_PROXY_README, external before\-queue content filter
|
|
SASL_README, Postfix SASL howto
|
|
TLS_README, Postfix STARTTLS howto
|
|
VERP_README, Postfix XVERP extension
|
|
XCLIENT_README, Postfix XCLIENT extension
|
|
XFORWARD_README, Postfix XFORWARD extension
|
|
.SH "LICENSE"
|
|
.na
|
|
.nf
|
|
.ad
|
|
.fi
|
|
The Secure Mailer license must be distributed with this software.
|
|
.SH "AUTHOR(S)"
|
|
.na
|
|
.nf
|
|
Wietse Venema
|
|
IBM T.J. Watson Research
|
|
P.O. Box 704
|
|
Yorktown Heights, NY 10598, USA
|
|
|
|
Wietse Venema
|
|
Google, Inc.
|
|
111 8th Avenue
|
|
New York, NY 10011, USA
|
|
|
|
Wietse Venema
|
|
porcupine.org
|
|
|
|
SASL support originally by:
|
|
Till Franke
|
|
SuSE Rhein/Main AG
|
|
65760 Eschborn, Germany
|
|
|
|
TLS support originally by:
|
|
Lutz Jaenicke
|
|
BTU Cottbus
|
|
Allgemeine Elektrotechnik
|
|
Universitaetsplatz 3\-4
|
|
D\-03044 Cottbus, Germany
|
|
|
|
Revised TLS support by:
|
|
Victor Duchovni
|
|
Morgan Stanley
|