1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
|
#++
# NAME
# canonical 5
# SUMMARY
# Postfix canonical table format
# SYNOPSIS
# \fBpostmap /etc/postfix/canonical\fR
#
# \fBpostmap -q "\fIstring\fB" /etc/postfix/canonical\fR
#
# \fBpostmap -q - /etc/postfix/canonical <\fIinputfile\fR
# DESCRIPTION
# The optional \fBcanonical\fR(5) table specifies an address mapping for
# local and non-local addresses. The mapping is used by the
# \fBcleanup\fR(8) daemon, before mail is stored into the
# queue. The address mapping is recursive.
#
# Normally, the \fBcanonical\fR(5) table is specified as a text file
# that serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. Execute the command
# "\fBpostmap /etc/postfix/canonical\fR" to rebuild an indexed
# file after changing the corresponding text file.
#
# When the table is provided via other means such as NIS, LDAP
# or SQL, the same lookups are done as for ordinary indexed files.
#
# Alternatively, the table can be provided as a regular-expression
# map where patterns are given as regular expressions, or lookups
# can be directed to TCP-based server. In those cases, the lookups
# are done in a slightly different way as described below under
# "REGULAR EXPRESSION TABLES" or "TCP-BASED TABLES".
#
# By default the \fBcanonical\fR(5) mapping affects both message
# header addresses (i.e. addresses that appear inside messages)
# and message envelope addresses (for example, the addresses
# that are used in SMTP protocol commands). This is controlled with
# the \fBcanonical_classes\fR parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message headers
# from remote SMTP clients only if the client matches the
# local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter specifies
# a non-empty value. To get the behavior before Postfix 2.2,
# specify "local_header_rewrite_clients = static:all".
#
# Typically, one would use the \fBcanonical\fR(5) table to replace login
# names by \fIFirstname.Lastname\fR, or to clean up addresses produced
# by legacy mail systems.
#
# The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual
# alias\fR support or with local aliasing. To change the destination
# but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5)
# map instead.
# CASE FOLDING
# .ad
# .fi
# The search string is folded to lowercase before database
# lookup. As of Postfix 2.3, the search string is not case
# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
# TABLE FORMAT
# .ad
# .fi
# The input format for the \fBpostmap\fR(1) command is as follows:
# .IP "\fIpattern address\fR"
# When \fIpattern\fR matches a mail address, replace it by the
# corresponding \fIaddress\fR.
# .IP "blank lines and comments"
# Empty lines and whitespace-only lines are ignored, as
# are lines whose first non-whitespace character is a `#'.
# .IP "multi-line text"
# A logical line starts with non-whitespace text. A line that
# starts with whitespace continues a logical line.
# TABLE SEARCH ORDER
# .ad
# .fi
# With lookups from indexed files such as DB or DBM, or from networked
# tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR
# query produces a sequence of query patterns as described below.
#
# Each query pattern is sent to each specified lookup table
# before trying the next query pattern, until a match is
# found.
# .IP "\fIuser\fR@\fIdomain address\fR"
# Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form
# has the highest precedence.
# .sp
# This is useful to clean up addresses produced by legacy mail systems.
# It can also be used to produce \fIFirstname.Lastname\fR style
# addresses, but see below for a simpler solution.
# .IP "\fIuser address\fR"
# Replace \fIuser\fR@\fIsite\fR by \fIaddress\fR when \fIsite\fR is
# equal to $\fBmyorigin\fR, when \fIsite\fR is listed in
# $\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR
# or $\fBproxy_interfaces\fR.
# .sp
# This form is useful for replacing login names by
# \fIFirstname.Lastname\fR.
# .IP "@\fIdomain address\fR"
# Replace other addresses in \fIdomain\fR by \fIaddress\fR.
# This form has the lowest precedence.
# .sp
# Note: @\fIdomain\fR is a wild-card. When this form is applied
# to recipient addresses, the Postfix SMTP server accepts
# mail for any recipient in \fIdomain\fR, regardless of whether
# that recipient exists. This may turn your mail system into
# a backscatter source: Postfix first accepts mail for
# non-existent recipients and then tries to return that mail
# as "undeliverable" to the often forged sender address.
# .sp
# To avoid backscatter with mail for a wild-card domain,
# replace the wild-card mapping with explicit 1:1 mappings,
# or add a reject_unverified_recipient restriction for that
# domain:
#
# .nf
# smtpd_recipient_restrictions =
# ...
# reject_unauth_destination
# check_recipient_access
# inline:{example.com=reject_unverified_recipient}
# unverified_recipient_reject_code = 550
# .fi
#
# In the above example, Postfix may contact a remote server
# if the recipient is rewritten to a remote address.
# RESULT ADDRESS REWRITING
# .ad
# .fi
# The lookup result is subject to address rewriting:
# .IP \(bu
# When the result has the form @\fIotherdomain\fR, the
# result becomes the same \fIuser\fR in \fIotherdomain\fR.
# .IP \(bu
# When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR"
# to addresses without "@domain".
# .IP \(bu
# When "\fBappend_dot_mydomain=yes\fR", append
# "\fB.$mydomain\fR" to addresses without ".domain".
# ADDRESS EXTENSION
# .fi
# .ad
# When a mail address localpart contains the optional recipient delimiter
# (e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR,
# \fIuser\fR, and @\fIdomain\fR.
#
# The \fBpropagate_unmatched_extensions\fR parameter controls whether
# an unmatched address extension (\fI+foo\fR) is propagated to the
# result of table lookup.
# REGULAR EXPRESSION TABLES
# .ad
# .fi
# This section describes how the table lookups change when the table
# is given in the form of regular expressions. For a description of
# regular expression lookup table syntax, see \fBregexp_table\fR(5)
# or \fBpcre_table\fR(5).
#
# Each pattern is a regular expression that is applied to the entire
# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
# broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
# nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
#
# Patterns are applied in the order as specified in the table, until a
# pattern is found that matches the search string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from the
# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# TCP-BASED TABLES
# .ad
# .fi
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.4.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# \fIuser\fR and \fI@domain\fR constituent parts, nor is
# \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
#
# Results are the same as with indexed file lookups.
# BUGS
# The table format does not understand quoting conventions.
# CONFIGURATION PARAMETERS
# .ad
# .fi
# The following \fBmain.cf\fR parameters are especially relevant.
# The text below provides only a parameter summary. See
# \fBpostconf\fR(5) for more details including examples.
# .IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR"
# What addresses are subject to canonical_maps address mapping.
# .IP "\fBcanonical_maps (empty)\fR"
# Optional address mapping lookup tables for message headers and
# envelopes.
# .IP "\fBrecipient_canonical_maps (empty)\fR"
# Optional address mapping lookup tables for envelope and header
# recipient addresses.
# .IP "\fBsender_canonical_maps (empty)\fR"
# Optional address mapping lookup tables for envelope and header
# sender addresses.
# .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
# What address lookup tables copy an address extension from the lookup
# key to the lookup result.
# .PP
# Other parameters of interest:
# .IP "\fBinet_interfaces (all)\fR"
# The network interface addresses that this mail system receives
# mail on.
# .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
# Rewrite message header addresses in mail from these clients and
# update incomplete addresses with the domain name in $myorigin or
# $mydomain; either don't rewrite message headers from other clients
# at all, or rewrite message headers and update incomplete addresses
# with the domain specified in the remote_header_rewrite_domain
# parameter.
# .IP "\fBproxy_interfaces (empty)\fR"
# The network interface addresses that this mail system receives mail
# on by way of a proxy or network address translation unit.
# .IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
# What addresses are subject to address masquerading.
# .IP "\fBmasquerade_domains (empty)\fR"
# Optional list of domains whose subdomain structure will be stripped
# off in email addresses.
# .IP "\fBmasquerade_exceptions (empty)\fR"
# Optional list of user names that are not subjected to address
# masquerading, even when their address matches $masquerade_domains.
# .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
# The list of domains that are delivered via the $local_transport
# mail delivery transport.
# .IP "\fBmyorigin ($myhostname)\fR"
# The domain name that locally-posted mail appears to come
# from, and that locally posted mail is delivered to.
# .IP "\fBowner_request_special (yes)\fR"
# Enable special treatment for owner-\fIlistname\fR entries in the
# \fBaliases\fR(5) file, and don't split owner-\fIlistname\fR and
# \fIlistname\fR-request address localparts when the recipient_delimiter
# is set to "-".
# .IP "\fBremote_header_rewrite_domain (empty)\fR"
# Don't rewrite message headers from remote clients at all when
# this parameter is empty; otherwise, rewrite message headers and
# append the specified domain name to incomplete addresses.
# SEE ALSO
# cleanup(8), canonicalize and enqueue mail
# postmap(1), Postfix lookup table manager
# postconf(5), configuration parameters
# virtual(5), virtual aliasing
# README FILES
# .ad
# .fi
# Use "\fBpostconf readme_directory\fR" or
# "\fBpostconf html_directory\fR" to locate this information.
# .na
# .nf
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# Wietse Venema
# Google, Inc.
# 111 8th Avenue
# New York, NY 10011, USA
#--
|