diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:46:30 +0000 |
commit | b5896ba9f6047e7031e2bdee0622d543e11a6734 (patch) | |
tree | fd7b460593a2fee1be579bec5697e6d887ea3421 /man/man8 | |
parent | Initial commit. (diff) | |
download | postfix-b5896ba9f6047e7031e2bdee0622d543e11a6734.tar.xz postfix-b5896ba9f6047e7031e2bdee0622d543e11a6734.zip |
Adding upstream version 3.4.23.upstream/3.4.23upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/man8')
-rw-r--r-- | man/man8/anvil.8 | 302 | ||||
-rw-r--r-- | man/man8/bounce.8 | 172 | ||||
-rw-r--r-- | man/man8/cleanup.8 | 482 | ||||
-rw-r--r-- | man/man8/defer.8 | 1 | ||||
-rw-r--r-- | man/man8/discard.8 | 134 | ||||
-rw-r--r-- | man/man8/dnsblog.8 | 108 | ||||
-rw-r--r-- | man/man8/error.8 | 136 | ||||
-rw-r--r-- | man/man8/flush.8 | 183 | ||||
-rw-r--r-- | man/man8/lmtp.8 | 1 | ||||
-rw-r--r-- | man/man8/local.8 | 653 | ||||
-rw-r--r-- | man/man8/master.8 | 221 | ||||
-rw-r--r-- | man/man8/oqmgr.8 | 420 | ||||
-rw-r--r-- | man/man8/pickup.8 | 136 | ||||
-rw-r--r-- | man/man8/pipe.8 | 479 | ||||
-rw-r--r-- | man/man8/postlogd.8 | 102 | ||||
-rw-r--r-- | man/man8/postscreen.8 | 458 | ||||
-rw-r--r-- | man/man8/proxymap.8 | 243 | ||||
-rw-r--r-- | man/man8/qmgr.8 | 490 | ||||
-rw-r--r-- | man/man8/qmqpd.8 | 213 | ||||
-rw-r--r-- | man/man8/scache.8 | 178 | ||||
-rw-r--r-- | man/man8/showq.8 | 125 | ||||
-rw-r--r-- | man/man8/smtp.8 | 871 | ||||
-rw-r--r-- | man/man8/smtpd.8 | 1211 | ||||
-rw-r--r-- | man/man8/spawn.8 | 156 | ||||
-rw-r--r-- | man/man8/tlsmgr.8 | 208 | ||||
-rw-r--r-- | man/man8/tlsproxy.8 | 383 | ||||
-rw-r--r-- | man/man8/trace.8 | 1 | ||||
-rw-r--r-- | man/man8/trivial-rewrite.8 | 326 | ||||
-rw-r--r-- | man/man8/verify.8 | 257 | ||||
-rw-r--r-- | man/man8/virtual.8 | 353 |
30 files changed, 9003 insertions, 0 deletions
diff --git a/man/man8/anvil.8 b/man/man8/anvil.8 new file mode 100644 index 0000000..89ea9a6 --- /dev/null +++ b/man/man8/anvil.8 @@ -0,0 +1,302 @@ +.TH ANVIL 8 +.ad +.fi +.SH NAME +anvil +\- +Postfix session count and request rate control +.SH "SYNOPSIS" +.na +.nf +\fBanvil\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBanvil\fR(8) server maintains statistics about +client connection counts or client request rates. This +information can be used to defend against clients that +hammer a server with either too many simultaneous sessions, +or with too many successive requests within a configurable +time interval. This server is designed to run under control +by the Postfix \fBmaster\fR(8) server. + +In the following text, \fBident\fR specifies a (service, +client) combination. The exact syntax of that information +is application\-dependent; the \fBanvil\fR(8) server does +not care. +.SH "CONNECTION COUNT/RATE CONTROL" +.na +.nf +.ad +.fi +To register a new connection send the following request to +the \fBanvil\fR(8) server: + +.nf + \fBrequest=connect\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of +simultaneous connections and the number of connections per +unit time for the (service, client) combination specified +with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBcount=\fInumber\fR + \fBrate=\fInumber\fR +.fi + +To register a disconnect event send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=disconnect\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server replies with: + +.nf + \fBstatus=0\fR +.fi +.SH "MESSAGE RATE CONTROL" +.na +.nf +.ad +.fi +To register a message delivery request send the following +request to the \fBanvil\fR(8) server: + +.nf + \fBrequest=message\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of message +delivery requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "RECIPIENT RATE CONTROL" +.na +.nf +.ad +.fi +To register a recipient request send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=recipient\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of recipient +addresses per unit time for the (service, client) combination +specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "TLS SESSION NEGOTIATION RATE CONTROL" +.na +.nf +.ad +.fi +The features described in this section are available with +Postfix 2.3 and later. + +To register a request for a new (i.e. not cached) TLS session +send the following request to the \fBanvil\fR(8) server: + +.nf + \fBrequest=newtls\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of new +TLS session requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi + +To retrieve new TLS session request rate information without +updating the counter information, send: + +.nf + \fBrequest=newtls_report\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of new +TLS session requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "AUTH RATE CONTROL" +.na +.nf +.ad +.fi +To register an AUTH request send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=auth\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of auth +requests per unit time for the (service, client) combination +specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBanvil\fR(8) server does not talk to the network or to local +users, and can run chrooted at fixed low privilege. + +The \fBanvil\fR(8) server maintains an in\-memory table with +information about recent clients requests. No persistent +state is kept because standard system library routines are +not sufficiently robust for update\-intensive applications. + +Although the in\-memory state is kept only temporarily, this +may require a lot of memory on systems that handle connections +from many remote clients. To reduce memory usage, reduce +the time unit over which state is kept. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Upon exit, and every \fBanvil_status_update_time\fR +seconds, the server logs the maximal count and rate values measured, +together with (service, client) information and the time of day +associated with those events. +In order to avoid unnecessary overhead, no measurements +are done for activity that isn't concurrency limited or +rate limited. +.SH BUGS +.ad +.fi +Systems behind network address translating routers or proxies +appear to have the same client address and can run into connection +count and/or rate limits falsely. + +In this preliminary implementation, a count (or rate) limited server +process can have only one remote client at a time. If a +server process reports +multiple simultaneous clients, state is kept only for the last +reported client. + +The \fBanvil\fR(8) server automatically discards client +request information after it expires. To prevent the +\fBanvil\fR(8) server from discarding client request rate +information too early or too late, a rate limited service +should always register connect/disconnect events even when +it does not explicitly limit them. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On low\-traffic mail systems, changes to \fBmain.cf\fR are +picked up automatically as \fBanvil\fR(8) processes run for +only a limited amount of time. On other mail systems, use +the command "\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBanvil_rate_time_unit (60s)\fR" +The time unit over which client connection rates and other rates +are calculated. +.IP "\fBanvil_status_update_time (600s)\fR" +How frequently the \fBanvil\fR(8) connection and rate limiting server +logs peak usage information. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +master(5), generic daemon options +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TUNING_README, performance tuning +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The anvil service is available in Postfix 2.2 and later. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/bounce.8 b/man/man8/bounce.8 new file mode 100644 index 0000000..a91b8a7 --- /dev/null +++ b/man/man8/bounce.8 @@ -0,0 +1,172 @@ +.TH BOUNCE 8 +.ad +.fi +.SH NAME +bounce +\- +Postfix delivery status reports +.SH "SYNOPSIS" +.na +.nf +\fBbounce\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBbounce\fR(8) daemon maintains per\-message log files with +delivery status information. Each log file is named after the +queue file that it corresponds to, and is kept in a queue subdirectory +named after the service name in the \fBmaster.cf\fR file (either +\fBbounce\fR, \fBdefer\fR or \fBtrace\fR). +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBbounce\fR(8) daemon processes two types of service requests: +.IP \(bu +Append a recipient (non\-)delivery status record to a per\-message +log file. +.IP \(bu +Enqueue a delivery status notification message, with a copy +of a per\-message log file and of the corresponding message. +When the delivery status notification message is +enqueued successfully, the per\-message log file is deleted. +.PP +The software does a best notification effort. A non\-delivery +notification is sent even when the log file or the original +message cannot be read. + +Optionally, a bounce (defer, trace) client can request that the +per\-message log file be deleted when the requested operation fails. +This is used by clients that cannot retry transactions by +themselves, and that depend on retry logic in their own client. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 2045 (Format of Internet Message Bodies) +RFC 2822 (Internet Message Format) +RFC 3462 (Delivery Status Notifications) +RFC 3464 (Delivery Status Notifications) +RFC 3834 (Auto\-Submitted: message header) +RFC 5322 (Internet Message Format) +RFC 6531 (Internationalized SMTP) +RFC 6532 (Internationalized Message Format) +RFC 6533 (Internationalized Delivery Status Notifications) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBbounce\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fB2bounce_notice_recipient (postmaster)\fR" +The recipient of undeliverable mail that cannot be returned to +the sender. +.IP "\fBbackwards_bounce_logfile_compatibility (yes)\fR" +Produce additional \fBbounce\fR(8) logfile records that can be read by +Postfix versions before 2.0. +.IP "\fBbounce_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that Postfix did not deliver and of SMTP conversation +transcripts of mail that Postfix did not receive. +.IP "\fBbounce_size_limit (50000)\fR" +The maximal amount of original message text that is sent in a +non\-delivery notification. +.IP "\fBbounce_template_file (empty)\fR" +Pathname of a configuration file with bounce message templates. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that cannot be delivered within $delay_warning_time time +units. +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBmail_name (Postfix)\fR" +The mail system name that is displayed in Received: headers, in +the SMTP greeting banner, and in bounced mail. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.0 and later: +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix/bounce/* non\-delivery records +/var/spool/postfix/defer/* non\-delivery records +/var/spool/postfix/trace/* delivery status records +.SH "SEE ALSO" +.na +.nf +bounce(5), bounce message template format +qmgr(8), queue manager +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/cleanup.8 b/man/man8/cleanup.8 new file mode 100644 index 0000000..d3df1f0 --- /dev/null +++ b/man/man8/cleanup.8 @@ -0,0 +1,482 @@ +.TH CLEANUP 8 +.ad +.fi +.SH NAME +cleanup +\- +canonicalize and enqueue Postfix message +.SH "SYNOPSIS" +.na +.nf +\fBcleanup\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBcleanup\fR(8) daemon processes inbound mail, inserts it +into the \fBincoming\fR mail queue, and informs the queue +manager of its arrival. + +The \fBcleanup\fR(8) daemon always performs the following transformations: +.IP \(bu +Insert missing message headers: (\fBResent\-\fR) \fBFrom:\fR, +\fBTo:\fR, \fBMessage\-Id:\fR, and \fBDate:\fR. +.IP \(bu +Transform envelope and header addresses to the standard +\fIuser@fully\-qualified\-domain\fR form that is expected by other +Postfix programs. +This task is delegated to the \fBtrivial\-rewrite\fR(8) daemon. +.IP \(bu +Eliminate duplicate envelope recipient addresses. +.IP \(bu +Remove message headers: \fBBcc\fR, \fBContent\-Length\fR, +\fBResent\-Bcc\fR, \fBReturn\-Path\fR. +.PP +The following address transformations are optional: +.IP \(bu +Optionally, rewrite all envelope and header addresses according +to the mappings specified in the \fBcanonical\fR(5) lookup tables. +.IP \(bu +Optionally, masquerade envelope sender addresses and message +header addresses (i.e. strip host or domain information below +all domains listed in the \fBmasquerade_domains\fR parameter, +except for user names listed in \fBmasquerade_exceptions\fR). +By default, address masquerading does not affect envelope recipients. +.IP \(bu +Optionally, expand envelope recipients according to information +found in the \fBvirtual\fR(5) lookup tables. +.PP +The \fBcleanup\fR(8) daemon performs sanity checks on the content of +each message. When it finds a problem, by default it returns a +diagnostic status to the client, and leaves it up to the client +to deal with the problem. Alternatively, the client can request +the \fBcleanup\fR(8) daemon to bounce the message back to the sender +in case of trouble. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 2045 (MIME: Format of Internet Message Bodies) +RFC 2046 (MIME: Media Types) +RFC 2822 (Internet Message Format) +RFC 3463 (Enhanced Status Codes) +RFC 3464 (Delivery status notifications) +RFC 5322 (Internet Message Format) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Table\-driven rewriting rules make it hard to express \fBif then +else\fR and other logical relationships. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBcleanup\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBundisclosed_recipients_header (see 'postconf -d' output)\fR" +Message header that the Postfix \fBcleanup\fR(8) server inserts when a +message contains no To: or Cc: message header. +.PP +Available in Postfix version 2.1 only: +.IP "\fBenable_errors_to (no)\fR" +Report mail delivery errors to the address specified with the +non\-standard Errors\-To: message header, instead of the envelope +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on +with older Postfix versions). +.PP +Available in Postfix version 2.6 and later: +.IP "\fBalways_add_missing_headers (no)\fR" +Always add (Resent\-) From:, To:, Date: or Message\-ID: headers +when not present. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBenable_long_queue_ids (no)\fR" +Enable long, non\-repeating, queue IDs (queue file names). +.PP +Available in Postfix version 3.0 and later: +.IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR" +Names of message headers that the \fBcleanup\fR(8) daemon will remove +after applying \fBheader_checks\fR(5) and before invoking Milter applications. +.SH "BUILT-IN CONTENT FILTERING CONTROLS" +.na +.nf +.ad +.fi +Postfix built\-in content filtering is meant to stop a flood of +worms or viruses. It is not a general content filter. +.IP "\fBbody_checks (empty)\fR" +Optional lookup tables for content inspection as specified in +the \fBbody_checks\fR(5) manual page. +.IP "\fBheader_checks (empty)\fR" +Optional lookup tables for content inspection of primary non\-MIME +message headers, as specified in the \fBheader_checks\fR(5) manual page. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBbody_checks_size_limit (51200)\fR" +How much text in a message body segment (or attachment, if you +prefer to use that term) is subjected to body_checks inspection. +.IP "\fBmime_header_checks ($header_checks)\fR" +Optional lookup tables for content inspection of MIME related +message headers, as described in the \fBheader_checks\fR(5) manual page. +.IP "\fBnested_header_checks ($header_checks)\fR" +Optional lookup tables for content inspection of non\-MIME message +headers in attached messages, as described in the \fBheader_checks\fR(5) +manual page. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBmessage_reject_characters (empty)\fR" +The set of characters that Postfix will reject in message +content. +.IP "\fBmessage_strip_characters (empty)\fR" +The set of characters that Postfix will remove from message +content. +.SH "BEFORE QUEUE MILTER CONTROLS" +.na +.nf +.ad +.fi +As of version 2.3, Postfix supports the Sendmail version 8 +Milter (mail filter) protocol. When mail is not received via +the smtpd(8) server, the cleanup(8) server will simulate +SMTP events to the extent that this is possible. For details +see the MILTER_README document. +.IP "\fBnon_smtpd_milters (empty)\fR" +A list of Milter (mail filter) applications for new mail that +does not arrive via the Postfix \fBsmtpd\fR(8) server. +.IP "\fBmilter_protocol (6)\fR" +The mail filter protocol version and optional protocol extensions +for communication with a Milter application; prior to Postfix 2.6 +the default protocol is 2. +.IP "\fBmilter_default_action (tempfail)\fR" +The default action when a Milter (mail filter) application is +unavailable or mis\-configured. +.IP "\fBmilter_macro_daemon_name ($myhostname)\fR" +The {daemon_name} macro value for Milter (mail filter) applications. +.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" +The {v} macro value for Milter (mail filter) applications. +.IP "\fBmilter_connect_timeout (30s)\fR" +The time limit for connecting to a Milter (mail filter) +application, and for negotiating protocol options. +.IP "\fBmilter_command_timeout (30s)\fR" +The time limit for sending an SMTP command to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_content_timeout (300s)\fR" +The time limit for sending message content to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after completion of an SMTP connection. +.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP HELO or EHLO command. +.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP MAIL FROM command. +.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP RCPT TO command. +.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 4 or higher Milter (mail +filter) applications after the SMTP DATA command. +.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 3 or higher Milter (mail +filter) applications after an unknown SMTP command. +.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the message end\-of\-data. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the end of the message header. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBmilter_header_checks (empty)\fR" +Optional lookup tables for content inspection of message headers +that are produced by Milter applications. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. +.SH "MIME PROCESSING CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.0 and later: +.IP "\fBdisable_mime_input_processing (no)\fR" +Turn off MIME processing while receiving mail. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.IP "\fBstrict_8bitmime (no)\fR" +Enable both strict_7bit_headers and strict_8bitmime_body. +.IP "\fBstrict_7bit_headers (no)\fR" +Reject mail with 8\-bit text in message headers. +.IP "\fBstrict_8bitmime_body (no)\fR" +Reject 8\-bit message body text without 8\-bit MIME content encoding +information. +.IP "\fBstrict_mime_encoding_domain (no)\fR" +Reject mail with invalid Content\-Transfer\-Encoding: information +for the message/* or multipart/* MIME content types. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdetect_8bit_encoding_header (yes)\fR" +Automatically detect 8BITMIME body content by looking at +Content\-Transfer\-Encoding: message headers; historically, this +behavior was hard\-coded to be "always on". +.SH "AUTOMATIC BCC RECIPIENT CONTROLS" +.na +.nf +.ad +.fi +Postfix can automatically add BCC (blind carbon copy) +when mail enters the mail system: +.IP "\fBalways_bcc (empty)\fR" +Optional address that receives a "blind carbon copy" of each message +that is received by the Postfix mail system. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsender_bcc_maps (empty)\fR" +Optional BCC (blind carbon\-copy) address lookup tables, indexed +by sender address. +.IP "\fBrecipient_bcc_maps (empty)\fR" +Optional BCC (blind carbon\-copy) address lookup tables, indexed by +recipient address. +.SH "ADDRESS TRANSFORMATION CONTROLS" +.na +.nf +.ad +.fi +Address rewriting is delegated to the \fBtrivial\-rewrite\fR(8) daemon. +The \fBcleanup\fR(8) server implements table driven address mapping. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" +What addresses are subject to address masquerading. +.IP "\fBmasquerade_domains (empty)\fR" +Optional list of domains whose subdomain structure will be stripped +off in email addresses. +.IP "\fBmasquerade_exceptions (empty)\fR" +Optional list of user names that are not subjected to address +masquerading, even when their addresses match $masquerade_domains. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +Available before Postfix version 2.0: +.IP "\fBvirtual_maps (empty)\fR" +Optional lookup tables with a) names of domains for which all +addresses are aliased to addresses in other local or remote domains, +and b) addresses that are aliased to addresses in other local or +remote domains. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote address. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +What addresses are subject to canonical_maps address mapping. +.IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR" +What addresses are subject to recipient_canonical_maps address +mapping. +.IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR" +What addresses are subject to sender_canonical_maps address +mapping. +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBheader_size_limit (102400)\fR" +The maximal amount of memory in bytes for storing a message header. +.IP "\fBhopcount_limit (50)\fR" +The maximal number of Received: message headers that is allowed +in the primary message headers. +.IP "\fBin_flow_delay (1s)\fR" +Time to pause before accepting a new message, when the message +arrival rate exceeds the message delivery rate. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBheader_address_token_limit (10240)\fR" +The maximal number of address tokens are allowed in an address +message header. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.IP "\fBqueue_file_attribute_count_limit (100)\fR" +The maximal number of (name=value) attributes that may be stored +in a Postfix queue file. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBvirtual_alias_expansion_limit (1000)\fR" +The maximal number of addresses that virtual alias expansion produces +from each original recipient. +.IP "\fBvirtual_alias_recursion_limit (1000)\fR" +The maximal nesting depth of virtual alias expansion. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBvirtual_alias_address_length_limit (1000)\fR" +The maximal length of an email address after virtual alias expansion. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdelay_warning_time (0h)\fR" +The time after which the sender receives a copy of the message +headers of mail that is still queued. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBmyhostname (see 'postconf -d' output)\fR" +The internet hostname of this mail system. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.1 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/etc/postfix/canonical*, canonical mapping table +/etc/postfix/virtual*, virtual mapping table +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address rewriting +qmgr(8), queue manager +header_checks(5), message header content inspection +body_checks(5), body parts content inspection +canonical(5), canonical address lookup table format +virtual(5), virtual alias lookup table format +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_REWRITING_README Postfix address manipulation +CONTENT_INSPECTION_README content inspection +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/defer.8 b/man/man8/defer.8 new file mode 100644 index 0000000..411dfa1 --- /dev/null +++ b/man/man8/defer.8 @@ -0,0 +1 @@ +.so man8/bounce.8 diff --git a/man/man8/discard.8 b/man/man8/discard.8 new file mode 100644 index 0000000..7823891 --- /dev/null +++ b/man/man8/discard.8 @@ -0,0 +1,134 @@ +.TH DISCARD 8 +.ad +.fi +.SH NAME +discard +\- +Postfix discard mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBdiscard\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBdiscard\fR(8) delivery agent processes +delivery requests from +the queue manager. Each request specifies a queue file, a sender +address, a next\-hop destination that is treated as the reason for +discarding the mail, and recipient information. +The reason may be prefixed with an RFC 3463\-compatible detail code. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBdiscard\fR(8) delivery agent pretends to deliver all recipients +in the delivery request, logs the "next\-hop" destination +as the reason for discarding the mail, updates the +queue file, and either marks recipients as finished or informs the +queue manager that delivery should be tried again at a later time. + +Delivery status reports are sent to the \fBtrace\fR(8) +daemon as appropriate. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBdiscard\fR(8) mailer is not security\-sensitive. It does not talk +to the network, and can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced Status Codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBdiscard\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +error(8), Postfix error delivery agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Victor Duchovni +Morgan Stanley + +Based on code by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/dnsblog.8 b/man/man8/dnsblog.8 new file mode 100644 index 0000000..809e4ef --- /dev/null +++ b/man/man8/dnsblog.8 @@ -0,0 +1,108 @@ +.TH DNSBLOG 8 +.ad +.fi +.SH NAME +dnsblog +\- +Postfix DNS white/blacklist logger +.SH "SYNOPSIS" +.na +.nf +\fBdnsblog\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBdnsblog\fR(8) server implements an ad\-hoc DNS +white/blacklist lookup service. This may eventually be +replaced by an UDP client that is built directly into the +\fBpostscreen\fR(8) server. +.SH "PROTOCOL" +.na +.nf +.ad +.fi +With each connection, the \fBdnsblog\fR(8) server receives +a DNS white/blacklist domain name, an IP address, and an ID. +If the IP address is listed under the DNS white/blacklist, the +\fBdnsblog\fR(8) server logs the match and replies with the +query arguments plus an address list with the resulting IP +addresses, separated by whitespace, and the reply TTL. +Otherwise it replies with the query arguments plus an empty +address list and the reply TTL; the reply TTL is \-1 if there +is no reply, or a negative reply that contains no SOA record. +Finally, the \fBdnsblog\fR(8) server closes the connection. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBdnsblog\fR(8) processes run for only a limited amount +of time. Use the command "\fBpostfix reload\fR" to speed +up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBpostscreen_dnsbl_sites (empty)\fR" +Optional list of DNS white/blacklist domains, filters and weight +factors. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/error.8 b/man/man8/error.8 new file mode 100644 index 0000000..f0dae3b --- /dev/null +++ b/man/man8/error.8 @@ -0,0 +1,136 @@ +.TH ERROR 8 +.ad +.fi +.SH NAME +error +\- +Postfix error/retry mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBerror\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBerror\fR(8) delivery agent processes delivery +requests from +the queue manager. Each request specifies a queue file, a sender +address, the reason for non\-delivery (specified as the +next\-hop destination), and recipient information. +The reason may be prefixed with an RFC 3463\-compatible detail code; +if none is specified a default 4.0.0 or 5.0.0 code is used instead. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Depending on the service name in master.cf, \fBerror\fR +or \fBretry\fR, the server bounces or defers all recipients +in the delivery request using the "next\-hop" information +as the reason for non\-delivery. The \fBretry\fR service name is +supported as of Postfix 2.4. + +Delivery status reports are sent to the \fBbounce\fR(8), +\fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBerror\fR(8) mailer is not security\-sensitive. It does not talk +to the network, and can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced Status Codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fB2bounce_notice_recipient (postmaster)\fR" +The recipient of undeliverable mail that cannot be returned to +the sender. +.IP "\fBbounce_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that Postfix did not deliver and of SMTP conversation +transcripts of mail that Postfix did not receive. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +discard(8), Postfix discard delivery agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/flush.8 b/man/man8/flush.8 new file mode 100644 index 0000000..b1fdf05 --- /dev/null +++ b/man/man8/flush.8 @@ -0,0 +1,183 @@ +.TH FLUSH 8 +.ad +.fi +.SH NAME +flush +\- +Postfix fast flush server +.SH "SYNOPSIS" +.na +.nf +\fBflush\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBflush\fR(8) server maintains a record of deferred +mail by destination. +This information is used to improve the performance of the SMTP +\fBETRN\fR request, and of its command\-line equivalent, +"\fBsendmail \-qR\fR" or "\fBpostqueue \-f\fR". +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The record is implemented as a per\-destination logfile with +as contents the queue IDs of deferred mail. A logfile is +append\-only, and is truncated when delivery is requested +for the corresponding destination. A destination is the +part on the right\-hand side of the right\-most \fB@\fR in +an email address. + +Per\-destination logfiles of deferred mail are maintained only for +eligible destinations. The list of eligible destinations is +specified with the \fBfast_flush_domains\fR configuration parameter, +which defaults to \fB$relay_domains\fR. + +This server implements the following requests: +.IP "\fBadd\fI sitename queueid\fR" +Inform the \fBflush\fR(8) server that the message with the specified +queue ID is queued for the specified destination. +.IP "\fBsend_site\fI sitename\fR" +Request delivery of mail that is queued for the specified +destination. +.IP "\fBsend_file\fI queueid\fR" +Request delivery of the specified deferred message. +.IP \fBrefresh\fR +Refresh non\-empty per\-destination logfiles that were not read in +\fB$fast_flush_refresh_time\fR hours, by simulating +send requests (see above) for the corresponding destinations. +.sp +Delete empty per\-destination logfiles that were not updated in +\fB$fast_flush_purge_time\fR days. +.sp +This request completes in the background. +.IP \fBpurge\fR +Do a \fBrefresh\fR for all per\-destination logfiles. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBflush\fR(8) server is not security\-sensitive. It does not +talk to the network, and it does not talk to local users. +The fast flush server can run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Fast flush logfiles are truncated only after a "send" +request, not when mail is actually delivered, and therefore can +accumulate outdated or redundant data. In order to maintain sanity, +"refresh" must be executed periodically. This can +be automated with a suitable wakeup timer setting in the +\fBmaster.cf\fR configuration file. + +Upon receipt of a request to deliver mail for an eligible +destination, the \fBflush\fR(8) server requests delivery of all messages +that are listed in that destination's logfile, regardless of the +recipients of those messages. This is not an issue for mail +that is sent to a \fBrelay_domains\fR destination because +such mail typically only has recipients in one domain. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBflush\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBfast_flush_domains ($relay_domains)\fR" +Optional list of destinations that are eligible for per\-destination +logfiles with mail that is queued to those destinations. +.IP "\fBfast_flush_refresh_time (12h)\fR" +The time after which a non\-empty but unread per\-destination "fast +flush" logfile needs to be refreshed. +.IP "\fBfast_flush_purge_time (7d)\fR" +The time after which an empty per\-destination "fast flush" logfile +is deleted. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix/flush, "fast flush" logfiles. +.SH "SEE ALSO" +.na +.nf +smtpd(8), SMTP server +qmgr(8), queue manager +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ETRN_README, Postfix ETRN howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 1.0. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/lmtp.8 b/man/man8/lmtp.8 new file mode 100644 index 0000000..966d301 --- /dev/null +++ b/man/man8/lmtp.8 @@ -0,0 +1 @@ +.so man8/smtp.8 diff --git a/man/man8/local.8 b/man/man8/local.8 new file mode 100644 index 0000000..4351097 --- /dev/null +++ b/man/man8/local.8 @@ -0,0 +1,653 @@ +.TH LOCAL 8 +.ad +.fi +.SH NAME +local +\- +Postfix local mail delivery +.SH "SYNOPSIS" +.na +.nf +\fBlocal\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBlocal\fR(8) daemon processes delivery requests from the +Postfix queue manager to deliver mail to local recipients. +Each delivery request specifies a queue file, a sender address, +a domain or host to deliver to, and one or more recipients. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBlocal\fR(8) daemon updates queue files and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +All delivery decisions are made using the bare recipient +name (i.e. the address localpart), folded to lower case. +See also under ADDRESS EXTENSION below for a few exceptions. +.SH "SYSTEM-WIDE AND USER-LEVEL ALIASING" +.na +.nf +.ad +.fi +The system administrator can set up one or more system\-wide +\fBsendmail\fR\-style alias databases. +Users can have \fBsendmail\fR\-style ~/.\fBforward\fR files. +Mail for \fIname\fR is delivered to the alias \fIname\fR, to +destinations in ~\fIname\fR/.\fBforward\fR, to the mailbox owned +by the user \fIname\fR, or it is sent back as undeliverable. + +The system administrator can specify a comma/space separated list +of ~\fR/.\fBforward\fR like files through the \fBforward_path\fR +configuration parameter. Upon delivery, the local delivery agent +tries each pathname in the list until a file is found. + +Delivery via ~/.\fBforward\fR files is done with the privileges +of the recipient. +Thus, ~/.\fBforward\fR like files must be readable by the +recipient, and their parent directory needs to have "execute" +permission for the recipient. + +The \fBforward_path\fR parameter is subject to interpolation of +\fB$user\fR (recipient username), \fB$home\fR (recipient home +directory), \fB$shell\fR (recipient shell), \fB$recipient\fR +(complete recipient address), \fB$extension\fR (recipient address +extension), \fB$domain\fR (recipient domain), \fB$local\fR +(entire recipient address localpart) and +\fB$recipient_delimiter.\fR The forms \fI${name?value}\fR and +\fI${name:value}\fR expand conditionally to \fIvalue\fR when +\fI$name\fR is (is not) defined. +Characters that may have special meaning to the shell or file system +are replaced by underscores. The list of acceptable characters +is specified with the \fBforward_expansion_filter\fR configuration +parameter. + +An alias or ~/.\fBforward\fR file may list any combination of external +commands, destination file names, \fB:include:\fR directives, or +mail addresses. +See \fBaliases\fR(5) for a precise description. Each line in a +user's .\fBforward\fR file has the same syntax as the right\-hand part +of an alias. + +When an address is found in its own alias expansion, delivery is +made to the user instead. When a user is listed in the user's own +~/.\fBforward\fR file, delivery is made to the user's mailbox instead. +An empty ~/.\fBforward\fR file means do not forward mail. + +In order to prevent the mail system from using up unreasonable +amounts of memory, input records read from \fB:include:\fR or from +~/.\fBforward\fR files are broken up into chunks of length +\fBline_length_limit\fR. + +While expanding aliases, ~/.\fBforward\fR files, and so on, the +program attempts to avoid duplicate deliveries. The +\fBduplicate_filter_limit\fR configuration parameter limits the +number of remembered recipients. +.SH "MAIL FORWARDING" +.na +.nf +.ad +.fi +For the sake of reliability, forwarded mail is re\-submitted as +a new message, so that each recipient has a separate on\-file +delivery status record. + +In order to stop mail forwarding loops early, the software adds an +optional +\fBDelivered\-To:\fR header with the final envelope recipient address. If +mail arrives for a recipient that is already listed in a +\fBDelivered\-To:\fR header, the message is bounced. +.SH "MAILBOX DELIVERY" +.na +.nf +.ad +.fi +The default per\-user mailbox is a file in the UNIX mail spool +directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR); +the location can be specified with the \fBmail_spool_directory\fR +configuration parameter. Specify a name ending in \fB/\fR for +\fBqmail\fR\-compatible \fBmaildir\fR delivery. + +Alternatively, the per\-user mailbox can be a file in the user's home +directory with a name specified via the \fBhome_mailbox\fR +configuration parameter. Specify a relative path name. Specify a name +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. + +Mailbox delivery can be delegated to an external command specified +with the \fBmailbox_command_maps\fR and \fBmailbox_command\fR +configuration parameters. The command +executes with the privileges of the recipient user (exceptions: +secondary groups are not enabled; in case of delivery as root, +the command executes with the privileges of \fBdefault_privs\fR). + +Mailbox delivery can be delegated to alternative message transports +specified in the \fBmaster.cf\fR file. +The \fBmailbox_transport_maps\fR and \fBmailbox_transport\fR +configuration parameters specify an optional +message transport that is to be used for all local recipients, +regardless of whether they are found in the UNIX passwd database. +The \fBfallback_transport_maps\fR and +\fBfallback_transport\fR parameters specify an optional +message transport +for recipients that are not found in the aliases(5) or UNIX +passwd database. + +In the case of UNIX\-style mailbox delivery, +the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR header +with the final envelope recipient address, prepends a \fBReturn\-Path:\fR +header with the envelope sender address, prepends a \fB>\fR character +to lines beginning with "\fBFrom \fR", and appends an empty line. +The mailbox is locked for exclusive access while delivery is in +progress. In case of problems, an attempt is made to truncate the +mailbox to its original length. + +In the case of \fBmaildir\fR delivery, the local daemon prepends +an optional +\fBDelivered\-To:\fR header with the final envelope recipient address, +prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, +and prepends a \fBReturn\-Path:\fR header with the envelope sender +address. +.SH "EXTERNAL COMMAND DELIVERY" +.na +.nf +.ad +.fi +The \fBallow_mail_to_commands\fR configuration parameter restricts +delivery to external commands. The default setting (\fBalias, +forward\fR) forbids command destinations in \fB:include:\fR files. + +Optionally, the process working directory is changed to the path +specified with \fBcommand_execution_directory\fR (Postfix 2.2 and +later). Failure to change directory causes mail to be deferred. + +The \fBcommand_execution_directory\fR parameter value is subject +to interpolation of \fB$user\fR (recipient username), +\fB$home\fR (recipient home directory), \fB$shell\fR +(recipient shell), \fB$recipient\fR (complete recipient +address), \fB$extension\fR (recipient address extension), +\fB$domain\fR (recipient domain), \fB$local\fR (entire +recipient address localpart) and \fB$recipient_delimiter.\fR +The forms \fI${name?value}\fR and \fI${name:value}\fR expand +conditionally to \fIvalue\fR when \fI$name\fR is (is not) +defined. Characters that may have special meaning to the +shell or file system are replaced by underscores. The list +of acceptable characters is specified with the +\fBexecution_directory_expansion_filter\fR configuration +parameter. + +The command is executed directly where possible. Assistance by the +shell (\fB/bin/sh\fR on UNIX systems) is used only when the command +contains shell magic characters, or when the command invokes a shell +built\-in command. + +A limited amount of command output (standard output and standard +error) is captured for inclusion with non\-delivery status reports. +A command is forcibly terminated if it does not complete within +\fBcommand_time_limit\fR seconds. Command exit status codes are +expected to follow the conventions defined in <\fBsysexits.h\fR>. +Exit status 0 means normal successful completion. + +Postfix version 2.3 and later support RFC 3463\-style enhanced +status codes. If a command terminates with a non\-zero exit +status, and the command output begins with an enhanced +status code, this status code takes precedence over the +non\-zero exit status. + +A limited amount of message context is exported via environment +variables. Characters that may have special meaning to the shell +are replaced by underscores. The list of acceptable characters +is specified with the \fBcommand_expansion_filter\fR configuration +parameter. +.IP \fBSHELL\fR +The recipient user's login shell. +.IP \fBHOME\fR +The recipient user's home directory. +.IP \fBUSER\fR +The bare recipient name. +.IP \fBEXTENSION\fR +The optional recipient address extension. +.IP \fBDOMAIN\fR +The recipient address domain part. +.IP \fBLOGNAME\fR +The bare recipient name. +.IP \fBLOCAL\fR +The entire recipient address localpart (text to the left of the +rightmost @ character). +.IP \fBORIGINAL_RECIPIENT\fR +The entire recipient address, before any address rewriting +or aliasing (Postfix 2.5 and later). +.IP \fBRECIPIENT\fR +The entire recipient address. +.IP \fBSENDER\fR +The entire sender address. +.PP +Additional remote client information is made available via +the following environment variables: +.IP \fBCLIENT_ADDRESS\fR +Remote client network address. Available as of Postfix 2.2. +.IP \fBCLIENT_HELO\fR +Remote client EHLO command parameter. Available as of Postfix 2.2. +.IP \fBCLIENT_HOSTNAME\fR +Remote client hostname. Available as of Postfix 2.2. +.IP \fBCLIENT_PROTOCOL\fR +Remote client protocol. Available as of Postfix 2.2. +.IP \fBSASL_METHOD\fR +SASL authentication method specified in the +remote client AUTH command. Available as of Postfix 2.2. +.IP \fBSASL_SENDER\fR +SASL sender address specified in the remote client MAIL +FROM command. Available as of Postfix 2.2. +.IP \fBSASL_USERNAME\fR +SASL username specified in the remote client AUTH command. +Available as of Postfix 2.2. +.PP +The \fBPATH\fR environment variable is always reset to a +system\-dependent default path, and environment variables +whose names are blessed by the \fBexport_environment\fR +configuration parameter are exported unchanged. + +The current working directory is the mail queue directory. + +The \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR +header with the final recipient envelope address, prepends a +\fBReturn\-Path:\fR header with the sender envelope address, +and appends no empty line. +.SH "EXTERNAL FILE DELIVERY" +.na +.nf +.ad +.fi +The delivery format depends on the destination filename syntax. +The default is to use UNIX\-style mailbox format. Specify a name +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. + +The \fBallow_mail_to_files\fR configuration parameter restricts +delivery to external files. The default setting (\fBalias, +forward\fR) forbids file destinations in \fB:include:\fR files. + +In the case of UNIX\-style mailbox delivery, +the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR +header with the final recipient envelope address, prepends a \fB>\fR +character to lines beginning with "\fBFrom \fR", and appends an +empty line. +The envelope sender address is available in the \fBReturn\-Path:\fR +header. +When the destination is a regular file, it is locked for exclusive +access while delivery is in progress. In case of problems, an attempt +is made to truncate a regular file to its original length. + +In the case of \fBmaildir\fR delivery, the local daemon prepends +an optional +\fBDelivered\-To:\fR header with the final envelope recipient address, +and prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix. +The envelope sender address is available in the \fBReturn\-Path:\fR +header. +.SH "ADDRESS EXTENSION" +.na +.nf +.ad +.fi +The optional \fBrecipient_delimiter\fR configuration parameter +specifies how to separate address extensions from local recipient +names. + +For example, with "\fBrecipient_delimiter = +\fR", mail for +\fIname\fR+\fIfoo\fR is delivered to the alias \fIname\fR+\fIfoo\fR +or to the alias \fIname\fR, to the destinations listed in +~\fIname\fR/.\fBforward\fR+\fIfoo\fR or in ~\fIname\fR/.\fBforward\fR, +to the mailbox owned by the user \fIname\fR, or it is sent back as +undeliverable. +.SH "DELIVERY RIGHTS" +.na +.nf +.ad +.fi +Deliveries to external files and external commands are made with +the rights of the receiving user on whose behalf the delivery is made. +In the absence of a user context, the \fBlocal\fR(8) daemon uses the +owner rights of the \fB:include:\fR file or alias database. +When those files are owned by the superuser, delivery is made with +the rights specified with the \fBdefault_privs\fR configuration +parameter. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 3463 (Enhanced status codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue +manager can move them to the \fBcorrupt\fR queue afterwards. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBlocal\fR(8) delivery agent needs a dual personality +1) to access the private Postfix queue and IPC mechanisms, +2) to impersonate the recipient and deliver to recipient\-specified +files or commands. It is therefore security sensitive. + +The \fBlocal\fR(8) delivery agent disallows regular expression +substitution of $1 etc. in \fBalias_maps\fR, because that +would open a security hole. + +The \fBlocal\fR(8) delivery agent will silently ignore +requests to use the \fBproxymap\fR(8) server within +\fBalias_maps\fR. Instead it will open the table directly. +Before Postfix version 2.2, the \fBlocal\fR(8) delivery +agent will terminate with a fatal error. +.SH BUGS +.ad +.fi +For security reasons, the message delivery status of external commands +or of external files is never checkpointed to file. As a result, +the program may occasionally deliver more than once to a command or +external file. Better safe than sorry. + +Mutually\-recursive aliases or ~/.\fBforward\fR files are not detected +early. The resulting mail forwarding loop is broken by the use of the +\fBDelivered\-To:\fR message header. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBlocal\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBbiff (yes)\fR" +Whether or not to use the local biff service. +.IP "\fBexpand_owner_alias (no)\fR" +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBsun_mailtool_compatibility (no)\fR" +Obsolete SUN mailtool compatibility feature. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBfrozen_delivered_to (yes)\fR" +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: +address (see prepend_delivered_header) only once, at the start of +a delivery attempt; do not update the Delivered\-To: address while +expanding aliases or .forward files. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.IP "\fBreset_owner_alias (no)\fR" +Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBlocal\fR(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. +.SH "DELIVERY METHOD CONTROLS" +.na +.nf +.ad +.fi +The precedence of \fBlocal\fR(8) delivery methods from high to low is: +aliases, .forward files, mailbox_transport_maps, +mailbox_transport, mailbox_command_maps, mailbox_command, +home_mailbox, mail_spool_directory, fallback_transport_maps, +fallback_transport, and luser_relay. +.IP "\fBalias_maps (see 'postconf -d' output)\fR" +The alias databases that are used for \fBlocal\fR(8) delivery. +.IP "\fBforward_path (see 'postconf -d' output)\fR" +The \fBlocal\fR(8) delivery agent search list for finding a .forward +file with user\-specified delivery methods. +.IP "\fBmailbox_transport_maps (empty)\fR" +Optional lookup tables with per\-recipient message delivery +transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the +recipients are found in the UNIX passwd database. +.IP "\fBmailbox_transport (empty)\fR" +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for mailbox delivery to all local recipients, +whether or not they are found in the UNIX passwd database. +.IP "\fBmailbox_command_maps (empty)\fR" +Optional lookup tables with per\-recipient external commands to use +for \fBlocal\fR(8) mailbox delivery. +.IP "\fBmailbox_command (empty)\fR" +Optional external command that the \fBlocal\fR(8) delivery agent should +use for mailbox delivery. +.IP "\fBhome_mailbox (empty)\fR" +Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's +home directory. +.IP "\fBmail_spool_directory (see 'postconf -d' output)\fR" +The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. +.IP "\fBfallback_transport_maps (empty)\fR" +Optional lookup tables with per\-recipient message delivery +transports for recipients that the \fBlocal\fR(8) delivery agent could +not find in the \fBaliases\fR(5) or UNIX password database. +.IP "\fBfallback_transport (empty)\fR" +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for names that are not found in the \fBaliases\fR(5) +or UNIX password database. +.IP "\fBluser_relay (empty)\fR" +Optional catch\-all destination for unknown \fBlocal\fR(8) recipients. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBcommand_execution_directory (empty)\fR" +The \fBlocal\fR(8) delivery agent working directory for delivery to +external command. +.SH "MAILBOX LOCKING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBstale_lock_time (500s)\fR" +The time after which a stale exclusive mailbox lockfile is removed. +.IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcommand_time_limit (1000s)\fR" +Time limit for delivery to external commands. +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBmailbox_size_limit (51200000)\fR" +The maximal size of any \fBlocal\fR(8) individual mailbox or maildir +file, or zero (no limit). +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBlocal_destination_concurrency_limit (2)\fR" +The maximal number of parallel deliveries via the local mail +delivery transport to the same recipient (when +"local_destination_recipient_limit = 1") or the maximal number of +parallel deliveries to the same local domain (when +"local_destination_recipient_limit > 1"). +.IP "\fBlocal_destination_recipient_limit (1)\fR" +The maximal number of recipients per message delivery via the +local mail delivery transport. +.SH "SECURITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBallow_mail_to_commands (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external commands. +.IP "\fBallow_mail_to_files (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external files. +.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $mailbox_command and $command_execution_directory. +.IP "\fBdefault_privs (nobody)\fR" +The default rights used by the \fBlocal\fR(8) delivery agent for delivery +to external file or command. +.IP "\fBforward_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $forward_path. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows +in $name expansions of $command_execution_directory. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBlocal_command_shell (empty)\fR" +Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix command. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprepend_delivered_header (command, file, forward)\fR" +The message delivery contexts where the Postfix \fBlocal\fR(8) delivery +agent prepends a Delivered\-To: message header with the address +that the mail was delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate a user name from its +extension (example: user+foo), or a .forward file name from its +extension (example: .forward+foo). +.IP "\fBrequire_home_directory (no)\fR" +Require that a \fBlocal\fR(8) recipient's home directory exists +before mail delivery is attempted. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +The following are examples; details differ between systems. +$HOME/.forward, per\-user aliasing +/etc/aliases, system\-wide alias database +/var/spool/mail, system mailboxes +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +newaliases(1), create/update alias database +postalias(1), create/update alias database +aliases(5), format of alias database +postconf(5), configuration parameters +master(5), generic daemon options +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR +system by Daniel Bernstein. + +The \fImaildir\fR structure appears in the \fBqmail\fR system +by Daniel Bernstein. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/master.8 b/man/man8/master.8 new file mode 100644 index 0000000..4517fa0 --- /dev/null +++ b/man/man8/master.8 @@ -0,0 +1,221 @@ +.TH MASTER 8 +.ad +.fi +.SH NAME +master +\- +Postfix master process +.SH "SYNOPSIS" +.na +.nf +\fBmaster\fR [\fB\-Dditvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR] +.SH DESCRIPTION +.ad +.fi +The \fBmaster\fR(8) daemon is the resident process that runs Postfix +daemons on demand: daemons to send or receive messages via the +network, daemons to deliver mail locally, etc. These daemons are +created on demand up to a configurable maximum number per service. + +Postfix daemons terminate voluntarily, either after being idle for +a configurable amount of time, or after having serviced a +configurable number of requests. Exceptions to this rule are the +resident queue manager, address verification server, and the TLS +session cache and pseudo\-random number server. + +The behavior of the \fBmaster\fR(8) daemon is controlled by the +\fBmaster.cf\fR configuration file, as described in \fBmaster\fR(5). + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in +the named directory instead of the default configuration directory. +This also overrides the configuration files for other Postfix +daemon processes. +.IP \fB\-D\fR +After initialization, run a debugger on the master process. The +debugging command is specified with the \fBdebugger_command\fR in +the \fBmain.cf\fR global configuration file. +.IP \fB\-d\fR +Do not redirect stdin, stdout or stderr to /dev/null, and +do not discard the controlling terminal. This must be used +for debugging only. +.IP "\fB\-e \fIexit_time\fR" +Terminate the master process after \fIexit_time\fR seconds. Child +processes terminate at their convenience. +.IP \fB\-i\fR +Enable \fBinit\fR mode: do not become a session or process +group leader; and similar to \fB\-s\fR, do not redirect stdout +to /dev/null, so that "maillog_file = /dev/stdout" works. +This mode is allowed only if the process ID equals 1. +.sp +This feature is available in Postfix 3.3 and later. +.IP \fB\-s\fR +Do not redirect stdout to /dev/null, so that "maillog_file += /dev/stdout" works. +.sp +This feature is available in Postfix 3.4 and later. +.IP \fB\-t\fR +Test mode. Return a zero exit status when the \fBmaster.pid\fR lock +file does not exist or when that file is not locked. This is evidence +that the \fBmaster\fR(8) daemon is not running. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. This option +is passed on to child processes. Multiple \fB\-v\fR options +make the software increasingly verbose. +.IP \fB\-w\fR +Wait in a dummy foreground process, while the real master +daemon initializes in a background process. The dummy +foreground process returns a zero exit status only if the +master daemon initialization is successful, and if it +completes in a reasonable amount of time. +.sp +This feature is available in Postfix 2.10 and later. +.PP +Signals: +.IP \fBSIGHUP\fR +Upon receipt of a \fBHUP\fR signal (e.g., after "\fBpostfix reload\fR"), +the master process re\-reads its configuration files. If a service has +been removed from the \fBmaster.cf\fR file, its running processes +are terminated immediately. +Otherwise, running processes are allowed to terminate as soon +as is convenient, so that changes in configuration settings +affect only new service requests. +.IP \fBSIGTERM\fR +Upon receipt of a \fBTERM\fR signal (e.g., after "\fBpostfix abort\fR"), +the master process passes the signal on to its child processes and +terminates. +This is useful for an emergency shutdown. Normally one would +terminate only the master ("\fBpostfix stop\fR") and allow running +processes to finish what they are doing. +.SH DIAGNOSTICS +.ad +.fi +Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +The exit status +is non\-zero in case of problems, including problems while +initializing as a master daemon process in the background. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_DEBUG\fR +After initialization, start a debugger as specified with the +\fBdebugger_command\fR configuration parameter in the \fBmain.cf\fR +configuration file. +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Unlike most Postfix daemon processes, the \fBmaster\fR(8) server does +not automatically pick up changes to \fBmain.cf\fR. Changes +to \fBmaster.cf\fR are never picked up automatically. +Use the "\fBpostfix reload\fR" command after a configuration change. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_process_limit (100)\fR" +The default maximal number of Postfix child processes that provide +a given service. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBservice_throttle_time (60s)\fR" +How long the Postfix \fBmaster\fR(8) waits before forking a server that +appears to be malfunctioning. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBmaster_service_disable (empty)\fR" +Selectively disable \fBmaster\fR(8) listener ports by service type +or by service name and type. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_directory (see 'postconf -d' output)\fR" +The directory with Postfix support programs and daemon programs. +.IP "\fBdebugger_command (empty)\fR" +The external command to execute when a Postfix daemon program is +invoked with the \-D option. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBinet_protocols (all)\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +.ad +.fi +To expand the directory names below into their actual values, +use the command "\fBpostconf config_directory\fR" etc. +.na +.nf + +$config_directory/main.cf, global configuration file. +$config_directory/master.cf, master server configuration file. +$queue_directory/pid/master.pid, master lock file. +$data_directory/master.lock, master lock file. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +verify(8), address verification +master(5), master.cf configuration file syntax +postconf(5), main.cf configuration file syntax +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/oqmgr.8 b/man/man8/oqmgr.8 new file mode 100644 index 0000000..6e4c166 --- /dev/null +++ b/man/man8/oqmgr.8 @@ -0,0 +1,420 @@ +.TH OQMGR 8 +.ad +.fi +.SH NAME +oqmgr +\- +old Postfix queue manager +.SH "SYNOPSIS" +.na +.nf +\fBoqmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBoqmgr\fR(8) daemon awaits the arrival of incoming mail +and arranges for its delivery via Postfix delivery processes. +The actual mail routing strategy is delegated to the +\fBtrivial\-rewrite\fR(8) daemon. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Mail addressed to the local \fBdouble\-bounce\fR address is +logged and discarded. This stops potential loops caused by +undeliverable bounce notifications. +.SH "MAIL QUEUES" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon maintains the following queues: +.IP \fBincoming\fR +Inbound mail from the network, or mail picked up by the +local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory. +.IP \fBactive\fR +Messages that the queue manager has opened for delivery. Only +a limited number of messages is allowed to enter the \fBactive\fR +queue (leaky bucket strategy, for a fixed delivery rate). +.IP \fBdeferred\fR +Mail that could not be delivered upon the first attempt. The queue +manager implements exponential backoff by doubling the time between +delivery attempts. +.IP \fBcorrupt\fR +Unreadable or damaged queue files are moved here for inspection. +.IP \fBhold\fR +Messages that are kept "on hold" are kept here until someone +sets them free. +.SH "DELIVERY STATUS REPORTS" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon keeps an eye on per\-message delivery status +reports in the following directories. Each status report file has +the same name as the corresponding message file: +.IP \fBbounce\fR +Per\-recipient status information about why mail is bounced. +These files are maintained by the \fBbounce\fR(8) daemon. +.IP \fBdefer\fR +Per\-recipient status information about why mail is delayed. +These files are maintained by the \fBdefer\fR(8) daemon. +.IP \fBtrace\fR +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. +These files are maintained by the \fBtrace\fR(8) daemon. +.PP +The \fBoqmgr\fR(8) daemon is responsible for asking the +\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to +send delivery reports. +.SH "STRATEGIES" +.na +.nf +.ad +.fi +The queue manager implements a variety of strategies for +either opening queue files (input) or for message delivery (output). +.IP "\fBleaky bucket\fR" +This strategy limits the number of messages in the \fBactive\fR queue +and prevents the queue manager from running out of memory under +heavy load. +.IP \fBfairness\fR +When the \fBactive\fR queue has room, the queue manager takes one +message from the \fBincoming\fR queue and one from the \fBdeferred\fR +queue. This prevents a large mail backlog from blocking the delivery +of new mail. +.IP "\fBslow start\fR" +This strategy eliminates "thundering herd" problems by slowly +adjusting the number of parallel deliveries to the same destination. +.IP "\fBround robin\fR" +The queue manager sorts delivery requests by destination. +Round\-robin selection prevents one destination from dominating +deliveries to other destinations. +.IP "\fBexponential backoff\fR" +Mail that cannot be delivered upon the first attempt is deferred. +The time interval between delivery attempts is doubled after each +attempt. +.IP "\fBdestination status cache\fR" +The queue manager avoids unnecessary delivery attempts by +maintaining a short\-term, in\-memory list of unreachable destinations. +.SH "TRIGGERS" +.na +.nf +.ad +.fi +On an idle system, the queue manager waits for the arrival of +trigger events, or it waits for a timer to go off. A trigger +is a one\-byte message. +Depending on the message received, the queue manager performs +one of the following actions (the message is followed by the +symbolic constant used internally by the software): +.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" +Start a deferred queue scan. If a deferred queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" +Start an incoming queue scan. If an incoming queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" +Ignore deferred queue file time stamps. The request affects +the next deferred queue scan. +.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" +Purge all information about dead transports and destinations. +.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" +Wakeup call, This is used by the master server to instantiate +servers that should not go away forever. The action is to start +an incoming queue scan. +.PP +The \fBoqmgr\fR(8) daemon reads an entire buffer worth of triggers. +Multiple identical trigger requests are collapsed into one, and +trigger requests are sorted so that \fBA\fR and \fBF\fR precede +\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, +one would request \fBA F D\fR; in order to notify the queue manager +of the arrival of new mail one would request \fBI\fR. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +RFC 3464 (Delivery status notifications) +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon is not security sensitive. It reads +single\-character messages from untrusted local users, and thus may +be susceptible to denial of service attacks. The \fBoqmgr\fR(8) daemon +does not talk to the outside world, and it can be run at fixed low +privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to the \fBsyslogd\fR(8) +or \fBpostlogd\fR(8) daemon. +Corrupted message files are saved to the \fBcorrupt\fR queue +for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +A single queue manager process has to compete for disk access with +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of +inbound mail can negatively impact outbound delivery rates. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBoqmgr\fR(8) +is a persistent process. Use the command "\fBpostfix reload\fR" after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +Available before Postfix version 2.5: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.PP +Available with Postfix version 2.7 and later: +.IP "\fBdefault_filter_nexthop (empty)\fR" +When a content_filter or FILTER request specifies no explicit +next\-hop destination, use $default_filter_nexthop instead; when +that value is empty, use the domain in the recipient address. +.SH "ACTIVE QUEUE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_clog_warn_time (300s)\fR" +The minimal delay between warnings that a specific destination is +clogging up the Postfix active queue. +.IP "\fBqmgr_message_active_limit (20000)\fR" +The maximal number of messages in the active queue. +.IP "\fBqmgr_message_recipient_limit (20000)\fR" +The maximal number of recipients held in memory by the Postfix +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. +.SH "DELIVERY CONCURRENCY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_fudge_factor (100)\fR" +Obsolete feature: the percentage of delivery resources that a busy +mail system will use up for delivery of a large mailing list +message. +.IP "\fBinitial_destination_concurrency (5)\fR" +The initial per\-destination concurrency level for parallel delivery +to the same destination. +.IP "\fBdefault_destination_concurrency_limit (20)\fR" +The default maximal number of parallel deliveries to the same +destination. +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR" +A transport\-specific override for the initial_destination_concurrency +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" +How many pseudo\-cohorts must suffer connection or handshake +failure before a specific destination is considered unavailable +(and further delivery is suspended). +.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_failed_cohort_limit parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" +The per\-destination amount of delivery concurrency negative +feedback, after a delivery completes with a connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_negative_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" +The per\-destination amount of delivery concurrency positive +feedback, after a delivery completes without connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_positive_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdestination_concurrency_feedback_debug (no)\fR" +Make the queue manager's feedback algorithm verbose for performance +analysis purposes. +.SH "RECIPIENT SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_destination_recipient_limit (50)\fR" +The default maximal number of recipients per message delivery. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "OTHER RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBminimal_backoff_time (300s)\fR" +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBmaximal_backoff_time (4000s)\fR" +The maximal time between attempts to deliver a deferred message. +.IP "\fBmaximal_queue_lifetime (5d)\fR" +Consider a message as undeliverable, when delivery fails with a +temporary error, and the time in the queue has reached the +maximal_queue_lifetime limit. +.IP "\fBqueue_run_delay (300s)\fR" +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBtransport_retry_time (60s)\fR" +The time between attempts by the Postfix queue manager to contact +a malfunctioning message delivery transport. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBbounce_queue_lifetime (5d)\fR" +Consider a bounce message as undeliverable, when delivery fails +with a temporary error, and the time in the queue has reached the +bounce_queue_lifetime limit. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdefault_destination_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries to the same destination and over the same message +delivery transport. +.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" +A transport\-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries over the same message delivery transport, +regardless of destination. +.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. +.SH "SAFETY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_daemon_timeout (1000s)\fR" +How much time a Postfix queue manager process may take to handle +a request before it is terminated by a built\-in watchdog timer. +.IP "\fBqmgr_ipc_timeout (60s)\fR" +The time limit for the queue manager to send or receive information +over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdefer_transports (empty)\fR" +The names of message delivery transports that should not deliver mail +unless someone issues "\fBsendmail \-q\fR" or equivalent. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBconfirm_delay_cleared (no)\fR" +After sending a "your message is delayed" notification, inform +the sender when the delay clears up. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix/incoming, incoming queue +/var/spool/postfix/active, active queue +/var/spool/postfix/deferred, deferred queue +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status +/var/spool/postfix/trace, delivery status +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address routing +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +QSHAPE_README, Postfix queue analysis +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/pickup.8 b/man/man8/pickup.8 new file mode 100644 index 0000000..d94a6a9 --- /dev/null +++ b/man/man8/pickup.8 @@ -0,0 +1,136 @@ +.TH PICKUP 8 +.ad +.fi +.SH NAME +pickup +\- +Postfix local mail pickup +.SH "SYNOPSIS" +.na +.nf +\fBpickup\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBpickup\fR(8) daemon waits for hints that new mail has been +dropped into the \fBmaildrop\fR directory, and feeds it into the +\fBcleanup\fR(8) daemon. +Ill\-formatted files are deleted without notifying the originator. +This program expects to be run from the \fBmaster\fR(8) process +manager. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The \fBpickup\fR(8) daemon does not interact with +the outside world. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBpickup\fR(8) daemon is moderately security sensitive. It runs +with fixed low privilege and can run in a chrooted environment. +However, the program reads files from potentially hostile users. +The \fBpickup\fR(8) daemon opens no files for writing, is careful about +what files it opens for reading, and does not actually touch any data +that is sent to its public service endpoint. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBpickup\fR(8) daemon copies mail from file to the \fBcleanup\fR(8) +daemon. It could avoid message copying overhead by sending a file +descriptor instead of file data, but then the already complex +\fBcleanup\fR(8) daemon would have to deal with unfiltered user data. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +As the \fBpickup\fR(8) daemon is a relatively long\-running process, up +to an hour may pass before a \fBmain.cf\fR change takes effect. +Use the command "\fBpostfix reload\fR" command to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +cleanup(8), message canonicalization +sendmail(1), Sendmail\-compatible interface +postdrop(1), mail posting agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/pipe.8 b/man/man8/pipe.8 new file mode 100644 index 0000000..9c7bfb0 --- /dev/null +++ b/man/man8/pipe.8 @@ -0,0 +1,479 @@ +.TH PIPE 8 +.ad +.fi +.SH NAME +pipe +\- +Postfix delivery to external command +.SH "SYNOPSIS" +.na +.nf +\fBpipe\fR [generic Postfix daemon options] command_attributes... +.SH DESCRIPTION +.ad +.fi +The \fBpipe\fR(8) daemon processes requests from the Postfix queue +manager to deliver messages to external commands. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Message attributes such as sender address, recipient address and +next\-hop host name can be specified as command\-line macros that are +expanded before the external command is executed. + +The \fBpipe\fR(8) daemon updates queue files and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. +.SH "SINGLE-RECIPIENT DELIVERY" +.na +.nf +.ad +.fi +Some destinations cannot handle more than one recipient per +delivery request. Examples are pagers or fax machines. +In addition, multi\-recipient delivery is undesirable when +prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR +message header. + +To prevent Postfix from sending multiple recipients per delivery +request, specify +.sp +.nf + \fItransport\fB_destination_recipient_limit = 1\fR +.fi + +in the Postfix \fBmain.cf\fR file, where \fItransport\fR +is the name in the first column of the Postfix \fBmaster.cf\fR +entry for the pipe\-based delivery transport. +.SH "COMMAND ATTRIBUTE SYNTAX" +.na +.nf +.ad +.fi +The external command attributes are given in the \fBmaster.cf\fR +file at the end of a service definition. The syntax is as follows: +.IP "\fBchroot=\fIpathname\fR (optional)" +Change the process root directory and working directory to +the named directory. This happens before switching to the +privileges specified with the \fBuser\fR attribute, and +before executing the optional \fBdirectory=\fIpathname\fR +directive. Delivery is deferred in case of failure. +.sp +This feature is available as of Postfix 2.3. +.IP "\fBdirectory=\fIpathname\fR (optional)" +Change to the named directory before executing the external command. +The directory must be accessible for the user specified with the +\fBuser\fR attribute (see below). +The default working directory is \fB$queue_directory\fR. +Delivery is deferred in case of failure. +.sp +This feature is available as of Postfix 2.2. +.IP "\fBeol=\fIstring\fR (optional, default: \fB\en\fR)" +The output record delimiter. Typically one would use either +\fB\er\en\fR or \fB\en\fR. The usual C\-style backslash escape +sequences are recognized: \fB\ea \eb \ef \en \er \et \ev +\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. +.IP "\fBflags=BDFORXhqu.>\fR (optional)" +Optional message processing flags. By default, a message is +copied unchanged. +.RS +.IP \fBB\fR +Append a blank line at the end of each message. This is required +by some mail user agents that recognize "\fBFrom \fR" lines only +when preceded by a blank line. +.IP \fBD\fR +Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header with the +envelope recipient address. Note: for this to work, the +\fItransport\fB_destination_recipient_limit\fR must be 1 +(see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later): +if a message already contains a \fBDelivered\-To:\fR header +with the same recipient address, then the message is +returned as undeliverable. The address comparison is case +insensitive. +.sp +This feature is available as of Postfix 2.0. +.IP \fBF\fR +Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to +the message content. +This is expected by, for example, \fBUUCP\fR software. +.IP \fBO\fR +Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message header +with the recipient address as given to Postfix. Note: for this to +work, the \fItransport\fB_destination_recipient_limit\fR must be 1 +(see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +This feature is available as of Postfix 2.0. +.IP \fBR\fR +Prepend a \fBReturn\-Path:\fR message header with the envelope sender +address. +.IP \fBX\fR +Indicate that the external command performs final delivery. +This flag affects the status reported in "success" DSN +(delivery status notification) messages, and changes it +from "relayed" into "delivered". +.sp +This feature is available as of Postfix 2.5. +.IP \fBh\fR +Fold the command\-line \fB$original_recipient\fR and +\fB$recipient\fR address domain part +(text to the right of the right\-most \fB@\fR character) to +lower case; fold the entire command\-line \fB$domain\fR and +\fB$nexthop\fR host or domain information to lower case. +This is recommended for delivery via \fBUUCP\fR. +.IP \fBq\fR +Quote white space and other special characters in the command\-line +\fB$sender\fR, \fB$original_recipient\fR and \fB$recipient\fR +address localparts (text to the +left of the right\-most \fB@\fR character), according to an 8\-bit +transparent version of RFC 822. +This is recommended for delivery via \fBUUCP\fR or \fBBSMTP\fR. +.sp +The result is compatible with the address parsing of command\-line +recipients by the Postfix \fBsendmail\fR(1) mail submission command. +.sp +The \fBq\fR flag affects only entire addresses, not the partial +address information from the \fB$user\fR, \fB$extension\fR or +\fB$mailbox\fR command\-line macros. +.IP \fBu\fR +Fold the command\-line \fB$original_recipient\fR and +\fB$recipient\fR address localpart (text to +the left of the right\-most \fB@\fR character) to lower case. +This is recommended for delivery via \fBUUCP\fR. +.IP \fB.\fR +Prepend "\fB.\fR" to lines starting with "\fB.\fR". This is needed +by, for example, \fBBSMTP\fR software. +.IP \fB>\fR +Prepend "\fB>\fR" to lines starting with "\fBFrom \fR". This is expected +by, for example, \fBUUCP\fR software. +.RE +.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER\-DAEMON)" +Replace the null sender address (typically used for delivery +status notifications) with the specified text +when expanding the \fB$sender\fR command\-line macro, and +when generating a From_ or Return\-Path: message header. + +If the null sender replacement text is a non\-empty string +then it is affected by the \fBq\fR flag for address quoting +in command\-line arguments. + +The null sender replacement text may be empty; this form +is recommended for content filters that feed mail back into +Postfix. The empty sender address is not affected by the +\fBq\fR flag for address quoting in command\-line arguments. +.sp +Caution: a null sender address is easily mis\-parsed by +naive software. For example, when the \fBpipe\fR(8) daemon +executes a command such as: +.sp +.nf + \fIWrong\fR: command \-f$sender \-\- $recipient +.fi +.IP +the command will mis\-parse the \-f option value when the +sender address is a null string. For correct parsing, +specify \fB$sender\fR as an argument by itself: +.sp +.nf + \fIRight\fR: command \-f $sender \-\- $recipient +.fi +.IP +This feature is available as of Postfix 2.3. +.IP "\fBsize\fR=\fIsize_limit\fR (optional)" +Don't deliver messages that exceed this size limit (in +bytes); return them to the sender instead. +.IP "\fBuser\fR=\fIusername\fR (required)" +.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" +Execute the external command with the user ID and group ID of the +specified \fIusername\fR. The software refuses to execute +commands with root privileges, or with the privileges of the +mail system owner. If \fIgroupname\fR is specified, the +corresponding group ID is used instead of the group ID of +\fIusername\fR. +.IP "\fBargv\fR=\fIcommand\fR... (required)" +The command to be executed. This must be specified as the +last command attribute. +The command is executed directly, i.e. without interpretation of +shell meta characters by a shell command interpreter. +.sp +Specify "{" and "}" around command arguments that contain +whitespace (Postfix 3.0 and later). Whitespace +after the opening "{" and before the closing "}" is ignored. +.sp +In the command argument vector, the following macros are recognized +and replaced with corresponding information from the Postfix queue +manager delivery request. +.sp +In addition to the form ${\fIname\fR}, the forms $\fIname\fR and +the deprecated form $(\fIname\fR) are also recognized. +Specify \fB$$\fR where a single \fB$\fR is wanted. +.RS +.IP \fB${client_address}\fR +This macro expands to the remote client network address. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_helo}\fR +This macro expands to the remote client HELO command parameter. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_hostname}\fR +This macro expands to the remote client hostname. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_port}\fR +This macro expands to the remote client TCP port number. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${client_protocol}\fR +This macro expands to the remote client protocol. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${domain}\fR +This macro expands to the domain portion of the recipient +address. For example, with an address \fIuser+foo@domain\fR +the domain is \fIdomain\fR. +.sp +This information is modified by the \fBh\fR flag for case folding. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${extension}\fR +This macro expands to the extension part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the extension is +\fIfoo\fR. +.sp +A command\-line argument that contains \fB${extension}\fR expands +into as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.IP \fB${mailbox}\fR +This macro expands to the complete local part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the mailbox is +\fIuser+foo\fR. +.sp +A command\-line argument that contains \fB${mailbox}\fR +expands to as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.IP \fB${nexthop}\fR +This macro expands to the next\-hop hostname. +.sp +This information is modified by the \fBh\fR flag for case folding. +.IP \fB${original_recipient}\fR +This macro expands to the complete recipient address before any +address rewriting or aliasing. +.sp +A command\-line argument that contains +\fB${original_recipient}\fR expands to as many +command\-line arguments as there are recipients. +.sp +This information is modified by the \fBhqu\fR flags for quoting +and case folding. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${queue_id}\fR +This macro expands to the queue id. +.sp +This feature is available as of Postfix 2.11. +.IP \fB${recipient}\fR +This macro expands to the complete recipient address. +.sp +A command\-line argument that contains \fB${recipient}\fR +expands to as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBhqu\fR flags for quoting +and case folding. +.IP \fB${sasl_method}\fR +This macro expands to the name of the SASL authentication +mechanism in the AUTH command when the Postfix SMTP server +received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sasl_sender}\fR +This macro expands to the SASL sender name (i.e. the original +submitter as per RFC 4954) in the MAIL FROM command when +the Postfix SMTP server received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sasl_username}\fR +This macro expands to the SASL user name in the AUTH command +when the Postfix SMTP server received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sender}\fR +This macro expands to the envelope sender address. By default, +the null sender address expands to MAILER\-DAEMON; this can +be changed with the \fBnull_sender\fR attribute, as described +above. +.sp +This information is modified by the \fBq\fR flag for quoting. +.IP \fB${size}\fR +This macro expands to Postfix's idea of the message size, which +is an approximation of the size of the message as delivered. +.IP \fB${user}\fR +This macro expands to the username part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the username +part is \fIuser\fR. +.sp +A command\-line argument that contains \fB${user}\fR expands +into as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.RE +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +.SH DIAGNOSTICS +.ad +.fi +Command exit status codes are expected to +follow the conventions defined in <\fBsysexits.h\fR>. +Exit status 0 means normal successful completion. + +In the case of a non\-zero exit status, a limited amount of +command output is logged, and reported in a delivery status +notification. When the output begins with a 4.X.X or 5.X.X +enhanced status code, the status code takes precedence over +the non\-zero exit status (Postfix version 2.3 and later). + +After successful delivery (zero exit status) a limited +amount of command output is logged, and reported in "success" +delivery status notifications (Postfix 3.0 and later). +This command output is not examined for the presence of an +enhanced status code. + +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue manager +can move them to the \fBcorrupt\fR queue for further inspection. +.SH "SECURITY" +.na +.nf +.fi +.ad +This program needs a dual personality 1) to access the private +Postfix queue and IPC mechanisms, and 2) to execute external +commands as the specified user. It is therefore security sensitive. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBpipe\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.IP "\fBtransport_time_limit ($command_time_limit)\fR" +A transport\-specific override for the command_time_limit parameter +value, where \fItransport\fR is the master.cf name of the message +delivery transport. +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate a user name from its +extension (example: user+foo), or a .forward file name from its +extension (example: .forward+foo). +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBpipe\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/postlogd.8 b/man/man8/postlogd.8 new file mode 100644 index 0000000..19112f2 --- /dev/null +++ b/man/man8/postlogd.8 @@ -0,0 +1,102 @@ +.TH POSTLOGD 8 +.ad +.fi +.SH NAME +postlogd +\- +Postfix internal log server +.SH "SYNOPSIS" +.na +.nf +\fBpostlogd\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +This program logs events on behalf of Postfix programs +when the maillog configuration parameter specifies a non\-empty +value. +.SH BUGS +.ad +.fi +Non\-daemon Postfix programs don't know that they should log +to the internal logging service before they have processed +command\-line options and main.cf parameters. These programs +still log earlier events to the syslog service. + +If Postfix is down, the non\-daemon programs \fBpostfix\fR(1), +\fBpostsuper\fR(1), \fBpostmulti\fR(1), and \fBpostlog\fR(1), +will log directly to \fB$maillog_file\fR. These programs +expect to run with root privileges, for example during +Postfix start\-up, reload, or shutdown. + +Other non\-daemon Postfix programs will never write directly to +\fB$maillog_file\fR (also, logging to stdout would interfere +with the operation of some of these programs). These programs +can log to \fBpostlogd\fR(8) if they are run by the super\-user, +or if their executable file has set\-gid permission. Do not +set this permission on programs other than \fBpostdrop\fR(1) +and \fBpostqueue\fR(1). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBpostlogd\fR(8) processes run for only a limited amount +of time. Use the command "\fBpostfix reload\fR" to speed +up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBmaillog_file (empty)\fR" +The name of an optional logfile that is written by the Postfix +\fBpostlogd\fR(8) service. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.IP "\fBpostlogd_watchdog_timeout (10s)\fR" +How much time a \fBpostlogd\fR(8) process may take to process a request +before it is terminated by a built\-in watchdog timer. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +MAILLOG_README, Postfix logging to file or stdout +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 3.4. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/postscreen.8 b/man/man8/postscreen.8 new file mode 100644 index 0000000..1f53e4a --- /dev/null +++ b/man/man8/postscreen.8 @@ -0,0 +1,458 @@ +.TH POSTSCREEN 8 +.ad +.fi +.SH NAME +postscreen +\- +Postfix zombie blocker +.SH "SYNOPSIS" +.na +.nf +\fBpostscreen\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBpostscreen\fR(8) server provides additional +protection against mail server overload. One \fBpostscreen\fR(8) +process handles multiple inbound SMTP connections, and decides +which clients may talk to a Postfix SMTP server process. +By keeping spambots away, \fBpostscreen\fR(8) leaves more +SMTP server processes available for legitimate clients, and +delays the onset of server overload conditions. + +This program should not be used on SMTP ports that receive +mail from end\-user clients (MUAs). In a typical deployment, +\fBpostscreen\fR(8) handles the MX service on TCP port 25, and +\fBsmtpd\fR(8) receives mail from MUAs on the \fBsubmission\fR +service (TCP port 587) which requires client authentication. +Alternatively, a site could set up a dedicated, non\-postscreen, +"port 25" server that provides \fBsubmission\fR service and +client authentication, but no MX service. + +\fBpostscreen\fR(8) maintains a temporary whitelist for +clients that have passed a number of tests. When an SMTP +client IP address is whitelisted, \fBpostscreen\fR(8) hands +off the connection immediately to a Postfix SMTP server +process. This minimizes the overhead for legitimate mail. + +By default, \fBpostscreen\fR(8) logs statistics and hands +off each connection to a Postfix SMTP server process, while +excluding clients in mynetworks from all tests (primarily, +to avoid problems with non\-standard SMTP implementations +in network appliances). This default mode blocks no clients, +and is useful for non\-destructive testing. + +In a typical production setting, \fBpostscreen\fR(8) is +configured to reject mail from clients that fail one or +more tests. \fBpostscreen\fR(8) logs rejected mail with the +client address, helo, sender and recipient information. + +\fBpostscreen\fR(8) is not an SMTP proxy; this is intentional. +The purpose is to keep spambots away from Postfix SMTP +server processes, while minimizing overhead for legitimate +traffic. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBpostscreen\fR(8) server is moderately security\-sensitive. +It talks to untrusted clients on the network. The process +can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 1123 (Host requirements) +RFC 1652 (8bit\-MIME transport) +RFC 1869 (SMTP service extensions) +RFC 1870 (Message Size Declaration) +RFC 1985 (ETRN command) +RFC 2034 (SMTP Enhanced Status Codes) +RFC 2821 (SMTP protocol) +Not: RFC 2920 (SMTP Pipelining) +RFC 3030 (CHUNKING without BINARYMIME) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN Extension) +RFC 3463 (Enhanced Status Codes) +RFC 5321 (SMTP protocol, including multi\-line 220 banners) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBpostscreen\fR(8) built\-in SMTP protocol engine +currently does not announce support for AUTH, XCLIENT or +XFORWARD. +If you need to make these services available +on port 25, then do not enable the optional "after 220 +server greeting" tests. + +The optional "after 220 server greeting" tests may result in +unexpected delivery delays from senders that retry email delivery +from a different IP address. Reason: after passing these tests a +new client must disconnect, and reconnect from the same IP +address before it can deliver mail. See POSTSCREEN_README, section +"Tests after the 220 SMTP server greeting", for a discussion. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to main.cf are not picked up automatically, as +\fBpostscreen\fR(8) processes may run for several hours. +Use the command "postfix reload" after a configuration +change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +NOTE: Some \fBpostscreen\fR(8) parameters implement +stress\-dependent behavior. This is supported only when the +default parameter value is stress\-dependent (that is, it +looks like ${stress?{X}:{Y}}, or it is the $\fIname\fR +of an smtpd parameter with a stress\-dependent default). +Other parameters always evaluate as if the \fBstress\fR +parameter value is the empty string. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_command_filter ($smtpd_command_filter)\fR" +A mechanism to transform commands from remote SMTP clients. +.IP "\fBpostscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_keyword_address_maps)\fR" +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response +to a remote SMTP client. +.IP "\fBpostscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO +response to a remote SMTP client. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdns_ncache_ttl_fix_enable (no)\fR" +Enable a workaround for future libc incompatibility. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBpostscreen_reject_footer_maps ($smtpd_reject_footer_maps)\fR" +Optional lookup table for information that is appended after a 4XX +or 5XX \fBpostscreen\fR(8) server response. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_expansion_filter (see 'postconf -d' output)\fR" +List of characters that are permitted in postscreen_reject_footer +attribute expansions. +.IP "\fBpostscreen_reject_footer ($smtpd_reject_footer)\fR" +Optional information that is appended after a 4XX or 5XX +\fBpostscreen\fR(8) server +response. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.SH "BEFORE-POSTSCREEN PROXY AGENT" +.na +.nf +.ad +.fi +Available in Postfix version 2.10 and later: +.IP "\fBpostscreen_upstream_proxy_protocol (empty)\fR" +The name of the proxy protocol used by an optional before\-postscreen +proxy agent. +.IP "\fBpostscreen_upstream_proxy_timeout (5s)\fR" +The time limit for the proxy protocol specified with the +postscreen_upstream_proxy_protocol parameter. +.SH "PERMANENT WHITE/BLACKLIST TEST" +.na +.nf +.ad +.fi +This test is executed immediately after a remote SMTP client +connects. If a client is permanently whitelisted, the client +will be handed off immediately to a Postfix SMTP server +process. +.IP "\fBpostscreen_access_list (permit_mynetworks)\fR" +Permanent white/blacklist for remote SMTP client IP addresses. +.IP "\fBpostscreen_blacklist_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client is +permanently blacklisted with the postscreen_access_list parameter. +.SH "MAIL EXCHANGER POLICY TESTS" +.na +.nf +.ad +.fi +When \fBpostscreen\fR(8) is configured to monitor all primary +and backup MX addresses, it can refuse to whitelist clients +that connect to a backup MX address only. For small sites, +this requires configuring primary and backup MX addresses +on the same MTA. Larger sites would have to share the +\fBpostscreen\fR(8) cache between primary and backup MTAs, +which would introduce a common point of failure. +.IP "\fBpostscreen_whitelist_interfaces (static:all)\fR" +A list of local \fBpostscreen\fR(8) server IP addresses where a +non\-whitelisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary +whitelist status. +.SH "BEFORE 220 GREETING TESTS" +.na +.nf +.ad +.fi +These tests are executed before the remote SMTP client +receives the "220 servername" greeting. If no tests remain +after the successful completion of this phase, the client +will be handed off immediately to a Postfix SMTP server +process. +.IP "\fBdnsblog_service_name (dnsblog)\fR" +The name of the \fBdnsblog\fR(8) service entry in master.cf. +.IP "\fBpostscreen_dnsbl_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined +DNSBL score is equal to or greater than a threshold (as defined +with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold +parameters). +.IP "\fBpostscreen_dnsbl_reply_map (empty)\fR" +A mapping from actual DNSBL domain name which includes a secret +password, to the DNSBL domain name that postscreen will reply with +when it rejects mail. +.IP "\fBpostscreen_dnsbl_sites (empty)\fR" +Optional list of DNS white/blacklist domains, filters and weight +factors. +.IP "\fBpostscreen_dnsbl_threshold (1)\fR" +The inclusive lower bound for blocking a remote SMTP client, based on +its combined DNSBL score as defined with the postscreen_dnsbl_sites +parameter. +.IP "\fBpostscreen_greet_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks +before its turn within the time specified with the postscreen_greet_wait +parameter. +.IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR" +The \fItext\fR in the optional "220\-\fItext\fR..." server +response that +\fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220 +text..." response, in an attempt to confuse bad SMTP clients so +that they speak before their turn (pre\-greet). +.IP "\fBpostscreen_greet_wait (normal: 6s, overload: 2s)\fR" +The amount of time that \fBpostscreen\fR(8) will wait for an SMTP +client to send a command before its turn, and for DNS blocklist +lookup results to arrive (default: up to 2 seconds under stress, +up to 6 seconds otherwise). +.IP "\fBsmtpd_service_name (smtpd)\fR" +The internal service that \fBpostscreen\fR(8) hands off allowed +connections to. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBpostscreen_dnsbl_whitelist_threshold (0)\fR" +Allow a remote SMTP client to skip "before" and "after 220 +greeting" protocol tests, based on its combined DNSBL score as +defined with the postscreen_dnsbl_sites parameter. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBpostscreen_dnsbl_timeout (10s)\fR" +The time limit for DNSBL or DNSWL lookups. +.SH "AFTER 220 GREETING TESTS" +.na +.nf +.ad +.fi +These tests are executed after the remote SMTP client +receives the "220 servername" greeting. If a client passes +all tests during this phase, it will receive a 4XX response +to all RCPT TO commands. After the client reconnects, it +will be allowed to talk directly to a Postfix SMTP server +process. +.IP "\fBpostscreen_bare_newline_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +a bare newline character, that is, a newline not preceded by carriage +return. +.IP "\fBpostscreen_bare_newline_enable (no)\fR" +Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8) +server. +.IP "\fBpostscreen_disable_vrfy_command ($disable_vrfy_command)\fR" +Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon. +.IP "\fBpostscreen_forbidden_commands ($smtpd_forbidden_commands)\fR" +List of commands that the \fBpostscreen\fR(8) server considers in +violation of the SMTP protocol. +.IP "\fBpostscreen_helo_required ($smtpd_helo_required)\fR" +Require that a remote SMTP client sends HELO or EHLO before +commencing a MAIL transaction. +.IP "\fBpostscreen_non_smtp_command_action (drop)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +non\-SMTP commands as specified with the postscreen_forbidden_commands +parameter. +.IP "\fBpostscreen_non_smtp_command_enable (no)\fR" +Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. +.IP "\fBpostscreen_pipelining_action (enforce)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client +sends +multiple commands instead of sending one command and waiting for +the server to respond. +.IP "\fBpostscreen_pipelining_enable (no)\fR" +Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8) +server. +.SH "CACHE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_cache_cleanup_interval (12h)\fR" +The amount of time between \fBpostscreen\fR(8) cache cleanup runs. +.IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR" +Persistent storage for the \fBpostscreen\fR(8) server decisions. +.IP "\fBpostscreen_cache_retention_time (7d)\fR" +The amount of time that \fBpostscreen\fR(8) will cache an expired +temporary whitelist entry before it is removed. +.IP "\fBpostscreen_bare_newline_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "bare newline" SMTP protocol test. +.IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR" +The maximum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. +.IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR" +The minimum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. +.IP "\fBpostscreen_greet_ttl (1d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful PREGREET test. +.IP "\fBpostscreen_non_smtp_command_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "non_smtp_command" SMTP protocol test. +.IP "\fBpostscreen_pipelining_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "pipelining" SMTP protocol test. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBpostscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)\fR" +How many simultaneous connections any remote SMTP client is +allowed to have +with the \fBpostscreen\fR(8) daemon. +.IP "\fBpostscreen_command_count_limit (20)\fR" +The limit on the total number of commands per SMTP session for +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. +.IP "\fBpostscreen_command_time_limit (normal: 300s, overload: 10s)\fR" +The time limit to read an entire command line with \fBpostscreen\fR(8)'s +built\-in SMTP protocol engine. +.IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR" +The number of clients that can be waiting for service from a +real Postfix SMTP server process. +.IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR" +The number of non\-whitelisted clients that can be waiting for +a decision whether they will receive service from a real Postfix +SMTP server +process. +.IP "\fBpostscreen_watchdog_timeout (10s)\fR" +How much time a \fBpostscreen\fR(8) process may take to respond to +a remote SMTP client command or to perform a cache operation before it +is terminated by a built\-in watchdog timer. +.SH "STARTTLS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR" +The SMTP TLS security level for the \fBpostscreen\fR(8) server; when +a non\-empty value is specified, this overrides the obsolete parameters +postscreen_use_tls and postscreen_enforce_tls. +.IP "\fBtlsproxy_service_name (tlsproxy)\fR" +The name of the \fBtlsproxy\fR(8) service entry in master.cf. +.SH "OBSOLETE STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +These parameters are supported for compatibility with +\fBsmtpd\fR(8) legacy parameters. +.IP "\fBpostscreen_use_tls ($smtpd_use_tls)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBpostscreen_enforce_tls ($smtpd_enforce_tls)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +tlsproxy(8), Postfix TLS proxy server +dnsblog(8), DNS black/whitelist logger +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or "\fBpostconf +html_directory\fR" to locate this information. +.nf +.na +POSTSCREEN_README, Postfix Postscreen Howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. + +Many ideas in \fBpostscreen\fR(8) were explored in earlier +work by Michael Tokarev, in OpenBSD spamd, and in MailChannels +Traffic Control. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/proxymap.8 b/man/man8/proxymap.8 new file mode 100644 index 0000000..e734a2b --- /dev/null +++ b/man/man8/proxymap.8 @@ -0,0 +1,243 @@ +.TH PROXYMAP 8 +.ad +.fi +.SH NAME +proxymap +\- +Postfix lookup table proxy server +.SH "SYNOPSIS" +.na +.nf +\fBproxymap\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBproxymap\fR(8) server provides read\-only or read\-write +table lookup service to Postfix processes. These services are +implemented with distinct service names: \fBproxymap\fR and +\fBproxywrite\fR, respectively. The purpose of these services is: +.IP \(bu +To overcome chroot restrictions. For example, a chrooted SMTP +server needs access to the system passwd file in order to +reject mail for non\-existent local addresses, but it is not +practical to maintain a copy of the passwd file in the chroot +jail. The solution: +.sp +.nf +local_recipient_maps = + proxy:unix:passwd.byname $alias_maps +.fi +.IP \(bu +To consolidate the number of open lookup tables by sharing +one open table among multiple processes. For example, making +mysql connections from every Postfix daemon process results +in "too many connections" errors. The solution: +.sp +.nf +virtual_alias_maps = + proxy:mysql:/etc/postfix/virtual_alias.cf +.fi +.sp +The total number of connections is limited by the number of +proxymap server processes. +.IP \(bu +To provide single\-updater functionality for lookup tables +that do not reliably support multiple writers (i.e. all +file\-based tables). +.PP +The \fBproxymap\fR(8) server implements the following requests: +.IP "\fBopen\fR \fImaptype:mapname flags\fR" +Open the table with type \fImaptype\fR and name \fImapname\fR, +as controlled by \fIflags\fR. The reply includes the \fImaptype\fR +dependent flags (to distinguish a fixed string table from a regular +expression table). +.IP "\fBlookup\fR \fImaptype:mapname flags key\fR" +Look up the data stored under the requested key. +The reply is the request completion status code and +the lookup result value. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.IP "\fBupdate\fR \fImaptype:mapname flags key value\fR" +Update the data stored under the requested key. +The reply is the request completion status code. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.sp +To implement single\-updater maps, specify a process limit +of 1 in the master.cf file entry for the \fBproxywrite\fR +service. +.sp +This request is supported in Postfix 2.5 and later. +.IP "\fBdelete\fR \fImaptype:mapname flags key\fR" +Delete the data stored under the requested key. +The reply is the request completion status code. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.sp +This request is supported in Postfix 2.5 and later. +.IP "\fBsequence\fR \fImaptype:mapname flags function\fR" +Iterate over the specified database. The \fIfunction\fR +is one of DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. +The reply is the request completion status code and +a lookup key and result value, if found. +.sp +This request is supported in Postfix 2.9 and later. +.PP +The request completion status is one of OK, RETRY, NOKEY +(lookup failed because the key was not found), BAD (malformed +request) or DENY (the table is not approved for proxy read +or update access). + +There is no \fBclose\fR command, nor are tables implicitly closed +when a client disconnects. The purpose is to share tables among +multiple client processes. +.SH "SERVER PROCESS MANAGEMENT" +.na +.nf +.ad +.fi +\fBproxymap\fR(8) servers run under control by the Postfix +\fBmaster\fR(8) +server. Each server can handle multiple simultaneous connections. +When all servers are busy while a client connects, the \fBmaster\fR(8) +creates a new \fBproxymap\fR(8) server process, provided that the +process limit is not exceeded. +Each server terminates after serving at least \fB$max_use\fR clients +or after \fB$max_idle\fR seconds of idle time. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBproxymap\fR(8) server opens only tables that are +approved via the \fBproxy_read_maps\fR or \fBproxy_write_maps\fR +configuration parameters, does not talk to +users, and can run at fixed low privilege, chrooted or not. +However, running the proxymap server chrooted severely limits +usability, because it can open only chrooted tables. + +The \fBproxymap\fR(8) server is not a trusted daemon process, and must +not be used to look up sensitive information such as UNIX user or +group IDs, mailbox file/directory names or external commands. + +In Postfix version 2.2 and later, the proxymap client recognizes +requests to access a table for security\-sensitive purposes, +and opens the table directly. This allows the same main.cf +setting to be used by sensitive and non\-sensitive processes. + +Postfix\-writable data files should be stored under a dedicated +directory that is writable only by the Postfix mail system, +such as the Postfix\-owned \fBdata_directory\fR. + +In particular, Postfix\-writable files should never exist +in root\-owned directories. That would open up a particular +type of security hole where ownership of a file or directory +does not match the provider of its content. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBproxymap\fR(8) server provides service to multiple clients, +and must therefore not be used for tables that have high\-latency +lookups. + +The \fBproxymap\fR(8) read\-write service does not explicitly +close lookup tables (even if it did, this could not be relied on, +because the process may be terminated between table updates). +The read\-write service should therefore not be used with tables that +leave persistent storage in an inconsistent state between +updates (for example, CDB). Tables that support "sync on +update" should be safe (for example, Berkeley DB) as should +tables that are implemented by a real DBMS. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On busy mail systems a long time may pass before +\fBproxymap\fR(8) relevant +changes to \fBmain.cf\fR are picked up. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR" +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-only service. +.PP +Available in Postfix 2.5 and later: +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBproxy_write_maps (see 'postconf -d' output)\fR" +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-write service. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +master(5), generic daemon options +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The proxymap service was introduced with Postfix 2.0. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/qmgr.8 b/man/man8/qmgr.8 new file mode 100644 index 0000000..7f97f9b --- /dev/null +++ b/man/man8/qmgr.8 @@ -0,0 +1,490 @@ +.TH QMGR 8 +.ad +.fi +.SH NAME +qmgr +\- +Postfix queue manager +.SH "SYNOPSIS" +.na +.nf +\fBqmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail +and arranges for its delivery via Postfix delivery processes. +The actual mail routing strategy is delegated to the +\fBtrivial\-rewrite\fR(8) daemon. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Mail addressed to the local \fBdouble\-bounce\fR address is +logged and discarded. This stops potential loops caused by +undeliverable bounce notifications. +.SH "MAIL QUEUES" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon maintains the following queues: +.IP \fBincoming\fR +Inbound mail from the network, or mail picked up by the +local \fBpickup\fR(8) daemon from the \fBmaildrop\fR directory. +.IP \fBactive\fR +Messages that the queue manager has opened for delivery. Only +a limited number of messages is allowed to enter the \fBactive\fR +queue (leaky bucket strategy, for a fixed delivery rate). +.IP \fBdeferred\fR +Mail that could not be delivered upon the first attempt. The queue +manager implements exponential backoff by doubling the time between +delivery attempts. +.IP \fBcorrupt\fR +Unreadable or damaged queue files are moved here for inspection. +.IP \fBhold\fR +Messages that are kept "on hold" are kept here until someone +sets them free. +.SH "DELIVERY STATUS REPORTS" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon keeps an eye on per\-message delivery status +reports in the following directories. Each status report file has +the same name as the corresponding message file: +.IP \fBbounce\fR +Per\-recipient status information about why mail is bounced. +These files are maintained by the \fBbounce\fR(8) daemon. +.IP \fBdefer\fR +Per\-recipient status information about why mail is delayed. +These files are maintained by the \fBdefer\fR(8) daemon. +.IP \fBtrace\fR +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. +These files are maintained by the \fBtrace\fR(8) daemon. +.PP +The \fBqmgr\fR(8) daemon is responsible for asking the +\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to +send delivery reports. +.SH "STRATEGIES" +.na +.nf +.ad +.fi +The queue manager implements a variety of strategies for +either opening queue files (input) or for message delivery (output). +.IP "\fBleaky bucket\fR" +This strategy limits the number of messages in the \fBactive\fR queue +and prevents the queue manager from running out of memory under +heavy load. +.IP \fBfairness\fR +When the \fBactive\fR queue has room, the queue manager takes one +message from the \fBincoming\fR queue and one from the \fBdeferred\fR +queue. This prevents a large mail backlog from blocking the delivery +of new mail. +.IP "\fBslow start\fR" +This strategy eliminates "thundering herd" problems by slowly +adjusting the number of parallel deliveries to the same destination. +.IP "\fBround robin\fR" +The queue manager sorts delivery requests by destination. +Round\-robin selection prevents one destination from dominating +deliveries to other destinations. +.IP "\fBexponential backoff\fR" +Mail that cannot be delivered upon the first attempt is deferred. +The time interval between delivery attempts is doubled after each +attempt. +.IP "\fBdestination status cache\fR" +The queue manager avoids unnecessary delivery attempts by +maintaining a short\-term, in\-memory list of unreachable destinations. +.IP "\fBpreemptive message scheduling\fR" +The queue manager attempts to minimize the average per\-recipient delay +while still preserving the correct per\-message delays, using +a sophisticated preemptive message scheduling. +.SH "TRIGGERS" +.na +.nf +.ad +.fi +On an idle system, the queue manager waits for the arrival of +trigger events, or it waits for a timer to go off. A trigger +is a one\-byte message. +Depending on the message received, the queue manager performs +one of the following actions (the message is followed by the +symbolic constant used internally by the software): +.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" +Start a deferred queue scan. If a deferred queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" +Start an incoming queue scan. If an incoming queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" +Ignore deferred queue file time stamps. The request affects +the next deferred queue scan. +.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" +Purge all information about dead transports and destinations. +.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" +Wakeup call, This is used by the master server to instantiate +servers that should not go away forever. The action is to start +an incoming queue scan. +.PP +The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. +Multiple identical trigger requests are collapsed into one, and +trigger requests are sorted so that \fBA\fR and \fBF\fR precede +\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, +one would request \fBA F D\fR; in order to notify the queue manager +of the arrival of new mail one would request \fBI\fR. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +RFC 3464 (Delivery status notifications) +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon is not security sensitive. It reads +single\-character messages from untrusted local users, and thus may +be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon +does not talk to the outside world, and it can be run at fixed low +privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are saved to the \fBcorrupt\fR queue +for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +A single queue manager process has to compete for disk access with +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of +inbound mail can negatively impact outbound delivery rates. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically +as \fBqmgr\fR(8) +is a persistent process. Use the "\fBpostfix reload\fR" command after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +Available before Postfix version 2.5: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.PP +Available with Postfix version 2.7 and later: +.IP "\fBdefault_filter_nexthop (empty)\fR" +When a content_filter or FILTER request specifies no explicit +next\-hop destination, use $default_filter_nexthop instead; when +that value is empty, use the domain in the recipient address. +.SH "ACTIVE QUEUE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_clog_warn_time (300s)\fR" +The minimal delay between warnings that a specific destination is +clogging up the Postfix active queue. +.IP "\fBqmgr_message_active_limit (20000)\fR" +The maximal number of messages in the active queue. +.IP "\fBqmgr_message_recipient_limit (20000)\fR" +The maximal number of recipients held in memory by the Postfix +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. +.IP "\fBqmgr_message_recipient_minimum (10)\fR" +The minimal number of in\-memory recipients for any message. +.IP "\fBdefault_recipient_limit (20000)\fR" +The default per\-transport upper limit on the number of in\-memory +recipients. +.IP "\fBtransport_recipient_limit ($default_recipient_limit)\fR" +A transport\-specific override for the default_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_extra_recipient_limit (1000)\fR" +The default value for the extra per\-transport limit imposed on the +number of in\-memory recipients. +.IP "\fBtransport_extra_recipient_limit ($default_extra_recipient_limit)\fR" +A transport\-specific override for the default_extra_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 2.4 and later: +.IP "\fBdefault_recipient_refill_limit (100)\fR" +The default per\-transport limit on the number of recipients refilled at +once. +.IP "\fBtransport_recipient_refill_limit ($default_recipient_refill_limit)\fR" +A transport\-specific override for the default_recipient_refill_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_recipient_refill_delay (5s)\fR" +The default per\-transport maximum delay between recipients refills. +.IP "\fBtransport_recipient_refill_delay ($default_recipient_refill_delay)\fR" +A transport\-specific override for the default_recipient_refill_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.SH "DELIVERY CONCURRENCY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBinitial_destination_concurrency (5)\fR" +The initial per\-destination concurrency level for parallel delivery +to the same destination. +.IP "\fBdefault_destination_concurrency_limit (20)\fR" +The default maximal number of parallel deliveries to the same +destination. +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR" +A transport\-specific override for the initial_destination_concurrency +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" +How many pseudo\-cohorts must suffer connection or handshake +failure before a specific destination is considered unavailable +(and further delivery is suspended). +.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_failed_cohort_limit parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" +The per\-destination amount of delivery concurrency negative +feedback, after a delivery completes with a connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_negative_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" +The per\-destination amount of delivery concurrency positive +feedback, after a delivery completes without connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_positive_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdestination_concurrency_feedback_debug (no)\fR" +Make the queue manager's feedback algorithm verbose for performance +analysis purposes. +.SH "RECIPIENT SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_destination_recipient_limit (50)\fR" +The default maximal number of recipients per message delivery. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "MESSAGE SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_delivery_slot_cost (5)\fR" +How often the Postfix queue manager's scheduler is allowed to +preempt delivery of one message with another. +.IP "\fBtransport_delivery_slot_cost ($default_delivery_slot_cost)\fR" +A transport\-specific override for the default_delivery_slot_cost +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_minimum_delivery_slots (3)\fR" +How many recipients a message must have in order to invoke the +Postfix queue manager's scheduling algorithm at all. +.IP "\fBtransport_minimum_delivery_slots ($default_minimum_delivery_slots)\fR" +A transport\-specific override for the default_minimum_delivery_slots +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_delivery_slot_discount (50)\fR" +The default value for transport\-specific _delivery_slot_discount +settings. +.IP "\fBtransport_delivery_slot_discount ($default_delivery_slot_discount)\fR" +A transport\-specific override for the default_delivery_slot_discount +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_delivery_slot_loan (3)\fR" +The default value for transport\-specific _delivery_slot_loan +settings. +.IP "\fBtransport_delivery_slot_loan ($default_delivery_slot_loan)\fR" +A transport\-specific override for the default_delivery_slot_loan +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.SH "OTHER RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBminimal_backoff_time (300s)\fR" +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBmaximal_backoff_time (4000s)\fR" +The maximal time between attempts to deliver a deferred message. +.IP "\fBmaximal_queue_lifetime (5d)\fR" +Consider a message as undeliverable, when delivery fails with a +temporary error, and the time in the queue has reached the +maximal_queue_lifetime limit. +.IP "\fBqueue_run_delay (300s)\fR" +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBtransport_retry_time (60s)\fR" +The time between attempts by the Postfix queue manager to contact +a malfunctioning message delivery transport. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBbounce_queue_lifetime (5d)\fR" +Consider a bounce message as undeliverable, when delivery fails +with a temporary error, and the time in the queue has reached the +bounce_queue_lifetime limit. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdefault_destination_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries to the same destination and over the same message +delivery transport. +.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" +A transport\-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries over the same message delivery transport, +regardless of destination. +.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. +.SH "SAFETY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_daemon_timeout (1000s)\fR" +How much time a Postfix queue manager process may take to handle +a request before it is terminated by a built\-in watchdog timer. +.IP "\fBqmgr_ipc_timeout (60s)\fR" +The time limit for the queue manager to send or receive information +over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdefer_transports (empty)\fR" +The names of message delivery transports that should not deliver mail +unless someone issues "\fBsendmail \-q\fR" or equivalent. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBconfirm_delay_cleared (no)\fR" +After sending a "your message is delayed" notification, inform +the sender when the delay clears up. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix/incoming, incoming queue +/var/spool/postfix/active, active queue +/var/spool/postfix/deferred, deferred queue +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status +/var/spool/postfix/trace, delivery status +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address routing +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +SCHEDULER_README, scheduling algorithm +QSHAPE_README, Postfix queue analysis +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Preemptive scheduler enhancements: +Patrik Rak +Modra 6 +155 00, Prague, Czech Republic + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/qmqpd.8 b/man/man8/qmqpd.8 new file mode 100644 index 0000000..c8da141 --- /dev/null +++ b/man/man8/qmqpd.8 @@ -0,0 +1,213 @@ +.TH QMQPD 8 +.ad +.fi +.SH NAME +qmqpd +\- +Postfix QMQP server +.SH "SYNOPSIS" +.na +.nf +\fBqmqpd\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix QMQP server receives one message per connection. +Each message is piped through the \fBcleanup\fR(8) +daemon, and is placed into the \fBincoming\fR queue as one +single queue file. The program expects to be run from the +\fBmaster\fR(8) process manager. + +The QMQP server implements one access policy: only explicitly +authorized client hosts are allowed to use the service. +.SH "SECURITY" +.na +.nf +.ad +.fi +The QMQP server is moderately security\-sensitive. It talks to QMQP +clients and to DNS servers on the network. The QMQP server can be +run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The QMQP protocol provides only one server reply per message +delivery. It is therefore not possible to reject individual +recipients. + +The QMQP protocol requires the server to receive the entire +message before replying. If a message is malformed, or if any +netstring component is longer than acceptable, Postfix replies +immediately and closes the connection. It is left up to the +client to handle the situation. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBqmqpd\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBhopcount_limit (50)\fR" +The maximal number of Received: message headers that is allowed +in the primary message headers. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.IP "\fBqmqpd_timeout (300s)\fR" +The time limit for sending or receiving information over the network. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a remote client or +server matches a pattern in the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of remote client or server hostname or network +address patterns that cause the verbose logging level to increase +by the amount specified in $debug_peer_level. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.SH "TARPIT CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmqpd_error_delay (1s)\fR" +How long the Postfix QMQP server will pause before sending a negative +reply to the remote QMQP client. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqmqpd_authorized_clients (empty)\fR" +What remote QMQP clients are allowed to connect to the Postfix QMQP +server port. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBverp_delimiter_filter (\-=+)\fR" +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBqmqpd_client_port_logging (no)\fR" +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +http://cr.yp.to/proto/qmqp.html, QMQP protocol +cleanup(8), message canonicalization +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +QMQP_README, Postfix ezmlm\-idx howto. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The qmqpd service was introduced with Postfix version 1.1. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/scache.8 b/man/man8/scache.8 new file mode 100644 index 0000000..7f9fe49 --- /dev/null +++ b/man/man8/scache.8 @@ -0,0 +1,178 @@ +.TH SCACHE 8 +.ad +.fi +.SH NAME +scache +\- +Postfix shared connection cache server +.SH "SYNOPSIS" +.na +.nf +\fBscache\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBscache\fR(8) server maintains a shared multi\-connection +cache. This information can be used by, for example, Postfix +SMTP clients or other Postfix delivery agents. + +The connection cache is organized into logical destination +names, physical endpoint names, and connections. + +As a specific example, logical SMTP destinations specify +(transport, domain, port), and physical SMTP endpoints +specify (transport, IP address, port). An SMTP connection +may be saved after a successful mail transaction. + +In the general case, one logical destination may refer to +zero or more physical endpoints, one physical endpoint may +be referenced by zero or more logical destinations, and +one endpoint may refer to zero or more connections. + +The exact syntax of a logical destination or endpoint name +is application dependent; the \fBscache\fR(8) server does +not care. A connection is stored as a file descriptor together +with application\-dependent information that is needed to +re\-activate a connection object. Again, the \fBscache\fR(8) +server is completely unaware of the details of that +information. + +All information is stored with a finite time to live (ttl). +The connection cache daemon terminates when no client is +connected for \fBmax_idle\fR time units. + +This server implements the following requests: +.IP "\fBsave_endp\fI ttl endpoint endpoint_properties file_descriptor\fR" +Save the specified file descriptor and connection property data +under the specified endpoint name. The endpoint properties +are used by the client to re\-activate a passivated connection +object. +.IP "\fBfind_endp\fI endpoint\fR" +Look up cached properties and a cached file descriptor for the +specified endpoint. +.IP "\fBsave_dest\fI ttl destination destination_properties endpoint\fR" +Save the binding between a logical destination and an +endpoint under the destination name, together with destination +specific connection properties. The destination properties +are used by the client to re\-activate a passivated connection +object. +.IP "\fBfind_dest\fI destination\fR" +Look up cached destination properties, cached endpoint properties, +and a cached file descriptor for the specified logical destination. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBscache\fR(8) server is not security\-sensitive. It does not +talk to the network, and it does not talk to local users. +The \fBscache\fR(8) server can run chrooted at fixed low privilege. + +The \fBscache\fR(8) server is not a trusted process. It must +not be used to store information that is security sensitive. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The session cache cannot be shared among multiple machines. + +When a connection expires from the cache, it is closed without +the appropriate protocol specific handshake. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBscache\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconnection_cache_ttl_limit (2s)\fR" +The maximal time\-to\-live value that the \fBscache\fR(8) connection +cache server +allows. +.IP "\fBconnection_cache_status_update_time (600s)\fR" +How frequently the \fBscache\fR(8) server logs usage statistics with +connection cache hit and miss rates for logical destinations and for +physical endpoints. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtp(8), SMTP client +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +CONNECTION_CACHE_README, Postfix connection cache +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/showq.8 b/man/man8/showq.8 new file mode 100644 index 0000000..624ae74 --- /dev/null +++ b/man/man8/showq.8 @@ -0,0 +1,125 @@ +.TH SHOWQ 8 +.ad +.fi +.SH NAME +showq +\- +list the Postfix mail queue +.SH "SYNOPSIS" +.na +.nf +\fBshowq\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBshowq\fR(8) daemon reports the Postfix mail queue status. +The output is meant to be formatted by the postqueue(1) command, +as it emulates the Sendmail `mailq' command. + +The \fBshowq\fR(8) daemon can also be run in stand\-alone mode +by the superuser. This mode of operation is used to emulate +the `mailq' command while the Postfix mail system is down. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBshowq\fR(8) daemon can run in a chroot jail at fixed low +privilege, and takes no input from the client. Its service port +is accessible to local untrusted users, so the service can be +susceptible to denial of service attacks. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The \fBshowq\fR(8) daemon does not interact with the +outside world. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBshowq\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.9 and later: +.IP "\fBenable_long_queue_ids (no)\fR" +Enable long, non\-repeating, queue IDs (queue file names). +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix, queue directories +.SH "SEE ALSO" +.na +.nf +pickup(8), local mail pickup service +cleanup(8), canonicalize and enqueue mail +qmgr(8), queue manager +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/smtp.8 b/man/man8/smtp.8 new file mode 100644 index 0000000..31c707e --- /dev/null +++ b/man/man8/smtp.8 @@ -0,0 +1,871 @@ +.TH SMTP 8 +.ad +.fi +.SH NAME +smtp +\- +Postfix SMTP+LMTP client +.SH "SYNOPSIS" +.na +.nf +\fBsmtp\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix SMTP+LMTP client implements the SMTP and LMTP mail +delivery protocols. It processes message delivery requests from +the queue manager. Each request specifies a queue file, a sender +address, a domain or host to deliver to, and recipient information. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The SMTP+LMTP client updates the queue file and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. + +The SMTP+LMTP client looks up a list of mail exchanger addresses for +the destination host, sorts the list by preference, and connects +to each listed address until it finds a server that responds. + +When a server is not reachable, or when mail delivery fails due +to a recoverable error condition, the SMTP+LMTP client will try to +deliver the mail to an alternate host. + +After a successful mail transaction, a connection may be saved +to the \fBscache\fR(8) connection cache server, so that it +may be used by any SMTP+LMTP client for a subsequent transaction. + +By default, connection caching is enabled temporarily for +destinations that have a high volume of mail in the active +queue. Connection caching can be enabled permanently for +specific destinations. +.SH "SMTP DESTINATION SYNTAX" +.na +.nf +.ad +.fi +SMTP destinations have the following form: +.IP \fIdomainname\fR +.IP \fIdomainname\fR:\fIport\fR +Look up the mail exchangers for the specified domain, and +connect to the specified port (default: \fBsmtp\fR). +.IP [\fIhostname\fR] +.IP [\fIhostname\fR]:\fIport\fR +Look up the address(es) of the specified host, and connect to +the specified port (default: \fBsmtp\fR). +.IP [\fIaddress\fR] +.IP [\fIaddress\fR]:\fIport\fR +Connect to the host at the specified address, and connect +to the specified port (default: \fBsmtp\fR). An IPv6 address +must be formatted as [\fBipv6\fR:\fIaddress\fR]. +.SH "LMTP DESTINATION SYNTAX" +.na +.nf +.ad +.fi +LMTP destinations have the following form: +.IP \fBunix\fR:\fIpathname\fR +Connect to the local UNIX\-domain server that is bound to the specified +\fIpathname\fR. If the process runs chrooted, an absolute pathname +is interpreted relative to the Postfix queue directory. +.IP \fBinet\fR:\fIhostname\fR +.IP \fBinet\fR:\fIhostname\fR:\fIport\fR +.IP \fBinet\fR:[\fIaddress\fR] +.IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR +Connect to the specified TCP port on the specified local or +remote host. If no port is specified, connect to the port defined as +\fBlmtp\fR in \fBservices\fR(4). +If no such service is found, the \fBlmtp_tcp_port\fR configuration +parameter (default value of 24) will be used. +An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. +.PP +.SH "SECURITY" +.na +.nf +.ad +.fi +The SMTP+LMTP client is moderately security\-sensitive. It +talks to SMTP or LMTP servers and to DNS servers on the +network. The SMTP+LMTP client can be run chrooted at fixed +low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 822 (ARPA Internet Text Messages) +RFC 1651 (SMTP service extensions) +RFC 1652 (8bit\-MIME transport) +RFC 1870 (Message Size Declaration) +RFC 2033 (LMTP protocol) +RFC 2034 (SMTP Enhanced Error Codes) +RFC 2045 (MIME: Format of Internet Message Bodies) +RFC 2046 (MIME: Media Types) +RFC 2554 (AUTH command) +RFC 2821 (SMTP protocol) +RFC 2920 (SMTP Pipelining) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN Extension) +RFC 3463 (Enhanced Status Codes) +RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) +RFC 6531 (Internationalized SMTP) +RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7672 (SMTP security via opportunistic DANE TLS) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue manager can +move them to the \fBcorrupt\fR queue for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces, protocol problems, and of +other trouble. +.SH BUGS +.ad +.fi +SMTP and LMTP connection reuse for TLS (without closing the +SMTP or LMTP connection) is not supported before Postfix 3.4. + +SMTP and LMTP connection caching assumes that SASL credentials +are valid for all destinations that map onto the same IP +address and TCP port. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Before Postfix version 2.3, the LMTP client is a separate +program that implements only a subset of the functionality +available with SMTP: there is no support for TLS, and +connections are cached in\-process, making it ineffective +when the client is used for multiple domains. + +Most smtp_\fIxxx\fR configuration parameters have an +lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP +feature. This document describes only those LMTP\-related +parameters that aren't simply "mirror" parameters. + +Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBignore_mx_lookup_error (no)\fR" +Ignore DNS MX lookups that produce no response. +.IP "\fBsmtp_always_send_ehlo (yes)\fR" +Always send EHLO at the start of an SMTP session. +.IP "\fBsmtp_never_send_ehlo (no)\fR" +Never send EHLO at the start of an SMTP session. +.IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" +Defer mail delivery when no MX record resolves to an IP address. +.IP "\fBsmtp_line_length_limit (998)\fR" +The maximal length of message header and body lines that Postfix +will send via SMTP. +.IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" +How long the Postfix SMTP client pauses before sending +".<CR><LF>" in order to work around the PIX firewall +"<CR><LF>.<CR><LF>" bug. +.IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" +How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "<CR><LF>.<CR><LF>" +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on. +.IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" +A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. +.IP "\fBsmtp_pix_workaround_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP server address, with +per\-destination workarounds for CISCO PIX firewall bugs. +.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" +Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands +as required +by RFC 5321. +.IP "\fBsmtp_reply_filter (empty)\fR" +A mechanism to transform replies from remote SMTP servers one +line at a time. +.IP "\fBsmtp_skip_5xx_greeting (yes)\fR" +Skip remote SMTP servers that greet with a 5XX status code. +.IP "\fBsmtp_skip_quit_response (yes)\fR" +Do not wait for the response to the SMTP QUIT command. +.PP +Available in Postfix version 2.0 and earlier: +.IP "\fBsmtp_skip_4xx_greeting (yes)\fR" +Skip SMTP servers that greet with a 4XX status code (go away, try +again later). +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP server address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP client will ignore in the EHLO response from a +remote SMTP server. +.IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP client will ignore in the EHLO +response from a remote SMTP server. +.IP "\fBsmtp_generic_maps (empty)\fR" +Optional lookup tables that perform address rewriting in the +Postfix SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +.PP +Available in Postfix version 2.2.9 and later: +.IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" +When the remote SMTP servername is a DNS CNAME, replace the +servername with the result from CNAME expansion for the purpose of +logging, SASL password lookup, TLS +policy decisions, or TLS certificate verification. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote LMTP server address, with +case insensitive lists of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. +.IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" +A case insensitive list of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. +.PP +Available in Postfix version 2.4.4 and later: +.IP "\fBsend_cyrus_sasl_authzid (no)\fR" +When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_header_checks (empty)\fR" +Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. +.IP "\fBsmtp_mime_header_checks (empty)\fR" +Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP +client. +.IP "\fBsmtp_nested_header_checks (empty)\fR" +Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP +client. +.IP "\fBsmtp_body_checks (empty)\fR" +Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBtcp_windowsize (0)\fR" +An optional workaround for routers that break TCP window scaling. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBsmtp_dns_resolver_options (empty)\fR" +DNS Resolver options for the Postfix SMTP client. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.IP "\fBsmtp_send_dummy_mail_auth (no)\fR" +Whether or not to append the "AUTH=<>" option to the MAIL +FROM command in SASL\-authenticated SMTP sessions. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_dns_support_level (empty)\fR" +Level of DNS support in the Postfix SMTP client. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBsmtp\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.IP "\fBsmtp_dns_reply_filter (empty)\fR" +Optional filter for Postfix SMTP client DNS lookup results. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBsmtp_balance_inet_protocols (yes)\fR" +When a remote destination resolves to a combination of IPv4 and +IPv6 addresses, ensure that the Postfix SMTP client can try both +address types before it runs into the smtp_mx_address_limit. +.PP +Available in Postfix 3.4.19 and later: +.IP "\fBdnssec_probe (ns:.)\fR" +The DNS query type (default: "ns") and DNS query name (default: +".") that Postfix may use to determine whether DNSSEC validation +is available. +.SH "MIME PROCESSING CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.0 and later: +.IP "\fBdisable_mime_output_conversion (no)\fR" +Disable the conversion of 8BITMIME format to 7BIT format. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.SH "EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.1 and later: +.IP "\fBsmtp_send_xforward_command (no)\fR" +Send the non\-standard XFORWARD command when the Postfix SMTP server +EHLO response announces XFORWARD support. +.SH "SASL AUTHENTICATION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBsmtp_sasl_auth_enable (no)\fR" +Enable SASL authentication in the Postfix SMTP client. +.IP "\fBsmtp_sasl_password_maps (empty)\fR" +Optional Postfix SMTP client lookup tables with one username:password +entry per sender, remote hostname or next\-hop domain. +.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" +Postfix SMTP client SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL client implementation that is selected +with \fBsmtp_sasl_type\fR. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" +If non\-empty, a Postfix SMTP client filter for the remote SMTP +server's list of offered SASL mechanisms. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtp_sender_dependent_authentication (no)\fR" +Enable sender\-dependent authentication in the Postfix SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials. +.IP "\fBsmtp_sasl_path (empty)\fR" +Implementation\-specific information that the Postfix SMTP client +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtp_sasl_type\fR. +.IP "\fBsmtp_sasl_type (cyrus)\fR" +The SASL plug\-in type that the Postfix SMTP client should use +for authentication. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" +An optional table to prevent repeated SASL authentication +failures with the same remote SMTP server hostname, username and +password. +.IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" +The maximal age of an smtp_sasl_auth_cache_name entry before it +is removed. +.IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" +When a remote SMTP server rejects a SASL authentication request +with a 535 reply code, defer mail delivery instead of returning +mail as undeliverable. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_send_dummy_mail_auth (no)\fR" +Whether or not to append the "AUTH=<>" option to the MAIL +FROM command in SASL\-authenticated SMTP sessions. +.SH "STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +Detailed information about STARTTLS configuration may be found +in the TLS_README document. +.IP "\fBsmtp_tls_security_level (empty)\fR" +The default SMTP TLS security level for the Postfix SMTP client; +when a non\-empty value is specified, this overrides the obsolete +parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +.IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions. +.IP "\fBsmtp_starttls_timeout (300s)\fR" +Time limit for Postfix SMTP client write and read operations +during TLS startup and shutdown handshake procedures. +.IP "\fBsmtp_tls_CAfile (empty)\fR" +A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +.IP "\fBsmtp_tls_CApath (empty)\fR" +Directory with PEM format Certification Authority certificates +that the Postfix SMTP client uses to verify a remote SMTP server +certificate. +.IP "\fBsmtp_tls_cert_file (empty)\fR" +File with the Postfix SMTP client RSA certificate in PEM format. +.IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP client will +use with +mandatory TLS encryption. +.IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" +List of ciphers or cipher types to exclude from the Postfix +SMTP client cipher +list at all TLS security levels. +.IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP client cipher list at mandatory TLS security levels. +.IP "\fBsmtp_tls_dcert_file (empty)\fR" +File with the Postfix SMTP client DSA certificate in PEM format. +.IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" +File with the Postfix SMTP client DSA private key in PEM format. +.IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" +File with the Postfix SMTP client RSA private key in PEM format. +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_note_starttls_offer (no)\fR" +Log the hostname of a remote SMTP server that offers STARTTLS, +when TLS is not already enabled for that server. +.IP "\fBsmtp_tls_policy_maps (empty)\fR" +Optional lookup tables with the Postfix SMTP client TLS security +policy by next\-hop destination; when a non\-empty value is specified, +this overrides the obsolete smtp_tls_per_site parameter. +.IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR" +List of SSL/TLS protocols that the Postfix SMTP client will use with +mandatory TLS encryption. +.IP "\fBsmtp_tls_scert_verifydepth (9)\fR" +The verification depth for remote SMTP server certificates. +.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR" +How the Postfix SMTP client verifies the server certificate +peername for the "secure" TLS security level. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP client TLS session cache +information. +.IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" +How the Postfix SMTP client verifies the server certificate +peername for the +"verify" TLS security level. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.PP +Available in Postfix version 2.4 and later: +.IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions with a verified server +certificate. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" +List of acceptable remote SMTP server certificate fingerprints for +the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = +fingerprint). +.IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" +The message digest algorithm used to construct remote SMTP server +certificate fingerprints. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR" +List of TLS protocols that the Postfix SMTP client will exclude or +include with opportunistic TLS encryption. +.IP "\fBsmtp_tls_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP client +will use with opportunistic TLS encryption. +.IP "\fBsmtp_tls_eccert_file (empty)\fR" +File with the Postfix SMTP client ECDSA certificate in PEM format. +.IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" +File with the Postfix SMTP client ECDSA private key in PEM format. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" +Try to detect a mail hijacking attack based on a TLS protocol +vulnerability (CVE\-2009\-3555), where an attacker prepends malicious +HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.PP +Available in Postfix version 2.11\-3.1: +.IP "\fBtls_dane_digest_agility (on)\fR" +Configure RFC7671 DANE TLSA digest algorithm agility. +.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" +Enable support for RFC 6698 (DANE TLSA) DNS records that contain +digests of trust\-anchors with certificate usage "2". +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" +Zero or more PEM\-format files with trust\-anchor certificates +and/or public keys. +.IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" +Lookup the associated DANE TLSA RRset even when a hostname is +not an alias and its address records lie in an unsigned zone. +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtp_tls_wrappermode (no)\fR" +Request that the Postfix SMTP client connects using the +legacy SMTPS protocol instead of using the STARTTLS command. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtp_tls_connection_reuse (no)\fR" +Try to make multiple deliveries per TLS\-encrypted connection. +.IP "\fBsmtp_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBsmtp_tls_servername (empty)\fR" +Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. +.SH "OBSOLETE STARTTLS CONTROLS" +.na +.nf +.ad +.fi +The following configuration parameters exist for compatibility +with Postfix versions before 2.3. Support for these will +be removed in a future release. +.IP "\fBsmtp_use_tls (no)\fR" +Opportunistic mode: use TLS when a remote SMTP server announces +STARTTLS support, otherwise send the mail in the clear. +.IP "\fBsmtp_enforce_tls (no)\fR" +Enforcement mode: require that remote SMTP servers use TLS +encryption, and never send mail in the clear. +.IP "\fBsmtp_tls_enforce_peername (yes)\fR" +With mandatory TLS encryption, require that the remote SMTP +server hostname matches the information in the remote SMTP server +certificate. +.IP "\fBsmtp_tls_per_site (empty)\fR" +Optional lookup tables with the Postfix SMTP client TLS usage +policy by next\-hop destination and by remote SMTP server hostname. +.IP "\fBsmtp_tls_cipherlist (empty)\fR" +Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS +cipher list. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBsmtp_connect_timeout (30s)\fR" +The Postfix SMTP client time limit for completing a TCP connection, or +zero (use the operating system built\-in time limit). +.IP "\fBsmtp_helo_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the HELO or EHLO command, +and for receiving the initial remote SMTP server response. +.IP "\fBlmtp_lhlo_timeout (300s)\fR" +The Postfix LMTP client time limit for sending the LHLO command, +and for receiving the initial remote LMTP server response. +.IP "\fBsmtp_xforward_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the XFORWARD command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_mail_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the MAIL FROM command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_rcpt_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the SMTP RCPT TO +command, and for receiving the remote SMTP server response. +.IP "\fBsmtp_data_init_timeout (120s)\fR" +The Postfix SMTP client time limit for sending the SMTP DATA command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_data_xfer_timeout (180s)\fR" +The Postfix SMTP client time limit for sending the SMTP message content. +.IP "\fBsmtp_data_done_timeout (600s)\fR" +The Postfix SMTP client time limit for sending the SMTP ".", and +for receiving the remote SMTP server response. +.IP "\fBsmtp_quit_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the QUIT command, +and for receiving the remote SMTP server response. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtp_mx_address_limit (5)\fR" +The maximal number of MX (mail exchanger) IP addresses that can +result from Postfix SMTP client mail exchanger lookups, or zero (no +limit). +.IP "\fBsmtp_mx_session_limit (2)\fR" +The maximal number of SMTP sessions per delivery request before +the Postfix SMTP client +gives up or delivers to a fall\-back relay host, or zero (no +limit). +.IP "\fBsmtp_rset_timeout (20s)\fR" +The Postfix SMTP client time limit for sending the RSET command, +and for receiving the remote SMTP server response. +.PP +Available in Postfix version 2.2 and earlier: +.IP "\fBlmtp_cache_connection (yes)\fR" +Keep Postfix LMTP client connections open for up to $max_idle +seconds. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_connection_cache_destinations (empty)\fR" +Permanently enable SMTP connection caching for the specified +destinations. +.IP "\fBsmtp_connection_cache_on_demand (yes)\fR" +Temporarily enable SMTP connection caching while a destination +has a high volume of mail in the active queue. +.IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" +The amount of time during which Postfix will use an SMTP +connection repeatedly. +.IP "\fBsmtp_connection_cache_time_limit (2s)\fR" +When SMTP connection caching is enabled, the amount of time that +an unused SMTP client socket is kept open before it is closed. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBconnection_cache_protocol_timeout (5s)\fR" +Time limit for connection cache connect, send or receive +operations. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_connection_reuse_count_limit (0)\fR" +When SMTP connection caching is enabled, the number of times +that an SMTP session may be reused before it is closed, or zero (no +limit). +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtp_tls_connection_reuse (no)\fR" +Try to make multiple deliveries per TLS\-encrypted connection. +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a remote client or +server matches a pattern in the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of remote client or server hostname or network +address patterns that cause the verbose logging level to increase +by the amount specified in $debug_peer_level. +.IP "\fBerror_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications about mail delivery +problems that are caused by policy, resource, software or protocol +errors. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBbest_mx_transport (empty)\fR" +Where the Postfix SMTP client should deliver mail when it detects +a "mail loops back to myself" error condition. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdisable_dns_lookups (no)\fR" +Disable DNS lookups in the Postfix SMTP and LMTP clients. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBinet_protocols (all)\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBlmtp_assume_final (no)\fR" +When a remote LMTP server announces no DSN support, assume that +the +server performs final delivery, and send "delivered" delivery status +notifications instead of "relayed". +.IP "\fBlmtp_tcp_port (24)\fR" +The default TCP port that the Postfix LMTP client connects to. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBsmtp_address_preference (any)\fR" +The address type ("ipv6", "ipv4" or "any") that the Postfix +SMTP client will try first, when a destination has IPv6 and IPv4 +addresses with equal MX preference. +.IP "\fBsmtp_bind_address (empty)\fR" +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv4 connection. +.IP "\fBsmtp_bind_address6 (empty)\fR" +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv6 connection. +.IP "\fBsmtp_helo_name ($myhostname)\fR" +The hostname to send in the SMTP HELO or EHLO command. +.IP "\fBlmtp_lhlo_name ($myhostname)\fR" +The hostname to send in the LMTP LHLO command. +.IP "\fBsmtp_host_lookup (dns)\fR" +What mechanisms the Postfix SMTP client uses to look up a host's +IP address. +.IP "\fBsmtp_randomize_addresses (yes)\fR" +Randomize the order of equal\-preference MX host addresses. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available with Postfix 2.2 and earlier: +.IP "\fBfallback_relay (empty)\fR" +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 2.3 and later: +.IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 3.0 and later: +.IP "\fBsmtp_address_verify_target (rcpt)\fR" +In the context of email address verification, the SMTP protocol +stage that determines whether an email address is deliverable. +.PP +Available with Postfix 3.1 and later: +.IP "\fBlmtp_fallback_relay (empty)\fR" +Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 3.2 and later: +.IP "\fBsmtp_tcp_port (smtp)\fR" +The default TCP port that the Postfix SMTP client connects to. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +generic(5), output address rewriting +header_checks(5), message header content inspection +body_checks(5), body parts content inspection +qmgr(8), queue manager +bounce(8), delivery status reports +scache(8), connection cache server +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +tlsmgr(8), TLS session and PRNG management +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +SASL_README, Postfix SASL howto +TLS_README, Postfix STARTTLS howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +Command pipelining in cooperation with: +Jon Ribbens +Oaktree Internet Solutions Ltd., +Internet House, +Canal Basin, +Coventry, +CV1 4LY, United Kingdom. + +SASL support originally by: +Till Franke +SuSE Rhein/Main AG +65760 Eschborn, Germany + +TLS support originally by: +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Revised TLS and SMTP connection cache support by: +Victor Duchovni +Morgan Stanley diff --git a/man/man8/smtpd.8 b/man/man8/smtpd.8 new file mode 100644 index 0000000..49798dd --- /dev/null +++ b/man/man8/smtpd.8 @@ -0,0 +1,1211 @@ +.TH SMTPD 8 +.ad +.fi +.SH NAME +smtpd +\- +Postfix SMTP server +.SH "SYNOPSIS" +.na +.nf +\fBsmtpd\fR [generic Postfix daemon options] + +\fBsendmail \-bs\fR +.SH DESCRIPTION +.ad +.fi +The SMTP server accepts network connection requests +and performs zero or more SMTP transactions per connection. +Each received message is piped through the \fBcleanup\fR(8) +daemon, and is placed into the \fBincoming\fR queue as one +single queue file. For this mode of operation, the program +expects to be run from the \fBmaster\fR(8) process manager. + +Alternatively, the SMTP server be can run in stand\-alone +mode; this is traditionally obtained with "\fBsendmail +\-bs\fR". When the SMTP server runs stand\-alone with non +$\fBmail_owner\fR privileges, it receives mail even while +the mail system is not running, deposits messages directly +into the \fBmaildrop\fR queue, and disables the SMTP server's +access policies. As of Postfix version 2.3, the SMTP server +refuses to receive mail from the network when it runs with +non $\fBmail_owner\fR privileges. + +The SMTP server implements a variety of policies for connection +requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR +and \fBRCPT TO\fR commands. They are detailed below and in the +\fBmain.cf\fR configuration file. +.SH "SECURITY" +.na +.nf +.ad +.fi +The SMTP server is moderately security\-sensitive. It talks to SMTP +clients and to DNS servers on the network. The SMTP server can be +run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 1123 (Host requirements) +RFC 1652 (8bit\-MIME transport) +RFC 1869 (SMTP service extensions) +RFC 1870 (Message size declaration) +RFC 1985 (ETRN command) +RFC 2034 (SMTP enhanced status codes) +RFC 2554 (AUTH command) +RFC 2821 (SMTP protocol) +RFC 2920 (SMTP pipelining) +RFC 3030 (CHUNKING without BINARYMIME) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN extension) +RFC 3463 (Enhanced status codes) +RFC 3848 (ESMTP transmission types) +RFC 4409 (Message submission) +RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) +RFC 6531 (Internationalized SMTP) +RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7505 ("Null MX" No Service Resource Record) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces, protocol problems, +policy violations, and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +The following parameters work around implementation errors in other +software, and/or allow you to override standards in order to prevent +undesirable use. +.ad +.fi +.IP "\fBbroken_sasl_auth_clients (no)\fR" +Enable interoperability with remote SMTP clients that implement an obsolete +version of the AUTH command (RFC 4954). +.IP "\fBdisable_vrfy_command (no)\fR" +Disable the SMTP VRFY command. +.IP "\fBsmtpd_noop_commands (empty)\fR" +List of commands that the Postfix SMTP server replies to with "250 +Ok", without doing any syntax checks and without changing state. +.IP "\fBstrict_rfc821_envelopes (no)\fR" +Require that addresses received in SMTP MAIL FROM and RCPT TO +commands are enclosed with <>, and that those addresses do +not contain RFC 822 style comments or phrases. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_reject_unlisted_sender (no)\fR" +Request that the Postfix SMTP server rejects mail from unknown +sender addresses, even when no explicit reject_unlisted_sender +access restriction is specified. +.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" +What remote SMTP clients the Postfix SMTP server will not offer +AUTH support to. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP server will not send in the EHLO response +to a +remote SMTP client. +.IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP server will not send in the EHLO +response +to a remote SMTP client. +.IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR" +Postpone the start of an SMTP mail transaction until a valid +RCPT TO command is received. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" +Force the Postfix SMTP server to issue a TLS session id, even +when TLS session caching is turned off (smtpd_tls_session_cache_database +is empty). +.PP +Available in Postfix version 2.6 and later: +.IP "\fBtcp_windowsize (0)\fR" +An optional workaround for routers that break TCP window scaling. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBsmtpd_command_filter (empty)\fR" +A mechanism to transform commands from remote SMTP clients. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtpd_dns_reply_filter (empty)\fR" +Optional filter for Postfix SMTP server DNS lookup results. +.SH "ADDRESS REWRITING CONTROLS" +.na +.nf +.ad +.fi +See the ADDRESS_REWRITING_README document for a detailed +discussion of Postfix address rewriting. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" +Rewrite message header addresses in mail from these clients and +update incomplete addresses with the domain name in $myorigin or +$mydomain; either don't rewrite message headers from other clients +at all, or rewrite message headers and update incomplete addresses +with the domain specified in the remote_header_rewrite_domain +parameter. +.SH "BEFORE-SMTPD PROXY AGENT" +.na +.nf +.ad +.fi +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR" +The name of the proxy protocol used by an optional before\-smtpd +proxy agent. +.IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR" +The time limit for the proxy protocol specified with the +smtpd_upstream_proxy_protocol parameter. +.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +As of version 1.0, Postfix can be configured to send new mail to +an external content filter AFTER the mail is queued. This content +filter is expected to inject mail back into a (Postfix or other) +MTA for further delivery. See the FILTER_README document for details. +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.SH "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +As of version 2.1, the Postfix SMTP server can be configured +to send incoming mail to a real\-time SMTP\-based content filter +BEFORE mail is queued. This content filter is expected to inject +mail back into Postfix. See the SMTPD_PROXY_README document for +details on how to configure and operate this feature. +.IP "\fBsmtpd_proxy_filter (empty)\fR" +The hostname and TCP port of the mail filtering proxy server. +.IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR" +How the Postfix SMTP server announces itself to the proxy filter. +.IP "\fBsmtpd_proxy_options (empty)\fR" +List of options that control how the Postfix SMTP server +communicates with a before\-queue content filter. +.IP "\fBsmtpd_proxy_timeout (100s)\fR" +The time limit for connecting to a proxy filter and for sending or +receiving information. +.SH "BEFORE QUEUE MILTER CONTROLS" +.na +.nf +.ad +.fi +As of version 2.3, Postfix supports the Sendmail version 8 +Milter (mail filter) protocol. These content filters run +outside Postfix. They can inspect the SMTP command stream +and the message content, and can request modifications before +mail is queued. For details see the MILTER_README document. +.IP "\fBsmtpd_milters (empty)\fR" +A list of Milter (mail filter) applications for new mail that +arrives via the Postfix \fBsmtpd\fR(8) server. +.IP "\fBmilter_protocol (6)\fR" +The mail filter protocol version and optional protocol extensions +for communication with a Milter application; prior to Postfix 2.6 +the default protocol is 2. +.IP "\fBmilter_default_action (tempfail)\fR" +The default action when a Milter (mail filter) application is +unavailable or mis\-configured. +.IP "\fBmilter_macro_daemon_name ($myhostname)\fR" +The {daemon_name} macro value for Milter (mail filter) applications. +.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" +The {v} macro value for Milter (mail filter) applications. +.IP "\fBmilter_connect_timeout (30s)\fR" +The time limit for connecting to a Milter (mail filter) +application, and for negotiating protocol options. +.IP "\fBmilter_command_timeout (30s)\fR" +The time limit for sending an SMTP command to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_content_timeout (300s)\fR" +The time limit for sending message content to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after completion of an SMTP connection. +.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP HELO or EHLO command. +.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP MAIL FROM command. +.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP RCPT TO command. +.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 4 or higher Milter (mail +filter) applications after the SMTP DATA command. +.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 3 or higher Milter (mail +filter) applications after an unknown SMTP command. +.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the end of the message header. +.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the message end\-of\-data. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBsmtpd_milter_maps (empty)\fR" +Lookup tables with Milter settings per remote SMTP client IP +address. +.SH "GENERAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +The following parameters are applicable for both built\-in +and external content filters. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +The following parameters are applicable for both before\-queue +and after\-queue content filtering. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_xforward_hosts (empty)\fR" +What remote SMTP clients are allowed to use the XFORWARD feature. +.SH "SASL AUTHENTICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix SASL support (RFC 4954) can be used to authenticate remote +SMTP clients to the Postfix SMTP server, and to authenticate the +Postfix SMTP client to a remote SMTP server. +See the SASL_README document for details. +.IP "\fBbroken_sasl_auth_clients (no)\fR" +Enable interoperability with remote SMTP clients that implement an obsolete +version of the AUTH command (RFC 4954). +.IP "\fBsmtpd_sasl_auth_enable (no)\fR" +Enable SASL authentication in the Postfix SMTP server. +.IP "\fBsmtpd_sasl_local_domain (empty)\fR" +The name of the Postfix SMTP server's local SASL authentication +realm. +.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR" +Postfix SMTP server SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL server implementation that is selected +with \fBsmtpd_sasl_type\fR. +.IP "\fBsmtpd_sender_login_maps (empty)\fR" +Optional lookup table with the SASL login names that own the sender +(MAIL FROM) addresses. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" +What remote SMTP clients the Postfix SMTP server will not offer +AUTH support to. +.PP +Available in Postfix version 2.1 and 2.2: +.IP "\fBsmtpd_sasl_application_name (smtpd)\fR" +The application name that the Postfix SMTP server uses for SASL +server initialization. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_sasl_authenticated_header (no)\fR" +Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received +message header. +.IP "\fBsmtpd_sasl_path (smtpd)\fR" +Implementation\-specific information that the Postfix SMTP server +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtpd_sasl_type\fR. +.IP "\fBsmtpd_sasl_type (cyrus)\fR" +The SASL plug\-in type that the Postfix SMTP server should use +for authentication. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBcyrus_sasl_config_path (empty)\fR" +Search path for Cyrus SASL application configuration files, +currently used only to locate the $smtpd_sasl_path.conf file. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtpd_sasl_service (smtp)\fR" +The service name that is passed to the SASL plug\-in that is +selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtpd_sasl_response_limit (12288)\fR" +The maximum length of a SASL client's response to a server challenge. +.SH "STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +Detailed information about STARTTLS configuration may be +found in the TLS_README document. +.IP "\fBsmtpd_tls_security_level (empty)\fR" +The SMTP TLS security level for the Postfix SMTP server; when +a non\-empty value is specified, this overrides the obsolete parameters +smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +server uses for TLS encrypted SMTP sessions. +.IP "\fBsmtpd_starttls_timeout (see 'postconf -d' output)\fR" +The time limit for Postfix SMTP server write and read operations +during TLS startup and shutdown handshake procedures. +.IP "\fBsmtpd_tls_CAfile (empty)\fR" +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. +.IP "\fBsmtpd_tls_CApath (empty)\fR" +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. +.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" +Force the Postfix SMTP server to issue a TLS session id, even +when TLS session caching is turned off (smtpd_tls_session_cache_database +is empty). +.IP "\fBsmtpd_tls_ask_ccert (no)\fR" +Ask a remote SMTP client for a client certificate. +.IP "\fBsmtpd_tls_auth_only (no)\fR" +When TLS encryption is optional in the Postfix SMTP server, do +not announce or accept SASL authentication over unencrypted +connections. +.IP "\fBsmtpd_tls_ccert_verifydepth (9)\fR" +The verification depth for remote SMTP client certificates. +.IP "\fBsmtpd_tls_cert_file (empty)\fR" +File with the Postfix SMTP server RSA certificate in PEM format. +.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR" +List of ciphers or cipher types to exclude from the SMTP server +cipher list at all TLS security levels. +.IP "\fBsmtpd_tls_dcert_file (empty)\fR" +File with the Postfix SMTP server DSA certificate in PEM format. +.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR" +File with DH parameters that the Postfix SMTP server should +use with non\-export EDH ciphers. +.IP "\fBsmtpd_tls_dh512_param_file (empty)\fR" +File with DH parameters that the Postfix SMTP server should +use with export\-grade EDH ciphers. +.IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR" +File with the Postfix SMTP server DSA private key in PEM format. +.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" +File with the Postfix SMTP server RSA private key in PEM format. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP server will +use with mandatory TLS encryption. +.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR" +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP server cipher list at mandatory TLS security levels. +.IP "\fBsmtpd_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR" +The SSL/TLS protocols accepted by the Postfix SMTP server with +mandatory TLS encryption. +.IP "\fBsmtpd_tls_received_header (no)\fR" +Request that the Postfix SMTP server produces Received: message +headers that include information about the protocol and cipher used, +as well as the remote SMTP client CommonName and client certificate issuer +CommonName. +.IP "\fBsmtpd_tls_req_ccert (no)\fR" +With mandatory TLS encryption, require a trusted remote SMTP client +certificate in order to allow TLS connections to proceed. +.IP "\fBsmtpd_tls_wrappermode (no)\fR" +Run the Postfix SMTP server in the non\-standard "wrapper" mode, +instead of using the STARTTLS command. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtpd_tls_fingerprint_digest (md5)\fR" +The message digest algorithm to construct remote SMTP +client\-certificate +fingerprints or public key fingerprints (Postfix 2.9 and later) +for \fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBsmtpd_tls_protocols (!SSLv2, !SSLv3)\fR" +List of TLS protocols that the Postfix SMTP server will exclude +or include with opportunistic TLS encryption. +.IP "\fBsmtpd_tls_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP server +will use with opportunistic TLS encryption. +.IP "\fBsmtpd_tls_eccert_file (empty)\fR" +File with the Postfix SMTP server ECDSA certificate in PEM format. +.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix SMTP server ECDSA private key in PEM format. +.IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR" +The Postfix SMTP server security grade for ephemeral elliptic\-curve +Diffie\-Hellman (EECDH) key exchange. +.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" +The elliptic curve used by the Postfix SMTP server for sensibly +strong +ephemeral ECDH key exchange. +.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR" +The elliptic curve used by the Postfix SMTP server for maximally +strong +ephemeral ECDH key exchange. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBtls_preempt_cipherlist (no)\fR" +With SSLv3 and later, use the Postfix SMTP server's cipher +preference order instead of the remote client's cipher preference +order. +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" +Algorithm used to encrypt RFC5077 TLS session tickets. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" +The prioritized list of elliptic curves supported by the Postfix +SMTP client and server. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtpd_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. +.SH "OBSOLETE STARTTLS CONTROLS" +.na +.nf +.ad +.fi +The following configuration parameters exist for compatibility +with Postfix versions before 2.3. Support for these will +be removed in a future release. +.IP "\fBsmtpd_use_tls (no)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBsmtpd_enforce_tls (no)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, +and require that clients use TLS encryption. +.IP "\fBsmtpd_tls_cipherlist (empty)\fR" +Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS +cipher list. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBstrict_smtputf8 (no)\fR" +Enable stricter enforcement of the SMTPUTF8 protocol. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "VERP SUPPORT CONTROLS" +.na +.nf +.ad +.fi +With VERP style delivery, each recipient of a message receives a +customized copy of the message with his/her own recipient address +encoded in the envelope sender address. The VERP_README file +describes configuration and operation details of Postfix support +for variable envelope return path addresses. VERP style delivery +is requested with the SMTP XVERP command or with the "sendmail +\-V" command\-line option and is available in Postfix version 1.1 +and later. +.IP "\fBdefault_verp_delimiters (+=)\fR" +The two default VERP delimiter characters. +.IP "\fBverp_delimiter_filter (\-=+)\fR" +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +Available in Postfix version 1.1 and 2.0: +.IP "\fBauthorized_verp_clients ($mynetworks)\fR" +What remote SMTP clients are allowed to specify the XVERP command. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_verp_clients ($authorized_verp_clients)\fR" +What remote SMTP clients are allowed to specify the XVERP command. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +The DEBUG_README document describes how to debug parts of the +Postfix mail system. The methods vary from making the software log +a lot of detail, to running some daemon processes under control of +a call tracer or debugger. +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a remote client or +server matches a pattern in the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of remote client or server hostname or network +address patterns that cause the verbose logging level to increase +by the amount specified in $debug_peer_level. +.IP "\fBerror_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications about mail delivery +problems that are caused by policy, resource, software or protocol +errors. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBsmtpd_reject_footer (empty)\fR" +Optional information that is appended after each Postfix SMTP +server +4XX or 5XX response. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR" +What remote SMTP clients are allowed to use the XCLIENT feature. +.PP +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_log_access_permit_actions (empty)\fR" +Enable logging of the named "permit" actions in SMTP server +access lists (by default, the SMTP server logs "reject" actions but +not "permit" actions). +.SH "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS" +.na +.nf +.ad +.fi +As of Postfix version 2.0, the SMTP server rejects mail for +unknown recipients. This prevents the mail queue from clogging up +with undeliverable MAILER\-DAEMON messages. Additional information +on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README +documents. +.IP "\fBshow_user_unknown_table_name (yes)\fR" +Display the name of the recipient table in the "User unknown" +responses. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.PP +Parameters concerning known/unknown local recipients: +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBinet_protocols (all)\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" +Lookup tables with all names or addresses of local recipients: +a recipient address is local when its domain matches $mydestination, +$inet_interfaces or $proxy_interfaces. +.IP "\fBunknown_local_recipient_reject_code (550)\fR" +The numerical Postfix SMTP server response code when a recipient +address is local, and $local_recipient_maps specifies a list of +lookup tables that does not match the recipient. +.PP +Parameters concerning known/unknown recipients of relay destinations: +.IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR" +What destination domains (and subdomains thereof) this system +will relay mail to. +.IP "\fBrelay_recipient_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains +that match $relay_domains. +.IP "\fBunknown_relay_recipient_reject_code (550)\fR" +The numerical Postfix SMTP server reply code when a recipient +address matches $relay_domains, and relay_recipient_maps specifies +a list of lookup tables that does not match the recipient address. +.PP +Parameters concerning known/unknown recipients in virtual alias +domains: +.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" +Postfix is final destination for the specified list of virtual +alias domains, that is, domains for which all addresses are aliased +to addresses in other local or remote domains. +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote address. +.IP "\fBunknown_virtual_alias_reject_code (550)\fR" +The Postfix SMTP server reply code when a recipient address matches +$virtual_alias_domains, and $virtual_alias_maps specifies a list +of lookup tables that does not match the recipient address. +.PP +Parameters concerning known/unknown recipients in virtual mailbox +domains: +.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" +Postfix is final destination for the specified list of domains; +mail is delivered via the $virtual_transport mail delivery transport. +.IP "\fBvirtual_mailbox_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains that +match $virtual_mailbox_domains. +.IP "\fBunknown_virtual_mailbox_reject_code (550)\fR" +The Postfix SMTP server reply code when a recipient address matches +$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list +of lookup tables that does not match the recipient address. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +The following parameters limit resource usage by the SMTP +server and/or control client request rates. +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBqueue_minfree (0)\fR" +The minimal amount of free space in bytes in the queue file system +that is needed to receive mail. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.IP "\fBsmtpd_recipient_limit (1000)\fR" +The maximal number of recipients that the Postfix SMTP server +accepts per message delivery request. +.IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" +The time limit for sending a Postfix SMTP server response and for +receiving a remote SMTP client request. +.IP "\fBsmtpd_history_flush_threshold (100)\fR" +The maximal number of lines in the Postfix SMTP server command history +before it is flushed upon receipt of EHLO, RSET, or end of DATA. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_peername_lookup (yes)\fR" +Attempt to look up the remote SMTP client hostname, and verify that +the name matches the client IP address. +.PP +The per SMTP client connection count and request rate limits are +implemented in co\-operation with the \fBanvil\fR(8) service, and +are available in Postfix version 2.2 and later. +.IP "\fBsmtpd_client_connection_count_limit (50)\fR" +How many simultaneous connections any client is allowed to +make to this service. +.IP "\fBsmtpd_client_connection_rate_limit (0)\fR" +The maximal number of connection attempts any client is allowed to +make to this service per time unit. +.IP "\fBsmtpd_client_message_rate_limit (0)\fR" +The maximal number of message delivery requests that any client is +allowed to make to this service per time unit, regardless of whether +or not Postfix actually accepts those messages. +.IP "\fBsmtpd_client_recipient_rate_limit (0)\fR" +The maximal number of recipient addresses that any client is allowed +to send to this service per time unit, regardless of whether or not +Postfix actually accepts those recipients. +.IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR" +Clients that are excluded from smtpd_client_*_count/rate_limit +restrictions. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_client_new_tls_session_rate_limit (0)\fR" +The maximal number of new (i.e., uncached) TLS sessions that a +remote SMTP client is allowed to negotiate with this service per +time unit. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_client_auth_rate_limit (0)\fR" +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. +.SH "TARPIT CONTROLS" +.na +.nf +.ad +.fi +When a remote SMTP client makes errors, the Postfix SMTP server +can insert delays before responding. This can help to slow down +run\-away software. The behavior is controlled by an error counter +that counts the number of errors within an SMTP session that a +client makes without delivering mail. +.IP "\fBsmtpd_error_sleep_time (1s)\fR" +With Postfix version 2.1 and later: the SMTP server response delay after +a client has made more than $smtpd_soft_error_limit errors, and +fewer than $smtpd_hard_error_limit errors, without delivering mail. +.IP "\fBsmtpd_soft_error_limit (10)\fR" +The number of errors a remote SMTP client is allowed to make without +delivering mail before the Postfix SMTP server slows down all its +responses. +.IP "\fBsmtpd_hard_error_limit (normal: 20, overload: 1)\fR" +The maximal number of errors a remote SMTP client is allowed to +make without delivering mail. +.IP "\fBsmtpd_junk_command_limit (normal: 100, overload: 1)\fR" +The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote +SMTP client can send before the Postfix SMTP server starts to +increment the error counter with each junk command. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR" +The number of recipients that a remote SMTP client can send in +excess of the limit specified with $smtpd_recipient_limit, before +the Postfix SMTP server increments the per\-session error count +for each excess recipient. +.SH "ACCESS POLICY DELEGATION CONTROLS" +.na +.nf +.ad +.fi +As of version 2.1, Postfix can be configured to delegate access +policy decisions to an external server that runs outside Postfix. +See the file SMTPD_POLICY_README for more information. +.IP "\fBsmtpd_policy_service_max_idle (300s)\fR" +The time after which an idle SMTPD policy service connection is +closed. +.IP "\fBsmtpd_policy_service_max_ttl (1000s)\fR" +The time after which an active SMTPD policy service connection is +closed. +.IP "\fBsmtpd_policy_service_timeout (100s)\fR" +The time limit for connecting to, writing to, or receiving from a +delegated SMTPD policy server. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR" +The default action when an SMTPD policy service request fails. +.IP "\fBsmtpd_policy_service_request_limit (0)\fR" +The maximal number of requests per SMTPD policy service connection, +or zero (no limit). +.IP "\fBsmtpd_policy_service_try_limit (2)\fR" +The maximal number of attempts to send an SMTPD policy service +request before giving up. +.IP "\fBsmtpd_policy_service_retry_delay (1s)\fR" +The delay between attempts to resend a failed SMTPD policy +service request. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_policy_service_policy_context (empty)\fR" +Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients). +.SH "ACCESS CONTROLS" +.na +.nf +.ad +.fi +The SMTPD_ACCESS_README document gives an introduction to all the +SMTP server access control features. +.IP "\fBsmtpd_delay_reject (yes)\fR" +Wait until the RCPT TO command before evaluating +$smtpd_client_restrictions, $smtpd_helo_restrictions and +$smtpd_sender_restrictions, or wait until the ETRN command before +evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBsmtpd_client_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client connection request. +.IP "\fBsmtpd_helo_required (no)\fR" +Require that a remote SMTP client introduces itself with the HELO +or EHLO command before sending the MAIL command or other commands +that require EHLO negotiation. +.IP "\fBsmtpd_helo_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client HELO command. +.IP "\fBsmtpd_sender_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client MAIL FROM command. +.IP "\fBsmtpd_recipient_restrictions (see 'postconf -d' output)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client RCPT TO command, after smtpd_relay_restrictions. +.IP "\fBsmtpd_etrn_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client ETRN command. +.IP "\fBallow_untrusted_routing (no)\fR" +Forward mail with sender\-specified routing (user[@%!]remote[@%!]site) +from untrusted clients to destinations matching $relay_domains. +.IP "\fBsmtpd_restriction_classes (empty)\fR" +User\-defined aliases for groups of access restrictions. +.IP "\fBsmtpd_null_access_lookup_key (<>)\fR" +The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the +null sender address. +.IP "\fBpermit_mx_backup_networks (empty)\fR" +Restrict the use of the permit_mx_backup SMTP access feature to +only domains whose primary MX hosts match the listed networks. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBsmtpd_data_restrictions (empty)\fR" +Optional access restrictions that the Postfix SMTP server applies +in the context of the SMTP DATA command. +.IP "\fBsmtpd_expansion_filter (see 'postconf -d' output)\fR" +What characters are allowed in $name expansions of RBL reply +templates. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_reject_unlisted_sender (no)\fR" +Request that the Postfix SMTP server rejects mail from unknown +sender addresses, even when no explicit reject_unlisted_sender +access restriction is specified. +.IP "\fBsmtpd_reject_unlisted_recipient (yes)\fR" +Request that the Postfix SMTP server rejects mail for unknown +recipient addresses, even when no explicit reject_unlisted_recipient +access restriction is specified. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_end_of_data_restrictions (empty)\fR" +Optional access restrictions that the Postfix SMTP server +applies in the context of the SMTP END\-OF\-DATA command. +.PP +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)\fR" +Access restrictions for mail relay control that the Postfix +SMTP server applies in the context of the RCPT TO command, before +smtpd_recipient_restrictions. +.SH "SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix version 2.1 introduces sender and recipient address verification. +This feature is implemented by sending probe email messages that +are not actually delivered. +This feature is requested via the reject_unverified_sender and +reject_unverified_recipient access restrictions. The status of +verification probes is maintained by the \fBverify\fR(8) server. +See the file ADDRESS_VERIFICATION_README for information +about how to configure and operate the Postfix sender/recipient +address verification service. +.IP "\fBaddress_verify_poll_count (normal: 3, overload: 1)\fR" +How many times to query the \fBverify\fR(8) service for the completion +of an address verification request in progress. +.IP "\fBaddress_verify_poll_delay (3s)\fR" +The delay between queries for the completion of an address +verification request in progress. +.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR" +The sender address to use in address verification probes; prior +to Postfix 2.5 the default was "postmaster". +.IP "\fBunverified_sender_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a recipient +address is rejected by the reject_unverified_sender restriction. +.IP "\fBunverified_recipient_reject_code (450)\fR" +The numerical Postfix SMTP server response when a recipient address +is rejected by the reject_unverified_recipient restriction. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBunverified_sender_defer_code (450)\fR" +The numerical Postfix SMTP server response code when a sender address +probe fails due to a temporary error condition. +.IP "\fBunverified_recipient_defer_code (450)\fR" +The numerical Postfix SMTP server response when a recipient address +probe fails due to a temporary error condition. +.IP "\fBunverified_sender_reject_reason (empty)\fR" +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_sender. +.IP "\fBunverified_recipient_reject_reason (empty)\fR" +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_recipient. +.IP "\fBunverified_sender_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unverified_sender +fails due to a temporary error condition. +.IP "\fBunverified_recipient_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unverified_recipient +fails due to a temporary error condition. +.PP +Available with Postfix 2.9 and later: +.IP "\fBaddress_verify_sender_ttl (0s)\fR" +The time between changes in the time\-dependent portion of address +verification probe sender addresses. +.SH "ACCESS CONTROL RESPONSES" +.na +.nf +.ad +.fi +The following parameters control numerical SMTP reply codes +and/or text responses. +.IP "\fBaccess_map_reject_code (554)\fR" +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "reject" action. +.IP "\fBdefer_code (450)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "defer" restriction. +.IP "\fBinvalid_hostname_reject_code (501)\fR" +The numerical Postfix SMTP server response code when the client +HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname +restriction. +.IP "\fBmaps_rbl_reject_code (554)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_rbl_client, reject_rhsbl_client, +reject_rhsbl_reverse_client, reject_rhsbl_sender or +reject_rhsbl_recipient restriction. +.IP "\fBnon_fqdn_reject_code (504)\fR" +The numerical Postfix SMTP server reply code when a client request +is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender +or reject_non_fqdn_recipient restriction. +.IP "\fBplaintext_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a request +is rejected by the \fBreject_plaintext_session\fR restriction. +.IP "\fBreject_code (554)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "reject" restriction. +.IP "\fBrelay_domains_reject_code (554)\fR" +The numerical Postfix SMTP server response code when a client +request is rejected by the reject_unauth_destination recipient +restriction. +.IP "\fBunknown_address_reject_code (450)\fR" +The numerical response code when the Postfix SMTP server rejects a +sender or recipient address because its domain is unknown. +.IP "\fBunknown_client_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a client +without valid address <=> name mapping is rejected by the +reject_unknown_client_hostname restriction. +.IP "\fBunknown_hostname_reject_code (450)\fR" +The numerical Postfix SMTP server response code when the hostname +specified with the HELO or EHLO command is rejected by the +reject_unknown_helo_hostname restriction. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBdefault_rbl_reply (see 'postconf -d' output)\fR" +The default Postfix SMTP server response template for a request that is +rejected by an RBL\-based restriction. +.IP "\fBmulti_recipient_bounce_reject_code (550)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_multi_recipient_bounce +restriction. +.IP "\fBrbl_reply_maps (empty)\fR" +Optional lookup tables with RBL response templates. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBaccess_map_defer_code (450)\fR" +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" +or "defer_if_reject". +.IP "\fBreject_tempfail_action (defer_if_permit)\fR" +The Postfix SMTP server's action when a reject\-type restriction +fails due to a temporary error condition. +.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unknown_helo_hostname +fails due to a temporary error condition. +.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unknown_sender_domain +or reject_unknown_recipient_domain fail due to a temporary error +condition. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_name (Postfix)\fR" +The mail system name that is displayed in Received: headers, in +the SMTP greeting banner, and in bounced mail. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBmyhostname (see 'postconf -d' output)\fR" +The internet hostname of this mail system. +.IP "\fBmynetworks (see 'postconf -d' output)\fR" +The list of "trusted" remote SMTP clients that have more privileges than +"strangers". +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate a user name from its +extension (example: user+foo), or a .forward file name from its +extension (example: .forward+foo). +.IP "\fBsmtpd_banner ($myhostname ESMTP $mail_name)\fR" +The text that follows the 220 status code in the SMTP greeting +banner. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_forbidden_commands (CONNECT, GET, POST)\fR" +List of commands that cause the Postfix SMTP server to immediately +terminate the session with a 221 code. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtpd_client_port_logging (no)\fR" +Enable logging of the remote SMTP client port in addition to +the hostname and IP address. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.4 and later: +.IP "\fBsmtpd_reject_footer_maps (empty)\fR" +Lookup tables, indexed by the complete Postfix SMTP server 4xx or +5xx response, with reject footer templates. +.SH "SEE ALSO" +.na +.nf +anvil(8), connection/rate limiting +cleanup(8), message canonicalization +tlsmgr(8), TLS session and PRNG management +trivial\-rewrite(8), address resolver +verify(8), address verification service +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_CLASS_README, blocking unknown hosted or relay recipients +ADDRESS_REWRITING_README, Postfix address manipulation +BDAT_README, Postfix CHUNKING support +FILTER_README, external after\-queue content filter +LOCAL_RECIPIENT_README, blocking unknown local recipients +MILTER_README, before\-queue mail filter applications +SMTPD_ACCESS_README, built\-in access policies +SMTPD_POLICY_README, external policy server +SMTPD_PROXY_README, external before\-queue content filter +SASL_README, Postfix SASL howto +TLS_README, Postfix STARTTLS howto +VERP_README, Postfix XVERP extension +XCLIENT_README, Postfix XCLIENT extension +XFORWARD_README, Postfix XFORWARD extension +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +SASL support originally by: +Till Franke +SuSE Rhein/Main AG +65760 Eschborn, Germany + +TLS support originally by: +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Revised TLS support by: +Victor Duchovni +Morgan Stanley diff --git a/man/man8/spawn.8 b/man/man8/spawn.8 new file mode 100644 index 0000000..410ec87 --- /dev/null +++ b/man/man8/spawn.8 @@ -0,0 +1,156 @@ +.TH SPAWN 8 +.ad +.fi +.SH NAME +spawn +\- +Postfix external command spawner +.SH "SYNOPSIS" +.na +.nf +\fBspawn\fR [generic Postfix daemon options] command_attributes... +.SH DESCRIPTION +.ad +.fi +The \fBspawn\fR(8) daemon provides the Postfix equivalent +of \fBinetd\fR. +It listens on a port as specified in the Postfix \fBmaster.cf\fR file +and spawns an external command whenever a connection is established. +The connection can be made over local IPC (such as UNIX\-domain +sockets) or over non\-local IPC (such as TCP sockets). +The command\'s standard input, output and error streams are connected +directly to the communication endpoint. + +This daemon expects to be run from the \fBmaster\fR(8) process +manager. +.SH "COMMAND ATTRIBUTE SYNTAX" +.na +.nf +.ad +.fi +The external command attributes are given in the \fBmaster.cf\fR +file at the end of a service definition. The syntax is as follows: +.IP "\fBuser\fR=\fIusername\fR (required)" +.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" +The external command is executed with the rights of the +specified \fIusername\fR. The software refuses to execute +commands with root privileges, or with the privileges of the +mail system owner. If \fIgroupname\fR is specified, the +corresponding group ID is used instead of the group ID +of \fIusername\fR. +.IP "\fBargv\fR=\fIcommand\fR... (required)" +The command to be executed. This must be specified as the +last command attribute. +The command is executed directly, i.e. without interpretation of +shell meta characters by a shell command interpreter. +.SH BUGS +.ad +.fi +In order to enforce standard Postfix process resource controls, +the \fBspawn\fR(8) daemon runs only one external command at a time. +As such, it presents a noticeable overhead by wasting precious +process resources. The \fBspawn\fR(8) daemon is expected to be +replaced by a more structural solution. +.SH DIAGNOSTICS +.ad +.fi +The \fBspawn\fR(8) daemon reports abnormal child exits. +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +.SH "SECURITY" +.na +.nf +.fi +.ad +This program needs root privilege in order to execute external +commands as the specified user. It is therefore security sensitive. +However the \fBspawn\fR(8) daemon does not talk to the external command +and thus is not vulnerable to data\-driven attacks. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBspawn\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field of the entry +in the \fBmaster.cf\fR file. +.SH "RESOURCE AND RATE CONTROL" +.na +.nf +.ad +.fi +.IP "\fBtransport_time_limit ($command_time_limit)\fR" +A transport\-specific override for the command_time_limit parameter +value, where \fItransport\fR is the master.cf name of the message +delivery transport. +.SH "MISCELLANEOUS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/tlsmgr.8 b/man/man8/tlsmgr.8 new file mode 100644 index 0000000..c4e594c --- /dev/null +++ b/man/man8/tlsmgr.8 @@ -0,0 +1,208 @@ +.TH TLSMGR 8 +.ad +.fi +.SH NAME +tlsmgr +\- +Postfix TLS session cache and PRNG manager +.SH "SYNOPSIS" +.na +.nf +\fBtlsmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtlsmgr\fR(8) manages the Postfix TLS session caches. +It stores and retrieves cache entries on request by +\fBsmtpd\fR(8) and \fBsmtp\fR(8) processes, and periodically +removes entries that have expired. + +The \fBtlsmgr\fR(8) also manages the PRNG (pseudo random number +generator) pool. It answers queries by the \fBsmtpd\fR(8) +and \fBsmtp\fR(8) +processes to seed their internal PRNG pools. + +The \fBtlsmgr\fR(8)'s PRNG pool is initially seeded from +an external source (EGD, /dev/urandom, or regular file). +It is updated at configurable pseudo\-random intervals with +data from the external source. It is updated periodically +with data from TLS session cache entries and with the time +of day, and is updated with the time of day whenever a +process requests \fBtlsmgr\fR(8) service. + +The \fBtlsmgr\fR(8) saves the PRNG state to an exchange file +periodically and when the process terminates, and reads +the exchange file when initializing its PRNG. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtlsmgr\fR(8) is not security\-sensitive. The code that maintains +the external and internal PRNG pools does not "trust" the +data that it manipulates, and the code that maintains the +TLS session cache does not touch the contents of the cached +entries, except for seeding its internal PRNG pool. + +The \fBtlsmgr\fR(8) can be run chrooted and with reduced privileges. +At process startup it connects to the entropy source and +exchange file, and creates or truncates the optional TLS +session cache files. + +With Postfix version 2.5 and later, the \fBtlsmgr\fR(8) no +longer uses root privileges when opening cache files. These +files should now be stored under the Postfix\-owned +\fBdata_directory\fR. As a migration aid, an attempt to +open a cache file under a non\-Postfix directory is redirected +to the Postfix\-owned \fBdata_directory\fR, and a warning +is logged. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +There is no automatic means to limit the number of entries in the +TLS session caches and/or the size of the TLS cache files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +because \fBtlsmgr\fR(8) is a persistent processes. Use the +command "\fBpostfix reload\fR" after a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "TLS SESSION CACHE" +.na +.nf +.ad +.fi +.IP "\fBlmtp_tls_loglevel (0)\fR" +The LMTP\-specific version of the smtp_tls_loglevel +configuration parameter. +.IP "\fBlmtp_tls_session_cache_database (empty)\fR" +The LMTP\-specific version of the smtp_tls_session_cache_database +configuration parameter. +.IP "\fBlmtp_tls_session_cache_timeout (3600s)\fR" +The LMTP\-specific version of the smtp_tls_session_cache_timeout +configuration parameter. +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP client TLS session cache +information. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP server +TLS session cache. +.IP "\fBsmtpd_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP server TLS session cache +information. +.SH "PSEUDO RANDOM NUMBER GENERATOR" +.na +.nf +.ad +.fi +.IP "\fBtls_random_source (see 'postconf -d' output)\fR" +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. +.IP "\fBtls_random_bytes (32)\fR" +The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source +when (re)seeding the in\-memory pseudo random number generator (PRNG) +pool. +.IP "\fBtls_random_exchange_name (see 'postconf -d' output)\fR" +Name of the pseudo random number generator (PRNG) state file +that is maintained by \fBtlsmgr\fR(8). +.IP "\fBtls_random_prng_update_period (3600s)\fR" +The time between attempts by \fBtlsmgr\fR(8) to save the state of +the pseudo random number generator (PRNG) to the file specified +with $tls_random_exchange_name. +.IP "\fBtls_random_reseed_period (3600s)\fR" +The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the +in\-memory pseudo random number generator (PRNG) pool from external +sources. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtp(8), Postfix SMTP client +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TLS_README, Postfix TLS configuration and operation +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/tlsproxy.8 b/man/man8/tlsproxy.8 new file mode 100644 index 0000000..0e66496 --- /dev/null +++ b/man/man8/tlsproxy.8 @@ -0,0 +1,383 @@ +.TH TLSPROXY 8 +.ad +.fi +.SH NAME +tlsproxy +\- +Postfix TLS proxy +.SH "SYNOPSIS" +.na +.nf +\fBtlsproxy\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtlsproxy\fR(8) server implements a two\-way TLS proxy. It +is used by the \fBpostscreen\fR(8) server to talk SMTP\-over\-TLS +with remote SMTP clients that are not whitelisted (including +clients whose whitelist status has expired), and by the +\fBsmtp\fR(8) client to support TLS connection reuse, but it +should also work for non\-SMTP protocols. + +Although one \fBtlsproxy\fR(8) process can serve multiple +sessions at the same time, it is a good idea to allow the +number of processes to increase with load, so that the +service remains responsive. +.SH "PROTOCOL EXAMPLE" +.na +.nf +.ad +.fi +The example below concerns \fBpostscreen\fR(8). However, +the \fBtlsproxy\fR(8) server is agnostic of the application +protocol, and the example is easily adapted to other +applications. + +After receiving a valid remote SMTP client STARTTLS command, +the \fBpostscreen\fR(8) server sends the remote SMTP client +endpoint string, the requested role (server), and the +requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8) +then receives a "TLS available" indication from \fBtlsproxy\fR(8). +If the TLS service is available, \fBpostscreen\fR(8) sends +the remote SMTP client file descriptor to \fBtlsproxy\fR(8), +and sends the plaintext 220 greeting to the remote SMTP +client. This triggers TLS negotiations between the remote +SMTP client and \fBtlsproxy\fR(8). Upon completion of the +TLS\-level handshake, \fBtlsproxy\fR(8) translates between +plaintext from/to \fBpostscreen\fR(8) and ciphertext to/from +the remote SMTP client. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtlsproxy\fR(8) server is moderately security\-sensitive. +It talks to untrusted clients on the network. The process +can be run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBtlsproxy\fR(8) processes may run for a long time +depending on mail server load. Use the command "\fBpostfix +reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "STARTTLS GLOBAL CONTROLS" +.na +.nf +.ad +.fi +The following settings are global and therefore cannot be +overruled by information specified in a \fBtlsproxy\fR(8) +client request. +.IP "\fBtls_append_default_CA (no)\fR" +Append the system\-supplied default Certification Authority +certificates to the ones specified with *_tls_CApath or *_tls_CAfile. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" +The elliptic curve used by the Postfix SMTP server for sensibly +strong +ephemeral ECDH key exchange. +.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR" +The elliptic curve used by the Postfix SMTP server for maximally +strong +ephemeral ECDH key exchange. +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.IP "\fBtls_preempt_cipherlist (no)\fR" +With SSLv3 and later, use the Postfix SMTP server's cipher +preference order instead of the remote client's cipher preference +order. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBtls_legacy_public_key_fingerprints (no)\fR" +A temporary migration aid for sites that use certificate +\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use +an incorrect algorithm. +.PP +Available in Postfix version 2.11\-3.1: +.IP "\fBtls_dane_digest_agility (on)\fR" +Configure RFC7671 DANE TLSA digest algorithm agility. +.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" +Enable support for RFC 6698 (DANE TLSA) DNS records that contain +digests of trust\-anchors with certificate usage "2". +.PP +Available in Postfix version 2.11 and later: +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" +Algorithm used to encrypt RFC5077 TLS session tickets. +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.PP +Available in Postfix version 3.2 and later: +.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" +The prioritized list of elliptic curves supported by the Postfix +SMTP client and server. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. +.SH "STARTTLS SERVER CONTROLS" +.na +.nf +.ad +.fi +These settings are clones of Postfix SMTP server settings. +They allow \fBtlsproxy\fR(8) to load the same certificate +and private key information as the Postfix SMTP server, +before dropping privileges, so that the key files can be +kept read\-only for root. These settings can currently not +be overruled by information in a \fBtlsproxy\fR(8) client +request, but that limitation may be removed in a future +version. +.IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR" +A file containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. +.IP "\fBtlsproxy_tls_CApath ($smtpd_tls_CApath)\fR" +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. +.IP "\fBtlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids)\fR" +Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id, +even when TLS session caching is turned off. +.IP "\fBtlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert)\fR" +Ask a remote SMTP client for a client certificate. +.IP "\fBtlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth)\fR" +The verification depth for remote SMTP client certificates. +.IP "\fBtlsproxy_tls_cert_file ($smtpd_tls_cert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_ciphers ($smtpd_tls_ciphers)\fR" +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with opportunistic TLS encryption. +.IP "\fBtlsproxy_tls_dcert_file ($smtpd_tls_dcert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR" +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with non\-export EDH ciphers. +.IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR" +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with export\-grade EDH ciphers. +.IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM +format. +.IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +format. +.IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" +The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral +elliptic\-curve Diffie\-Hellman (EECDH) key exchange. +.IP "\fBtlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)\fR" +List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) +server cipher list at all TLS security levels. +.IP "\fBtlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)\fR" +The message digest algorithm to construct remote SMTP +client\-certificate +fingerprints. +.IP "\fBtlsproxy_tls_key_file ($smtpd_tls_key_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM +format. +.IP "\fBtlsproxy_tls_loglevel ($smtpd_tls_loglevel)\fR" +Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS +activity. +.IP "\fBtlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers)\fR" +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with mandatory TLS encryption. +.IP "\fBtlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers)\fR" +Additional list of ciphers or cipher types to exclude from the +\fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels. +.IP "\fBtlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols)\fR" +The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server +with mandatory TLS encryption. +.IP "\fBtlsproxy_tls_protocols ($smtpd_tls_protocols)\fR" +List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will +exclude or include with opportunistic TLS encryption. +.IP "\fBtlsproxy_tls_req_ccert ($smtpd_tls_req_ccert)\fR" +With mandatory TLS encryption, require a trusted remote SMTP +client certificate in order to allow TLS connections to proceed. +.IP "\fBtlsproxy_tls_security_level ($smtpd_tls_security_level)\fR" +The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; +when a non\-empty value is specified, this overrides the obsolete +parameters smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +chains in PEM format. +.SH "STARTTLS CLIENT CONTROLS" +.na +.nf +.ad +.fi +These settings are clones of Postfix SMTP client settings. +They allow \fBtlsproxy\fR(8) to load the same certificate +and private key information as the Postfix SMTP client, +before dropping privileges, so that the key files can be +kept read\-only for root. Some settings may be overruled by +information in a \fBtlsproxy\fR(8) client request. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR" +A file containing CA certificates of root CAs trusted to sign +either remote TLS server certificates or intermediate CA certificates. +.IP "\fBtlsproxy_client_CApath ($smtp_tls_CApath)\fR" +Directory with PEM format Certification Authority certificates +that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS +server certificate. +.IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +chains in PEM format. +.IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM +format. +.IP "\fBtlsproxy_client_key_file ($smtp_tls_key_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM +format. +.IP "\fBtlsproxy_client_dcert_file ($smtp_tls_dcert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM +format. +.IP "\fBtlsproxy_client_dkey_file ($smtp_tls_dkey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM +format. +.IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +format. +.IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +format. +.IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR" +The message digest algorithm used to construct remote TLS server +certificate fingerprints. +.IP "\fBtlsproxy_client_loglevel ($smtp_tls_loglevel)\fR" +Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS +activity. +.IP "\fBtlsproxy_client_loglevel_parameter (smtp_tls_loglevel)\fR" +The name of the parameter that provides the tlsproxy_client_loglevel +value. +.IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR" +The verification depth for remote TLS server certificates. +.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR" +The default TLS security level for the Postfix \fBtlsproxy\fR(8) +client. +.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR" +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +security policy by next\-hop destination. +.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR" +Opportunistic mode: use TLS when a remote server announces TLS +support. +.IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR" +Enforcement mode: require that SMTP servers use TLS encryption. +.IP "\fBtlsproxy_client_per_site ($smtp_tls_per_site)\fR" +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +usage policy by next\-hop destination and by remote TLS server +hostname. +.PP +Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shuting +down a TLS session, until Postfix times out. +.SH "OBSOLETE STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +These parameters are supported for compatibility with +\fBsmtpd\fR(8) legacy parameters. +.IP "\fBtlsproxy_use_tls ($smtpd_use_tls)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBtlsproxy_enforce_tls ($smtpd_enforce_tls)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBtlsproxy_watchdog_timeout (10s)\fR" +How much time a \fBtlsproxy\fR(8) process may take to process local +or remote I/O before it is terminated by a built\-in watchdog timer. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postscreen(8), Postfix zombie blocker +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/trace.8 b/man/man8/trace.8 new file mode 100644 index 0000000..411dfa1 --- /dev/null +++ b/man/man8/trace.8 @@ -0,0 +1 @@ +.so man8/bounce.8 diff --git a/man/man8/trivial-rewrite.8 b/man/man8/trivial-rewrite.8 new file mode 100644 index 0000000..523c44c --- /dev/null +++ b/man/man8/trivial-rewrite.8 @@ -0,0 +1,326 @@ +.TH TRIVIAL-REWRITE 8 +.ad +.fi +.SH NAME +trivial-rewrite +\- +Postfix address rewriting and resolving daemon +.SH "SYNOPSIS" +.na +.nf +\fBtrivial\-rewrite\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtrivial\-rewrite\fR(8) daemon processes three types of client +service requests: +.IP "\fBrewrite \fIcontext address\fR" +Rewrite an address to standard form, according to the +address rewriting context: +.RS +.IP \fBlocal\fR +Append the domain names specified with \fB$myorigin\fR or +\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR +and \fBallow_percent_hack\fR processing as described below, and +strip source routed addresses (\fI@site,@site:user@domain\fR) +to \fIuser@domain\fR form. +.IP \fBremote\fR +Append the domain name specified with +\fB$remote_header_rewrite_domain\fR to incomplete +addresses. Otherwise the result is identical to that of +the \fBlocal\fR address rewriting context. This prevents +Postfix from appending the local domain to spam from poorly +written remote clients. +.RE +.IP "\fBresolve \fIsender\fR \fIaddress\fR" +Resolve the address to a (\fItransport\fR, \fInexthop\fR, +\fIrecipient\fR, \fIflags\fR) quadruple. The meaning of +the results is as follows: +.RS +.IP \fItransport\fR +The delivery agent to use. This is the first field of an entry +in the \fBmaster.cf\fR file. +.IP \fInexthop\fR +The host to send to and optional delivery method information. +.IP \fIrecipient\fR +The envelope recipient address that is passed on to \fInexthop\fR. +.IP \fIflags\fR +The address class, whether the address requires relaying, +whether the address has problems, and whether the request failed. +.RE +.IP "\fBverify \fIsender\fR \fIaddress\fR" +Resolve the address for address verification purposes. +.SH "SERVER PROCESS MANAGEMENT" +.na +.nf +.ad +.fi +The \fBtrivial\-rewrite\fR(8) servers run under control by +the Postfix master +server. Each server can handle multiple simultaneous connections. +When all servers are busy while a client connects, the master +creates a new server process, provided that the trivial\-rewrite +server process limit is not exceeded. +Each trivial\-rewrite server terminates after +serving at least \fB$max_use\fR clients of after \fB$max_idle\fR +seconds of idle time. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The command does not interact with the outside world. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtrivial\-rewrite\fR(8) daemon is not security sensitive. +By default, this daemon does not talk to remote or local users. +It can run at a fixed low privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On busy mail systems a long time may pass before a \fBmain.cf\fR +change affecting \fBtrivial\-rewrite\fR(8) is picked up. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBresolve_dequoted_address (yes)\fR" +Resolve a recipient address safely instead of correctly, by +looking inside quotes. +.PP +Available with Postfix version 2.1 and later: +.IP "\fBresolve_null_domain (no)\fR" +Resolve an address that ends in the "@" null domain as if the +local hostname were specified, instead of rejecting the address as +invalid. +.PP +Available with Postfix version 2.3 and later: +.IP "\fBresolve_numeric_domain (no)\fR" +Resolve "user@ipaddress" as "user@[ipaddress]", instead of +rejecting the address as invalid. +.PP +Available with Postfix version 2.5 and later: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.SH "ADDRESS REWRITING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBallow_percent_hack (yes)\fR" +Enable the rewriting of the form "user%domain" to "user@domain". +.IP "\fBappend_at_myorigin (yes)\fR" +With locally submitted mail, append the string "@$myorigin" to mail +addresses without domain information. +.IP "\fBappend_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes)\fR" +With locally submitted mail, append the string ".$mydomain" to +addresses that have no ".domain" information. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate a user name from its +extension (example: user+foo), or a .forward file name from its +extension (example: .forward+foo). +.IP "\fBswap_bangpath (yes)\fR" +Enable the rewriting of "site!user" into "user@site". +.PP +Available in Postfix 2.2 and later: +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.SH "ROUTING CONTROLS" +.na +.nf +.ad +.fi +The following is applicable to Postfix version 2.0 and later. +Earlier versions do not have support for: virtual_transport, +relay_transport, virtual_alias_domains, virtual_mailbox_domains +or proxy_interfaces. +.IP "\fBlocal_transport (local:$myhostname)\fR" +The default mail delivery transport and next\-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +.IP "\fBvirtual_transport (virtual)\fR" +The default mail delivery transport and next\-hop destination for +final delivery to domains listed with $virtual_mailbox_domains. +.IP "\fBrelay_transport (relay)\fR" +The default mail delivery transport and next\-hop destination for +remote delivery to domains listed with $relay_domains. +.IP "\fBdefault_transport (smtp)\fR" +The default mail delivery transport and next\-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBrelayhost (empty)\fR" +The next\-hop destination of non\-local mail; overrides non\-local +domains in recipient addresses. +.IP "\fBtransport_maps (empty)\fR" +Optional lookup tables with mappings from recipient address to +(message delivery transport, next\-hop destination). +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsender_dependent_relayhost_maps (empty)\fR" +A sender\-dependent override for the global relayhost parameter +setting. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR" +The sender_dependent_relayhost_maps search string that will be +used instead of the null sender address. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR" +The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address. +.IP "\fBsender_dependent_default_transport_maps (empty)\fR" +A sender\-dependent override for the global default_transport +parameter setting. +.SH "ADDRESS VERIFICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix version 2.1 introduces sender and recipient address verification. +This feature is implemented by sending probe email messages that +are not actually delivered. +By default, address verification probes use the same route +as regular mail. To override specific aspects of message +routing for address verification probes, specify one or more +of the following: +.IP "\fBaddress_verify_local_transport ($local_transport)\fR" +Overrides the local_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR" +Overrides the virtual_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR" +Overrides the relay_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_default_transport ($default_transport)\fR" +Overrides the default_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relayhost ($relayhost)\fR" +Overrides the relayhost parameter setting for address verification +probes. +.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" +Overrides the transport_maps parameter setting for address verification +probes. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBrelocated_maps (empty)\fR" +Optional lookup tables with new contact information for users or +domains that no longer exist. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBshow_user_unknown_table_name (yes)\fR" +Display the name of the recipient table in the "User unknown" +responses. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.0 and later: +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +transport(5), transport table format +relocated(5), format of the "user has moved" table +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_CLASS_README, Postfix address classes howto +ADDRESS_VERIFICATION_README, Postfix address verification +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/verify.8 b/man/man8/verify.8 new file mode 100644 index 0000000..4c1fab0 --- /dev/null +++ b/man/man8/verify.8 @@ -0,0 +1,257 @@ +.TH VERIFY 8 +.ad +.fi +.SH NAME +verify +\- +Postfix address verification server +.SH "SYNOPSIS" +.na +.nf +\fBverify\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBverify\fR(8) address verification server maintains a record +of what recipient addresses are known to be deliverable or +undeliverable. + +Addresses are verified by injecting probe messages into the +Postfix queue. Probe messages are run through all the routing +and rewriting machinery except for final delivery, and are +discarded rather than being deferred or bounced. + +Address verification relies on the answer from the nearest +MTA for the specified address, and will therefore not detect +all undeliverable addresses. + +The \fBverify\fR(8) server is designed to run under control +by the Postfix +master server. It maintains an optional persistent database. +To avoid being interrupted by "postfix stop" in the middle +of a database update, the process runs in a separate process +group. + +The \fBverify\fR(8) server implements the following requests: +.IP "\fBupdate\fI address status text\fR" +Update the status and text of the specified address. +.IP "\fBquery\fI address\fR" +Look up the \fIstatus\fR and \fItext\fR for the specified +\fIaddress\fR. +If the status is unknown, a probe is sent and an "in progress" +status is returned. +.SH "SECURITY" +.na +.nf +.ad +.fi +The address verification server is not security\-sensitive. It does +not talk to the network, and it does not talk to local users. +The verify server can run chrooted at fixed low privilege. + +The address verification server can be coerced to store +unlimited amounts of garbage. Limiting the cache expiry +time +trades one problem (disk space exhaustion) for another +one (poor response time to client requests). + +With Postfix version 2.5 and later, the \fBverify\fR(8) +server no longer uses root privileges when opening the +\fBaddress_verify_map\fR cache file. The file should now +be stored under the Postfix\-owned \fBdata_directory\fR. As +a migration aid, an attempt to open a cache file under a +non\-Postfix directory is redirected to the Postfix\-owned +\fBdata_directory\fR, and a warning is logged. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Address verification probe messages add additional traffic +to the mail queue. +Recipient verification may cause an increased load on +down\-stream servers in the case of a dictionary attack or +a flood of backscatter bounces. +Sender address verification may cause your site to be +blacklisted by some providers. + +If the persistent database ever gets corrupted then the world +comes to an end and human intervention is needed. This violates +a basic Postfix principle. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBverify\fR(8) +processes are long\-lived. Use the command "\fBpostfix reload\fR" after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "PROBE MESSAGE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR" +The sender address to use in address verification probes; prior +to Postfix 2.5 the default was "postmaster". +.PP +Available with Postfix 2.9 and later: +.IP "\fBaddress_verify_sender_ttl (0s)\fR" +The time between changes in the time\-dependent portion of address +verification probe sender addresses. +.SH "CACHE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBaddress_verify_map (see 'postconf -d' output)\fR" +Lookup table for persistent address verification status +storage. +.IP "\fBaddress_verify_positive_expire_time (31d)\fR" +The time after which a successful probe expires from the address +verification cache. +.IP "\fBaddress_verify_positive_refresh_time (7d)\fR" +The time after which a successful address verification probe needs +to be refreshed. +.IP "\fBaddress_verify_negative_cache (yes)\fR" +Enable caching of failed address verification probe results. +.IP "\fBaddress_verify_negative_expire_time (3d)\fR" +The time after which a failed probe expires from the address +verification cache. +.IP "\fBaddress_verify_negative_refresh_time (3h)\fR" +The time after which a failed address verification probe needs to +be refreshed. +.PP +Available with Postfix 2.7 and later: +.IP "\fBaddress_verify_cache_cleanup_interval (12h)\fR" +The amount of time between \fBverify\fR(8) address verification +database cleanup runs. +.SH "PROBE MESSAGE ROUTING CONTROLS" +.na +.nf +.ad +.fi +By default, probe messages are delivered via the same route +as regular messages. The following parameters can be used to +override specific message routing mechanisms. +.IP "\fBaddress_verify_relayhost ($relayhost)\fR" +Overrides the relayhost parameter setting for address verification +probes. +.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" +Overrides the transport_maps parameter setting for address verification +probes. +.IP "\fBaddress_verify_local_transport ($local_transport)\fR" +Overrides the local_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR" +Overrides the virtual_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR" +Overrides the relay_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_default_transport ($default_transport)\fR" +Overrides the default_transport parameter setting for address +verification probes. +.PP +Available in Postfix 2.3 and later: +.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. +.PP +Available in Postfix 2.7 and later: +.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +cleanup(8), enqueue Postfix message +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_VERIFICATION_README, address verification howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/virtual.8 b/man/man8/virtual.8 new file mode 100644 index 0000000..8d5f637 --- /dev/null +++ b/man/man8/virtual.8 @@ -0,0 +1,353 @@ +.TH VIRTUAL 8 +.ad +.fi +.SH NAME +virtual +\- +Postfix virtual domain mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBvirtual\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBvirtual\fR(8) delivery agent is designed for virtual mail +hosting services. Originally based on the Postfix \fBlocal\fR(8) +delivery +agent, this agent looks up recipients with map lookups of their +full recipient address, instead of using hard\-coded unix password +file lookups of the address local part only. + +This delivery agent only delivers mail. Other features such as +mail forwarding, out\-of\-office notifications, etc., must be +configured via virtual_alias maps or via similar lookup mechanisms. +.SH "MAILBOX LOCATION" +.na +.nf +.ad +.fi +The mailbox location is controlled by the \fBvirtual_mailbox_base\fR +and \fBvirtual_mailbox_maps\fR configuration parameters (see below). +The \fBvirtual_mailbox_maps\fR table is indexed by the recipient +address as described under TABLE SEARCH ORDER below. + +The mailbox pathname is constructed as follows: + +.nf + \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR +.fi + +where \fIrecipient\fR is the full recipient address. +.SH "UNIX MAILBOX FORMAT" +.na +.nf +.ad +.fi +When the mailbox location does not end in \fB/\fR, the message +is delivered in UNIX mailbox format. This format stores multiple +messages in one textfile. + +The \fBvirtual\fR(8) delivery agent prepends a "\fBFrom \fIsender +time_stamp\fR" envelope header to each message, prepends a +\fBDelivered\-To:\fR message header with the envelope recipient +address, +prepends an \fBX\-Original\-To:\fR header with the recipient address as +given to Postfix, +prepends a \fBReturn\-Path:\fR message header with the +envelope sender address, prepends a \fB>\fR character to lines +beginning with "\fBFrom \fR", and appends an empty line. + +The mailbox is locked for exclusive access while delivery is in +progress. In case of problems, an attempt is made to truncate the +mailbox to its original length. +.SH "QMAIL MAILDIR FORMAT" +.na +.nf +.ad +.fi +When the mailbox location ends in \fB/\fR, the message is delivered +in qmail \fBmaildir\fR format. This format stores one message per file. + +The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered\-To:\fR +message header with the final envelope recipient address, +prepends an \fBX\-Original\-To:\fR header with the recipient address as +given to Postfix, and prepends a +\fBReturn\-Path:\fR message header with the envelope sender address. + +By definition, \fBmaildir\fR format does not require application\-level +file locking during mail delivery or retrieval. +.SH "MAILBOX OWNERSHIP" +.na +.nf +.ad +.fi +Mailbox ownership is controlled by the \fBvirtual_uid_maps\fR +and \fBvirtual_gid_maps\fR lookup tables, which are indexed +with the full recipient address. Each table provides +a string with the numerical user and group ID, respectively. + +The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on +numerical user ID values that may be specified in any +\fBvirtual_uid_maps\fR. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +All delivery decisions are made using the full recipient +address, folded to lower case. See also the next section +for a few exceptions with optional address extensions. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Normally, a lookup table is specified as a text file that +serves as input to the \fBpostmap\fR(1) command. The result, an +indexed file in \fBdbm\fR or \fBdb\fR format, is used for fast +searching by the mail system. + +The search order is as follows. The search stops +upon the first successful lookup. +.IP \(bu +When the recipient has an optional address extension the +\fIuser+extension@domain.tld\fR address is looked up first. +.sp +With Postfix versions before 2.1, the optional address extension +is always ignored. +.IP \(bu +The \fIuser@domain.tld\fR address, without address extension, +is looked up next. +.IP \(bu +Finally, the recipient \fI@domain\fR is looked up. +.PP +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, a table can be provided as a regular\-expression +map where patterns are given as regular expressions. In that case, +only the full recipient address is given to the regular\-expression +map. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBvirtual\fR(8) delivery agent is not security sensitive, provided +that the lookup tables with recipient user/group ID information are +adequately protected. This program is not designed to run chrooted. + +The \fBvirtual\fR(8) delivery agent disallows regular expression +substitution of $1 etc. in regular expression lookup tables, +because that would open a security hole. + +The \fBvirtual\fR(8) delivery agent will silently ignore requests +to use the \fBproxymap\fR(8) server. Instead it will open the +table directly. Before Postfix version 2.2, the virtual +delivery agent will terminate with a fatal error. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +.SH DIAGNOSTICS +.ad +.fi +Mail bounces when the recipient has no mailbox or when the +recipient is over disk quota. In all other cases, mail for +an existing recipient is deferred and a warning is logged. + +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue +manager can move them to the \fBcorrupt\fR queue afterwards. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +This delivery agent supports address extensions in email +addresses and in lookup table keys, but does not propagate +address extension information to the result of table lookup. + +Postfix should have lookup tables that can return multiple result +attributes. In order to avoid the inconvenience of maintaining +three tables, use an LDAP or MYSQL database. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBvirtual\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "MAILBOX DELIVERY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_base (empty)\fR" +A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname +results from $virtual_mailbox_maps table lookups. +.IP "\fBvirtual_mailbox_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains that +match $virtual_mailbox_domains. +.IP "\fBvirtual_minimum_uid (100)\fR" +The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts +as a result from $virtual_uid_maps table lookup. +.IP "\fBvirtual_uid_maps (empty)\fR" +Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8) +delivery agent uses while writing to the recipient's mailbox. +.IP "\fBvirtual_gid_maps (empty)\fR" +Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox +delivery. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" +Postfix is final destination for the specified list of domains; +mail is delivered via the $virtual_transport mail delivery transport. +.IP "\fBvirtual_transport (virtual)\fR" +The default mail delivery transport and next\-hop destination for +final delivery to domains listed with $virtual_mailbox_domains. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.SH "LOCKING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR" +How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting +delivery. +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBstale_lock_time (500s)\fR" +The time after which a stale exclusive mailbox lockfile is removed. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_limit (51200000)\fR" +The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or +maildir file, or zero (no limit). +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBvirtual_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +The maximal number of parallel deliveries to the same destination +via the virtual message delivery transport. +.IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR" +The maximal number of recipients per message for the virtual +message delivery transport. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBvirtual\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +VIRTUAL_README, domain hosting howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This delivery agent was originally based on the Postfix local delivery +agent. Modifications mainly consisted of removing code that either +was not applicable or that was not safe in this context: aliases, +~user/.forward files, delivery to "|command" or to /file/name. + +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR +system by Daniel Bernstein. + +The \fBmaildir\fR structure appears in the \fBqmail\fR system +by Daniel Bernstein. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +Andrew McNamara +andrewm@connect.com.au +connect.com.au Pty. Ltd. +Level 3, 213 Miller St +North Sydney 2060, NSW, Australia |