summaryrefslogtreecommitdiffstats
path: root/man/man5
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:42:27 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 08:42:27 +0000
commit95f5f6d1c3aec1cb62525f5162e71a4157aca717 (patch)
tree8633546094df32b27d719c7578537e6062aa52e3 /man/man5
parentReleasing progress-linux version 3.8.6-1~progress7.99u1. (diff)
downloadpostfix-95f5f6d1c3aec1cb62525f5162e71a4157aca717.tar.xz
postfix-95f5f6d1c3aec1cb62525f5162e71a4157aca717.zip
Merging upstream version 3.9.0.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/man5')
-rw-r--r--man/man5/access.54
-rw-r--r--man/man5/aliases.514
-rw-r--r--man/man5/canonical.522
-rw-r--r--man/man5/generic.56
-rw-r--r--man/man5/header_checks.546
-rw-r--r--man/man5/master.512
-rw-r--r--man/man5/mongodb_table.5259
-rw-r--r--man/man5/mysql_table.518
-rw-r--r--man/man5/pcre_table.511
-rw-r--r--man/man5/pgsql_table.511
-rw-r--r--man/man5/postconf.5719
-rw-r--r--man/man5/regexp_table.511
-rw-r--r--man/man5/relocated.56
-rw-r--r--man/man5/socketmap_table.52
-rw-r--r--man/man5/virtual.522
15 files changed, 925 insertions, 238 deletions
diff --git a/man/man5/access.5 b/man/man5/access.5
index 07725be..e2eb677 100644
--- a/man/man5/access.5
+++ b/man/man5/access.5
@@ -62,7 +62,7 @@ are lines whose first non\-whitespace character is a `#'.
.IP "multi\-line text"
A logical line starts with non\-whitespace text. A line that
starts with whitespace continues a logical line.
-.SH "EMAIL ADDRESS PATTERNS"
+.SH "EMAIL ADDRESS PATTERNS IN INDEXED TABLES"
.na
.nf
.ad
@@ -99,7 +99,7 @@ When a mail address localpart contains the optional recipient delimiter
(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes:
\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIdomain\fR,
\fIuser+foo\fR@, and \fIuser\fR@.
-.SH "HOST NAME/ADDRESS PATTERNS"
+.SH "HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES"
.na
.nf
.ad
diff --git a/man/man5/aliases.5 b/man/man5/aliases.5
index a5da906..ed6a10f 100644
--- a/man/man5/aliases.5
+++ b/man/man5/aliases.5
@@ -13,9 +13,13 @@ Postfix local alias database format
.SH DESCRIPTION
.ad
.fi
-The \fBaliases\fR(5) table provides a system\-wide mechanism to
-redirect mail for local recipients. The redirections are
-processed by the Postfix \fBlocal\fR(8) delivery agent.
+The optional \fBaliases\fR(5) table (alias_maps) redirects
+mail for local recipients. The redirections are processed
+by the Postfix \fBlocal\fR(8) delivery agent.
+
+This is unlike \fBvirtual\fR(5) aliasing (virtual_alias_maps)
+which applies to all recipients: local(8), virtual, and remote,
+and which is implemented by the \fBcleanup\fR(8) daemon.
Normally, the \fBaliases\fR(5) table is specified as a text file
that serves as input to the \fBpostalias\fR(1) command. The
@@ -165,7 +169,9 @@ The text below provides only a parameter summary. See
The alias databases for \fBlocal\fR(8) delivery that are updated with
"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR".
.IP "\fBalias_maps (see 'postconf -d' output)\fR"
-The alias databases that are used for \fBlocal\fR(8) delivery.
+Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+recipients; this is unlike virtual_alias_maps that apply to all
+recipients: \fBlocal\fR(8), virtual, and remote.
.IP "\fBallow_mail_to_commands (alias, forward)\fR"
Restrict \fBlocal\fR(8) mail delivery to external commands.
.IP "\fBallow_mail_to_files (alias, forward)\fR"
diff --git a/man/man5/canonical.5 b/man/man5/canonical.5
index e987664..8776f3b 100644
--- a/man/man5/canonical.5
+++ b/man/man5/canonical.5
@@ -231,17 +231,14 @@ key to the lookup result.
.PP
Other parameters of interest:
.IP "\fBinet_interfaces (all)\fR"
-The network interface addresses that this mail system receives
-mail on.
+The local network interface addresses that this mail system
+receives mail on.
.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR"
-Rewrite message header addresses in mail from these clients and
-update incomplete addresses with the domain name in $myorigin or
-$mydomain; either don't rewrite message headers from other clients
-at all, or rewrite message headers and update incomplete addresses
-with the domain specified in the remote_header_rewrite_domain
-parameter.
+Rewrite or add message headers in mail from these clients,
+updating incomplete addresses with the domain name in $myorigin or
+$mydomain, and adding missing headers.
.IP "\fBproxy_interfaces (empty)\fR"
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR"
What addresses are subject to address masquerading.
@@ -263,9 +260,10 @@ Enable special treatment for owner\-\fIlistname\fR entries in the
\fIlistname\fR\-request address localparts when the recipient_delimiter
is set to "\-".
.IP "\fBremote_header_rewrite_domain (empty)\fR"
-Don't rewrite message headers from remote clients at all when
-this parameter is empty; otherwise, rewrite message headers and
-append the specified domain name to incomplete addresses.
+Rewrite or add message headers in mail from remote clients if
+the remote_header_rewrite_domain parameter value is non\-empty,
+updating incomplete addresses with the domain specified in the
+remote_header_rewrite_domain parameter, and adding missing headers.
.SH "SEE ALSO"
.na
.nf
diff --git a/man/man5/generic.5 b/man/man5/generic.5
index 6e891eb..b474530 100644
--- a/man/man5/generic.5
+++ b/man/man5/generic.5
@@ -214,10 +214,10 @@ key to the lookup result.
.PP
Other parameters of interest:
.IP "\fBinet_interfaces (all)\fR"
-The network interface addresses that this mail system receives
-mail on.
+The local network interface addresses that this mail system
+receives mail on.
.IP "\fBproxy_interfaces (empty)\fR"
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
The list of domains that are delivered via the $local_transport
diff --git a/man/man5/header_checks.5 b/man/man5/header_checks.5
index 31ac7dc..92c1de9 100644
--- a/man/man5/header_checks.5
+++ b/man/man5/header_checks.5
@@ -417,34 +417,24 @@ be examined before they are deleted. Examples are: \fBBcc:\fR,
.nf
.ad
.fi
-.IP \fBbody_checks\fR
-Lookup tables with content filter rules for message body lines.
-These filters see one physical line at a time, in chunks of
-at most \fB$line_length_limit\fR bytes.
-.IP \fBbody_checks_size_limit\fP
-The amount of content per message body segment (attachment) that is
-subjected to \fB$body_checks\fR filtering.
-.IP \fBheader_checks\fR
-.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)"
-.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)"
-Lookup tables with content filter rules for message header lines:
-respectively, these are applied to the initial message headers
-(not including MIME headers), to the MIME headers anywhere in
-the message, and to the initial headers of attached messages.
-.sp
-Note: these filters see one logical message header at a time, even
-when a message header spans multiple lines. Message headers that
-are longer than \fB$header_size_limit\fR characters are truncated.
-.IP \fBdisable_mime_input_processing\fR
-While receiving mail, give no special treatment to MIME related
-message headers; all text after the initial message headers is
-considered to be part of the message body. This means that
-\fBheader_checks\fR is applied to all the initial message headers,
-and that \fBbody_checks\fR is applied to the remainder of the
-message.
-.sp
-Note: when used in this manner, \fBbody_checks\fR will process
-a multi\-line message header one line at a time.
+.IP "\fBbody_checks (empty)\fR"
+Optional lookup tables for content inspection as specified in
+the \fBbody_checks\fR(5) manual page.
+.IP "\fBbody_checks_size_limit (51200)\fR"
+How much text in a message body segment (or attachment, if you
+prefer to use that term) is subjected to body_checks inspection.
+.IP "\fBheader_checks (empty)\fR"
+Optional lookup tables for content inspection of primary non\-MIME
+message headers, as specified in the \fBheader_checks\fR(5) manual page.
+.IP "\fBmime_header_checks ($header_checks)\fR"
+Optional lookup tables for content inspection of MIME related
+message headers, as described in the \fBheader_checks\fR(5) manual page.
+.IP "\fBnested_header_checks ($header_checks)\fR"
+Optional lookup tables for content inspection of non\-MIME message
+headers in attached messages, as described in the \fBheader_checks\fR(5)
+manual page.
+.IP "\fBdisable_mime_input_processing (no)\fR"
+Turn off MIME processing while receiving mail.
.SH "EXAMPLES"
.na
.nf
diff --git a/man/man5/master.5 b/man/man5/master.5
index 48fd4fd..469ccdf 100644
--- a/man/man5/master.5
+++ b/man/man5/master.5
@@ -225,10 +225,16 @@ personalities via master.cf.
.IP \fB\-v\fR
Increase the verbose logging level. Specify multiple \fB\-v\fR
options to make a Postfix daemon process increasingly verbose.
-.IP "Other command\-line arguments"
+.IP "\fBCommand\-line arguments that start with {\fR"
+With Postfix 3.0 and later specify "{" and "}" around command
+arguments that start with "{". The outer "{" and "}" are
+removed from the input, together with any leading or trailing
+whitespace.
+.IP "\fBOther command\-line arguments\fR"
Specify "{" and "}" around command arguments that contain
-whitespace (Postfix 3.0 and later). Whitespace
-after "{" and before "}" is ignored.
+whitespace (Postfix 3.0 and later). The outer "{" and "}"
+are removed from the input, together with any leading or
+trailing whitespace.
.SH "SEE ALSO"
.na
.nf
diff --git a/man/man5/mongodb_table.5 b/man/man5/mongodb_table.5
new file mode 100644
index 0000000..cfbedf3
--- /dev/null
+++ b/man/man5/mongodb_table.5
@@ -0,0 +1,259 @@
+.TH MONGODB_TABLE 5
+.ad
+.fi
+.SH NAME
+mongodb_table
+\-
+Postfix MongoDB client configuration
+.SH "SYNOPSIS"
+.na
+.nf
+\fBpostmap \-q "\fIstring\fB" mongodb:/etc/postfix/\fIfilename\fR
+
+\fBpostmap \-q \- mongodb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+.SH DESCRIPTION
+.ad
+.fi
+The Postfix mail system uses optional tables for address
+rewriting or mail routing. These tables are usually in
+\fBdbm\fR or \fBdb\fR format.
+
+Alternatively, lookup tables can be specified as MongoDB
+databases. In order to use MongoDB lookups, define a MongoDB
+source as a lookup table in main.cf, for example:
+.nf
+ alias_maps = mongodb:/etc/postfix/mongodb\-aliases.cf
+.fi
+
+In this example, the file /etc/postfix/mongodb\-aliases.cf
+has the same format as the Postfix main.cf file, and can
+specify the parameters described below. It is also possible
+to have the configuration in main.cf; see "OBSOLETE MAIN.CF
+PARAMETERS" below.
+
+It is strongly recommended to use proxy:mongodb, in order
+to reduce the number of database connections. For example:
+.nf
+ alias_maps = proxy:mongodb:/etc/postfix/mongodb\-aliases.cf
+.fi
+
+Note: when using proxy:mongodb:/\fIfile\fR, the file must
+be readable by the unprivileged postfix user (specified
+with the Postfix mail_owner configuration parameter).
+.SH "MONGODB PARAMETERS"
+.na
+.nf
+.ad
+.fi
+.IP "\fBuri\fR"
+The URI of mongo server/cluster that Postfix will try to
+connect to and query from. Please see
+.nf
+https://www.mongodb.com/docs/manual/reference/connection\-string/
+.fi
+
+Example:
+.nf
+ uri = mongodb+srv://user:pass@loclhost:27017/mail
+.fi
+.IP "\fBdbname\fR"
+Name of the database to read the information from.
+Example:
+.nf
+ dbname = mail
+.fi
+.IP "\fBcollection\fR"
+Name of the collection (table) to read the information from.
+Example:
+.nf
+ collection = mailbox
+.fi
+.IP "\fBquery_filter\fR"
+The MongoDB query template used to search the database,
+where \fB%s\fR is a substitute for the email address that
+Postfix is trying to resolve. Please see:
+.nf
+https://www.mongodb.com/docs/manual/tutorial/query\-documents/
+.fi
+
+Example:
+.nf
+ query_filter = {"$or": [{"username": "%s"}, {"alias.address": "%s"}], "active": 1}
+.fi
+
+This parameter supports the following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the input key. The %s must appear in
+quotes, because all Postfix queries are strings containing
+(parts from) a domain or email address. Postfix makes no
+numerical queries.
+.IP "\fB%u\fR"
+When the input key is an address of the form user@domain,
+\fB%u\fR is replaced by the local part of the address.
+Otherwise, \fB%u\fR is replaced by the entire search string.
+.IP "\fB%d\fR"
+When the input key is an address of the form user@domain,
+\fB%d\fR is replaced by the domain part of the address.
+.IP "\fB%[1\-9]\fR"
+The patterns %1, %2, ... %9 are replaced by the corresponding
+most significant component of the input key's domain. If
+the input key is \fIuser@mail.example.com\fR, then %1 is
+\fBcom\fR, %2 is \fBexample\fR and %3 is \fBmail\fR.
+.RE
+.IP
+In the above substitutions, characters will be quoted as
+required by RFC 4627. For example, each double quote or
+backslash character will be escaped with a backslash
+characacter.
+.IP "\fBprojection\fR"
+Advanced MongoDB query projections. Please see:
+.nf
+https://www.mongodb.com/docs/manual/tutorial/project\-fields\-from\-query\-results/
+.fi
+
+.RS
+.IP \(bu
+If \fBprojection\fR is non\-empty, then \fBresult_attribute\fR
+must be empty.
+.IP \(bu
+This implementation can extract information only from result
+fields that have type \fBstring\fR (UTF8), \fBinteger\fR
+(int32, int64) and \fBarray\fR. Other result fields will
+be ignored with a warning. Please see:
+.nf
+https://mongoc.org/libbson/current/bson_type_t.html
+.fi
+.IP \(bu
+As with \fBresult_attribute\fR, the top\-level _id field
+(type OID) is automatically removed from projection results.
+.RE
+.IP "\fBresult_attribute\fR"
+Comma or whitespace separated list with the names of fields
+to be returned in a lookup result.
+
+.RS
+.IP \(bu
+If \fBresult_attribute\fR is non\-empty, then \fBprojection\fR
+must be empty.
+.IP \(bu
+As with \fBprojection\fR, the top\-level _id field (type
+OID) is automatically removed from lookup results.
+.RE
+.IP "\fBresult_format (default: \fB%s\fR)\fR"
+Format template applied to the result from \fBprojection\fR
+or \fBresult_attribute\fR. Most commonly used to append (or
+prepend) text to the result. This parameter supports the
+following '%' expansions:
+.RS
+.IP "\fB%%\fR"
+This is replaced by a literal '%' character.
+.IP "\fB%s\fR"
+This is replaced by the value of the result attribute. When
+result is empty it is skipped.
+.IP "\fB%u\fR
+When the result attribute value is an address of the form
+user@domain, \fB%u\fR is replaced by the local part of the
+address. When the result has an empty localpart it is
+skipped.
+.IP "\fB%d\fR"
+When a result attribute value is an address of the form
+user@domain, \fB%d\fR is replaced by the domain part of the
+attribute value. When the result is unqualified it is
+skipped.
+.IP "\fB%[SUD1\-9]\fR"
+The upper\-case and decimal digit expansions interpolate the
+parts of the input key rather than the result. Their behavior
+is identical to that described with \fBquery_filter\fR, and
+in fact because the input key is known in advance, lookups
+whose key does not contain all the information specified
+in the result template are suppressed and return no results.
+.RE
+.IP
+For example, using "result_format = smtp:[%s]" allows one
+to use a mailHost attribute as the basis of a transport(5)
+table. After applying the result format, multiple values
+are concatenated as comma separated strings. The expansion_limit
+parameter explained below allows one to restrict the number
+of values in the result, which is especially useful for
+maps that should return a single value.
+
+The default value \fB%s\fR specifies that each
+attribute value should be used as is.
+
+NOTE: DO NOT put quotes around the result format! The result
+is not a JSON string.
+.IP "\fBdomain (default: no domain list)\fR"
+This is a list of domain names, paths to files, or "type:table"
+databases. When specified, only fully qualified search keys
+with a *non\-empty* localpart and a matching domain are
+eligible for lookup: 'user' lookups, bare domain lookups
+and "@domain" lookups are not performed. This can significantly
+reduce the query load on the backend database. Example:
+.nf
+ domain = postfix.org, hash:/etc/postfix/searchdomains
+.fi
+.IP "\fBexpansion_limit (default: 0)\fR"
+A limit on the total number of result elements returned (as
+a comma separated list) by a lookup against the map. A
+setting of zero disables the limit. Lookups fail with a
+temporary error if the limit is exceeded. Setting the limit
+to 1 ensures that lookups do not return multiple values.
+.SH "OBSOLETE MAIN.CF PARAMETERS"
+.na
+.nf
+.ad
+.fi
+MongoDB parameters can also be defined in main.cf. Specify
+as MongoDB source a name that doesn't begin with a slash
+or a dot. The MongoDB parameters will then be accessible
+as the name you've given the source in its definition, an
+underscore, and the name of the parameter. For example, if
+a map is specified as "mongodb:\fImongodb_source\fR", the
+"uri" parameter would be defined in main.cf as
+"\fImongodb_source\fR_uri".
+
+Note: with this form, passwords are written in main.cf,
+which is normally world\-readable, and '$' in a mongodb
+parameter setting needs to be written as '$$'.
+.SH "SEE ALSO"
+.na
+.nf
+postmap(1), Postfix lookup table maintenance
+postconf(5), configuration parameters
+.SH "README FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or "\fBpostconf
+html_directory\fR" to locate this information.
+.na
+.nf
+DATABASE_README, Postfix lookup table overview
+MONGODB_README, Postfix MONGODB client guide
+.SH "LICENSE"
+.na
+.nf
+.ad
+.fi
+The Secure Mailer license must be distributed with this software.
+.SH HISTORY
+.ad
+.fi
+MongoDB support was introduced with Postfix version 3.9.
+.SH "AUTHOR(S)"
+.na
+.nf
+Hamid Maadani (hamid@dexo.tech)
+Dextrous Technologies, LLC
+
+Edited by:
+Wietse Venema
+porcupine.org
+
+Based on prior work by:
+Stephan Ferraro
+Aionda GmbH
diff --git a/man/man5/mysql_table.5 b/man/man5/mysql_table.5
index 2b01aca..aebb949 100644
--- a/man/man5/mysql_table.5
+++ b/man/man5/mysql_table.5
@@ -89,6 +89,24 @@ The database name on the servers. Example:
.nf
dbname = customer_database
.fi
+.IP "\fBcharset (default: utf8mb4)\fR"
+The default MySQL client character set; this also implies
+the collation order.
+
+This parameter is available with Postfix 3.9 and later.
+With earlier Postfix versions, the default was chosen by
+the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0,
+\fBlatin1\fR historically).
+.IP "\fBidle_interval (default: 60)\fR"
+The number of seconds after which an idle database connection
+will be closed.
+
+This feature is available in Postfix 3.9 and later.
+.IP "\fBretry_interval (default: 60)\fR"
+The number of seconds that a database connection will be
+skipped after an error.
+
+This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
diff --git a/man/man5/pcre_table.5 b/man/man5/pcre_table.5
index a9fd7b6..b5adb94 100644
--- a/man/man5/pcre_table.5
+++ b/man/man5/pcre_table.5
@@ -206,9 +206,14 @@ in\-memory file:
Postfix parses the result as if it is a file in /etc/postfix.
-Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
-Postfix from trying to do \fI$name\fR expansion as it
-evaluates a parameter value.
+Note: if an inlined rule contains \fB$\fR, specify \fB$$\fR
+to keep Postfix from trying to do \fI$name\fR expansion as
+it evaluates a parameter value.
+
+Note: when using \fI$name\fR inside an inlined pattern, use
+\eQ\fI$name\fR\eE to disable metacharacters such as '.' in
+the \fI$name\fR expansion. Otherwise, the pattern may have
+unexpected matches.
.SH "EXAMPLE SMTPD ACCESS MAP"
.na
.nf
diff --git a/man/man5/pgsql_table.5 b/man/man5/pgsql_table.5
index 00a2da3..869a635 100644
--- a/man/man5/pgsql_table.5
+++ b/man/man5/pgsql_table.5
@@ -90,10 +90,21 @@ is:
.nf
encoding = UTF8
.fi
+
Historically, the database client was hard coded to use
LATIN1 in an attempt to disable multibyte character support.
This feature is available in Postfix 3.8 and later.
+.IP "\fBidle_interval (default: 60)\fR"
+The number of seconds after which an idle database connection
+will be closed.
+
+This feature is available in Postfix 3.9 and later.
+.IP "\fBretry_interval (default: 60)\fR"
+The number of seconds that a database connection will be
+skipped after an error.
+
+This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
diff --git a/man/man5/postconf.5 b/man/man5/postconf.5
index 196a700..cf96e48 100644
--- a/man/man5/postconf.5
+++ b/man/man5/postconf.5
@@ -358,8 +358,13 @@ alias_database = hash:/etc/mail/aliases
.ad
.ft R
.SH alias_maps (default: see "postconf \-d" output)
-The alias databases that are used for \fBlocal\fR(8) delivery. See
-\fBaliases\fR(5) for syntax details.
+Optional lookup tables with aliases that apply only to \fBlocal\fR(8)
+recipients; this is unlike virtual_alias_maps that apply to all
+recipients: \fBlocal\fR(8), virtual, and remote.
+The table format and lookups are documented in \fBaliases\fR(5). For an
+overview of Postfix address manipulations see the ADDRESS_REWRITING_README
+document.
+.PP
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
@@ -1773,16 +1778,25 @@ name of the message delivery transport.
This feature is available in Postfix 2.4 and later.
.SH default_transport (default: smtp)
The default mail delivery transport and next\-hop destination for
-destinations that do not match $mydestination, $inet_interfaces,
+the default domain class: recipient domains that do not match
+$mydestination, $inet_interfaces,
$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
-or $relay_domains. This information can be overruled with the
-sender_dependent_default_transport_maps parameter and with the
-\fBtransport\fR(5) table.
+or $relay_domains. This information will not be used when
+sender_dependent_default_transport_maps returns a result, and may
+be overridden with the \fBtransport\fR(5) table.
.PP
-In order of decreasing precedence, the nexthop destination is taken
-from $sender_dependent_default_transport_maps, $default_transport,
-$sender_dependent_relayhost_maps, $relayhost, or from the recipient
+For recipient domains in the default domain class:
+.IP \(bu
+In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
domain.
+.br
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
@@ -2367,6 +2381,19 @@ logfiles with the queue file names of mail that is queued for those
destinations.
.PP
This feature is available in Postfix 2.0 and later.
+.SH force_mime_input_conversion (default: no)
+Convert body content that claims to be 8\-bit into quoted\-printable,
+before header_checks, body_checks, Milters, and before after\-queue
+content filters. This feature does not affect messages that are
+sent into smtpd_proxy_filter.
+.PP
+The typical use case is an MTA that applies this conversion
+before signing outbound messages, so that the signatures will remain
+valid when a message is later delivered to an MTA that does not
+announce 8BITMIME support, or when a message line exceeds the SMTP
+length limit.
+.PP
+This feature is available in Postfix >= 3.9.
.SH fork_attempts (default: 5)
The maximal number of attempts to fork() a child process.
.SH fork_delay (default: 1s)
@@ -2416,7 +2443,7 @@ The entire recipient localpart.
The address extension delimiter that was found in the recipient
address (Postfix 2.11 and later), or the 'first' delimiter specified
with the system\-wide recipient address extension delimiter (Postfix
-3.5.22, 3.5.12, 3.7.8, 3.8.3 and later). Historically, this was
+3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was
always the system\-wide recipient
address extension delimiter (Postfix 2.10 and earlier).
.br
@@ -2628,31 +2655,55 @@ number of messages delivered per second.
.PP
Specify 0 to disable the feature. Valid delays are 0..10.
.SH inet_interfaces (default: all)
-The local network interface addresses that this mail system receives
-mail on. Specify "all" to receive mail on all network
-interfaces (default), and "loopback\-only" to receive mail
-on loopback network interfaces only (Postfix version 2.2 and later). The
-parameter also controls delivery of mail to user@[ip.address].
+The local network interface addresses that this mail system
+receives mail on. Specify "all" to receive mail on all network
+interfaces (default), "loopback\-only" to receive mail on loopback
+network interfaces only (Postfix version 2.2 and later), or zero
+or more IPv4 or IPv6 addresses (IPv6 is supported in Postfix version
+2.2 and later). The parameter also controls whether Postfix will
+accept mail for user@[ip.address], and prevents Postfix
+from delivering mail to a host that has equal or larger MX preference.
+Specify an empty value if Postfix does not receive mail over the
+network, or if all network listeners have an explicit IP address
+in master.cf.
.PP
Note 1: you need to stop and start Postfix when this parameter changes.
.PP
Note 2: address information may be enclosed inside [],
but this form is not required here.
.PP
-When inet_interfaces specifies just one IPv4 and/or IPv6 address
-that is not a loopback address, the Postfix SMTP client will use
-this address as the IP source address for outbound mail. Support
-for IPv6 is available in Postfix version 2.2 and later.
+When smtp_bind_address and/or smtp_bind_address6 are not
+specified, the inet_interfaces setting may constrain the source IP
+address for an outbound SMTP or LMTP connection as described below.
+.PP
+The following text is specific to SMTP and IPv4. The same
+reasoning applies to the IPv6 protocol, and to the Postfix LMTP
+client. To disable IPv4 or IPv6 support in the Postfix SMTP and
+LMTP client, use inet_protocols.
+.IP \(bu
+When inet_interfaces specifies one IPv4 address, and that
+is not a loopback address, the Postfix SMTP client uses that as the
+source address for outbound IPv4 connections.
+.IP \(bu
+Otherwise, the Postfix SMTP client does not constrain the
+source IPv4 address, and connects using a system\-chosen source IPv4
+address. This includes the cases where inet_interfaces is empty,
+where it specifies \fBall\fR, or where it contains no IPv4 address,
+one IPv4 address that is a loopback address, or multiple IPv4
+addresses.
+.br
.PP
-On a multi\-homed firewall with separate Postfix instances listening on the
-"inside" and "outside" interfaces, this can prevent each instance from
-being able to reach remote SMTP servers on the "other side" of the
-firewall. Setting
-smtp_bind_address to 0.0.0.0 avoids the potential problem for
-IPv4, and setting smtp_bind_address6 to :: solves the problem
-for IPv6.
+A Postfix SMTP client may fail to reach some remote SMTP servers
+when the client source IP address is constrained explicitly with
+smtp_bind_address or smtp_bind_address6, or implicitly with
+inet_interfaces. This can happen when Postfix runs on a multi\-homed
+system such as a firewall, the Postfix SMTP source client IP address
+is constrained to one specific network interface, and the remote
+SMTP server must be reached through a different interface. Setting
+smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4,
+and setting smtp_bind_address6 to :: solves the problem for IPv6.
.PP
-A better solution for multi\-homed firewalls is to leave inet_interfaces
+A better solution for multi\-homed systems is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
the master.cf SMTP server definitions. This preserves the Postfix
SMTP client's
@@ -2679,7 +2730,7 @@ inet_interfaces = 192.168.1.2, 127.0.0.1
.fi
.ad
.ft R
-.SH inet_protocols (default: see 'postconf \-d output')
+.SH inet_protocols (default: see 'postconf \-d' output)
The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4"
or "ipv6", separated by whitespace or commas. The form
@@ -3093,6 +3144,9 @@ This feature is available in Postfix 2.11 and later.
The LMTP\-specific version of the smtp_enforce_tls configuration
parameter. See there for details.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+lmtp_tls_security_level instead.
+.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_fallback_relay (default: empty)
Optional list of relay hosts for LMTP destinations that can't be
@@ -3289,6 +3343,9 @@ Optional Postfix LMTP client lookup tables with one username:password entry
per host or domain. If a remote host or domain has no username:password
entry, then the Postfix LMTP client will not attempt to authenticate
to the remote host.
+.SH lmtp_sasl_password_result_delimiter (default: :)
+The LMTP\-specific version of the smtp_sasl_password_result_delimiter
+configuration parameter. See there for details.
.SH lmtp_sasl_path (default: empty)
Implementation\-specific information that is passed through to
the SASL plug\-in implementation that is selected with
@@ -3437,6 +3494,11 @@ parameter. See there for details.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later.
+.SH lmtp_tls_enable_rpk (default: yes)
+The LMTP\-specific version of the smtp_tls_enable_rpk
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 3.9 and later.
.SH lmtp_tls_enforce_peername (default: yes)
The LMTP\-specific version of the smtp_tls_enforce_peername
configuration parameter. See there for details.
@@ -3482,7 +3544,7 @@ The LMTP\-specific version of the smtp_tls_mandatory_exclude_ciphers
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
-.SH lmtp_tls_mandatory_protocols (default: see postconf \-d output)
+.SH lmtp_tls_mandatory_protocols (default: see 'postconf \-d' output)
The LMTP\-specific version of the smtp_tls_mandatory_protocols
configuration parameter. See there for details.
.PP
@@ -3496,13 +3558,16 @@ This feature is available in Postfix 2.3 and later.
The LMTP\-specific version of the smtp_tls_per_site configuration
parameter. See there for details.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+lmtp_tls_policy_maps instead.
+.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_tls_policy_maps (default: empty)
The LMTP\-specific version of the smtp_tls_policy_maps
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
-.SH lmtp_tls_protocols (default: see postconf \-d output)
+.SH lmtp_tls_protocols (default: see 'postconf \-d' output)
The LMTP\-specific version of the smtp_tls_protocols configuration
parameter. See there for details.
.PP
@@ -3556,6 +3621,9 @@ This feature is available in Postfix 3.0 and later.
The LMTP\-specific version of the smtp_use_tls configuration
parameter. See there for details.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+lmtp_tls_security_level instead.
+.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_xforward_timeout (default: 300s)
The Postfix LMTP client time limit for sending the XFORWARD command,
@@ -3803,7 +3871,8 @@ whitespace or comma. Tables will be searched in the specified order
until a match is found.
.PP
If this parameter is non\-empty (the default), then the Postfix SMTP
-server will reject mail for unknown local users.
+server will reject mail for unknown local users. Other Postfix
+interfaces may still accept an "unknown" recipient.
.PP
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
@@ -3989,6 +4058,10 @@ Remote client protocol. Available in Postfix version 2.2 and later.
.IP "\fBDOMAIN\fR"
The domain part of the recipient address.
.br
+.IP "\fBENVID\fR"
+The optional RFC 3461 envelope ID. Available in Postfix version
+3.9 and later
+.br
.IP "\fBEXTENSION\fR"
The optional address extension.
.br
@@ -4141,6 +4214,15 @@ logrotate". The command is run with the rotated logfile name as its
first argument.
.PP
This feature is available in Postfix 3.4 and later.
+.SH maillog_file_permissions (default: 0600)
+The file access permissions that will be set when the file
+$maillog_file is created for the first time, or when the file is
+created after an existing file is rotated. Specify one of: \fB0600\fR
+(only super\-user read/write access), \fB0640\fR (adds 'group' read
+access), or \fB0644\fR (also adds 'other' read access). The leading
+\&'0' is optional.
+.PP
+This feature is available in Postfix 3.9 and later.
.SH maillog_file_prefixes (default: /var, /dev/stdout)
A list of allowed prefixes for a maillog_file value. This is a
safety feature to contain the damage from a single configuration
@@ -5249,9 +5331,9 @@ it passes the test, before it can talk to a real Postfix SMTP server.
.PP
This feature is available in Postfix 2.8.
.SH postscreen_bare_newline_ttl (default: 30d)
-The amount of time that \fBpostscreen\fR(8) will use the result from
-a successful "bare newline" SMTP protocol test. During this
-time, the client IP address is excluded from this test. The default
+The amount of time that \fBpostscreen\fR(8) remembers that a client
+IP address passed a "bare newline" SMTP protocol test, before it
+address is required to pass that test again. The default
is long because a remote SMTP client must disconnect after it passes
the test,
before it can talk to a real Postfix SMTP server.
@@ -5411,18 +5493,19 @@ defined with the postscreen_dnsbl_sites parameter.
Specify a negative value to enable this feature. When a client
passes the postscreen_dnsbl_allowlist_threshold without having
failed other tests, all pending or disabled tests are flagged as
-completed with a time\-to\-live value equal to postscreen_dnsbl_ttl.
-When a test was already completed, its time\-to\-live value is updated
-if it was less than postscreen_dnsbl_ttl.
+completed with an expiration time based on the DNS reply TTL.
+When a test was already completed, its expiration time is updated
+if it was less than the value based on the DNS reply TTL. See
+also postscreen_dnsbl_max_ttl and postscreen_dnsbl_min_ttl.
.PP
This feature is available in Postfix 3.6 and later.
.PP
Available as postscreen_dnsbl_whitelist_threshold in Postfix 2.11
\- 3.5.
.SH postscreen_dnsbl_max_ttl (default: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)
-The maximum amount of time that \fBpostscreen\fR(8) will use the
-result from a successful DNS\-based reputation test before a
-client IP address is required to pass that test again. If the DNS
+The maximum amount of time that \fBpostscreen\fR(8) remembers that a
+client IP address passed a DNS\-based reputation test, before it is
+required to pass that test again. If the DNS
reply specifies a shorter TTL value, that value will be used unless
it would be smaller than postscreen_dnsbl_min_ttl.
.PP
@@ -5434,9 +5517,9 @@ The default time unit is h (hours).
This feature is available in Postfix 3.1. The default setting
is backwards\-compatible with older Postfix versions.
.SH postscreen_dnsbl_min_ttl (default: 60s)
-The minimum amount of time that \fBpostscreen\fR(8) will use the
-result from a successful DNS\-based reputation test before a
-client IP address is required to pass that test again. If the DNS
+The minimum amount of time that \fBpostscreen\fR(8) remembers that a
+client IP address passed a DNS\-based reputation test, before it
+is required to pass that test again. If the DNS
reply specifies a larger TTL value, that value will be used unless
it would be larger than postscreen_dnsbl_max_ttl.
.PP
@@ -5559,9 +5642,9 @@ The default time unit is s (seconds).
.PP
This feature is available in Postfix 3.0.
.SH postscreen_dnsbl_ttl (default: 1h)
-The amount of time that \fBpostscreen\fR(8) will use the result from
-a successful DNS\-based reputation test before a client
-IP address is required to pass that test again.
+The amount of time that \fBpostscreen\fR(8) remembers that a client
+IP address passed a DNS\-based reputation test, before it is required
+to pass that test again.
.PP
Specify a non\-zero time value (an integral value plus an optional
one\-letter suffix that specifies the time unit). Time units: s
@@ -5628,9 +5711,9 @@ value to disable this feature.
.PP
This feature is available in Postfix 2.8.
.SH postscreen_greet_ttl (default: 1d)
-The amount of time that \fBpostscreen\fR(8) will use the result from
-a successful PREGREET test. During this time, the client IP address
-is excluded from this test. The default is relatively short, because
+The amount of time that \fBpostscreen\fR(8) remembers that a client
+IP address passed a PREGREET test, before it is required to pass
+that test again. The default is relatively short, because
a good client can immediately talk to a real Postfix SMTP server.
.PP
Specify a non\-zero time value (an integral value plus an optional
@@ -5688,9 +5771,9 @@ test, before it can talk to a real Postfix SMTP server.
.PP
This feature is available in Postfix 2.8.
.SH postscreen_non_smtp_command_ttl (default: 30d)
-The amount of time that \fBpostscreen\fR(8) will use the result from
-a successful "non_smtp_command" SMTP protocol test. During this
-time, the client IP address is excluded from this test. The default
+The amount of time that \fBpostscreen\fR(8) remembers that a client
+IP address passed a "non_smtp_command" SMTP protocol test, before
+it is required to pass that test again. The default
is long because a client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server.
.PP
@@ -5732,9 +5815,9 @@ server.
.PP
This feature is available in Postfix 2.8.
.SH postscreen_pipelining_ttl (default: 30d)
-The amount of time that \fBpostscreen\fR(8) will use the result from
-a successful "pipelining" SMTP protocol test. During this time, the
-client IP address is excluded from this test. The default is
+The amount of time that \fBpostscreen\fR(8) remembers that a client
+IP address passed a "pipelining" SMTP protocol test, before it is
+required to pass that test again. The default is
long because a good client must disconnect after it passes the test,
before it can talk to a real Postfix SMTP server.
.PP
@@ -6408,11 +6491,19 @@ relay_recipient_maps = hash:/etc/postfix/relay_recipients
This feature is available in Postfix 2.0 and later.
.SH relay_transport (default: relay)
The default mail delivery transport and next\-hop destination for
-remote delivery to domains listed with $relay_domains. In order of
-decreasing precedence, the nexthop destination is taken from
-$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
-from the recipient domain. This information can be overruled with
-the \fBtransport\fR(5) table.
+the relay domain address class: recipient domains that match
+$relay_domains.
+.PP
+For recipient domains in the relay domain address class:
+.IP \(bu
+In order of decreasing precedence, the message delivery
+transport is taken from 1) $transport_maps, 2) $relay_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.br
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
@@ -6424,21 +6515,37 @@ file.
.PP
This feature is available in Postfix 2.0 and later.
.SH relayhost (default: empty)
-The next\-hop destination(s) for non\-local mail; overrides non\-local
-domains in recipient addresses. This information is overruled with
-relay_transport, sender_dependent_default_transport_maps,
-default_transport, sender_dependent_relayhost_maps
-and with the \fBtransport\fR(5) table.
+The next\-hop destination(s) for non\-local mail; takes precedence
+over non\-local domains in recipient addresses. This information
+will not be used when the sender matches $sender_dependent_relayhost_maps.
+.PP
+In order of decreasing precedence:
+.IP \(bu
+For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.IP \(bu
+For recipient domains in the default domain address class
+(domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain.
+.br
.PP
On an intranet, specify the organizational domain name. If your
internal DNS uses no MX records, specify the name of the intranet
gateway host instead.
.PP
-In the case of SMTP or LMTP delivery, specify one or more destinations
-in the form of a domain name, hostname, hostname:port, [hostname]:port,
-[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
-The form [hostname] turns off MX lookups. Multiple destinations are
-supported in Postfix 3.5 and later.
+In the case of SMTP delivery, specify one or more destinations in
+the form of a domain name, hostname, hostname:service, [hostname]:service,
+[hostaddress] or [hostaddress]:service, separated by comma or whitespace.
+The form [hostname] turns off MX or SRV lookups. Multiple destinations
+are supported in Postfix 3.5 and later. Each destination is tried
+in the specified order.
.PP
If you're connected via UUCP, see the UUCP_README file for useful
information.
@@ -6719,9 +6826,21 @@ address and @domain. A lookup result of DUNNO terminates the search
without overriding the global default_transport parameter setting.
This information is overruled with the \fBtransport\fR(5) table.
.PP
-Specify zero or more "type:name" lookup tables, separated by
-whitespace or comma. Tables will be searched in the specified order
-until a match is found.
+This setting affects only the default domain address class
+(recipient domains that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains):
+.IP \(bu
+In order of decreasing precedence, the delivery transport
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport.
+.IP \(bu
+In order of decreasing precedence, the nexthop destination
+is taken from 1) $transport_maps, 2)
+$sender_dependent_default_transport_maps or $default_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.br
.PP
Note: this overrides default_transport, not transport_maps, and
therefore the expected syntax is that of default_transport, not the
@@ -6729,6 +6848,10 @@ syntax of transport_maps. Specifically, this does not support the
transport_maps syntax for null transport, null nexthop, or null
email addresses.
.PP
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+.PP
For safety reasons, this feature does not allow $number
substitutions in regular expression maps.
.PP
@@ -6738,9 +6861,24 @@ A sender\-dependent override for the global relayhost parameter
setting. The tables are searched by the envelope sender address and
@domain. A lookup result of DUNNO terminates the search without
overriding the global relayhost parameter setting (Postfix 2.6 and
-later). This information is overruled with relay_transport,
-sender_dependent_default_transport_maps, default_transport and with
-the \fBtransport\fR(5) table.
+later).
+.PP
+In order of decreasing precedence:
+.IP \(bu
+For recipient domains in the relay domain address class
+(domains matching $relay_domains), the nexthop destination is taken
+from 1) $transport_maps, 2) $relay_transport, 3)
+$sender_dependent_relayhost_maps or $relayhost or the recipient
+domain.
+.IP \(bu
+For recipient domains in the default domain address class
+(domains that do not match mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+$relay_domains), the nexthop destination is taken from 1)
+$transport_maps, 2) $sender_dependent_default_transport_maps or
+$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost
+or the recipient domain.
+.br
.PP
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
@@ -6871,12 +7009,45 @@ Notes for mail delivery between sites that have both IPv4 and
IPv6 connectivity:
.IP \(bu
The setting "smtp_address_preference = ipv6" is unsafe.
-It can fail to deliver mail when there is an outage that affects
-IPv6, while the destination is still reachable over IPv4.
+All deliveries will suffer delays during an IPv6 outage, even
+while the destination is still reachable over IPv4. Mail may be
+stuck in the queue with Postfix versions < 3.3 that do not
+implement "smtp_balance_inet_protocols". For similar reasons, the
+setting "smtp_address_preference = ipv4" is also unsafe.
.IP \(bu
The setting "smtp_address_preference = any" is safe. With
-this, mail will eventually be delivered even if there is an outage
+this, and "smtp_balance_inet_protocols = yes" (the default), only
+half of deliveries will suffer delays if there is an outage
that affects IPv6 or IPv4, as long as it does not affect both.
+.IP \(bu
+The setting "smtp_address_preference = ipv4" is not a
+solution for remote servers that flag email received over IPv6 as
+more 'spammy' (the client IPv6 address has a bad or missing PTR or
+AAAA record, bad network neighbors, etc.). Instead, configure Postfix
+to receive mail over both IPv4 and IPv6, and to deliver mail over
+only IPv4.
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ inet_protocols = all
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/master.cf
+ smtp ...other fields... smtp \-o inet_protocols=ipv4
+.fi
+.ad
+.ft R
+.in -4
.br
.PP
This feature is available in Postfix 2.8 and later.
@@ -7919,12 +8090,21 @@ lookup is done only when sender\-dependent authentication is enabled.
If no username:password entry is found, then the Postfix SMTP client
will not attempt to authenticate to the remote host.
.PP
+Use smtp_sasl_password_result_delimiter to specify an
+alternative separator between username and password.
+.PP
The Postfix SMTP client opens the lookup table before going to
chroot jail, so you can leave the password file in /etc/postfix.
.PP
Specify zero or more "type:name" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
until a match is found.
+.SH smtp_sasl_password_result_delimiter (default: :)
+The delimiter between username and password in sasl_passwd_maps lookup
+results. Specify one non\-whitespace character that does not appear in
+the username.
+.PP
+This feature is available in Postfix >= 3.9.
.SH smtp_sasl_path (default: empty)
Implementation\-specific information that the Postfix SMTP client
passes through to
@@ -8507,6 +8687,89 @@ to anyone else.
.PP
This feature is available in Postfix 2.6 and later, when Postfix is
compiled and linked with OpenSSL 1.0.0 or later.
+.SH smtp_tls_enable_rpk (default: no)
+Request that remote SMTP servers send an RFC7250 raw public key
+instead of an X.509 certificate. This feature and the enable_rpk
+policy attribute are ignored when there is no raw public key support
+in the local TLS implementation.
+.IP \(bu
+At the "may", "encrypt" and "fingerprint" security levels,
+with parameter setting "smtp_tls_enable_rpk = yes" or with "enable_rpk
+= yes" in a policy entry, the Postfix SMTP client will indicate in
+the TLS handshake that it prefers to receive a raw server public
+key, but it will still accept a server public key certificate.
+.IP \(bu
+At the "fingerprint" security level, with parameter setting
+"smtp_tls_enable_rpk = yes" or with "enable_rpk = yes" in a policy
+entry, server authentication based on certificate fingerprints
+becomes more fragile. Even if the server private key and certificate
+remain unchanged, the remote SMTP server will fail fingerprint
+authentication (won't match the configured list of fingerprints)
+when it starts sending a raw public key instead of a certificate,
+after its TLS implementation is updated with raw public key support.
+Therefore, \fBDO NOT\fR enable raw public keys to remote destinations
+authenticated by server \fBcertificate\fR fingerprints. You should
+enable raw public keys only for servers matched via their public
+key fingerprint.
+.IP \(bu
+At the "verify" and "secure" security levels, the Postfix
+SMTP client always ignores the parameter setting smtp_tls_enable_rpk
+or the enable_rpk policy attribute.
+.IP \(bu
+At the opportunistic "dane" security level, the Postfix
+SMTP client ignores the parameter setting smtp_tls_enable_rpk or
+the enable_rpk policy attribute (but it will respect them when it
+falls back to the "may" or "encrypt" level). When all valid TLSA
+records specify only server public keys (no certificates) and the
+local TLS implementation supports raw public keys, the client will
+indicate in the TLS handshake that it prefers to receive a raw
+public key, but it will still accept a public key certificate.
+.IP \(bu
+At the mandatory "dane\-only" security level, the Postfix
+SMTP client always ignores the parameter setting smtp_tls_enable_rpk
+or the enable_rpk policy attribute. When all valid TLSA records
+specify only server public keys (no certificates) and the local TLS
+implementation supports raw public keys, the client will indicate
+in the TLS handshake that it prefers to receive a raw public key,
+but it will still accept a public key certificate.
+.br
+.PP
+The Postfix SMTP client is always willing to send raw public keys
+to servers that solicit them when a client certificate is configured
+and the local TLS implementation supports raw public keys.
+.PP
+Sample commands to compute certificate and public key SHA256 digests:
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the first certificate in "cert.pem"
+$ openssl x509 \-in cert.pem \-outform DER | openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the SPKI of the first certificate in "cert.pem"
+$ openssl x509 \-in cert.pem \-pubkey \-noout |
+ openssl pkey \-pubin \-outform DER | openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the SPKI of the first private key in "pkey.pem"
+$ openssl pkey \-in pkey.pem \-pubout \-outform DER |
+ openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.9 and later.
.SH smtp_tls_enforce_peername (default: yes)
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
@@ -8762,7 +9025,9 @@ With Postfix 2.8 and earlier, log the summary message and unconditionally
log trust\-chain verification errors.
.br
.IP ""
-2 Also log levels during TLS negotiation.
+2 Also enable verbose logging in the Postfix TLS
+library, log session cache operations, and enable OpenSSL logging
+of the progress of the SSL handshake.
.br
.IP ""
3 Also log the hexadecimal and ASCII dump of the
@@ -8997,7 +9262,9 @@ and smtp_tls_enforce_peername settings.
.br
.IP "MAY"
Try to use TLS if the server announces support,
-otherwise use an unencrypted connection. This has less precedence
+otherwise use an unencrypted connection; after a failed TLS handshake
+or TLS session, fall back to plaintext if the message has spent
+minimal_backoff_time in the mail queue. This level has less precedence
than a more specific result (including \fBNONE\fR) from the alternate
host or next\-hop lookup key, and has less precedence than the more
specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername
@@ -9084,28 +9351,35 @@ No TLS. No additional attributes are supported at this level.
Opportunistic TLS. Since sending in the clear is acceptable,
demanding stronger than default TLS security merely reduces
interoperability. The optional "ciphers", "exclude", and "protocols"
-attributes (available for opportunistic TLS with Postfix >= 2.6)
-and "connection_reuse" attribute (Postfix >= 3.4) override the
+attributes (available for opportunistic TLS with Postfix >= 2.6) and
+"connection_reuse" attribute (Postfix >= 3.4) override the
"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", "smtp_tls_protocols",
-and
-"smtp_tls_connection_reuse" configuration parameters. In the policy table,
-multiple ciphers, protocols or excluded ciphers must be separated by colons,
-as attribute values may not contain whitespace or commas. When opportunistic
-TLS handshakes fail, Postfix retries the connection with TLS disabled.
-This allows mail delivery to sites with non\-interoperable TLS
-implementations.
+and "smtp_tls_connection_reuse" configuration parameters. In the policy
+table, multiple ciphers, protocols or excluded ciphers must be separated
+by colons, as attribute values may not contain whitespace or commas. At
+this level and higher, the optional "servername" attribute (available
+with Postfix >= 3.4) overrides the global "smtp_tls_servername"
+parameter, enabling per\-destination configuration of the SNI extension
+sent to the remote SMTP server. The optional "enable_rpk" attribute
+(Postfix >= 3.9) overrides the main.cf smtp_tls_enable_rpk parameter.
+When opportunistic TLS handshakes fail, Postfix retries the connection
+with TLS disabled. This allows mail delivery to sites with
+non\-interoperable TLS implementations.
.br
.IP "\fBencrypt\fR"
-Mandatory TLS encryption. At this level
-and higher, the optional "protocols" attribute overrides the main.cf
+Mandatory TLS encryption. Mail is delivered only if the remote SMTP
+server offers STARTTLS and the TLS handshake succeeds. At this level and
+higher, the optional "protocols" attribute overrides the main.cf
smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
-overrides the main.cf smtp_tls_mandatory_ciphers parameter, the
-optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf
+overrides the main.cf smtp_tls_mandatory_ciphers parameter, the optional
+"exclude" attribute (Postfix >= 2.6) overrides the main.cf
smtp_tls_mandatory_exclude_ciphers parameter, and the optional
-"connection_reuse" attribute (Postfix >= 3.4) overrides the
-main.cf smtp_tls_connection_reuse parameter. In the policy table,
-multiple ciphers, protocols or excluded ciphers must be separated by colons,
-as attribute values may not contain whitespace or commas.
+"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf
+smtp_tls_connection_reuse parameter. In the policy table, multiple
+ciphers, protocols or excluded ciphers must be separated by colons, as
+attribute values may not contain whitespace or commas. The optional
+"enable_rpk" attribute (Postfix >= 3.9) overrides the main.cf
+smtp_tls_enable_rpk parameter.
.br
.IP "\fBdane\fR"
Opportunistic DANE TLS. The TLS policy for the destination is
@@ -9144,10 +9418,10 @@ Certificate fingerprint
verification. Available with Postfix 2.5 and later. At this security
level, there are no trusted Certification Authorities. The certificate
trust chain, expiration date, ... are not checked. Instead,
-the optional "match" attribute, or else the main.cf
+the optional policy table "match" attribute, or else the main.cf
\fBsmtp_tls_fingerprint_cert_match\fR parameter, lists the certificate
-fingerprints or the public key fingerprint (Postfix 2.9 and later)
-of the valid server certificate. The digest
+fingerprints or the public key fingerprints (Postfix 2.9 and later)
+of acceptable server certificates. The digest
algorithm used to calculate the fingerprint is selected by the
\fBsmtp_tls_fingerprint_digest\fR parameter. Multiple fingerprints can
be combined with a "|" delimiter in a single match attribute, or multiple
@@ -9158,45 +9432,58 @@ digits. The optional "ciphers", "exclude", and "protocols" attributes
"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols"
configuration parameters. The optional "connection_reuse" attribute
(Postfix >= 3.4) overrides the main.cf smtp_tls_connection_reuse
-parameter.
+parameter. The optional "enable_rpk" attribute (Postfix >= 3.9)
+overrides the main.cf smtp_tls_enable_rpk parameter.
.br
.IP "\fBverify\fR"
-Mandatory TLS verification. At this security
-level, DNS MX lookups are trusted to be secure enough, and the name
-verified in the server certificate is usually obtained indirectly via
-unauthenticated DNS MX lookups. The optional "match" attribute overrides
-the main.cf smtp_tls_verify_cert_match parameter. In the policy table,
-multiple match patterns and strategies must be separated by colons.
-In practice explicit control over matching is more common with the
-"secure" policy, described below. The optional "ciphers", "exclude",
-and "protocols" attributes (Postfix >= 2.6) override the
-"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and
-"smtp_tls_mandatory_protocols" configuration parameters. The optional
-"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf
-smtp_tls_connection_reuse parameter.
+Mandatory TLS verification. Mail is delivered only if the TLS
+handshake succeeds, the remote SMTP server certificate chain can be
+validated, and a DNS name in the certificate matches the specified match
+criteria. At this security level, DNS MX lookups are presumed to be
+secure enough, and the name verified in the server certificate is
+potentially obtained via unauthenticated DNS MX lookups. The optional
+"match" attribute overrides the main.cf smtp_tls_verify_cert_match
+parameter. In the policy table, multiple match patterns and strategies
+must be separated by colons. In practice explicit control over matching
+is more common with the "secure" policy, described below. The optional
+"ciphers", "exclude", and "protocols" attributes (Postfix >= 2.6)
+override the "smtp_tls_mandatory_ciphers",
+"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols"
+configuration parameters. With Postfix >= 2.11 the optional "tafile"
+policy table attribute modifies trust chain verification in the same
+manner as the "smtp_tls_trust_anchor_file" parameter. The "tafile"
+attribute may be specified multiple times to load multiple trust\-anchor
+files. The optional "connection_reuse" attribute (Postfix >= 3.4)
+overrides the main.cf smtp_tls_connection_reuse parameter.
.br
.IP "\fBsecure\fR"
-Secure\-channel TLS. At this security level, DNS
-MX lookups, though potentially used to determine the candidate next\-hop
-gateway IP addresses, are \fBnot\fR trusted to be secure enough for TLS
-peername verification. Instead, the default name verified in the server
-certificate is obtained directly from the next\-hop, or is explicitly
-specified via the optional "match" attribute which overrides the
-main.cf smtp_tls_secure_cert_match parameter. In the policy table,
-multiple match patterns and strategies must be separated by colons.
-The match attribute is most useful when multiple domains are supported by
-a common server: the policy entries for additional domains specify matching
-rules for the primary domain certificate. While transport table overrides
-that route the secondary domains to the primary nexthop also allow secure
-verification, they risk delivery to the wrong destination when domains
-change hands or are re\-assigned to new gateways. With the "match"
-attribute approach, routing is not perturbed, and mail is deferred if
-verification of a new MX host fails. The optional "ciphers", "exclude",
-and "protocols" attributes (Postfix >= 2.6) override the
-"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and
-"smtp_tls_mandatory_protocols" configuration parameters. The optional
-"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf
-smtp_tls_connection_reuse parameter.
+Secure certificate verification. Mail is delivered only if the TLS
+handshake succeeds, the remote SMTP server certificate chain can be
+validated, and a DNS name in the certificate matches the specified match
+criteria. At this security level, DNS MX lookups, though potentially
+used to determine the candidate next\-hop gateway IP addresses, are
+\fBnot\fR presumed to be secure enough for TLS peername verification.
+Instead, the default name verified in the server certificate is obtained
+directly from the next\-hop, or is explicitly specified via the optional
+"match" attribute which overrides the main.cf smtp_tls_secure_cert_match
+parameter. In the policy table, multiple match patterns and strategies
+must be separated by colons. The match attribute is most useful when
+multiple domains are supported by a common server: the policy entries
+for additional domains specify matching rules for the primary domain
+certificate. While transport table overrides that route the secondary
+domains to the primary nexthop also allow secure verification, they risk
+delivery to the wrong destination when domains change hands or are
+re\-assigned to new gateways. With the "match" attribute approach,
+routing is not perturbed, and mail is deferred if verification of a new
+MX host fails. The optional "ciphers", "exclude", and "protocols"
+attributes (Postfix >= 2.6) override the "smtp_tls_mandatory_ciphers",
+"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols"
+configuration parameters. With Postfix >= 2.11 the "tafile" attribute
+optionally modifies trust chain verification in the same manner as the
+"smtp_tls_trust_anchor_file" parameter. The "tafile" attribute may be
+specified multiple times to load multiple trust\-anchor files. The
+optional "connection_reuse" attribute (Postfix >= 3.4) overrides the
+main.cf smtp_tls_connection_reuse parameter.
.br
.br
.PP
@@ -9243,7 +9530,7 @@ DNS forgery. Do not use the "hostname" strategy for secure\-channel
configurations in environments where DNS security is not assured.
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtp_tls_protocols (default: see postconf \-d output)
+.SH smtp_tls_protocols (default: see 'postconf \-d' output)
TLS protocols that the Postfix SMTP client will use with
opportunistic TLS encryption. In main.cf the values are separated by
whitespace, commas or colons. In the policy table "protocols" attribute
@@ -9406,7 +9693,9 @@ destinations via smtp_tls_policy_maps.
.br
.IP "\fBmay\fR"
Opportunistic TLS. Use TLS if this is supported by the remote
-SMTP server, otherwise use plaintext. Since
+SMTP server, otherwise use plaintext; after a failed TLS handshake
+or TLS session, fall back to plaintext if the message has spent
+minimal_backoff_time in the mail queue. Since
sending in the clear is acceptable, demanding stronger than default TLS
security merely reduces interoperability.
The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6)
@@ -10127,9 +10416,8 @@ pubkey_fingerprint } }
The commas are optional.
.br
.IP "\fBcheck_client_access \fItype:table\fR\fR"
-Search the specified access database for the client hostname,
-parent domains, client IP address, or networks obtained by stripping
-least significant octets. See the \fBaccess\fR(5) manual page for details.
+Search the specified access database for the client hostname
+or IP address. See the \fBaccess\fR(5) manual page for details.
.br
.IP "\fBcheck_client_a_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the IP addresses for the
@@ -10156,8 +10444,7 @@ available in Postfix 2.7 and later.
.br
.IP "\fBcheck_reverse_client_hostname_access \fItype:table\fR\fR"
Search the specified access database for the unverified reverse
-client hostname, parent domains, client IP address, or networks
-obtained by stripping least significant octets. See the \fBaccess\fR(5)
+client hostname or IP address. See the \fBaccess\fR(5)
manual page for details. Note: a result of "OK" is not allowed for
safety reasons. Instead, use DUNNO in order to exclude specific
hosts from denylists. This feature is available in Postfix 2.6
@@ -10684,6 +10971,9 @@ Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+smtpd_tls_security_level instead.
+.PP
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH smtpd_error_sleep_time (default: 1s)
@@ -10720,8 +11010,8 @@ restriction that matches wins.
The following restrictions are specific to the domain name information
received with the ETRN command.
.IP "\fBcheck_etrn_access \fItype:table\fR\fR"
-Search the specified access database for the ETRN domain name
-or its parent domains. See the \fBaccess\fR(5) manual page for details.
+Search the specified access database for the ETRN domain name.
+See the \fBaccess\fR(5) manual page for details.
.br
.br
.PP
@@ -10752,7 +11042,7 @@ The smtpd_expansion_filter value is not subject to Postfix configuration
parameter $name expansion.
.PP
This feature is available in Postfix 2.0 and later.
-.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no)
+.SH smtpd_forbid_bare_newline (default: Postfix >= 3.9: normalize)
Reject or restrict input lines from an SMTP client that end in
<LF> instead of the standard <CR><LF>. Such line
endings are commonly allowed with UNIX\-based SMTP servers, but they
@@ -10761,7 +11051,7 @@ vulnerable to
SMTP smuggling.
.PP
Specify one of the following values (case does not matter):
-.IP "\fBnormalize\fR"
+.IP "\fBnormalize\fR (default for Postfix >= 3.9)"
Require the standard
End\-of\-DATA sequence <CR><LF>.<CR><LF>.
Otherwise, allow command or message content lines ending in the
@@ -10780,6 +11070,17 @@ with the standard End\-of\-DATA sequence
Such clients
can be excluded with smtpd_forbid_bare_newline_exclusions.
.br
+.IP "\fBnote\fR"
+Same as "normalize", but also notes in
+the log whether the Postfix SMTP server received any lines with
+"bare <LF>". The information is formatted as "disconnect
+from name[address] ... notes=bare_lf". The notes value is
+expected to become a list of comma\-separated names.
+.br
+.br
+This
+feature is available in Postfix 3.9 and later.
+.br
.IP "\fByes\fR"
Compatibility alias for \fBnormalize\fR.
.br
@@ -10808,9 +11109,8 @@ of BDAT violations, BDAT can be selectively disabled with
smtpd_discard_ehlo_keyword_address_maps, or globally disabled with
smtpd_discard_ehlo_keywords).
.br
-.IP "\fBno\fR (default)"
-Do not require the standard
-End\-of\-DATA
+.IP "\fBno\fR (default for Postfix < 3.9)"
+Do not require the standard End\-of\-DATA
sequence <CR><LF>.<CR><LF>. Always process
a bare <LF> as if the client sent <CR><LF>. This
option is fully backwards compatible, but is not recommended for
@@ -10904,9 +11204,8 @@ This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10,
Disconnect remote SMTP clients that violate RFC 2920 (or 5321)
command pipelining constraints. The server replies with "554 5.5.0
Error: SMTP protocol synchronization" and logs the unexpected remote
-SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes"
-to enable. This feature is enabled by default with Postfix >=
-3.9.
+SMTP client input. This feature is enabled by default with Postfix
+>= 3.9. Specify "smtpd_forbid_unauth_pipelining = no" to disable.
.PP
This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
3.6.10, and 3.5.20.
@@ -10964,7 +11263,7 @@ The following restrictions are specific to the hostname information
received with the HELO or EHLO command.
.IP "\fBcheck_helo_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the HELO or EHLO
-hostname or parent domains, and execute the corresponding action.
+hostname, and execute the corresponding action.
Note: specify "smtpd_helo_required = yes" to fully enforce this
restriction (without "smtpd_helo_required = yes", a client can
simply skip check_helo_access by not sending HELO or EHLO).
@@ -11430,8 +11729,7 @@ The following restrictions are specific to the recipient address
that is received with the RCPT TO command.
.IP "\fBcheck_recipient_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the resolved RCPT
-TO address, domain, parent domains, or localpart@, and execute the
-corresponding action.
+TO address, and execute the corresponding action.
.br
.IP "\fBcheck_recipient_a_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the IP addresses for
@@ -11809,7 +12107,7 @@ Continue long lines by starting the next line with whitespace.
The same restrictions are available as documented under
smtpd_recipient_restrictions.
.PP
-This feature is available in Postix 2.10 and later.
+This feature is available in Postfix 2.10 and later.
.SH smtpd_restriction_classes (default: empty)
User\-defined aliases for groups of access restrictions. The aliases
can be specified in smtpd_recipient_restrictions etc., and on the
@@ -12089,8 +12387,7 @@ The following restrictions are specific to the sender address
received with the MAIL FROM command.
.IP "\fBcheck_sender_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the MAIL FROM
-address, domain, parent domains, or localpart@, and execute the
-corresponding action.
+address, and execute the corresponding action.
.br
.IP "\fBcheck_sender_a_access \fItype:table\fR\fR"
Search the specified \fBaccess\fR(5) database for the IP addresses for
@@ -12903,6 +13200,59 @@ Postfix uses ciphers with forward secrecy.
This feature is available in Postfix 2.6 and later, when it is
compiled and linked with OpenSSL 1.0.0 or later on platforms
where EC algorithms have not been disabled by the vendor.
+.SH smtpd_tls_enable_rpk (default: no)
+Request that remote SMTP clients send an RFC7250 raw public key
+instead of an X.509 certificate, when asking for or requiring client
+authentication. This feature is ignored when there is no raw public
+key support in the local TLS implementation.
+.PP
+The Postfix SMTP server will log a warning when "smtpd_tls_enable_rpk
+= yes", but the remote SMTP client sends a certificate, the
+certificate's public key fingerprint does not match a check_ccert_access
+table, while the certificate fingerprint does match a check_ccert_access
+table. The remote SMTP client would lose access when it starts
+sending a raw public key instead of a certificate, after its TLS
+implementation is updated with raw public key support.
+.PP
+The Postfix SMTP server always sends a raw public key instead
+of a certificate, if solicited by the remote SMTP client and the
+local TLS implementation supports raw public keys. If the client
+sends a server name indication with an SNI TLS extension, and
+tls_server_sni_maps is configured, the server will extract a raw
+public key from the indicated certificate.
+.PP
+Sample commands to compute certificate and public key SHA256 digests:
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the first certificate in "cert.pem"
+$ openssl x509 \-in cert.pem \-outform DER | openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the SPKI of the first certificate in "cert.pem"
+$ openssl x509 \-in cert.pem \-pubkey \-noout |
+ openssl pkey \-pubin \-outform DER | openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+.nf
+.na
+.ft C
+# SHA256 digest of the SPKI of the first private key in "pkey.pem"
+$ openssl pkey \-in pkey.pem \-pubout \-outform DER |
+ openssl dgst \-sha256 \-c
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 3.9 and later.
.SH smtpd_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP server
cipher list at all TLS security levels. Excluding valid ciphers
@@ -13064,7 +13414,9 @@ earlier, log the summary message, peer certificate summary information
and unconditionally log trust\-chain verification errors.
.br
.IP ""
-2 Also log levels during TLS negotiation.
+2 Also enable verbose logging in the Postfix TLS
+library, log session cache operations, and enable OpenSSL logging
+of the progress of the SSL handshake.
.br
.IP ""
3 Also log hexadecimal and ASCII dump of TLS negotiation
@@ -13233,7 +13585,7 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
.ft R
.PP
This feature is available in Postfix 2.3 and later.
-.SH smtpd_tls_protocols (default: see postconf \-d output)
+.SH smtpd_tls_protocols (default: see 'postconf \-d' output)
TLS protocols accepted by the Postfix SMTP server with opportunistic
TLS encryption. If the list is empty, the server supports all available
TLS protocol versions. A non\-empty value is a list of protocol names to
@@ -13466,6 +13818,9 @@ Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+smtpd_tls_security_level instead.
+.PP
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH smtputf8_autodetect_classes (default: sendmail, verify)
@@ -13822,8 +14177,7 @@ via the tls_config_file parameter. When empty, or when the
selected name is not present in the configuration file, the default
application name ("openssl_conf") is used as a fallback.
.PP
-This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
-3.6.10, and 3.5.20.
+This feature is available in Postfix >= 3.9.
.SH tls_daemon_random_bytes (default: 32)
The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its
@@ -14540,6 +14894,9 @@ Enforcement mode: require that SMTP servers use TLS encryption.
See smtp_enforce_tls for further details. Use
tlsproxy_client_security_level instead.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+tlsproxy_client_security_level instead.
+.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_fingerprint_digest (default: $smtp_tls_fingerprint_digest)
The message digest algorithm used to construct remote TLS server
@@ -14575,6 +14932,9 @@ Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
usage policy by next\-hop destination and by remote TLS server
hostname. See smtp_tls_per_site for further details.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+tlsproxy_client_policy_maps instead.
+.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps)
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
@@ -14606,12 +14966,18 @@ Opportunistic mode: use TLS when a remote server announces TLS
support. See smtp_use_tls for further details. Use
tlsproxy_client_security_level instead.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+tlsproxy_client_security_level instead.
+.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_enforce_tls (default: $smtpd_enforce_tls)
Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
require that clients use TLS encryption. See smtpd_enforce_tls for
further details. Use tlsproxy_tls_security_level instead.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+tlsproxy_tls_security_level instead.
+.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_service_name (default: tlsproxy)
The name of the \fBtlsproxy\fR(8) service entry in master.cf. This
@@ -14678,6 +15044,8 @@ File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file
for further details.
.PP
+This feature is deprecated as of Postfix 3.9. Do not specify.
+.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file)
File with DH parameters that the Postfix \fBtlsproxy\fR(8) server
@@ -14720,7 +15088,15 @@ The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See
smtpd_tls_eecdh_grade for further details.
.PP
+This feature is deprecated as of Postfix 3.9. Do not specify.
+.PP
This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_enable_rpk (default: $smtpd_tls_enable_rpk)
+Request that remote SMTP clients send an RFC7250 raw public key
+instead of an X.509 certificate, when asking or requiring client
+authentication. See $smtpd_tls_enable_rpk for details.
+.PP
+This feature is available in Postfix 3.9 and later.
.SH tlsproxy_tls_exclude_ciphers (default: $smtpd_tls_exclude_ciphers)
List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8)
server cipher list at all TLS security levels. See
@@ -14799,6 +15175,9 @@ Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
but do not require that clients use TLS encryption. See smtpd_use_tls
for further details. Use tlsproxy_tls_security_level instead.
.PP
+This feature is deprecated as of Postfix 3.9. Specify
+tlsproxy_tls_security_level instead.
+.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_watchdog_timeout (default: 10s)
How much time a \fBtlsproxy\fR(8) process may take to process local
@@ -14952,7 +15331,13 @@ This feature is available in Postfix 2.5 and later.
.SH transport_maps (default: empty)
Optional lookup tables with mappings from recipient address to
(message delivery transport, next\-hop destination). See \fBtransport\fR(5)
-for details.
+for syntax details.
+.PP
+This information may override the message delivery transport
+and/or next\-hop destination that are specified with $local_transport,
+$virtual_transport, $relay_transport, $default_transport,
+$sender_dependent_relayhost_maps, $relayhost,
+$sender_dependent_default_transport_maps, or the recipient domain.
.PP
Specify zero or more "type:table" lookup tables, separated by
whitespace or comma. Tables will be searched in the specified order
@@ -15421,8 +15806,10 @@ from each original recipient.
.PP
This feature is available in Postfix 2.1 and later.
.SH virtual_alias_maps (default: $virtual_maps)
-Optional lookup tables that alias specific mail addresses or domains
-to other local or remote addresses. The table format and lookups
+Optional lookup tables with aliases that apply to all recipients:
+\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
+only to \fBlocal\fR(8) recipients.
+The table format and lookups
are documented in \fBvirtual\fR(5). For an overview of Postfix address
manipulations see the ADDRESS_REWRITING_README document.
.PP
diff --git a/man/man5/regexp_table.5 b/man/man5/regexp_table.5
index 9eeefe4..e969821 100644
--- a/man/man5/regexp_table.5
+++ b/man/man5/regexp_table.5
@@ -163,9 +163,14 @@ in\-memory file:
Postfix parses the result as if it is a file in /etc/postfix.
-Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep
-Postfix from trying to do \fI$name\fR expansion as it
-evaluates a parameter value.
+Note: if an inlined rule contains \fB$\fR, specify \fB$$\fR
+to keep Postfix from trying to do \fI$name\fR expansion as
+it evaluates a parameter value.
+
+Note: when using \fI$name\fR inside an inlined pattern,
+this will not disable metacharacters such as '.' in the
+\fI$name\fR expansion. To prevent unexpected matches, use
+a pcre: table, and specify \eQ\fI$name\fR\eE.
.SH "EXAMPLE SMTPD ACCESS MAP"
.na
.nf
diff --git a/man/man5/relocated.5 b/man/man5/relocated.5
index fbc85a3..e1d7863 100644
--- a/man/man5/relocated.5
+++ b/man/man5/relocated.5
@@ -147,8 +147,8 @@ domains that no longer exist.
.PP
Other parameters of interest:
.IP "\fBinet_interfaces (all)\fR"
-The network interface addresses that this mail system receives
-mail on.
+The local network interface addresses that this mail system
+receives mail on.
.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
The list of domains that are delivered via the $local_transport
mail delivery transport.
@@ -156,7 +156,7 @@ mail delivery transport.
The domain name that locally\-posted mail appears to come
from, and that locally posted mail is delivered to.
.IP "\fBproxy_interfaces (empty)\fR"
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.SH "SEE ALSO"
.na
diff --git a/man/man5/socketmap_table.5 b/man/man5/socketmap_table.5
index c53db3d..e5671dd 100644
--- a/man/man5/socketmap_table.5
+++ b/man/man5/socketmap_table.5
@@ -19,7 +19,7 @@ Postfix socketmap table lookup client
.ad
.fi
The Postfix mail system uses optional tables for address
-rewriting. mail routing or policy lookup.
+rewriting, mail routing or policy lookup.
The Postfix socketmap client expects TCP endpoint names of
the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or
diff --git a/man/man5/virtual.5 b/man/man5/virtual.5
index 5a66c7f..e03a500 100644
--- a/man/man5/virtual.5
+++ b/man/man5/virtual.5
@@ -16,13 +16,14 @@ Postfix virtual alias table format
.SH DESCRIPTION
.ad
.fi
-The optional \fBvirtual\fR(5) alias table rewrites recipient
-addresses for all local, all virtual, and all remote mail
-destinations.
-This is unlike the \fBaliases\fR(5) table which is used
-only for \fBlocal\fR(8) delivery. This feature is implemented
+The optional \fBvirtual\fR(5) alias table (virtual_alias_maps)
+applies to all recipients: local(8), virtual, and remote.
+This feature is implemented
in the Postfix \fBcleanup\fR(8) daemon before mail is queued.
+This is unlike the \fBaliases\fR(5) table (alias_maps) which
+applies only to \fBlocal\fR(8) recipients.
+
Virtual aliasing is recursive; to terminate recursion for
a specific address, alias that address to itself.
@@ -270,8 +271,9 @@ this topic. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the "\fBpostfix reload\fR" command after
a configuration change.
.IP "\fBvirtual_alias_maps ($virtual_maps)\fR"
-Optional lookup tables that alias specific mail addresses or domains
-to other local or remote addresses.
+Optional lookup tables with aliases that apply to all recipients:
+\fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply
+only to \fBlocal\fR(8) recipients.
.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR"
Postfix is the final destination for the specified list of virtual
alias domains, that is, domains for which all addresses are aliased
@@ -282,8 +284,8 @@ key to the lookup result.
.PP
Other parameters of interest:
.IP "\fBinet_interfaces (all)\fR"
-The network interface addresses that this mail system receives
-mail on.
+The local network interface addresses that this mail system
+receives mail on.
.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR"
The list of domains that are delivered via the $local_transport
mail delivery transport.
@@ -296,7 +298,7 @@ Enable special treatment for owner\-\fIlistname\fR entries in the
\fIlistname\fR\-request address localparts when the recipient_delimiter
is set to "\-".
.IP "\fBproxy_interfaces (empty)\fR"
-The network interface addresses that this mail system receives mail
+The remote network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.SH "SEE ALSO"
.na