summaryrefslogtreecommitdiffstats
path: root/html
diff options
context:
space:
mode:
Diffstat (limited to 'html')
-rw-r--r--html/ADDRESS_CLASS_README.html283
-rw-r--r--html/ADDRESS_REWRITING_README.html1247
-rw-r--r--html/ADDRESS_VERIFICATION_README.html659
-rw-r--r--html/BACKSCATTER_README.html411
-rw-r--r--html/BASIC_CONFIGURATION_README.html685
-rw-r--r--html/BDAT_README.html179
-rw-r--r--html/BUILTIN_FILTER_README.html489
-rw-r--r--html/CDB_README.html110
-rw-r--r--html/COMPATIBILITY_README.html595
-rw-r--r--html/CONNECTION_CACHE_README.html351
-rw-r--r--html/CONTENT_INSPECTION_README.html93
-rw-r--r--html/DATABASE_README.html498
-rw-r--r--html/DB_README.html247
-rw-r--r--html/DEBUG_README.html598
-rw-r--r--html/DSN_README.html157
-rw-r--r--html/ETRN_README.html375
-rw-r--r--html/FILTER_README.html981
-rw-r--r--html/FORWARD_SECRECY_README.html614
-rw-r--r--html/INSTALL.html1677
-rw-r--r--html/IPV6_README.html364
-rw-r--r--html/LDAP_README.html633
-rw-r--r--html/LINUX_README.html120
-rw-r--r--html/LMDB_README.html422
-rw-r--r--html/LOCAL_RECIPIENT_README.html181
-rw-r--r--html/MAILDROP_README.html196
-rw-r--r--html/MAILLOG_README.html185
-rw-r--r--html/MEMCACHE_README.html77
-rw-r--r--html/MILTER_README.html1003
-rw-r--r--html/MULTI_INSTANCE_README.html1275
-rw-r--r--html/MYSQL_README.html187
-rw-r--r--html/Makefile.in351
-rw-r--r--html/NFS_README.html138
-rw-r--r--html/OVERVIEW.html937
-rw-r--r--html/PACKAGE_README.html155
-rw-r--r--html/PCRE_README.html124
-rw-r--r--html/PGSQL_README.html175
-rw-r--r--html/POSTSCREEN_3_5_README.html1199
-rw-r--r--html/POSTSCREEN_README.html1215
-rw-r--r--html/QSHAPE_README.html939
-rw-r--r--html/RESTRICTION_CLASS_README.html240
-rw-r--r--html/SASL_README.html2278
-rw-r--r--html/SCHEDULER_README.html1840
-rw-r--r--html/SMTPD_ACCESS_README.html440
-rw-r--r--html/SMTPD_POLICY_README.html826
-rw-r--r--html/SMTPD_PROXY_README.html438
-rw-r--r--html/SMTPUTF8_README.html400
-rw-r--r--html/SOHO_README.html418
-rw-r--r--html/SQLITE_README.html115
-rw-r--r--html/STANDARD_CONFIGURATION_README.html857
-rw-r--r--html/STRESS_README.html567
-rw-r--r--html/TLS_LEGACY_README.html1607
-rw-r--r--html/TLS_README.html3253
-rw-r--r--html/TUNING_README.html705
-rw-r--r--html/UUCP_README.html201
-rw-r--r--html/VERP_README.html290
-rw-r--r--html/VIRTUAL_README.html649
-rw-r--r--html/XCLIENT_README.html268
-rw-r--r--html/XFORWARD_README.html242
-rw-r--r--html/access.5.html439
-rw-r--r--html/aliases.5.html209
-rw-r--r--html/anvil.8.html243
-rw-r--r--html/bounce.5.html206
-rw-r--r--html/bounce.8.html198
-rw-r--r--html/canonical.5.html285
-rw-r--r--html/cidr_table.5.html167
-rw-r--r--html/cleanup.8.html559
-rw-r--r--html/defer.8.html198
-rw-r--r--html/discard.8.html134
-rw-r--r--html/dnsblog.8.html104
-rw-r--r--html/error.8.html140
-rw-r--r--html/flush.8.html180
-rw-r--r--html/generic.5.html236
-rw-r--r--html/header_checks.5.html490
-rw-r--r--html/index.html222
-rw-r--r--html/ldap_table.5.html678
-rw-r--r--html/lmdb_table.5.html112
-rw-r--r--html/lmtp.8.html1123
-rw-r--r--html/local.8.html630
-rw-r--r--html/mailq.1.html523
-rw-r--r--html/makedefs.1.html219
-rw-r--r--html/master.5.html262
-rw-r--r--html/master.8.html227
-rw-r--r--html/memcache_table.5.html224
-rw-r--r--html/mysql_table.5.html382
-rw-r--r--html/newaliases.1.html523
-rw-r--r--html/nisplus_table.5.html88
-rw-r--r--html/oqmgr.8.html425
-rw-r--r--html/pcre_table.5.html250
-rw-r--r--html/pgsql_table.5.html302
-rw-r--r--html/pickup.8.html132
-rw-r--r--html/pipe.8.html506
-rw-r--r--html/postalias.1.html253
-rw-r--r--html/postcat.1.html116
-rw-r--r--html/postconf.1.html567
-rw-r--r--html/postconf.5.html22214
-rw-r--r--html/postdrop.1.html137
-rw-r--r--html/postfix-doc.css10
-rw-r--r--html/postfix-logo.jpgbin0 -> 3665 bytes
-rw-r--r--html/postfix-manuals.html249
-rw-r--r--html/postfix-power.pngbin0 -> 5389 bytes
-rw-r--r--html/postfix-tls.1.html241
-rw-r--r--html/postfix-wrapper.5.html273
-rw-r--r--html/postfix.1.html455
-rw-r--r--html/postkick.1.html97
-rw-r--r--html/postlock.1.html118
-rw-r--r--html/postlog.1.html116
-rw-r--r--html/postlogd.8.html93
-rw-r--r--html/postmap.1.html321
-rw-r--r--html/postmulti.1.html410
-rw-r--r--html/postqueue.1.html257
-rw-r--r--html/postscreen.8.html468
-rw-r--r--html/postsuper.1.html318
-rw-r--r--html/posttls-finger.1.html365
-rw-r--r--html/proxymap.8.html223
-rw-r--r--html/qmgr.8.html509
-rw-r--r--html/qmqp-sink.1.html65
-rw-r--r--html/qmqp-source.1.html98
-rw-r--r--html/qmqpd.8.html199
-rw-r--r--html/qshape.1.html126
-rw-r--r--html/regexp_table.5.html211
-rw-r--r--html/relocated.5.html167
-rw-r--r--html/scache.8.html166
-rw-r--r--html/sendmail.1.html523
-rw-r--r--html/showq.8.html126
-rw-r--r--html/smtp-sink.1.html293
-rw-r--r--html/smtp-source.1.html138
-rw-r--r--html/smtp.8.html1123
-rw-r--r--html/smtpd.8.html1483
-rw-r--r--html/socketmap_table.5.html102
-rw-r--r--html/spawn.8.html151
-rw-r--r--html/sqlite_table.5.html239
-rw-r--r--html/tcp_table.5.html111
-rw-r--r--html/tlsmgr.8.html195
-rw-r--r--html/tlsproxy.8.html449
-rw-r--r--html/trace.8.html198
-rw-r--r--html/transport.5.html288
-rw-r--r--html/trivial-rewrite.8.html333
-rw-r--r--html/verify.8.html242
-rw-r--r--html/virtual.5.html295
-rw-r--r--html/virtual.8.html333
140 files changed, 81839 insertions, 0 deletions
diff --git a/html/ADDRESS_CLASS_README.html b/html/ADDRESS_CLASS_README.html
new file mode 100644
index 0000000..ec46627
--- /dev/null
+++ b/html/ADDRESS_CLASS_README.html
@@ -0,0 +1,283 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Address Classes </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Address Classes </h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix version 2.0 introduces the concept of address classes.
+This is a way of grouping recipient addresses by their delivery
+method. The idea comes from discussions with Victor Duchovni.
+Although address classes introduced a few incompatibilities they
+also made it possible to improve the handling of <a href="VIRTUAL_README.html#canonical">hosted domains</a>
+and of unknown recipients. </p>
+
+<p> This document provides information on the following topics: </p>
+
+<ul>
+
+<li><a href="#wtf">What are address classes good for?</a>
+
+<li><a href="#classes">What address classes does Postfix implement?</a>
+
+<li><a href="#improvements">Improvements compared to Postfix 1.1</a>
+
+<li><a href="#incompatibility">Incompatibilities with Postfix 1.1</a>
+
+</ul>
+
+<h2><a name="wtf">What are address classes good for?</a></h2>
+
+<p> Why should you care about address classes? This is how Postfix
+decides what mail to accept, and how to deliver it. In other words,
+address classes are very important for the operation of Postfix. </p>
+
+<p> An address class is defined by three items. </p>
+
+<ul>
+
+<li> <p> The list of domains that are a member of that address
+class: for example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
+
+<li> <p> The default delivery transport for that address class. For
+example, the local,
+virtual or relay delivery transport (delivery transports are defined
+in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple,
+by avoiding the need for explicit routing information in transport
+maps. </p>
+
+<li> <p> The list of valid recipient addresses for that address
+class. The Postfix SMTP server rejects invalid recipients with
+"User unknown in &lt;name of address class here&gt; table". This
+helps to keep the Postfix queue free of undeliverable MAILER-DAEMON
+messages. </p>
+
+</ul>
+
+<h2><a name="classes">What address classes does Postfix implement?</a></h2>
+
+<p> Initially the list of address classes is hard coded, but this
+is meant to become extensible. The summary below describes the main
+purpose of each class, and what the relevant configuration parameters
+are. </p>
+
+<p> The <a name="local_domain_class">local </a> domain class. </p>
+
+<ul>
+
+<li> <p> Purpose: final delivery for traditional UNIX system accounts
+and traditional Sendmail-style aliases. This is typically used for
+the <a href="VIRTUAL_README.html#canonical">canonical domains</a> of the machine (for example, $<a href="postconf.5.html#myhostname">myhostname</a>,
+$<a href="postconf.5.html#mydomain">mydomain</a>). For a discussion of the
+difference between <a href="VIRTUAL_README.html#canonical">canonical domains</a>, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and other
+domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
+
+<li> <p> Domain names are listed with the <a href="postconf.5.html#mydestination">mydestination</a> parameter.
+This domain class also includes mail for <i>user@[ipaddress]</i>
+when the IP address is listed with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameters. </p>
+
+<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
+parameter, as described in <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>. The Postfix SMTP
+server rejects invalid recipients with "User unknown in local
+recipient table". If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter value is
+empty, then the Postfix SMTP server accepts any address in the
+<a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
+
+<li> <p> The mail delivery transport is specified with the
+<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b><a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a></b>
+for delivery with the <a href="local.8.html">local(8)</a> delivery agent. </p>
+
+</ul>
+
+<p> The <a name="virtual_alias_class">virtual alias </a> domain
+class. </p>
+
+<ul>
+
+<li> <p> Purpose: <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each recipient address is
+aliased to an address in a different domain, for example, a local
+UNIX system account or a remote address. A
+<a href="VIRTUAL_README.html#virtual_alias">virtual alias example</a> is given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
+
+<li> <p> Domain names are listed in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The
+default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> for Postfix 1.1 compatibility.
+</p>
+
+<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
+parameter. The Postfix SMTP server rejects invalid recipients with
+"User unknown in virtual alias table". The default value is
+$<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p>
+
+<li> <p> There is no mail delivery transport parameter. Every
+address must be aliased to an address in some other domain. </p>
+
+</ul>
+
+<p> The <a name="virtual_mailbox_class">virtual mailbox </a> domain
+class. </p>
+
+<ul>
+
+<li> <p> Purpose: final delivery for <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each
+recipient address can have its own mailbox, and where users do not
+need to have a UNIX system account. A <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a> is
+given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
+
+<li> <p> Domain names are listed with the <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>
+parameter. The default value is $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> for Postfix
+1.1 compatibility. </p>
+
+<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+parameter. The Postfix SMTP server rejects invalid recipients with
+"User unknown in virtual mailbox table". If this parameter value
+is empty, the Postfix SMTP server accepts all recipients for domains
+listed in $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. </p>
+
+<li> <p> The mail delivery transport is specified with the
+<a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter. The default value is <b>virtual</b>
+for delivery with the <a href="virtual.8.html">virtual(8)</a> delivery agent. </p>
+
+</ul>
+
+<p> The <a name="relay_domain_class">relay </a> domain class. </p>
+
+<ul>
+
+<li> <p> Purpose: mail forwarding to remote destinations that list
+your system as primary or backup MX host. For a discussion of the
+basic configuration details, see the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>
+document. For a discussion of the difference between canonical
+domains, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and other domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a>
+file. </p>
+
+<li> <p> Domain names are listed with the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter.
+</p>
+
+<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>
+parameter. The Postfix SMTP server rejects invalid recipients with
+"User unknown in relay recipient table". If this parameter value
+is empty, the Postfix SMTP server accepts all recipients for domains
+listed with the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter. </p>
+
+<li> <p> The mail delivery transport is specified with the
+<a href="postconf.5.html#relay_transport">relay_transport</a> parameter. The default value is <b>relay</b> which
+is a clone of the <a href="smtp.8.html">smtp(8)</a> delivery agent. </p>
+
+</ul>
+
+<p> The <a name="default_domain_class">default </a> domain class.
+</p>
+
+<ul>
+
+<li> <p> Purpose: mail forwarding to the Internet on behalf of
+authorized clients. For a discussion of the basic configuration
+details, see the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> file. For a discussion
+of the difference between <a href="VIRTUAL_README.html#canonical">canonical domains</a>, <a href="VIRTUAL_README.html#canonical">hosted domains</a> and
+other domains, see the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
+
+<li> <p> This class has no destination domain table. </p>
+
+<li> <p> This class has no valid recipient address table. </p>
+
+<li> <p> The mail delivery transport is specified with the
+<a href="postconf.5.html#default_transport">default_transport</a> parameter. The default value is <b>smtp</b> for
+delivery with the <a href="smtp.8.html">smtp(8)</a> delivery agent. </p>
+
+</ul>
+
+<h2><a name="improvements">Improvements compared to Postfix
+1.1</a></h2>
+
+<p> Postfix 2.0 address classes made the following improvements
+possible over earlier Postfix versions: </p>
+
+<ul>
+
+<li> <p> You no longer need to specify all the <a href="virtual.8.html">virtual(8)</a> mailbox
+domains in the Postfix transport map. The <a href="virtual.8.html">virtual(8)</a> delivery agent
+has become a first-class citizen just like <a href="local.8.html">local(8)</a> or <a href="smtp.8.html">smtp(8)</a>.
+</p>
+
+<li> <p> On mail gateway systems, address classes provide separation
+of inbound mail relay traffic ($<a href="postconf.5.html#relay_transport">relay_transport</a>) from outbound
+traffic ($<a href="postconf.5.html#default_transport">default_transport</a>). This eliminates a problem where
+inbound mail deliveries could become resource starved in the presence
+of a high volume of outbound mail. </p>
+
+<li> <p> The SMTP server rejects unknown recipients in a more
+consistent manner than was possible with Postfix version 1. This
+is needed to keep undeliverable mail (and bounced undeliverable
+mail) out of the mail queue. This is controlled by the
+<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> configuration parameter. </p>
+
+<li> <p> As of Postfix version 2.1, the SMTP server can also reject
+unknown sender addresses (i.e. addresses that it would reject as
+an unknown recipient addresses). Sender "egress filtering" can help
+to slow down an email worm explosion. This is controlled by the
+<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> configuration parameter. </p>
+
+</ul>
+
+<h2><a name="incompatibility">Incompatibilities with Postfix 1.1</a></h2>
+
+<p> Postfix 2.0 address classes introduce a few incompatible changes
+in documented behavior. In order to ease the transitions, new
+parameters have default values that are backwards compatible. </p>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#virtual_maps">virtual_maps</a> parameter is replaced by <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
+(for address lookups) and by <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> (for the names
+of what were formerly called "Postfix-style virtual domains"). </p>
+
+<p> For backwards compatibility with Postfix version 1.1, the new
+<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> parameter defaults to $<a href="postconf.5.html#virtual_maps">virtual_maps</a>, and the
+new <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> parameter defaults to $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>.
+</p>
+
+<li> <p> The <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> parameter now has a companion
+parameter called <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> (for the names of domains
+served by the virtual delivery agent). The <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+parameter is now used for address lookups only. </p>
+
+<p> For backwards compatibility with Postfix version 1.1, the new
+<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> parameter defaults to $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>.
+</p>
+
+<li> <p> Introduction of the <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> parameter. The
+Postfix SMTP server can use this to block mail for relay recipients
+that don't exist. This list is empty by default, which means accept
+any recipient. </p>
+
+<li> <p> The <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature is now turned on by
+default. The Postfix SMTP server uses this to reject mail for
+unknown local recipients. See the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file hints
+and tips. </p>
+
+<li> <p> Introduction of the relay delivery transport in <a href="master.5.html">master.cf</a>.
+This helps to avoid mail delivery scheduling problems on inbound
+mail relays when there is a lot of outbound mail, but may require
+that you update your "<a href="postconf.5.html#defer_transports">defer_transports</a>" setting. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/ADDRESS_REWRITING_README.html b/html/ADDRESS_REWRITING_README.html
new file mode 100644
index 0000000..85e296f
--- /dev/null
+++ b/html/ADDRESS_REWRITING_README.html
@@ -0,0 +1,1247 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Address Rewriting </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Address Rewriting </h1>
+
+<hr>
+
+<h2> <a name="purpose"> Postfix address rewriting purpose </a> </h2>
+
+<p> Address rewriting is at the heart of the Postfix mail system.
+Postfix rewrites addresses for many different purposes. Some are
+merely cosmetic, and some are necessary to deliver correctly
+formatted mail to the correct destination. Examples of
+address rewriting in Postfix are: </p>
+
+<ul>
+
+<li> <p> Transform an incomplete address into a complete address.
+For example, transform "username" into "username@example.com", or
+transform "username@hostname" into "username@hostname.example.com".
+</p>
+
+<li> <p> Replace an address by an equivalent address. For example,
+replace "username@example.com" by "firstname.lastname@example.com"
+when sending mail, and do the reverse transformation when receiving
+mail. </p>
+
+<li> <p> Replace an internal address by an external address. For
+example, replace "username@localdomain.local" by "isp-account@isp.example"
+when sending mail from a home computer to the Internet.
+</p>
+
+<li> <p> Replace an address by multiple addresses. For example,
+replace the address of an alias by the addresses listed under that
+alias. </p>
+
+<li> <p> Determine how and where to deliver mail for a specific
+address. For example, deliver mail for "username@example.com" with
+the <a href="smtp.8.html">smtp(8)</a> delivery agent, to the hosts that are listed in the
+DNS as the mail servers for the domain "example.com". </p>
+
+</ul>
+
+<p> Although Postfix currently has no address rewriting language,
+it can do surprisingly powerful address manipulation via table
+lookup. Postfix typically uses lookup tables with fixed strings
+to map one address to one or multiple addresses, and typically uses
+regular expressions to map multiple addresses to one or multiple
+addresses. Fixed-string lookup tables may be in the form of local
+files, or in the form of NIS, LDAP or SQL databases. The
+<a href="DATABASE_README.html">DATABASE_README</a> document gives an introduction to Postfix lookup
+tables. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li> <a href="#william"> To rewrite message headers or not, or to label
+as invalid </a>
+
+<li> <a href="#overview"> Postfix address rewriting overview </a>
+
+<li> <a href="#receiving"> Address rewriting when mail is received</a>
+
+<ul>
+
+<li> <a href="#standard"> Rewrite addresses to standard form</a>
+
+<li> <a href="#canonical"> Canonical address mapping </a>
+
+<li> <a href="#masquerade"> Address masquerading </a>
+
+<li> <a href="#auto_bcc"> Automatic BCC recipients</a>
+
+<li> <a href="#virtual"> Virtual aliasing </a>
+
+</ul>
+
+<li> <a href="#delivering"> Address rewriting when mail is delivered</a>
+
+<ul>
+
+<li> <a href="#resolve"> Resolve address to destination </a>
+
+<li> <a href="#transport"> Mail transport switch </a>
+
+<li> <a href="#relocated"> Relocated users table </a>
+
+</ul>
+
+<li> <a href="#remote"> Address rewriting with remote delivery </a>
+
+<ul>
+
+<li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a>
+
+</ul>
+
+<li> <a href="#local"> Address rewriting with local delivery </a>
+
+<ul>
+
+<li> <a href="#aliases"> Local alias database </a>
+
+<li> <a href="#forward"> Local per-user .forward files </a>
+
+<li> <a href="#luser_relay"> Local catch-all address </a>
+
+</ul>
+
+<li> <a href="#debugging"> Debugging your address manipulations </a>
+
+</ul>
+
+<h2> <a name="william"> To rewrite message headers or not, or to label
+as invalid </a> </h2>
+
+<p> Postfix versions 2.1 and earlier always rewrite message header
+addresses, and append Postfix's own domain information to addresses
+that Postfix considers incomplete. While rewriting message header
+addresses is OK for mail with a local origin, it is undesirable
+for remote mail: </p>
+
+<ul>
+
+<li> Message header address rewriting is frowned upon by mail standards,
+
+<li> Appending Postfix's own domain produces incorrect results with
+some incomplete addresses,
+
+<li> Appending Postfix's own domain sometimes creates the appearance
+that spam is sent by local users.
+
+</ul>
+
+<p> Postfix versions 2.2 give you the option to either not rewrite
+message headers from remote SMTP clients at all, or to label
+incomplete addresses in such message headers as invalid. Here is
+how it works: </p>
+
+<ul>
+
+<li> Postfix always rewrites message headers from local SMTP clients
+and from the Postfix sendmail command, and appends its own domain
+to incomplete addresses. The <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter
+controls what SMTP clients Postfix considers local (by default,
+only local network interface addresses).
+
+<li> Postfix never rewrites message header addresses from remote
+SMTP clients when the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value
+is empty (the default setting).
+
+<li> Otherwise, Postfix rewrites message headers from remote SMTP
+clients, and appends the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> value to
+incomplete addresses. This feature can be used to append a reserved
+domain such as "domain.invalid", so that incomplete addresses cannot
+be mistaken for local addresses.
+
+</ul>
+
+<h2> <a name="overview"> Postfix address rewriting overview </a> </h2>
+
+<p> The figure below zooms in on those parts of Postfix that are most
+involved with address rewriting activity. See the <a href="OVERVIEW.html">OVERVIEW</a> document
+for an overview of the complete Postfix architecture. Names followed
+by a number are Postfix daemon programs, while unnumbered names
+represent Postfix queues or internal sources of mail messages. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a><br>(std
+form) </td>
+
+<td colspan="5"> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a><br>(resolve)
+</td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td align="center"><table><tr><td align="center"> ^<br> <tt> |
+</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
+
+<td colspan="5"> </td>
+
+<td align="center"><table><tr><td align="center"> ^<br> <tt> |
+</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
+
+<td colspan="2"> </td>
+
+</tr>
+
+<tr>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="smtpd.8.html">smtpd(8)</a>
+</td>
+
+<td rowspan="3" align="center" valign="middle"> <tt> &gt;- </tt>
+</td>
+
+<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a href="cleanup.8.html">cleanup(8)</a> </td>
+
+<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+</td>
+
+<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
+
+<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+</td>
+
+<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#active_queue"> active </a> </td>
+
+<td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+</td>
+
+<td rowspan="3" bgcolor="#f0f0ff" align="center"> <a href="qmgr.8.html">qmgr(8)</a> </td>
+
+<td rowspan="3" align="center" valign="middle"> <tt> -&lt; </tt>
+</td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle">
+<a href="smtp.8.html">smtp(8)</a> </td>
+
+</tr>
+
+<tr>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle">
+<a href="qmqpd.8.html">qmqpd(8)</a> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="lmtp.8.html">lmtp(8)</a> </td>
+
+</tr>
+
+<tr>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="pickup.8.html">pickup(8)</a>
+</td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="local.8.html">local(8)</a>
+</td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td align="center"> ^<br> <tt> | </tt> </td>
+
+<td colspan="3"> </td>
+
+<td align="center"><table><tr><td align="center"> ^<br> <tt> |
+</tt> </td><td align="center"> <tt> |<br>v </tt> </td></tr></table>
+
+<td colspan="4"> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td align="center"> bounces<br> forwarding<br> notices</td>
+
+<td colspan="3"> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#deferred_queue"> deferred </a>
+
+<td colspan="2"> </td>
+
+</table>
+
+</blockquote>
+
+<p> The table below summarizes all Postfix address manipulations.
+If you're reading this document for the first time, skip forward
+to "<a href="ADDRESS_REWRITING_README.html#receiving">Address
+rewriting when mail is received</a>". Once you've finished reading
+the remainder of this document, the table will help you to quickly
+find what you need. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th>
+<th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective
+turn-off control </th> </tr>
+
+<tr> <td> <a href="#standard"> Rewrite addresses to standard form</a>
+</td> <td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td>
+<td> <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>, <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>, <a href="postconf.5.html#swap_bangpath">swap_bangpath</a>,
+<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> </td> <td> <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> </td> </tr>
+
+<tr> <td> <a href="#canonical"> Canonical address mapping </a> </td>
+<td nowrap> all mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <a href="postconf.5.html#canonical_maps">canonical_maps</a>
+</td> <td> <a href="postconf.5.html#receive_override_options">receive_override_options</a>, <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> </td> </tr>
+
+<tr> <td> <a href="#masquerade"> Address masquerading </a> </td> <td
+nowrap> all mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
+</td> <td> <a href="postconf.5.html#receive_override_options">receive_override_options</a>, <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> </td> </tr>
+
+<tr> <td> <a href="#auto_bcc"> Automatic BCC recipients </a> </td>
+<td nowrap> new mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <a href="postconf.5.html#always_bcc">always_bcc</a>,
+<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a>, <a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> </td> <td> <a href="postconf.5.html#receive_override_options">receive_override_options</a>
+</td> </tr>
+
+<tr> <td> <a href="#virtual"> Virtual aliasing </a> </td> <td
+nowrap> all mail </td> <td> <a href="cleanup.8.html">cleanup(8)</a> </td> <td> <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
+</td> <td> <a href="postconf.5.html#receive_override_options">receive_override_options</a> </td> </tr>
+
+<tr> <td> <a href="#resolve"> Resolve address to destination </a>
+</td> <td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td>
+<td> none </td> <td> none </td> </tr>
+
+<tr> <td> <a href="#transport"> Mail transport switch</a> </td>
+<td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td> <td>
+<a href="postconf.5.html#transport_maps">transport_maps</a> </td> <td> none </td> </tr>
+
+<tr> <td> <a href="#relocated"> Relocated users table</a> </td>
+<td nowrap> all mail </td> <td> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td> <td>
+<a href="postconf.5.html#relocated_maps">relocated_maps</a> </td> <td> none </td> </tr>
+
+<tr> <td> <a href="#generic"> Generic mapping table </a> </td> <td>
+outgoing SMTP mail </td> <td> <a href="smtp.8.html">smtp(8)</a> </td> <td> <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>
+</td> <td> none </td> </tr>
+
+<tr> <td> <a href="#aliases"> Local alias database</a> </td> <td>
+local mail only </td> <td> <a href="local.8.html">local(8)</a> </td> <td> <a href="postconf.5.html#alias_maps">alias_maps</a> </td> <td> none
+</td> </tr>
+
+<tr> <td> <a href="#forward"> Local per-user .forward files</a>
+</td> <td> local mail only </td> <td> <a href="local.8.html">local(8)</a> </td> <td> <a href="postconf.5.html#forward_path">forward_path</a>
+</td> <td> none </td> </tr>
+
+<tr> <td> <a href="#luser_relay"> Local catch-all address</a> </td>
+<td> local mail only </td> <td> <a href="local.8.html">local(8)</a> </td> <td> <a href="postconf.5.html#luser_relay">luser_relay</a> </td> <td>
+none </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2> <a name="receiving"> Address rewriting when mail is received</a>
+</h2>
+
+<p> The <a href="cleanup.8.html">cleanup(8)</a> server receives mail from outside of Postfix as
+well as mail from internal sources such as forwarded mail,
+undeliverable mail that is bounced to the sender, and postmaster
+notifications about problems with the mail system. </p>
+
+<p> The <a href="cleanup.8.html">cleanup(8)</a> server transforms the sender, recipients and
+message content into a standard form before writing it to an incoming
+queue file. The server cleans up sender and recipient addresses in
+message headers and in the envelope, adds missing message headers
+such as From: or Date: that are required by mail standards, and
+removes message headers such as Bcc: that should not be present.
+The <a href="cleanup.8.html">cleanup(8)</a> server delegates the more complex address manipulations
+to the <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server as described later in this document.
+</p>
+
+<p> Address manipulations at this stage are: </p>
+
+<ul>
+
+<li> <a href="#standard"> Rewrite addresses to standard form</a>
+
+<li> <a href="#canonical"> Canonical address mapping</a>
+
+<li> <a href="#masquerade"> Address masquerading</a>
+
+<li> <a href="#auto_bcc"> Automatic BCC recipients</a>
+
+<li> <a href="#virtual"> Virtual aliasing </a>
+
+</ul>
+
+<h3> <a name="standard"> Rewrite addresses to standard form</a> </h3>
+
+<p> Before the <a href="cleanup.8.html">cleanup(8)</a> daemon runs an address through any address
+mapping lookup table, it first rewrites the address to the standard
+"user@fully.qualified.domain" form, by sending the address to the
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon. The purpose of rewriting to standard
+form is to reduce the number of entries needed in lookup tables.
+</p>
+
+<p> The Postfix <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon implements the following
+hard-coded address manipulations: </p>
+
+<blockquote>
+
+<dl>
+
+<dt>Rewrite "@hosta,@hostb:user@site" to "user@site"</dt>
+
+<dd> <p> In case you wonder what this is, the address form above
+is called a route address, and specifies that mail for "user@site"
+be delivered via "hosta" and "hostb". Usage of this form has been
+deprecated for a long time. Postfix has no ability to handle route
+addresses, other than to strip off the route part. </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
+
+<dt>Rewrite "site!user" to "user@site" </dt>
+
+<dd> <p> This feature is controlled by the boolean <a href="postconf.5.html#swap_bangpath">swap_bangpath</a>
+parameter (default: yes). The purpose is to rewrite UUCP-style
+addresses to domain style. This is useful only when you receive
+mail via UUCP, but it probably does not hurt otherwise. </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
+
+<dt>Rewrite "user%domain" to "user@domain"</dt>
+
+<dd> <p> This feature is controlled by the boolean <a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a>
+parameter (default: yes). Typically, this is used in order to deal
+with monstrosities such as "user%domain@otherdomain". </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
+
+<dt>
+
+Rewrite "user" to "user@$<a href="postconf.5.html#myorigin">myorigin</a>" </dt>
+
+<dd> <p> This feature is controlled by the boolean <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>
+parameter (default: yes). You should never turn off this feature,
+because a lot of Postfix components expect that all addresses have
+the form "user@domain". </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter; otherwise they append the
+domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
+configuration parameter, if one is specified. To get the behavior
+before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+<a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p> If your machine is not the main machine for $<a href="postconf.5.html#myorigin">myorigin</a> and you
+wish to have some users delivered locally without going via that
+main machine, make an entry in the <a href="#virtual">virtual
+alias</a> table that redirects "user@$myorigin" to
+"user@$<a href="postconf.5.html#myhostname">myhostname</a>". See also the "delivering some
+users locally" section in the <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a>
+document. </p> </dd>
+
+<dt>
+
+Rewrite "user@host" to "user@host.$<a href="postconf.5.html#mydomain">mydomain</a>" </dt>
+
+<dd> <p> This feature is controlled by the boolean <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>
+parameter (default: Postfix ≥ 3.0: no, Postfix < 3.0: yes). The purpose
+is to get consistent treatment of different forms of the same hostname. </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter; otherwise they append the
+domain name specified with the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>
+configuration parameter, if one is specified. To get the behavior
+before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+<a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p> Some will argue that rewriting "host" to "host.domain"
+is bad. That is why it can be turned off. Others like the convenience
+of having Postfix's own domain appended automatically. </p> </dd>
+
+<dt>Rewrite "user@site." to "user@site" (without the trailing dot).</dt>
+
+<dd> <p> A single trailing dot is silently removed. However, an
+address that ends in multiple dots will be rejected as an invalid
+address. </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<h3> <a name="canonical"> Canonical address mapping </a> </h3>
+
+<p> The <a href="cleanup.8.html">cleanup(8)</a> daemon uses the <a href="canonical.5.html">canonical(5)</a> tables to rewrite
+addresses in message envelopes and in message headers. By default
+all header and envelope addresses are rewritten; this is controlled
+with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> configuration parameter. </p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p> Address rewriting is
+done for local and remote addresses. The mapping is useful to
+replace login names by "Firstname.Lastname" style addresses, or to
+clean up invalid domains in mail addresses produced by legacy mail
+systems. </p>
+
+<p> Canonical mapping is disabled by default. To enable, edit the
+<a href="postconf.5.html#canonical_maps">canonical_maps</a> parameter in the <a href="postconf.5.html">main.cf</a> file and specify one or
+more lookup tables, separated by whitespace or commas. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
+
+/etc/postfix/canonical:
+ wietse Wietse.Venema
+</pre>
+</blockquote>
+
+<p> For static mappings as shown above, lookup tables such as <a href="DATABASE_README.html#types">hash</a>:,
+<a href="ldap_table.5.html">ldap</a>:, <a href="mysql_table.5.html">mysql</a>: or <a href="pgsql_table.5.html">pgsql</a>: are sufficient. For dynamic mappings you
+can use regular expression tables. This requires that you become
+intimately familiar with the ideas expressed in <a href="regexp_table.5.html">regexp_table(5)</a>,
+<a href="pcre_table.5.html">pcre_table(5)</a> and <a href="canonical.5.html">canonical(5)</a>. </p>
+
+<p> In addition to the canonical maps which are applied to both sender
+and recipient addresses, you can specify canonical maps that are
+applied only to sender addresses or to recipient addresses. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical
+ <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical
+</pre>
+</blockquote>
+
+<p> The sender and recipient canonical maps are applied before the
+common canonical maps. The <a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> and
+<a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> parameters control what addresses are
+subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> and <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a>
+mappings, respectively. </p>
+
+<p> Sender-specific rewriting is useful when you want to rewrite
+ugly sender addresses to pretty ones, and still want to be able to
+send mail to the those ugly address without creating a mailer loop.
+</p>
+
+<p> Canonical mapping can be turned off selectively for mail received
+by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>, by overriding <a href="postconf.5.html">main.cf</a> settings
+in the <a href="master.5.html">master.cf</a> file. This feature is available in Postfix version
+2.1 and later. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ 127.0.0.1:10026 inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<p> Note: do not specify whitespace around the "=" here. </p>
+
+<h3> <a name="masquerade"> Address masquerading </a> </h3>
+
+<p> Address masquerading is a method to hide hosts inside a domain
+behind their mail gateway, and to make it appear as if the mail
+comes from the gateway itself, instead of from individual machines.
+</p>
+
+<p> NOTE: Postfix versions 2.2 and later rewrite message headers
+from remote SMTP clients only if the client matches the
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter specifies a
+non-empty value. To get the behavior before Postfix 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p> Address masquerading is disabled by default, and is implemented
+by the <a href="cleanup.8.html">cleanup(8)</a> server. To enable, edit the <a href="postconf.5.html#masquerade_domains">masquerade_domains</a>
+parameter in the <a href="postconf.5.html">main.cf</a> file and specify one or more domain names
+separated by whitespace or commas. When Postfix tries to masquerade
+a domain, it processes the list from left to right, and processing
+stops at the first match. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com
+</pre>
+</blockquote>
+
+<p> strips "any.thing.foo.example.com" to "foo.example.com", but
+strips "any.thing.else.example.com" to "example.com". </p>
+
+<p> A domain name prefixed with "<tt>!</tt>" means do not masquerade
+this domain or its subdomains: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com
+</pre>
+</blockquote>
+
+<p> does not change "any.thing.foo.example.com" and "foo.example.com",
+but strips "any.thing.else.example.com" to "example.com". </p>
+
+<p> The <a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> configuration parameter specifies
+what user names should not be subjected to address masquerading.
+Specify one or more user names separated by whitespace or commas.
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root
+</pre>
+</blockquote>
+
+<p> By default, Postfix makes no exceptions. </p>
+
+<p> Subtle point: by default, address masquerading is applied only to
+message headers and to envelope sender addresses, but not to envelope
+recipients. This allows you to use address masquerading on a mail
+gateway machine, while still being able to forward mail from outside
+to users on individual machines. </p>
+
+<p> In order to subject envelope recipient addresses to masquerading,
+too, specify (Postfix version 1.1 and later):</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#masquerade_classes">masquerade_classes</a> = envelope_sender, envelope_recipient,
+ header_sender, header_recipient
+</pre>
+</blockquote>
+
+<p> If you rewrite the envelope recipient like this, Postfix will
+no longer be able to send mail to individual machines. </p>
+
+<p> Address masquerading can be turned off selectively for mail
+received by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>, by overriding <a href="postconf.5.html">main.cf</a>
+settings in the <a href="master.5.html">master.cf</a> file. This feature is available in
+Postfix version 2.1 and later. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ 127.0.0.1:10026 inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<p> Note: do not specify whitespace around the "=" here. </p>
+
+<h3> <a name="auto_bcc"> Automatic BCC recipients</a> </h3>
+
+<p> After applying the canonical and masquerade mappings, the
+<a href="cleanup.8.html">cleanup(8)</a> daemon can generate optional BCC (blind carbon-copy)
+recipients. Postfix provides three mechanisms: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <a href="postconf.5.html#always_bcc">always_bcc</a> = address </dt> <dd> Deliver a copy of all mail to
+the specified address. In Postfix versions before 2.1, this feature
+is implemented by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>. </dd>
+
+<dt> <a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html">type:table</a> </dt> <dd> Search the specified
+"<a href="DATABASE_README.html">type:table</a>" lookup table with the envelope sender address for an
+automatic BCC address. This feature is available in Postfix 2.1
+and later. </dd>
+
+<dt> <a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html">type:table</a> </dt> <dd> Search the specified
+"<a href="DATABASE_README.html">type:table</a>" lookup table with the envelope recipient address for
+an automatic BCC address. This feature is available in Postfix 2.1
+and later. </dd>
+
+</dl>
+
+</blockquote>
+
+<p> Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+for mail that Postfix forwards internally, nor for mail that Postfix
+generates itself. </p>
+
+<p> Automatic BCC recipients (including <a href="postconf.5.html#always_bcc">always_bcc</a>) can be turned
+off selectively for mail received by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>,
+by overriding <a href="postconf.5.html">main.cf</a> settings in the <a href="master.5.html">master.cf</a> file. This feature
+is available in Postfix version 2.1 and later. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ 127.0.0.1:10026 inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<p> Note: do not specify whitespace around the "=" here. </p>
+
+<h3> <a name="virtual"> Virtual aliasing </a> </h3>
+
+<p> Before writing the recipients to the queue file, the <a href="cleanup.8.html">cleanup(8)</a>
+daemon uses the optional <a href="virtual.5.html">virtual(5)</a> alias tables to redirect mail
+for recipients. The mapping affects only envelope recipient
+addresses; it has no effect on message headers or envelope sender
+addresses. Virtual alias lookups are useful to redirect mail for
+<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> to real user mailboxes, and to redirect mail
+for domains that no longer exist. Virtual alias lookups can also
+be used to transform " Firstname.Lastname " back into UNIX login
+names, although it seems that local <a href="#aliases">aliases</a>
+may be a more appropriate vehicle. See the <a href="VIRTUAL_README.html">VIRTUAL_README</a> document
+for an overview of methods to host virtual domains with Postfix.
+</p>
+
+<p> Virtual aliasing is disabled by default. To enable, edit the
+<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> parameter in the <a href="postconf.5.html">main.cf</a> file and
+specify one or more lookup tables, separated by whitespace or
+commas. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+
+/etc/postfix/virtual:
+ Wietse.Venema wietse
+</pre>
+</blockquote>
+
+<p> Addresses found in virtual alias maps are subjected to another
+iteration of virtual aliasing, but are not subjected to canonical
+mapping, in order to avoid loops. </p>
+
+<p> For static mappings as shown above, lookup tables such as <a href="DATABASE_README.html#types">hash</a>:,
+<a href="ldap_table.5.html">ldap</a>:, <a href="mysql_table.5.html">mysql</a>: or <a href="pgsql_table.5.html">pgsql</a>: are sufficient. For dynamic mappings you
+can use regular expression tables. This requires that you become
+intimately familiar with the ideas expressed in <a href="regexp_table.5.html">regexp_table(5)</a>,
+<a href="pcre_table.5.html">pcre_table(5)</a> and <a href="virtual.5.html">virtual(5)</a>. </p>
+
+<p> Virtual aliasing can be turned off selectively for mail received
+by <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a>, by overriding <a href="postconf.5.html">main.cf</a> settings
+in the <a href="master.5.html">master.cf</a> file. This feature is available in Postfix version
+2.1 and later. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ 127.0.0.1:10026 inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<p> Note: do not specify whitespace around the "=" here. </p>
+
+<p> At this point the message is ready to be stored into the
+Postfix <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>. </p>
+
+<h2> <a name="delivering"> Address rewriting when mail is delivered</a> </h2>
+
+<p> The Postfix queue manager sorts mail according to its destination
+and gives it to Postfix delivery agents such as <a href="local.8.html">local(8)</a>, <a href="smtp.8.html">smtp(8)</a>,
+or <a href="lmtp.8.html">lmtp(8)</a>. Just like the <a href="cleanup.8.html">cleanup(8)</a> server, the Postfix queue
+manager delegates the more complex address manipulations to the
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server. </p>
+
+<p> Address manipulations at this stage are: </p>
+
+<ul>
+
+<li> <a href="#resolve"> Resolve address to destination </a>
+
+<li> <a href="#transport"> Mail transport switch</a>
+
+<li> <a href="#relocated"> Relocated users table</a>
+
+</ul>
+
+<p> Each Postfix delivery agent tries to deliver the mail to its
+destination, while encapsulating the sender, recipients, and message
+content according to the rules of the SMTP, LMTP, etc. protocol.
+When mail cannot be delivered, it is either returned to the sender
+or moved to the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> and tried again later. </p>
+
+<p> <a name="remote">Address</a> manipulations when mail is delivered
+via the <a href="smtp.8.html">smtp(8)</a> delivery agent: </p>
+
+<ul>
+
+<li> <a href="#generic"> Generic mapping for outgoing SMTP mail </a>
+
+</ul>
+
+<p> <a name="local">Address</a> manipulations when mail is delivered
+via the <a href="local.8.html">local(8)</a> delivery agent: </p>
+
+<ul>
+
+<li> <a href="#aliases"> Local alias database</a>
+
+<li> <a href="#forward"> Local per-user .forward files</a>
+
+<li> <a href="#luser_relay"> Local catch-all address</a>
+
+</ul>
+
+<p> The remainder of this document presents each address manipulation
+step in more detail, with specific examples or with pointers to
+documentation with examples. </p>
+
+<h3> <a name="resolve"> Resolve address to destination </a> </h3>
+
+<p> The Postfix <a href="qmgr.8.html">qmgr(8)</a> queue manager selects new mail from the
+<a href="QSHAPE_README.html#incoming_queue">incoming queue</a> or old mail from the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>, and asks the
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting and resolving daemon where it
+should be delivered. </p>
+
+<p> As of version 2.0, Postfix distinguishes four major address
+classes. Each class has its own list of domain names, and each
+class has its own default delivery method, as shown in the table
+below. See the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document for the fine details.
+Postfix versions before 2.0 only distinguish between local delivery
+and everything else. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr><th align="left">Destination domain list </th> <th
+align="left">Default delivery method </th> <th>Availability
+</th> </tr>
+
+<tr><td>$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> </td>
+<td>$<a href="postconf.5.html#local_transport">local_transport</a> </td> <td>Postfix 1.0</td></tr>
+
+<tr><td>$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> </td> <td>$<a href="postconf.5.html#virtual_transport">virtual_transport</a> </td>
+<td>Postfix 2.0</td> </tr>
+
+<tr><td>$<a href="postconf.5.html#relay_domains">relay_domains</a> </td> <td>$<a href="postconf.5.html#relay_transport">relay_transport</a> </td> <td>Postfix
+2.0</td> </tr>
+
+<tr><td>none </td> <td>$<a href="postconf.5.html#default_transport">default_transport</a> </td> <td>Postfix 1.0</td>
+</tr>
+
+</table>
+
+</blockquote>
+
+<h3> <a name="transport"> Mail transport switch </a> </h3>
+
+<p> Once the <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon has determined a default
+delivery method it searches the optional <a href="transport.5.html">transport(5)</a> table for
+information that overrides the message destination and/or delivery
+method. Typical use of the <a href="transport.5.html">transport(5)</a> table is to send mail to
+a system
+that is not connected to the Internet, or to use a special SMTP
+client configuration for destinations that have special requirements.
+See, for example, the <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> and <a href="UUCP_README.html">UUCP_README</a>
+documents, and the examples in the <a href="transport.5.html">transport(5)</a> manual page. </p>
+
+<p> Transport table lookups are disabled by default. To enable,
+edit the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter in the <a href="postconf.5.html">main.cf</a> file and specify
+one or more lookup tables, separated by whitespace or commas. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+</pre>
+</blockquote>
+
+<h3> <a name="relocated"> Relocated users table </a> </h3>
+
+<p> Next, the <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting and resolving
+daemon runs each recipient through the <a href="relocated.5.html">relocated(5)</a> database. This
+table provides information on how to reach users that no longer
+have an account, or what to do with mail for entire domains that
+no longer exist. When mail is sent to an address that is listed
+in this table, the message is returned to the sender with an
+informative message. </p>
+
+<p> The <a href="relocated.5.html">relocated(5)</a> database is searched after <a href="transport.5.html">transport(5)</a>
+table lookups, in anticipation of <a href="transport.5.html">transport(5)</a> tables that
+can replace one recipient address by a different one. </p>
+
+<p> Lookups of relocated users are disabled by default. To enable,
+edit the <a href="postconf.5.html#relocated_maps">relocated_maps</a> parameter in the <a href="postconf.5.html">main.cf</a> file and specify
+one or more lookup tables, separated by whitespace or commas. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated
+
+/etc/postfix/relocated:
+ username@example.com otheruser@elsewhere.tld
+</pre>
+</blockquote>
+
+<p> As of Postfix version 2, mail for a relocated user will be
+rejected by the SMTP server with the reason "user has moved to
+otheruser@elsewhere.tld". Older Postfix versions will receive the
+mail first, and then return it to the sender as undeliverable, with
+the same reason. </p>
+
+<h3> <a name="generic"> Generic mapping for outgoing SMTP mail </a> </h3>
+
+<p> Some hosts have no valid Internet domain name, and instead use
+a name such as <i>localdomain.local</i>. This can be a problem when
+you want to send mail over the Internet, because many mail servers
+reject mail addresses with invalid domain names. </p>
+
+<p> With the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> parameter you can specify <a href="generic.5.html">generic(5)</a>
+lookup tables that replace local mail addresses by valid Internet
+addresses when mail leaves the machine via SMTP. The <a href="generic.5.html">generic(5)</a>
+mapping replaces envelope and header addresses, and is non-recursive.
+It does not happen when you send mail between addresses on the
+local machine. </p>
+
+<p> This feature is available in Postfix version 2.2 and later.</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic
+
+/etc/postfix/generic:
+ his@localdomain.local hisaccount@hisisp.example
+ her@localdomain.local heraccount@herisp.example
+ @localdomain.local hisaccount+local@hisisp.example
+</pre>
+</blockquote>
+
+<p> When mail is sent to a remote host via SMTP, this replaces
+<i>his@localdomain.local</i> by his ISP mail address, replaces
+<i>her@localdomain.local</i> by her ISP mail address, and replaces
+other local addresses by his ISP account, with an address extension
+of +<i>local</i> (this example assumes that the ISP supports "+"
+style address extensions). </p>
+
+<h3> <a name="aliases"> Local alias database </a> </h3>
+
+<p> When mail is to be delivered locally, the <a href="local.8.html">local(8)</a> delivery
+agent runs each local recipient name through the <a href="aliases.5.html">aliases(5)</a> database.
+The mapping does not affect addresses in message headers. Local
+aliases are typically used to implement distribution lists, or to
+direct mail for standard aliases such as postmaster to real people.
+The table can also be used to map "Firstname.Lastname" addresses
+to login names. </p>
+
+<p> Alias lookups are enabled by default. The default configuration
+depends on the operating system environment, but it is typically
+one of the following: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/aliases, nis:mail.aliases
+</pre>
+</blockquote>
+
+<p> The pathname of the alias database file is controlled with the
+<a href="postconf.5.html#alias_database">alias_database</a> configuration parameter. The value is system dependent.
+Usually it is one of the following: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases (4.4BSD, LINUX)
+ <a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/aliases (4.3BSD, SYSV&lt;4)
+ <a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/mail/aliases (SYSV4)
+</pre>
+</blockquote>
+
+<p> An <a href="aliases.5.html">aliases(5)</a> file can specify that mail should be delivered
+to a local file, or to a command that receives the message in the
+standard input stream. For security reasons, deliveries to command
+and file destinations are performed with the rights of the alias
+database owner. A default userid, <a href="postconf.5.html#default_privs">default_privs</a>, is used for
+deliveries to commands or files in "root"-owned aliases. </p>
+
+<h3> <a name="forward"> Local per-user .forward files </a> </h3>
+
+<p> With delivery via the <a href="local.8.html">local(8)</a> delivery agent, users can control
+their own mail delivery by specifying destinations in a file called
+.forward in their home directories. The syntax of these files is
+the same as with the local <a href="aliases.5.html">aliases(5)</a> file, except that the left-hand
+side of the alias (lookup key and colon) are not present. </p>
+
+<h3> <a name="luser_relay"> Local catch-all address </a> </h3>
+
+<p> When the <a href="local.8.html">local(8)</a> delivery agent finds that a message recipient
+does not exist, the message is normally returned to the sender ("user
+unknown"). Sometimes it is desirable to forward mail for non-existing
+recipients to another machine. For this purpose you can specify
+an alternative destination with the <a href="postconf.5.html#luser_relay">luser_relay</a> configuration
+parameter. </p>
+
+<p> Alternatively, mail for non-existent recipients can be delegated
+to an entirely different message transport, as specified with the
+<a href="postconf.5.html#fallback_transport">fallback_transport</a> configuration parameter. For details, see the
+<a href="local.8.html">local(8)</a> delivery agent documentation. </p>
+
+<p> Note: if you use the <a href="postconf.5.html#luser_relay">luser_relay</a> feature in order to receive
+mail for non-UNIX accounts, then you must specify: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+</pre>
+</blockquote>
+
+<p> (i.e. empty) in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP
+server will reject mail for non-UNIX accounts with "User unknown
+in local recipient table". See the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file
+for more information on this.
+</p>
+
+<p> <a href="postconf.5.html#luser_relay">luser_relay</a> can specify one address. It is subjected to "$name"
+expansions. Examples: </p>
+
+<blockquote>
+
+<dl>
+
+<dt>$user@other.host </dt>
+
+<dd> <p> The bare username, without address extension, is prepended
+to "@other.host". For example, mail for "username+foo" is sent to
+"username@other.host". </p> </dd>
+
+<dt>$local@other.host </dt>
+
+<dd> <p> The entire original recipient localpart, including address
+extension, is prepended to "@other.host". For example, mail for
+"username+foo" is sent to "username+foo@other.host". </p> </dd>
+
+<dt>sysadmin+$user </dt>
+
+<dd> <p> The bare username, without address extension, is appended
+to "sysadmin". For example, mail for "username+foo" is sent to
+"sysadmin+username". </p> </dd>
+
+<dt>sysadmin+$local </dt>
+
+<dd> <p> The entire original recipient localpart, including address
+extension, is appended to "sysadmin". For example, mail for
+"username+foo" is sent to "sysadmin+username+foo". </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<h2> <a name="debugging"> Debugging your address manipulations </a> </h2>
+
+<p> Postfix version 2.1 and later can
+produce mail delivery reports for debugging purposes. These reports
+not only show sender/recipient addresses after address rewriting
+and alias expansion or forwarding, they also show information about
+delivery to mailbox, delivery to non-Postfix command, responses
+from remote SMTP servers, and so on. </p>
+
+<p> Postfix can produce two types of mail delivery reports for
+debugging: </p>
+
+<ul>
+
+<li> <p> What-if: report what would happen, but do not actually
+deliver mail. This mode of operation is requested with: </p>
+
+<pre>
+$ <b>/usr/sbin/sendmail -bv address...</b>
+Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
+</pre>
+
+<li> <p> What happened: deliver mail and report successes and/or
+failures, including replies from remote SMTP servers. This mode
+of operation is requested with: </p>
+
+<pre>
+$ <b>/usr/sbin/sendmail -v address...</b>
+Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
+</pre>
+
+</ul>
+
+<p> These reports contain information that is generated by Postfix
+delivery agents. Since these run as daemon processes and do not
+interact with users directly, the result is sent as mail to the
+sender of the test message. The format of these reports is practically
+identical to that of ordinary non-delivery notifications. </p>
+
+<p> As an example, below is the delivery report that is produced
+with the command "sendmail -bv postfix-users@postfix.org". The
+first part of the report contains human-readable text. In this
+case, mail would be delivered via mail.cloud9.net, and the SMTP
+server replies with "250 Ok". Other reports may show delivery
+to mailbox, or delivery to non-Postfix command. </p>
+
+<blockquote>
+<pre>
+Content-Description: Notification
+Content-Type: text/plain
+
+This is the mail system at host spike.porcupine.org.
+
+Enclosed is the mail delivery report that you requested.
+
+ The mail system
+
+&lt;postfix-users@postfix.org&gt;: delivery via mail.cloud9.net[168.100.1.4]: 250 2.1.5 Ok
+</pre>
+</blockquote>
+
+<p> The second part of the report is in machine-readable form, and
+includes the following information: </p>
+
+<ul>
+
+<li> The envelope sender address (wietse@porcupine.org).
+
+<li> The envelope recipient address (postfix-users@postfix.org).
+If the recipient address was changed by Postfix then Postfix also
+includes the original recipient address.
+
+<li> The delivery status.
+
+</ul>
+
+<p> Some details depend on Postfix version. The example below is
+for Postfix version 2.3 and later. </p>
+
+<blockquote>
+<pre>
+Content-Description: Delivery report
+Content-Type: message/delivery-status
+
+Reporting-MTA: dns; spike.porcupine.org
+X-Postfix-Queue-ID: 84863BC0E5
+X-Postfix-Sender: rfc822; wietse@porcupine.org
+Arrival-Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
+
+Final-Recipient: rfc822; postfix-users@postfix.org
+Action: deliverable
+Status: 2.1.5
+Remote-MTA: dns; mail.cloud9.net
+Diagnostic-Code: smtp; 250 2.1.5 Ok
+</pre>
+</blockquote>
+
+<p> The third part of the report contains the message that Postfix
+would have delivered, including From: and To: message headers, so
+that you can see any effects of address rewriting on those. Mail
+submitted with "sendmail -bv" has no body content so none is shown
+in the example below. </p>
+
+<blockquote>
+<pre>
+Content-Description: Message
+Content-Type: message/rfc822
+
+Received: by spike.porcupine.org (Postfix, from userid 1001)
+ id 84863BC0E5; Sun, 26 Nov 2006 17:01:01 -0500 (EST)
+Subject: probe
+To: postfix-users@postfix.org
+Message-Id: &lt;20061126220101.84863BC0E5@spike.porcupine.org&gt;
+Date: Sun, 26 Nov 2006 17:01:01 -0500 (EST)
+From: wietse@porcupine.org (Wietse Venema)
+</pre>
+</blockquote>
+
+</body>
+
+</html>
diff --git a/html/ADDRESS_VERIFICATION_README.html b/html/ADDRESS_VERIFICATION_README.html
new file mode 100644
index 0000000..f46837c
--- /dev/null
+++ b/html/ADDRESS_VERIFICATION_README.html
@@ -0,0 +1,659 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Address Verification </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Address Verification Howto</h1>
+
+<hr>
+
+<h2>WARNING </h2>
+
+<p> Recipient address verification may cause an increased load on
+down-stream servers in the case of a dictionary attack or a flood
+of backscatter bounces. Sender address verification may cause your
+site to be denylisted by some providers. See also the "<a
+href="#limitations">Limitations</a>" section below for more. </p>
+
+<h2><a name="summary">What Postfix address verification can do for you</a></h2>
+
+<p> Address verification is a feature that allows the Postfix SMTP
+server to block a sender (MAIL FROM) or recipient (RCPT TO) address
+until the address has been verified to be deliverable. </p>
+
+<p> The technique has obvious uses to reject junk mail
+with an unreplyable sender address. </p>
+
+<p> The technique is also useful to block mail for undeliverable
+recipients, for example on a mail <a href="postconf.5.html#relayhost">relay host</a> that does not have a
+list of all the valid recipient addresses. This prevents undeliverable
+junk mail from entering the queue, so that Postfix doesn't have to
+waste resources trying to send MAILER-DAEMON messages back. </p>
+
+<p> This feature is available in Postfix version 2.1 and later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#how"> How address verification works</a>
+
+<li><a href="#limitations">Limitations of address verification</a>
+
+<li><a href="#recipient">Recipient address verification</a>
+
+<li><a href="#forged_sender">Sender address verification for mail
+from frequently forged domains</a>
+
+<li><a href="#sender_always">Sender address verification for all
+email</a>
+
+<li><a href="#caching">Address verification database</a>
+
+<li><a href="#dirty_secret">Managing the address verification
+database</a>
+
+<li><a href="#probe_routing">Controlling the routing of address
+verification probes</a>
+
+<li><a href="#forced_examples">Forced probe routing examples</a>
+
+<li><a href="#forced_limitations">Limitations of forced probe routing</a>
+
+</ul>
+
+<h2><a name="how">How address verification works</a></h2>
+
+<p> A Postfix MTA verifies a sender or recipient address by probing
+the preferred MTAs
+for that address, without actually delivering mail. The preferred
+MTAs could include the Postfix MTA itself, or some remote MTAs
+(SMTP
+interruptus). Probe messages are like normal mail, except that
+they are never delivered, deferred or bounced; probe messages are
+always discarded. </p>
+
+<blockquote>
+
+<table border="0">
+
+<tr>
+
+ <td rowspan="2" colspan="5" align="center" valign="middle">
+ &nbsp; </td>
+
+ <td rowspan="3" align="center" valign="bottom"> <tt> -&gt; </tt>
+ </td>
+
+ <td rowspan="3" align="center" valign="middle"> probe<br>
+ message </td>
+
+ <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+ </td>
+
+ <td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> mail<br> queue </td>
+
+</tr>
+
+<tr> <td> </td> </tr>
+
+<tr>
+
+ <td rowspan="3" align="center" valign="middle"> Internet </td>
+
+ <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+ </td>
+
+ <td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtpd.8.html">Postfix<br> SMTP<br> server</a> </td>
+
+ <td rowspan="3" align="center" valign="middle"> <tt> &lt;-&gt;
+ </tt> </td>
+
+ <td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="verify.8.html">Postfix<br> verify<br> server</a>
+ </td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="1" colspan="3"> </td>
+
+ <td rowspan="1" align="center" valign="middle"> <tt> |</tt><br>
+ <tt> v</tt> </td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
+ </td>
+
+ <td rowspan="3" align="center" valign="middle"> probe<br>
+ status </td>
+
+ <td rowspan="3" align="center" valign="middle"> <tt> &lt;- </tt>
+ </td>
+
+ <td rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> delivery<br> agents </td>
+
+ <td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
+ Local<br> <tt>-&gt;</tt> Remote</td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="3" colspan="4" align="center" valign="middle">
+ &nbsp; </td>
+
+ <td rowspan="3" align="center" valign="middle"> <tt>
+ ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
+
+</tr>
+
+<tr> <td> </td> </tr>
+
+<tr> <td colspan="4"> &nbsp; </td> </tr>
+
+<tr>
+
+ <td colspan="4" align="center" valign="middle"> &nbsp; </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Address<br> verification<br> database </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> With Postfix address verification turned on, normal mail will
+suffer only a short delay of up to 6 seconds while an address is
+being verified for the first time. Once an address status is known,
+the status is cached and Postfix replies immediately. </p>
+
+<p> When verification takes too long the Postfix SMTP server defers
+the sender or recipient address with a 450 reply. Normal mail
+clients will connect again after some delay. The address verification
+delay is configurable with the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a>
+and <a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> parameters. See <a href="postconf.5.html">postconf(5)</a> for
+details. </p>
+
+<h2><a name="limitations">Limitations of address verification</a></h2>
+
+<ul>
+
+<li> <p> Postfix assumes that a remote SMTP server will reject
+unknown addresses in reply to the RCPT TO command. However, some
+sites report this in reply to the DATA command. For such sites
+you may configure a workaround with the <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>
+parameter (Postfix 3.0 and later). </p>
+
+<li> <p> When verifying a remote address, Postfix probes the preferred
+MTAs for that address, without actually delivering mail. If
+a preferred MTA accepts the address, then Postfix assumes that the
+address is deliverable. In reality, mail for a remote address can
+bounce AFTER a preferred MTA accepts the recipient address, or AFTER
+a preferred MTA accepts the message content. </p>
+
+<li> <p> Some sites may denylist you when you are probing them
+too often (a probe is an SMTP session that does not deliver mail),
+or when you are probing them too often for a non-existent address.
+This is one reason why you should use sender address verification
+sparingly, if at all, when your site receives lots of email. </p>
+
+<li> <p> Normally, address verification probe messages follow the
+same path as regular mail. However, some sites send mail to the
+Internet via an intermediate <a href="postconf.5.html#relayhost">relayhost</a>; this breaks address
+verification. See below, section <a href="#probe_routing">"Controlling
+the routing of address verification probes"</a>, for how to override
+mail routing and for possible limitations when you have to do this.
+</p>
+
+<li> <p> Postfix assumes that an address is undeliverable when a
+preferred MTA for the address rejects the probe, regardless of the
+reason for rejection (client rejected, HELO rejected, MAIL FROM
+rejected, etc.). Thus, Postfix rejects an address when a preferred
+MTA for that address rejects mail from your machine for any reason.
+This is not a limitation, but it is mentioned here just in case
+people believe that it is a limitation. </p>
+
+<li> <p> Unfortunately, some sites do not reject unknown addresses
+in reply to the RCPT TO or DATA command, but instead report a
+delivery failure in response to end of DATA after a message is
+transferred. Postfix address verification does not work with such
+sites. </p>
+
+<li> <p> By default, Postfix probe messages have a sender address
+"double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" (with Postfix versions before 2.5, the
+default
+is "postmaster@$<a href="postconf.5.html#myorigin">myorigin</a>"). This is SAFE because the Postfix SMTP
+server does not reject mail for this address. </p>
+
+<p> You can change the probe sender address into the null address
+("<a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
+="). This is UNSAFE because address probes will fail with
+mis-configured sites that reject MAIL FROM: &lt;&gt;, while
+probes from "double-bounce@$<a href="postconf.5.html#myorigin">myorigin</a>" would succeed. </p>
+
+<li> <p> The downside of using a non-empty sender address is that
+the address may end up on spammer mailing lists. Although Postfix
+always discards mail to the double-bounce address, this still results
+in wasted network bandwidth and server capacity. To defeat
+address harvesting, Postfix 2.9 and later support time-dependent
+sender addresses when you specify a non-zero <a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a>
+value. </p>
+
+</ul>
+
+<h2><a name="recipient">Recipient address verification</a></h2>
+
+<p> As mentioned earlier, recipient address verification is
+useful to block mail for undeliverable recipients on a mail relay
+host that does not have a list of all valid recipient addresses.
+This can help to prevent the mail queue from filling up with
+MAILER-DAEMON messages. </p>
+
+<p> Recipient address verification is relatively straightforward
+and there are no surprises. If a recipient probe fails, then Postfix
+rejects mail for the recipient address. If a recipient probe
+succeeds, then Postfix accepts mail for the recipient address.
+However, recipient address verification probes can increase the
+load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack. </p>
+
+<p> By default, address verification results are saved in a <a
+href="#caching">persistent database</a> (Postfix version 2.7 and
+later; with earlier versions, specify the database in <a href="postconf.5.html">main.cf</a> as
+described later). The persistent database helps to avoid probing
+the same address repeatedly. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ # <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
+ # relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+ # (available with Postfix 2.10 and later).
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ ...
+ <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>
+ ...
+ # Postfix 2.6 and later privacy feature.
+ # <a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Address lookup failed
+
+ # Postfix 3.2 and earlier workaround.
+ # Do not set <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>=no. This prevents Postfix
+ # from saving the recipient address verification result under
+ # the original address, when the address verification probe
+ # message goes through address aliasing or canonical mapping.
+</pre>
+</blockquote>
+
+<p> The "<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>" restriction blocks mail
+for non-existent domains. Putting this before "<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>"
+avoids the overhead of generating unnecessary probe messages. </p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter (default 450)
+specifies the numerical Postfix SMTP server reply code when a
+recipient address is known to
+bounce. Change this setting into 550 when you trust Postfix's
+judgments. </p>
+
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter (default 450)
+specifies the numerical Postfix SMTP server reply code when a
+recipient address probe fails with some temporary error. Some sites
+insist on changing this into 250. NOTE: This change turns MX servers
+into backscatter sources when the load is high. </p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual address verification details.
+Do not specify the SMTP status code or enhanced status code. </p>
+
+<p> The <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter (default:
+<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>) specifies the Postfix SMTP server action when a
+recipient address verification probe fails with some temporary
+error. </p>
+
+<h2><a name="forged_sender">Sender address verification for mail from frequently forged domains</a></h2>
+
+<p> Only for very small sites, it is relatively safe to turn on
+sender address verification for specific domains that often appear
+in forged email. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_access
+ <a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> = 550
+ # Postfix 2.6 and later.
+ # <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> = 250
+
+ # Default setting for Postfix 2.7 and later.
+ # Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
+ # Note 2: Avoid hash files here. Use btree or lmdb instead.
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/verify
+
+ # Postfix 3.2 and earlier workaround.
+ # Do not set <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>=no. This prevents Postfix
+ # from saving the sender address verification result under the
+ # original address, when the address verification probe message
+ # goes through address aliasing or canonical mapping.
+
+/etc/postfix/sender_access:
+ # Don't do this when you handle lots of email.
+ aol.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ hotmail.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ bigfoot.com <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ ... etcetera ...
+</pre>
+</blockquote>
+
+<p> At some point in cyberspace/time, a list of frequently forged
+MAIL FROM domains could be found at
+<a href="http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in">http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in</a>. </p>
+
+<p> NOTE: One of the first things you might want to do is to turn
+on sender address verification for all your own domains. </p>
+
+<h2><a name="sender_always">Sender address verification for all
+email</a></h2>
+
+<p> Unfortunately, sender address verification cannot simply be
+turned on for all email - you are likely to lose legitimate mail
+from mis-configured systems. You almost certainly will have to set
+up allow lists for specific addresses, or even for entire domains.
+</p>
+
+<p> To find out how sender address verification would affect your
+mail, specify "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a> <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>" so that
+you can see what mail would be blocked: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ ...
+ <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_access
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
+ <a href="postconf.5.html#warn_if_reject">warn_if_reject</a> <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ ...
+ # Postfix 2.6 and later.
+ # <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Address verification failed
+
+ # Default setting for Postfix 2.7 and later.
+ # Note 1: Be sure to read the "<a href="#caching">Caching</a>" section below!
+ # Note 2: Avoid hash files here. Use btree or lmdb instead.
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/verify
+</pre>
+</blockquote>
+
+<p> This is also a good way to populate your cache with address
+verification results before you start to actually reject mail. </p>
+
+<p> The sender_access restriction is needed to allowlist domains
+or addresses that are known to be OK. Although Postfix will not
+mark a known-to-be-good address as bad after a probe fails, it is
+better to be safe than sorry. </p>
+
+<p> NOTE: You will have to allowlist sites such as securityfocus.com
+and other sites that operate mailing lists that use a different
+sender address for each posting (VERP). Such addresses pollute
+the address verification cache quickly, and generate unnecessary
+sender verification probes. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/sender_access
+ securityfocus.com OK
+ ...
+</pre>
+</blockquote>
+
+<p> The "<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>" restriction blocks mail from
+non-existent domains. Putting this before "<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>"
+avoids the overhead of generating unnecessary probe messages. </p>
+
+<p> The <a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter (default 450)
+specifies the numerical Postfix server reply code when a sender
+address is known to
+bounce. Change this setting into 550 when you trust Postfix's
+judgments. </p>
+
+<p> The following features are available in Postfix 2.6 and later.
+</p>
+
+<p> The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> parameter (default 450) specifies
+the numerical Postfix SMTP server reply code when a sender address
+verification probe fails with some temporary error. Specify a valid
+2xx or 4xx code. </p>
+
+<p> The <a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> parameter (default:
+empty) specifies fixed text that Postfix will send to remote SMTP
+clients, instead of sending actual address verification details.
+Do not specify the SMTP status code or enhanced status code. </p>
+
+<p> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter (default:
+<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>) specifies the Postfix SMTP server action when a
+sender address verification probe fails with some temporary error.
+</p>
+
+<h2><a name="caching">Address verification database</a></h2>
+
+<p> To improve performance, the Postfix <a href="verify.8.html">verify(8)</a> daemon can save
+address verification results to a persistent database. This is
+enabled by default with Postfix 2.7 and later. The
+<a href="postconf.5.html#address_verify_map">address_verify_map</a> (NOTE: singular) configuration parameter specifies
+persistent storage for sender or recipient address verification
+results. If you specify an empty value, all address verification
+results are lost after "postfix reload" or "postfix stop". </p>
+
+<blockquote>
+<pre>
+# Example 1: Default setting for Postfix 2.7 and later.
+# Note: avoid hash files here. Use btree or lmdb instead.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+
+# Example 2: Shared persistent <a href="lmdb_table.5.html">lmdb</a>: cache (Postfix 2.11 or later).
+# Disable automatic cache cleanup in all Postfix instances except
+# for one instance that will be responsible for cache cleanup.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="lmdb_table.5.html">lmdb</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+ # <a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> = 0
+
+# Example 3: Shared persistent <a href="DATABASE_README.html#types">btree</a>: cache (Postfix 2.9 or later).
+# Disable automatic cache cleanup in all Postfix instances except
+# for one instance that will be responsible for cache cleanup.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/verify_cache
+ # <a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> = 0
+
+# Example 4: Shared memory cache (requires Postfix 2.9 or later).
+# Disable automatic cache cleanup in all Postfix instances.
+# See <a href="memcache_table.5.html">memcache_table(5)</a> for details.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/verify-memcache.cf
+ <a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> = 0
+
+# Example 5: Default setting for Postfix 2.6 and earlier.
+# This uses non-persistent storage only.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#address_verify_map">address_verify_map</a> =
+</pre>
+</blockquote>
+
+<p> NOTE 1: The database file should be stored under a Postfix-owned
+directory, such as $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
+
+<blockquote> As of version 2.5, Postfix no longer uses root privileges
+when opening this file. To maintain backwards compatibility, an
+attempt to open the file under a non-Postfix directory is redirected
+to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If
+you wish to continue using a pre-existing database file, change its
+file ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a> parameter,
+and either move the file to the <a href="postconf.5.html#data_directory">data_directory</a>, or move it to some
+other Postfix-owned directory. </blockquote>
+
+<p> NOTE 2: Do not put this file in a file system that may run out
+of space. When the address verification table gets corrupted the
+world comes to an end and YOU will have to MANUALLY fix things as
+described in the next section. Meanwhile, you will not receive mail
+via SMTP. </p>
+
+<p> NOTE 3: The <a href="verify.8.html">verify(8)</a> daemon will create a new database when
+none exists. It will open or create the file before entering the
+chroot jail. </p>
+
+<h2><a name="dirty_secret">Managing the address verification
+database</a></h2>
+
+<p> The <a href="verify.8.html">verify(8)</a> manual page describes parameters that control how
+long address verification results are cached before they need to
+be refreshed, and how long results can remain "unrefreshed" before
+they expire. Postfix uses different controls for positive results
+(address was accepted) and for negative results (address was rejected,
+or address verification failed for some other reason). </p>
+
+<p> The <a href="verify.8.html">verify(8)</a> daemon will periodically remove expired entries
+from the address verification database, and log the number of entries
+retained and dropped (Postfix versions 2.7 and later). A cleanup
+run is logged as "partial" when the daemon terminates early because
+of "postfix reload, "postfix stop", or because the daemon received
+no requests for $<a href="postconf.5.html#max_idle">max_idle</a> seconds. Postfix versions 2.6 and earlier
+do not implement automatic address verification database cleanup.
+There, the database is managed manually as described next. </p>
+
+<p> When the address verification database file becomes too big,
+or when it becomes corrupted, the solution is to manually rename
+or delete (NOT: truncate) the file and run "postfix reload". The
+<a href="verify.8.html">verify(8)</a> daemon will then create a new database file. </p>
+
+<h2><a name="probe_routing">Controlling the routing of address
+verification probes</a></h2>
+
+<p> By default, Postfix sends address verification probe messages
+via the same route as regular mail, because that normally produces
+the most accurate result. It's no good to verify a local address
+by connecting to your own SMTP port; that just triggers all kinds
+of mailer loop alarms. The same is true for any destination that
+your machine is best MX host for: hidden domains, virtual domains,
+etc. </p>
+
+<p> However, some sites have a complex infrastructure where mail
+is not sent directly to the Internet, but is instead given to an
+intermediate <a href="postconf.5.html#relayhost">relayhost</a>. This is a problem for address verification,
+because remote Internet addresses can be verified only when Postfix
+can access remote destinations directly. </p>
+
+<p> For this reason, Postfix allows you to override the routing
+parameters when it delivers an address verification probe message.
+</p>
+
+<p> First, the <a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> parameter allows you to
+override the <a href="postconf.5.html#relayhost">relayhost</a> setting, and the <a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a>
+parameter allows you to override the <a href="postconf.5.html#transport_maps">transport_maps</a> setting.
+The <a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> parameter
+does the same for sender-dependent <a href="postconf.5.html#relayhost">relayhost</a> selection. </p>
+
+<p> Second, each address class is given its own address verification
+version of the message delivery transport, as shown in the table
+below. Address classes are defined in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
+file. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Domain list </th> <th> Regular transport</th> <th> Verify
+transport </th> </tr>
+
+<tr> <td> <a href="postconf.5.html#mydestination">mydestination</a> </td> <td> <a href="postconf.5.html#local_transport">local_transport</a> </td> <td>
+<a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> </td> <td> (not applicable) </td>
+<td> (not applicable) </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> </td> <td> <a href="postconf.5.html#virtual_transport">virtual_transport</a>
+</td> <td> <a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#relay_domains">relay_domains</a> </td> <td> <a href="postconf.5.html#relay_transport">relay_transport</a> </td> <td>
+<a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> </td> </tr>
+
+<tr> <td> (not applicable) </td> <td> <a href="postconf.5.html#default_transport">default_transport</a> </td> <td>
+<a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> By default, the parameters that control delivery of address
+probes have the same value as the parameters that control normal
+mail delivery. </p>
+
+<h2><a name="forced_examples">Forced probe routing examples</a></h2>
+
+<p> In a typical scenario one would override the <a href="postconf.5.html#relayhost">relayhost</a> setting
+for address verification probes and leave everything else alone:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+ <a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> =
+ ...
+</pre>
+</blockquote>
+
+<p> Sites behind a network address translation box might have to
+use a different SMTP client that sends the correct hostname
+information: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+ <a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> =
+ <a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> = direct_smtp
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ direct_smtp .. .. .. .. .. .. .. .. .. smtp
+ -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=nat.box.tld
+</pre>
+</blockquote>
+
+<h2><a name="forced_limitations">Limitations of forced probe routing</a></h2>
+
+<p> Inconsistencies can happen when probe messages don't follow
+the same path as regular mail. For example, a message can be
+accepted when it follows the regular route while an otherwise
+identical probe message is rejected when it follows the forced
+route. The opposite can happen, too, but is less likely. </p>
+
+</body>
+
+</html>
diff --git a/html/BACKSCATTER_README.html b/html/BACKSCATTER_README.html
new file mode 100644
index 0000000..c151006
--- /dev/null
+++ b/html/BACKSCATTER_README.html
@@ -0,0 +1,411 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Backscatter Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Backscatter Howto</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> This document describes features that require Postfix version
+2.0 or later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#wtf">What is backscatter mail?</a>
+
+<li><a href="#random">How do I block backscatter mail to random
+recipient addresses?</a>
+
+<li><a href="#real">How do I block backscatter mail to real
+recipient addresses?</a>
+
+<ul>
+
+<li><a href="#forged_helo">Blocking backscatter mail with forged
+mail server information</a>
+
+<li><a href="#forged_sender">Blocking backscatter mail with forged
+sender information</a>
+
+<li><a href="#forged_other">Blocking backscatter mail with other
+forged information</a>
+
+<li><a href="#scanner">Blocking backscatter mail from virus
+scanners</a>
+
+</ul>
+
+</ul>
+
+<p> The examples use Perl Compatible Regular Expressions (Postfix
+<a href="pcre_table.5.html">pcre</a>: tables), but also provide a translation to POSIX regular
+expressions (Postfix <a href="regexp_table.5.html">regexp</a>: tables). PCRE is preferred primarily
+because the implementation is often faster.</p>
+
+<h2><a name="wtf">What is backscatter mail?</a></h2>
+
+<p> When a spammer or worm sends mail with forged sender addresses,
+innocent sites are flooded with undeliverable mail notifications.
+This is called backscatter mail. With Postfix, you know that you're
+a backscatter victim when your logfile goes on and on like this:
+</p>
+
+<blockquote>
+<pre>
+Dec 4 04:30:09 hostname postfix/smtpd[58549]: NOQUEUE: reject:
+RCPT from xxxxxxx[x.x.x.x]: 550 5.1.1 &lt;yyyyyy@your.domain.here&gt;:
+Recipient address rejected: User unknown; from=&lt;&gt;
+to=&lt;yyyyyy@your.domain.here&gt; proto=ESMTP helo=&lt;zzzzzz&gt;
+</pre>
+</blockquote>
+
+<p> What you see are lots of "user unknown" errors with "from=&lt;&gt;".
+These are error reports from MAILER-DAEMONs elsewhere on the Internet,
+about email that was sent with a false sender address in your domain.
+</p>
+
+<h2><a name="random">How do I block backscatter mail to random
+recipient addresses?</a></h2>
+
+<p> If your machine receives backscatter mail to random addresses,
+configure Postfix to reject all mail for non-existent recipients
+as described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and
+<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documentation. </p>
+
+<p> If your machine runs Postfix 2.0 and earlier, disable the "pause
+before reject" feature in the SMTP server. If your system is under
+stress then it should not waste time. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Not needed with Postfix 2.1 and later.
+ <a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> = 0
+
+ # Not needed with Postfix 2.4 and later.
+ <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 550
+</pre>
+</blockquote>
+
+<h2><a name="real">How do I block backscatter mail to real
+recipient addresses?</a></h2>
+
+<p> When backscatter mail passes the "unknown recipient" barrier,
+there still is no need to despair. Many mail systems are kind
+enough to attach the message headers of the undeliverable mail in
+the non-delivery notification. These message headers contain
+information that you can use to recognize and block forged mail.
+</p>
+
+<h3><a name="forged_helo">Blocking backscatter mail with forged
+mail server information</a></h3>
+
+<p> Although my email address is "wietse@porcupine.org", all my
+mail systems announce themselves with the SMTP HELO command as
+"hostname.porcupine.org". Thus, if returned mail has a Received:
+message header like this: </p>
+
+<blockquote>
+<pre>
+Received: from porcupine.org ...
+</pre>
+</blockquote>
+
+<p> Then I know that this is almost certainly forged mail (almost;
+see <a href="#caveats">next section</a> for the fly in the ointment).
+Mail that is really
+sent by my systems looks like this: </p>
+
+<blockquote>
+<pre>
+Received: from hostname.porcupine.org ...
+</pre>
+</blockquote>
+
+<p> For the same reason the following message headers are very likely
+to be the result of forgery:</p>
+
+<blockquote>
+<pre>
+Received: from host.example.com ([1.2.3.4] helo=porcupine.org) ...
+Received: from [1.2.3.4] (port=12345 helo=porcupine.org) ...
+Received: from host.example.com (HELO porcupine.org) ...
+Received: from host.example.com (EHLO porcupine.org) ...
+</pre>
+</blockquote>
+
+<p> Some forgeries show up in the way that a mail server reports
+itself in Received: message headers. Keeping in mind that all my
+systems have a mail server name of <i>hostname</i>.porcupine.org,
+the following is definitely a forgery:</p>
+
+<blockquote>
+<pre>
+Received: by porcupine.org ...
+Received: from host.example.com ( ... ) by porcupine.org ...
+</pre>
+</blockquote>
+
+<p> Another frequent sign of forgery is the Message-ID: header. My
+systems produce a Message-ID: of
+&lt;<i>stuff</i>@<i>hostname</i>.porcupine.org&gt;. The following
+are forgeries, especially the first one:
+
+<blockquote>
+<pre>
+Message-ID: &lt;1cb479435d8eb9.2beb1.qmail@porcupine.org&gt;
+Message-ID: &lt;yulszqocfzsficvzzju@porcupine.org&gt;
+</pre>
+</blockquote>
+
+<p> To block such backscatter I use <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>
+patterns like this: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
+ <a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
+
+/etc/postfix/header_checks:
+ # Do not indent the patterns between "if" and "endif".
+ if /^Received:/
+ /^Received: +from +(porcupine\.org) +/
+ reject forged client name in Received: header: $1
+ /^Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
+ reject forged client name in Received: header: $2
+ /^Received:.* +by +(porcupine\.org)\b/
+ reject forged mail server name in Received: header: $1
+ endif
+ /^Message-ID:.* &lt;!&amp;!/ DUNNO
+ /^Message-ID:.*@(porcupine\.org)/
+ reject forged domain name in Message-ID: header: $1
+
+/etc/postfix/body_checks:
+ # Do not indent the patterns between "if" and "endif".
+ if /^[&gt; ]*Received:/
+ /^[&gt; ]*Received: +from +(porcupine\.org) /
+ reject forged client name in Received: header: $1
+ /^[&gt; ]*Received: +from +[^ ]+ +\(([^ ]+ +[he]+lo=|[he]+lo +)(porcupine\.org)\)/
+ reject forged client name in Received: header: $2
+ /^[&gt; ]*Received:.* +by +(porcupine\.org)\b/
+ reject forged mail server name in Received: header: $1
+ endif
+ /^[&gt; ]*Message-ID:.* &lt;!&amp;!/ DUNNO
+ /^[&gt; ]*Message-ID:.*@(porcupine\.org)/
+ reject forged domain name in Message-ID: header: $1
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
+modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
+
+<li> <p> The example is simplified for educational purposes. In
+reality my patterns list multiple domain names, as
+"<tt>(domain|domain|...)</tt>". </p>
+
+<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
+the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
+
+<li> <p> The "<tt>\(</tt>" and "<tt>\)</tt>" match "<tt>(</tt>"
+and "<tt>)</tt>" literally. Without the "<tt>\</tt>", the "<tt>(</tt>"
+and "<tt>)</tt>" would be grouping operators. </p>
+
+<li> <p> The "<tt>\b</tt>" is used here to match the end of a word.
+If you use <a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&gt;:]]</tt>" (on some
+systems you should specify "<tt>\&gt;</tt>" instead; for details
+see your system documentation).
+
+<li> <p> The "if /pattern/" and "endif" eliminate unnecessary
+matching attempts. DO NOT indent lines starting with /pattern/
+between the "if" and "endif"! </p>
+
+<li> <p> The two "<tt>Message-ID:.* &lt;!&amp;!</tt>" rules are
+workarounds for some versions of Outlook express, as described in
+the <a href="#caveats"> caveats </a> section below.
+
+</ul>
+
+<p><a name="caveats"><strong>Caveats</strong></a></p>
+
+<ul>
+
+<li>
+
+<p> Netscape Messenger (and reportedly, Mozilla) sends a HELO name
+that is identical to the sender address domain part. If you have
+such clients then the above patterns would block legitimate email.
+</p>
+
+<p> My network has only one such machine, and to prevent its mail
+from being blocked I have configured it to send mail as
+user@hostname.porcupine.org. On the Postfix server, a canonical
+mapping translates this temporary address into user@porcupine.org.
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
+
+/etc/postfix/canonical:
+ @hostname.porcupine.org @porcupine.org
+</pre>
+</blockquote>
+
+<p> This is of course practical only when you have very few systems
+that send HELO commands like this, and when you never have to send
+mail to a user on such a host. </p>
+
+<p> An alternative would be to remove the hostname from
+"hostname.porcupine.org" with address
+masquerading, as described in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
+</p>
+
+<li> <p> Reportedly, Outlook 2003 (perhaps Outlook Express, and
+other versions as well) present substantially different Message-ID
+headers depending upon whether or not a DSN is requested (via Options
+"Request a delivery receipt for this message"). </p>
+
+<p> When a DSN is requested, Outlook 2003 uses a Message-ID string
+that ends in the sender's domain name: </p>
+
+<blockquote>
+<pre>
+Message-ID: &lt;!&amp;! ...very long string... ==@example.com&gt;
+</pre>
+</blockquote>
+
+<p> where <i>example.com</i> is the domain name part of the email
+address specified in Outlook's account settings for the user. Since
+many users configure their email addresses as <i>username@example.com</i>,
+messages with DSN turned on will trigger the REJECT action in the
+previous section. </p>
+
+<p> If you have such clients then you can exclude their Message-ID
+strings with the two "<tt>Message-ID:.* &lt;!&amp;!</tt>" patterns
+that are shown in the previous section. Otherwise you will not be
+able to use the two backscatter rules to stop forged Message ID
+strings. Of course this workaround may break the next time Outlook
+is changed. </p>
+
+</ul>
+
+<h3><a name="forged_sender">Blocking backscatter mail with forged
+sender information</a></h3>
+
+Like many people I still have a few email addresses in domains that
+I used in the past. Mail for those addresses is forwarded to my
+current address. Most of the backscatter mail that I get claims
+to be sent from these addresses. Such mail is obviously forged
+and is very easy to stop.
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks
+ <a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
+
+/etc/postfix/header_checks:
+ /^(From|Return-Path):.*\b(user@domain\.tld)\b/
+ reject forged sender address in $1: header: $2
+
+/etc/postfix/body_checks:
+ /^[&gt; ]*(From|Return-Path):.*\b(user@domain\.tld)\b/
+ reject forged sender address in $1: header: $2
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The example uses <a href="pcre_table.5.html">pcre</a>: tables mainly for speed; with minor
+modifications, you can use <a href="regexp_table.5.html">regexp</a>: tables as explained below. </p>
+
+<li> <p> The example is simplified for educational purposes. In
+reality, my patterns list multiple email addresses as
+"<tt>(user1@domain1\.tld|user2@domain2\.tld)</tt>". </p>
+
+<li> <p> The two "<tt>\b</tt>" as used in "<tt>\b(user@domain\.tld)\b</tt>"
+match the beginning and end of a word, respectively. If you use
+<a href="regexp_table.5.html">regexp</a>: tables, specify "<tt>[[:&lt;:]]</tt> and <tt>[[:&gt;:]]</tt>"
+(on some systems you should specify "<tt>\&lt;</tt> and <tt>\&gt;</tt>"
+instead; for details see your system documentation). </p>
+
+<li> <p> The "<tt>\.</tt>" matches "<tt>.</tt>" literally. Without
+the "<tt>\</tt>", the "<tt>.</tt>" would match any character. </p>
+
+</ul>
+
+<h3><a name="forged_other">Blocking backscatter mail with other
+forged information</a></h3>
+
+<p> Another sign of forgery can be found in the IP address that is
+recorded in Received: headers next to your HELO host or domain name.
+This information must be used with care, though. Some mail servers
+are behind a network address translator and never see the true
+client IP address. </p>
+
+<h3><a name="scanner">Blocking backscatter mail from virus
+scanners</a></h3>
+
+<p> With all the easily recognizable forgeries eliminated, there
+is one category of backscatter mail that remains, and that is
+notifications from virus scanner software. Unfortunately, some
+virus scanning software doesn't know that viruses forge sender
+addresses. To make matters worse, the software also doesn't know
+how to report a mail delivery problem, so that we cannot use the
+above techniques to recognize forgeries. </p>
+
+<p> Recognizing virus scanner mail is an error prone process,
+because there is a lot of variation in report formats. The following
+is only a small example of message header patterns. For a large
+collection of header and body patterns that recognize virus
+notification email, see
+<a href="https://web.archive.org/web/20100317123907/http://std.dkuug.dk/keld/virus/">https://web.archive.org/web/20100317123907/http://std.dkuug.dk/keld/virus/</a>
+or <a href="http://www.t29.dk/antiantivirus.txt">http://www.t29.dk/antiantivirus.txt</a>. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/header_checks:
+ /^Subject: *Your email contains VIRUSES/ DISCARD virus notification
+ /^Content-Disposition:.*VIRUS1_DETECTED_AND_REMOVED/
+ DISCARD virus notification
+ /^Content-Disposition:.*VirusWarning.txt/ DISCARD virus notification
+</pre>
+</blockquote>
+
+<p> Note: these documents haven't been updated since 2004, so they
+are useful only as a starting point. </p>
+
+<p> A plea to virus or spam scanner operators: please do not make
+the problem worse by sending return mail to forged sender addresses.
+You're only harassing innocent people. If you must return mail to
+the purported sender, please return the full message headers, so
+that the sender can filter out the obvious forgeries. </p>
+
+</body>
+
+</html>
diff --git a/html/BASIC_CONFIGURATION_README.html b/html/BASIC_CONFIGURATION_README.html
new file mode 100644
index 0000000..d58d52a
--- /dev/null
+++ b/html/BASIC_CONFIGURATION_README.html
@@ -0,0 +1,685 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title> Postfix Basic Configuration </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Basic Configuration </h1>
+
+<hr>
+
+<h2> Introduction </h2>
+
+<p> Postfix has several hundred configuration parameters that are
+controlled via the <a href="postconf.5.html">main.cf</a> file. Fortunately, all parameters have
+sensible default values. In many cases, you need to configure only
+two or three parameters before you can start to play with the mail
+system. Here's a quick introduction to the syntax: </p>
+
+<ul>
+
+<li> <p> <a href="#syntax">Postfix configuration files</a></p>
+
+</ul>
+
+<p> The text below assumes that you already have Postfix installed
+on the system, either by compiling the source code yourself (as
+described in the <a href="INSTALL.html">INSTALL</a> file) or by installing an already compiled
+version. </p>
+
+<p> This document covers basic Postfix configuration. Information
+about how to configure Postfix for specific applications such as
+mailhub, firewall or dial-up client can be found in the
+<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> file. But don't go there until you
+already have covered the material presented below. </p>
+
+<p> The first parameters of interest specify the machine's identity
+and role in the network. </p>
+
+<ul>
+
+<li> <p> <a href="#myorigin"> What domain name to use in outbound mail </a> </p>
+
+<li> <p> <a href="#mydestination"> What domains to receive mail for </a> </p>
+
+<li> <p> <a href="#relay_from"> What clients to relay mail from </a> </p>
+
+<li> <p> <a href="#relay_to"> What destinations to relay mail to </a> </p>
+
+<li> <p> <a href="#relayhost"> What delivery method: direct or
+indirect </a> </p>
+
+</ul>
+
+<p> The default values for many other configuration parameters are
+derived from just these. </p>
+
+<p> The next parameter of interest controls the amount of mail sent
+to the local postmaster: </p>
+
+<ul>
+
+<li> <p> <a href="#notify"> What trouble to report to the postmaster
+</a> </p>
+
+</ul>
+
+<p> Be sure to set the following correctly if you're behind a proxy or
+network address translator, and you are running a backup MX host
+for some other domain: </p>
+
+<ul>
+
+<li> <p> <a href="#proxy_interfaces"> Proxy/NAT external network
+addresses </a> </p>
+
+</ul>
+
+<p> Postfix daemon processes run in the background, and log problems
+and normal activity to the syslog daemon. Here are a few things
+that you need to be aware of: </p>
+
+<ul>
+
+<li> <p> <a href="#syslog_howto"> What you need to know about
+Postfix logging </a> </p>
+
+</ul>
+
+<p> If your machine has unusual security requirements you may
+want to run Postfix daemon processes inside a chroot environment. </p>
+
+<ul>
+
+<li> <p> <a href="#chroot_setup"> Running Postfix daemon processes
+chrooted </a> </p>
+
+</ul>
+<p> If you run Postfix on a virtual network interface, or if your
+machine runs other mailers on virtual interfaces, you'll have to
+look at the other parameters listed here as well: </p>
+
+<ul>
+
+<li> <p> <a href="#myhostname"> My own hostname </a> </p>
+
+<li> <p> <a href="#mydomain"> My own domain name </a> </p>
+
+<li> <p> <a href="#inet_interfaces"> My own network addresses </a> </p>
+
+</ul>
+
+<h2> <a name="syntax">Postfix configuration files</a></h2>
+
+<p> By default, Postfix configuration files are in /etc/postfix.
+The two most important files are <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>; these files
+must be owned by root. Giving someone else write permission to
+<a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> (or to their parent directories) means giving
+root privileges to that person. </p>
+
+<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a> you will have to set up a minimal number
+of configuration parameters. Postfix configuration parameters
+resemble shell variables, with two important differences: the first
+one is that Postfix does not know about quotes like the UNIX shell
+does.</p>
+
+<p> You specify a configuration parameter as: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ parameter = value
+</pre>
+</blockquote>
+
+<p> and you use it by putting a "$" character in front of its name: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ other_parameter = $parameter
+</pre>
+</blockquote>
+
+<p> You can use $parameter before it is given a value (that is the
+second main difference with UNIX shell variables). The Postfix
+configuration language uses lazy evaluation, and does not look at
+a parameter value until it is needed at runtime. </p>
+
+<p> Postfix uses database files for access control, address rewriting
+and other purposes. The <a href="DATABASE_README.html">DATABASE_README</a> file gives an introduction
+to how Postfix works with Berkeley DB, LDAP or SQL and other types.
+Here is a common example of how Postfix invokes a database: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+</pre>
+</blockquote>
+
+<p> Whenever you make a change to the <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> file,
+execute the following command as root in order to refresh a running
+mail system: </p>
+
+<blockquote>
+<pre>
+# postfix reload
+</pre>
+</blockquote>
+
+<h2> <a name="myorigin"> What domain name to use in outbound mail </a> </h2>
+
+<p> The <a href="postconf.5.html#myorigin">myorigin</a> parameter specifies the domain that appears in
+mail that is posted on this machine. The default is to use the
+local machine name, $<a href="postconf.5.html#myhostname">myhostname</a>, which defaults to the name of the
+machine. Unless you are running a really small site, you probably
+want to change that into $<a href="postconf.5.html#mydomain">mydomain</a>, which defaults to the parent
+domain of the machine name. </p>
+
+<p> For the sake of consistency between sender and recipient addresses,
+<a href="postconf.5.html#myorigin">myorigin</a> also specifies the domain name that is appended
+to an unqualified recipient address. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#myhostname">myhostname</a> (default: send mail as "user@$<a href="postconf.5.html#myhostname">myhostname</a>")
+ <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (probably desirable: "user@$<a href="postconf.5.html#mydomain">mydomain</a>")
+</pre>
+</blockquote>
+
+<h2><a name="mydestination"> What domains to receive mail for </a>
+</h2>
+
+<p> The <a href="postconf.5.html#mydestination">mydestination</a> parameter specifies what domains this
+machine will deliver locally, instead of forwarding to another
+machine. The default is to receive mail for the machine itself.
+See the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file for how to configure Postfix for
+<a href="VIRTUAL_README.html#canonical">hosted domains</a>. </p>
+
+<p> You can specify zero or more domain names, "/file/name" patterns
+and/or "<a href="DATABASE_README.html">type:table</a>" lookup tables (such as <a href="DATABASE_README.html#types">hash</a>:, <a href="DATABASE_README.html#types">btree</a>:, nis:, <a href="ldap_table.5.html">ldap</a>:,
+or <a href="mysql_table.5.html">mysql</a>:), separated by whitespace and/or commas. A "/file/name"
+pattern is replaced by its contents; "<a href="DATABASE_README.html">type:table</a>" requests that a
+table lookup is done and merely tests for existence: the lookup
+result is ignored. </p>
+
+<p> IMPORTANT: If your machine is a mail server for its entire
+domain, you must list $<a href="postconf.5.html#mydomain">mydomain</a> as well. </p>
+
+<p> Example 1: default setting. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost
+</pre>
+</blockquote>
+
+<p> Example 2: domain-wide mail server. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost $<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+</blockquote>
+
+<p> Example 3: host with multiple DNS A records. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost
+ www.$<a href="postconf.5.html#mydomain">mydomain</a> ftp.$<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+</blockquote>
+
+<p> Caution: in order to avoid mail delivery loops, you must list all
+hostnames of the machine, including $<a href="postconf.5.html#myhostname">myhostname</a>, and localhost.$<a href="postconf.5.html#mydomain">mydomain</a>. </p>
+
+<h2> <a name="relay_from"> What clients to relay mail from </a> </h2>
+
+<p> By default, Postfix will forward mail from clients in authorized
+network blocks to any destination. Authorized networks are defined
+with the <a href="postconf.5.html#mynetworks">mynetworks</a> configuration parameter. The current default is to
+authorize the local machine only. Prior to Postfix 3.0, the default
+was to authorize all clients in the IP subnetworks that the local
+machine is attached to. </p>
+
+<p> Postfix can also be configured to relay mail from "mobile"
+clients that send mail from outside an authorized network block.
+This is explained in the <a href="SASL_README.html">SASL_README</a> and <a href="TLS_README.html">TLS_README</a> documents. </p>
+
+<p> IMPORTANT: If your machine is connected to a wide area network
+then the "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" setting may be too friendly. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet (not safe on a wide area network)
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host (authorize local machine only)
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 (authorize local machine only)
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.2/32 (authorize local machine)
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.2/28 (authorize local networks)
+</pre>
+</blockquote>
+
+<p> You can specify the trusted networks in the <a href="postconf.5.html">main.cf</a> file, or
+you can let Postfix do the work for you. The default is to let
+Postfix do the work. The result depends on the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a>
+parameter value.
+
+<ul>
+
+<li> <p> Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" (the default when
+<a href="postconf.5.html#compatibility_level">compatibility_level</a> &ge; 2) when Postfix should forward mail from
+only the local machine. </p>
+
+<li> <p> Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" (the default when
+<a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 2) when Postfix should forward mail from
+SMTP clients in the same IP subnetworks as the local machine.
+On Linux, this works correctly only with interfaces specified
+with the "ifconfig" or "ip" command. </p>
+
+<li> <p> Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should
+forward mail from SMTP clients in the same IP class A/B/C networks
+as the local machine. Don't do this with a dialup site - it would
+cause Postfix to "trust" your entire provider's network. Instead,
+specify an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described below.
+</p>
+
+</ul>
+
+<p> Alternatively, you can specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand,
+in which case Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting.
+To specify the list of trusted networks by hand, specify network
+blocks in CIDR (network/mask) notation, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
+</pre>
+</blockquote>
+
+<p> You can also specify the absolute pathname of a pattern file instead
+of listing the patterns in the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<h2> <a name="relay_to"> What destinations to relay mail to </a> </h2>
+
+<p> By default, Postfix will forward mail from strangers (clients outside
+authorized networks) to authorized remote destinations only.
+Authorized remote
+destinations are defined with the <a href="postconf.5.html#relay_domains">relay_domains</a> configuration
+parameter. The default is to authorize all domains (and subdomains)
+of the domains listed with the <a href="postconf.5.html#mydestination">mydestination</a> parameter. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydestination">mydestination</a> (default)
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = (safe: never forward mail from strangers)
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (forward mail to my domain and subdomains)
+</pre>
+</blockquote>
+
+<h2> <a name="relayhost"> What delivery method: direct or
+indirect </a> </h2>
+
+<p> By default, Postfix tries to deliver mail directly to the
+Internet. Depending on your local conditions this may not be possible
+or desirable. For example, your system may be turned off outside
+office hours, it may be behind a firewall, or it may be connected
+via a provider who does not allow direct mail to the Internet. In
+those cases you need to configure Postfix to deliver mail indirectly
+via a <a href="postconf.5.html#relayhost">relay host</a>. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = (default: direct delivery to Internet)
+ <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (deliver via local mailhub)
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.$<a href="postconf.5.html#mydomain">mydomain</a>] (deliver via local mailhub)
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.tld] (deliver via provider mailhub)
+</pre>
+</blockquote>
+
+<p> The form enclosed with <tt>[]</tt> eliminates DNS MX lookups.
+Don't worry if you don't know what that means. Just be sure to
+specify the <tt>[]</tt> around the mailhub hostname that your ISP
+gave to you, otherwise mail may be mis-delivered. </p>
+
+<p> The <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> file has more hints and tips
+for firewalled and/or dial-up networks. </p>
+
+<h2> <a name="notify"> What trouble to report to the postmaster</a> </h2>
+
+<p> You should set up a postmaster alias in the <a href="aliases.5.html">aliases(5)</a> table
+that directs mail to a human person. The postmaster address is
+required to exist, so that people can report mail delivery problems.
+While you're updating the <a href="aliases.5.html">aliases(5)</a> table, be sure to direct mail
+for the super-user to a human person too. </p>
+
+<blockquote>
+<pre>
+/etc/aliases:
+ postmaster: you
+ root: you
+</pre>
+</blockquote>
+
+<p> Execute the command "newaliases" after changing the aliases
+file. Instead of /etc/aliases, your alias file may be located
+elsewhere. Use the command "postconf <a href="postconf.5.html#alias_maps">alias_maps</a>" to find out.</p>
+
+<p> The Postfix system reports problems to the postmaster alias.
+You may not be interested in all types of trouble reports, so this
+reporting mechanism is configurable. The default is to report only
+serious problems (resource, software) to postmaster: </p>
+
+<p> Default setting: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#notify_classes">notify_classes</a> = resource, software
+</pre>
+</blockquote>
+
+<p> The meaning of the classes is as follows: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> bounce </dt> <dd> Inform the postmaster of undeliverable
+mail. Either send the postmaster a copy of undeliverable mail that
+is returned to the sender, or send a transcript of the SMTP session
+when Postfix rejected mail. For privacy reasons, the postmaster
+copy of undeliverable mail is truncated after the original message
+headers. This implies "2bounce" (see below). See also the
+<a href="postconf.5.html#luser_relay">luser_relay</a> feature. The notification is sent to the address
+specified with the <a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter
+(default: postmaster). </dd>
+
+<dt> 2bounce </dt> <dd> When Postfix is unable to return undeliverable
+mail to the sender, send it to the postmaster instead (without
+truncating the message after the primary headers). The notification
+is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a>
+configuration parameter (default: postmaster). </dd>
+
+<dt> delay </dt> <dd> Inform the postmaster of delayed mail. In
+this case, the postmaster receives message headers only. The
+notification is sent to the address specified with the
+<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster).
+</dd>
+
+<dt> policy </dt> <dd> Inform the postmaster of client requests
+that were rejected because of (UCE) policy restrictions. The
+postmaster receives a transcript of the SMTP session. The notification
+is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a>
+configuration parameter (default: postmaster). </dd>
+
+<dt> protocol </dt> <dd> Inform the postmaster of protocol errors
+(client or server side) or attempts by a client to execute
+unimplemented commands. The postmaster receives a transcript of
+the SMTP session. The notification is sent to the address specified
+with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default:
+postmaster). </dd>
+
+<dt> resource </dt> <dd> Inform the postmaster of mail not delivered
+due to resource problems (for example, queue file write errors).
+The notification is sent to the address specified with the
+<a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default: postmaster).
+</dd>
+
+<dt> software </dt> <dd> Inform the postmaster of mail not delivered
+due to software problems. The notification is sent to the address
+specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter
+(default: postmaster). </dd>
+
+</dl>
+
+</blockquote>
+
+<h2><a name="proxy_interfaces"> Proxy/NAT external network
+addresses</a> </h2>
+
+<p> Some mail servers are connected to the Internet via a network
+address translator (NAT) or proxy. This means that systems on the
+Internet connect to the address of the NAT or proxy, instead of
+connecting to the network address of the mail server. The NAT or
+proxy forwards the connection to the network address of the mail
+server, but Postfix does not know this. </p>
+
+<p> If you run a Postfix server behind a proxy or NAT, you need to
+configure the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter and specify all the external
+proxy or NAT addresses that Postfix receives mail on. You may
+specify symbolic hostnames instead of network addresses. </p>
+
+<p> IMPORTANT: You must specify your proxy/NAT external addresses
+when your system is a backup MX host for other domains, otherwise
+mail delivery loops will happen when the primary MX host is down.
+</p>
+
+<p> Example: host behind NAT box running a backup MX host. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 (the proxy/NAT external network address)
+</pre>
+</blockquote>
+
+<h2> <a name="syslog_howto"> What you need to know about
+Postfix logging </a> </h2>
+
+<p> Postfix daemon processes run in the background, and log problems
+and normal activity to the syslog daemon. The syslogd process sorts
+events by class and severity, and appends them to logfiles. The
+logging classes, levels and logfile names are usually specified in
+/etc/syslog.conf. At the very least you need something like: </p>
+
+<blockquote>
+<pre>
+/etc/syslog.conf:
+ mail.err /dev/console
+ mail.debug /var/log/maillog
+</pre>
+</blockquote>
+
+<p> After changing the syslog.conf file, send a "HUP" signal to
+the syslogd process. </p>
+
+<p> IMPORTANT: many syslogd implementations will not create files.
+You must create files before (re)starting syslogd. </p>
+
+<p> IMPORTANT: on Linux you need to put a "-" character before the
+pathname, e.g., -/var/log/maillog, otherwise the syslogd process
+will use more system resources than Postfix. </p>
+
+<p> Hopefully, the number of problems will be small, but it is a good
+idea to run every night before the syslog files are rotated: </p>
+
+<blockquote>
+<pre>
+# postfix check
+# grep -E '(reject|warning|error|fatal|panic):' /some/log/file
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The first line (postfix check) causes Postfix to report
+file permission/ownership discrepancies. </p>
+
+<li> <p> The second line looks for problem reports from the mail
+software, and reports how effective the relay and junk mail access
+blocks are. This may produce a lot of output. You will want to
+apply some postprocessing to eliminate uninteresting information.
+</p>
+
+</ul>
+
+<p> The <a href="DEBUG_README.html#logging"> DEBUG_README </a>
+document describes the meaning of the "warning" etc. labels in
+Postfix logging. </p>
+
+<h2> <a name="chroot_setup"> Running Postfix daemon processes
+chrooted </a> </h2>
+
+<p> Postfix daemon processes can be configured (via the <a href="master.5.html">master.cf</a>
+file) to run in a chroot jail. The processes run at a fixed low
+privilege and with file system access limited to the Postfix queue
+directories (/var/spool/postfix). This provides a significant
+barrier against intrusion. The barrier is not impenetrable (chroot
+limits file system access only), but every little bit helps.</p>
+
+<p>With the exception of Postfix daemons that deliver mail locally
+and/or that execute non-Postfix commands, every Postfix daemon can
+run chrooted.</p>
+
+<p>Sites with high security requirements should consider to chroot
+all daemons that talk to the network: the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a>
+processes, and perhaps also the <a href="lmtp.8.html">lmtp(8)</a> client. The author's own
+porcupine.org mail server runs all daemons chrooted that can be
+chrooted. </p>
+
+<p>The default /etc/postfix/<a href="master.5.html">master.cf</a> file specifies that no Postfix
+daemon runs chrooted. In order to enable chroot operation, edit
+the file /etc/postfix/<a href="master.5.html">master.cf</a>, and follow instructions in the
+file. When you're finished, execute "postfix reload" to make the
+change effective. </p>
+
+<p>Note that a chrooted daemon resolves all filenames relative to
+the Postfix queue directory (/var/spool/postfix). For successful
+use of a chroot jail, most UNIX systems require you to bring in
+some files or device nodes. The examples/chroot-setup directory in
+the source code distribution has a collection of scripts that help
+you set up Postfix chroot environments on different operating
+systems.</p>
+
+<p> Additionally, you almost certainly need to configure syslogd
+so that it listens on a socket inside the Postfix queue directory.
+Examples of syslogd command line options that achieve this for
+specific systems: </p>
+
+<p> FreeBSD: <tt>syslogd -l /var/spool/postfix/var/run/log</tt> </p>
+
+<p> Linux, OpenBSD: <tt>syslogd -a /var/spool/postfix/dev/log</tt> </p>
+
+<h2><a name="myhostname"> My own hostname </a> </h2>
+
+<p> The <a href="postconf.5.html#myhostname">myhostname</a> parameter specifies the fully-qualified domain
+name of the machine running the Postfix system. $<a href="postconf.5.html#myhostname">myhostname</a>
+appears as the default value in many other Postfix configuration
+parameters. </p>
+
+<p> By default, <a href="postconf.5.html#myhostname">myhostname</a> is set to the local machine name. If
+your local machine name is not in fully-qualified domain name form,
+or if you run Postfix on a virtual interface, you will have to
+specify the fully-qualified domain name that the mail system should
+use. </p>
+
+<p> Alternatively, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in <a href="postconf.5.html">main.cf</a>, then Postfix
+will use its value to generate a fully-qualified default value
+for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#myhostname">myhostname</a> = host.local.domain (machine name is not FQDN)
+ <a href="postconf.5.html#myhostname">myhostname</a> = host.virtual.domain (virtual interface)
+ <a href="postconf.5.html#myhostname">myhostname</a> = virtual.domain (virtual interface)
+</pre>
+</blockquote>
+
+<h2><a name="mydomain"> My own domain name</a> </h2>
+
+<p> The <a href="postconf.5.html#mydomain">mydomain</a> parameter specifies the parent domain of
+$<a href="postconf.5.html#myhostname">myhostname</a>. By default, it is derived from $<a href="postconf.5.html#myhostname">myhostname</a>
+by stripping off the first part (unless the result would be a
+top-level domain). </p>
+
+<p> Conversely, if you specify <a href="postconf.5.html#mydomain">mydomain</a> in <a href="postconf.5.html">main.cf</a>, then Postfix
+will use its value to generate a fully-qualified default value
+for the <a href="postconf.5.html#myhostname">myhostname</a> parameter. </p>
+
+<p> Examples (specify only one of the following): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydomain">mydomain</a> = local.domain
+ <a href="postconf.5.html#mydomain">mydomain</a> = virtual.domain (virtual interface)
+</pre>
+</blockquote>
+
+<h2><a name="inet_interfaces">My own network addresses</a> </h2>
+
+<p>The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter specifies all network interface
+addresses that the Postfix system should listen on; mail addressed
+to "user@[network address]" will be delivered locally,
+as if it is addressed to a domain listed in $<a href="postconf.5.html#mydestination">mydestination</a>.</p>
+
+<p> You can override the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> setting in the Postfix
+<a href="master.5.html">master.cf</a> file by prepending an IP address to a server name. </p>
+
+<p> The default is to listen on all active interfaces. If you run
+mailers on virtual interfaces, you will have to specify what
+interfaces to listen on. </p>
+
+<p> IMPORTANT: If you run MTAs on virtual interfaces you must
+specify explicit <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> values for the MTA that receives
+mail for the machine itself: this MTA should never listen on the
+virtual interfaces or you would have a mailer loop when a virtual
+MTA is down. </p>
+
+<p> Example: default setting. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all
+</pre>
+</blockquote>
+
+<p> Example: host running one or more virtual mailers. For
+each Postfix instance, specify only one of the following. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = virtual.host.tld (virtual Postfix)
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost... (non-virtual Postfix)
+</pre>
+</blockquote>
+
+<p> Note: you need to stop and start Postfix after changing this
+parameter. </p>
+
+</body>
+
+</html>
diff --git a/html/BDAT_README.html b/html/BDAT_README.html
new file mode 100644
index 0000000..42c88a7
--- /dev/null
+++ b/html/BDAT_README.html
@@ -0,0 +1,179 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix BDAT (CHUNKING) support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+BDAT (CHUNKING) support</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix SMTP server supports <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> CHUNKING (the BDAT command)
+without BINARYMIME, in both <a href="smtpd.8.html">smtpd(8)</a> and <a href="postscreen.8.html">postscreen(8)</a>. It is enabled
+by default. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#disable"> Disabling BDAT support</a>
+
+<li><a href="#impact"> Impact on existing configurations</a>
+
+<li><a href="#example"> Example SMTP session</a>
+
+<li> <a href="#benefits">Benefits of CHUNKING (BDAT) support without BINARYMIME</a>
+
+<li> <a href="#downsides">Downsides of CHUNKING (BDAT) support</a>
+
+</ul>
+
+<h2> <a name="disable"> Disabling BDAT support </a> </h2>
+
+<p> BDAT support is enabled by default. To disable BDAT support
+globally: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # The logging alternative:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking
+ # The non-logging alternative:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking, silent-discard
+</pre>
+</blockquote>
+
+<p> Specify '-o <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>=' in <a href="master.5.html">master.cf</a>
+for the submission and smtps services, if you have clients
+that benefit from CHUNKING support. </p>
+
+<h2> <a name="impact"> Impact on existing configurations </a> </h2>
+
+<ul>
+
+<li> <p> There are no changes for smtpd_mumble_restrictions,
+<a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>, <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>, or for postscreen settings,
+except for the above mentioned option to suppress the SMTP server's
+CHUNKING service announcement. </p>
+
+<li> <p> There are no changes in the Postfix queue file content,
+no changes for down-stream SMTP servers or after-queue content
+filters, and no changes in the envelope or message content that
+Milters will receive. </p>
+
+</ul>
+
+<h2> <a name="example"> Example SMTP session</a> </h2>
+
+<p> The main differences are that the Postfix SMTP server announces
+"CHUNKING" support in the EHLO response, and that instead of sending
+one DATA request, the remote SMTP client may send one or more BDAT
+requests. In the example below, "S:" indicates server responses,
+and "C:" indicates client requests (bold font). </p>
+
+<blockquote>
+<pre>
+ S: 220 server.example.com
+ C: <b>EHLO client.example.com</b>
+ S: 250-server.example.com
+ S: 250-PIPELINING
+ S: 250-SIZE 153600000
+ S: 250-VRFY
+ S: 250-ETRN
+ S: 250-STARTTLS
+ S: 250-AUTH PLAIN LOGIN
+ S: 250-ENHANCEDSTATUSCODES
+ S: 250-8BITMIME
+ S: 250-DSN
+ S: 250-SMTPUTF8
+ S: 250 CHUNKING
+ C: <b>MAIL FROM:&lt;sender@example.com&gt;</b>
+ S: 250 2.1.0 Ok
+ C: <b>RCPT TO:&lt;recipient@example.com&gt;</b>
+ S: 250 2.1.5 Ok
+ C: <b>BDAT 10000</b>
+ C: <b>..followed by 10000 bytes...</b>
+ S: 250 2.0.0 Ok: 10000 bytes
+ C: <b>BDAT 123</b>
+ C: <b>..followed by 123 bytes...</b>
+ S: 250 2.0.0 Ok: 123 bytes
+ C: <b>BDAT 0 LAST</b>
+ S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
+ C: <b>QUIT</b>
+ S: 221 2.0.0 Bye
+</pre>
+</blockquote>
+
+<p> Internally in Postfix, there is no difference between mail that
+was received with BDAT or with DATA. Postfix smtpd_mumble_restrictions,
+policy delegation queries, <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> and Milters all behave
+as if Postfix received (MAIL + RCPT + DATA + end-of-data). However,
+Postfix will log BDAT-related failures as "xxx after BDAT" to avoid
+complicating troubleshooting (xxx = 'lost connection' or 'timeout'),
+and will log a warning when a client sends a malformed BDAT command.
+</p>
+
+<h2> <a name="benefits">Benefits of CHUNKING (BDAT) support without
+BINARYMIME</a> </h2>
+
+<p> Support for CHUNKING (BDAT) was added to improve interoperability
+with some clients, a benefit that would reportedly exist even without
+Postfix support for BINARYMIME. Since June 2018, Wietse's mail
+server has received BDAT commands from a variety of systems. </p>
+
+<p> Postfix does not support BINARYMIME at this time because: </p>
+
+<ul>
+
+<li> <p> BINARYMIME support would require moderately invasive
+changes to Postfix, to support email content that is not line-oriented.
+With BINARYMIME, the Content-Length: message header specifies the
+length of content that may or may not have line boundaries. Without
+BINARYMIME support, email RFCs require that binary content is
+base64-encoded, and formatted as lines of text. </p>
+
+<li> <p> For delivery to non-BINARYMIME systems including UNIX mbox,
+the available options are to convert binary content into 8bit text,
+one of the 7bit forms (base64 or quoted-printable), or to return
+email as undeliverable. Any conversion would obviously break digital
+signatures, so conversion would have to happen before signing. </p>
+
+</ul>
+
+<h2> <a name="downsides">Downsides of CHUNKING (BDAT) support</a>
+</h2>
+
+<p> The <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> authors did not specify any limitations on how
+clients may pipeline commands (i.e. send commands without waiting
+for a server response). If a server announces PIPELINING support,
+like Postfix does, then a remote SMTP client can pipeline all
+commands following EHLO, for example, MAIL/RCPT/BDAT/BDAT/MAIL/RCPT/BDAT,
+without ever having to wait for a server response. This means that
+with BDAT, the Postfix SMTP server cannot distinguish between a
+well-behaved client and a spambot, based on their command pipelining
+behavior. If you require "<a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>" to block spambots,
+then turn off Postfix's CHUNKING announcement as described above.
+</p>
+
+<p> In <a href="https://tools.ietf.org/html/rfc4468">RFC 4468</a>, the authors write that a client may pipeline
+commands, and that after sending BURL LAST or BDAT LAST, a client
+must wait for the server's response. But as this text does not
+appear in <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> which defines BDAT, it is a useless restriction
+that Postfix will not enforce. </p>
+
+</body>
+
+</html>
diff --git a/html/BUILTIN_FILTER_README.html b/html/BUILTIN_FILTER_README.html
new file mode 100644
index 0000000..31f80a8
--- /dev/null
+++ b/html/BUILTIN_FILTER_README.html
@@ -0,0 +1,489 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Built-in Content Inspection</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">
+Postfix Built-in Content Inspection</h1>
+
+<hr>
+
+<h2>Built-in content inspection introduction </h2>
+
+<p> Postfix supports a built-in filter mechanism that examines
+message header and message body content, one line at a time, before
+it is stored in the Postfix queue. The filter is usually implemented
+with POSIX or PCRE regular expressions, as described in the
+<a href="header_checks.5.html">header_checks(5)</a> manual page. </p>
+
+<p> The original purpose of the built-in filter is to stop an
+outbreak of specific email worms or viruses, and it does this job
+well. The filter has also helped to block bounced junk email,
+bounced email from worms or viruses, and notifications from virus
+detection systems. Information about this secondary application
+is given in the <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> document. </p>
+
+<p> Because the built-in filter is optimized for stopping specific
+worms and virus outbreaks, it has <a href="#limitations">limitations</a>
+that make it NOT suitable for general junk email and virus detection.
+For that, you should use one of the external content inspection
+methods that are described in the <a href="FILTER_README.html">FILTER_README</a>, <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>
+and <a href="MILTER_README.html">MILTER_README</a> documents. </p>
+
+<p> The following diagram gives an over-all picture of how Postfix
+built-in content inspection works: </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+ <td colspan="4"> <td bgcolor="#f0f0ff" align="center"
+ valign="middle"> Postmaster<br> notifications </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> <td align="center"> <tt> |<br>v </tt></td>
+
+</tr>
+
+<tr>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Network or<br> local users </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+
+ <b> Built-in<br> filter</b> </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> queue </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Delivery<br> agents </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Network or<br> local mailbox </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> <td align="center"> ^<br> <tt> | </tt> </td>
+ <td> </td> <td align="center"> <tt> |<br>v </tt> </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> <td colspan="3" bgcolor="#f0f0ff" align="center"
+ valign="middle"> Undeliverable mail<br> Forwarded mail</td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> The picture makes clear that the filter works while Postfix is
+receiving new mail. This means that Postfix can reject mail from
+the network without having to return undeliverable mail to the
+originator address (which is often spoofed anyway). However, this
+ability comes at a price: if mail inspection takes too much time,
+then the remote client will time out, and the client may send the
+same message repeatedly. </p>
+
+<p>Topics covered by this document: </p>
+
+<ul>
+
+<li><a href="#what">What mail is subjected to header/body checks </a>
+
+<li><a href="#limitations">Limitations of Postfix header/body checks </a>
+
+<li><a href="#daily">Preventing daily mail status reports from being blocked </a>
+
+<li><a href="#remote_only">Configuring header/body checks for mail from outside users only</a>
+
+<li><a href="#mx_submission">Configuring different header/body checks for MX service and submission service</a>
+
+<li><a href="#domain_except">Configuring header/body checks for mail to some domains only</a>
+
+</ul>
+
+<h2><a name="what">What mail is subjected to header/body checks </a></h2>
+
+<p> Postfix header/body checks are implemented by the <a href="cleanup.8.html">cleanup(8)</a>
+server before it injects mail into the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>. The diagram
+below zooms in on the <a href="cleanup.8.html">cleanup(8)</a> server, and shows that this server
+handles mail from many different sources. In order to keep the
+diagram readable, the sources of postmaster notifications are not
+shown, because they can be produced by many Postfix daemon processes.
+</p>
+
+<blockquote>
+
+<table>
+
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"
+valign="middle"> <a href="bounce.8.html">bounce(8)</a><br> (undeliverable) </td> </tr>
+
+<tr> <td bgcolor="#f0f0ff" align="center" valign="middle"> <b>
+<a href="smtpd.8.html">smtpd(8)</a><br> (network)</b> </td> <td align="left" valign="bottom">
+<tt> \ </tt> </td> <td align="center" valign="middle"> <tt> |<br>v
+</tt> </td> </tr>
+
+<tr> <td> </td> <td> </td> </tr>
+
+<tr> <td bgcolor="#f0f0ff" align="center" valign="middle"> <b>
+<a href="qmqpd.8.html">qmqpd(8)</a><br> (network)</b> </td> <td align="center" valign="middle">
+<tt> -\<br>-/ </tt> </td> <td bgcolor="#f0f0ff" align="center"
+valign="middle"> <a href="cleanup.8.html">cleanup(8)</a> </td> <td align="center" valign="middle">
+<tt> -&gt; </tt> </td> <td bgcolor="#f0f0ff" align="center"
+valign="middle"> <a href="QSHAPE_README.html#incoming_queue">
+incoming<br> queue </a> </td> </tr>
+
+<tr> <td bgcolor="#f0f0ff" align="center" valign="middle"> <b>
+<a href="pickup.8.html">pickup(8)</a><br> (local)</b> </td> <td align="left" valign="top"> <tt>
+/ </tt> </td> <td align="center" valign="middle"> ^<br> <tt> |
+</tt> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"
+valign="middle"> <a href="local.8.html">local(8)</a><br> (forwarded) </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> For efficiency reasons, only mail that enters from outside of
+Postfix is inspected with header/body checks. It would be inefficient
+to filter already filtered mail again, and it would be undesirable
+to block postmaster notifications. The table below summarizes what
+mail is and is not subject to header/body checks. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Message type </th> <th> Source </th> <th> Header/body checks? </th> </tr>
+
+<tr> <td> Undeliverable mail </td> <td> <a href="bounce.8.html">bounce(8)</a> </td> <td> No </td> </tr>
+
+<tr> <td> Network mail </td> <td> <a href="smtpd.8.html">smtpd(8)</a> </td> <td> Configurable </td> </tr>
+
+<tr> <td> Network mail </td> <td> <a href="qmqpd.8.html">qmqpd(8)</a> </td> <td> Configurable </td> </tr>
+
+<tr> <td> Local submission </td> <td> <a href="pickup.8.html">pickup(8)</a> </td> <td> Configurable </td> </tr>
+
+<tr> <td> Local forwarding </td> <td> <a href="local.8.html">local(8)</a> </td> <td> No </td> </tr>
+
+<tr> <td> Postmaster notice </td> <td> many </td> <td> No </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> How does Postfix decide what mail needs to be filtered? It
+would be clumsy to make the decision in the <a href="cleanup.8.html">cleanup(8)</a> server, as
+this program receives mail from so many different sources. Instead,
+header/body checks are requested by the source. Examples of how
+to turn off header/body checks for mail received with <a href="smtpd.8.html">smtpd(8)</a>,
+<a href="qmqpd.8.html">qmqpd(8)</a> or <a href="pickup.8.html">pickup(8)</a> are given below under "<a
+href="#remote_only">Configuring header/body checks for mail from
+outside users only</a>", "<a href="#mx_submission">Configuring
+different header/body checks for MX service and submission
+service</a>", and "<a href="#domain_except">Configuring
+header/body checks for mail to some domains only</a>". </p>
+
+<h2><a name="limitations">Limitations of Postfix header/body checks </a></h2>
+
+<ul>
+
+<li> <p> Header/body checks do not decode message headers or message
+body content. For example, if text in the message body is BASE64
+encoded (<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>) then your regular expressions will have to match
+the BASE64 encoded form. Likewise, message headers with encoded
+non-ASCII characters (<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>) need to be matched in their encoded
+form. </p>
+
+<li> <p> Header/body checks cannot filter on a combination of
+message headers or body lines. Header/body checks examine content
+one message header at a time, or one message body line at a time,
+and cannot carry a decision over to the next message header or body
+line. </p>
+
+<li> <p> Header/body checks cannot depend on the recipient of a
+message. </p>
+
+<ul>
+
+<li> <p> One message can have multiple recipients, and all recipients
+of a message receive the same treatment. Workarounds have been
+proposed that involve selectively deferring some recipients of
+multi-recipient mail, but that results in poor SMTP performance
+and does not work for non-SMTP mail. </p>
+
+<li> <p> Some sources of mail send the headers and content ahead
+of the recipient information. It would be inefficient to buffer up
+an entire message before deciding if it needs to be filtered, and
+it would be clumsy to filter mail and to buffer up all the actions
+until it is known whether those actions need to be executed. </p>
+
+</ul>
+
+<li> <p> Despite warnings, some people try to use the built-in
+filter feature for general junk email and/or virus blocking, using
+hundreds or even thousands of regular expressions. This can result
+in catastrophic performance failure. The symptoms are as follows:
+</p>
+
+<ul>
+
+<li> <p> The <a href="cleanup.8.html">cleanup(8)</a> processes use up all available CPU time in
+order to process the regular expressions, and/or they use up all
+available memory so that the system begins to swap. This slows down
+all incoming mail deliveries. </p>
+
+<li> <p> As Postfix needs more and more time to receive an email
+message, the number of simultaneous SMTP sessions increases to the
+point that the SMTP server process limit is reached. </p>
+
+<li> <p> While all SMTP server processes are waiting for the
+<a href="cleanup.8.html">cleanup(8)</a> servers to finish, new SMTP clients have to wait until
+an SMTP server process becomes available. This causes mail deliveries
+to time out before they have even begun. </p>
+
+</ul>
+
+<p> The remedy for this type of performance problem is simple:
+don't use header/body checks for general junk email and/or virus
+blocking, and don't filter mail before it is queued. When performance
+is a concern, use an external content filter that runs after mail
+is queued, as described in the <a href="FILTER_README.html">FILTER_README</a> document. </p>
+
+</ul>
+
+<h2><a name="daily">Preventing daily mail status reports from being blocked </a></h2>
+
+<p>The following is quoted from Jim Seymour's Pflogsumm FAQ at
+<a href="http://jimsun.linxnet.com/downloads/pflogsumm-faq.txt">http://jimsun.linxnet.com/downloads/pflogsumm-faq.txt</a>. Pflogsumm
+is a program that analyzes Postfix logs, including the logging from
+rejected mail. If these logs contain text that was rejected by
+Postfix <a href="postconf.5.html#body_checks">body_checks</a> patterns, then the logging is also likely to
+be rejected by those same <a href="postconf.5.html#body_checks">body_checks</a> patterns. This problem does
+not exist with <a href="postconf.5.html#header_checks">header_checks</a> patterns, because those are not applied
+to the text that is part of the mail status report. </p>
+
+<blockquote>
+
+<p>You configure Postfix to do body checks, Postfix does its thing,
+Pflogsumm reports it and Postfix catches the same string in the
+Pflogsumm report. There are several solutions to this. </p>
+
+<p> Wolfgang Zeikat contributed this: </p>
+
+<blockquote>
+<pre>
+#!/usr/bin/perl
+use MIME::Lite;
+
+### Create a new message:
+$msg = MIME::Lite-&gt;new(
+ From =&gt; 'your@send.er',
+ To =&gt; 'your@recipie.nt',
+ # Cc =&gt; 'some@other.com, some@more.com',
+ Subject =&gt; 'pflogsumm',
+ Date =&gt; `date`,
+ Type =&gt; 'text/plain',
+ Encoding =&gt; 'base64',
+ Path =&gt; '/tmp/pflogg',
+);
+
+$msg-&gt;send;
+</pre>
+</blockquote>
+
+<p> Where "/tmp/pflogg" is the output of Pflogsumm. This puts Pflogsumm's
+output in a base64 MIME attachment. </p>
+
+</blockquote>
+
+<p> Note by Wietse: if you run this on a machine that is accessible
+by untrusted users, it is safer to store the Pflogsumm report in
+a directory that is not world writable. </p>
+
+<blockquote>
+
+<p> In a follow-up to a thread in the postfix-users mailing list, Ralf
+Hildebrandt noted: </p>
+
+<blockquote> <p> "mpack does the same thing." </p> </blockquote>
+
+</blockquote>
+
+<p> And it does. Which tool one should use is a matter of preference.
+</p>
+
+<p> Other solutions involve additional <a href="postconf.5.html#body_checks">body_checks</a> rules that make
+exceptions for daily mail status reports, but this is not recommended.
+Such rules slow down all mail and complicate Postfix maintenance.
+</p>
+
+<h2><a name="remote_only">Configuring header/body checks for mail from outside users only</a></h2>
+
+<p> The following information applies to Postfix 2.1 and later.
+Earlier
+Postfix versions do not support the <a href="postconf.5.html#receive_override_options">receive_override_options</a> feature.
+</p>
+
+<p> The easiest approach is to configure ONE Postfix instance with
+multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>: </p>
+
+<ul>
+
+<li> <p> Two SMTP server IP addresses for mail from inside users
+only, with header/body filtering turned off, and a local mail pickup
+service with header/body filtering turned off. </p>
+
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # ==================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # ==================================================================
+ 1.2.3.4:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
+ 127.0.0.1:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
+ pickup fifo n - n 60 1 pickup
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
+</pre>
+
+<li> <p> Add some firewall rule to prevent access to 1.2.3.4:smtp
+from the outside world. </p>
+
+<li> <p> One SMTP server address for mail from outside users with
+header/body filtering turned on via <a href="postconf.5.html">main.cf</a>. </p>
+
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # =================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =================================================================
+ 1.2.3.5:smtp inet n - n - - smtpd
+</pre>
+
+</ul>
+
+<h2><a name="mx_submission">Configuring different header/body checks for MX service and submission service</a></h2>
+
+<p> If authorized user submissions require different header/body
+checks than mail from remote MTAs, then this is possible as long
+as you have separate mail streams for authorized users and for MX
+service. </p>
+
+<p> The example below assumes that authorized users connect to TCP
+port 587 (submission) or 465 (smtps), and that remote MTAs connect
+to TCP port 25 (smtp). </p>
+
+<p> First, we define a few "user-defined" parameters that will
+override settings for the submission and smtps services. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ msa_cleanup_service_name = msa_cleanup
+ msa_header_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/msa_header_checks
+ msa_body_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/msa_body_checks
+</pre>
+</blockquote>
+
+<p> Next, we define msa_cleanup as a dedicated cleanup service that
+will be used only by the submission and smtps services. This service
+uses the <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> overrides that were defined
+above. </p>
+
+<blockquote>
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # =================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =================================================================
+ smtp inet n - n - - smtpd
+ msa_cleanup unix n - n - 0 cleanup
+ -o <a href="postconf.5.html#header_checks">header_checks</a>=$msa_header_checks
+ -o <a href="postconf.5.html#body_checks">body_checks</a>=$msa_body_checks
+ submission inet n - n - - smtpd
+ -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$msa_cleanup_service_name
+ -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/submission
+ <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
+ smtps inet n - n - - smtpd
+ -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$msa_cleanup_service_name
+ -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/smtps
+ -o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes
+ <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
+</pre>
+</blockquote>
+
+<p> By keeping the "msa_xxx" parameter settings in <a href="postconf.5.html">main.cf</a>, you
+keep your <a href="master.5.html">master.cf</a> file simple, and you minimize the amount
+of duplication. </p>
+
+<h2><a name="domain_except">Configuring header/body checks for mail to some domains only</a></h2>
+
+<p> The following information applies to Postfix 2.1. Earlier
+Postfix versions do not support the <a href="postconf.5.html#receive_override_options">receive_override_options</a> feature.
+</p>
+
+<p> If you are an MX service provider and want to enable header/body
+checks only for some domains, you can configure ONE Postfix
+instance with multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>. Each
+address provides a different service. </p>
+
+<blockquote>
+
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # =================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =================================================================
+ # SMTP service for domains with header/body checks turned on.
+ 1.2.3.4:smtp inet n - n - - smtpd
+
+ # SMTP service for domains with header/body checks turned off.
+ 1.2.3.5:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
+</pre>
+</blockquote>
+
+<p> Once this is set up you can configure MX records in the DNS
+that route each domain to the proper SMTP server instance. </p>
+
+</body>
+
+</html>
diff --git a/html/CDB_README.html b/html/CDB_README.html
new file mode 100644
index 0000000..db8db96
--- /dev/null
+++ b/html/CDB_README.html
@@ -0,0 +1,110 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix CDB Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix CDB Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> CDB (Constant DataBase) is an indexed file format designed by
+Daniel Bernstein. CDB is optimized exclusively for read access
+and guarantees that each record will be read in at most two disk
+accesses. This is achieved by forgoing support for incremental
+updates: no single-record inserts or deletes are supported. CDB
+databases can be modified only by rebuilding them completely from
+scratch, hence the "constant" qualifier in the name. </p>
+
+<p> Postfix CDB databases are specified as "<a href="CDB_README.html">cdb</a>:<i>name</i>", where
+<i>name</i> specifies the CDB file name without the ".cdb" suffix
+(another suffix, ".tmp", is used temporarily while a CDB file is
+under construction). CDB databases are maintained with the <a href="postmap.1.html">postmap(1)</a>
+or <a href="postalias.1.html">postalias(1)</a> command. The <a href="DATABASE_README.html">DATABASE_README</a> document has general
+information about Postfix databases. </p>
+
+<p> CDB support is available with Postfix 2.2 and later releases.
+This document describes how to build Postfix with CDB support. </p>
+
+<h2>Building Postfix with CDB support</h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> Postfix is compatible with two CDB implementations: </p>
+
+<ul>
+
+<li> <p> The original cdb library from Daniel Bernstein, available
+from <a href="http://cr.yp.to/cdb.html">http://cr.yp.to/cdb.html</a>, and </p>
+
+<li> <p> tinycdb (version 0.5 and later) from Michael Tokarev,
+available from <a href="http://www.corpit.ru/mjt/tinycdb.html">http://www.corpit.ru/mjt/tinycdb.html</a>. </p>
+
+</ul>
+
+<p> Tinycdb is preferred, since it is a bit faster, has additional
+useful functionality and is much simpler to use. </p>
+
+<p>To build Postfix after you have installed tinycdb, use something
+like: </p>
+
+<blockquote>
+<pre>
+% make tidy
+% CDB=../../../tinycdb-0.5
+% make -f Makefile.init makefiles "CCARGS=-DHAS_CDB -I$CDB" \
+ "<a href="CDB_README.html">AUXLIBS_CDB</a>=$CDB/libcdb.a"
+% make
+</pre>
+</blockquote>
+
+<p> Alternatively, for the D.J.B. version of CDB:<p>
+
+<blockquote>
+<pre>
+% make tidy
+% CDB=../../../cdb-0.75
+% make -f Makefile.init makefiles "CCARGS=-DHAS_CDB -I$CDB" \
+ "<a href="CDB_README.html">AUXLIBS_CDB</a>=$CDB/cdb.a $CDB/alloc.a $CDB/buffer.a $CDB/unix.a $CDB/byte.a"
+% make
+</pre>
+</blockquote>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="CDB_README.html">AUXLIBS_CDB</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded CDB database client, but only the new
+<a href="CDB_README.html">AUXLIBS_CDB</a> variable supports building a dynamically-loaded or
+statically-loaded CDB database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="CDB_README.html">AUXLIBS_CDB</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have CDB database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> After Postfix has been built with cdb support, you can use
+"cdb" tables wherever you can use read-only "hash", "btree" or
+"dbm" tables. However, the "<b>postmap -i</b>" (incremental record
+insertion) and "<b>postmap -d</b>" (incremental record deletion)
+command-line options are not available. For the same reason the
+"cdb" map type cannot be used to store the persistent address
+verification cache for the <a href="verify.8.html">verify(8)</a> service, or to store
+TLS session information for the <a href="tlsmgr.8.html">tlsmgr(8)</a> service. </p>
diff --git a/html/COMPATIBILITY_README.html b/html/COMPATIBILITY_README.html
new file mode 100644
index 0000000..2b6a58b
--- /dev/null
+++ b/html/COMPATIBILITY_README.html
@@ -0,0 +1,595 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Backwards-Compatibility Safety Net</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Backwards-Compatibility Safety Net</h1>
+
+<hr>
+
+<h2>Purpose of this document </h2>
+
+<p> Postfix 3.0 introduces a safety net that runs Postfix programs
+with backwards-compatible default settings after an upgrade. The
+safety net will log a warning whenever a "new" default setting could
+have an negative effect on your mail flow. </p>
+
+<p>This document provides information on the following topics: </p>
+
+<ul>
+
+<li> <p> <a href="#overview">Detailed descriptions</a> of Postfix
+backwards-compatibility warnings.
+
+<li> <p> What backwards-compatible settings you may have to make
+permanent in <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>. </p>
+
+<li> <p> <a href="#turnoff">How to turn off</a> Postfix
+backwards-compatibility warnings. </p>
+
+</ul>
+
+<h2> <a name="overview"> Overview </a> </h2>
+
+<p> With backwards compatibility turned on, Postfix logs a message
+whenever a backwards-compatible default setting may be required for
+continuity of service. Based on this logging the system administrator
+can decide if any backwards-compatible settings need to be made
+permanent in main.cf or master.cf, before <a href="#turnoff">turning
+off the backwards-compatibility safety net</a> as described at the
+end of this document. </p>
+
+<p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 1: </p>
+
+<ul>
+
+<li> <p> <a href="#append_dot_mydomain"> Using backwards-compatible
+default setting append_dot_mydomain=yes </a> </p>
+
+<li> <p> <a href="#chroot"> Using backwards-compatible default setting
+chroot=y</a> </p>
+
+</ul>
+
+<p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 2: </p>
+
+<ul>
+
+<li><p> <a href="#relay_restrictions"> Using backwards-compatible
+default setting "smtpd_relay_restrictions = (empty)"</a> </p>
+
+<li> <p> <a href="#mynetworks_style"> Using backwards-compatible
+default setting mynetworks_style=subnet </a> </p>
+
+<li> <p> <a href="#relay_domains"> Using backwards-compatible default
+setting relay_domains=$mydestination </a> </p>
+
+<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible
+default setting smtputf8_enable=no</a> </p>
+
+</ul>
+
+<p> Logged with <a href="postconf.5.html#compatibility_level">compatibility_level</a> &lt; 3.6: </p>
+
+<ul>
+
+<li> <p> <a href="#smtpd_digest"> Using backwards-compatible
+default setting smtpd_tls_fingerprint_digest=md5</a> </p>
+
+<li> <p> <a href="#smtp_digest"> Using backwards-compatible
+default setting smtp_tls_fingerprint_digest=md5</a> </p>
+
+<li> <p> <a href="#smtp_digest"> Using backwards-compatible
+default setting lmtp_tls_fingerprint_digest=md5</a> </p>
+
+<li> <p> <a href="#relay_before_rcpt"> Using backwards-compatible
+default setting smtpd_relay_before_recipient_restrictions=no</a> </p>
+
+<li> <p> <a href="#respectful_logging"> Using backwards-compatible
+default setting respectful_logging=no</a> </p>
+
+</ul>
+
+<p> If such a message is logged in the context of a legitimate
+request, the system administrator should make the backwards-compatible
+setting permanent in <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>, as detailed in the
+sections that follow. </p>
+
+<p> When no more backwards-compatible settings need to be made
+permanent, the system administrator should <a href="#turnoff">turn
+off the backwards-compatibility safety net</a> as described at the
+end of this document. </p>
+
+<h2> <a name="append_dot_mydomain"> Using backwards-compatible default
+setting append_dot_mydomain=yes</a> </h2>
+
+<p> The <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> default value has changed from "yes"
+to "no". This could result in unexpected non-delivery of email after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameter is left at
+its implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
+less than 1, Postfix may log one of the following messages:</p>
+
+<ul>
+
+<li> <p> Messages about missing "localhost" in <a href="postconf.5.html#mydestination">mydestination</a> or
+other address class: </p>
+
+<blockquote>
+<pre>
+postfix/trivial-rewrite[14777]: using backwards-compatible
+ default setting <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes to rewrite
+ "localhost" to "localhost.example.com"; please add
+ "localhost" to <a href="postconf.5.html#mydestination">mydestination</a> or other address class
+</pre>
+</blockquote>
+
+<p> If Postfix logs the above message, add "localhost" to
+<a href="postconf.5.html#mydestination">mydestination</a> (or <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+or <a href="postconf.5.html#relay_domains">relay_domains</a>) and execute the command "<b>postfix reload</b>".
+
+<li> <p> Messages about incomplete domains in email addresses: </p>
+
+<blockquote>
+<pre>
+postfix/trivial-rewrite[25835]: using backwards-compatible
+ default setting <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes to rewrite "foo" to
+ "foo.example.com"
+</pre>
+</blockquote>
+
+<p> If Postfix logs the above message for domains different from
+"localhost", and the sender cannot be changed to use complete domain
+names in email addresses, then the system administrator should make
+the backwards-compatible setting "<a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> = yes" permanent
+in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+</ul>
+
+<h2> <a name="chroot"> Using backwards-compatible default
+setting chroot=y</a> </h2>
+
+<p> The <a href="master.5.html">master.cf</a> chroot default value has changed from "y" (yes)
+to "n" (no). The new default avoids the need for copies of system
+files under the Postfix queue directory. However, sites with strict
+security requirements may want to keep the chroot feature enabled
+after updating Postfix from an older version. The backwards-compatibility
+safety net is designed allow the administrator to choose if they
+want to keep the old behavior. </p>
+
+<p> As long as a <a href="master.5.html">master.cf</a> chroot field is left at its
+implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting
+is less than 1, Postfix may log the following message while it
+reads the <a href="master.5.html">master.cf</a> file: </p>
+
+<blockquote>
+<pre>
+postfix/master[27664]: /etc/postfix/<a href="master.5.html">master.cf</a>: line 72: using
+ backwards-compatible default setting chroot=y
+</pre>
+</blockquote>
+
+<p> If this service should remain chrooted, then the system
+administrator should make the backwards-compatible setting "chroot
+= y" permanent in <a href="master.5.html">master.cf</a>. For example, to update the chroot
+setting for the "smtp inet" service: </p>
+
+<blockquote>
+<pre>
+# <b>postconf -F smtp/inet/chroot=y</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="relay_restrictions"> Using backwards-compatible default
+setting smtpd_relay_restrictions = (empty)</a> </h2>
+
+<p> The <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> feature was introduced with Postfix
+version 2.10, as a safety mechanism for configuration errors in
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> that could make Postfix an open relay.
+</p>
+
+<p> The <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> implicit default setting forbids
+mail to remote destinations from clients that don't match
+<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> or <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>. This could result
+in unexpected 'Relay access denied' errors after Postfix is updated
+from an older Postfix version. The backwards-compatibility safety
+net is designed to prevent such surprises. </p>
+
+<p> When the <a href="postconf.5.html#compatibility_level">compatibility_level</a> less than 1, and the
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter is left at its implicit default
+setting, Postfix may log the following message: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[38463]: using backwards-compatible default setting
+ "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = (empty)" to avoid "Relay access
+ denied" error for recipient "user@example.com" from client
+ "host.example.net[10.0.0.2]"
+</pre>
+</blockquote>
+
+<p> If this request should not be blocked, then the system
+administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=" (i.e. empty) permanent in <a href="postconf.5.html">main.cf</a>:
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="mynetworks_style"> Using backwards-compatible default
+setting mynetworks_style=subnet</a> </h2>
+
+<p> The <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> default value has changed from "subnet"
+to "host". This parameter is used to implement the "<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>"
+feature. The change could cause unexpected 'access denied' errors after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#mynetworks">mynetworks</a> and <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameters are
+left at their implicit default values, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a>
+setting is less than 2, the Postfix SMTP server may log one of the
+following messages: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[17375]: using backwards-compatible default setting
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a>=subnet to permit request from client
+ "foo.example.com[10.1.1.1]"
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/postscreen[24982]: using backwards-compatible default
+ setting <a href="postconf.5.html#mynetworks_style">mynetworks_style</a>=subnet to permit request from client
+ "10.1.1.1"
+</pre>
+</blockquote>
+
+<p> If the client request should not be rejected, then the system
+administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" permanent in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#mynetworks_style">mynetworks_style</a>=subnet</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2><a name="relay_domains"> Using backwards-compatible default
+setting relay_domains=$mydestination </a> </h2>
+
+<p> The <a href="postconf.5.html#relay_domains">relay_domains</a> default value has changed from "$<a href="postconf.5.html#mydestination">mydestination</a>"
+to the empty value. This could result in unexpected 'Relay access
+denied' errors or ETRN errors after Postfix is updated from an older
+version. The backwards-compatibility safety net is designed to
+prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter is left at its implicit
+default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is less than 2,
+Postfix may log one of the following messages. </p>
+
+<ul>
+
+<li> <p> Messages about accepting mail for a remote domain:</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[19052]: using backwards-compatible default setting
+ <a href="postconf.5.html#relay_domains">relay_domains</a>=$<a href="postconf.5.html#mydestination">mydestination</a> to accept mail for domain
+ "foo.example.com"
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/smtpd[19052]: using backwards-compatible default setting
+ <a href="postconf.5.html#relay_domains">relay_domains</a>=$<a href="postconf.5.html#mydestination">mydestination</a> to accept mail for address
+ "user@foo.example.com"
+</pre>
+</blockquote>
+
+<li> <p> Messages about providing ETRN service for a remote domain:</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[19138]: using backwards-compatible default setting
+ <a href="postconf.5.html#relay_domains">relay_domains</a>=$<a href="postconf.5.html#mydestination">mydestination</a> to flush mail for domain
+ "bar.example.com"
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/smtp[13945]: using backwards-compatible default setting
+ <a href="postconf.5.html#relay_domains">relay_domains</a>=$<a href="postconf.5.html#mydestination">mydestination</a> to update fast-flush logfile for
+ domain "bar.example.com"
+</pre>
+</blockquote>
+
+</ul>
+
+<p> If Postfix should continue to accept mail for that domain or
+continue to provide ETRN service for that domain, then the system
+administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydestination">mydestination</a>" permanent in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+# <b>postconf '<a href="postconf.5.html#relay_domains">relay_domains</a>=$<a href="postconf.5.html#mydestination">mydestination</a>'</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<p> Note: quotes are required as indicated above. </p>
+
+<p> Instead of $<a href="postconf.5.html#mydestination">mydestination</a>, it may be better to specify an
+explicit list of domain names. </p>
+
+<h2> <a name="smtputf8_enable"> Using backwards-compatible default
+setting smtputf8_enable=no</a> </h2>
+
+<p> The <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> default value has changed from "no" to "yes".
+With the new "yes" setting, the Postfix SMTP server rejects non-ASCII
+addresses from clients that don't request SMTPUTF8 support, after
+Postfix is updated from an older version. The backwards-compatibility
+safety net is designed to prevent such surprises. </p>
+
+<p> As long as the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> parameter is left at its implicit
+default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is
+less than 1, Postfix logs a warning each time an SMTP command uses a
+non-ASCII address localpart without requesting SMTPUTF8 support: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+ <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII sender address
+ "??@example.org" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+ <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no to accept non-ASCII recipient address
+ "??@example.com" from localhost[127.0.0.1]
+</pre>
+</blockquote>
+
+<p> If the address should not be rejected, and the client cannot
+be updated to use SMTPUTF8, then the system administrator should
+make the backwards-compatible setting "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no" permanent
+in <a href="postconf.5.html">main.cf</a>:
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>=no</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="smtpd_digest"> Using backwards-compatible
+default setting smtpd_tls_fingerprint_digest=md5</a> </h2>
+
+<p> The <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> default value has changed from
+"md5" to "sha256". With the new "sha256" setting, the Postfix SMTP
+server avoids using the deprecated "md5" algorithm and computes a more
+secure digest of the client certificate. </p>
+
+<p> If you're using the default "md5" setting, or even an explicit
+"sha1" (also deprecated) setting, you should consider switching to
+"sha256". This will require updating any associated lookup table keys
+with the "sha256" digests of the expected client certificate or public
+key. </p>
+
+<p> As long as the <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter is left at its
+implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is less than
+3.6, Postfix logs a warning each time a client certificate or public key
+fingerprint is (potentially) used for access control: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[27560]: using backwards-compatible default setting
+ <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>=md5 to compute certificate fingerprints
+</pre>
+</blockquote>
+
+<p> Since any client certificate fingerprints are passed in policy service
+lookups, and Postfix doesn't know whether the fingerprint will be used, the
+warning may also be logged when policy lookups are performed for connections
+that used a client certificate, even if the policy service does not in fact
+examine the client certificate. To reduce the noise somewhat, such warnings
+are issued at most once per <a href="smtpd.8.html">smtpd(8)</a> process instance. </p>
+
+<p> If you prefer to stick with "md5", you can suppress the warnings by
+making that setting explicit. After addressing any other compatibility
+warnings, you can <a href="#turnoff">update</a> your compatibility level.
+</p>
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>=md5</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="smtp_digest"> Using backwards-compatible
+default setting smtp_tls_fingerprint_digest=md5</a> </h2>
+
+<p> The <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> and <a href="postconf.5.html#lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a>
+default values have changed from "md5" to "sha256". With the new
+"sha256" setting, the Postfix SMTP and LMTP client avoids using the
+deprecated "md5" algorithm and computes a more secure digest of the
+server certificate. </p>
+
+<p> If you're using the default "md5" setting, or even an explicit
+"sha1" (also deprecated) setting, you should consider switching to
+"sha256". This will require updating any "fingerprint" security level
+policies in the TLS policy table to specify matching "sha256" digests of
+the expected server certificates or public keys. </p>
+
+<p> As long as the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (or LMTP equivalent)
+parameter is left at its implicit default value, and the
+<a href="postconf.5.html#compatibility_level">compatibility_level</a> setting is less than 3.6, Postfix logs a warning each
+time the "fingerprint" security level is used to specify matching "md5"
+digests of trusted server certificates or public keys: </p>
+
+<blockquote>
+<pre>
+postfix/smtp[27560]: using backwards-compatible default setting
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>=md5 to compute certificate fingerprints
+</pre>
+</blockquote>
+
+<p> If you prefer to stick with "md5", you can suppress the warnings by
+making that setting explicit. After addressing any other compatibility
+warnings, you can <a href="#turnoff">update</a> your compatibility level.
+</p>
+
+<blockquote>
+<pre>
+# <b>postconf '<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = md5' \
+ '<a href="postconf.5.html#lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a> = md5' </b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="relay_before_rcpt"> Using backwards-compatible
+default setting smtpd_relay_before_recipient_restrictions=no</a> </h2>
+
+<p> The <a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a> feature was
+introduced in Postfix version 3.6, to evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. Historically, <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+was evaluated after <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, contradicting
+documented behavior. </p>
+
+<blockquote> <p> Background: <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> is
+primarily designed to enforce a mail relaying policy, while
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> is primarily designed to enforce spam
+blocking policy. Both are evaluated while replying to the RCPT TO
+command, and both support the same features. </p> </blockquote>
+
+<p> To maintain compatibility with earlier versions, Postfix will
+keep evaluating <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> before
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, as long as the <a href="postconf.5.html#compatibility_level">compatibility_level</a> is
+less than 3.6, and the <a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a>
+parameter is left at its implicit default setting. As a reminder,
+Postfix may log the following message: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[54696]: using backwards-compatible default setting
+ <a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a>=no to reject recipient
+ "user@example.com" from client "host.example.net[10.0.0.2]"
+</pre>
+</blockquote>
+
+<p> If Postfix should keep evaluating <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
+before <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>, then the system
+administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a>=no" permanent in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+# <b> postconf <a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a>=no </b>
+# <b> postfix reload </b>
+</pre>
+</blockquote>
+
+<h2> <a name="respectful_logging"> Using backwards-compatible
+default setting respectful_logging=no</a> </h2>
+
+<p> Postfix version 3.6 deprecates configuration parameter names and
+logging that suggest white is better than black. Instead it prefers
+'allowlist, 'denylist', and variations of those words. While the renamed
+configuration parameters have backwards-compatible default values,
+the changes in logging could affect logfile analysis tools. </p>
+
+<p> To avoid breaking existing logfile analysis tools, Postfix will keep
+logging the deprecated form, as long as the <a href="postconf.5.html#respectful_logging">respectful_logging</a> parameter
+is left at its implicit default value, and the <a href="postconf.5.html#compatibility_level">compatibility_level</a>
+setting is less than 3.6. As a reminder, Postfix may log the following
+when a remote SMTP client is allowlisted or denylisted: </p>
+
+<blockquote>
+<pre>
+postfix/postscreen[22642]: Using backwards-compatible default setting
+ <a href="postconf.5.html#respectful_logging">respectful_logging</a>=no for client [<i>address</i>]:<i>port</i>
+</pre>
+</blockquote>
+
+<p> If Postfix should keep logging the deprecated form, then the
+system administrator should make the backwards-compatible setting
+"<a href="postconf.5.html#respectful_logging">respectful_logging</a> = no" permanent in <a href="postconf.5.html">main.cf</a>.
+
+<blockquote>
+<pre>
+# <b>postconf "<a href="postconf.5.html#respectful_logging">respectful_logging</a> = no"</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<h2> <a name="turnoff">Turning off the backwards-compatibility safety net</a> </h2>
+
+<p> Backwards compatibility is turned off by updating the
+<a href="postconf.5.html#compatibility_level">compatibility_level</a> setting in <a href="postconf.5.html">main.cf</a>. </p>
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i></b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<p> For <i>N</i> specify the number that is logged in your <a href="postfix.1.html">postfix(1)</a>
+warning message: </p>
+
+<blockquote>
+<pre>
+warning: To disable backwards compatibility use "postconf <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i>" and "postfix reload"
+</pre>
+</blockquote>
+
+<p> Sites that don't care about backwards compatibility may set
+"<a href="postconf.5.html#compatibility_level">compatibility_level</a> = 9999" at their own risk. </p>
+
+<p> Starting with Postfix version 3.6, the compatibility level in
+the above warning message is the Postfix version that introduced
+the last incompatible change. The level is formatted as
+<i>major.minor.patch</i>, where <i>patch</i> is usually omitted and
+defaults to zero. Earlier compatibility levels are 0, 1 and 2. </p>
+
+<p> NOTE: Postfix 3.6 also introduces support for the "&lt;level",
+"&lt;=level", and other operators to compare compatibility levels.
+With the standard operators "&lt;", "&lt;=", etc., compatibility
+level "3.10" would be smaller than "3.9" which is undesirable. </p>
+
+</body>
+
+</html>
diff --git a/html/CONNECTION_CACHE_README.html b/html/CONNECTION_CACHE_README.html
new file mode 100644
index 0000000..423c0b6
--- /dev/null
+++ b/html/CONNECTION_CACHE_README.html
@@ -0,0 +1,351 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Connection Cache </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Connection Cache </h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> This document describes the Postfix connection cache implementation,
+which is available with Postfix version 2.2 and later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#summary"> What SMTP connection caching can do for you</a>
+
+<li><a href="#implementation"> Connection cache implementation</a>
+
+<li><a href="#configuration"> Connection cache configuration</a>
+
+<li><a href="#safety">Connection cache safety mechanisms </a>
+
+<li><a href="#limitations">Connection cache limitations</a>
+
+<li><a href="#statistics">Connection cache statistics</a>
+
+</ul>
+
+<h2><a name="summary">What SMTP connection caching can do for
+you</a></h2>
+
+<p> With SMTP connection caching, Postfix can deliver multiple
+messages over the same SMTP connection. By default, Postfix 2.2
+reuses a plaintext SMTP connection automatically when a destination has
+high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+
+<p> SMTP Connection caching is a performance feature. Whether or not
+it actually improves performance depends on the conditions: </p>
+
+<ul>
+
+<li> <p> SMTP Connection caching can greatly improve performance
+when delivering mail to a destination with multiple mail servers,
+because it can help Postfix to skip over a non-responding server.
+</p>
+
+<li> <p> SMTP Connection caching can also help with receivers that
+impose rate limits on new connections. </p>
+
+<li> <p> Otherwise, the benefits of SMTP connection caching are
+minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK,
+ACK), plus the latency of the SMTP initial handshake (220 greeting,
+EHLO command, EHLO response). With TLS-encrypted connections, this
+can save an additional two roundtrips that would otherwise be needed
+to send STARTTLS and to resume a TLS session. </p>
+
+<li> <p> SMTP Connection caching gives no gains with respect to
+SMTP session tear-down. The Postfix <a href="smtp.8.html">smtp(8)</a> client normally does
+not wait for the server's reply to the QUIT command, and it never
+waits for the TCP final handshake to complete. </p>
+
+<li> <p> SMTP Connection caching introduces some overhead: the
+client needs to send an RSET command to find out if a connection
+is still usable, before it can send the next MAIL FROM command.
+This introduces one additional round-trip delay. </p>
+
+</ul>
+
+<p> For other potential issues with SMTP connection caching, see
+the discussion of <a href="#limitations">limitations</a> at the end
+of this document. </p>
+
+<h2><a name="implementation">Connection cache implementation</a></h2>
+
+<p> For an overview of how Postfix delivers mail, see the Postfix
+architecture <a href="OVERVIEW.html">OVERVIEW</a> document. </p>
+
+<p> The Postfix connection cache is shared among Postfix mail
+delivering processes. This maximizes the opportunity to reuse an
+open connection. Some MTAs such as Sendmail have a
+non-shared connection cache. Here, a connection can be reused only
+by the mail delivering process that creates the connection. To get
+the same performance improvement as with a shared connection cache,
+non-shared connections need to be kept open for a longer time. </p>
+
+<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
+maintains the shared connection cache. With Postfix version 2.2,
+only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
+
+<p> When SMTP connection caching is enabled (see next section), the
+<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
+gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
+connection open for a limited amount of time. </p>
+
+<p> After handing over the open connection to the <a href="scache.8.html">scache(8)</a> server,
+the <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery request.
+Meanwhile, any <a href="smtp.8.html">smtp(8)</a> client process can ask the <a href="scache.8.html">scache(8)</a> server
+for that cached connection and reuse it for mail delivery. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> With TLS connection reuse (Postfix 3.4 and later), the Postfix
+<a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP server and sends plaintext
+EHLO and STARTTLS commands, then inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into
+the connection as shown below. </p>
+
+<p> After delivering mail, the <a href="smtp.8.html">smtp(8)</a> client hands over the open
+<a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a> server, and
+continues with some other mail delivery request. Meanwhile, any
+<a href="smtp.8.html">smtp(8)</a> client process can ask the <a href="scache.8.html">scache(8)</a> server for that cached
+connection and reuse it for mail delivery. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td align="center"bgcolor="#f0f0ff"> <a href="tlsproxy.8.html">tlsproxy(8)</a>
+</td> <td> <tt> --&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> The connection cache can be searched by destination domain name
+(the right-hand side of the recipient address) and by the IP address
+of the host at the other end of the connection. This allows Postfix
+to reuse a connection even when the remote host is a mail server for
+domains with different names. </p>
+
+<h2><a name="configuration">Connection cache configuration </a></h2>
+
+<p> The Postfix <a href="smtp.8.html">smtp(8)</a> client supports two connection caching
+strategies: </p>
+
+<ul>
+
+<li> <p> On-demand connection caching. This is enabled by default,
+and is controlled with the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> configuration
+parameter. When this feature is enabled, the Postfix <a href="smtp.8.html">smtp(8)</a> client
+automatically saves a connection to the connection cache when a
+destination has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+
+<p> Example: </p>
+
+<blockquote>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> = yes
+</pre>
+
+</blockquote>
+
+<li> <p> Per-destination connection caching. This is enabled by
+explicitly listing specific destinations with the
+<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> configuration parameter. After
+completing delivery to a selected destination, the Postfix <a href="smtp.8.html">smtp(8)</a>
+client <i>always</i> saves the connection to the connection cache.
+</p>
+
+<p> Specify a comma or white space separated list of destinations
+or pseudo-destinations: </p>
+
+<ul>
+
+<li> <p> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the
+right-hand side of an email address, without the [] around a numeric
+IP address), </p>
+
+<li> <p> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
+the [] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
+transport map, </p>
+
+<li> <p> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
+defined above, </p>
+
+<li> <p> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names
+on the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>"
+lookups is ignored. </p>
+
+</ul>
+
+<p> Examples: </p>
+
+<blockquote>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = $<a href="postconf.5.html#relayhost">relayhost</a>
+ <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = hotmail.com, ...
+ <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = <a href="DATABASE_README.html#types">static</a>:all (<i>not recommended</i>)
+</pre>
+
+</blockquote>
+
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to enable multiple deliveries over a TLS-encrypted
+connection (Postfix version 3.4 and later). </p>
+
+</ul>
+
+<h2><a name="safety">Connection cache safety mechanisms </a></h2>
+
+<p> Connection caching must be used wisely. It is anti-social to
+keep an unused SMTP connection open for a significant amount of
+time, and it is unwise to send huge numbers of messages through
+the same connection. In order to avoid problems with SMTP connection
+caching, Postfix implements the following safety mechanisms: </p>
+
+<ul>
+
+<li> <p> The Postfix <a href="scache.8.html">scache(8)</a> server keeps a connection open for
+only a limited time. The time limit is specified with the
+<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> and with the <a href="postconf.5.html#connection_cache_ttl_limit">connection_cache_ttl_limit</a>
+configuration parameters. This prevents anti-social behavior. </p>
+
+<li> <p> The Postfix <a href="smtp.8.html">smtp(8)</a> client reuses a session for only a
+limited number of times. This avoids triggering bugs in implementations
+that do not correctly handle multiple deliveries per session. </p>
+
+<p> As of Postfix 2.3 connection reuse is preferably limited with
+the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> parameter. In addition, Postfix
+2.11 provides <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> to limit how many
+times a connection may be reused, but this feature is unsafe as it
+introduces a "fatal attractor" failure mode (when a destination has
+multiple inbound MTAs, the slowest inbound MTA will attract most
+connections from Postfix to that destination). </p>
+
+<p> Postfix 2.3 logs the use count of multiply-used connections,
+as shown in the following example: </p>
+
+<blockquote>
+<pre>
+Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
+to=&lt;wietse@test.example.com&gt;, orig_to=&lt;wietse@test&gt;,
+relay=mail.example.com[1.2.3.4], <b>conn_use=2</b>, delay=0.22,
+delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
+</pre>
+</blockquote>
+
+<li> <p> The connection cache explicitly labels each cached connection
+with destination domain and IP address information. A connection
+cache lookup succeeds only when the correct information is specified.
+This prevents mis-delivery of mail. </p>
+
+</ul>
+
+<h2><a name="limitations">Connection cache limitations</a></h2>
+
+<p> Postfix SMTP connection caching conflicts with certain applications:
+</p>
+
+<ul>
+
+<li> <p> With Postfix versions &lt; 3.4, the Postfix shared connection
+cache cannot be used with TLS, because an open TLS connection can
+be reused only in the process that creates it. For this reason,
+the Postfix <a href="smtp.8.html">smtp(8)</a> client historically always closed the connection
+after completing an attempt to deliver mail over TLS.</p>
+
+<li> <p> Postfix connection caching currently does not support
+multiple SASL accounts per mail server. Specifically, Postfix
+connection caching assumes that a SASL credential is valid for all
+hostnames or domain names that deliver via the same mail server IP
+address and TCP port, and assumes that the SASL credential does not
+depend on the message originator. </p>
+
+</ul>
+
+
+<h2><a name="statistics">Connection cache statistics </a></h2>
+
+<p> The <a href="scache.8.html">scache(8)</a> connection cache server logs statistics about the
+peak cache size and the cache hit rates. This information is logged
+every <a href="postconf.5.html#connection_cache_status_update_time">connection_cache_status_update_time</a> seconds, when the process
+terminates after the maximal idle time is exceeded, or when Postfix
+is reloaded. </p>
+
+<ul>
+
+<li> <p> Hit rates for connection cache lookups by domain will tell
+you how useful connection caching is. </p>
+
+<li> <p> Connection cache lookups by network address will always
+fail, unless you're sending mail to different domains that share
+the same MX hosts. </p>
+
+<li> <p> No statistics are logged when no attempts are made to
+access the connection cache. </p>
+
+</ul>
+
+
+</body>
+
+</html>
diff --git a/html/CONTENT_INSPECTION_README.html b/html/CONTENT_INSPECTION_README.html
new file mode 100644
index 0000000..df82282
--- /dev/null
+++ b/html/CONTENT_INSPECTION_README.html
@@ -0,0 +1,93 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Content Inspection </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Content Inspection </h1>
+
+<hr>
+
+<p> Postfix supports three content inspection methods, ranging from
+light-weight one-line-at-a-time scanning before mail is queued, to
+heavy duty machinery that does sophisticated content analysis after
+mail is queued. Each approach serves a different purpose. </p>
+
+<dl>
+
+<dt> <b> before queue, built-in, light-weight</b> </dt>
+
+<dd> <p> This method inspects mail BEFORE it is stored in the queue,
+and uses Postfix's built-in message header and message body
+inspection. Although the main purpose is to stop a specific flood
+of mail from worms or viruses, it is also useful to block a flood
+of bounced junk email and email notifications from virus detection
+systems. The built-in regular expressions are not meant to implement
+general SPAM and virus detection. For that, you should use one of
+the content inspection methods described below. Details are described
+in the <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a> and <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> documents.
+</p>
+
+<dt> <b> after queue, external, heavy-weight</b> </dt>
+
+<dd> <p> This method inspects mail AFTER it is stored in the queue,
+and uses standard protocols such as SMTP or "pipe to command and
+wait for exit status". After-queue inspection allows you to use
+content filters of arbitrary complexity without causing timeouts
+while receiving mail, and without running out of memory resources
+under a peak load. Details of this approach are in the <a href="FILTER_README.html">FILTER_README</a>
+document. </p>
+
+<dt> <b> before queue, external, medium-weight</b> </dt>
+
+<dd> <p> The following two methods inspect mail BEFORE it is stored in the
+queue. </p>
+
+<ul>
+
+<li> <p> The first method uses the SMTP protocol, and is described
+in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document. This approach is available
+with Postfix version 2.1 and later. </p>
+
+<li> <p> The second method uses the Sendmail 8 Milter protocol, and
+is described in the <a href="MILTER_README.html">MILTER_README</a> document. This approach is
+available with Postfix version 2.3 and later. </p>
+
+</ul>
+
+<p> Although these approaches appear to be attractive, they have
+some serious limitations that you need to be aware of. First,
+content inspection software must finish in a limited amount of time;
+if content inspection needs too much time then incoming mail
+deliveries will time out. Second, content inspection software must
+run in a limited amount of memory; if content inspection needs too
+much memory then software will crash under a peak load. Before-queue
+inspection limits the peak load that your system can handle, and
+limits the sophistication of the content filter that you can use.
+</p>
+
+</dl>
+
+<p> The more sophisticated content filtering software is not built
+into Postfix for good reasons: writing an MTA requires different
+skills than writing a SPAM or virus killer. Postfix encourages the
+use of external filters and standard protocols because this allows
+you to choose the best MTA and the best content inspection software
+for your purpose. Information about external content inspection
+software can be found on the Postfix website at <a href="http://www.postfix.org/">http://www.postfix.org/</a>,
+and on the postfix-users@postfix.org mailing list. </p>
+
+</body>
+
+</html>
diff --git a/html/DATABASE_README.html b/html/DATABASE_README.html
new file mode 100644
index 0000000..e3b3c05
--- /dev/null
+++ b/html/DATABASE_README.html
@@ -0,0 +1,498 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Lookup Table Overview</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Lookup Table Overview</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+This document covers the following topics:
+
+<ul>
+
+<li><a href="#intro">The Postfix lookup table model</a>
+
+<li><a href="#lists">Postfix lists versus tables </a>
+
+<li><a href="#preparing">Preparing Postfix for LDAP or SQL lookups</a>
+
+<li><a href="#detect">Maintaining Postfix lookup table files</a>
+
+<li><a href="#safe_db">Updating Berkeley DB files safely</a>
+
+<li><a href="#types">Postfix lookup table types</a>
+
+</ul>
+
+<h2><a name="intro">The Postfix lookup table model</a></h2>
+
+<p> Postfix uses lookup tables to store and look up information
+for access control, address rewriting and even for content filtering.
+All Postfix lookup tables are specified as "<a href="DATABASE_README.html">type:table</a>", where
+"type" is one of the database types described under "<a
+href="#types">Postfix lookup table types</a>" at the end of this
+document, and where "table" is the lookup table name. The Postfix
+documentation uses the terms "database" and "lookup table" for the
+same thing. </p>
+
+<p> Examples of lookup tables that appear often in the Postfix
+documentation: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/aliases (local aliasing)
+ <a href="postconf.5.html#header_checks">header_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/header_checks (content filtering)
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport (routing table)
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual (address rewriting)
+</pre>
+</blockquote>
+
+<p> All Postfix lookup tables store information as (key, value)
+pairs. This interface may seem simplistic at first, but it turns
+out to be very powerful. The (key, value) query interface completely
+hides the complexities of LDAP or SQL from Postfix. This is a good
+example of connecting complex systems with simple interfaces. </p>
+
+<p> Benefits of the Postfix (key, value) query interface:</p>
+
+<ul>
+
+<li> You can implement Postfix lookup tables first with local
+Berkeley DB files and then switch to LDAP or MySQL without any
+impact on the Postfix configuration itself, as described under "<a
+href="#preparing">Preparing Postfix for LDAP or SQL lookups</a>"
+below.
+
+<li> You can use Berkeley DB files with fixed lookup strings for
+simple address rewriting operations and you can use regular expression
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
+
+</ul>
+
+<h2><a name="lists">Postfix lists versus tables </a></h2>
+
+<p> Most Postfix lookup tables are used to look up information.
+Examples are address rewriting (the lookup string is the old address,
+and the result is the new address) or access control (the lookup
+string is the client, sender or recipient, and the result is an
+action such as "reject"). </p>
+
+<p> With some tables, however, Postfix needs to know only if the
+lookup key exists. Any non-empty lookup result value may be used
+here: the lookup result is not used. Examples
+are the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> that determine what local recipients
+Postfix accepts in mail from the network, the <a href="postconf.5.html#mydestination">mydestination</a> parameter
+that specifies what domains Postfix delivers locally for, or the
+<a href="postconf.5.html#mynetworks">mynetworks</a> parameter that specifies the IP addresses of trusted
+clients or client networks. Technically, these are lists, not
+tables. Despite the difference, Postfix lists are described here
+because they use the same underlying infrastructure as Postfix
+lookup tables. </p>
+
+<h2><a name="preparing">Preparing Postfix for LDAP or SQL lookups</a>
+</h2>
+
+<p> LDAP and SQL are complex systems. Trying to set up both Postfix
+and LDAP or SQL at the same time is definitely not a good idea.
+You can save yourself a lot of time by implementing Postfix first
+with local files such as Berkeley DB. Local files have few surprises,
+and are easy to debug with the <a href="postmap.1.html">postmap(1)</a> command: </p>
+
+<blockquote>
+<pre>
+% <b>postmap -q info@example.com <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual </b>
+</pre>
+</blockquote>
+
+<p> Once you have local files working properly you can follow the
+instructions in <a href="ldap_table.5.html">ldap_table(5)</a>, <a href="mysql_table.5.html">mysql_table(5)</a>, <a href="pgsql_table.5.html">pgsql_table(5)</a>
+or <a href="sqlite_table.5.html">sqlite_table(5)</a>
+and replace local file lookups with LDAP or SQL lookups. When you
+do this, you should use the <a href="postmap.1.html">postmap(1)</a> command again, to verify
+that database lookups still produce the exact same results as local
+file lookup: </p>
+
+<blockquote>
+<pre>
+% <b>postmap -q info@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/virtual.cf </b>
+</pre>
+</blockquote>
+
+<p> Be sure to exercise all the partial address or parent domain
+queries that are documented under "table search order" in the
+relevant manual page: <a href="access.5.html">access(5)</a>, <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>,
+<a href="transport.5.html">transport(5)</a>, or under the relevant configuration parameter:
+<a href="postconf.5.html#mynetworks">mynetworks</a>, <a href="postconf.5.html#relay_domains">relay_domains</a>, <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>. </p>
+
+<h2><a name="detect">Maintaining Postfix lookup table files</a></h2>
+
+<p> When you make changes to a database while the mail system is
+running, it would be desirable if Postfix avoids reading information
+while that information is being changed. It would also be nice if
+you can change a database without having to execute "postfix reload",
+in order to force Postfix to use the new information. Each time
+you do "postfix reload" Postfix loses a lot of performance.
+</p>
+
+<ul>
+
+<li> <p> If you change a network database such as LDAP, NIS or
+SQL, there is no need to execute "postfix reload". The LDAP, NIS
+or SQL server takes care of read/write access conflicts and gives
+the new data to Postfix once that data is available. </p>
+
+<li> <p> If you change a <a href="regexp_table.5.html">regexp</a>:, <a href="pcre_table.5.html">pcre</a>:, <a href="cidr_table.5.html">cidr</a>: or <a href="DATABASE_README.html#types">texthash</a>: file
+then Postfix
+may not pick up the file changes immediately. This is because a
+Postfix process reads the entire file into memory once and never
+examines the file again. </p>
+
+<ul>
+
+<li> <p> If the file is used by a short-running process such as
+<a href="smtpd.8.html">smtpd(8)</a>, <a href="cleanup.8.html">cleanup(8)</a> or <a href="local.8.html">local(8)</a>, there is no need to execute
+"postfix reload" after making a change. </p>
+
+<li> <p> If the file is being used by a long-running process such
+as <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> on a busy server it may be necessary to
+execute "postfix reload". </p>
+
+</ul>
+
+<li> <p> If you change a local file based database such as DBM or
+Berkeley DB, there is no need to execute "postfix reload". Postfix
+uses file locking to avoid read/write access conflicts, and whenever
+a Postfix daemon process notices that a file has changed it will
+terminate before handling the next client request, so that a new
+process can initialize with the new database. </p>
+
+</ul>
+
+<h2><a name="safe_db">Updating Berkeley DB files safely</a></h2>
+
+<p> Postfix uses file locking to avoid access conflicts while
+updating Berkeley DB or other local database files. This used to
+be safe, but as Berkeley DB has evolved to use more aggressive
+caching, file locking may no longer be sufficient. </p>
+
+<p> Furthermore, file locking would not prevent problems when the
+update fails because the disk is full or something else causes a
+database update to fail. In particular, commands such as <a href="postmap.1.html">postmap(1)</a>
+or <a href="postalias.1.html">postalias(1)</a> overwrite existing files. If the overwrite
+fails in the middle then you have no usable database, and Postfix
+will stop working. This is not an issue with the CDB database type
+available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
+creates a new file, and renames the file upon successful completion.
+</p>
+
+<p> With Berkeley DB and other "one file" databases, it is
+possible to add some extra robustness by using "mv" to REPLACE an
+existing database file instead of overwriting it: </p>
+
+<blockquote>
+<pre>
+# <b>postmap access.in &amp;&amp; mv access.in.db access.db</b>
+</pre>
+</blockquote>
+
+<p> This converts the input file "access.in" into the output file
+"access.in.db", and replaces the file "access.db" only when the
+<a href="postmap.1.html">postmap(1)</a> command was successful. Of course typing such commands
+becomes boring quickly, and this is why people use "make" instead,
+as shown below. User input is shown in bold font. </p>
+
+<blockquote>
+<pre>
+# <b>cat Makefile</b>
+all: aliases.db access.db virtual.db ...etcetera...
+
+# Note 1: commands are specified after a TAB character.
+# Note 2: use <a href="postalias.1.html">postalias(1)</a> for local aliases, <a href="postmap.1.html">postmap(1)</a> for the rest.
+aliases.db: aliases.in
+ postalias aliases.in
+ mv aliases.in.db aliases.db
+
+access.db: access.in
+ postmap access.in
+ mv access.in.db access.db
+
+virtual.db: virtual.in
+ postmap virtual.in
+ mv virtual.in.db virtual.db
+
+...etcetera...
+# <b>vi access.in</b>
+...editing session not shown...
+# <b>make</b>
+postmap access.in
+mv access.in.db access.db
+#
+</pre>
+</blockquote>
+
+<p> The "make" command updates only the files that have changed.
+In case of error, the "make" command will stop and will not invoke
+the "mv" command, so that Postfix will keep using the existing
+database file as if nothing happened. </p>
+
+<h2><a name="types">Postfix lookup table types</a> </h2>
+
+<p> To find out what database types your Postfix system supports,
+use the "<b>postconf -m</b>" command. Here is a list of database types
+that are often supported: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <b>btree</b> </dt>
+
+<dd> A sorted, balanced tree structure. This is available only on
+systems with support for Berkeley DB databases. Database files are
+created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command. The lookup
+table name as used in "<a href="DATABASE_README.html#types">btree</a>:table" is the database file name
+without the ".db" suffix. </dd>
+
+<dt> <b>cdb</b> </dt>
+
+<dd> A read-optimized structure with no support for incremental updates.
+Database files are created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command.
+The lookup table name as used in "<a href="CDB_README.html">cdb</a>:table" is the database file name
+without the ".cdb" suffix. This feature is available with Postfix 2.2
+and later. </dd>
+
+<dt> <b>cidr</b> </dt>
+
+<dd> A table that associates values with Classless Inter-Domain
+Routing (CIDR) patterns. The table format is described in <a href="cidr_table.5.html">cidr_table(5)</a>.
+</dd>
+
+<dt> <b>dbm</b> </dt>
+
+<dd> An indexed file type based on hashing. This is available only
+on systems with support for DBM databases. Public database files
+are created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command, and private
+databases are maintained by Postfix daemons. The lookup table name
+as used in "<a href="DATABASE_README.html#types">dbm</a>:table" is the database file name without the ".dir"
+or ".pag" suffix. </dd>
+
+<dt> <b>environ</b> </dt>
+
+<dd> The UNIX process environment array. The lookup key is the
+variable name. The lookup table name in "<a href="DATABASE_README.html#types">environ</a>:table" is ignored.
+</dd>
+
+<dt> <b>fail</b> </dt>
+
+<dd> A table that reliably fails all requests. The lookup table
+name is used for logging only. This table exists to simplify Postfix
+error tests. </dd>
+
+<dt> <b>hash</b> </dt>
+
+<dd> An indexed file type based on hashing. This is available only
+on systems with support for Berkeley DB databases. Public database
+files are created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command, and
+private databases are maintained by Postfix daemons. The database
+name as used in "<a href="DATABASE_README.html#types">hash</a>:table" is the database file name without the
+".db" suffix. </dd>
+
+<dt> <b>inline</b> (read-only) </dt>
+
+<dd> A non-shared, in-memory lookup table. Example: "<a href="DATABASE_README.html#types">inline</a>:{
+<i>key=value</i>, { <i>key = text with whitespace or comma</i> }}".
+Key-value pairs are separated by whitespace or comma; with a key-value
+pair inside "{}", whitespace is ignored after the opening "{",
+around the "=" between key and value, and before the closing "}".
+Inline tables eliminate the
+need to create a database file for just a few fixed elements. See
+also the <a href="DATABASE_README.html#types">static</a>: map type. </dd>
+
+<dt> <b>internal</b> </dt>
+
+<dd> A non-shared, in-memory hash table. Its contents are lost when
+a process terminates. </dd>
+
+<dt> <b>lmdb</b> </dt>
+
+<dd> OpenLDAP LMDB database. This is available only on systems
+with support for LMDB databases. Public database files are created
+with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command, and private databases
+are maintained by Postfix daemons. The database name as used in
+"<a href="lmdb_table.5.html">lmdb</a>:table" is the database file name without the ".lmdb" suffix.
+See <a href="lmdb_table.5.html">lmdb_table(5)</a> for details. </dd>
+
+<dt> <b>ldap</b> (read-only) </dt>
+
+<dd> LDAP database client. Configuration details are given in the
+<a href="ldap_table.5.html">ldap_table(5)</a>. </dd>
+
+<dt> <b>memcache</b> </dt>
+
+<dd> Memcache database client. Configuration details are given in
+<a href="memcache_table.5.html">memcache_table(5)</a>. </dd>
+
+<dt> <b>mysql</b> (read-only) </dt>
+
+<dd> MySQL database client. Configuration details are given in
+<a href="mysql_table.5.html">mysql_table(5)</a>. </dd>
+
+<dt> <b>netinfo</b> (read-only) </dt>
+
+<dd> Netinfo database client. </dd>
+
+<dt> <b>nis</b> (read-only) </dt>
+
+<dd> NIS database client. </dd>
+
+<dt> <b>nisplus</b> (read-only) </dt>
+
+<dd> NIS+ database client. Configuration details are given in
+<a href="nisplus_table.5.html">nisplus_table(5)</a>. </dd>
+
+<dt> <b>pcre</b> (read-only) </dt>
+
+<dd> A lookup table based on Perl Compatible Regular Expressions.
+The file format is described in <a href="pcre_table.5.html">pcre_table(5)</a>. The lookup table
+name as used in "<a href="pcre_table.5.html">pcre</a>:table" is the name of the regular expression
+file. </dd>
+
+<dt> <b>pipemap</b> (read-only) </dt>
+
+<dd> A pipeline of lookup tables. Example:
+"<a href="DATABASE_README.html#types">pipemap</a>:{<i>type<sub>1</sub>:name<sub>1</sub>, ...,
+type<sub>n</sub>:name<sub>n</sub></i>}". Each "<a href="DATABASE_README.html#types">pipemap</a>:" query is
+given to the first table. Each lookup result becomes the query for
+the next table in the pipeline, and the last table produces the
+final result. When any table lookup produces no result, the pipeline
+produces no result. The first and last characters of the "<a href="DATABASE_README.html#types">pipemap</a>:"
+table name must be "{" and "}". Within these, individual maps are
+separated with comma or whitespace. </dd>
+
+<dt> <b>pgsql</b> (read-only) </dt>
+
+<dd> PostgreSQL database client. Configuration details are given
+in <a href="pgsql_table.5.html">pgsql_table(5)</a>. </dd>
+
+<dt> <b>proxy</b> </dt>
+
+<dd> Postfix <a href="proxymap.8.html">proxymap(8)</a> client for shared access to Postfix
+databases. The lookup table name syntax is "<a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html">type:table</a>".
+</dd>
+
+<dt> <b>randmap</b> (read-only) </dt>
+
+<dd> An in-memory table that performs random selection. Example:
+"<a href="DATABASE_README.html#types">randmap</a>:{<i>result<sub>1</sub>. ..., result<sub>n</sub></i>}".
+Each table query returns a random choice from the specified results.
+The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table name must be
+"{" and "}". Within these, individual maps are separated with comma
+or whitespace. To give a specific result more weight, specify it
+multiple times. </dd>
+
+<dt> <b>regexp</b> (read-only) </dt>
+
+<dd> A lookup table based on regular expressions. The file format
+is described in <a href="regexp_table.5.html">regexp_table(5)</a>. The lookup table name as used in
+"<a href="regexp_table.5.html">regexp</a>:table" is the name of the regular expression file. </dd>
+
+<dt> <b>sdbm</b> </dt>
+
+<dd> An indexed file type based on hashing. This is available only
+on systems with support for SDBM databases. Public database files
+are created with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command, and private
+databases are maintained by Postfix daemons. The lookup table name
+as used in "<a href="DATABASE_README.html#types">sdbm</a>:table" is the database file name without the ".dir"
+or ".pag" suffix. </dd>
+
+<dt> <b>socketmap</b> (read-only) </dt>
+
+<dd> Sendmail-style socketmap client. The name of the table is
+either <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP
+server, or <b>unix</b>:<i>pathname</i>:<i>name</i> for a UNIX-domain
+server. See <a href="socketmap_table.5.html">socketmap_table(5)</a> for details. </dd>
+
+<dt> <b>sqlite</b> (read-only) </dt>
+
+<dd> SQLite database. Configuration details are given in <a href="sqlite_table.5.html">sqlite_table(5)</a>.
+</dd>
+
+<dt> <b>static</b> (read-only) </dt>
+
+<dd> A table that always returns its name as the lookup result.
+For example, "<a href="DATABASE_README.html#types">static</a>:foobar" always returns the string "foobar" as
+lookup result. Specify "<a href="DATABASE_README.html#types">static</a>:{ <i>text with whitespace</i> }"
+when the result contains whitespace; this form ignores whitespace
+after the opening "{" and before the closing "}". See also the
+<a href="DATABASE_README.html#types">inline</a>: map type. </dd>
+
+<dt> <b>tcp</b> </dt>
+
+<dd> TCP/IP client. The protocol is described in <a href="tcp_table.5.html">tcp_table(5)</a>. The
+lookup table name is "<a href="tcp_table.5.html">tcp</a>:host:port" where "host" specifies a
+symbolic hostname or a numeric IP address, and "port" specifies a
+symbolic service name or a numeric port number. </dd>
+
+<dt> <b>texthash</b> (read-only) </dt>
+
+<dd> A table that produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except
+that you don't have to run the <a href="postmap.1.html">postmap(1)</a> command before you can
+use the file, and that <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after the
+file is read. The lookup table name is "<a href="DATABASE_README.html#types">texthash</a>:filename", where
+the file name is taken literally; no suffix is appended. </dd>
+
+<dt> <b>unionmap</b> (read-only) </dt>
+
+<dd> A table that sends each query to multiple lookup tables and
+that concatenates all found results, separated by comma. The table
+name syntax is the same as for pipemap tables. </dd>
+
+<dt> <b>unix</b> (read-only) </dt>
+
+<dd> A limited view of the UNIX authentication database. The following
+tables are implemented:
+
+<dl>
+
+<dt> <b>unix:passwd.byname</b> </dt>
+
+<dd>The table is the UNIX password database. The key is a login
+name. The result is a password file entry in passwd(5) format.
+</dd>
+
+<dt> <b>unix:group.byname</b> </dt>
+
+<dd> The table is the UNIX group database. The key is a group name.
+The result is a group file entry in group(5) format. </dd>
+
+</dl> </dd>
+
+</dl>
+
+</blockquote>
+
+<p> Other lookup table types may be available depending on how
+Postfix was built. With some Postfix distributions the list is
+dynamically extensible as support for lookup tables is dynamically
+linked into Postfix. </p>
+
+</body>
+
+</html>
diff --git a/html/DB_README.html b/html/DB_README.html
new file mode 100644
index 0000000..46739a7
--- /dev/null
+++ b/html/DB_README.html
@@ -0,0 +1,247 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Berkeley DB Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Berkeley DB Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix uses databases of various kinds to store and look up
+information. Postfix databases are specified as "type:name".
+Berkeley DB implements the Postfix database type "hash" and
+"btree". The name of a Postfix Berkeley DB database is the name
+of the database file without the ".db" suffix. Berkeley DB databases
+are maintained with the <a href="postmap.1.html">postmap(1)</a> command. </p>
+
+<p> Note: Berkeley DB version 4 is not supported by Postfix versions
+before 2.0. </p>
+
+<p> This document describes: </p>
+
+<ol>
+
+<li> <p> How to build Postfix <a href="#disable_db">without Berkeley
+DB support</a> even if the system comes with Berkeley DB. </p>
+
+<li> <p> How to build Postfix on <a href="#no_db">systems that
+normally have no Berkeley DB library</a>. </p>
+
+<li> <p> How to build Postfix on <a href="#bsd">BSD</a> or <a
+href="#linux">Linux</a> systems with multiple Berkeley DB
+versions. </p>
+
+<li> <p> How to <a href="#tweak">tweak</a> performance. </p>
+
+<li> <p> Missing <a href="#pthread">pthread</a> library trouble. </p>
+
+</ol>
+
+<h2><a name="disable_db">Building Postfix without Berkeley
+DB support even if the system comes with Berkeley DB</a></h2>
+
+<p> Note: The following instructions apply to Postfix 2.9 and later. </p>
+
+<p> Postfix will normally enable Berkeley DB support if the system
+is known to have it. To build Postfix without Berkeley DB support,
+build the makefiles as follows: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS="-DNO_DB"
+% make
+</pre>
+</blockquote>
+
+<p> This will disable support for "hash" and "btree" files. </p>
+
+<h2><a name="no_db">Building Postfix on systems that normally have
+no Berkeley DB library</a></h2>
+
+<p> Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
+Berkeley DB support you need to download and install the source
+code from <a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
+
+<p> Warning: some Linux system libraries use Berkeley DB, as do
+some third-party libraries such as SASL. If you compile Postfix
+with a different Berkeley DB implementation, then every Postfix
+program will dump core because either the system library, the SASL
+library, or Postfix itself ends up using the wrong version. </p>
+
+<p>The more recent Berkeley DB versions have a compile-time switch,
+"--with-uniquename", which renames the symbols so that multiple
+versions of Berkeley DB can co-exist in the same application.
+Although wasteful, this may be the only way to keep things from
+falling apart. </p>
+
+<p> To build Postfix after you installed the Berkeley DB from
+source code, use something like: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
+ AUXLIBS="-L/usr/local/BerkeleyDB/lib -ldb"
+% make
+</pre>
+</blockquote>
+
+<p> If your Berkeley DB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-ldb". </p>
+
+<p> Solaris needs this: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
+ AUXLIBS="-R/usr/local/BerkeleyDB/lib -L/usr/local/BerkeleyDB/lib -ldb"
+% make
+</pre>
+</blockquote>
+
+<p> The exact pathnames depend on the Berkeley DB version, and on
+how it was installed. </p>
+
+<p> Warning: the file format produced by Berkeley DB version 1 is
+not compatible with that of versions 2 and 3 (versions 2 and 3 have
+the same format). If you switch between DB versions, then you may
+have to rebuild all your Postfix DB files. </p>
+
+<p> Warning: if you use Berkeley DB version 2 or later, do not
+enable DB 1.85 compatibility mode. Doing so would break fcntl file
+locking. </p>
+
+<p> Warning: if you use Perl to manipulate Postfix's Berkeley DB
+files, then you need to use the same Berkeley DB version in Perl
+as in Postfix. </p>
+
+<h2><a name="bsd">Building Postfix on BSD systems with multiple
+Berkeley DB versions</a></h2>
+
+<p> Some BSD systems ship with multiple Berkeley DB implementations.
+Normally, Postfix builds with the default DB version that ships
+with the system. </p>
+
+<p> To build Postfix on BSD systems with a non-default DB version,
+use a variant of the following commands: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS=-I/usr/include/db3 AUXLIBS=-ldb3
+% make
+</pre>
+</blockquote>
+
+<p> Warning: the file format produced by Berkeley DB version 1 is
+not compatible with that of versions 2 and 3 (versions 2 and 3 have
+the same format). If you switch between DB versions, then you may
+have to rebuild all your Postfix DB files. </p>
+
+<p> Warning: if you use Berkeley DB version 2 or later, do not
+enable DB 1.85 compatibility mode. Doing so would break fcntl file
+locking. </p>
+
+<p> Warning: if you use Perl to manipulate Postfix's Berkeley DB
+files, then you need to use the same Berkeley DB version in Perl
+as in Postfix. </p>
+
+<h2><a name="linux">Building Postfix on Linux systems with multiple
+Berkeley DB versions</a></h2>
+
+<p> Some Linux systems ship with multiple Berkeley DB implementations.
+Normally, Postfix builds with the default DB version that ships
+with the system. </p>
+
+<p> Warning: some Linux system libraries use Berkeley DB. If you
+compile Postfix with a non-default Berkeley DB implementation, then
+every Postfix program will dump core because either the system
+library or Postfix itself ends up using the wrong version. </p>
+
+<p> On Linux, you need to edit the makedefs script in order to
+specify a non-default DB library. The reason is that the location
+of the default db.h include file changes randomly between vendors
+and between versions, so that Postfix has to choose the file for
+you. </p>
+
+<p> Warning: the file format produced by Berkeley DB version 1 is
+not compatible with that of versions 2 and 3 (versions 2 and 3 have
+the same format). If you switch between DB versions, then you may
+have to rebuild all your Postfix DB files. </p>
+
+<p> Warning: if you use Berkeley DB version 2 or later, do not
+enable DB 1.85 compatibility mode. Doing so would break fcntl file
+locking. </p>
+
+<p> Warning: if you use Perl to manipulate Postfix's Berkeley DB
+files, then you need to use the same Berkeley DB version in Perl
+as in Postfix. </p>
+
+<h2><a name="tweak">Tweaking performance</a></h2>
+
+<p> Postfix provides two configuration parameters that control how
+much buffering memory Berkeley DB will use. </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> (default: 16 MBytes per
+table). This setting is used by the commands that maintain Berkeley
+DB files: <a href="postalias.1.html">postalias(1)</a> and <a href="postmap.1.html">postmap(1)</a>. For "hash" files, create
+performance degrades rapidly unless the memory pool is O(file size).
+For "btree" files, create performance is good with sorted input even
+for small memory pools, but with random input degrades rapidly
+unless the memory pool is O(file size). </p>
+
+<li> <p> <a href="postconf.5.html#berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> (default: 128 kBytes per
+table). This setting is used by all other Postfix programs. The
+buffer size is adequate for reading. If the cache is smaller than
+the table, random read performance is hardly cache size dependent,
+except with btree tables, where the cache size must be large enough
+to contain the entire path from the root node. Empirical evidence
+shows that 64 kBytes may be sufficient. We double the size to play
+safe, and to anticipate changes in implementation and bloat. </p>
+
+</ul>
+
+<h2><a name="pthread">Missing pthread library trouble</a></h2>
+
+<p> When building Postfix fails with: </p>
+
+<blockquote>
+<pre>
+undefined reference to `pthread_condattr_setpshared'
+undefined reference to `pthread_mutexattr_destroy'
+undefined reference to `pthread_mutexattr_init'
+undefined reference to `pthread_mutex_trylock'
+</pre>
+</blockquote>
+
+<p> Add the "-lpthread" library to the "make makefiles" command. </p>
+
+<blockquote>
+<pre>
+% make makefiles .... AUXLIBS="... -lpthread"
+</pre>
+</blockquote>
+
+<p> More information is available at
+<a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
+
+</body>
+
+</html>
diff --git a/html/DEBUG_README.html b/html/DEBUG_README.html
new file mode 100644
index 0000000..a27d2ad
--- /dev/null
+++ b/html/DEBUG_README.html
@@ -0,0 +1,598 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title> Postfix Debugging Howto </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Debugging Howto</h1>
+
+<hr>
+
+<h2>Purpose of this document</h2>
+
+<p> This document describes how to debug parts of the Postfix mail
+system when things do not work according to expectation. The methods
+vary from making Postfix log a lot of detail, to running some daemon
+processes under control of a call tracer or debugger. </p>
+
+<p> The text assumes that the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>
+configuration files are stored in directory /etc/postfix. You can
+use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" to find out the
+actual location of this directory on your machine. </p>
+
+<p> Listed in order of increasing invasiveness, the debugging
+techniques are as follows: </p>
+
+<ul>
+
+<li><a href="#logging">Look for obvious signs of trouble</a>
+
+<li><a href="#trace_mail">Debugging Postfix from inside</a>
+
+<li><a href="#no_chroot">Try turning off chroot operation in
+master.cf</a>
+
+<li><a href="#debug_peer">Verbose logging for specific SMTP
+connections</a>
+
+<li><a href="#sniffer">Record the SMTP session with a network
+sniffer</a>
+
+<li><a href="#verbose">Making Postfix daemon programs more verbose</a>
+
+<li><a href="#man_trace">Manually tracing a Postfix daemon process</a>
+
+<li><a href="#auto_trace">Automatically tracing a Postfix daemon
+process</a>
+
+<li><a href="#ddd">Running daemon programs with the interactive
+ddd debugger</a>
+
+<li><a href="#screen">Running daemon programs with the interactive
+gdb debugger</a>
+
+<li><a href="#gdb">Running daemon programs under a non-interactive
+debugger</a>
+
+<li><a href="#unreasonable">Unreasonable behavior</a>
+
+<li><a href="#mail">Reporting problems to postfix-users@postfix.org</a>
+
+</ul>
+
+<h2><a name="logging">Look for obvious signs of trouble</a></h2>
+
+<p> Postfix logs all failed and successful deliveries to a logfile. </p>
+
+<ul>
+
+<li> <p> When Postfix uses syslog logging (the default), the file
+is usually called /var/log/maillog, /var/log/mail, or something
+similar; the exact pathname is configured in a file called
+/etc/syslog.conf, /etc/rsyslog.conf, or something similar. </p>
+
+<li> <p> When Postfix uses its own logging system (see <a href="MAILLOG_README.html">MAILLOG_README</a>),
+the location of the logfile is configured with the Postfix <a href="postconf.5.html#maillog_file">maillog_file</a>
+parameter. </p>
+
+</ul>
+
+<p> When Postfix does not receive or deliver mail, the first order
+of business is to look for errors that prevent Postfix from working
+properly: </p>
+
+<blockquote>
+<pre>
+% <b>grep -E '(warning|error|fatal|panic):' /some/log/file | more</b>
+</pre>
+</blockquote>
+
+<p> Note: the most important message is near the BEGINNING of the
+output. Error messages that come later are less useful. </p>
+
+<p> The nature of each problem is indicated as follows: </p>
+
+<ul>
+
+<li> <p> "<b>panic</b>" indicates a problem in the software itself
+that only a programmer can fix. Postfix cannot proceed until this
+is fixed. </p>
+
+<li> <p> "<b>fatal</b>" is the result of missing files, incorrect
+permissions, incorrect configuration file settings that you can
+fix. Postfix cannot proceed until this is fixed. </p>
+
+<li> <p> "<b>error</b>" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. </p>
+
+<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
+problems that you may not be able to fix (such as a broken DNS
+server elsewhere on the network) but may also indicate local
+configuration errors that could become a problem later. </p>
+
+</ul>
+
+<h2><a name="trace_mail">Debugging Postfix from inside</a> </h2>
+
+<p> Postfix version 2.1 and later can
+produce mail delivery reports for debugging purposes. These reports
+not only show sender/recipient addresses after address rewriting
+and alias expansion or forwarding, they also show information about
+delivery to mailbox, delivery to non-Postfix command, responses
+from remote SMTP servers, and so on.
+</p>
+
+<p> Postfix can produce two types of mail delivery reports for
+debugging: </p>
+
+<ul>
+
+<li> <p> What-if: report what would happen, but do not actually
+deliver mail. This mode of operation is requested with: </p>
+
+<pre>
+% <b>/usr/sbin/sendmail -bv address...</b>
+Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
+</pre>
+
+<li> <p> What happened: deliver mail and report successes and/or
+failures, including replies from remote SMTP servers. This mode
+of operation is requested with: </p>
+
+<pre>
+% <b>/usr/sbin/sendmail -v address...</b>
+Mail Delivery Status Report will be mailed to &lt;your login name&gt;.
+</pre>
+
+</ul>
+
+<p> These reports contain information that is generated by Postfix
+delivery agents. Since these run as daemon processes that cannot
+interact with users directly, the result is sent as mail to the
+sender of the test message. The format of these reports is practically
+identical to that of ordinary non-delivery notifications. </p>
+
+<p> For a detailed example of a mail delivery status report, see
+the <a href="ADDRESS_REWRITING_README.html#debugging"> debugging</a>
+section at the end of the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. </p>
+
+<h2><a name="no_chroot">Try turning off chroot operation in master.cf</a></h2>
+
+<p> A common mistake is to turn on chroot operation in the <a href="master.5.html">master.cf</a>
+file without going through all the necessary steps to set up a
+chroot environment. This causes Postfix daemon processes to fail
+due to all kinds of missing files. </p>
+
+<p> The example below shows an SMTP server that is configured with
+chroot turned off: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv <b>chroot</b> wakeup maxproc command
+ # (yes) (yes) <b>(yes)</b> (never) (100)
+ # =============================================================
+ smtp inet n - <b>n</b> - - smtpd
+</pre>
+</blockquote>
+
+<p> Inspect <a href="master.5.html">master.cf</a> for any processes that have chroot operation
+not turned off. If you find any, save a copy of the <a href="master.5.html">master.cf</a> file,
+and edit the entries in question. After executing the command
+"<b>postfix reload</b>", see if the problem has gone away. </p>
+
+<p> If turning off chrooted operation made the problem go away,
+then congratulations. Leaving Postfix running in this way is
+adequate for most sites. If you prefer chrooted operation, see
+the Postfix <a href="BASIC_CONFIGURATION_README.html#chroot_setup">
+BASIC_CONFIGURATION_README</a> file for information about how to
+prepare Postfix for chrooted operation. </p>
+
+<h2><a name="debug_peer">Verbose logging for specific SMTP
+connections</a></h2>
+
+<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a>, list the remote site name or address
+in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. For example, in order to make
+the software log a lot of information to the syslog daemon for
+connections from or to the loopback interface: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1
+</pre>
+</blockquote>
+
+<p> You can specify one or more hosts, domains, addresses or
+net/masks. To make the change effective immediately, execute the
+command "<b>postfix reload</b>". </p>
+
+<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
+
+<p> This example uses <b>tcpdump</b>. In order to record a conversation
+you need to specify a large enough buffer with the "<b>-s</b>"
+option or else you will miss some or all of the packet payload.
+</p>
+
+<blockquote>
+<pre>
+# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
+</pre>
+</blockquote>
+
+<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
+use "<b>-s 2000</b>" instead. </p>
+
+<p> Run this for a while, stop with Ctrl-C when done. To view the
+data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
+</p>
+
+<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
+
+<p> Append one or more "<b>-v</b>" options to selected daemon
+definitions in /etc/postfix/<a href="master.5.html">master.cf</a> and type "<b>postfix reload</b>".
+This will cause a lot of activity to be logged to the syslog daemon.
+For example, to make the Postfix SMTP server process more verbose: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd -v
+</pre>
+</blockquote>
+
+<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
+option for the <a href="cleanup.8.html">cleanup(8)</a> and/or <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon, and to
+diagnose problems with mail delivery specify a "<b>-v</b>"
+option for the <a href="qmgr.8.html">qmgr(8)</a> or <a href="qmgr.8.html">oqmgr(8)</a> queue manager, or for the <a href="lmtp.8.html">lmtp(8)</a>,
+<a href="local.8.html">local(8)</a>, <a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a>, or <a href="virtual.8.html">virtual(8)</a> delivery agent. </p>
+
+<h2><a name="man_trace">Manually tracing a Postfix daemon process</a></h2>
+
+<p> Many systems allow you to inspect a running process with a
+system call tracer. For example: </p>
+
+<blockquote>
+<pre>
+# <b>trace -p process-id</b> (SunOS 4)
+# <b>strace -p process-id</b> (Linux and many others)
+# <b>truss -p process-id</b> (Solaris, FreeBSD)
+# <b>ktrace -p process-id</b> (generic 4.4BSD)
+</pre>
+</blockquote>
+
+<p> Even more informative are traces of system library calls.
+Examples: </p>
+
+<blockquote>
+<pre>
+# <b>ltrace -p process-id</b> (Linux, also ported to FreeBSD and BSD/OS)
+# <b>sotruss -p process-id</b> (Solaris)
+</pre>
+</blockquote>
+
+<p> See your system documentation for details. </p>
+
+<p> Tracing a running process can give valuable information about
+what a process is attempting to do. This is as much information as
+you can get without running an interactive debugger program, as
+described in a later section. </p>
+
+<h2><a name="auto_trace">Automatically tracing a Postfix daemon
+process</a></h2>
+
+<p> Postfix can attach a call tracer whenever a daemon process
+starts. Call tracers come in several kinds. </p>
+
+<ol>
+
+<li> <p> System call tracers such as <b>trace</b>, <b>truss</b>,
+<b>strace</b>, or <b>ktrace</b>. These show the communication
+between the process and the kernel. </p>
+
+<li> <p> Library call tracers such as <b>sotruss</b> and <b>ltrace</b>.
+These show calls of library routines, and give a better idea of
+what is going on within the process. </p>
+
+</ol>
+
+<p> Append a <b>-D</b> option to the suspect command in
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd -D
+</pre>
+</blockquote>
+
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it invokes the call tracer of your choice, for example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#debugger_command">debugger_command</a> =
+ PATH=/bin:/usr/bin:/usr/local/bin;
+ (truss -p $<a href="postconf.5.html#process_id">process_id</a> 2&gt;&amp;1 | logger -p mail.info) &amp; sleep 5
+</pre>
+</blockquote>
+
+<p> Type "<b>postfix reload</b>" and watch the logfile. </p>
+
+<h2><a name="ddd">Running daemon programs with the interactive
+ddd debugger</a></h2>
+
+<p> If you have X Windows installed on the Postfix machine, then
+an interactive debugger such as <b>ddd</b> can be convenient.
+</p>
+
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it invokes <b>ddd</b>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#debugger_command">debugger_command</a> =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 5
+</pre>
+</blockquote>
+
+<p> Be sure that <b>gdb</b> is in the command search path, and
+export <b>XAUTHORITY</b> so that X access control works, for example:
+</p>
+
+<blockquote>
+<pre>
+% <b>setenv XAUTHORITY ~/.Xauthority</b> (csh syntax)
+$ <b>export XAUTHORITY=$HOME/.Xauthority</b> (sh syntax)
+</pre>
+</blockquote>
+
+<p> Append a <b>-D</b> option to the suspect daemon definition in
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd -D
+</pre>
+</blockquote>
+
+<p> Stop and start the Postfix system. This is necessary so that
+Postfix runs with the proper <b>XAUTHORITY</b> and <b>DISPLAY</b>
+settings. </p>
+
+<p> Whenever the suspect daemon process is started, a debugger
+window pops up and you can watch in detail what happens. </p>
+
+<h2><a name="screen">Running daemon programs with the interactive
+gdb debugger</a></h2>
+
+<p> If you have the screen command installed on the Postfix machine, then
+you can run an interactive debugger such as <b>gdb</b> as follows. </p>
+
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it runs <b>gdb</b> inside a detached <b>screen</b> session:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#debugger_command">debugger_command</a> =
+ PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; HOME=/root;
+ export HOME; screen -e^tt -dmS $<a href="postconf.5.html#process_name">process_name</a> gdb
+ $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 2
+</pre>
+</blockquote>
+
+<p> Be sure that <b>gdb</b> is in the command search path. </p>
+
+<p> Append a <b>-D</b> option to the suspect daemon definition in
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd -D
+</pre>
+</blockquote>
+
+<p> Execute the command "<b>postfix reload</b>" and wait until a
+daemon process is started (you can see this in the maillog file).
+</p>
+
+<p> Then attach to the screen, and debug away: </p>
+
+<blockquote>
+<pre>
+# HOME=/root screen -r
+gdb) continue
+gdb) where
+</pre>
+</blockquote>
+
+<h2><a name="gdb">Running daemon programs under a non-interactive
+debugger</a></h2>
+
+<p> If you do not have X Windows installed on the Postfix machine,
+or if you are not familiar with interactive debuggers, then you
+can try to run <b>gdb</b> in non-interactive mode, and have it
+print a stack trace when the process crashes. </p>
+
+<p> Edit the <a href="postconf.5.html#debugger_command">debugger_command</a> definition in /etc/postfix/<a href="postconf.5.html">main.cf</a>
+so that it invokes the <b>gdb</b> debugger: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#debugger_command">debugger_command</a> =
+ PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo
+ where; sleep 8640000) | gdb $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a>
+ $<a href="postconf.5.html#process_id">process_id</a> 2&gt&amp;1
+ &gt;$<a href="postconf.5.html#config_directory">config_directory</a>/$<a href="postconf.5.html#process_name">process_name</a>.$<a href="postconf.5.html#process_id">process_id</a>.log &amp; sleep 5
+</pre>
+</blockquote>
+
+<p> Append a <b>-D</b> option to the suspect daemon in
+/etc/postfix/<a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd -D
+</pre>
+</blockquote>
+
+<p> Type "<b>postfix reload</b>" to make the configuration changes
+effective. </p>
+
+<p> Whenever a suspect daemon process is started, an output file
+is created, named after the daemon and process ID (for example,
+smtpd.12345.log). When the process crashes, a stack trace (with
+output from the "<b>where</b>" command) is written to its logfile.
+</p>
+
+<h2><a name="unreasonable">Unreasonable behavior</a></h2>
+
+<p> Sometimes the behavior exhibited by Postfix just does not match the
+source code. Why can a program deviate from the instructions given
+by its author? There are two possibilities. </p>
+
+<ul>
+
+<li> <p> The compiler has erred. This rarely happens. </p>
+
+<li> <p> The hardware has erred. Does the machine have ECC memory? </p>
+
+</ul>
+
+<p> In both cases, the program being executed is not the program
+that was supposed to be executed, so anything could happen. </p>
+
+<p> There is a third possibility: </p>
+
+<ul>
+
+<li> <p> Bugs in system software (kernel or libraries). </p>
+
+</ul>
+
+<p> Hardware-related failures usually do not reproduce in exactly
+the same way after power cycling and rebooting the system. There's
+little Postfix can do about bad hardware. Be sure to use hardware
+that at the very least can detect memory errors. Otherwise, Postfix
+will just be waiting to be hit by a bit error. Critical systems
+deserve real hardware. </p>
+
+<p> When a compiler makes an error, the problem can be reproduced
+whenever the resulting program is run. Compiler errors are most
+likely to happen in the code optimizer. If a problem is reproducible
+across power cycles and system reboots, it can be worthwhile to
+rebuild Postfix with optimization disabled, and to see if optimization
+makes a difference. </p>
+
+<p> In order to compile Postfix with optimizations turned off: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b>
+% <b>make makefiles OPT=</b>
+</pre>
+</blockquote>
+
+<p> This produces a set of Makefiles that do not request compiler
+optimization. </p>
+
+<p> Once the makefiles are set up, build the software: </p>
+
+<blockquote>
+<pre>
+% <b>make</b>
+% <b>su</b>
+Password:
+# <b>make install</b>
+</pre>
+</blockquote>
+
+<p> If the problem goes away, then it is time to ask your vendor
+for help. </p>
+
+<h2><a name="mail">Reporting problems to postfix-users@postfix.org</a></h2>
+
+<p> The people who participate on postfix-users@postfix.org
+are very helpful, especially if YOU provide them with sufficient
+information. Remember, these volunteers are willing to help, but
+their time is limited. </p>
+
+<p> When reporting a problem, be sure to include the following
+information. </p>
+
+<ul>
+
+<li> <p> A summary of the problem. Please do not just send some
+logging without explanation of what YOU believe is wrong. </p>
+
+<li> <p> Complete error messages. Please use cut-and-paste, or use
+attachments, instead of reciting information from memory.
+</p>
+
+<li> <p> Postfix logging. See the text at the top of the <a href="DEBUG_README.html">DEBUG_README</a>
+document to find out where logging is stored. Please do not frustrate
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. </p>
+
+<li> <p> Consider using a test email address so that you don't have
+to reveal email addresses or passwords of innocent people. </p>
+
+<li> <p> If you can't use a test email address, please anonymize
+email addresses and host names consistently. Replace each letter
+by "A", each digit
+by "D" so that the helpers can still recognize syntactical errors.
+</p>
+
+<li> <p> Command output from:</p>
+
+<ul>
+
+<li> <p> "<b>postconf -n</b>". Please do not send your <a href="postconf.5.html">main.cf</a> file,
+or 1000+ lines of <b>postconf</b> command output. </p>
+
+<li> <p> "<b>postconf -Mf</b>" (Postfix 2.9 or later). </p>
+
+</ul>
+
+<li> <p> Better, provide output from the <b>postfinger</b> tool.
+This can be found at <a href="https://github.com/ford--prefect/postfinger">https://github.com/ford--prefect/postfinger</a>. </p>
+
+<li> <p> If the problem is SASL related, consider including the
+output from the <b>saslfinger</b> tool. This can be found at
+<a href="https://packages.debian.org/search?keywords=sasl2-bin">https://packages.debian.org/search?keywords=sasl2-bin</a>. </p>
+
+<li> <p> If the problem is about too much mail in the queue, consider
+including output from the <b>qshape</b> tool, as described in the
+<a href="QSHAPE_README.html">QSHAPE_README</a> file. </p>
+
+<li> <p> If the problem is protocol related (connections time out,
+or an SMTP server complains about syntax errors etc.) consider
+recording a session with <b>tcpdump</b>, as described in the <a
+href="#sniffer">DEBUG_README</a> document. </ul>
+
+</body>
+
+</html>
diff --git a/html/DSN_README.html b/html/DSN_README.html
new file mode 100644
index 0000000..036e83d
--- /dev/null
+++ b/html/DSN_README.html
@@ -0,0 +1,157 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix DSN Support </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+DSN Support </h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix version 2.3 introduces support for Delivery Status
+Notifications as described in <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a>. This gives senders control
+over successful and failed delivery notifications. </p>
+
+<p> Specifically, DSN support gives an email sender the ability to
+specify: </p>
+
+<ul>
+
+<li> <p> What notifications are sent: success, failure, delay, or
+none. Normally, Postfix informs the sender only when mail delivery
+is delayed or when delivery fails. </p>
+
+<li> <p> What content is returned in case of failure: only the
+message headers, or the full message. </p>
+
+<li> <p> An envelope ID that is returned as part of delivery status
+notifications. This identifies the message <i>submission</i>
+transaction, and must not be confused with the message ID, which
+identifies the message <i>content</i>. </p>
+
+</ul>
+
+<p> The implementation of DSN support involves extra parameters to
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
+sendmail command line options that provide a sub-set of the functions
+of the extra SMTP command parameters. </p>
+
+<p> This document has information on the following topics: </p>
+
+<ul>
+
+<li> <a href="#scope">Restricting the scope of "success" notifications</a>
+
+<li> <a href="#cli">Postfix sendmail command-line interface</a>
+
+<li> <a href="#compat">Postfix VERP support compatibility</a>
+
+</ul>
+
+<h2> <a name="scope">Restricting the scope of "success" notifications</a> </h2>
+
+<p> Just like reports of undeliverable mail, DSN reports of
+<i>successful</i> delivery can give away more information about the
+internal infrastructure than desirable. Unfortunately, disallowing
+"success" notification requests requires disallowing other DSN
+requests as well. The RFCs do not offer the option to negotiate
+feature subsets. </p>
+
+<p> This is not as bad as it sounds. When you turn off DSN for
+remote inbound mail, remote senders with DSN support will still be
+informed that their mail reached your Postfix gateway successfully;
+they just will not get successful delivery notices from your internal
+systems. Remote senders lose very little: they can no longer specify
+how Postfix should report delayed or failed delivery. </p>
+
+<p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature if you
+wish to allow DSN requests from trusted clients but not from random
+strangers (see below for how to turn this off for all clients):
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> =
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/esmtp_access
+
+/etc/postfix/esmtp_access:
+ # Allow DSN requests from local subnet only
+ 192.168.0.0/28 silent-discard
+ 0.0.0.0/0 silent-discard, dsn
+ ::/0 silent-discard, dsn
+</pre>
+</blockquote>
+
+<p> If you want to disallow all use of DSN requests from the network,
+use the <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> feature: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = silent-discard, dsn
+</pre>
+</blockquote>
+
+<h2> <a name="cli">Postfix sendmail command-line interface</a> </h2>
+
+<p> Postfix has two Sendmail-compatible command-line options for
+DSN support. </p>
+
+<ul>
+
+<li> <p> The first option specifies what notifications are sent
+for mail that is submitted via the Postfix <a href="sendmail.1.html">sendmail(1)</a> command line:
+</p>
+
+<blockquote>
+<pre>
+$ <b>sendmail -N success,delay,failure ...</b> (one or more of these)
+$ <b>sendmail -N never ...</b> (or just this by itself)
+</pre>
+</blockquote>
+
+<p> The built-in default corresponds with "delay,failure". </p>
+
+<li> <p> The second option specifies an envelope ID which is reported
+in delivery status notifications for mail that is submitted via the
+Postfix <a href="sendmail.1.html">sendmail(1)</a> command line: </p>
+
+<blockquote>
+<pre>
+$ <b>sendmail -V <i>envelope-id</i> ...</b>
+</pre>
+</blockquote>
+
+<p> Note: this conflicts with VERP support in older Postfix versions,
+as discussed in the next section. </p>
+
+</ul>
+
+<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
+
+<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> command uses
+the -V command-line option to request VERP-style delivery. In order
+to request VERP style delivery with Postfix 2.3 and later, you must
+specify -XV instead of -V. </p>
+
+<p> The Postfix 2.3 <a href="sendmail.1.html">sendmail(1)</a> command will recognize if you try
+to use -V for VERP-style delivery. It will do the right thing and
+will remind you of the new syntax. </p>
+
+</body>
+
+</html>
diff --git a/html/ETRN_README.html b/html/ETRN_README.html
new file mode 100644
index 0000000..dc07ca0
--- /dev/null
+++ b/html/ETRN_README.html
@@ -0,0 +1,375 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix ETRN Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix ETRN Howto</h1>
+
+<hr>
+
+<h2>Purpose of the Postfix fast ETRN service</h2>
+
+<p> The SMTP ETRN command was designed for sites that have intermittent
+Internet connectivity. With ETRN, a site can tell the mail server
+of its provider to "Please deliver all my mail now". The SMTP server
+searches the queue for mail to the customer, and delivers that mail
+<b>by connecting to the customer's SMTP server</b>. The mail is
+not delivered via the connection that was used for sending ETRN.
+</p>
+
+<p> As of version 1.0, Postfix has a fast ETRN implementation that
+does not require Postfix to examine every queue file. Instead,
+Postfix maintains a record of what queue files contain mail for
+destinations that are configured for ETRN service. ETRN service
+is no longer available for domains that aren't configured for the
+service. </p>
+
+<p> This document provides information on the following topics: </p>
+
+<ul>
+
+<li><a href="#using">Using the Postfix fast ETRN service</a>
+
+<li><a href="#how">How Postfix fast ETRN works</a>
+
+<li><a href="#dirty_secret">Postfix fast ETRN service limitations</a>
+
+<li><a href="#config">Configuring the Postfix fast ETRN service</a>
+
+<li><a href="#only">Configuring a domain for ETRN service only</a>
+
+<li><a href="#testing">Testing the Postfix fast ETRN service</a>
+
+</ul>
+
+<p> Other documents with information on this subject: </p>
+
+<ul>
+
+<li> <a href="flush.8.html">flush(8)</a>, flush service implementation
+
+</ul>
+
+<h2><a name="using">Using the Postfix fast ETRN service</a> </h2>
+
+<p> The following is an example SMTP session that shows how an SMTP
+client requests the ETRN service. Client commands are shown in bold
+font. </p>
+
+<blockquote>
+<pre>
+220 my.server.tld ESMTP Postfix
+<b>HELO my.client.tld</b>
+250 Ok
+<b>ETRN some.customer.domain</b>
+250 Queuing started
+<b>QUIT</b>
+221 Bye
+</pre>
+</blockquote>
+
+<p> As mentioned in the introduction, the mail is delivered by
+connecting to the customer's SMTP server; it is not sent over
+the connection that was used to send the ETRN command. </p>
+
+<p> The Postfix operator can request delivery for a specific customer
+by using the command "sendmail -qR<i>destination</i>" and, with
+Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
+Access to this feature is controlled with the <a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a>
+configuration parameter (Postfix version 2.2 and later).
+</p>
+
+<h2><a name="how">How Postfix fast ETRN works</a></h2>
+
+<p> When a Postfix delivery agent decides that mail must be delivered
+later, it sends the destination domain name and the queue file name
+to the <a href="flush.8.html">flush(8)</a> daemon which maintains per-destination logfiles
+with file names of queued mail. These logfiles are kept below
+$<a href="postconf.5.html#queue_directory">queue_directory</a>/flush. Per-destination logfiles are maintained
+only for destinations that are listed with the $<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>
+parameter and that have syntactically valid domain names. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
+delivery<br> agent</td>
+
+<td> <tt>-</tt>(domain, queue ID)<tt>-&gt;</tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> Postfix<br>
+flush<br> daemon</td>
+
+<td> <tt>-</tt>(queue ID)<tt>-&gt;</tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> One logfile <br>
+per eligible<br> domain </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> When Postfix receives a request to "deliver mail for a domain
+now", the <a href="flush.8.html">flush(8)</a> daemon moves all <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> files that are
+listed for that domain to the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>, and requests that
+the queue manager deliver them. In order to force delivery, the
+queue manager temporarily ignores the lists of undeliverable
+destinations: the volatile in-memory list of dead domains, and
+the list of message delivery transports specified with the
+<a href="postconf.5.html#defer_transports">defer_transports</a> configuration parameter. </p>
+
+<h2><a name="dirty_secret">Postfix fast ETRN service limitations</a></h2>
+
+<p> The design of the <a href="flush.8.html">flush(8)</a> server and of the flush queue
+introduce a few limitations that should not be an issue unless you
+want to turn on fast ETRN service for every possible destination.
+</p>
+
+<ul>
+
+<li> <p> The <a href="flush.8.html">flush(8)</a> daemon maintains per-destination logfiles
+with queue file names. When a request to "deliver mail now" arrives,
+Postfix will attempt to deliver all recipients in the queue files
+that have mail for the destination in question. This does not
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+</p>
+
+<li> <p> The <a href="flush.8.html">flush(8)</a> daemon maintains per-destination logfiles
+only for destinations listed with $<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>. With other
+destinations you cannot request delivery with "sendmail
+-qR<i>destination</i>" or, with Postfix version 1.1 and later,
+"postqueue -s<i>destination</i>". </p>
+
+<li> <p> Up to and including early versions of Postfix version 2.1,
+the "fast flush" service may not deliver some messages if the
+request to "deliver mail now" is received while a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
+scan is already in progress. The reason is that the queue manager
+does not ignore the volatile in-memory list of dead domains, and
+the list of message delivery transports specified with the
+<a href="postconf.5.html#defer_transports">defer_transports</a> configuration parameter. </p>
+
+<li> <p> Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is already in progress.
+</p>
+
+</ul>
+
+<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
+
+<p> The behavior of the <a href="flush.8.html">flush(8)</a> daemon is controlled by parameters
+in the <a href="postconf.5.html">main.cf</a> configuration file. </p>
+
+<p> By default, Postfix "fast ETRN" service is available only for
+destinations that Postfix is willing to relay mail to: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>
+ <a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#relay_domains">relay_domains</a> parameter specifies what destinations
+Postfix will relay to. For destinations that are not eligible for
+the "fast ETRN" service, Postfix replies with an error message.
+</p>
+
+<li> <p> The <a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> parameter limits what clients
+may execute the ETRN command. By default, any client has permission.
+</p>
+
+</ul>
+
+<p> To enable "fast ETRN" for some other destination, specify: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>, some.other.domain
+</pre>
+</blockquote>
+
+<p> To disable "fast ETRN", so that Postfix rejects all ETRN requests
+and so that it maintains no per-destination logfiles, specify: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =
+</pre>
+</blockquote>
+
+<h2><a name="only">Configuring a domain for ETRN service only</a></h2>
+
+<p> While an "ETRN" customer is off-line, Postfix will make
+spontaneous attempts to deliver mail to it. These attempts are
+separated in time by increasing time intervals, ranging from
+$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> to $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>, and should not be
+a problem unless a lot of mail is queued. </p>
+
+<p> To prevent Postfix from making spontaneous delivery attempts
+you can configure Postfix to always defer mail for the "ETRN"
+customer. Mail is delivered only after the ETRN command or with
+"sendmail -q", with "sendmail -qR<i>domain</i>", or with "postqueue
+-s<i>domain</i>"(Postfix version 1.1 and later only), </p>
+
+<p> In the example below we configure an "etrn-only" delivery
+transport which is simply a duplicate of the "smtp" and "relay"
+mail delivery transports. The only difference is that mail destined
+for this delivery transport is deferred as soon as it arrives.
+</p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 # =============================================================
+ 3 # service type private unpriv chroot wakeup maxproc command
+ 4 # (yes) (yes) (yes) (never) (100)
+ 5 # =============================================================
+ 6 smtp unix - - n - - smtp
+ 7 relay unix - - n - - smtp
+ 8 etrn-only unix - - n - - smtp
+ 9
+10 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+11 <a href="postconf.5.html#relay_domains">relay_domains</a> = customer.tld ...other domains...
+12 <a href="postconf.5.html#defer_transports">defer_transports</a> = etrn-only
+13 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+14
+15 /etc/postfix/transport:
+16 customer.tld etrn-only:[mailhost.customer.tld]
+</pre>
+</blockquote>
+
+<p>Translation: </p>
+
+<ul>
+
+<li> <p> Line 8: The "etrn-only" mail delivery service is a copy of the
+"smtp" and "relay" service. </p>
+
+<li> <p> Line 11: Don't forget to authorize relaying for this
+customer, either via <a href="postconf.5.html#relay_domains">relay_domains</a> or with the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a>
+feature. </p>
+
+<li> <p> Line 12: The "etrn-only" mail delivery service is configured
+so that spontaneous mail delivery is disabled. </p>
+
+<li> <p> Lines 13-16: Mail for the customer is given to the
+"etrn-only" mail delivery service. </p>
+
+<li> <p> Line 16: The "[mailhost.customer.tld]" turns off MX record
+lookups; you must specify this if your Postfix server is the primary
+MX host for the customer's domain. </p>
+
+</ul>
+
+<h2><a name="testing">Testing the Postfix fast ETRN service</a></h2>
+
+<p> By default, "fast ETRN" service is enabled for all domains that
+match $<a href="postconf.5.html#relay_domains">relay_domains</a>. If you run Postfix with "fast ETRN" service
+for the very first time, you need to run "sendmail -q" once
+in order to populate the per-site deferred mail logfiles. If you
+omit this step, no harm is done. The logfiles will eventually
+become populated as Postfix routinely attempts to deliver delayed
+mail, but that will take a couple hours. After the "sendmail
+-q" command has completed all delivery attempts (this can take
+a while), you're ready to test the "fast ETRN" service.
+
+<p> To test the "fast ETRN" service, telnet to the Postfix SMTP
+server from a client that is allowed to execute ETRN commands (by
+default, that's every client), and type the commands shown in
+boldface: </p>
+
+<blockquote>
+<pre>
+220 my.server.tld ESMTP Postfix
+<b>HELO my.client.tld</b>
+250 Ok
+<b>ETRN some.customer.domain</b>
+250 Queuing started
+</pre>
+</blockquote>
+
+<p> where "some.customer.domain" is the name of a domain that has
+a non-empty logfile somewhere under $<a href="postconf.5.html#queue_directory">queue_directory</a>/flush. </p>
+
+<p> In the maillog file, you should immediately see a couple of
+logfile records, as evidence that the queue manager has opened
+queue files: </p>
+
+<blockquote>
+<pre>
+Oct 2 10:51:19 <a href="postconf.5.html#myhostname">myhostname</a> postfix/qmgr[51999]: 682E8440A4:
+ from=&lt;whatever&gt;, size=12345, nrcpt=1 (queue active)
+Oct 2 10:51:19 <a href="postconf.5.html#myhostname">myhostname</a> postfix/qmgr[51999]: 02249440B7:
+ from=&lt;whatever&gt;, size=4711, nrcpt=1 (queue active)
+</pre>
+</blockquote>
+
+<p> What happens next depends on whether the destination is reachable.
+If it's not reachable, the mail queue IDs will be added back to
+the some.customer.domain logfile under $<a href="postconf.5.html#queue_directory">queue_directory</a>/flush.
+</p>
+
+<p> Repeat the exercise with some other destination that your server
+is willing to relay to (any domain listed in $<a href="postconf.5.html#relay_domains">relay_domains</a>), but
+that has no mail queued. The text in bold face stands for the
+commands that you type: </p>
+
+<blockquote>
+<pre>
+220 my.server.tld ESMTP Postfix
+<b>HELO my.client.tld</b>
+250 Ok
+<b>ETRN some.other.customer.domain</b>
+250 Queuing started
+</pre>
+</blockquote>
+
+<p> This time, the "ETRN"" command should trigger NO mail deliveries
+at all. If this triggers delivery of all mail, then you used the
+wrong domain name, or "fast ETRN" service is turned off. </p>
+
+<p> Finally, repeat the exercise with a destination that your mail
+server is not willing to relay to. It does not matter if your
+server has mail queued for that destination. </p>
+
+<blockquote>
+<pre>
+220 my.server.tld ESMTP Postfix
+<b>HELO my.client.tld</b>
+250 Ok
+<b>ETRN not.a.customer.domain</b>
+459 &lt;not.a.customer.domain&gt;: service unavailable
+</pre>
+</blockquote>
+
+<p> In this case, Postfix should reject the request
+as shown above. </p>
+
+</body>
+
+</html>
diff --git a/html/FILTER_README.html b/html/FILTER_README.html
new file mode 100644
index 0000000..e40ac9a
--- /dev/null
+++ b/html/FILTER_README.html
@@ -0,0 +1,981 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix After-Queue Content Filter </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix After-Queue Content Filter </h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> This document requires Postfix version 2.1 or later. </p>
+
+<p> Normally, Postfix receives mail, stores it in the mail queue
+and then delivers it. With the external content filter described
+here, mail is filtered AFTER it is queued. This approach decouples
+mail receiving processes from mail filtering processes, and gives
+you maximal control over how many filtering processes you are
+willing to run in parallel. </p>
+
+<p> The after-queue content filter is meant to be used as follows: </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Network or<br> local users </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> queue </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <b>Content<br> filter</b> </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> queue </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ Network or<br> local mailbox </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> This document describes implementations that use a single
+Postfix instance for everything: receiving, filtering and delivering
+mail. Applications that use two separate Postfix instances will
+be covered by a later version of this document. </p>
+
+<p> The after-queue content filter is not to be confused with the
+approaches described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> or <a href="MILTER_README.html">MILTER_README</a>
+documents,
+where incoming SMTP mail is filtered BEFORE it is stored into the
+Postfix queue. </p>
+
+<p> This document describes two approaches to content filter
+all email, as well as several options to filter mail selectively: </p>
+
+<ul>
+
+<li><a href="#principles">Principles of operation</a>
+
+<li>Simple content filter
+
+<ul>
+
+<li><a href="#simple_filter">Simple content filter example</a>
+
+<li><a href="#simple_performance">Simple content filter performance</a>
+
+<li><a href="#simple_limitations">Simple content filter limitations</a>
+
+<li><a href="#simple_turnoff">Turning off the simple content filter</a>
+
+</ul>
+
+<li>Advanced content filter
+
+<ul>
+
+<li><a href="#advanced_filter">Advanced content filter example</a>
+
+<li><a href="#performance">Advanced content filter performance</a>
+
+<li><a href="#advanced_turnoff">Turning off the advanced content filter</a>
+
+</ul>
+
+<li>Selective content filtering
+
+<ul>
+
+<li><a href="#remote_only">Filtering mail from outside users only</a>
+
+<li><a href="#domain_dependent">Different filters for different domains</a>
+
+<li><a href="#dynamic_filter">FILTER actions in access or header/body tables</a>
+
+</ul>
+
+</ul>
+
+
+<h2><a name="principles">Principles of operation</a> </h2>
+
+<p> An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: </p>
+
+<ol>
+
+<li> <p> Re-inject the mail back into Postfix, perhaps after changing
+ content and/or destination. </p>
+
+<li> <p> Discard or quarantine the mail. </p>
+
+<li> <p> Reject the mail (by sending a suitable status code back to
+ Postfix). Postfix will send the mail back to the sender address. </p>
+
+</ol>
+
+<p> NOTE: in this time of mail worms and forged spam, it is a VERY
+BAD IDEA to send viruses back to the sender address, because the
+sender address is almost certainly not the originator. It is better
+to discard known viruses, and to quarantine material that is
+suspect so that a human can decide what to do with it. </p>
+
+<h2><a name="simple_filter">Simple content filter example</a></h2>
+
+<p> The first example is simple to set up, but has major limitations
+that will be addressed in a second example. Postfix receives
+unfiltered mail from the network with the <a href="smtpd.8.html">smtpd(8)</a> server, and
+delivers unfiltered mail to a content filter with the Postfix
+<a href="pipe.8.html">pipe(8)</a> delivery agent. The content filter injects filtered mail
+back into Postfix with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command, so that
+Postfix can deliver it to the final destination. </p>
+
+<p> This means that mail submitted via the Postfix <a href="sendmail.1.html">sendmail(1)</a>
+command cannot be content filtered. </p>
+
+<p> In the figure below, names followed by a number represent
+Postfix commands or daemon programs. See the <a href="OVERVIEW.html">OVERVIEW</a>
+document for an introduction to the Postfix architecture. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+ <td align="center" valign="top"> Unfiltered<br> <br> </td>
+
+ <td align="center" valign="top"> <tt> -&gt;</tt><br> <br> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtpd.8.html">smtpd(8)</a><br> <br> <a href="pickup.8.html">pickup(8)</a> </td>
+
+ <td align="center" valign="middle"> <tt> &gt;- </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="cleanup.8.html">cleanup(8)</a> </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="qmgr.8.html">qmgr(8)</a><br> Postfix <br> queue </td>
+
+ <td align="center" valign="middle"> <tt> -&lt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="local.8.html">local(8)</a><br> <a href="smtp.8.html">smtp(8)</a><br> <a href="pipe.8.html">pipe(8)</a> </td>
+
+ <td align="center" valign="top"> <tt> -&gt;</tt><br> <tt>
+ -&gt;</tt><br> </td>
+
+ <td align="center" valign="top"> Filtered<br> Filtered<br>
+ </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="2"> </td>
+
+ <td align="center" valign="middle"> ^<br> <tt> | </tt> </td>
+
+ <td colspan="5"> </td>
+
+ <td align="center" valign="middle"> <tt> |<br> v </tt> </td>
+
+ <td colspan="2"> </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="2"> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="QSHAPE_README.html#maildrop_queue"> maildrop <br>
+ queue </a> </td>
+
+ <td align="center" valign="middle"> <tt> &lt;- </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">Postfix<br>
+ <a href="postdrop.1.html">postdrop(1)</a> </td>
+
+ <td align="center" valign="middle"> <tt> &lt;- </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">Postfix<br>
+ <a href="sendmail.1.html">sendmail(1)</a> </td>
+
+ <td align="center" valign="middle"> <tt> &lt;- </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">Content
+ <br> filter </td>
+
+ <td colspan="2"> </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> The content filter can be a simple shell script like this: </p>
+
+<blockquote>
+<pre>
+ 1 #!/bin/sh
+ 2
+ 3 # Simple shell-based filter. It is meant to be invoked as follows:
+ 4 # /path/to/script -f sender recipients...
+ 5
+ 6 # Localize these. The -G option does nothing before Postfix 2.3.
+ 7 INSPECT_DIR=/var/spool/filter
+ 8 SENDMAIL="/usr/sbin/sendmail -G -i" # NEVER NEVER NEVER use "-t" here.
+ 9
+10 # Exit codes from &lt;sysexits.h&gt;
+11 EX_TEMPFAIL=75
+12 EX_UNAVAILABLE=69
+13
+14 # Clean up when done or when aborting.
+15 trap "rm -f in.$$" 0 1 2 3 15
+16
+17 # Start processing.
+18 cd $INSPECT_DIR || {
+19 echo $INSPECT_DIR does not exist; exit $EX_TEMPFAIL; }
+20
+21 cat &gt;in.$$ || {
+22 echo Cannot save mail to file; exit $EX_TEMPFAIL; }
+23
+24 # Specify your content filter here.
+25 # filter &lt;in.$$ || {
+26 # echo Message content rejected; exit $EX_UNAVAILABLE; }
+27
+28 $SENDMAIL "$@" &lt;in.$$
+29
+30 exit $?
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers. This option does
+nothing before Postfix version 2.3. </p>
+
+<li> <p> Line 8: The -i option says don't stop reading input when
+a line contains "." only. </p>
+
+<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. </p>
+
+<li> <p> Line 21: The idea is to first capture the message to
+file and then run the content through a third-party content filter
+program. </p>
+
+<li> <p> Line 22: If the message cannot be captured to file, mail
+delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
+Postfix places the message in the deferred mail queue and tries
+again later. </p>
+
+<li> <p> Line 25: You will need to specify a real content filter
+program here that receives the content on standard input. </p>
+
+<li> <p> Line 26: If the content filter program finds a problem,
+the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
+Postfix will send the message back to the sender as undeliverable
+mail.
+</p>
+
+<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
+IDEA to send known viruses or spam back to the sender, because that
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
+be inspected by a human being. </p>
+
+<li> <p> Line 28: If the content is OK, it is given as input to
+the Postfix sendmail command, and the exit status of the filter
+command is whatever exit status the Postfix sendmail command
+produces. Postfix will deliver the message as usual. </p>
+
+<li> <p> Line 30: Postfix returns the exit status of the Postfix
+sendmail command. </p>
+
+</ul>
+
+<p> I suggest that you first run this script by hand until you are
+satisfied with the results. Run it with a real message (headers+body)
+as input: </p>
+
+<blockquote>
+<pre>
+% /path/to/script -f sender -- recipient... &lt;message-file
+</pre>
+</blockquote>
+
+<p> Once you're satisfied with the content filtering script: </p>
+
+<ul>
+
+<li> <p> Create a dedicated local user account called "filter". This
+user handles all potentially dangerous mail content - that is
+why it should be a separate account. Do not use "nobody", and
+most certainly do not use "root" or "postfix". </p>
+
+<li> <p> Create a directory /var/spool/filter that is accessible only
+to the "filter" user. This is where the content filtering script
+is supposed to store its temporary files. </p>
+
+<li> <p> Configure Postfix to deliver mail to the content filter
+with the <a href="pipe.8.html">pipe(8)</a> delivery agent (see the <a href="pipe.8.html">pipe(8)</a> manpage for a
+description of the command syntax below). </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ filter unix - n n - 10 pipe
+ flags=Rq user=filter null_sender=
+ argv=/path/to/script -f ${sender} -- ${recipient}
+</pre>
+
+<p> This runs up to 10 content filters in parallel. Instead of a
+limit of 10 concurrent processes, use whatever process limit is
+feasible for your machine. Content inspection software can gobble
+up a lot of system resources, so you don't want to have too much
+of it running at the same time. The empty null_sender setting is
+required with Postfix 2.3 and later. </p>
+
+<li> <p> To turn on content filtering for mail arriving via SMTP
+only, append "-o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy" to the <a href="master.5.html">master.cf</a>
+entry that defines the Postfix SMTP server: </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ smtp inet ...other stuff here, do not change... smtpd
+ -o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy
+</pre>
+
+<p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
+filter request record to each incoming mail message, with content
+"filter:dummy". This record overrides the normal mail routing
+and causes mail to be given to the content filter instead. </p>
+
+<p> The <a href="postconf.5.html#content_filter">content_filter</a> configuration parameter expects a value of
+the form <i>transport:destination</i>. The <i>transport</i> name
+specifies the first field of a mail delivery agent definition in
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
+
+<p> The meaning of an empty next-hop filter <i>destination</i> is
+version dependent. Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
+</p>
+
+<p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has lower precedence than a FILTER
+action that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or
+<a href="header_checks.5.html">body_checks(5)</a> table. </p>
+
+<li> <p> Execute "<b>postfix reload</b>" to complete the change.
+</p>
+
+</ul>
+
+<h2> <a name="simple_performance">Simple content filter performance</a> </h2>
+
+<p> With the shell script as shown above you will lose a factor of
+four in Postfix performance for transit mail that arrives and leaves
+via SMTP. You will lose another factor in transit performance for
+each additional temporary file that is created and deleted in the
+process of content filtering. The performance impact is less for
+mail that is submitted or delivered locally, because such deliveries
+are already slower than SMTP transit mail. </p>
+
+<h2><a name="simple_limitations">Simple content filter limitations</a></h2>
+
+<p> The problem with content filters like the one above is that
+they are not very robust. The reason is that the software does not
+talk a well-defined protocol with Postfix. If the filter shell
+script aborts because the shell runs into some memory allocation
+problem, the script will not produce a nice exit status as defined
+in the file /usr/include/sysexits.h. Instead of going to the
+<a href="QSHAPE_README.html#deferred_queue">deferred queue</a>, mail will bounce. The same lack of robustness can
+happen when the content filtering software itself runs into a
+resource problem. </p>
+
+<p> The simple content filter method is not suitable for content
+filter actions that are invoked via <a href="postconf.5.html#header_checks">header_checks</a> or <a href="postconf.5.html#body_checks">body_checks</a>
+patterns. These patterns will be applied again after mail is
+re-injected with the Postfix sendmail command, resulting in a mail
+filtering loop. The advanced content filtering method (see below)
+makes it possible to turn off <a href="postconf.5.html#header_checks">header_checks</a> or <a href="postconf.5.html#body_checks">body_checks</a> patterns
+for filtered mail. </p>
+
+<h2><a name="simple_turnoff">Turning off the simple content filter</a> </h2>
+
+<p> To turn off "simple" content filtering: </p>
+
+<ul> <li> <p> Edit the <a href="master.5.html">master.cf</a> file, remove the "-o
+<a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy" text from the entry that defines the
+Postfix SMTP server. </p>
+
+<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
+filter request records from existing queue files. </p>
+
+<li> <p> Execute another "<b>postfix reload</b>". </p>
+
+</ul>
+
+<h2><a name="advanced_filter">Advanced content filter example</a></h2>
+
+<p> The second example is more complex, but can give better
+performance, and is less likely to bounce mail when the machine
+runs into some resource problem. This content filter receives
+unfiltered mail with SMTP on localhost port 10025, and sends filtered
+mail back into Postfix with SMTP on localhost port 10026. </p>
+
+<p> For non-SMTP capable content filtering software, Bennett Todd's
+SMTP proxy implements a nice PERL/SMTP content filtering framework.
+See: <a href="https://web.archive.org/web/20151022025756/http://bent.latency.net/smtpprox/">https://web.archive.org/web/20151022025756/http://bent.latency.net/smtpprox/</a>. </p>
+
+<p> In the figure below, names followed by a number represent
+Postfix commands or daemon programs. See the <a href="OVERVIEW.html">OVERVIEW</a>
+document for an introduction to the Postfix architecture. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+ <td align="center" valign="middle"> Unfiltered<br> <br>
+ Unfiltered</td>
+
+ <td align="center" valign="middle"> <tt> -&gt;</tt><br> <br>
+ <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtpd.8.html">smtpd(8)</a><br> <br> <a href="pickup.8.html">pickup(8)</a> </td>
+
+ <td align="center" valign="middle"> <tt> &gt;- </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="cleanup.8.html">cleanup(8)</a> </td>
+
+ <td align="center" valign="middle"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="qmgr.8.html">qmgr(8)</a><br> Postfix <br> queue </td>
+
+ <td align="center" valign="middle"> <tt> -&lt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtp.8.html">smtp(8)</a><br> <br> <a href="local.8.html">local(8)</a> </td>
+
+ <td align="center" valign="middle"> <tt> -&gt;</tt><br> <br>
+ <tt> -&gt; </tt></td>
+
+ <td align="center" valign="middle"> Filtered<br> <br>
+ Filtered</td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> </td>
+
+ <td align="center" valign="middle"> ^<br> <tt> | </tt> </td>
+
+ <td> </td>
+
+ <td align="center" valign="middle"> <tt> |<br> v </tt> </td>
+
+ <td colspan="4"> </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtpd.8.html">smtpd(8)</a><br> 10026 </td>
+
+ <td> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle">
+ <a href="smtp.8.html">smtp(8)</a><br> </td>
+
+ <td colspan="4"> </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> </td>
+
+ <td align="center" valign="middle"> ^<br> <tt> | </tt> </td>
+
+ <td> </td>
+
+ <td align="center" valign="middle"> <tt> |<br> v </tt> </td>
+
+ <td colspan="4"> </td>
+
+</tr>
+
+<tr>
+
+ <td colspan="4"> </td>
+
+ <td colspan="3" bgcolor="#f0f0ff" align="center"
+ valign="middle">content filter 10025</td>
+
+ <td colspan="4"> </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> The example given here filters all mail, including mail that
+arrives via SMTP and mail that is locally submitted via the Postfix
+sendmail command (local submissions enter Postfix via the <a href="pickup.8.html">pickup(8)</a>
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
+how to exclude local users from filtering, or how to configure a
+destination dependent content filter. </p>
+
+<p> You can expect to lose about a factor of two in Postfix
+performance for mail that arrives and leaves via SMTP, provided
+that the content filter creates no temporary files. Each temporary
+file created by the content filter adds another factor to the
+performance loss. </p>
+
+<h3>Advanced content filter: requesting that all mail is filtered</h3>
+
+<p> To enable the advanced content filter method for all mail,
+specify in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#content_filter">content_filter</a> = scan:localhost:10025
+ <a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The "<a href="postconf.5.html#receive_override_options">receive_override_options</a>" line disables address
+manipulation before the content filter, so that the content filter
+sees the original mail addresses instead of the result of virtual
+alias expansion, canonical mapping, automatic bcc, address
+masquerading, etc. </p>
+
+<li> <p> The "<a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
+filter request record to each incoming mail message, with content
+"scan:localhost:10025". The content filter request records are
+added by the <a href="smtpd.8.html">smtpd(8)</a> and <a href="pickup.8.html">pickup(8)</a> servers (and <a href="qmqpd.8.html">qmqpd(8)</a> if you
+decide to enable this service). </p>
+
+<li> <p> Content filter requests are stored in queue files; this
+is how Postfix keeps track of what mail needs filtering. When a
+queue file contains a content filter request, the queue manager
+will deliver the mail to the specified content filter regardless
+of its final destination. </p>
+
+<li> <p> The <a href="postconf.5.html#content_filter">content_filter</a> configuration parameter expects a value
+of the form <i>transport:destination</i>. The <i>transport</i> name
+specifies the first field of a mail delivery agent definition in
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. </p>
+
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent. Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a non-empty next-hop filter <i>destination</i>.
+
+<li> <p> The <a href="postconf.5.html#content_filter">content_filter</a> setting has lower precedence than a
+FILTER action that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a>
+or <a href="header_checks.5.html">body_checks(5)</a> table. </p>
+
+</ul>
+
+<h3> Advanced content filter: sending unfiltered mail to the content
+filter</h3>
+
+<p> In this example, "scan" is an instance of the Postfix SMTP
+client with slightly different configuration parameters. This is
+how one would set up the service in the Postfix <a href="master.5.html">master.cf</a> file:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ scan unix - - n - 10 smtp
+ -o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes
+ -o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes
+ -o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> This runs up to 10 content filters in parallel. Instead
+of a limit of 10 concurrent processes, use whatever process limit
+is feasible for your machine. Content inspection software can
+gobble up a lot of system resources, so you don't want to have too
+much of it running at the same time. </p>
+
+<li> <p> With "-o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes", the scan transport
+will try to forward the original client name and IP address
+through the content filter to the
+after-filter smtpd process, so that filtered mail is logged with
+the real client name IP address. See <a href="smtp.8.html">smtp(8)</a> and <a href="XFORWARD_README.html">XFORWARD_README</a>
+for more information. </p>
+
+<li> <p> The "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes" is a workaround
+that prevents the breaking of domainkeys and other digital signatures.
+This is needed because some SMTP-based content filters don't announce
+8BITMIME support, even though they can handle 8-bit mail. </p>
+
+<li> <p> The "-o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=" is a workaround that prevents
+local address rewriting with <a href="generic.5.html">generic(5)</a> maps. Such rewriting should
+happen only when mail is sent out to the Internet. </p>
+
+</ul>
+
+<h3>Advanced content filter: running the content filter</h3>
+
+<p> The content filter can be set up with the Postfix spawn service,
+which is the Postfix equivalent of inetd. For example, to instantiate
+up to 10 content filtering processes on localhost port 10025: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # ===================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # ===================================================================
+ localhost:10025 inet n n n - 10 spawn
+ user=filter argv=/path/to/filter localhost 10026
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> "filter" is a dedicated local user account. The user will
+never log in, and can be given a "*" password and non-existent
+shell and home directory. This user handles all potentially
+dangerous mail content - that is why it should be a separate account.
+</p>
+
+<li> <p> By default, Postfix will terminate a command that runs
+longer than <a href="postconf.5.html#command_time_limit">command_time_limit</a> seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. </p>
+
+</ul>
+
+<p> If you want to have your filter listening on port localhost:10025
+instead of Postfix, then you must run your filter as a stand-alone
+program, and must not use the Postfix spawn service. </p>
+
+<h3>Advanced filter: injecting mail back into Postfix</h3>
+
+<p> The job of the content filter is to either bounce mail with a
+suitable diagnostic, or to feed the mail back into Postfix through
+a dedicated listener on port localhost 10026. </p>
+
+<p> The simplest content filter just copies SMTP commands and data
+between its inputs and outputs. If it has a problem, all it has to
+do is to reply to an input of `.' from Postfix with `550 content
+rejected', and to disconnect without sending `.' on the connection
+that injects mail back into Postfix. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # ===================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # ===================================================================
+ localhost:10026 inet n - n - 10 smtpd
+ -o <a href="postconf.5.html#content_filter">content_filter</a>=
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>,<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>,<a href="postconf.5.html#no_milters">no_milters</a>
+ -o <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>=
+ # Postfix 2.10 and later: specify empty <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+ -o <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>=<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+ -o <a href="postconf.5.html#mynetworks">mynetworks</a>=127.0.0.0/8
+ -o <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>=127.0.0.0/8
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
+
+<li> <p> NOTE: the SMTP server must not have a smaller process
+limit than the "filter" <a href="master.5.html">master.cf</a> entry. </p>
+
+<li> <p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>=" overrides <a href="postconf.5.html">main.cf</a> settings, and
+requests no content filtering for mail from the content filter.
+This is required or else mail will loop. </p>
+
+<li> <p> The "-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>" overrides <a href="postconf.5.html">main.cf</a> settings
+to avoid duplicating work that was already done before the content
+filter. These options are complementary to the options that are
+specified in <a href="postconf.5.html">main.cf</a>: </p>
+
+<ul>
+
+ <li> <p> We specify "<a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>" to disable
+ attempts to find out if a recipient is unknown. </p>
+
+ <li> <p> We specify "<a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>" to disable header/body
+ checks. </p>
+
+ <li> <p> We specify "<a href="postconf.5.html#no_milters">no_milters</a>" to disable Milter applications
+ (this option is available only in Postfix 2.3 and later). </p>
+
+ <li> <p> We don't specify "<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>" here. This
+ enables virtual alias expansion, canonical mappings, address
+ masquerading, and other address mappings after the content
+ filter. The <a href="postconf.5.html">main.cf</a> setting of "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
+ disables these mappings before the content filter. </p>
+
+</ul>
+
+ <p> These receive override options are either implemented by the
+ SMTP server itself, or they are passed on to the cleanup server.
+ </p>
+
+<li> <p> The "-o smtpd_xxx_restrictions" and "-o <a href="postconf.5.html#mynetworks">mynetworks</a>=127.0.0.0/8"
+override <a href="postconf.5.html">main.cf</a> settings. They turn off junk mail controls that
+would only waste time here.
+
+<li> <p> With "-o <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>=127.0.0.0/8",
+the scan transport will try to forward the original client name
+and IP address to the after-filter smtpd process, so that filtered
+mail is logged with the real client name and IP address. See
+<a href="XFORWARD_README.html">XFORWARD_README</a> and <a href="smtpd.8.html">smtpd(8)</a>. </p>
+
+</ul>
+
+<h2><a name="performance">Advanced content filter performance</a></h2>
+
+<p> With the "sandwich" approach to content filtering described
+here, it is important to match the filter concurrency to the
+available CPU, memory and I/O resources. Too few content filter
+processes and mail accumulates in the <a href="QSHAPE_README.html#active_queue">active queue</a> even with low
+traffic volume; too much concurrency and Postfix ends up deferring
+mail destined for the content filter because processes fail due to
+insufficient resources. </p>
+
+<p> Currently, content filter performance tuning is a process of
+trial and error; analysis is handicapped because filtered and
+unfiltered messages share the same queue. As mentioned in the
+introduction of this document, content filtering with multiple
+Postfix instances will be covered in a future version. </p>
+
+<h2><a name="advanced_turnoff">Turning off the advanced content filter</a> </h2>
+
+<p> To turn off "advanced" content filtering: </p>
+
+<ul> <li> <p> Delete or comment out the two following <a href="postconf.5.html">main.cf</a> lines.
+The other changes made for advanced content filtering have no effect
+when content filtering is turned off. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#content_filter">content_filter</a> = scan:localhost:10025
+ <a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
+filter request records from existing queue files. </p>
+
+<li> <p> Execute another "<b>postfix reload</b>". </p>
+
+</ul>
+
+<h2><a name="remote_only">Filtering mail from outside users only</a></h2>
+
+<p> The easiest approach is to configure ONE Postfix instance with
+multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>: </p>
+
+<ul>
+
+<li> <p> Two SMTP server IP addresses for mail from inside users only,
+with content filtering turned off. </p>
+
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # ==================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # ==================================================================
+ 1.2.3.4:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>=<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+ 127.0.0.1:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>=<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+</pre>
+
+<li> <p> One SMTP server address for mail from outside users with
+content filtering turned on. </p>
+
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # =================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =================================================================
+ 1.2.3.5:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#content_filter">content_filter</a>=filter-service:filter-destination
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+
+</ul>
+
+<p> After this, you can follow the same procedure as outlined in
+the "advanced" or "simple" content filtering examples above, except
+that you must not specify "<a href="postconf.5.html#content_filter">content_filter</a>" or "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
+in the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<h2><a name="domain_dependent">Different filters for different
+domains</a></h2>
+
+<p> If you are an MX service provider and want to apply different
+content filters for different domains, you can configure ONE Postfix
+instance with multiple SMTP server IP addresses in <a href="master.5.html">master.cf</a>. Each
+address provides a different content filter service. </p>
+
+<blockquote>
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+ # =================================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =================================================================
+ # SMTP service for domains that are filtered with service1:dest1
+ 1.2.3.4:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#content_filter">content_filter</a>=service1:dest1
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+
+ # SMTP service for domains that are filtered with service2:dest2
+ 1.2.3.5:smtp inet n - n - - smtpd
+ -o <a href="postconf.5.html#content_filter">content_filter</a>=service2:dest2
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+</blockquote>
+
+<p> After this, you can follow the same procedure as outlined in
+the "advanced" or "simple" content filtering examples above, except
+that you must not specify "<a href="postconf.5.html#content_filter">content_filter</a>" or "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
+in the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<p> Set up MX records in the DNS that route each domain to the
+proper SMTP server instance. </p>
+
+<h2><a name="dynamic_filter">FILTER actions in access or header/body
+tables</a></h2>
+
+<p> The above filtering configurations are static. Mail that follows
+a given path is either always filtered or it is never filtered. As
+of Postfix 2.0 you can also turn on content filtering on the fly.
+</p>
+
+<p> To turn on content filtering with an <a href="access.5.html">access(5)</a> table rule: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/access:
+ <i>whatever</i> FILTER foo:bar
+</pre>
+</blockquote>
+
+<p> To turn on content filtering with a <a href="header_checks.5.html">header_checks(5)</a> or
+<a href="header_checks.5.html">body_checks(5)</a> table pattern: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/header_checks:
+ /<i>whatever</i>/ FILTER foo:bar
+</pre>
+</blockquote>
+
+<p> You can do this in smtpd access maps as well as the cleanup
+server's header/body_checks. This feature must be used with great
+care: you must disable all the UCE features in the after-filter
+smtpd and cleanup daemons or else you will have a content filtering
+loop. </p>
+
+<p> Limitations: </p>
+
+<ul>
+
+<li> <p> FILTER actions from smtpd access maps and header/body_checks
+take precedence over filters specified with the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#content_filter">content_filter</a>
+parameter. </p>
+
+<li> <p> If a message triggers more than one filter action, only
+the last one takes effect. </p>
+
+<li> <p> The same content filter is applied to all the recipients
+of a given message. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/FORWARD_SECRECY_README.html b/html/FORWARD_SECRECY_README.html
new file mode 100644
index 0000000..98f9f97
--- /dev/null
+++ b/html/FORWARD_SECRECY_README.html
@@ -0,0 +1,614 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>TLS Forward Secrecy in Postfix</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">
+TLS Forward Secrecy in Postfix
+</h1>
+
+<hr>
+
+<h2> Warning </h2>
+
+<p> Forward secrecy does not protect against active attacks such
+as forged DNS replies or forged TLS server certificates. If such
+attacks are a concern, then the SMTP client will need to authenticate
+the remote SMTP server in a sufficiently-secure manner. For example,
+by the fingerprint of a (CA or leaf) public key or certificate.
+Conventional PKI relies on many trusted parties and is easily
+subverted by a state-funded adversary. </p>
+
+<h2> Overview </h2>
+
+<p> Postfix supports forward secrecy of TLS network communication
+since version 2.2. This support was adopted from Lutz J&auml;nicke's
+"Postfix TLS patch" for earlier Postfix versions. This document
+will focus on TLS Forward Secrecy in the Postfix SMTP client and
+server. See <a href="TLS_README.html">TLS_README</a> for a general
+description of Postfix TLS support. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li> <p> Give me some background on forward secrecy in Postfix </p>
+
+<ul>
+
+<li><a href="#dfn_fs">What is Forward Secrecy</a>
+
+<li><a href="#tls_fs">Forward Secrecy in TLS</a>
+
+<li><a href="#server_fs">Forward Secrecy in the Postfix SMTP Server</a>
+
+<li><a href="#client_fs">Forward Secrecy in the Postfix SMTP Client</a>
+
+</ul>
+
+<li> <p> Never mind, just show me what it takes to get forward
+secrecy </p>
+
+<ul>
+
+<li><a href="#quick-start">Getting started, quick and dirty</a>
+
+<li><a href="#test">How can I see that a connection has forward secrecy?</a>
+
+<li><a href="#ciphers"> What ciphers provide forward secrecy? </a>
+
+<li><a href="#status"> What do "Anonymous", "Untrusted", etc. in
+Postfix logging mean? </a>
+
+</ul>
+
+<li> <p> <a href="#credits"> Credits </a> </p>
+
+</ul>
+
+<h2><a name="dfn_fs">What is Forward Secrecy</a></h2>
+
+<p> The term "Forward Secrecy" (or sometimes "Perfect Forward Secrecy")
+is used to describe security protocols in which the confidentiality
+of past traffic is not compromised when long-term keys used by either
+or both sides are later disclosed. </p>
+
+<p> Forward secrecy is accomplished by negotiating session keys
+using per-session cryptographically-strong random numbers that are
+not saved, and signing the exchange with long-term authentication
+keys. Later disclosure of the long-term keys allows impersonation
+of the key holder from that point on, but not recovery of prior
+traffic, since with forward secrecy, the discarded random key
+agreement inputs are not available to the attacker. </p>
+
+<p> Forward secrecy is only "perfect" when brute-force attacks on
+the key agreement algorithm are impractical even for the best-funded
+adversary and the random-number generators used by both parties are
+sufficiently strong. Otherwise, forward secrecy leaves the attacker
+with the challenge of cracking the key-agreement protocol, which
+is likely quite computationally intensive, but may be feasible for
+sessions of sufficiently high value. Thus forward secrecy places
+cost constraints on the efficacy of bulk surveillance, recovering
+all past traffic is generally infeasible, and even recovery of
+individual sessions may be infeasible given a sufficiently-strong
+key agreement method. </p>
+
+<h2><a name="tls_fs">Forward Secrecy in TLS</a></h2>
+
+<p> Early implementations of the SSL protocol do not provide forward
+secrecy (some provide it only with artificially-weakened "export"
+cipher suites, but we will ignore those here). The client
+sends a random "pre-master secret" to the server encrypted with the
+server's RSA public key. The server decrypts this with its private
+key, and uses it together with other data exchanged in the clear
+to generate the session key. An attacker with access to the server's
+private key can perform the same computation at any later time. </p>
+
+<p> Later revisions to the TLS protocol introduced forward-secrecy
+cipher suites in which the client and server implement a key exchange
+protocol based on ephemeral secrets. Sessions encrypted with one
+of these newer cipher suites are not compromised by future disclosure
+of long-term authentication keys. </p>
+
+<p> The key-exchange algorithms used for forward secrecy require
+the TLS server to designate appropriate "parameters" consisting of a
+mathematical "group" and an element of that group called a "generator".
+Presently, there are two flavors of "groups" that work with PFS: </p>
+
+<ul>
+
+<li> <p> <b>FFDHE:</b> Finite-field Diffie-Hellman ephemeral key
+exchange groups (also EDH or DHE). The server needs to be configured
+with a suitably-large prime and a corresponding "generator". Standard
+choices of the prime and generator are specified in <a href="https://tools.ietf.org/html/rfc7919">RFC7919</a>, and can be
+used in the TLS 1.3 protocol with the server and client negotiating a
+mutually supported choice. In earlier versions of TLS (1.0 through
+1.2), when FFDHE key exchange is performed, the server chooses the prime
+and generator unilaterally. </p>
+
+<li> <p> <b>EECDH:</b> This is short for Ephemeral Elliptic Curve
+Diffie-Hellman (also abbreviated as ECDHE). EECDH offers better
+security at lower computational cost than FFDHE. Elliptic curves used
+in cryptography are typically identified by a "name" that stands for a
+set of well-known parameter values, and it is these "named curves" (or,
+in certificates, associated ASN.1 object identifiers) that are used in
+the TLS protocol. When EECDH key exchange is used, a mutually supported
+named curve is negotiated as part of the TLS handshake. </p>
+
+</ul>
+
+<h2><a name="server_fs">Forward Secrecy in the Postfix SMTP Server</a></h2>
+
+<p> The Postfix &ge; 2.2 SMTP server supports forward secrecy in
+its default configuration. If the remote SMTP client prefers cipher
+suites with forward secrecy, then the traffic between the server
+and client will resist decryption even if the server's long-term
+authentication keys are <i>later</i> compromised. </p>
+
+<p> Most remote SMTP clients now support forward secrecy (the only
+choice as of TLS 1.3), but some may prefer cipher suites <i>without</i>
+forward secrecy. Postfix &ge; 2.8 servers can be configured to override
+the client's preference by setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes". </p>
+
+<h3> FFDHE Server support </h3>
+
+<p> Postfix &ge; 3.1 supports 2048-bit-prime FFDHE out of the box, with
+no additional configuration. You can also generate your own FFDHE
+parameters, but this is not necessary and no longer recommended. See
+the <a href="#quick-start">quick-start</a> section for details. </p>
+
+<p> Postfix &ge; 3.8 supports the finite-field Diffie-Hellman ephemeral
+(FFDHE) key exchange group negotiation API of OpenSSL &ge; 3.0. FFDHE
+groups are explicitly negotiated between client and server starting with
+TLS 1.3. In earlier TLS versions, the server chooses the group
+unilaterally. The list of candidate FFDHE groups can be configured via
+"<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>", which can be used to select a prioritized list
+of supported groups (most preferred first) on both the server and
+client. The default list is suitable for most users. Either, but not
+both of "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" and "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" may be set
+empty, disabling either EC or FFDHE key exchange in OpenSSL 3.0 with TLS
+1.3. That said, interoperability will be poor if the EC curves are
+all disabled or don't include the most widely used curves. </p>
+
+<h3> EECDH Server support </h3>
+
+<p> As of Postfix 3.2 and OpenSSL 1.0.2, a range of supported EECDH
+curves is enabled in the server and client, and a suitable mutually
+supported curve is negotiated as part of the TLS handshake. The list of
+supported curves is configurable via the "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>"
+parameter. With TLS 1.2 the server needs to leave its setting of
+"<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>" at the default value of "auto" (earlier choices
+of an explicit single curve grade are deprecated). With TLS 1.3, the
+"<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>" parameter is not used, and curve selection is
+unconditionally negotiated. </p>
+
+<h2> <a name="client_fs">Forward Secrecy in the Postfix SMTP Client</a> </h2>
+
+<p> The Postfix &ge; 2.2 SMTP client supports forward secrecy in its
+default configuration. All supported OpenSSL releases support both
+FFDHE and EECDH key exchange. If the remote SMTP server supports cipher
+suites with forward secrecy (and does not override the SMTP client's
+cipher preference), then the traffic between the server and client will
+resist decryption even if the server's long-term authentication keys are
+<i>later</i> compromised. Forward secrecy is always on in TLS 1.3. </p>
+
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
+&ge; 1.0.2. The list of candidate curves can be changed via the
+"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
+to select a prioritized list of supported curves (most preferred
+first) on both the Postfix SMTP server and SMTP client. The default
+list is suitable for most users. </p>
+
+<p> Postfix &ge; 3.8 supports the finite-field Diffie-Hellman ephemeral
+(FFDHE) key exchange group negotiation API of OpenSSL &ge; 3.0.
+The list of candidate FFDHE groups can be configured via
+"<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>", which can be used to select a prioritized list
+of supported groups (most preferred first) on both the server and
+client. The default list is suitable for most users. </p>
+
+<p> The default Postfix SMTP client cipher lists are correctly ordered
+to prefer EECDH and FFDHE cipher suites ahead of similar cipher suites
+that don't implement forward secrecy. Administrators are strongly
+discouraged from changing the cipher list definitions. </p>
+
+<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
+
+<h3> EECDH Client support (Postfix &ge; 3.2 with OpenSSL &ge; 1.1.1) </h3>
+
+<p> This works "out of the box" with no need for additional
+configuration. </p>
+
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
+&ge; 1.0.2. The list of candidate curves can be changed via the
+"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
+to select a prioritized list of supported curves (most preferred
+first) on both the Postfix SMTP server and SMTP client. The default
+list is suitable for most users. </p>
+
+<h3> EECDH Server support (Postfix &ge; 3.2 with OpenSSL &ge; 1.1.1) </h3>
+
+<p> This works "out of the box" with no need for additional
+configuration. </p>
+
+<p> Postfix &ge; 3.2 supports the curve negotiation API of OpenSSL
+&ge; 1.0.2. The list of candidate curves can be changed via the
+"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" configuration parameter, which can be used
+to select a prioritized list of supported curves (most preferred
+first) on both the Postfix SMTP server and SMTP client. The default
+list is suitable for most users. </p>
+
+<h3> FFDHE Client support (Postfix &ge; 3.2, OpenSSL &ge; 1.1.1) </h3>
+
+<p> In Postfix &lt; 3.8, or OpenSSL prior to 3.0, FFDHE for TLS 1.2 or
+below works "out of the box", no additional configuration is necessary.
+The most one can do is (not advisable) disable all "kDHE" ciphers, which
+would then disable FFDHE key exchange in TLS 1.2 and below. </p>
+
+<p> With OpenSSL 1.1.1, FFDHE is not supported for TLS 1.3, which uses
+only EECDH key exchange. Support for FFDHE with TLS 1.3 was added in
+OpenSSL 3.0. With OpenSSL 3.0 and Postfix 3.8 the list of supported TLS
+1.3 FFDHE groups becomes configurable via the "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>"
+parameter, which can be set empty to disable FFDHE in TLS 1.3, or
+conversely expanded to support more groups. The default should work
+well for most users. </p>
+
+<h3> FFDHE Server support (Postfix &ge; 2.2, all supported OpenSSL
+versions) </h3>
+
+<p> In Postfix &lt; 3.8, or OpenSSL prior to 3.0, FFDHE for TLS 1.2 or
+below works "out of the box", no additional configuration is necessary.
+One can of course (not advisable) disable all "kDHE" ciphers, which
+would then disable FFDHE key exchange in TLS 1.2 and below. </p>
+
+<p> The built-in default Postfix FFDHE group is a 2048-bit group as of
+Postfix 3.1. You can optionally generate non-default Postfix SMTP
+server FFDHE parameters for possibly improved security against
+pre-computation attacks, but this is not necessary or recommended. Just
+leave "<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>" at its default empty value. </p>
+
+<p> The set of FFDHE groups enabled for use with TLS 1.3 becomes
+configurable with Postfix &ge; 3.8 and OpenSSL &ge; 3.0. The default
+setting of "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" enables the <a href="https://tools.ietf.org/html/rfc7919">RFC7919</a> 2048 and 3072-bit
+groups. If you need more security, you should probably be using EECDH.
+</p>
+
+<h2><a name="test">How can I see that a connection has forward
+secrecy? </a> </h2>
+
+<p> Postfix can be configured to report information about the
+negotiated cipher, the corresponding key lengths, and the remote
+peer certificate or public-key verification status. </p>
+
+<ul>
+
+<li> <p> With "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 1" and "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 1",
+the Postfix SMTP client and server will log TLS connection information
+to the maillog file. The general logfile format is shown below.
+With TLS 1.3 there may be additional properties logged after the
+cipher name and bits. </p>
+
+<blockquote>
+<pre>
+postfix/smtp[<i>process-id</i>]: Untrusted TLS connection established
+to host.example.com[192.168.0.2]:25: TLSv1 with cipher <i>cipher-name</i>
+(<i>actual-key-size</i>/<i>raw-key-size</i> bits)
+
+postfix/smtpd[<i>process-id</i>]: Anonymous TLS connection established
+from host.example.com[192.168.0.2]: TLSv1 with cipher <i>cipher-name</i>
+(<i>actual-key-size</i>/<i>raw-key-size</i> bits)
+</pre>
+</blockquote>
+
+<li> <p> With "<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes", the Postfix SMTP
+server will record TLS connection information in the Received:
+header in the form of comments (text inside parentheses). The general
+format depends on the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> setting. With TLS 1.3 there
+may be additional properties logged after the cipher name and bits. </p>
+
+<blockquote>
+<pre>
+Received: from host.example.com (host.example.com [192.168.0.2])
+ (using TLSv1 with cipher <i>cipher-name</i>
+ (<i>actual-key-size</i>/<i>raw-key-size</i> bits))
+ (Client CN "host.example.com", Issuer "John Doe" (not verified))
+
+Received: from host.example.com (host.example.com [192.168.0.2])
+ (using TLSv1 with cipher <i>cipher-name</i>
+ (<i>actual-key-size</i>/<i>raw-key-size</i> bits))
+ (No client certificate requested)
+</pre>
+</blockquote>
+
+<p> TLS 1.3 examples. Some of the new attributes may not appear when not
+applicable or not available in older versions of the OpenSSL library. </p>
+
+<blockquote>
+<pre>
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
+ (No client certificate requested)
+
+Received: from localhost (localhost [127.0.0.1])
+ (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256)
+ (Client CN "example.org", Issuer "example.org" (not verified))
+</pre>
+</blockquote>
+
+<ul>
+<li> <p> The "key-exchange" attribute records the type of "Diffie-Hellman"
+group used for key agreement. Possible values include "DHE", "ECDHE", "X25519"
+and "X448". With "DHE", the bit size of the prime will be reported in
+parentheses after the algorithm name, with "ECDHE", the curve name. </p>
+
+<li> <p> The "server-signature" attribute shows the public key signature
+algorithm used by the server. With "RSA-PSS", the bit size of the modulus will
+be reported in parentheses. With "ECDSA", the curve name. If, for example,
+the server has both an RSA and an ECDSA private key and certificate, it will be
+possible to track which one was used for a given connection. </p>
+
+<li> <p> The new "server-digest" attribute records the digest algorithm used by
+the server to prepare handshake messages for signing. The Ed25519 and Ed448
+signature algorithms do not make use of such a digest, so no "server-digest"
+will be shown for these signature algorithms. </p>
+
+<li> <p> When a client certificate is requested with "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>" and
+the client uses a TLS client-certificate, the "client-signature" and
+"client-digest" attributes will record the corresponding properties of the
+client's TLS handshake signature. </p> </ul>
+
+</ul>
+
+<p> The next sections will explain what <i>cipher-name</i>,
+<i>key-size</i>, and peer verification status information to expect.
+</p>
+
+<h2><a name="ciphers"> What ciphers provide forward secrecy? </a> </h2>
+
+<p> There are dozens of ciphers that support forward secrecy. What
+follows is the beginning of a list of 51 ciphers available with
+OpenSSL 1.0.1e. The list is sorted in the default Postfix preference
+order. It excludes null ciphers that only authenticate and don't
+encrypt, together with export and low-grade ciphers whose encryption
+is too weak to offer meaningful secrecy. The first column shows the
+cipher name, and the second shows the key exchange method. </p>
+
+<blockquote>
+<pre>
+$ openssl ciphers -v \
+ 'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' |
+ awk '{printf "%-32s %s\n", $1, $3}'
+AECDH-AES256-SHA Kx=ECDH
+ECDHE-RSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA Kx=ECDH
+ECDHE-ECDSA-AES256-SHA Kx=ECDH
+ADH-AES256-GCM-SHA384 Kx=DH
+ADH-AES256-SHA256 Kx=DH
+ADH-AES256-SHA Kx=DH
+ADH-CAMELLIA256-SHA Kx=DH
+DHE-DSS-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-SHA256 Kx=DH
+...
+</pre>
+</blockquote>
+
+<p> To date, all ciphers that support forward secrecy have one of
+five values for the first component of their OpenSSL name: "AECDH",
+"ECDHE", "ADH", "EDH" or "DHE". Ciphers that don't implement forward
+secrecy have names that don't start with one of these prefixes.
+This pattern is likely to persist until some new key-exchange
+mechanism is invented that also supports forward secrecy. </p>
+
+<p> The actual key length and raw algorithm key length
+are generally the same with non-export ciphers, but they may
+differ for the legacy export ciphers where the actual key
+is artificially shortened. </p>
+
+<p> Starting with TLS 1.3 the cipher name no longer contains enough
+information to determine which forward-secrecy scheme was employed,
+but TLS 1.3 <b>always</b> uses forward-secrecy. On the client side,
+up-to-date Postfix releases log additional information for TLS 1.3
+connections, reporting the signature and key exchange algorithms.
+Two examples below (the long single line messages are folded across
+multiple lines for readability): </p>
+
+<blockquote>
+<pre>
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtp[<i>process-id</i>]:
+ Untrusted TLS connection established to 127.0.0.1[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256
+</pre>
+</blockquote>
+
+<p> In the above connections, the "key-exchange" value records the
+"Diffie-Hellman" algorithm used for key agreement. The "server-signature" value
+records the public key algorithm used by the server to sign the key exchange.
+The "server-digest" value records any hash algorithm used to prepare the data
+for signing. With "ED25519" and "ED448", no separate hash algorithm is used.
+</p>
+
+<p> Examples of Postfix SMTP server logging: </p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+ Untrusted TLS connection established from localhost[127.0.0.1]:25:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature RSA-PSS (2048 bits) server-digest SHA256
+
+postfix/smtpd[<i>process-id</i>]:
+ Anonymous TLS connection established from localhost[127.0.0.1]:
+ TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ server-signature ED25519
+</pre>
+</blockquote>
+
+<p> Note that Postfix &ge; 3.4 server logging may also include a
+"to <i>sni-name</i>" element to record the use of an alternate
+server certificate chain for the connection in question. This happens
+when the client uses the TLS SNI extension, and the server selects
+a non-default certificate chain based on the client's SNI value:
+</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+ Untrusted TLS connection established from client.example[192.0.2.1]
+ to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+ key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+ client-signature ECDSA (P-256) client-digest SHA256
+</pre>
+</blockquote>
+
+<h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
+Postfix logging mean? </a> </h2>
+
+<p> The verification levels below are subject to man-in-the-middle
+attacks to different degrees. If such attacks are a concern, then
+the SMTP client will need to authenticate the remote SMTP server
+in a sufficiently-secure manner. For example, by the fingerprint
+of a (CA or leaf) public key or certificate. Remember that
+conventional PKI relies on many trusted parties and is easily
+subverted by a state-funded adversary. </p>
+
+<dl>
+
+<dt><b>Anonymous</b> (no peer certificate)</dt>
+
+<dd> <p> <b> Postfix SMTP client:</b> With opportunistic TLS (the "may" security level) the Postfix
+SMTP client does not verify any information in the peer certificate.
+In this case it enables and prefers anonymous cipher suites in which
+the remote SMTP server does not present a certificate (these ciphers
+offer forward secrecy of necessity). When the remote SMTP server
+also supports anonymous TLS, and agrees to such a cipher suite, the
+verification status will be logged as "Anonymous". </p> </dd>
+
+<dd> <p> <b> Postfix SMTP server:</b> This is by far most common,
+as client certificates are optional, and the Postfix SMTP server
+does not request client certificates by default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>).
+Even when client certificates are requested, the remote SMTP client
+might not send a certificate. Unlike the Postfix SMTP client, the
+Postfix SMTP server "anonymous" verification status does not imply
+that the cipher suite is anonymous, which corresponds to the
+<i>server</i> not sending a certificate. </p> </dd>
+
+<dt><b>Untrusted</b> (peer certificate not signed by trusted CA)</dt>
+
+<dd>
+
+<p> <b> Postfix SMTP client:</b> The remote SMTP server presented
+a certificate, but the Postfix SMTP client was unable to check the
+issuing CA signature. With opportunistic TLS this is common with
+remote SMTP servers that don't support anonymous cipher suites.
+</p>
+
+<p> <b> Postfix SMTP server:</b> The remote SMTP client presented
+a certificate, but the Postfix SMTP server was unable to check the
+issuing CA signature. This can happen when the server is configured
+to request client certificates (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>). </p>
+
+</dd>
+
+<dt><b>Trusted</b> (peer certificate signed by trusted CA, unverified
+peer name)</dt>
+
+<dd>
+
+<p> <b> Postfix SMTP client:</b> The remote SMTP server's certificate
+was signed by a CA that the Postfix SMTP client trusts, but either
+the client was not configured to verify the destination server name
+against the certificate, or the server certificate did not contain
+any matching names. This is common with opportunistic TLS
+(<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is "may" or else "dane" with no usable
+TLSA DNS records) when the Postfix SMTP client's trusted CAs can
+verify the authenticity of the remote SMTP server's certificate,
+but the client is not configured or unable to verify the server
+name. </p>
+
+<p> <b> Postfix SMTP server:</b> The remote SMTP client certificate
+was signed by a CA that the Postfix SMTP server trusts. The Postfix
+SMTP server never verifies the remote SMTP client name against the
+names in the client certificate. Since the client chooses to connect
+to the server, the Postfix SMTP server has no expectation of a
+particular client hostname. </p>
+
+</dd>
+
+<dt><b>Verified</b> (peer certificate signed by trusted CA and
+verified peer name; or: peer certificate with expected public-key
+or certificate fingerprint)</dt>
+
+<dd>
+
+<p> <b> Postfix SMTP client:</b> The remote SMTP server's certificate
+was signed by a CA that the Postfix SMTP client trusts, and the
+certificate name matches the destination or server name(s). The
+Postfix SMTP client was configured to require a verified name,
+otherwise the verification status would have been just "Trusted".
+</p>
+
+<p> <b> Postfix SMTP client:</b> The "Verified" status may also
+mean that the Postfix SMTP client successfully matched the expected
+fingerprint against the remote SMTP server public key or certificate.
+The expected fingerprint may come from <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> or from
+TLSA (secure) DNS records. The Postfix SMTP client ignores the CA
+signature. </p>
+
+<p> <b> Postfix SMTP server:</b> The status is never "Verified",
+because the Postfix SMTP server never verifies the remote SMTP
+client name against the names in the client certificate, and because
+the Postfix SMTP server does not expect a specific fingerprint in
+the client public key or certificate. </p>
+
+</dd>
+
+</dl>
+
+<h2><a name="credits">Credits </a> </h2>
+
+<ul>
+
+<li> TLS support for Postfix was originally developed by Lutz
+J&auml;nicke at Cottbus Technical University.
+
+<li> Wietse Venema adopted and restructured the code and documentation.
+
+<li> Viktor Dukhovni implemented support for many subsequent TLS
+features, including EECDH, and authored the initial version of this
+document.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/INSTALL.html b/html/INSTALL.html
new file mode 100644
index 0000000..6cd70d1
--- /dev/null
+++ b/html/INSTALL.html
@@ -0,0 +1,1677 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Installation From Source Code </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Installation From Source Code </h1>
+
+<hr>
+
+<h2> <a name="1">1 - Purpose of this document</a> </h2>
+
+<p> If you are using a pre-compiled version of Postfix, you should
+start with <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> and the general documentation
+referenced by it. <a href="INSTALL.html">INSTALL</a> is only a bootstrap document to get
+Postfix up and running from scratch with the minimal number of
+steps; it should not be considered part of the general documentation.
+</p>
+
+<p> This document describes how to build, install and configure a
+Postfix system so that it can do one of the following: </p>
+
+<ul>
+
+<li> Send mail only, without changing an existing Sendmail
+installation.
+
+<li> Send and receive mail via a virtual host interface, still
+without any change to an existing Sendmail installation.
+
+<li> Run Postfix instead of Sendmail.
+
+</ul>
+
+<p> Topics covered in this document: </p>
+
+<ol>
+
+<li> <a href="#1">Purpose of this document</a>
+
+<li> <a href="#2">Typographical conventions</a>
+
+<li> <a href="#3">Documentation</a>
+
+<li> <a href="#4">Building on a supported system</a>
+
+<li> <a href="#5">Porting Postfix to an unsupported system</a>
+
+<li> <a href="#install">Installing the software after successful
+compilation </a>
+
+<li> <a href="#send_only">Configuring Postfix to send mail
+only </a>
+
+<li> <a href="#send_receive">Configuring Postfix to send and
+receive mail via virtual interface </a>
+
+<li> <a href="#replace">Running Postfix instead of Sendmail</a>
+
+<li> <a href="#mandatory">Mandatory configuration file edits</a>
+
+<li> <a href="#hamlet">To chroot or not to chroot</a>
+
+<li> <a href="#care">Care and feeding of the Postfix system</a>
+
+</ol>
+
+<h2> <a name="2">2 - Typographical conventions</a> </h2>
+
+<p> In the instructions below, a command written as </p>
+
+<blockquote>
+<pre>
+# command
+</pre>
+</blockquote>
+
+<p> should be executed as the superuser. </p>
+
+<p> A command written as </p>
+
+<blockquote>
+<pre>
+$ command
+</pre>
+</blockquote>
+
+<p> should be executed as an unprivileged user. </p>
+
+<h2> <a name="3">3 - Documentation</a> </h2>
+
+<p> Documentation is available as README files (start with the file
+README_FILES/AAAREADME), as HTML web pages (point your browser to
+"html/index.html") and as UNIX-style manual pages. </p>
+
+<p> You should view the README files with a pager such as more(1)
+or less(1), because the files use backspace characters in order to
+produce <b>bold</b> font. To print a README file without backspace
+characters, use the col(1) command. For example: </p>
+
+<blockquote>
+<pre>
+$ col -bx &lt;file | lpr
+</pre>
+</blockquote>
+
+<p> In order to view the manual pages before installing Postfix,
+point your MANPATH environment variable to the "man" subdirectory;
+be sure to use an absolute path. </p>
+
+<blockquote>
+<pre>
+$ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+$ setenv MANPATH "`pwd`/man:$MANPATH"
+</pre>
+</blockquote>
+
+<p> Of particular interest is the <a href="postconf.5.html">postconf(5)</a> manual page that
+lists all the 500+ configuration parameters. The HTML version of
+this text makes it easy to navigate around. </p>
+
+<p> All Postfix source files have their own built-in manual page.
+Tools to extract those embedded manual pages are available in the
+mantools directory. </p>
+
+<h2> <a name="4">4 - Building on a supported system</a> </h2>
+
+<p> Postfix development happens on FreeBSD and MacOS X, with regular
+tests on Linux (Fedora, Ubuntu) and Solaris. Support for other
+systems relies on feedback from their users, and may not always be
+up-to-date. </p>
+
+<p> OpenBSD is partially supported. The libc resolver does not
+implement the documented "internal resolver options which are [...]
+set by changing fields in the _res structure" (documented in the
+OpenBSD 5.6 resolver(3) manpage). This results in too many DNS
+queries, and false positives for queries that should fail. </p>
+
+<!--
+
+<p> At some point in time, a version of Postfix was supported on: </p>
+
+<blockquote>
+<p>
+AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
+BSD/OS 2.x, 3.x, 4.x <br>
+FreeBSD 2.x .. 9.x <br>
+HP-UX 9.x, 10.x, 11.x <br>
+IRIX 5.x, 6.x <br>
+Linux Debian 1.3.1 and later <br>
+Linux RedHat 3.x (January 2004) and later <br>
+Linux Slackware 3.x and later <br>
+Linux SuSE 5.x and later <br>
+Linux Ubuntu 4.10 and later<br>
+Mac OS X <br>
+NEXTSTEP 3.x <br>
+NetBSD 1.x and later <br>
+OPENSTEP 4.x <br>
+OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
+Reliant UNIX 5.x <br>
+SunOS 4.1.4 (March 2007) <br>
+SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
+Ultrix 4.x (well, that was long ago) <br>
+</p>
+</blockquote>
+
+<p> or something closely resemblant. </p>
+
+-->
+
+<p> Overview of topics: </p>
+
+<ul>
+
+<li><a href="#build_first">4.1 - Getting started</a>
+
+<li><a href="#build_cc">4.2 - What compiler to use</a>
+
+<li><a href="#build_pie">4.3 - Building with Postfix position-independent
+executables (Postfix &ge; 3.0)</a>
+
+<li><a href="#build_dll">4.4 - Building with Postfix dynamically-linked
+libraries and database plugins (Postfix &ge; 3.0)</a>
+
+<li><a href="#build_opt">4.5 - Building with optional features</a>
+
+<li><a href="#build_over">4.6 - Overriding built-in parameter default
+settings</a>
+
+<li><a href="#build_other">4.7 - Overriding other compile-time
+features</a>
+
+<li><a href="#build_proc">4.8 - Support for thousands of processes</a>
+
+<li><a href="#build_final">4.9 - Compiling Postfix, at last</a>
+
+</ul>
+
+
+<h3><a name="build_first">4.1 - Getting started</a> </h3>
+
+<p> On Solaris, the "make" command and other development utilities
+are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in your command
+search path. If these files do not exist, you need to install the
+development packages first. </p>
+
+<p> If you need to build Postfix for multiple architectures from a
+single source-code tree, use the "lndir" command to build a shadow
+tree with symbolic links to the source files. </p>
+
+<p> If at any time in the build process you get messages like: "make:
+don't know how to ..." you should be able to recover by running
+the following command from the Postfix top-level directory: </p>
+
+<blockquote>
+<pre>
+$ make -f Makefile.init makefiles
+</pre>
+</blockquote>
+
+<p> If you copied the Postfix source code after building it on another
+machine, it is a good idea to cd into the top-level directory and
+first do this:</p>
+
+<blockquote>
+<pre>
+$ make tidy
+</pre>
+</blockquote>
+
+<p> This will get rid of any system dependencies left over from
+compiling the software elsewhere. </p>
+
+<h3><a name="build_cc">4.2 - What compiler to use</a></h3>
+
+<p> To build with GCC, or with the native compiler if people told me
+that is better for your system, just cd into the top-level Postfix
+directory of the source tree and type: </p>
+
+<blockquote>
+<pre>
+$ make
+</pre>
+</blockquote>
+
+<p> To build with a non-default compiler, you need to specify the name
+of the compiler. Here are a few examples: </p>
+
+<blockquote>
+<pre>
+$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+$ make
+
+$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+$ make
+
+$ make makefiles CC="purify cc"
+$ make
+</pre>
+</blockquote>
+
+<p> and so on. In some cases, optimization will be turned off
+automatically. </p>
+
+<h3><a name="build_pie">4.3 - Building with Postfix position-independent
+executables (Postfix &ge; 3.0)</a> </h3>
+
+<p> On some systems Postfix can be built with Position-Independent
+Executables. PIE is used by the ASLR exploit mitigation technique
+(ASLR = Address-Space Layout Randomization): </p>
+
+<blockquote>
+<pre>
+$ make makefiles pie=yes ...other arguments...
+</pre>
+</blockquote>
+
+<p> (Specify "make makefiles pie=no" to explicitly disable Postfix
+position-independent executable support). </p>
+
+<p> Postfix PIE support appears to work on Fedora Core 20, Ubuntu
+14.04, FreeBSD 9 and 10, and NetBSD 6 (all with the default system
+compilers). </p>
+
+<p> Whether the "pie=yes" above has any effect depends on the
+compiler. Some compilers always produce PIE executables, and some
+may even complain that the Postfix build option is redundant. </p>
+
+<h3><a name="build_dll">4.4 - Building with Postfix dynamically-linked
+libraries and database plugins (Postfix &ge; 3.0)</a> </h3>
+
+<p> Postfix dynamically-linked library and database plugin support
+exists for recent versions of Linux, FreeBSD and MacOS X.
+Dynamically-linked library builds may become the default at some
+point in the future. </p>
+
+<p> Overview of topics: </p>
+
+<ul>
+
+<li><a href="#shared_enable">4.4.1 Turning on Postfix dynamically-linked
+library support</a>
+
+<li><a href="#dynamicmaps_enable">4.4.2 Turning on Postfix database-plugin
+support</a>
+
+<li><a href="#shared_custom">4.4.3 Customizing Postfix dynamically-linked
+libraries and database plugins</a>
+
+<li><a href="#shared_tips">4.4.4 Tips for distribution maintainers</a>
+
+</ul>
+
+<p> Note: directories with Postfix dynamically-linked libraries
+or database plugins should contain only postfix-related files.
+Postfix dynamically-linked libraries and database plugins should
+not be installed in a "public" system directory such as /usr/lib
+or /usr/local/lib. Linking Postfix dynamically-linked library or
+database-plugin files into non-Postfix programs is not supported.
+Postfix dynamically-linked libraries and database plugins implement
+a Postfix-internal API that changes without maintaining compatibility.
+</p>
+
+<h4><a name="shared_enable"> 4.4.1 Turning on Postfix dynamically-linked
+library support </a></h4>
+
+<p> Postfix can be built with Postfix dynamically-linked libraries
+(files typically named <tt>libpostfix-*.so</tt>). Postfix
+dynamically-linked libraries add minor run-time overhead and result
+in significantly-smaller Postfix executable files. </p>
+
+<p> Specify "shared=yes" on the "make makefiles" command line to
+build Postfix with dynamically-linked library support. </p>
+
+<blockquote>
+<pre>
+$ make makefiles shared=yes ...other arguments...
+$ make
+</pre>
+</blockquote>
+
+<p> (Specify "make makefiles shared=no" to explicitly disable Postfix
+dynamically-linked library support). </p>
+
+<p> This installs dynamically-linked libraries in $<a href="postconf.5.html#shlib_directory">shlib_directory</a>,
+typically /usr/lib/postfix or /usr/local/lib/postfix, with file
+names libpostfix-<i>name</i>.so, where the <i>name</i> is a source-code
+directory name such as "util" or "global". </p>
+
+<p> See section 4.4.3 "<a href="#shared_custom">Customizing Postfix
+dynamically-linked libraries and database plugins</a>" below for
+how to customize the Postfix dynamically-linked library location,
+including support to upgrade a running mail system safely. </p>
+
+<h4><a name="dynamicmaps_enable"> 4.4.2 Turning on Postfix
+database-plugin support </a></h4>
+
+<p> Additionally, Postfix can be built to support dynamic loading
+of Postfix database clients (database plugins) with the Debian-style
+dynamicmaps feature. Postfix 3.0 supports dynamic loading of <a href="CDB_README.html">cdb</a>:,
+<a href="ldap_table.5.html">ldap</a>:, <a href="lmdb_table.5.html">lmdb</a>:, <a href="mysql_table.5.html">mysql</a>:, <a href="pcre_table.5.html">pcre</a>:, <a href="pgsql_table.5.html">pgsql</a>:, <a href="DATABASE_README.html#types">sdbm</a>:, and <a href="sqlite_table.5.html">sqlite</a>: database
+clients. Dynamic loading is useful when you distribute or install
+pre-compiled Postfix packages. </p>
+
+<p> Specify "dynamicmaps=yes" on the "make makefiles" command line
+to build Postfix with support to dynamically load Postfix database
+clients with the Debian-style dynamicmaps feature.
+</p>
+
+<blockquote>
+<pre>
+$ make makefiles dynamicmaps=yes ...other arguments...
+$ make
+</pre>
+</blockquote>
+
+<p> (Specify "make makefiles dynamicmaps=no" to explicitly disable
+Postfix database-plugin support). </p>
+
+<p> This implicitly enables dynamically-linked library support,
+installs the configuration file dynamicmaps.cf in $<a href="postconf.5.html#meta_directory">meta_directory</a>
+(usually, /etc/postfix or /usr/local/etc/postfix), and installs
+database plugins in $<a href="postconf.5.html#shlib_directory">shlib_directory</a> (see above). Database plugins
+are named postfix-<i>type</i>.so where the <i>type</i> is a database
+type such as "cdb" or "ldap". </p>
+
+<blockquote>
+
+<p> NOTE: The Postfix 3.0 build procedure expects that you specify
+database library dependencies with variables named <a href="CDB_README.html">AUXLIBS_CDB</a>,
+<a href="LDAP_README.html">AUXLIBS_LDAP</a>, etc. With Postfix 3.0 and later, the old AUXLIBS
+variable still supports building a statically-loaded database client,
+but only the new <a href="CDB_README.html">AUXLIBS_CDB</a> etc. variables support building a
+dynamically-loaded or statically-loaded CDB etc. database client.
+See <a href="CDB_README.html">CDB_README</a>, <a href="LDAP_README.html">LDAP_README</a>, etc. for details. </p>
+
+<p> Failure to follow this advice will defeat the purpose of dynamic
+database client loading. Every Postfix executable file will have
+database library dependencies. And that was exactly what dynamic
+database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> See the next section for how to customize the location and
+version of Postfix database plugins and the location of the file
+dynamicmaps.cf. </p>
+
+<h4><a name="shared_custom"> 4.4.3 Customizing Postfix dynamically-linked
+libraries and database plugins </a></h4>
+
+<h5> Customizing build-time and run-time options for Postfix
+dynamically-linked libraries and database plugins </h5>
+
+<p> The build-time environment variables SHLIB_CFLAGS, SHLIB_RPATH,
+and SHLIB_SUFFIX provide control over how Postfix libraries and
+plugins are compiled, linked, and named.
+
+<blockquote>
+<pre>
+$ make makefiles SHLIB_CFLAGS=flags SHLIB_RPATH=rpath SHLIB_SUFFIX=suffix ...other arguments...
+$ make
+</pre>
+</blockquote>
+
+<p> See section 4.7 "<a href="#build_other">Overriding other
+compile-time features</a>" below for details. </p>
+
+<h5> Customizing the location of Postfix dynamically-linked libraries
+and database plugins </h5>
+
+<p> As a reminder, the directories with Postfix dynamically-linked
+libraries or database plugins should contain only Postfix-related
+files. Linking these files into other programs is not supported.
+</p>
+
+<p> To override the default location of Postfix dynamically-linked
+libraries and database plugins specify, for example: </p>
+
+<blockquote>
+<pre>
+$ make makefiles shared=yes <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
+</pre>
+</blockquote>
+
+<p> If you intend to upgrade Postfix without stopping the mail
+system, then you should append the Postfix release version to the
+<a href="postconf.5.html#shlib_directory">shlib_directory</a> pathname, to eliminate the possibility that programs
+will link with dynamically-linked libraries or database plugins
+from the wrong Postfix version. For example: </p>
+
+<blockquote>
+<pre>
+$ make makefiles shared=yes \
+ <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
+
+<p> The command "make makefiles name=value..." will replace the
+string MAIL_VERSION at the end of a configuration parameter value
+with the Postfix release version. Do not try to specify something
+like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
+<p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> setting after Postfix is
+built, with "make install" or "make upgrade". However, you may have
+to run ldconfig if you change <a href="postconf.5.html#shlib_directory">shlib_directory</a> after Postfix is built
+(the symptom is that Postfix programs fail because the run-time
+linker cannot find the files libpostfix-*.so). No ldconfig command
+is needed if you keep the files libpostfix-*.so in the compiled-in
+default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
+
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
+# make install <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix ...
+</pre>
+</blockquote>
+
+<p> To append the Postfix release version to the pathname if you
+intend to upgrade Postfix without stopping the mail system: </p>
+
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+# make install <a href="postconf.5.html#shlib_directory">shlib_directory</a>=/usr/local/lib/postfix/MAIL_VERSION ...
+</pre>
+</blockquote>
+
+<p> See also the comments above for appending MAIL_VERSION with
+the "make makefiles" command. </p>
+
+<h5> Customizing the location of dynamicmaps.cf and other files
+</h5>
+
+<p> The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default setting as
+the <a href="postconf.5.html#config_directory">config_directory</a> parameter, typically /etc/postfix or
+/usr/local/etc/postfix. </p>
+
+<p> You can override the default <a href="postconf.5.html#meta_directory">meta_directory</a> location at compile
+time or after Postfix is built. To override the default location
+at compile time specify, for example: </p>
+
+<blockquote>
+<pre>
+% make makefiles <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> Here is a tip if you want to make a pathname dependent on the
+Postfix release version: the command "make makefiles name=value..."
+will replace the string MAIL_VERSION at the end of a configuration
+parameter value with the Postfix release version. Do not try to
+specify something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This
+produces inconsistent results with different versions of the make(1)
+command. </p>
+
+<p> You can override the <a href="postconf.5.html#meta_directory">meta_directory</a> setting after Postfix is
+built, with "make install" or "make upgrade". </p>
+
+<blockquote>
+<pre>
+# make upgrade <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+# make install <a href="postconf.5.html#meta_directory">meta_directory</a>=/usr/libexec/postfix ...
+</pre>
+</blockquote>
+
+<p> As with the command "make makefiles", the command "make
+install/upgrade name=value..." will replace the string MAIL_VERSION
+at the end of a configuration parameter value with the Postfix
+release version. Do not try to specify something like $<a href="postconf.5.html#mail_version">mail_version</a>
+on this command line. This produces inconsistent results with
+different versions of the make(1) command. </p>
+
+<h4><a name="shared_tips"> 4.4.4 Tips for distribution maintainers
+</a></h4>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#shlib_directory">shlib_directory</a> parameter setting also provides the
+default directory for database plugin files with a relative pathname
+in the file dynamicmaps.cf. </p>
+
+<li> <p> The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter specifies the location of the
+files dynamicmaps.cf, postfix-files, and some multi-instance template
+files. The <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default value as
+the <a href="postconf.5.html#config_directory">config_directory</a> parameter (typically, /etc/postfix or
+/usr/local/etc/postfix). For backwards compatibility with Postfix
+2.6 .. 2.11, specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>" in <a href="postconf.5.html">main.cf</a>
+before installing or upgrading Postfix, or specify "<a href="postconf.5.html#meta_directory">meta_directory</a>
+= /path/name" on the "make makefiles", "make install" or "make
+upgrade" command line. </p>
+
+<li> <p> The configuration file dynamicmaps.cf will automatically
+include files under the directory dynamicmaps.cf.d, just like the
+configuration file postfix-files will automatically include files
+under the directory postfix-files.d. Thanks to this, you can install
+or deinstall a database plugin package without having to edit
+postfix-files or dynamicmaps.cf. Instead, you give that plugin its
+own configuration files under dynamicmaps.cf.d and postfix-files.d, and
+you add or remove those configuration files along with the database
+plugin dynamically-linked object. </p>
+
+<li> <p> Each configuration file under the directory dynamicmaps.cf.d
+must have the same format as the configuration file dynamicmaps.cf.
+There is no requirement that these configuration file *names* have a
+specific format. </p>
+
+<li> <p> Each configuration file under the directory postfix-files.d
+must have the same format as the configuration file postfix-files.
+There is no requirement that these configuration file *names* have a
+specific format. </p>
+
+</ul>
+
+<h3><a name="build_opt">4.5 - Building with optional features</a></h3>
+
+By default, Postfix builds as a mail system with relatively few
+bells and whistles. Support for third-party databases etc.
+must be configured when Postfix is compiled. The following documents
+describe how to build Postfix with support for optional features:
+
+<blockquote>
+<table border="1">
+
+<tr> <th>Optional feature </th> <th>Document </th> <th>Availability</th>
+</tr>
+
+<tr> <td> Berkeley DB database</td> <td><a href="DB_README.html">DB_README</a></td> <td> Postfix
+1.0 </td> </tr>
+
+<tr> <td> LMDB database</td> <td><a href="LMDB_README.html">LMDB_README</a></td> <td> Postfix
+2.11 </td> </tr>
+
+<tr> <td> LDAP database</td> <td><a href="LDAP_README.html">LDAP_README</a></td> <td> Postfix
+1.0 </td> </tr>
+
+<tr> <td> MySQL database</td> <td><a href="MYSQL_README.html">MYSQL_README</a></td> <td> Postfix
+1.0 </td> </tr>
+
+<tr> <td> Perl compatible regular expression</td> <td><a href="PCRE_README.html">PCRE_README</a></td>
+<td> Postfix 1.0 </td> </tr>
+
+<tr> <td> PostgreSQL database</td> <td><a href="PGSQL_README.html">PGSQL_README</a></td> <td>
+Postfix 2.0 </td> </tr>
+
+<tr> <td> SASL authentication </td> <td><a href="SASL_README.html">SASL_README</a></td> <td>
+Postfix 1.0 </td> </tr>
+
+<tr> <td> SQLite database</td> <td><a href="SQLITE_README.html">SQLITE_README</a></td> <td> Postfix
+2.8 </td> </tr>
+
+<tr> <td> STARTTLS session encryption </td> <td><a href="TLS_README.html">TLS_README</a></td> <td>
+Postfix 2.2 </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Note: IP version 6 support is compiled into Postfix on operating
+systems that have IPv6 support. See the <a href="IPV6_README.html">IPV6_README</a> file for details.
+</p>
+
+<h3><a name="build_over">4.6 - Overriding built-in parameter default
+settings</a></h3>
+
+<h4>4.6.1 - Postfix 3.0 and later </h4>
+
+<p> All Postfix configuration parameters can be changed by editing
+a Postfix configuration file, except for one: the parameter that
+specifies the location of Postfix configuration files. In order to
+build Postfix with a configuration directory other than /etc/postfix,
+use: </p>
+
+<blockquote>
+<pre>
+$ make makefiles <a href="postconf.5.html#config_directory">config_directory</a>=/some/where ...other arguments...
+$ make
+</pre>
+</blockquote>
+
+<p> The command "make makefiles name=value ..." will replace the
+string MAIL_VERSION at the end of a configuration parameter value
+with the Postfix release version. Do not try to specify something
+like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces inconsistent
+results with different versions of the make(1) command. </p>
+
+<p> Parameters whose defaults can be specified in this way are
+listed below. See the <a href="postconf.5.html">postconf(5)</a> manpage for a description
+(command: "<tt>nroff -man man/man5/postconf.5 | less</tt>"). </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th>parameter name</th> <th>typical default</th> </tr>
+
+<tr> <td><a href="postconf.5.html#command_directory">command_directory</a></td> <td>/usr/sbin</td> </tr>
+
+<tr> <td><a href="postconf.5.html#config_directory">config_directory</a></td> <td>/etc/postfix</td> </tr>
+
+<tr> <td><a href="postconf.5.html#default_database_type">default_database_type</a></td> <td>hash</td> </tr>
+
+<tr> <td><a href="postconf.5.html#daemon_directory">daemon_directory</a></td> <td>/usr/libexec/postfix</td> </tr>
+
+<tr> <td><a href="postconf.5.html#data_directory">data_directory</a></td> <td>/var/lib/postfix</td> </tr>
+
+<tr> <td><a href="postconf.5.html#html_directory">html_directory</a></td> <td>no</td> </tr>
+
+<tr> <td><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a></td> <td>/var/mail</td> </tr>
+
+<tr> <td><a href="postconf.5.html#mailq_path">mailq_path</a></td> <td>/usr/bin/mailq</td> </tr>
+
+<tr> <td><a href="postconf.5.html#manpage_directory">manpage_directory</a></td> <td>/usr/local/man</td> </tr>
+
+<tr> <td><a href="postconf.5.html#meta_directory">meta_directory</a></td> <td>/etc/postfix</td> </tr>
+
+<tr> <td><a href="postconf.5.html#newaliases_path">newaliases_path</a></td> <td>/usr/bin/newaliases</td> </tr>
+
+<tr> <td><a href="postconf.5.html#openssl_path">openssl_path</a></td> <td>openssl</td> </tr>
+
+<tr> <td><a href="postconf.5.html#queue_directory">queue_directory</a></td> <td>/var/spool/postfix</td> </tr>
+
+<tr> <td><a href="postconf.5.html#readme_directory">readme_directory</a></td> <td>no</td> </tr>
+
+<tr> <td><a href="postconf.5.html#sendmail_path">sendmail_path</a></td> <td>/usr/sbin/sendmail</td> </tr>
+
+<tr> <td><a href="postconf.5.html#shlib_directory">shlib_directory</a></td> <td>/usr/lib/postfix</td> </tr>
+
+</table>
+
+</blockquote>
+
+<h4>4.6.2 - All Postfix versions </h4>
+
+<p> All Postfix configuration parameters can be changed by editing
+a Postfix configuration file, except for one: the parameter that
+specifies the location of Postfix configuration files. In order to
+build Postfix with a configuration directory other than /etc/postfix,
+use: </p>
+
+<blockquote>
+<pre>
+$ make makefiles CCARGS="-DDEF_CONFIG_DIR=\\\"/some/where\\\""
+$ make
+</pre>
+</blockquote>
+
+<p> IMPORTANT: Be sure to get the quotes right. These details matter
+a lot. </p>
+
+<p> Parameters whose defaults can be specified in this way are
+listed below. See the <a href="postconf.5.html">postconf(5)</a> manpage for a description
+(command: "<tt>nroff -man man/man5/postconf.5 | less</tt>"). </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr><th> Macro name </th> <th>default value for</th> <th>typical
+default</th> </tr>
+
+<tr> <td>DEF_COMMAND_DIR</td> <td><a href="postconf.5.html#command_directory">command_directory</a></td>
+<td>/usr/sbin</td> </tr>
+
+<tr> <td>DEF_CONFIG_DIR</td> <td><a href="postconf.5.html#config_directory">config_directory</a></td>
+<td>/etc/postfix</td> </tr>
+
+<tr> <td>DEF_DB_TYPE</td> <td><a href="postconf.5.html#default_database_type">default_database_type</a></td>
+<td>hash</td> </tr>
+
+<tr> <td>DEF_DAEMON_DIR</td> <td><a href="postconf.5.html#daemon_directory">daemon_directory</a></td>
+<td>/usr/libexec/postfix</td> </tr>
+
+<tr> <td>DEF_DATA_DIR</td> <td><a href="postconf.5.html#data_directory">data_directory</a></td>
+<td>/var/lib/postfix</td> </tr>
+
+<tr> <td>DEF_MAILQ_PATH</td> <td><a href="postconf.5.html#mailq_path">mailq_path</a></td> <td>/usr/bin/mailq</td>
+</tr>
+
+<tr> <td>DEF_HTML_DIR</td> <td><a href="postconf.5.html#html_directory">html_directory</a></td>
+<td>no</td> </tr>
+
+<tr> <td>DEF_MANPAGE_DIR</td> <td><a href="postconf.5.html#manpage_directory">manpage_directory</a></td>
+<td>/usr/local/man</td> </tr>
+
+<tr> <td>DEF_NEWALIAS_PATH</td> <td><a href="postconf.5.html#newaliases_path">newaliases_path</a></td>
+<td>/usr/bin/newaliases</td> </tr>
+
+<tr> <td>DEF_QUEUE_DIR</td> <td><a href="postconf.5.html#queue_directory">queue_directory</a></td>
+<td>/var/spool/postfix</td> </tr>
+
+<tr> <td>DEF_README_DIR</td> <td><a href="postconf.5.html#readme_directory">readme_directory</a></td>
+<td>no</td> </tr>
+
+<tr> <td>DEF_SENDMAIL_PATH</td> <td><a href="postconf.5.html#sendmail_path">sendmail_path</a></td>
+<td>/usr/sbin/sendmail</td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Note: the <a href="postconf.5.html#data_directory">data_directory</a> parameter (for caches and pseudo-random
+numbers) was introduced with Postfix version 2.5. </p>
+
+<h3><a name="build_other">4.7 - Overriding other compile-time
+features</a></h3>
+
+<p> The general method to override Postfix compile-time features
+is as follows: </p>
+
+<blockquote>
+<pre>
+$ make makefiles name=value name=value...
+$ make
+</pre>
+</blockquote>
+
+<p> The following is an extensive list of names and values. </p>
+
+<table border="1">
+
+<tr> <th colspan="2"> Name/Value </th> <th> Description </th> </tr>
+
+<tr> <td colspan="2"> AUXLIBS="object_library..."</td> <td> Specifies
+one or more non-default object libraries. Postfix 3.0 and later
+specify some of their database library dependencies with <a href="CDB_README.html">AUXLIBS_CDB</a>,
+<a href="LDAP_README.html">AUXLIBS_LDAP</a>, <a href="LMDB_README.html">AUXLIBS_LMDB</a>, <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>, <a href="PCRE_README.html">AUXLIBS_PCRE</a>, <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>,
+AUXLIBS_SDBM, and <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>, respectively. </td> </tr>
+
+<tr> <td colspan="2"> CC=compiler_command</td> <td> Specifies a
+non-default compiler. On many systems, the default is <tt>gcc</tt>.
+</td> </tr>
+
+<tr> <td colspan="2"> CCARGS="compiler_arguments..."</td> <td>
+Specifies non-default compiler arguments, for example, a non-default
+<tt>include</tt> directory. The following directives turn
+off Postfix features at compile time:</td> </tr>
+
+<tr> <td> </td> <td> -DNO_DB </td> <td> Do not build with Berkeley
+DB support. By default, Berkeley DB support is compiled in on
+platforms that are known to support this feature. If you override
+this, then you probably should also override DEF_DB_TYPE as described
+in section 4.6. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_DNSSEC </td> <td> Do not build with DNSSEC
+support, even if the resolver library appears to support it. </td>
+</tr>
+
+<tr> <td> </td> <td> -DNO_DEVPOLL </td> <td> Do not build with
+Solaris <tt>/dev/poll</tt> support. By default, <tt>/dev/poll</tt>
+support is compiled in on Solaris versions that are known to support
+this feature. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_EPOLL </td> <td> Do not build with Linux
+EPOLL support. By default, EPOLL support is compiled in on platforms
+that are known to support this feature. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_EAI </td> <td> Do not build with EAI
+(SMTPUTF8) support. By default, EAI support is compiled in when
+the "icuuc" library and header files are found. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_INLINE </td> <td> Do not require support
+for C99 "inline" functions. Instead, implement argument typechecks
+for non-printf/scanf-like functions with ternary operators and
+unreachable code. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_IPV6 </td> <td> Do not build with IPv6
+support. By default, IPv6 support is compiled in on platforms that
+are known to have IPv6 support. Note: this directive is for debugging
+and testing only. It is not guaranteed to work on all platforms.
+If you don't want IPv6 support, set "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" in
+<a href="postconf.5.html">main.cf</a>.
+</td> </tr>
+
+<tr> <td> </td> <td> -DNO_KQUEUE </td> <td> Do not build with FreeBSD
+/ NetBSD / OpenBSD / MacOSX KQUEUE support. By default, KQUEUE
+support is compiled in on platforms that are known to support it.
+</td> </tr>
+
+<tr> <td> </td> <td> -DNO_NIS </td> <td> Do not build with NIS or
+NISPLUS support. NIS is not available on some recent Linux
+distributions. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_NISPLUS </td> <td> Do not build with
+NISPLUS support. NISPLUS is not available on some recent Solaris
+distributions. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_PCRE </td> <td> Do not build with PCRE
+support. By default, PCRE support is compiled in when the
+<tt>pcre-config</tt> utility is installed. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_POSIX_GETPW_R </td> <td> Disable support
+for POSIX <tt>getpwnam_r/getpwuid_r</tt>. By default Postfix uses
+these where they are known to be available. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_RES_NCALLS </td> <td> Do not build with
+the threadsafe resolver(5) API (res_ninit() etc.). </td> </tr>
+
+<tr> <td> </td> <td> -DNO_SIGSETJMP </td> <td> Use
+<tt>setjmp()/longjmp()</tt> instead of <tt>sigsetjmp()/siglongjmp()</tt>.
+By default, Postfix uses <tt>sigsetjmp()/siglongjmp()</tt> when
+they are known to be available. </td> </tr>
+
+<tr> <td> </td> <td> -DNO_SNPRINTF </td> <td> Use <tt>sprintf()</tt>
+instead of <tt>snprintf()</tt>. By default, Postfix uses
+<tt>snprintf()</tt> except on ancient systems. </td> </tr>
+
+<tr> <td colspan="2"> DEBUG=debug_level </td> <td> Specifies a
+non-default compiler debugging level. The default is "<tt>-g</tt>".
+Specify DEBUG= to turn off debugging. </td> </tr>
+
+<tr> <td colspan="2"> OPT=optimization_level </td> <td> Specifies
+a non-default optimization level. The default is "<tt>-O</tt>".
+Specify OPT= to turn off optimization. </td> </tr>
+
+<tr> <td colspan="2"> POSTFIX_INSTALL_OPTS=-option... </td> <td>
+Specifies options for the <tt>postfix-install</tt> command, separated
+by whitespace. Currently, the only supported option is
+"<tt>-keep-build-mtime</tt>". </td> </tr>
+
+<tr> <td colspan="2"> SHLIB_CFLAGS=flags </td> <td> Specifies
+non-default compiler options for building Postfix dynamically-linked
+libraries and database plugins. The typical default is "-fPIC".
+</td> </tr>
+
+<tr> <td colspan="2"> SHLIB_RPATH=rpath </td> <td> Specifies
+a non-default runpath for Postfix dynamically-linked libraries. The
+typical default is "'-Wl,-rpath,${SHLIB_DIR}'". </td> </tr>
+
+<tr> <td colspan="2"> SHLIB_SUFFIX=suffix </td> <td> Specifies
+a non-default suffix for Postfix dynamically-linked libraries and
+database plugins. The typical default is "<tt>.so</tt>". </td>
+</tr>
+
+<tr> <td colspan="2"> WARN="warning_flags..." </td> <td> Specifies
+non-default compiler warning options for use when "<tt>make</tt>"
+is invoked in a source subdirectory only. </td>
+</tr>
+
+</table>
+
+<h3><a name="build_proc">4.8 - Support for thousands of processes</a></h3>
+
+<p> The number of connections that Postfix can manage simultaneously
+is limited by the number of processes that it can run. This number
+in turn is limited by the number of files and sockets that a single
+process can open. For example, the Postfix queue manager has a
+separate connection to each delivery process, and the <a href="anvil.8.html">anvil(8)</a>
+server has one connection per <a href="smtpd.8.html">smtpd(8)</a> process. </p>
+
+<p> Postfix version 2.4 and later have no built-in limits on the
+number of open files or sockets, when compiled on systems that
+support one of the following: </p>
+
+<ul>
+
+<li> BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
+
+<li> Solaris 8 /dev/poll,
+
+<li> Linux 2.6 epoll(4).
+
+</ul>
+
+
+<p> With other Postfix versions or operating systems, the number
+of file descriptors per process is limited by the value of the
+FD_SETSIZE macro. If you expect to run more than 1000 mail delivery
+processes, you may need to override the definition of the FD_SETSIZE
+macro to make select() work correctly: </p>
+
+<blockquote>
+<pre>
+$ make makefiles CCARGS=-DFD_SETSIZE=2048
+</pre>
+</blockquote>
+
+<p> Warning: the above has no effect on some Linux versions.
+Apparently, on these systems the FD_SETSIZE value can be changed
+only by using undocumented interfaces. Currently, that means
+including &lt;bits/types.h&gt; directly (which is not allowed) and
+overriding the __FD_SETSIZE macro. Beware, undocumented interfaces
+can change at any time and without warning. </p>
+
+<p> But wait, there is more: none of this will work unless the
+operating system is configured to handle thousands of connections.
+See the <a href="TUNING_README.html">TUNING_README</a> guide for examples of how to increase the
+number of open sockets or files. </p>
+
+<h3><a name="build_final">4.9 - Compiling Postfix, at last</a></h3>
+
+<p> If the command </p>
+
+<blockquote>
+<pre>
+$ make
+</pre>
+</blockquote>
+
+<p> is successful, then you can proceed to <a href="#install">install</a>
+Postfix (section 6).
+
+<p> If the command produces compiler error messages, it may be time
+to search the web or to ask the postfix-users@postfix.org mailing
+list, but be sure to search the mailing list archives first. Some
+mailing list archives are linked from <a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
+
+<h2> <a name="5">5 - Porting Postfix to an unsupported system</a> </h2>
+
+<p> Each system type that Postfix knows is identified by a unique
+name. Examples: SUNOS5, FREEBSD4, and so on. When porting Postfix
+to a new system, the first step is to choose a SYSTEMTYPE name for
+the new system. You must use a name that includes at least the
+major version of the operating system (such as SUNOS4 or LINUX2),
+so that different releases of the same system can be supported
+without confusion. </p>
+
+<p> Add a case statement to the "makedefs" shell script in the
+source code top-level directory that recognizes the new system
+reliably, and that emits the right system-specific information.
+Be sure to make the code robust against user PATH settings; if the
+system offers multiple UNIX flavors (e.g. BSD and SYSV) be sure to
+build for the native flavor, instead of the emulated one. </p>
+
+<p> Add an "#ifdef SYSTEMTYPE" section to the central util/sys_defs.h
+include file. You may have to invent new feature macro names.
+Please choose sensible feature macro names such as HAS_DBM or
+FIONREAD_IN_SYS_FILIO_H.
+
+<p> I strongly recommend against using "#ifdef SYSTEMTYPE" in
+individual source files. While this may look like the quickest
+solution, it will create a mess when newer versions of the same
+SYSTEMTYPE need to be supported. You're likely to end up placing
+"#ifdef" sections all over the source code again. </p>
+
+<h2><a name="install">6 - Installing the software after successful
+compilation</a></h2>
+
+<p> This text describes how to install Postfix from source code.
+See the <a href="PACKAGE_README.html">PACKAGE_README</a> file if you are building a package for
+distribution to other systems. </p>
+
+<h3>6.1 - Save existing Sendmail binaries</h3>
+
+<p> <a name="save">IMPORTANT</a>: if you are REPLACING an existing
+Sendmail installation with Postfix, you may need to keep the old
+sendmail program running for some time in order to flush the mail
+queue. </p>
+
+<ul>
+
+<li> <p> Some systems implement a mail switch mechanism where
+different MTAs (Postfix, Sendmail, etc.) can be installed at the
+same time, while only one of them is actually being used. Examples
+of such switching mechanisms are the FreeBSD mailwrapper(8) or the
+Linux mail switch. In this case you should try to "flip" the switch
+to "Postfix" before installing Postfix. </p>
+
+<li> <p> If your system has no mail switch mechanism, execute the
+following commands (your sendmail, newaliases and mailq programs
+may be in a different place): </p>
+
+<pre>
+# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
+# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
+# mv /usr/bin/mailq /usr/bin/mailq.OFF
+# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
+ /usr/bin/mailq.OFF
+</pre>
+
+</ul>
+
+<h3>6.2 - Create account and groups</h3>
+
+<p> Before you install Postfix for the first time you need to
+create an account and a group:</p>
+
+<ul>
+
+<li> <p> Create a user account "postfix" with a user id and group
+id that are not used by any other user account. Preferably, this
+is an account that no-one can log into. The account does not need
+an executable login shell, and needs no existing home directory.
+My password and group file entries look like this: </p>
+
+<blockquote>
+<pre>
+/etc/passwd:
+ postfix:*:12345:12345:postfix:/no/where:/no/shell
+
+/etc/group:
+ postfix:*:12345:
+</pre>
+</blockquote>
+
+<p> Note: there should be no whitespace before "postfix:". </p>
+
+<li> <p> Create a group "postdrop" with a group id that is not used
+by any other user account. Not even by the postfix user account.
+My group file entry looks like:
+
+<blockquote>
+<pre>
+/etc/group:
+ postdrop:*:54321:
+</pre>
+</blockquote>
+
+<p> Note: there should be no whitespace before "postdrop:". </p>
+
+</ul>
+
+<h3>6.3 - Install Postfix</h3>
+
+<p> To install or upgrade Postfix from compiled source code, run
+one of the following commands as the super-user:</p>
+
+<blockquote>
+<pre>
+# make install (interactive version, first time install)
+
+# make upgrade (non-interactive version, for upgrades)
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The interactive version ("make install") asks for pathnames
+for Postfix data and program files, and stores your preferences in
+the <a href="postconf.5.html">main.cf</a> file. <b> If you don't want Postfix to overwrite
+non-Postfix "sendmail", "mailq" and "newaliases" files, specify
+pathnames that end in ".postfix"</b>. </p>
+
+<li> <p> The non-interactive version ("make upgrade") needs the
+/etc/postfix/<a href="postconf.5.html">main.cf</a> file from a previous installation. If the file
+does not exist, use interactive installation ("make install")
+instead. </p>
+
+<li> <p> If you specify name=value arguments on the "make install"
+or "make upgrade" command line, then these will take precedence
+over compiled-in default settings or <a href="postconf.5.html">main.cf</a> settings. </p>
+
+<p> The command "make install/upgrade name=value ..." will replace
+the string MAIL_VERSION at the end of a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+</p>
+
+</ul>
+
+<h3>6.4 - Configure Postfix</h3>
+
+<p> Proceed to the section on how you wish to run Postfix on
+your particular machine: </p>
+
+<ul>
+
+<li> <p> <a href="#send_only">Send</a> mail only, without changing
+an existing Sendmail installation (section 7). </p>
+
+<li> <p> <a href="#send_receive">Send and receive</a> mail via a
+virtual host interface, still without any change to an existing
+Sendmail installation (section 8). </p>
+
+<li> <p> Run Postfix <a href="#replace">instead of</a> Sendmail
+(section 9). </p>
+
+</ul>
+
+<h2><a name="send_only">7 - Configuring Postfix to send mail
+only</a></h2>
+
+<p> If you are going to use Postfix to send mail only, there is no
+need to change your existing sendmail setup. Instead, set up your
+mail user agent so that it calls the Postfix sendmail program
+directly. </p>
+
+<p> Follow the instructions in the "<a href="#mandatory">Mandatory
+configuration file edits</a>" in section 10, and review the "<a
+href="#hamlet">To chroot or not to chroot</a>" text in section
+11. </p>
+
+<p> You MUST comment out the "smtp inet" entry in /etc/postfix/<a href="master.5.html">master.cf</a>,
+in order to avoid conflicts with the real sendmail. Put a "#"
+character in front of the line that defines the smtpd service: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtp inet n - n - - smtpd
+</pre>
+</blockquote>
+
+<p> Start the Postfix system: </p>
+
+<blockquote>
+<pre>
+# postfix start
+</pre>
+</blockquote>
+
+<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
+
+<blockquote>
+<pre>
+# sendmail -bd -qwhatever
+</pre>
+</blockquote>
+
+<p> and watch your maillog file for any error messages. The pathname
+is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
+else. Typically, the pathname is defined in the /etc/syslog.conf
+file. </p>
+
+<blockquote>
+<pre>
+$ grep -E '(reject|warning|error|fatal|panic):' /some/log/file
+</pre>
+</blockquote>
+
+<p> Note: the most important error message is logged first. Later
+messages are not as useful. </p>
+
+<p> In order to inspect the mail queue, use one of the following
+commands: </p>
+
+<blockquote>
+<pre>
+$ mailq
+
+$ sendmail -bp
+
+$ postqueue -p
+</pre>
+</blockquote>
+
+<p> See also the "<a href="#care">Care and feeding</a>" section 12
+below. </p>
+
+<h2><a name="send_receive">8 - Configuring Postfix to send and
+receive mail via virtual interface</a></h2>
+
+<p> Alternatively, you can use the Postfix system to send AND
+receive mail while leaving your Sendmail setup intact, by running
+Postfix on a virtual interface address. Simply configure your mail
+user agent to directly invoke the Postfix sendmail program. </p>
+
+<p> To create a virtual network interface address, study your
+system ifconfig manual page. The command syntax could be any
+of: </p>
+
+<blockquote>
+<pre>
+# <b>ifconfig le0:1 &lt;address&gt; netmask &lt;mask&gt; up</b>
+# <b>ifconfig en0 alias &lt;address&gt; netmask 255.255.255.255</b>
+</pre>
+</blockquote>
+
+<p> In the /etc/postfix/<a href="postconf.5.html">main.cf</a> file, I would specify </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#myhostname">myhostname</a> = virtual.host.tld
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
+</pre>
+</blockquote>
+
+<p> Follow the instructions in the "<a href="#mandatory">Mandatory
+configuration file edits</a>" in section 10, and review the "<a
+href="#hamlet">To chroot or not to chroot</a>" text in section
+11. </p>
+
+<p> Start the Postfix system: </p>
+
+<blockquote>
+<pre>
+# postfix start
+</pre>
+</blockquote>
+
+<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
+
+<blockquote>
+<pre>
+# sendmail -bd -qwhatever
+</pre>
+</blockquote>
+
+<p> and watch your maillog file for any error messages. The pathname
+is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
+else. Typically, the pathname is defined in the /etc/syslog.conf
+file. </p>
+
+<blockquote>
+<pre>
+$ grep -E '(reject|warning|error|fatal|panic):' /some/log/file
+</pre>
+</blockquote>
+
+<p> Note: the most important error message is logged first. Later
+messages are not as useful. </p>
+
+<p> In order to inspect the mail queue, use one of the following
+commands: </p>
+
+<blockquote>
+<pre>
+$ mailq
+
+$ sendmail -bp
+
+$ postqueue -p
+</pre>
+</blockquote>
+
+<p> See also the "<a href="#care">Care and feeding</a>" section 12
+below. </p>
+
+<h2><a name="replace">9 - Running Postfix instead of Sendmail</a></h2>
+
+<p> Prior to installing Postfix you should <a href="#save">save</a>
+any existing sendmail program files as described in section 6. Be
+sure to keep the old sendmail running for at least a couple days
+to flush any unsent mail. To do so, stop the sendmail daemon and
+restart it as: </p>
+
+<blockquote>
+<pre>
+# /usr/sbin/sendmail.OFF -q
+</pre>
+</blockquote>
+
+<p> Note: this is old sendmail syntax. Newer versions use separate
+processes for mail submission and for running the queue. </p>
+
+<p> After you have visited the "<a href="#mandatory">Mandatory
+configuration file edits</a>" section below, you can start the
+Postfix system with: </p>
+
+<blockquote>
+<pre>
+# postfix start
+</pre>
+</blockquote>
+
+<p> or, if you feel nostalgic, use the Postfix sendmail command: </p>
+
+<blockquote>
+<pre>
+# sendmail -bd -qwhatever
+</pre>
+</blockquote>
+
+<p> and watch your maillog file for any error messages. The pathname
+is /var/log/maillog, /var/log/mail, /var/log/syslog, or something
+else. Typically, the pathname is defined in the /etc/syslog.conf
+file. </p>
+
+<blockquote>
+<pre>
+$ grep -E '(reject|warning|error|fatal|panic):' /some/log/file
+</pre>
+</blockquote>
+
+<p> Note: the most important error message is logged first. Later
+messages are not as useful. </p>
+
+<p> In order to inspect the mail queue, use one of the following
+commands: </p>
+
+<blockquote>
+<pre>
+$ mailq
+
+$ sendmail -bp
+
+$ postqueue -p
+</pre>
+</blockquote>
+
+<p> See also the "<a href="#care">Care and feeding</a>" section 12
+below. </p>
+
+<h2><a name="mandatory">10 - Mandatory configuration file edits</a></h2>
+
+<p> Note: the material covered in this section is covered in more
+detail in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document. The information
+presented below is targeted at experienced system administrators.
+</p>
+
+<h3>10.1 - Postfix configuration files</h3>
+
+<p> By default, Postfix configuration files are in /etc/postfix.
+The two most important files are <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>; these files
+must be owned by root. Giving someone else write permission to
+<a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> (or to their parent directories) means giving
+root privileges to that person. </p>
+
+<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a>, you will have to set up a minimal number
+of configuration parameters. Postfix configuration parameters
+resemble shell variables, with two important differences: the first
+one is that Postfix does not know about quotes like the UNIX shell
+does.</p>
+
+<p> You specify a configuration parameter as: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ parameter = value
+</pre>
+</blockquote>
+
+<p> and you use it by putting a "$" character in front of its name: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ other_parameter = $parameter
+</pre>
+</blockquote>
+
+<p> You can use $parameter before it is given a value (that is the
+second main difference with UNIX shell variables). The Postfix
+configuration language uses lazy evaluation, and does not look at
+a parameter value until it is needed at runtime. </p>
+
+<p> Whenever you make a change to the <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> file,
+execute the following command in order to refresh a running mail
+system: </p>
+
+<blockquote>
+<pre>
+# postfix reload
+</pre>
+</blockquote>
+
+<h3>10.2 - Default domain for unqualified addresses</h3>
+
+<p> First of all, you must specify what domain will be appended to an
+unqualified address (i.e. an address without @domain.tld). The
+"<a href="postconf.5.html#myorigin">myorigin</a>" parameter defaults to the local hostname, but that is
+probably OK only for very small sites. </p>
+
+<p> Some examples (use only one): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#myhostname">myhostname</a> (send mail as "user@$<a href="postconf.5.html#myhostname">myhostname</a>")
+ <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (send mail as "user@$<a href="postconf.5.html#mydomain">mydomain</a>")
+</pre>
+</blockquote>
+
+<h3>10.3 - What domains to receive locally</h3>
+
+<p> Next you need to specify what mail addresses Postfix should deliver
+locally. </p>
+
+<p> Some examples (use only one): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost, $<a href="postconf.5.html#mydomain">mydomain</a>
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
+</pre>
+</blockquote>
+
+<p>The first example is appropriate for a workstation, the second
+is appropriate for the mailserver for an entire domain. The third
+example should be used when running on a virtual host interface.</p>
+
+<h3>10.4 - Proxy/NAT interface addresses </h3>
+
+<p> The <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter specifies all network addresses
+that Postfix receives mail on by way of a proxy or network address
+translation unit. You may specify symbolic hostnames instead of
+network addresses. </p>
+
+<p> IMPORTANT: You must specify your proxy/NAT external addresses
+when your system is a backup MX host for other domains, otherwise
+mail delivery loops will happen when the primary MX host is down.
+</p>
+
+<p> Example: host behind NAT box running a backup MX host. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 (the proxy/NAT external network address)
+</pre>
+</blockquote>
+
+<h3>10.5 - What local clients to relay mail from </h3>
+
+<p> If your machine is on an open network then you must specify
+what client IP addresses are authorized to relay their mail through
+your machine into the Internet. The default setting includes all
+subnetworks that the machine is attached to. This may give relay
+permission to too many clients. My own settings are: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
+</pre>
+</blockquote>
+
+<h3>10.6 - What relay destinations to accept from strangers </h3>
+
+<p> If your machine is on an open network then you must also specify
+whether Postfix will forward mail from strangers. The default
+setting will forward mail to all domains (and subdomains of) what
+is listed in $<a href="postconf.5.html#mydestination">mydestination</a>. This may give relay permission for
+too many destinations. Recommended settings (use only one): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = (do not forward mail from strangers)
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (my domain and subdomains)
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>, other.domain.tld, ...
+</pre>
+</blockquote>
+
+<h3>10.7 - Optional: configure a smart host for remote delivery</h3>
+
+<p> If you're behind a firewall, you should set up a <a href="postconf.5.html#relayhost">relayhost</a>. If
+you can, specify the organizational domain name so that Postfix
+can use DNS lookups, and so that it can fall back to a secondary
+MX host when the primary MX host is down. Otherwise just specify
+a hard-coded hostname. </p>
+
+<p> Some examples (use only one): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.$<a href="postconf.5.html#mydomain">mydomain</a>]
+</pre>
+</blockquote>
+
+<p> The form enclosed with <tt>[]</tt> eliminates DNS MX lookups. </p>
+
+<p> By default, the SMTP client will do DNS lookups even when you
+specify a <a href="postconf.5.html#relayhost">relay host</a>. If your machine has no access to a DNS server,
+turn off SMTP client DNS lookups like this: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes
+</pre>
+</blockquote>
+
+<p> The <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> file has more hints and tips for
+firewalled and/or dial-up networks. </p>
+
+<h3>10.8 - Create the aliases database</h3>
+
+<p> Postfix uses a Sendmail-compatible <a href="aliases.5.html">aliases(5)</a> table to redirect
+mail for <a href="local.8.html">local(8)</a> recipients. Typically, this information is kept
+in two files: in a text file /etc/aliases and in an indexed file
+/etc/aliases.db. The command "postconf <a href="postconf.5.html#alias_maps">alias_maps</a>" will tell you
+the exact location of the text file. </p>
+
+<p> First, be sure to update the text file with aliases for root,
+postmaster and "postfix" that forward mail to a real person. Postfix
+has a sample aliases file /etc/postfix/aliases that you can adapt
+to local conditions. </p>
+
+<blockquote>
+<pre>
+/etc/aliases:
+ root: you
+ postmaster: root
+ postfix: root
+ bin: root
+ <i>etcetera...</i>
+</pre>
+</blockquote>
+
+<p> Note: there should be no whitespace before the ":". </p>
+
+<p> Finally, build the indexed aliases file with one of the
+following commands: </p>
+
+<blockquote>
+<pre>
+# newaliases
+# sendmail -bi
+# postalias /etc/aliases (pathname is system dependent!)
+</pre>
+</blockquote>
+
+<h2><a name="hamlet">11 - To chroot or not to chroot</a></h2>
+
+<p> Postfix daemon processes can be configured (via <a href="master.5.html">master.cf</a>) to
+run in a chroot jail. The processes run at a fixed low privilege
+and with access only to the Postfix queue directories (/var/spool/postfix).
+This provides a significant barrier against intrusion. The barrier
+is not impenetrable, but every little bit helps. </p>
+
+<p> With the exception of Postfix daemons that deliver mail locally
+and/or that execute non-Postfix commands, every Postfix daemon can
+run chrooted. </p>
+
+<p> Sites with high security requirements should consider to chroot
+all daemons that talk to the network: the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a>
+processes, and perhaps also the <a href="lmtp.8.html">lmtp(8)</a> client. The author's own
+porcupine.org mail server runs all daemons chrooted that can be
+chrooted. </p>
+
+<p> The default /etc/postfix/<a href="master.5.html">master.cf</a> file specifies that no
+Postfix daemon runs chrooted. In order to enable chroot operation,
+edit the file /etc/postfix/<a href="master.5.html">master.cf</a>. Instructions are in the file.
+</p>
+
+<p> Note that a chrooted daemon resolves all filenames relative to
+the Postfix queue directory (/var/spool/postfix). For successful
+use of a chroot jail, most UNIX systems require you to bring in
+some files or device nodes. The examples/chroot-setup directory
+in the source code distribution has a collection of scripts that
+help you set up Postfix chroot environments on different operating
+systems. </p>
+
+<p> Additionally, you almost certainly need to configure syslogd
+so that it listens on a socket inside the Postfix queue directory.
+Examples for specific systems: </p>
+
+<dl>
+
+<dt> FreeBSD: </dt>
+
+<dd> <pre>
+# mkdir -p /var/spool/postfix/var/run
+# syslogd -l /var/spool/postfix/var/run/log
+</pre> </dd>
+
+<dt> Linux, OpenBSD: </dt>
+
+<dd> <pre>
+# mkdir -p /var/spool/postfix/dev
+# syslogd -a /var/spool/postfix/dev/log
+</pre> </dd>
+
+</dl>
+
+<h2><a name="care">12 - Care and feeding of the Postfix system</a></h2>
+
+<p> Postfix daemon processes run in the background, and log problems
+and normal activity to the syslog daemon. The names of logfiles
+are specified in /etc/syslog.conf. At the very least you need
+something like: </p>
+
+<blockquote>
+<pre>
+/etc/syslog.conf:
+ mail.err /dev/console
+ mail.debug /var/log/maillog
+</pre>
+</blockquote>
+
+<p> IMPORTANT: the syslogd will not create files. You must create
+them before (re)starting syslogd. </p>
+
+<p> IMPORTANT: on Linux you need to put a "-" character before
+the pathname, e.g., -/var/log/maillog, otherwise the syslogd
+will use more system resources than Postfix does. </p>
+
+<p> Hopefully, the number of problems will be small, but it is a good
+idea to run every night before the syslog files are rotated: </p>
+
+<blockquote>
+<pre>
+# postfix check
+# grep -E '(reject|warning|error|fatal|panic):' /some/log/file
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The first line (postfix check) causes Postfix to report
+file permission/ownership discrepancies. </p>
+
+<li> <p> The second line looks for problem reports from the mail
+software, and reports how effective the relay and junk mail access
+blocks are. This may produce a lot of output. You will want to
+apply some postprocessing to eliminate uninteresting information.
+</p>
+
+</ul>
+
+<p> The <a href="DEBUG_README.html#logging"> DEBUG_README </a>
+document describes the meaning of the "warning" etc. labels in
+Postfix logging. </p>
+
+</body>
+
+</html>
diff --git a/html/IPV6_README.html b/html/IPV6_README.html
new file mode 100644
index 0000000..39833fd
--- /dev/null
+++ b/html/IPV6_README.html
@@ -0,0 +1,364 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix IPv6 Support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+IPv6 Support</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
+protocol. IPv6 support for older Postfix versions was available as
+an add-on patch. The section "<a href="#compat">Compatibility with
+Postfix &lt;2.2 IPv6 support</a>" below discusses the differences
+between these implementations. </p>
+
+<p> The main feature of interest is that IPv6 uses 128-bit IP
+addresses instead of the 32-bit addresses used by IPv4. It can
+therefore accommodate a much larger number of hosts and networks
+without ugly kluges such as NAT. A side benefit of the much larger
+address space is that it makes random network scanning impractical.
+</p>
+
+<p> Postfix uses the same SMTP protocol over IPv6 as it already
+uses over the older IPv4 network, and does AAAA record lookups in
+the DNS in addition to the older A records. Information about IPv6
+can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p>
+
+<p> This document provides information on the following topics:
+</p>
+
+<ul>
+
+<li><a href="#platforms">Supported platforms</a>
+
+<li><a href="#configuration">Configuration</a>
+
+<li><a href="#limitations">Known limitations</a>
+
+<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
+
+<li><a href="#porting">IPv6 Support for unsupported platforms</a>
+
+<li><a href="#credits">Credits</a>
+
+</ul>
+
+<h2><a name="platforms">Supported Platforms</a></h2>
+
+<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
+platforms: </p>
+
+<ul>
+
+<li> AIX 5.1+
+<li> Darwin 7.3+
+<li> FreeBSD 4+
+<li> Linux 2.4+
+<li> NetBSD 1.5+
+<li> OpenBSD 2+
+<li> Solaris 8+
+<li> Tru64Unix V5.1+
+
+</ul>
+
+<p> On other platforms Postfix will simply use IPv4 as it has always
+done. </p>
+
+<p> See "<a href="#porting">IPv6 Support for unsupported platforms</a>"
+for tips to port Postfix IPv6 support to other environments. </p>
+
+<h2><a name="configuration">Configuration</a></h2>
+
+<p> Postfix IPv6 support introduces two new <a href="postconf.5.html">main.cf</a> configuration
+parameters, and introduces an important change in address syntax
+notation in match lists such as <a href="postconf.5.html#mynetworks">mynetworks</a> or
+<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>. </p>
+
+<p> Postfix IPv6 address syntax is a little tricky, because there
+are a few places where you must enclose an IPv6 address inside
+"<tt>[]</tt>" characters, and a few places where you must not. It is
+a good idea to use "<tt>[]</tt>" only in the few places where you
+have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6
+related configuration work with Postfix. </p>
+
+<ul>
+
+<li> <p> Instead of hard-coding 127.0.0.1 and ::1 loopback addresses
+in <a href="master.5.html">master.cf</a>, specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only" in <a href="postconf.5.html">main.cf</a>.
+This way you can use the same <a href="master.5.html">master.cf</a> file regardless of whether
+or not Postfix will run on an IPv6-enabled system. </p>
+
+<li> <p> The first new parameter is called <a href="postconf.5.html#inet_protocols">inet_protocols</a>. This
+specifies what protocols Postfix will use when it makes or accepts
+network connections, and also controls what DNS lookups Postfix
+will use when it makes network connections. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # You must stop/start Postfix after changing this parameter.
+ <a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable IPv4, and IPv6 if supported)
+ <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (enable IPv4 only)
+ <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6)
+ <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only)
+</pre>
+</blockquote>
+
+<p> The default is compile-time dependent: "all" when Postfix is built
+on a software distribution with IPv6 support, "ipv4" otherwise. </p>
+
+<p> Note 1: you must stop and start Postfix after changing the
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> configuration parameter. </p>
+
+<p> Note 2: on older Linux and Solaris systems, the setting
+"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6" will not prevent Postfix from
+accepting IPv4 connections. </p>
+
+<p> For an unsupported test option to build Postfix without IPv6
+support, see the NO_IPV6 option in the <a href="INSTALL.html">INSTALL</a> document. </p>
+
+<li> <p> The other new parameter is <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>.
+This sets the local interface address for outgoing IPv6 SMTP
+connections, just like the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> parameter
+does for IPv4: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:587:0:250:56ff:fe89:1
+</pre>
+</blockquote>
+
+<li> <p> If you left the value of the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter at its
+default (i.e. no <a href="postconf.5.html#mynetworks">mynetworks</a> setting in <a href="postconf.5.html">main.cf</a>) Postfix will figure
+out by itself what its network addresses are. This is what a typical
+setting looks like: </p>
+
+<blockquote>
+<pre>
+% postconf <a href="postconf.5.html#mynetworks">mynetworks</a>
+<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:587::]/64
+</pre>
+</blockquote>
+
+<p> If you did specify the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter value in
+<a href="postconf.5.html">main.cf</a>, you need to update the <a href="postconf.5.html#mynetworks">mynetworks</a> value to include
+the IPv6 networks the system is in. Be sure to specify IPv6 address
+information inside "<tt>[]</tt>", like this: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:587::]/64 ...
+</pre>
+</blockquote>
+
+</ul>
+
+<p> <b> NOTE: when configuring Postfix match lists such as
+<a href="postconf.5.html#mynetworks">mynetworks</a> or <a href="postconf.5.html#debug_peer_list">debug_peer_list</a>, you must specify
+IPv6 address information inside "<tt>[]</tt>" in the <a href="postconf.5.html">main.cf</a> parameter
+value and in files specified with a "<i>/file/name</i>" pattern.
+IPv6 addresses contain the ":" character, and would otherwise be
+confused with a "<i><a href="DATABASE_README.html">type:table</a></i>" pattern. </b> </p>
+
+<h2><a name="limitations">Known Limitations</a></h2>
+
+<ul>
+
+<li> <p> Postfix SMTP clients before version 2.8 try to connect
+over IPv6 before trying IPv4. With more recent Postfix versions,
+the order of IPv6 versus IPv4 outgoing connection attempts is
+configurable with the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. </p>
+
+<li> <p> Postfix versions before 2.6 do not support DNSBL (DNS
+blocklist) lookups for IPv6 client IP addresses. </p>
+
+<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
+networks, the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" has the
+same effect as the setting "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet".
+</p>
+
+<li> <p> On Tru64Unix and AIX, Postfix can't figure out the local
+subnet mask
+and always assumes a /128 network. This is a problem only with
+"<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" and no explicit <a href="postconf.5.html#mynetworks">mynetworks</a>
+setting in <a href="postconf.5.html">main.cf</a>. </p>
+
+</ul>
+
+<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
+</h2>
+
+<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
+by Dean Strik and others, but differs in a few minor ways. </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter does not support
+the notation "ipv6:all" or "ipv4:all". Use the
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter instead. </p>
+
+<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all" or
+"<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6" in order to enable both IPv4
+and IPv6 support. </p>
+
+<li> <p> <a href="postconf.5.html">main.cf</a>: The <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter also controls
+what DNS lookups Postfix will attempt to make when delivering or
+receiving mail. </p>
+
+<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only"
+to listen on loopback network interfaces only. </p>
+
+<li> <p> The <a href="postconf.5.html#lmtp_bind_address">lmtp_bind_address</a> and <a href="postconf.5.html#lmtp_bind_address6">lmtp_bind_address6</a>
+features were omitted. Postfix version 2.3 merged the LMTP client
+into the SMTP client, so there was no reason to keep adding features
+to the LMTP client. </p>
+
+<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
+commands are specified as [ipv6:<i>ipv6address</i>], as
+described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
+
+<li> <p> The IPv6 network address matching code was rewritten from
+the ground up, and is expected to be closer to the specification.
+The result may be incompatible with the Postfix/IPv6 patch.
+</p>
+
+</ul>
+
+<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
+
+<p> Getting Postfix IPv6 working on other platforms involves the
+following steps: </p>
+
+<ul>
+
+<li> <p> Specify how Postfix should find the local network interfaces.
+Postfix needs this information to avoid mailer loops and to find out
+if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
+
+<p> If your system has the getifaddrs() routine then add
+the following to your platform-specific section in
+src/util/sys_defs.h: </p>
+
+<blockquote>
+<pre>
+#ifndef NO_IPV6
+# define HAS_IPV6
+# define HAVE_GETIFADDRS
+#endif
+</pre>
+</blockquote>
+
+<p> Otherwise, if your system has the SIOCGLIF ioctl()
+command in /usr/include/*/*.h, add the following to your
+platform-specific section in src/util/sys_defs.h: </p>
+
+<blockquote>
+<pre>
+#ifndef NO_IPV6
+# define HAS_IPV6
+# define HAS_SIOCGLIF
+#endif
+</pre>
+</blockquote>
+
+<p> Otherwise, Postfix will have to use the old SIOCGIF commands
+and get along with reduced IPv6 functionality (it won't be able to
+figure out your IPv6 netmasks, which are needed for "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a>
+= subnet". Add this to your platform-specific section in
+src/util/sys_defs.h: </p>
+
+<blockquote>
+<pre>
+#ifndef NO_IPV6
+# define HAS_IPV6
+#endif
+</pre>
+</blockquote>
+
+<li> <p> Test if Postfix can figure out its interface information. </p>
+
+<p> After compiling Postfix in the usual manner, step into the
+src/util directory and type "<b>make inet_addr_local</b>".
+Running this file by hand should produce all the interface addresses
+and network masks, for example: </p>
+
+<blockquote>
+<pre>
+% make
+% cd src/util
+% make inet_addr_local
+[... some messages ...]
+% ./inet_addr_local
+[... some messages ...]
+./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
+./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
+168.100.189.2/255.255.255.224
+127.0.0.1/255.0.0.0
+fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
+2001:240:587:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
+fe80:5::1/ffff:ffff:ffff:ffff::
+::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+</pre>
+</blockquote>
+
+<p> The above is for an old FreeBSD machine. Other systems produce
+slightly different results, but you get the idea. </p>
+
+</ul>
+
+<p> If none of all this produces a usable result, send email to the
+postfix-users@postfix.org mailing list and we'll try to help you
+through this. </p>
+
+<h2><a name="credits">Credits</a></h2>
+
+<p> The following information is in part based on information that
+was compiled by Dean Strik. </p>
+
+<ul>
+
+<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
+
+<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
+substantial improvements. Since then, we speak of the KAME patch.
+</p>
+
+<li> <p> The PLD Linux Distribution ported the code to other stacks
+(notably USAGI). We speak of the PLD patch. A very important
+feature of the PLD patch was that it can work with Lutz Jaenicke's
+TLS patch for Postfix. </p>
+
+<li> <p> Dean Strik extended IPv6 support to platforms other than
+KAME and USAGI, updated the patch to keep up with Postfix development,
+and provided a combined IPv6 + TLS patch. Information about his
+effort can be found on Dean Strik's Postfix website at
+<a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p>
+
+<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
+Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
+code from Postfix that could be removed. For systems without IPv6
+support in the kernel and system libraries, Postfix has a simple
+compatibility layer, so that it will use IPv4 as before. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/LDAP_README.html b/html/LDAP_README.html
new file mode 100644
index 0000000..ce77f94
--- /dev/null
+++ b/html/LDAP_README.html
@@ -0,0 +1,633 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix LDAP Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix LDAP Howto</h1>
+
+<hr>
+
+<h2>LDAP Support in Postfix</h2>
+
+<p> Postfix can use an LDAP directory as a source for any of its
+lookups: <a href="aliases.5.html">aliases(5)</a>, <a href="virtual.5.html">virtual(5)</a>, <a href="canonical.5.html">canonical(5)</a>, etc. This allows
+you to keep information for your mail service in a replicated
+network database with fine-grained access controls. By not storing
+it locally on the mail server, the administrators can maintain it
+from anywhere, and the users can control whatever bits of it you
+think appropriate. You can have multiple mail servers using the
+same information, without the hassle and delay of having to copy
+it to each. </p>
+
+<p> Topics covered in this document:</p>
+
+<ul>
+
+<li><a href="#build">Building Postfix with LDAP support</a>
+
+<li><a href="#config">Configuring LDAP lookups</a>
+
+<li><a href="#example_alias">Example: aliases</a>
+
+<li><a href="#example_virtual">Example: virtual domains/addresses</a>
+
+<li><a href="#example_group">Example: expanding LDAP groups</a>
+
+<li><a href="#other">Other uses of LDAP lookups</a>
+
+<li><a href="#hmmmm">Notes and things to think about</a>
+
+<li><a href="#feedback">Feedback</a>
+
+<li><a href="#credits">Credits</a>
+
+</ul>
+
+<h2><a name="build">Building Postfix with LDAP support</a></h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> Note 1: Postfix no longer supports the LDAP version 1 interface.
+</p>
+
+<p> Note 2: to use LDAP with Debian GNU/Linux's Postfix, all you
+need is to install the postfix-ldap package and you're done. There
+is no need to recompile Postfix. </p>
+
+<p> You need to have LDAP libraries and include files installed
+somewhere on your system, and you need to configure the Postfix
+Makefiles accordingly. </p>
+
+<p> For example, to build the OpenLDAP libraries for use with
+Postfix (i.e. LDAP client code only), you could use the following
+command: </p>
+
+<blockquote>
+<pre>
+% ./configure --without-kerberos --without-cyrus-sasl --without-tls \
+ --without-threads --disable-slapd --disable-slurpd \
+ --disable-debug --disable-shared
+</pre>
+</blockquote>
+
+<p> If you're using the libraries from the UM distribution
+(<a href="http://www.umich.edu/~dirsvcs/ldap/ldap.html">http://www.umich.edu/~dirsvcs/ldap/ldap.html</a>) or OpenLDAP
+(<a href="http://www.openldap.org">http://www.openldap.org</a>), something like this in the top level of
+your Postfix source tree should work: </p>
+
+<blockquote>
+<pre>
+% make tidy
+% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
+ <a href="LDAP_README.html">AUXLIBS_LDAP</a>="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
+</pre>
+</blockquote>
+
+<p> If your LDAP shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lldap". </p>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="LDAP_README.html">AUXLIBS_LDAP</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded LDAP database client, but only the new
+<a href="LDAP_README.html">AUXLIBS_LDAP</a> variable supports building a dynamically-loaded or
+statically-loaded LDAP database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="LDAP_README.html">AUXLIBS_LDAP</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have LDAP database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> On Solaris 2.x you may have to specify run-time link information,
+otherwise ld.so will not find some of the shared libraries: </p>
+
+<blockquote>
+<pre>
+% make tidy
+% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
+ <a href="LDAP_README.html">AUXLIBS_LDAP</a>="-L/usr/local/lib -R/usr/local/lib -lldap \
+ -L/usr/local/lib -R/usr/local/lib -llber"
+</pre>
+</blockquote>
+
+<p> The 'make tidy' command is needed only if you have previously
+built Postfix without LDAP support. </p>
+
+<p> Instead of '/usr/local' specify the actual locations of your
+LDAP include files and libraries. Be sure to not mix LDAP include
+files and LDAP libraries of different versions!! </p>
+
+<p> If your LDAP libraries were built with Kerberos support, you'll
+also need to include your Kerberos libraries in this line. Note
+that the KTH Kerberos IV libraries might conflict with Postfix's
+lib/libdns.a, which defines dns_lookup. If that happens, you'll
+probably want to link with LDAP libraries that lack Kerberos support
+just to build Postfix, as it doesn't support Kerberos binds to the
+LDAP server anyway. Sorry about the bother. </p>
+
+<p> If you're using one of the Netscape LDAP SDKs, you'll need to
+change the AUXLIBS line to point to libldap10.so or libldapssl30.so
+or whatever you have, and you may need to use the appropriate linker
+option (e.g. '-R') so the executables can find it at runtime. </p>
+
+<p> If you are using OpenLDAP, and the libraries were built with SASL
+support, you can add -DUSE_LDAP_SASL to the CCARGS to enable SASL support.
+For example: </p>
+
+<blockquote>
+<pre>
+ CCARGS="-I/usr/local/include -DHAS_LDAP -DUSE_LDAP_SASL"
+</pre>
+</blockquote>
+
+<h2><a name="config">Configuring LDAP lookups</a></h2>
+
+<p> In order to use LDAP lookups, define an LDAP source
+as a table lookup in <a href="postconf.5.html">main.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/ldap-aliases.cf can specify a great number
+of parameters, including parameters that enable LDAP SSL or STARTTLS,
+and LDAP SASL. For a complete description, see the <a href="ldap_table.5.html">ldap_table(5)</a>
+manual page. </p>
+
+<h2><a name="example_alias">Example: local(8) aliases</a></h2>
+
+<p> Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
+aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
+</pre>
+</blockquote>
+
+<p> and in <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf you have: </p>
+
+<blockquote>
+<pre>
+server_host = ldap.example.com
+search_base = dc=example, dc=com
+</pre>
+</blockquote>
+
+<p> Upon receiving mail for a local address "ldapuser" that isn't
+found in the /etc/aliases database, Postfix will search the LDAP
+server listening at port 389 on ldap.example.com. It will bind anonymously,
+search for any directory entries whose mailacceptinggeneralid
+attribute is "ldapuser", read the "maildrop" attributes of those
+found, and build a list of their maildrops, which will be treated
+as <a href="https://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be delivered. </p>
+
+<h2><a name="example_virtual">Example: virtual domains/addresses</a></h2>
+
+<p> If you want to keep information for virtual lookups in your
+directory, it's only a little more complicated. First, you need to
+make sure Postfix knows about the virtual domain. An easy way to
+do that is to add the domain to the mailacceptinggeneralid attribute
+of some entry in the directory. Next, you'll want to make sure all
+of your virtual recipient's mailacceptinggeneralid attributes are
+fully qualified with their virtual domains. Finally, if you want
+to designate a directory entry as the default user for a virtual
+domain, just give it an additional mailacceptinggeneralid (or the
+equivalent in your directory) of "@fake.dom". That's right, no
+user part. If you don't want a catchall user, omit this step and
+mail to unknown users in the domain will simply bounce. </p>
+
+<p> In summary, you might have a catchall user for a virtual domain
+that looks like this: </p>
+
+<blockquote>
+<pre>
+ dn: cn=defaultrecipient, dc=fake, dc=dom
+ objectclass: top
+ objectclass: virtualaccount
+ cn: defaultrecipient
+ owner: uid=root, dc=someserver, dc=isp, dc=dom
+1 -&gt; mailacceptinggeneralid: fake.dom
+2 -&gt; mailacceptinggeneralid: @fake.dom
+3 -&gt; maildrop: realuser@real.dom
+</pre>
+</blockquote>
+
+<dl compact>
+
+<dd> <p> 1: Postfix knows fake.dom is a valid virtual domain when
+it looks for this and gets something (the maildrop) back. </p>
+
+<dd> <p> 2: This causes any mail for unknown users in fake.dom to
+go to this entry ... </p>
+
+<dd> <p> 3: ... and then to its maildrop. </p>
+
+</dl>
+
+<p> Normal users might simply have one mailacceptinggeneralid and
+<a href="QSHAPE_README.html#maildrop_queue">maildrop</a>, e.g. "normaluser@fake.dom" and "normaluser@real.dom".
+</p>
+
+<h2><a name="example_group">Example: expanding LDAP groups</a></h2>
+
+<p>
+LDAP is frequently used to store group member information. There are a
+number of ways of handling LDAP groups. We will show a few examples in
+order of increasing complexity, but owing to the number of independent
+variables, we can only present a tiny portion of the solution space.
+We show how to:
+</p>
+
+<ol>
+
+<li> <p> query groups as lists of addresses; </p>
+
+<li> <p> query groups as lists of user objects containing addresses; </p>
+
+<li> <p> forward special lists unexpanded to a separate list server,
+for moderation or other processing; </p>
+
+<li> <p> handle complex schemas by controlling expansion and by treating
+leaf nodes specially, using features that are new in Postfix 2.4. </p>
+
+</ol>
+
+<p>
+The example LDAP entries and implied schema below show two group entries
+("agroup" and "bgroup") and four user entries ("auser", "buser", "cuser"
+and "duser"). The group "agroup" has the users "auser" (1) and "buser" (2)
+as members via DN references in the multi-valued attribute "memberdn", and
+direct email addresses of two external users "auser@example.org" (3) and
+"buser@example.org" (4) stored in the multi-valued attribute "memberaddr".
+The same is true of "bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but
+"bgroup" also has a "maildrop" attribute of "bgroup@mlm.example.com"
+(5): </p>
+
+<blockquote>
+<pre>
+ dn: cn=agroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: agroup
+ mail: agroup@example.com
+1 -&gt; memberdn: uid=auser, dc=example, dc=com
+2 -&gt; memberdn: uid=buser, dc=example, dc=com
+3 -&gt; memberaddr: auser@example.org
+4 -&gt; memberaddr: buser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: cn=bgroup, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapgroup
+ cn: bgroup
+ mail: bgroup@example.com
+5 -&gt; maildrop: bgroup@mlm.example.com
+6 -&gt; memberdn: uid=cuser, dc=example, dc=com
+7 -&gt; memberdn: uid=duser, dc=example, dc=com
+8 -&gt; memberaddr: cuser@example.org
+9 -&gt; memberaddr: duser@example.org
+</pre>
+<br>
+
+<pre>
+ dn: uid=auser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: auser
+10 -&gt; mail: auser@example.com
+11 -&gt; maildrop: auser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=buser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: buser
+12 -&gt; mail: buser@example.com
+13 -&gt; maildrop: buser@mailhub.example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=cuser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: cuser
+14 -&gt; mail: cuser@example.com
+</pre>
+<br>
+
+<pre>
+ dn: uid=duser, dc=example, dc=com
+ objectclass: top
+ objectclass: ldapuser
+ uid: duser
+15 -&gt; mail: duser@example.com
+</pre>
+<br>
+
+</blockquote>
+
+<p> Our first use case ignores the "memberdn" attributes, and assumes
+that groups hold only direct "memberaddr" strings as in (3), (4), (8) and
+(9). The goal is to map the group address to the list of constituent
+"memberaddr" values. This is simple, ignoring the various connection
+related settings (hosts, ports, bind settings, timeouts, ...) we have:
+</p>
+
+<blockquote>
+<pre>
+ simple.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/simple.cf \
+ auser@example.org,buser@example.org
+</pre>
+</blockquote>
+
+<p> We search "dc=example, dc=com". The "mail" attribute is used in the
+query_filter to locate the right group, the "result_attribute" setting
+described in <a href="ldap_table.5.html">ldap_table(5)</a> is used to specify that "memberaddr" values
+from the matching group are to be returned as a comma separated list.
+Always check tables using <a href="postmap.1.html">postmap(1)</a> with the "-q" option, before
+deploying them into production use in <a href="postconf.5.html">main.cf</a>. </p>
+
+<p> Our second use case instead expands "memberdn" attributes (1), (2),
+(6) and (7), follows the DN references and returns the "maildrop" of the
+referenced user entries. Here we use the "special_result_attribute"
+setting from <a href="ldap_table.5.html">ldap_table(5)</a> to designate the "memberdn" attribute
+as holding DNs of the desired member entries. The "result_attribute"
+setting selects which attributes are returned from the selected DNs. It
+is important to choose a result attribute that is not also present in
+the group object, because result attributes are collected from both
+the group and the member DNs. In this case we choose "maildrop" and
+assume for the moment that groups never have a "maildrop" (the "bgroup"
+"maildrop" attribute is for a different use case). The returned data for
+"auser" and "buser" is from items (11) and (13) in the example data. </p>
+
+<blockquote>
+<pre>
+ special.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ special_result_attribute = memberdn
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/special.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
+</pre>
+</blockquote>
+
+<p> Note: if the desired member object result attribute is always also
+present in the group, you get surprising results: the expansion also
+returns the address of the group. This is a known limitation of Postfix
+releases prior to 2.4, and is addressed in the new with Postfix 2.4
+"leaf_result_attribute" feature described in <a href="ldap_table.5.html">ldap_table(5)</a>. </p>
+
+<p> Our third use case has some groups that are expanded immediately,
+and other groups that are forwarded to a dedicated mailing list manager
+host for delayed expansion. This uses two LDAP tables, one for users
+and forwarded groups and a second for groups that can be expanded
+immediately. It is assumed that groups that require forwarding are
+never nested members of groups that are directly expanded. </p>
+
+<blockquote>
+<pre>
+ no_expand.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ expand.cf
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = maildrop
+ special_result_attribute = memberdn
+ $ postmap -q auser@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ auser@mailhub.example.com
+ $ postmap -q agroup@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com
+ $ postmap -q bgroup@example.com \
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/no_expand.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/expand.cf \
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Non-group objects and groups with delayed expansion (those that have a
+maildrop attribute) are rewritten to a single maildrop value. Groups that
+don't have a maildrop are expanded as the second use case. This admits
+a more elegant solution with Postfix 2.4 and later. </p>
+
+<p> Our final use case is the same as the third, but this time uses new
+features in Postfix 2.4. We now are able to use just one LDAP table and
+no longer need to assume that forwarded groups are never nested inside
+expanded groups. </p>
+
+<blockquote>
+<pre>
+ fancy.cf:
+ ...
+ search_base = dc=example, dc=com
+ query_filter = mail=%s
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+ $ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com
+ $ postmap -q cuser@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ cuser@example.com
+ $ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ $ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/fancy.cf \
+ bgroup@mlm.example.com
+</pre>
+</blockquote>
+
+<p> Above, delayed expansion is enabled via "terminal_result_attribute",
+which, if present, is used as the sole result and all other expansion is
+suppressed. Otherwise, the "leaf_result_attribute" is only returned for
+leaf objects that don't have a "special_result_attribute" (non-groups),
+while the "result_attribute" (direct member address of groups) is returned
+at every level of recursive expansion, not just the leaf nodes. This fancy
+example illustrates all the features of Postfix 2.4 group expansion. </p>
+
+<h2><a name="other">Other uses of LDAP lookups</a></h2>
+
+Other common uses for LDAP lookups include rewriting senders and
+recipients with Postfix's canonical lookups, for example in order
+to make mail leaving your site appear to be coming from
+"First.Last@example.com" instead of "userid@example.com".
+
+<h2><a name="hmmmm">Notes and things to think about</a></h2>
+
+<ul>
+
+<li> <p> The bits of schema and attribute names used in this document are just
+ examples. There's nothing special about them, other than that some are
+ the defaults in the LDAP configuration parameters. You can use
+ whatever schema you like, and configure Postfix accordingly. </p>
+
+<li> <p> You probably want to make sure that mailacceptinggeneralids are
+ unique, and that not just anyone can specify theirs as postmaster or
+ root, say. </p>
+
+<li> <p> An entry can have an arbitrary number of mailacceptinggeneralids or
+ maildrops. Maildrops can also be comma-separated lists of addresses.
+ They will all be found and returned by the lookups. For example, you
+ could define an entry intended for use as a mailing list that looks
+ like this (Warning! Schema made up just for this example): </p>
+
+<blockquote>
+<pre>
+dn: cn=Accounting Staff List, dc=example, dc=com
+cn: Accounting Staff List
+o: example.com
+objectclass: maillist
+mailacceptinggeneralid: accountingstaff
+mailacceptinggeneralid: accounting-staff
+maildrop: mylist-owner
+maildrop: an-accountant
+maildrop: some-other-accountant
+maildrop: this, that, theother
+</pre>
+</blockquote>
+
+<li> <p> If you use an LDAP map for lookups other than aliases, you may have to
+ make sure the lookup makes sense. In the case of virtual lookups,
+ maildrops other than mail addresses are pretty useless, because
+ Postfix can't know how to set the ownership for program or file
+ delivery. Your <b>query_filter</b> should probably look something like this: </p>
+
+<blockquote>
+<pre>
+query_filter = (&amp;(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")(maildrop="*:*")(maildrop="*/*"))))
+</pre>
+</blockquote>
+
+<li> <p> And for that matter, even for aliases, you may not want users to be able to
+ specify their maildrops as programs, includes, etc. This might be
+ particularly pertinent on a "sealed" server where they don't have
+ local UNIX accounts, but exist only in LDAP and Cyrus. You might allow
+ the fun stuff only for directory entries owned by an administrative
+ account,
+ so that if the object had a program as its maildrop and weren't owned
+ by "cn=root" it wouldn't be returned as a valid local user. This will
+ require some thought on your part to implement safely, considering the
+ ramifications of this type of delivery. You may decide it's not worth
+ the bother to allow any of that nonsense in LDAP lookups, ban it in
+ the <b>query_filter</b>, and keep things like majordomo lists in local alias
+ databases. </p>
+
+<blockquote>
+<pre>
+query_filter = (&amp;(mailacceptinggeneralid=%s)(!(|(maildrop="*|*")(maildrop="*:*")(maildrop="*/*"))(owner=cn=root, dc=your, dc=com)))
+</pre>
+</blockquote>
+
+<li> <p> LDAP lookups are slower than local DB or DBM lookups. For most sites
+ they won't be a bottleneck, but it's a good idea to know how to tune
+ your directory service. </p>
+
+<li> <p> Multiple LDAP maps share the same LDAP connection if they differ
+ only in their query related parameters: base, scope, query_filter, and
+ so on. To take advantage of this, avoid spurious differences in the
+ definitions of LDAP maps: host selection order, version, bind, tls
+ parameters, ... should be the same for multiple maps whenever possible. </p>
+
+</ul>
+
+<h2><a name="feedback">Feedback</a></h2>
+
+<p> If you have questions, send them to postfix-users@postfix.org. Please
+include relevant information about your Postfix setup: LDAP-related
+output from postconf, which LDAP libraries you built with, and which
+directory server you're using. If your question involves your directory
+contents, please include the applicable bits of some directory entries. </p>
+
+<h2><a name="credits">Credits</a></h2>
+
+<ul>
+
+<li>Manuel Guesdon: Spotted a bug with the timeout attribute.
+
+<li>John Hensley: Multiple LDAP sources with more configurable attributes.
+
+<li>Carsten Hoeger: Search scope handling.
+
+<li>LaMont Jones: Domain restriction, URL and DN searches, multiple result
+ attributes.
+
+<li>Mike Mattice: Alias dereferencing control.
+
+<li>Hery Rakotoarisoa: Patches for LDAPv3 updating.
+
+<li>Prabhat K Singh: Wrote the initial Postfix LDAP lookups and connection caching.
+
+<li>Keith Stevenson: <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries.
+
+<li>Samuel Tardieu: Noticed that searches could include wildcards, prompting
+ the work on <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries. Spotted a bug
+ in binding.
+
+<li>Sami Haahtinen: Referral chasing and v3 support.
+
+<li>Victor Duchovni: ldap_bind() timeout. With fixes from LaMont Jones:
+ OpenLDAP cache deprecation. Limits on recursion, expansion
+ and search results size. LDAP connection sharing for maps
+ differing only in the query parameters.
+
+<li>Liviu Daia: Support for SSL/STARTTLS. Support for storing map definitions in
+ external files (<a href="ldap_table.5.html">ldap</a>:/path/ldap.cf) needed to securely store
+ passwords for plain auth.
+
+<li>Liviu Daia revised the configuration interface and added the <a href="postconf.5.html">main.cf</a>
+ configuration feature.</li>
+
+<li>Liviu Daia with further refinements from Jose Luis Tallon and
+Victor Duchovni developed the common query, result_format, domain and
+expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+
+<li>Gunnar Wrobel provided a first implementation of a feature to
+limit LDAP search results to leaf nodes only. Victor generalized
+this into the Postfix 2.4 "leaf_result_attribute" feature. </li>
+
+<li>Quanah Gibson-Mount contributed support for advanced LDAP SASL
+mechanisms, beyond the password-based LDAP "simple" bind. </li>
+
+</ul>
+
+And of course Wietse.
+
+</body>
+
+</html>
diff --git a/html/LINUX_README.html b/html/LINUX_README.html
new file mode 100644
index 0000000..06165f9
--- /dev/null
+++ b/html/LINUX_README.html
@@ -0,0 +1,120 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix and Linux</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Linux</h1>
+
+<hr>
+
+<h2> Host lookup issues </h2>
+
+<p> By default Linux /etc/hosts lookups do not support multiple IP
+addresses per hostname. This causes warnings from the Postfix SMTP
+server that "hostname XXX does not resolve to address YYY", and is
+especially a problem with hosts that have both IPv4 and IPv6
+addresses. To fix this, turn on support for multiple IP addresses: </p>
+
+<blockquote>
+<pre>
+/etc/host.conf:
+ ...
+ # We have machines with multiple IP addresses.
+ multi on
+ ...
+</pre>
+</blockquote>
+
+<p> Alternatively, specify the RESOLV_MULTI environment variable
+in <a href="postconf.5.html">main.cf</a>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#import_environment">import_environment</a> = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C RESOLV_MULTI=on
+</pre>
+</blockquote>
+
+<h2>Berkeley DB issues</h2>
+
+<p> If you can't compile Postfix because the file "db.h"
+isn't found, then you MUST install the Berkeley DB development
+package (name: db???-devel-???) that matches your system library.
+You can find out what is installed with the rpm command. For example:
+</p>
+
+<blockquote>
+<pre>
+$ <b>rpm -qf /usr/lib/libdb.so</b>
+db4-4.3.29-2
+</pre>
+</blockquote>
+
+<p> This means that you need to install db4-devel-4.3.29-2 (on
+some systems, specify "<b>rpm -qf /lib/libdb.so</b>" instead). </p>
+
+<p> DO NOT download some Berkeley DB version from the network.
+Every Postfix program will dump core when it is built with a different
+Berkeley DB version than the version that is used by the system
+library routines. See the <a href="DB_README.html">DB_README</a> file for further information.
+</p>
+
+<h2>Procmail issues</h2>
+
+<p> On RedHat Linux 7.1 and later <b>procmail</b> no longer has
+permission
+to write to the mail spool directory. Workaround: </p>
+
+<blockquote>
+<pre>
+# chmod 1777 /var/spool/mail
+</pre>
+</blockquote>
+
+<h2>Logging in a container</h2>
+
+<p> When running Postfix inside a container, you can use stdout
+logging as described in <a href="MAILLOG_README.html">MAILLOG_README</a>. Alternatives: run syslogd
+inside the container, or mount the host's syslog socket inside the
+container. </p>
+
+<h2>Syslogd performance</h2>
+
+<p> LINUX <b>syslogd</b> uses synchronous writes by default. Because
+of this, <b>syslogd</b> can actually use more system resources than
+Postfix. To avoid such badness, disable synchronous mail logfile
+writes by editing /etc/syslog.conf and by prepending a - to the
+logfile name: </p>
+
+<blockquote>
+<pre>
+/etc/syslog.conf:
+ mail.* -/var/log/mail.log
+</pre>
+</blockquote>
+
+<p> Send a "<b>kill -HUP</b>" to the <b>syslogd</b> to make the
+change effective. </p>
+
+<h2>Other logging performance issues</h2>
+
+<p> LINUX <b>systemd</b> intercepts all logging and enforces its
+own rate limits before handing off requests to a backend such as
+<b>rsyslogd</b> or <b>syslog-ng</b>. On a busy mail server this can
+result in information loss. As a workaround, you can use Postfix's
+built-in logging as described in <a href="MAILLOG_README.html">MAILLOG_README</a>. </p>
+
+</body>
+
+</html>
diff --git a/html/LMDB_README.html b/html/LMDB_README.html
new file mode 100644
index 0000000..ee1294b
--- /dev/null
+++ b/html/LMDB_README.html
@@ -0,0 +1,422 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix OpenLDAP LMDB Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix OpenLDAP LMDB Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix uses databases of various kinds to store and look up
+information. Postfix databases are specified as "type:name". OpenLDAP
+LMDB (called "LMDB" from here on) implements the Postfix database
+type "lmdb". The name of a Postfix LMDB database is the name of
+the database file without the ".lmdb" suffix. </p>
+
+<p> This document describes: </p>
+
+<ul>
+
+<li> <p> <a href="#with_lmdb">Building Postfix with LMDB support</a>.
+</p>
+
+<li> <p> <a href="#configure">Configuring LMDB settings</a>. </p>
+
+<li> <p> <a href="#locking">Using LMDB maps with non-Postfix programs</a>. </p>
+
+<li> <p> <a href="#supported"> Required minimum LMDB patchlevel</a>. </p>
+
+<li> <p> <a href="#credits"> Credits</a>. </p>
+
+</ul>
+
+<h2><a name="with_lmdb">Building Postfix with LMDB support</a></h2>
+
+<p> Postfix normally does not enable LMDB support. To
+build Postfix with LMDB support, use something like: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS="-DHAS_LMDB -I/usr/local/include" \
+ <a href="LMDB_README.html">AUXLIBS_LMDB</a>="-L/usr/local/lib -llmdb"
+% make
+</pre>
+</blockquote>
+
+<p> If your LMDB shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-llmdb". </p>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="LMDB_README.html">AUXLIBS_LMDB</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded LMDB database client, but only the new
+<a href="LMDB_README.html">AUXLIBS_LMDB</a> variable supports building a dynamically-loaded or
+statically-loaded LMDB database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="LMDB_README.html">AUXLIBS_LMDB</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have LMDB database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+
+<p> Solaris may need this: </p>
+
+<blockquote>
+<pre>
+% make makefiles CCARGS="-DHAS_LMDB -I/usr/local/include" \
+ <a href="LMDB_README.html">AUXLIBS_LMDB</a>="-R/usr/local/lib -L/usr/local/lib -llmdb"
+% make
+</pre>
+</blockquote>
+
+<p> The exact pathnames depend on how LMDB was installed. </p>
+
+<p> When building Postfix fails with: </p>
+
+<blockquote>
+<pre>
+undefined reference to `pthread_mutexattr_destroy'
+undefined reference to `pthread_mutexattr_init'
+undefined reference to `pthread_mutex_lock'
+</pre>
+</blockquote>
+
+<p> Add the "-lpthread" library to the "make makefiles" command. </p>
+
+<blockquote>
+<pre>
+% make makefiles .... <a href="LMDB_README.html">AUXLIBS_LMDB</a>="... -lpthread"
+</pre>
+</blockquote>
+
+<h2><a name="configure">Configuring LMDB settings</a></h2>
+
+<p> Postfix provides one configuration parameter that controls
+LMDB database behavior. </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (default: 16777216). This setting specifies
+the initial LMDB database size limit in bytes. Each time a database
+becomes "full", its size limit is doubled. The maximum size is the
+largest signed integer value of "long". </p>
+
+</ul>
+
+<h2> <a name="locking">Using LMDB maps with non-Postfix programs</a> </h2>
+
+<p> Programs that use LMDB's built-in locking protocol will corrupt
+a Postfix LMDB database or will read garbage. </p>
+
+<p> Postfix does not use LMDB's built-in locking protocol, because
+that would require world-writable lockfiles, and would violate
+Postfix security policy. Instead, Postfix uses external locks based
+on fcntl(2) to prevent writers from corrupting the database, and
+to prevent readers from receiving garbage. </p>
+
+<p> See <a href="lmdb_table.5.html">lmdb_table(5)</a> for a detailed description of the locking
+protocol that all programs must use when they access a Postfix LMDB
+database. </p>
+
+<h2> <a name="supported"> Required minimum LMDB patchlevel </a> </h2>
+
+<p> Currently, Postfix requires LMDB 0.9.11 or later. The required
+minimum LMDB patchlevel has evolved over time, as the result of
+Postfix deployment experience: </p>
+
+<ul>
+
+<li> <p> LMDB 0.9.11 allows Postfix daemons to log an LMDB error
+message, instead of falling out of the sky without any notification.
+</p>
+
+<li> <p> LMDB 0.9.10 closes an information leak where LMDB was
+writing up to 4-kbyte chunks of uninitialized heap memory to the
+database. This would persist information that was not meant to be
+persisted, or share information that was not meant to be shared.
+</p>
+
+<li> <p> LMDB 0.9.9 allows Postfix to use external (fcntl()-based)
+locks, instead of having to use world-writable LMDB lock files,
+violating the Postfix security model in multiple ways. </p>
+
+<li> <p> LMDB 0.9.8 allows Postfix to recover from a "database full"
+error without having to close the database. This version adds support
+to update the database size limit on-the-fly. This is necessary
+because Postfix database sizes vary with mail server load. </p>
+
+<li> <p> LMDB 0.9.7 allows the <a href="postmap.1.html">postmap(1)</a> and <a href="postalias.1.html">postalias(1)</a> commands
+to use a bulk-mode transaction larger than the amount of physical
+memory. This is necessary because LMDB supports databases larger
+than physical memory. </p>
+
+</ul>
+
+<h2> <a name="credits"> Credits</a> </h2>
+
+<ul>
+
+<li> <p> Howard Chu contributed the initial Postfix dict_lmdb driver.
+</p>
+
+<li> <p> Wietse Venema wrote an abstraction layer (slmdb) that
+behaves more like Berkeley DB, NDBM, etc. This layer automatically
+retries an LMDB request when a database needs to be resized, or
+after a database was resized by a different process. </p>
+
+<li> <p> Howard and Wietse went through many iterations with changes
+to both LMDB and Postfix, with input from Viktor Dukhovni. </p>
+
+</ul>
+
+<!--
+
+<h2><a name="limitations">Unexpected failure modes of Postfix LMDB
+databases. </a> </h2>
+
+<p> As documented below, conversion to LMDB introduces a number of
+failure modes that don't exist with other Postfix databases. Some
+failure modes have been eliminated in the course of time.
+The writeup below reflects the status as of LMDB 0.9.9. </p>
+
+-->
+
+<!--
+
+<p> <strong>Unexpected "Permission denied" errors. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> A world-readable LMDB database cannot
+be opened by a process with a UID that differs from the database
+file owner, even when an attempt is made to open the database
+read-only. This problem does not exist with other Postfix databases.
+</p> </dd>
+
+<dt> Background: </dt> <dd> <p> The LMDB implementation requires
+write access to maintain read locks, and perhaps for other purposes.
+</p> </dd>
+
+<dt> Solution: </dt> <dd> <p> Consider using <a href="CDB_README.html">cdb</a>: to manage root-owned
+databases under the root-owned <tt>/etc</tt> or <a href="postconf.5.html#config_directory">config_directory</a>
+(default: <tt>/etc/postfix</tt>) such as <a href="access.5.html">access(5)</a>, <a href="virtual.5.html">virtual(5)</a>,
+<a href="transport.5.html">transport(5)</a>. Support to create LMDB databases is available only
+for unprivileged Postfix daemon processes such as <a href="postscreen.8.html">postscreen(8)</a>,
+<a href="tlsmgr.8.html">tlsmgr(8)</a> and <a href="verify.8.html">verify(8)</a> that manage postfix-owned databases under
+the postfix-owned <a href="postconf.5.html#data_directory">data_directory</a> (default: <tt>/var/lib/postfix</tt>).
+</p> </dd>
+
+</dl>
+
+-->
+
+<!--
+
+<p> <strong>Unexpected "readers full" errors. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> Under heavy load, database read
+operations fail with MDB_READERS_FULL errors. This problem does not
+exist with other Postfix databases. </p> </dd>
+
+<dt> Background: </dt> <dd> <p> The LMDB implementation enforces a
+hard limit on the number of simultaneous read requests for the same
+database environment. This limit must be specified in advance with
+the lmdb_max_readers configuration parameter. </p> </dd>
+
+<dt> Mitigation: </dt> <dd> <p> Postfix logs a warning suggesting
+that the lmdb_max_readers parameter value be increased, and retries
+the failed operation for a limited number of times while running
+with reduced performance. </p> </dd>
+
+<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files for
+MDB_READERS_FULL errors. After making the necessary adjustments,
+restart Postfix. </p> </dd>
+
+</dl>
+
+-->
+
+<!--
+
+<p> <strong>Unexpected <a href="postmap.1.html">postmap(1)</a>/<a href="postalias.1.html">postalias(1)</a> "database full"
+errors. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> The "postmap <a href="lmdb_table.5.html">lmdb</a>:filename" command
+fails with an MDB_TXN_FULL error. This problem does not exist with
+other Postfix databases. </p> </dd>
+
+<dt> Background: </dt>
+
+<dd>
+
+<p> The LMDB implementation has a hard limit on the total transaction
+size. This limit is independent of the LMDB database size. Therefore,
+the problem cannot be resolved by increasing the <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a>
+value. </p>
+
+<p> This symptom is indicative of a flawed design. All LMDB data
+structures should share the same storage pool so that they can scale
+with the database size, and so that all "out of storage" errors are
+resolved by increasing the database size. </p> </dd>
+
+-->
+
+<!--
+
+<p> Problem: </dt> <dd> <p> The "postmap <a href="lmdb_table.5.html">lmdb</a>:filename" command
+fails with an MDB_MAP_FULL error. This problem does not exist with
+other Postfix databases. </p> </dd>
+
+<dl>
+
+<dt> Background: </dt>
+
+<dd>
+
+<p> LMDB databases have a hard size limit (configured with the
+<a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> configuration parameter). </p>
+
+<p> When executing "postmap <a href="lmdb_table.5.html">lmdb</a>:filename", the Postfix LMDB database
+client stores the new data in a transaction which takes up space
+in addition to the existing data, and commits the transaction when
+it closes the database. Only then can the space for old data be
+reused. </p>
+
+</dd>
+
+<dt> Impact: </dt> <dd> <p> This failure does not affect Postfix
+availability, because the old data still exists in the database.
+</p> </dd>
+
+<dt> Mitigation: </dt> <dd>
+
+<p> When the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command fails with an
+MDB_MAP_FULL error, it expands the database file size to the current
+LMDB map size limit before terminating. </p>
+
+<p> Next, when you re-run the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> command,
+it discovers that the LMDB file is larger than <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a>/3,
+logs a warning, and uses a larger LMDB map size limit instead: </p>
+
+<p> <tt> warning: <i>filename</i>.<a href="lmdb_table.5.html">lmdb</a>: file size 15024128 &ge;
+(lmdb map size limit 16777216)/3<br> warning: <i>filename</i>.<a href="lmdb_table.5.html">lmdb</a>:
+using map size limit 45072384</tt> </p>
+
+<p> By repeating the two steps above you can automate recovery and
+avoid the need for human intervention. Just repeat "postmap
+<a href="lmdb_table.5.html">lmdb</a>:filename" (up to some limit). After each failure it will use
+a 3x larger size limit, and eventually the "database full" error
+should disappear. This fails only when the disk is full or when
+the LMDB map size limit would exceed the memory address space size
+limit. </p>
+
+<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files and make
+sure that in <a href="postconf.5.html">main.cf</a>, <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> &gt; 3x the largest LMDB file
+size. </p> </dd> </dl>
+
+</dl>
+
+-->
+
+<!--
+
+<p> <strong>Unexpected Postfix daemon "database full" errors.
+</strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> Postfix daemon programs fail with
+"database full" errors, such as <a href="postscreen.8.html">postscreen(8)</a>, <a href="tlsmgr.8.html">tlsmgr(8)</a> or <a href="verify.8.html">verify(8)</a>.
+This problem does not exist with other Postfix databases. </p>
+</dd>
+
+<dt> Impact: </dt> <dd> <p> This failure temporarily affects Postfix
+availability. The daemon restarts automatically and tries to open
+the database again as described next. </p> </dd>
+
+<dt> Mitigation: </dt> <dd> <p> When a Postfix daemon opens an LMDB
+file larger than <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a>/3, it logs a warning and uses a
+larger size limit instead: </p>
+
+<p> <tt> warning: <i>filename</i>.<a href="lmdb_table.5.html">lmdb</a>: file size 15024128 &ge;
+(lmdb map size limit 16777216)/3 <br>warning: <i>filename</i>.<a href="lmdb_table.5.html">lmdb</a>:
+using map size limit 45072384</tt> </p>
+
+<p> This can be used to automate recovery and avoid the need for
+human intervention. Each time the daemon runs into a "database full"
+error, it restarts and uses a 3x larger size limit. The "database
+full" error will disappear, at least for a while. </p>
+
+<dt> Prevention: </dt> <dd> <p> Monitor your LMDB files and make
+sure that <a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> &gt; 3x the largest LMDB file size. </p>
+</dd> </dl>
+
+-->
+
+<!--
+
+<p> <strong>Non-obvious recovery with <a href="postmap.1.html">postmap(1)</a>, <a href="postalias.1.html">postalias(1)</a>, or
+<a href="tlsmgr.8.html">tlsmgr(8)</a> from a corrupted database. </strong></p>
+
+<dl>
+
+<dt> Problem: </dt> <dd> <p> A corrupted LMDB database can't be
+rebuilt simply by re-running <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>, or by
+waiting until a <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon restarts. This problem does not
+exist with other Postfix databases. </p> </dd>
+
+<dt> Background: </dt> <dd> <p> The Postfix LMDB database client
+does not truncate the database file. Instead it attempts to create
+a transaction for a "drop" request plus subsequent "store" requests.
+That is obviously not possible with a corrupted database file. </p>
+</dd>
+
+<dt> Impact: </dt> <dd> <p> Postfix does not process mail until
+someone fixes the problem. </p> </dd>
+
+<dt> Recovery: </dt> <dd> <p> First delete the ".lmdb" file by hand.
+Then rebuild the file with the <a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a>
+command if the file was created with those commands, or restart
+postfix daemons if the file is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>.
+</p> </dd>
+
+<dt> Prevention: </dt> <dd>
+
+<p> Arrange your file systems such that they never run out of free
+space. </p>
+
+<p> Use ECC memory to detect and correct silent corruption of
+in-memory file system data and metadata. </p>
+
+<p> Use a file system such as ZFS to detect and correct silent
+corruption of on-disk file system data and metadata. DO NOT
+use ZFS on systems without ECC memory error correction. </p>
+
+</dd> </dl>
+
+-->
+
+</body>
+
+</html>
diff --git a/html/LOCAL_RECIPIENT_README.html b/html/LOCAL_RECIPIENT_README.html
new file mode 100644
index 0000000..a3a3636
--- /dev/null
+++ b/html/LOCAL_RECIPIENT_README.html
@@ -0,0 +1,181 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Rejecting Unknown Local Recipients with Postfix</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Rejecting Unknown Local Recipients with Postfix</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> As of Postfix version 2.0, the Postfix SMTP server rejects mail
+for unknown recipients in <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> (domains that match
+$<a href="postconf.5.html#mydestination">mydestination</a> or the IP addresses in $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>) with "User unknown in local recipient table".
+This feature was optional with earlier Postfix versions. </p>
+
+<p> The good news is that this keeps undeliverable mail out of your
+queue, so that your mail queue is not clogged up with undeliverable
+MAILER-DAEMON messages. </p>
+
+<p> The bad news is that it may cause mail to be rejected when you
+upgrade from a Postfix system that was not configured to reject
+mail for unknown local recipients. </p>
+
+<p> This document describes what steps are needed in order to reject
+unknown local recipients correctly. </p>
+
+<ul>
+
+<li><a href="#main_config">Configuring local_recipient_maps
+in main.cf</a>
+
+<li><a href="#change">When you need to change the local_recipient_maps
+setting in main.cf</a>
+
+<li><a href="#format">Local recipient table format </a>
+
+</ul>
+
+<h2><a name="main_config">Configuring local_recipient_maps
+in main.cf</a></h2>
+
+<p> The <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter specifies lookup tables with
+all names or addresses of local recipients. A recipient address is
+local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
+$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
+the address with "User unknown in local recipient table". </p>
+
+<p> The default setting, shown below, assumes that you use the
+default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
+recipients are either UNIX accounts or local aliases: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
+</pre>
+</blockquote>
+
+<p> To turn off unknown local recipient rejects by the SMTP server,
+specify: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+</pre>
+</blockquote>
+
+<p> That is, an empty value. With this setting, the Postfix SMTP
+server will not reject mail with "User unknown in local recipient
+table". <b> Don't do this on systems that receive mail directly
+from the Internet. With today's worms and viruses, Postfix will
+become a backscatter source: it accepts mail for non-existent
+recipients and then tries to return that mail as "undeliverable"
+to the often forged sender address</b>. </p>
+
+<h2><a name="change">When you need to change the local_recipient_maps
+setting in main.cf</a></h2>
+
+<ul>
+
+ <li> <p> Problem: you don't use the default Postfix <a href="local.8.html">local(8)</a>
+ delivery agent for domains matching $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+ or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. For example, you redefined the
+ "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. </p>
+
+ <p> Solution: your <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting needs to specify
+ a database that lists all the known user names or addresses
+ for that delivery agent. For example, if you deliver users in
+ $<a href="postconf.5.html#mydestination">mydestination</a> etc. domains via the <a href="virtual.8.html">virtual(8)</a> delivery agent,
+ specify: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost ...
+ <a href="postconf.5.html#local_transport">local_transport</a> = virtual
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+</pre>
+
+ <p> If you use a different delivery agent for $<a href="postconf.5.html#mydestination">mydestination</a>
+ etc. domains, see the section "<a href="#format">Local recipient
+ table format</a>" below for a description of how the table
+ should be populated. </p>
+
+ <li> <p> Problem: you use the <a href="postconf.5.html#mailbox_transport">mailbox_transport</a> or <a href="postconf.5.html#fallback_transport">fallback_transport</a>
+ feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent in order to
+ deliver mail to non-UNIX accounts. </p>
+
+ <p> Solution: you need to add the database that lists the
+ non-UNIX users: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
+ &lt;the database with non-UNIX accounts&gt;
+</pre>
+
+ <p> See the section "<a href="#format">Local recipient table
+ format</a>" below for a description of how the table should be
+ populated. </p>
+
+ <li> <p> Problem: you use the <a href="postconf.5.html#luser_relay">luser_relay</a> feature of the Postfix
+ local delivery agent. </p>
+
+ <p> Solution: you must disable the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> feature
+ completely, so that Postfix accepts mail for all local addresses:
+ </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+</pre>
+
+</ul>
+
+<h2><a name="format">Local recipient table format</a> </h2>
+
+<p> If you use local files in <a href="postmap.1.html">postmap(1)</a> format, then
+<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> expects the following table format: </p>
+
+<ul>
+
+<li> <p> In the left-hand side, specify a bare username, an
+"@domain.tld" wild-card, or specify a complete "user@domain.tld"
+address. </p>
+
+<li> <p> You have to specify something on the right-hand side of
+the table, but the value is ignored by <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>.
+
+</ul>
+
+<p> If you use lookup tables based on NIS, LDAP, MYSQL, or PGSQL,
+then <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> does the same queries as for local files
+in <a href="postmap.1.html">postmap(1)</a> format, and expects the same results. </p>
+
+<p> With regular expression tables, Postfix only queries with the
+full recipient address, and not with the bare username or the
+"@domain.tld" wild-card. </p>
+
+<p> NOTE: a lookup table should always return a result when the address
+exists, and should always return "not found" when the address does
+not exist. In particular, a zero-length result does not count as
+a "not found" result. </p>
+
+</body>
+
+</html>
diff --git a/html/MAILDROP_README.html b/html/MAILDROP_README.html
new file mode 100644
index 0000000..6c5b4ca
--- /dev/null
+++ b/html/MAILDROP_README.html
@@ -0,0 +1,196 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix + Maildrop Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix + Maildrop Howto</h1>
+
+<hr>
+
+<h2> Introduction </h2>
+
+<p> This document discusses various options to plug the maildrop
+delivery agent into Postfix: </p>
+
+<ul>
+
+<li><a href="#direct">Direct delivery without the local delivery agent</a>
+
+<li><a href="#indirect">Indirect delivery via the local delivery agent</a>
+
+<li><a href="#credits">Credits</a>
+
+</ul>
+
+<h2><a name="direct">Direct delivery without the local delivery agent</a></h2>
+
+<p> Postfix can be configured to deliver mail directly to <a href="QSHAPE_README.html#maildrop_queue">maildrop</a>,
+without using the <a href="local.8.html">local(8)</a> delivery agent as an intermediate. This
+means that you do not get local <a href="aliases.5.html">aliases(5)</a> expansion or $HOME/.forward
+file processing. You would typically do this for <a href="VIRTUAL_README.html#canonical">hosted domains</a> with
+recipients that don't have UNIX home directories. </p>
+
+<p> The following example shows how to use maildrop for some.domain
+and for someother.domain. The example comes in two parts. </p>
+
+<p> Part 1 describes changes to the <a href="postconf.5.html">main.cf</a> file: </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 maildrop_destination_recipient_limit = 1
+ 3 <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = some.domain someother.domain
+ 4 <a href="postconf.5.html#virtual_transport">virtual_transport</a> = maildrop
+ 5 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual_mailbox
+ 6 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual_alias
+ 7
+ 8 /etc/postfix/virtual_mailbox:
+ 9 user1@some.domain <i>...text here does not matter...</i>
+10 user2@some.domain <i>...text here does not matter...</i>
+11 user3@someother.domain <i>...text here does not matter...</i>
+12
+13 /etc/postfix/virtual_alias:
+14 postmaster@some.domain postmaster
+15 postmaster@someother.domain postmaster
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> Line 2 is needed so that Postfix will provide one recipient
+at a time to the maildrop delivery agent. </p>
+
+<li> <p> Line 3 informs Postfix that some.domain and someother.domain
+are so-called <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a>.
+Instead of listing the names in <a href="postconf.5.html">main.cf</a> you can also
+list them in a file; see the <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> documentation for
+details. </p>
+
+<li> <p> Line 4 specifies that mail for some.domain and someother.domain
+should be delivered by the maildrop delivery agent. </p>
+
+<li> <p> Lines 5 and 8-11 specify what recipients the Postfix SMTP
+server should receive mail for. This prevents the mail queue from
+becoming clogged with undeliverable messages. Specify an empty
+value ("<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> =") to disable this feature. </p>
+
+<li> <p> Lines 6 and 13-15 redirect mail for postmaster to the
+local postmaster. <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> requires that every domain has a postmaster
+address. </p>
+
+</ul>
+
+<p> The vmail userid as used below is the user that maildrop should
+run as. This would be the owner of the virtual mailboxes if they
+all have the same owner. If maildrop is suid (see maildrop
+documentation), then maildrop will change to the appropriate owner
+to deliver the mail. </p>
+
+<p> Note: Do not use the postfix user as the maildrop user. </p>
+
+<p> Part 2 describes changes to the <a href="master.5.html">master.cf</a> file: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ maildrop unix - n n - - pipe
+ flags=ODRhu user=vmail argv=/path/to/maildrop -d ${recipient}
+</pre>
+</blockquote>
+
+<p> The <a href="pipe.8.html">pipe(8)</a> manual page gives a detailed description of the
+above command line arguments, and more. </p>
+
+<p> If you want to support user+extension@domain style addresses,
+use the following instead: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ maildrop unix - n n - - pipe
+ flags=ODRhu user=vmail argv=/path/to/maildrop
+ -d ${user}@${domain} ${extension} ${recipient} ${user} ${nexthop}
+</pre>
+</blockquote>
+
+<p> The mail is delivered to ${user}@${domain} (search key for
+maildrop userdb lookup). The ${extension} and the other address
+components are available to maildrop rules as $1, $2, $3, ... and
+can be omitted from <a href="master.5.html">master.cf</a> or ignored by maildrop when not
+needed. </p>
+
+<p> With Postfix 2.4 and earlier, use ${nexthop} instead of ${domain}.
+</p>
+
+<h2><a name="indirect">Indirect delivery via the local delivery agent</a></h2>
+
+<p> Postfix can be configured to deliver mail to maildrop via the
+local delivery agent. This is slightly less efficient than the
+"direct" approach discussed above, but gives you the convenience
+of local <a href="aliases.5.html">aliases(5)</a> expansion and $HOME/.forward file processing.
+You would typically use this for domains that are listed in
+<a href="postconf.5.html#mydestination">mydestination</a> and that have users with a UNIX system account. </p>
+
+<p> To configure maildrop delivery for all UNIX system accounts: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mailbox_command">mailbox_command</a> = /path/to/maildrop -d ${USER}
+</pre>
+</blockquote>
+
+<p> Note: ${USER} is spelled in upper case. </p>
+
+<p> To enable maildrop delivery for specific users only, you can
+use the Postfix <a href="local.8.html">local(8)</a> delivery agent's <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> feature:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/mailbox_commands
+
+/etc/postfix/mailbox_commands:
+ you /path/to/maildrop -d ${USER}
+</pre>
+</blockquote>
+
+<p> Maildrop delivery for specific users is also possible by
+invoking it from the user's $HOME/.forward file: </p>
+
+<blockquote>
+<pre>
+/home/you/.forward:
+ "|/path/to/maildrop -d ${USER}"
+</pre>
+</blockquote>
+
+<h2><a name="credits">Credits</a></h2>
+
+<ul>
+
+<li> The original text was kindly provided by Russell Mosemann.
+
+<li> Victor Duchovni provided tips for supporting user+foo@domain
+addresses.
+
+<li> Tonni Earnshaw contributed text about delivery via the <a href="local.8.html">local(8)</a>
+delivery agent.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/MAILLOG_README.html b/html/MAILLOG_README.html
new file mode 100644
index 0000000..be58e33
--- /dev/null
+++ b/html/MAILLOG_README.html
@@ -0,0 +1,185 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix logging to file or stdout</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+logging to file or stdout</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix supports its own logging system as an alternative to
+syslog (which remains the default). This is available with Postfix
+version 3.4 or later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#log-to-file">Configuring logging to file</a>
+
+<li><a href="#log-to-stdout">Configuring logging to stdout</a>
+
+<li><a href="#logrotate">Rotating logs </a>
+
+<li><a href="#limitations">Limitations</a>
+
+</ul>
+
+<h2> <a name="log-to-file"> Configuring logging to file </a> </h2>
+
+<p> Logging to file solves a usability problem for MacOS, and
+eliminates multiple problems for systemd-based systems. </p>
+
+<ol>
+
+<li> <p> Add the following line to <a href="master.5.html">master.cf</a> if not already present
+(note: there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure Postfix to write logging, to, for example,
+/var/log/postfix.log. See also the "<a href="#logrotate">Logfile
+rotation</a>" section below for logfile management. </p>
+
+<blockquote>
+<pre>
+# postfix stop
+# postconf <a href="postconf.5.html#maillog_file">maillog_file</a>=/var/log/postfix.log
+# postfix start
+</pre>
+</blockquote>
+
+<p> By default, the logfile name must start with "/var" or "/dev/stdout"
+(the list of allowed prefixes is configured with the <a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a>
+parameter). This safety mechanism limits the damage from a single
+configuration mistake. </p>
+
+</ol>
+
+<h2> <a name="log-to-stdout"> Configuring logging to stdout </a> </h2>
+
+<p> Logging to stdout is useful when Postfix runs in a container,
+as it eliminates a syslogd dependency. </p>
+
+<ol>
+
+<li> <p> Add the following line to <a href="master.5.html">master.cf</a> if not already present (note:
+there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure <a href="postconf.5.html">main.cf</a> with "<a href="postconf.5.html#maillog_file">maillog_file</a> = /dev/stdout". </p>
+
+<li> <p> Start Postfix with "<b>postfix start-fg</b>". </p>
+
+</ol>
+
+<h2> <a name="logrotate"> Rotating logs </a> </h2>
+
+<p> The command "<b>postfix logrotate</b>" may be run by hand or
+by a cronjob. It logs all errors, and reports errors to stderr if
+run from a terminal. This command implements the following steps:
+</p>
+
+<ul>
+
+<li> <p> Rename the current logfile by appending a suffix that
+contains the date and time. This suffix is configured with the
+<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%m%d-%H%M%S). </p>
+
+<li> <p> Reload Postfix so that <a href="postlogd.8.html">postlogd(8)</a> immediately closes the
+old logfile. </p>
+
+<li> <p> After a brief pause, compress the old logfile. The compression
+program is configured with the <a href="postconf.5.html#maillog_file_compressor">maillog_file_compressor</a> parameter
+(default: gzip). </p>
+
+</ul>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> This command will not rotate a logfile with a pathname under
+the /dev directory, such as /dev/stdout. </p>
+
+<li> <p> This command does not (yet) remove old logfiles. </p>
+
+</ul>
+
+<h2> <a name="limitations">Limitations</a> </h2>
+
+<p> Background: </p>
+
+<ul>
+
+<li> <p> Postfix consists of a number of daemon programs that run
+in the background, as well as non-daemon programs for local mail
+submission or Postfix management.
+
+<li> <p> Logging to the Postfix logfile or stdout requires the Postfix
+<a href="postlogd.8.html">postlogd(8)</a> service. This ensures that simultaneous logging from
+different programs will not get mixed up. </p>
+
+<li> <p> All Postfix programs can log to syslog, but not all programs
+have sufficient privileges to use the Postfix logging service, and
+many non-daemon programs must not log to stdout as that would corrupt
+their output. </p>
+
+</ul>
+
+<p> Limitations: </p>
+
+<ul>
+
+<li> <p> Non-daemon Postfix programs will log errors to syslogd(8)
+before they have processed command-line options and <a href="postconf.5.html">main.cf</a> parameters.
+
+<li> <p> If Postfix is down, the non-daemon programs <a href="postfix.1.html">postfix(1)</a>,
+<a href="postsuper.1.html">postsuper(1)</a>, <a href="postmulti.1.html">postmulti(1)</a>, and <a href="postlog.1.html">postlog(1)</a>, will log directly to
+$<a href="postconf.5.html#maillog_file">maillog_file</a>. These programs expect to run with root privileges,
+for example during Postfix start-up, reload, or shutdown.
+
+<li> <p> Other non-daemon Postfix programs will never write directly
+to $<a href="postconf.5.html#maillog_file">maillog_file</a> (also, logging to stdout would interfere with the
+operation of some of these programs). These programs can log to
+<a href="postlogd.8.html">postlogd(8)</a> if they are run by the super-user, or if their executable
+file has set-gid permission. Do not set this permission on programs
+other than <a href="postdrop.1.html">postdrop(1)</a>, <a href="postqueue.1.html">postqueue(1)</a>, and (Postfix &ge; 3.7)
+<a href="postlog.1.html">postlog(1)</a>.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/MEMCACHE_README.html b/html/MEMCACHE_README.html
new file mode 100644
index 0000000..462c76c
--- /dev/null
+++ b/html/MEMCACHE_README.html
@@ -0,0 +1,77 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix memcache client Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix memcache client Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p>The Postfix memcache client allows you to hook up Postfix to a
+memcache server. The current implementation supports one memcache
+server per Postfix table, with one optional Postfix database that
+provides persistent backup. The Postfix memcache client supports
+the lookup, update, delete and sequence operations. The sequence
+(i.e. first/next) operation requires a backup database that supports
+this operation. </p>
+
+<p> Typically, the Postfix memcache client is used to reduce query
+load on a persistent database, but it may also be used to query a
+memory-only database for low-value, easy-to-recreate, information
+such as a reputation cache for <a href="postscreen.8.html">postscreen(8)</a>, <a href="verify.8.html">verify(8)</a> or greylisting.
+</p>
+
+<h2>Limitations</h2>
+
+<ul>
+
+<li> <p> The Postfix memcache client cannot be used for security-sensitive
+tables such as <tt><a href="postconf.5.html#alias_maps">alias_maps</a></tt> (these may contain "<tt>|command</tt>"
+and "<tt>/file/name</tt>" destinations), or <tt><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></tt>,
+<tt><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></tt> and <tt><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></tt> (these
+specify UNIX process privileges or "<tt>/file/name</tt>" destinations).
+Typically, a memcache database is writable by any process that can
+talk to the memcache server; in contrast, security-sensitive tables
+must never be writable by the unprivileged Postfix user. </p>
+
+<li> <p> The Postfix memcache client requires additional configuration
+when used as <a href="postscreen.8.html">postscreen(8)</a> or <a href="verify.8.html">verify(8)</a> cache. For details see the
+<tt>backup</tt> and <tt>ttl</tt> parameter discussions in the
+<a href="memcache_table.5.html">memcache_table(5)</a> manual page. </p>
+
+</ul>
+
+<h2>Building Postfix with memcache support</h2>
+
+<p>The Postfix memcache client has no external dependencies,
+and is therefore built into Postfix by default. </p>
+
+<h2>Configuring memcache lookup tables</h2>
+
+<p> Configuration is described in the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p>
+
+<h2>Credits</h2>
+
+<p> The first memcache client for Postfix was written by Omar Kilani,
+and was based on the libmemcache library. </p>
+
+<p> Wietse wrote the current memcache client from the ground up for
+Postfix version 2.9. This implementation does not use libmemcache,
+and bears no resemblance to earlier work. </p>
+
+</body>
+
+</html>
diff --git a/html/MILTER_README.html b/html/MILTER_README.html
new file mode 100644
index 0000000..c69a5bf
--- /dev/null
+++ b/html/MILTER_README.html
@@ -0,0 +1,1003 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix before-queue Milter support </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix before-queue Milter support </h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> Postfix implements support for the Sendmail version 8 Milter
+(mail filter) protocol. This protocol is used by applications that
+run outside the MTA to inspect SMTP events (CONNECT, DISCONNECT),
+SMTP commands (HELO, MAIL FROM, etc.) as well as mail content
+(headers and body). All this happens before mail is queued. </p>
+
+<p> The reason for adding Milter support to Postfix is that there
+exists a large collection of applications, not only to block unwanted
+mail, but also to verify authenticity (examples: <a
+href="http://www.opendkim.org/">OpenDKIM</a> and <a
+href="http://www.trusteddomain.org/opendmarc/">DMARC </a>)
+or to digitally sign mail (example: <a
+href="http://www.opendkim.org/">OpenDKIM</a>).
+Having yet another Postfix-specific version of all that software
+is a poor use of human and system resources. </p>
+
+<p> The Milter protocol has evolved over time, and different Postfix
+versions implement different feature sets. See the <a
+href="#workarounds">workarounds</a> and <a
+href="#limitations">limitations</a> sections at the end of this
+document for differences between Postfix and Sendmail implementations.
+</p>
+
+<p> This document provides information on the following topics: </p>
+
+<ul>
+
+<li><a href="#plumbing">How Milter applications plug into Postfix </a>
+
+<li><a href="#when-inspect">When Postfix and Milters inspect an
+SMTP session </a>
+
+<li><a href="#building">Building Milter applications</a>
+
+<li><a href="#running">Running Milter applications</a>
+
+<li><a href="#config">Configuring Postfix</a>
+
+<li><a href="#workarounds">Workarounds</a>
+
+<li><a href="#limitations">Limitations</a>
+
+</ul>
+
+<h2><a name="plumbing">How Milter applications plug into Postfix </a> </h2>
+
+<p> The Postfix Milter implementation uses two different lists of
+mail filters: one list of filters for SMTP mail only,
+and one list of filters for non-SMTP mail. The two
+lists have different capabilities, which is unfortunate. Avoiding
+this would require major restructuring of Postfix. </p>
+
+<ul>
+
+<li> <p> The SMTP-only filters handle mail that arrives via the
+Postfix <a href="smtpd.8.html">smtpd(8)</a> server. They are typically used to filter unwanted
+mail and to sign mail from authorized SMTP clients. You specify
+SMTP-only Milter applications with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter as
+described in a later section. Mail that arrives via the Postfix
+<a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the non-SMTP filters that are
+described next. </p>
+
+<li> <p> The non-SMTP filters handle mail that arrives via the
+Postfix <a href="sendmail.1.html">sendmail(1)</a> command-line or via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server.
+They are typically used to digitally sign mail only. Although
+non-SMTP filters can be used to filter unwanted mail, they have
+limitations compared to the SMTP-only filters. You specify non-SMTP
+Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> parameter as described
+in a later section. </p>
+
+</ul>
+
+<p> For those who are familiar with the Postfix architecture, the
+figure below shows how Milter applications plug into Postfix. Names
+followed by a number are Postfix commands or server programs, while
+unnumbered names inside shaded areas represent Postfix queues. To
+avoid clutter, the path for local submission is simplified (the
+<a href="OVERVIEW.html">OVERVIEW</a> document has a more complete description of the Postfix
+architecture). </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td align="center"> SMTP-only <br> filters </td>
+
+<td> </td>
+
+<td align="center"> non-SMTP <br> filters </td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td align="center"> <table> <tr> <td align="center">
+^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
+</td> </tr> </table> </td>
+
+<td rowspan="2"> </td>
+
+<td rowspan="3" align="center"> <table> <tr> <td align="center">
+^<br> <tt> |<br> |<br> | </tt> </td> <td align="center"> <tt> |<br>
+|<br> |<br> v </tt> </td> </tr> </table> </td>
+
+</tr>
+
+<tr>
+
+<td> Network </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="smtpd.8.html">smtpd(8)</a>
+</td>
+
+</tr>
+
+<tr>
+
+<td colspan="3"> </td> <td> <tt> \ </tt> </td>
+
+</tr>
+
+<tr>
+
+<td> Network </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="qmqpd.8.html">qmqpd(8)</a>
+</td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="cleanup.8.html">cleanup(8)</a>
+</td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
+href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="3"> </td> <td> <tt> / </tt> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="pickup.8.html">pickup(8)</a>
+</td>
+
+</tr>
+
+<tr> <td colspan="2"> </td> <td align="center"> : </td> </tr>
+
+<tr>
+
+<td> Local </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="sendmail.1.html">sendmail(1)</a>
+</td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<h2><a name="when-inspect">When Postfix and Milters inspect an SMTP
+session </a></h2>
+
+<p> Generally, Postfix inspects information first, then the first
+configured Milter, the second configured Milter, and so on. </p>
+
+<ul>
+
+<li><p> With most SMTP commands: Postfix reviews one SMTP command,
+and if Postfix does not reject it, Postfix passes the command to
+the first configured Milter. If the first Milter does not reject
+the command, Postfix passes it to the second configured Milter, and
+so on. This includes commands with an envelope sender (MAIL FROM)
+or envelope recipient (RCPT TO). Postfix stores the same envelope
+records in a queue file as when no Milters are configured, including
+rewritten envelope addresses, expanded virtual aliases, BCC addresses
+from sender/recipient_bcc_maps, and so on. </p>
+
+<li><p> With header/body content: Postfix may rewrite or reject
+header/body content before it stores that content in the queue file;
+Postfix stores the same header/body content as when no Milters are
+configured. If Postfix does not reject the header/body content,
+Postfix passes it to the first configured Milter which may modify
+or reject that content or may modify the stored envelope. If the
+first Milter does not reject the header/body content, Postfix passes
+it to the second configured Milter, and so on. </p>
+
+</ul>
+
+<p> Details: </p>
+
+<ul>
+
+<li><p> Postfix hides its own Postfix-prepended Received: header, for
+compatibility with Sendmail. Postfix does not hide other headers that
+Postfix or Milters added or modified. </p>
+
+
+<li><p> When the Postfix SMTP server receives a sequence of one or
+more valid BDAT commands, it generates one DATA command for the
+Milters. </p>
+
+<li><p> The Milter API does not support inspection of SMTP commands
+such as QUIT, NOOP, or VRFY; the API supports only commands that are
+needed for email delivery. <p>
+
+</ul>
+
+<h2><a name="building">Building Milter applications</a></h2>
+
+<p> Milter applications have been written in C, Haskell, Java, Perl,
+Python, Rust, and more, but
+this document covers C applications only. For these, you need
+an object library that implements the Sendmail 8 Milter protocol.
+Postfix currently does not provide such a library, but Sendmail
+does. </p>
+
+<p> Some
+systems install the Sendmail libmilter library by default. With
+other systems, libmilter may be provided by a package (called
+"sendmail-devel" on some Linux systems). </p>
+
+<p> Once libmilter is installed, applications such as <a
+href="http://www.opendkim.org/">OpenDKIM</a> and
+<a href="http://www.trusteddomain.org/opendmarc/">OpenDMARC</a>
+build out of the box without requiring any tinkering:</p>
+
+<blockquote>
+<pre>
+$ <b>gzcat opendkim-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd opendkim-<i>x.y.z</i></b>
+$ <b>./configure ...<i>options</i>...</b>
+$ <b>make</b>
+[...<i>lots of output omitted</i>...]
+$ <b>make install</b>
+</pre>
+</blockquote>
+
+<h2><a name="running">Running Milter applications</a></h2>
+
+<p> To run a Milter application, see the documentation of the filter
+for options. A typical command looks like this:</p>
+
+<blockquote>
+<pre>
+# <b>/some/where/opendkim -l -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
+</pre>
+</blockquote>
+
+<p> Please specify a <i>userid</i> value that isn't used for other
+applications (not "postfix", not "www", etc.). </p>
+
+<h2><a name="config">Configuring Postfix</a></h2>
+
+<p> Like Sendmail, Postfix has a lot of configuration options that
+control how it talks to Milter applications. Besides global options
+that apply to all Milter applications, Postfix 3.0 and later
+support per-Milter timeouts, per-Milter error handling, etc. </p>
+
+<p> Information in this section: </p>
+
+<ul>
+
+<li><a href="#smtp-only-milters">SMTP-Only Milter applications </a>
+
+<li><a href="#non-smtp-milters">Non-SMTP Milter applications </a>
+
+<li><a href="#errors">Milter error handling </a>
+
+<li><a href="#version">Milter protocol version</a>
+
+<li><a href="#timeouts">Milter protocol timeouts</a>
+
+<li><a href="#per-milter">Different settings for different Milter
+applications </a>
+
+<li><a href="#per-client">Different settings for different SMTP
+clients </a>
+
+<li><a href="#macros">Sendmail macro emulation</a>
+
+<li><a href="#send-macros">What macros will Postfix send to Milters?</a>
+
+</ul>
+
+<h3><a name="smtp-only-milters">SMTP-Only Milter applications</a></h3>
+
+<p> The SMTP-only Milter applications handle mail that arrives via
+the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. They are typically used to filter
+unwanted mail, and to sign mail from authorized SMTP clients. Mail
+that arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the
+non-SMTP filters that are described in the next section. </p>
+
+<blockquote> NOTE for Postfix versions that have a <a href="postconf.5.html#mail_release_date">mail_release_date</a>
+before 20141018: do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
+information. </blockquote>
+
+<p> You specify SMTP-only Milter applications (there can be more
+than one) with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter. Each Milter application
+is identified by the name of its listening socket; other Milter
+configuration options will be discussed in later sections. Postfix
+sends commands to each Milter application in the order as configured
+with <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>. When a Milter application rejects a command,
+that will override responses from other Milter applications. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Milters for mail that arrives via the <a href="smtpd.8.html">smtpd(8)</a> server.
+ # See below for socket address syntax.
+ <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = inet:localhost:<i>portnumber</i> ...<i>other filters</i>...
+</pre>
+</blockquote>
+
+<p> The general syntax for listening sockets is as follows: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <b>unix:</b><i>pathname</i> </dt> <dd><p>Connect to the local
+UNIX-domain server that is bound to the specified pathname. If the
+<a href="smtpd.8.html">smtpd(8)</a> or <a href="cleanup.8.html">cleanup(8)</a> process runs chrooted, an absolute pathname
+is interpreted relative to the Postfix queue directory. On many
+systems, <b>local</b> is a synonym for <b>unix</b></p> </dd>
+
+<dt> <b> inet:</b><i>host</i><b>:</b><i>port</i> </dt> <dd> <p>
+Connect to the specified TCP port on the specified local or remote
+host. The host and port can be specified in numeric or symbolic
+form.</p>
+
+<p> NOTE: Postfix syntax differs from Milter syntax which has the
+form <b>inet:</b><i>port</i><b>@</b><i>host</i>. </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<p> For advanced configuration see "<a href="#per-client">Different
+settings for different SMTP clients</a>" and "<a
+href="#per-milter">Different settings for different Milter
+applications</a>". </p>
+
+<h3> <a name="non-smtp-milters">Non-SMTP Milter applications </a> </h3>
+
+<p> The non-SMTP Milter applications handle mail that arrives via
+the Postfix <a href="sendmail.1.html">sendmail(1)</a> command-line or via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a>
+server. They are typically used to digitally sign mail. Although
+non-SMTP filters can be used to filter unwanted mail, there are
+limitations as discussed later in this section. Mail that arrives
+via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server is not filtered by the non-SMTP
+filters. </p>
+
+<p> NOTE: Do not use the <a href="header_checks.5.html">header_checks(5)</a> IGNORE action to remove
+Postfix's own Received: message header. This causes problems with
+mail signing filters. Instead, keep Postfix's own Received: message
+header and use the <a href="header_checks.5.html">header_checks(5)</a> REPLACE action to sanitize
+information. </p>
+
+<p> You specify non-SMTP Milter applications with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
+parameter. This parameter uses the same syntax as the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>
+parameter in the previous section. As with the SMTP-only filters,
+you can specify more than one Milter application. Postfix sends
+commands to each Milter application in the order as configured with
+<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>. When a Milter application rejects a command,
+that will override responses from other Milter applications. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Milters for non-SMTP mail.
+ # See below for socket address syntax.
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> = inet:localhost:<i>portnumber</i> ...<i>other filters</i>...
+</pre>
+</blockquote>
+
+<p> There's one small complication when using Milter applications
+for non-SMTP mail: there is no SMTP session. To keep Milter
+applications happy, the Postfix <a href="cleanup.8.html">cleanup(8)</a> server actually has to
+simulate the SMTP client CONNECT and DISCONNECT events, and the
+SMTP client EHLO, MAIL FROM, RCPT TO and DATA commands. </p>
+
+<ul>
+
+<li> <p> When new mail arrives via the <a href="sendmail.1.html">sendmail(1)</a> command line,
+the Postfix <a href="cleanup.8.html">cleanup(8)</a> server pretends that the mail arrives with
+ESMTP from "localhost" with IP address "127.0.0.1". The result is
+very similar to what happens with command line submissions in
+Sendmail version 8.12 and later, although Sendmail uses a different
+mechanism to achieve this result. </p>
+
+<li> <p> When new mail arrives via the <a href="qmqpd.8.html">qmqpd(8)</a> server, the Postfix
+<a href="cleanup.8.html">cleanup(8)</a> server pretends that the mail arrives with ESMTP, and
+uses the QMQPD client hostname and IP address. </p>
+
+<li> <p> When old mail is re-injected into the queue with "postsuper
+-r", the Postfix <a href="cleanup.8.html">cleanup(8)</a> server uses the same client information
+that was used when the mail arrived as new mail. </p>
+
+</ul>
+
+<p> This generally works as expected, with only one exception:
+non-SMTP filters must not REJECT or TEMPFAIL simulated RCPT TO
+commands. When a <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> application REJECTs or TEMPFAILs
+a recipient, Postfix will report a configuration error, and mail
+will stay in the queue. </p>
+
+<h4> Signing internally-generated bounce messages </h4>
+
+<p> Postfix normally does not apply content filters to mail
+that is generated internally such as bounces or Postmaster
+notifications. Filtering internally-generated bounces would result
+in loss of mail when a filter rejects a message, as the resulting
+double-bounce message would almost certainly also be blocked. </p>
+
+<p> To sign Postfix's own bounce messages, enable filtering of
+internally-generated bounces (line 2 below), and don't reject any
+internally-generated bounces with <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a>
+or <a href="postconf.5.html#body_checks">body_checks</a> (lines 3-5 below). </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> = bounce
+3 <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> = <i>don't reject internally-generated bounces</i>
+4 <a href="postconf.5.html#header_checks">header_checks</a> = <i>don't reject internally-generated bounces</i>
+5 <a href="postconf.5.html#body_checks">body_checks</a> = <i>don't reject internally-generated bounces</i>
+</pre>
+</blockquote>
+
+<h3><a name="errors">Milter error handling</a></h3>
+
+<p> The <a href="postconf.5.html#milter_default_action">milter_default_action</a> parameter specifies how Postfix handles
+Milter application errors. The default action is to respond with a
+temporary error status, so that the client will try again later.
+Specify "accept" if you want to receive mail as if the filter does
+not exist, and "reject" to reject mail with a permanent status.
+The "quarantine" action is like "accept" but freezes the message
+in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>, and is available with Postfix 2.6 or later.
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # What to do in case of errors? Specify accept, reject, tempfail,
+ # or quarantine (Postfix 2.6 or later).
+ <a href="postconf.5.html#milter_default_action">milter_default_action</a> = tempfail
+</pre>
+</blockquote>
+
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
+<h3><a name="version">Milter protocol version</a></h3>
+
+<p> As Postfix is not built with the Sendmail libmilter library,
+you may need to configure the Milter protocol version that Postfix
+should use. The default version is 6 (before Postfix 2.6 the default
+version is 2). </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Postfix &ge; 2.6
+ <a href="postconf.5.html#milter_protocol">milter_protocol</a> = 6
+ # 2.3 &le; Postfix &le; 2.5
+ <a href="postconf.5.html#milter_protocol">milter_protocol</a> = 2
+</pre>
+</blockquote>
+
+<p> If the Postfix <a href="postconf.5.html#milter_protocol">milter_protocol</a> setting specifies a too low
+version, the libmilter library will log an error message like this:
+</p>
+
+<blockquote>
+<pre>
+<i>application name</i>: st_optionneg[<i>xxxxx</i>]: 0x<i>yy</i> does not fulfill action requirements 0x<i>zz</i>
+</pre>
+</blockquote>
+
+<p> The remedy is to increase the Postfix <a href="postconf.5.html#milter_protocol">milter_protocol</a> version
+number. See, however, the <a href="#limitations">limitations</a>
+section below for features that aren't supported by Postfix. </p>
+
+<p> With Postfix 2.7 and earlier, if the Postfix <a href="postconf.5.html#milter_protocol">milter_protocol</a>
+setting specifies a too high
+version, the libmilter library simply hangs up without logging a
+warning, and you see a Postfix warning message like one of the
+following: </p>
+
+<blockquote>
+<pre>
+warning: milter inet:<i>host</i>:<i>port</i>: can't read packet header: Unknown error : 0
+warning: milter inet:<i>host</i>:<i>port</i>: can't read packet header: Success
+warning: milter inet:<i>host</i>:<i>port</i>: can't read SMFIC_DATA reply packet header: No such file or directory
+</pre>
+</blockquote>
+
+<p> The remedy is to lower the Postfix <a href="postconf.5.html#milter_protocol">milter_protocol</a> version
+number. Postfix 2.8 and later will automatically turn off protocol
+features that the application's libmilter library does not expect.
+</p>
+
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
+<h3><a name="timeouts">Milter protocol timeouts</a></h3>
+
+<p> Postfix uses different time limits at different Milter protocol
+stages. The table shows the timeout settings and the corresponding
+protocol stages
+(EOH = end of headers; EOM = end of message). </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Postfix parameter </th> <th> Time limit </th> <th> Milter
+protocol stage</th> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> </td> <td> 30s </td> <td> CONNECT
+</td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> </td> <td> 30s </td> <td> HELO,
+MAIL, RCPT, DATA, UNKNOWN </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> </td> <td> 300s </td> <td> HEADER,
+EOH, BODY, EOM </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Beware: 30s may be too short for Milter applications that do
+lots of DNS lookups. However, if you increase the above timeouts
+too much, remote SMTP clients may hang up and mail may be delivered
+multiple times. This is an inherent problem with before-queue
+filtering. </p>
+
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
+<h3><a name="per-milter">Different settings for different Milter
+applications </a></h3>
+
+<p> The previous sections list a number of Postfix <a href="postconf.5.html">main.cf</a> parameters
+that control time limits and other settings for all Postfix Milter
+clients. This is sufficient for simple configurations. With more
+complex configurations it becomes desirable to have different
+settings for different Milter clients. This is supported with Postfix
+3.0 and later. </p>
+
+<p> The following example shows a "non-critical" Milter client with
+a short connect timeout, and with "accept" as default action when
+the service is unvailable. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = { inet:host:port,
+3 connect_timeout=10s, default_action=accept }
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 2: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 3: The remainder of the list contains per-Milter
+settings. These settings override global <a href="postconf.5.html">main.cf</a> parameters, and
+have the same name as those parameters, without the "milter_" prefix.
+The per-Milter settings that are supported as of Postfix 3.0 are
+command_timeout, connect_timeout, content_timeout, default_action,
+and protocol. </p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+<a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space or comma within a value or around
+"="</b>. </p>
+
+<h3><a name="per-client">Different settings for different SMTP
+clients </a></h3>
+
+<p> The <a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> feature supports different Milter settings
+for different client IP addresses. Lookup results override the the
+global <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> setting, and have the same syntax. For example,
+to disable Milter settings for local address ranges: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/smtpd_milter_map
+ <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = inet:host:port, { inet:host:port, ... }, ...
+
+/etc/postfix/smtpd_milter_map:
+ # Disable Milters for local clients.
+ 127.0.0.0/8 DISABLE
+ 192.168.0.0/16 DISABLE
+ ::/64 DISABLE
+ 2001:db8::/32 DISABLE
+</pre>
+
+<p> This feature is available with Postfix 3.2 and later. </p>
+
+<h3><a name="macros">Sendmail macro emulation</a></h3>
+
+<p> Postfix emulates a limited number of Sendmail macros, as shown
+in the table. Some macro values depend on whether a recipient is
+rejected (rejected recipients are available on request by the Milter
+application). Different macros are available at different Milter
+protocol stages (EOH = end-of-header, EOM = end-of-message); their
+availability is not
+always the same as in Sendmail. See the <a
+href="#workarounds">workarounds</a> section below for solutions.
+</p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Sendmail macro </th> <th> Milter protocol stage </th>
+<th> Description </th> </tr>
+
+<tr> <td> i </td> <td> DATA, EOH, EOM </td> <td> Queue ID, also
+Postfix queue file name </td> </tr>
+
+<tr> <td> j </td> <td> Always </td> <td> Value of <a href="postconf.5.html#myhostname">myhostname</a> </td>
+</tr>
+
+<tr> <td> _ </td> <td> Always </td> <td> The validated client name
+and address </td> </tr>
+
+<tr> <td> {auth_authen} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
+login name </td> </tr>
+
+<tr> <td> {auth_author} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
+sender </td> </tr>
+
+<tr> <td> {auth_type} </td> <td> MAIL, DATA, EOH, EOM </td> <td> SASL
+login method </td> </tr>
+
+<tr> <td> {client_addr} </td> <td> Always </td> <td> Remote client
+IP address </td> </tr>
+
+<tr> <td> {client_connections} </td> <td> CONNECT </td> <td>
+Connection concurrency for this client (zero if the client is
+excluded from all smtpd_client_* limits). </td> </tr>
+
+<tr> <td> {client_name} </td> <td> Always </td> <td> Remote client
+hostname <br> When address &rarr; name lookup or name &rarr; address
+verification fails: "unknown" </td> </tr>
+
+<tr> <td> {client_port} </td> <td> Always (Postfix &ge;2.5) </td>
+<td> Remote client TCP port </td> </tr>
+
+<tr> <td> {client_ptr} </td> <td> CONNECT, HELO, MAIL, DATA </td>
+<td> Client name from address &rarr; name lookup <br> When address
+&rarr; name lookup fails: "unknown" </td> </tr>
+
+<tr> <td> {cert_issuer} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td>
+TLS client certificate issuer </td> </tr>
+
+<tr> <td> {cert_subject} </td> <td> HELO, MAIL, DATA, EOH, EOM </td>
+<td> TLS client certificate subject </td> </tr>
+
+<tr> <td> {cipher_bits} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td>
+TLS session key size </td> </tr>
+
+<tr> <td> {cipher} </td> <td> HELO, MAIL, DATA, EOH, EOM </td> <td> TLS
+cipher </td> </tr>
+
+<tr> <td> {daemon_addr} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server IP address </td> </tr>
+
+<tr> <td> {daemon_name} </td> <td> Always </td> <td> value of
+<a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> </td> </tr>
+
+<tr> <td> {daemon_port} </td> <td> Always (Postfix &ge;3.2) </td>
+<td> Local server TCP port </td> </tr>
+
+<tr> <td> {mail_addr} </td> <td> MAIL </td> <td> Sender address
+</td> </tr>
+
+<tr> <td> {mail_host} </td> <td> MAIL (Postfix &ge; 2.6, only with
+<a href="postconf.5.html#smtpd_milters">smtpd_milters</a>) </td> <td> Sender next-hop destination </td> </tr>
+
+<tr> <td> {mail_mailer} </td> <td> MAIL (Postfix &ge; 2.6, only with
+<a href="postconf.5.html#smtpd_milters">smtpd_milters</a>) </td> <td> Sender mail delivery transport </td> </tr>
+
+<tr> <td> {rcpt_addr} </td> <td> RCPT </td> <td> Recipient address
+<br> With rejected recipient: descriptive text </td> </tr>
+
+<tr> <td> {rcpt_host} </td> <td> RCPT (Postfix &ge; 2.6, only with
+<a href="postconf.5.html#smtpd_milters">smtpd_milters</a>) </td> <td> Recipient next-hop destination <br> With
+rejected recipient: enhanced status code </td> </tr>
+
+<tr> <td> {rcpt_mailer} </td> <td> RCPT (Postfix &ge; 2.6, only with
+<a href="postconf.5.html#smtpd_milters">smtpd_milters</a>) </td> <td> Recipient mail delivery transport <br>
+With rejected recipient: "error" </td> </tr>
+
+<tr> <td> {tls_version} </td> <td> HELO, MAIL, DATA, EOH, EOM </td>
+<td> TLS protocol version </td> </tr>
+
+<tr> <td> v </td> <td> Always </td> <td> value of <a href="postconf.5.html#milter_macro_v">milter_macro_v</a>
+</td> </tr>
+
+</table>
+
+</blockquote>
+
+<h3><a name="send-macros">What macros will Postfix send to Milters?</a></h3>
+
+<p> Postfix sends specific sets of macros at different Milter protocol
+stages. The names of these macros are configured with the parameters
+shown in the table below (EOH = end of headers; EOM = end of message).
+Some lists require a minimum Milter protocol version. </p>
+
+<p> As of Sendmail 8.14.0, Milter applications can specify what
+macros they want to receive at different Milter protocol stages.
+An application-specified list takes precedence over a Postfix-specified
+list. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Postfix parameter </th> <th> Milter protocol version </th>
+<th> Milter protocol stage </th> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> </td> <td> 2 or higher </td> <td>
+CONNECT </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> </td> <td> 2 or higher </td> <td>
+HELO/EHLO </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> </td> <td> 2 or higher </td> <td> MAIL
+FROM </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> </td> <td> 2 or higher </td> <td> RCPT
+TO </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_data_macros">milter_data_macros</a> </td> <td> 4 or higher </td> <td> DATA
+</td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> </td> <td> 6 or higher </td>
+<td> EOH </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> </td> <td> 2 or higher </td>
+<td> EOM </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> </td> <td> 3 or higher </td>
+<td> unknown command </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> By default, Postfix will send only macros whose values have been
+updated with information from <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>, from an SMTP session
+(for example; SASL login, or TLS certificates) or from a Mail delivery
+transaction (for example; queue ID, sender, or recipient). </p>
+
+<p> To force a macro to be sent even when its value has not been updated,
+you may specify macro default values with the <a href="postconf.5.html#milter_macro_defaults">milter_macro_defaults</a>
+parameter. Specify zero or more <i>name=value</i> pairs separated by
+comma or whitespace; you may even specify macro names that Postfix does
+not know about! </p>
+
+<h2><a name="workarounds">Workarounds</a></h2>
+
+<ul>
+
+<li> <p> To avoid breaking DKIM etc. signatures with an SMTP-based
+content filter, update the before-filter SMTP client in <a href="master.5.html">master.cf</a>,
+and add a line with "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes" (note:
+no spaces around the "="). For details, see the <a
+href="FILTER_README.html#advanced_filter">advanced content filter</a>
+example. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ scan unix - - n - 10 smtp
+ -o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes
+ -o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes
+ -o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=
+</pre>
+
+<li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
+to recognize local mail; this macro does not exist in Postfix.
+Workaround: use the "<tt>{daemon_addr}</tt>" (Postfix &ge; 3.2) or
+"<tt>{client_addr}</tt>" macro instead. </p>
+
+<li> <p> Some Milter applications log a warning that looks like
+this: </p>
+
+<blockquote> <pre>
+sid-filter[36540]: WARNING: sendmail symbol 'i' not available
+</pre>
+</blockquote>
+
+<p> And they may insert an ugly message header with "unknown-msgid"
+like this: </p>
+
+<blockquote>
+<pre>
+X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com &lt;unknown-msgid&gt;
+</pre>
+</blockquote>
+
+<p> The problem is that Milter applications expect that the queue
+ID is known <i>before</i> the MTA accepts the MAIL FROM (sender)
+command. Postfix does not choose a queue ID, which is used as the
+queue file name, until <i>after</i> it accepts the first valid RCPT
+TO (recipient) command. </p>
+
+<p> If you experience the ugly header problem, see if a recent
+version of the Milter application fixes it. For example, current
+versions of dkim-filter and dk-filter already have code that looks
+up the Postfix queue ID at a later protocol stage, and sid-filter
+version 1.0.0 no longer includes the queue ID in the message header.
+</p>
+
+<p> To fix the ugly message header, you will need to add code that
+looks up the Postfix queue ID at some later point in time. The
+example below adds the lookup after the end-of-message. </p>
+
+<ul>
+
+<li> <p> Edit the filter source file (typically named
+<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
+
+<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
+the top shown as <b>bold</b> text below: </p>
+
+</ul>
+
+<blockquote>
+<pre>
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
+<b>
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
+ char *jobid = smfi_getsymval(ctx, "i");
+ if (jobid != 0)
+ dfc->mctx_jobid = jobid;
+}</b>
+</pre>
+</blockquote>
+
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look elsewhere in
+the mail filter source file for code that looks up the "i" macro
+value, and copy that code. </p>
+
+<li> <p> This change fixes only the ugly message header, but not
+the WARNING message. Fortunately, many Milters log that message
+only once. </p>
+
+</ul>
+
+</ul>
+
+<h2><a name="limitations">Limitations</a></h2>
+
+<p> This section lists limitations of the Postfix Milter implementation.
+Some limitations will be removed as the implementation is extended
+over time. Of course the usual limitations of before-queue filtering
+will always apply. See the <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> document for
+a discussion. </p>
+
+<ul>
+
+<li> <p> The Milter protocol has evolved over time. Therefore,
+different Postfix versions implement different feature sets. </p>
+
+<table border="1">
+
+<tr> <th> Postfix </th> <th> Supported Milter requests </th>
+</tr>
+
+<tr> <td align="center"> 2.6 </td> <td> All Milter requests of
+Sendmail 8.14.0 (see notes below). </td> </tr>
+
+<tr> <td align="center"> 2.5 </td> <td> All Milter requests of
+Sendmail 8.14.0, except: <br> SMFIP_RCPT_REJ (report rejected
+recipients to the mail filter), <br> SMFIR_CHGFROM (replace sender,
+with optional ESMTP parameters), <br> SMFIR_ADDRCPT_PAR (add
+recipient, with optional ESMTP parameters). </td> </tr>
+
+<tr> <td align="center"> 2.4 </td> <td> All Milter requests of
+Sendmail 8.13.0. </td> </tr>
+
+<tr> <td align="center"> 2.3 </td> <td> All Milter requests of
+Sendmail 8.13.0, except: <br> SMFIR_REPLBODY (replace message body).
+
+</table>
+
+<li> <p> For Milter applications that are written in C, you need
+to use the Sendmail libmilter library. </p>
+
+<li> <p> Postfix has TWO sets of mail filters: filters that are used
+for SMTP mail only (specified with the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> parameter),
+and filters for non-SMTP mail (specified with the <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>
+parameter). The non-SMTP filters are primarily for local submissions.
+</p>
+
+<p> When mail is filtered by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, the Postfix <a href="cleanup.8.html">cleanup(8)</a>
+server has to simulate SMTP client requests. This works as expected,
+with only one exception: <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> must not REJECT or
+TEMPFAIL simulated RCPT TO commands. When this rule is violated,
+Postfix will report a configuration error, and mail will stay in
+the queue. </p>
+
+<li> <p> When you use the before-queue content filter for incoming
+SMTP mail (see <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>), Milter applications have access
+only to the SMTP command information; they have no access to the
+message header or body, and cannot make modifications to the message
+or to the envelope. </p>
+
+<li> <p> Postfix 2.6 ignores the optional ESMTP parameters in
+requests to replace the sender (SMFIR_CHGFROM) or to append a
+recipient (SMFIR_ADDRCPT_PAR). Postfix logs a warning message when
+a Milter application supplies such ESMTP parameters: </p>
+
+<pre>
+warning: <i>queue-id</i>: cleanup_chg_from: ignoring ESMTP arguments "<i>whatever</i>"
+warning: <i>queue-id</i>: cleanup_add_rcpt: ignoring ESMTP arguments "<i>whatever</i>"
+</pre>
+
+<li> <p> Postfix 2.3 does not implement requests to replace the
+message body. Milter applications log a warning message when they
+need this unsupported operation: </p>
+
+<pre>
+st_optionneg[134563840]: 0x3d does not fulfill action requirements 0x1e
+</pre>
+
+<p> The solution is to use Postfix version 2.4 or later. </p>
+
+<li> <p> Postfix versions before 3.0 did not support per-Milter
+timeouts, per-Milter error handling, etc. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/MULTI_INSTANCE_README.html b/html/MULTI_INSTANCE_README.html
new file mode 100644
index 0000000..52099ad
--- /dev/null
+++ b/html/MULTI_INSTANCE_README.html
@@ -0,0 +1,1275 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Managing multiple Postfix instances on a single host</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Managing
+multiple Postfix instances on a single host</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> This document is a guide to managing multiple Postfix instances
+on a single host using the <a href="postmulti.1.html">postmulti(1)</a> instance manager. Multi-instance
+support is available with Postfix version 2.6 and later. See the
+<a href="postfix-wrapper.5.html">postfix-wrapper(5)</a> manual page for background on the instance
+management framework, and on how to deploy a custom instance manager.
+</p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#why"> Why multiple Postfix instances </a>
+
+<li><a href="#split"> Null-client instances versus service instances </a>
+
+<li><a href="#quick"> Multi-instance walk-through </a>
+
+<li><a href="#parts"> Components of a Postfix system </a>
+
+<li><a href="#default"> The default Postfix instance </a>
+
+<li><a href="#group"> Instance groups </a>
+
+<li><a href="#params"> Multi-instance configuration parameters </a>
+
+<li><a href="#how"> Using the postmulti(1) command </a>
+
+<li><a href="#credits"> Credits </a>
+
+</ul>
+
+<h2><a name="why"> Why multiple Postfix instances </a></h2>
+
+<p> Postfix is a general-purpose mail system that can be configured
+to serve a variety of needs. Examples of Postfix applications are: </p>
+
+<ul>
+
+<li><p> Local mail submission for shell users and system processes. </p>
+
+<li><p> Incoming (MX host) email from the Internet. </p>
+
+<li><p> Outbound mail relay for a corporate network. </p>
+
+<li><p> Authenticated submission for roaming users. </p>
+
+<li><p> Before/after content-filter mail. </p>
+
+</ul>
+
+<p> A single Postfix configuration can provide many or all of these
+services, but a complex interplay of settings may be required, for
+example with <a href="master.5.html">master.cf</a> options overriding <a href="postconf.5.html">main.cf</a> settings. In this
+document we take the view that multiple Postfix instances may be a
+simpler way to configure a multi-function Postfix system. With
+multiple Postfix instances, each instance has its own directories
+for configuration, queue and data files, but it shares all Postfix
+program and documentation files with other instances. </p>
+
+<p> Since there is no single right way to configure your system,
+we recommend that you choose what makes you most comfortable. If
+different Postfix services don't involve incompatible <a href="postconf.5.html">main.cf</a> or
+<a href="master.5.html">master.cf</a> settings, and if they can be combined together without
+complex tricks, then a single monolithic configuration may be the
+simplest approach. </p>
+
+<p> The purpose of multi-instance support in Postfix is not to force
+you to create multiple Postfix instances, but rather to give you a
+choice. Multiple instances give you the freedom to tune each Postfix
+instance to a single task that it does well and to combine instances
+into complete systems. </p>
+
+<p> With the introduction of the <a href="postmulti.1.html">postmulti(1)</a> utility and the reduction
+of the per-instance configuration footprint of a secondary Postfix
+instance to just a <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> file (other files are now in
+shared locations), we hope that multiple instances will be easier to
+use than ever before. </p>
+
+<h2><a name="split"> Null-client instances versus service instances </a></h2>
+
+<p> In the multi-instance approach to configuring Postfix, the first
+simplification is with the default local-submission Postfix instance.
+</p>
+
+<p> Most UNIX systems require support for email submission with the
+<a href="sendmail.1.html">sendmail(1)</a> command so that system processes such as cron jobs can
+send status reports, and so that system users can send email with
+command-line utilities. Such email can be handled with a <a
+href="STANDARD_CONFIGURATION_README.html#null_client">null-client</a>
+Postfix configuration that forwards all mail to a central mail hub.
+The null client will typically either not run an SMTP listener at
+all (<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet), or it will listen only on the
+loopback interface (<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only). </p>
+
+<p> When implementing specialized servers for inbound Internet
+email, outbound MTAs, internal mail hubs, and so on, we recommend
+using a null client for local submission and creating single-function
+secondary Postfix instances to serve the specialized needs. </p>
+
+<blockquote>
+
+<p> Note: usually, you need to use different "<a href="postconf.5.html#myhostname">myhostname</a>" settings
+when you run multiple instances on the same host. Otherwise, there
+will be false "mail loops back to myself" alarms when one instance
+tries to send mail into another instance. Typically, the null-client
+instance will use the system's hostname, and other instances will
+use their own dedicated "<a href="postconf.5.html#myhostname">myhostname</a>" settings. Different names are
+not needed when instances send mail to each other with a protocol
+other than SMTP, or with SMTP over a TCP port other than 25 as is
+usual with SMTP-based content filters. </p>
+
+</blockquote>
+
+<h2><a name="quick"> Multi-instance walk-through </a></h2>
+
+<p> Before discussing the fine details of multi-instance operation
+we first show the steps for creating a border mail server. This
+server has with a null-client Postfix instance for local submission,
+an input Postfix instance to receive mail from the Internet, plus
+an <a href="FILTER_README.html#advanced_filter">advanced</a> SMTP
+content-filter and an output Postfix instance to deliver filtered
+email to its internal destination. </p>
+
+<h3>Setting up the null-client Postfix instance </h3>
+
+<p> On a border mail hub, while mail from the Internet requires a
+great deal of scrutiny, locally submitted messages are typically
+limited to mail from cron jobs and other system services. In this
+regard the border MTA is not different from other Unix hosts in
+your environment. For this reason, it will submit locally-generated
+email to the internal mail hub. We start the construction of the
+border mail server with the <a href="#default_instance">default</a>
+instance, which will be a local-submission <a
+href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # We are mta1.example.com
+ #
+ <a href="postconf.5.html#myhostname">myhostname</a> = mta1.example.com
+ <a href="postconf.5.html#mydomain">mydomain</a> = example.com
+
+ # Flat user-account namespace in example.com:
+ #
+ # user@example.com not user@host.example.com
+ #
+ <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+
+ # Postfix 2.6+, disable inet services, specifically disable <a href="smtpd.8.html">smtpd(8)</a>
+ #
+ <a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
+
+ # No local delivery:
+ #
+ <a href="postconf.5.html#mydestination">mydestination</a> =
+ <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:5.1.1 Mailbox unavailable
+ <a href="postconf.5.html#alias_database">alias_database</a> =
+ <a href="postconf.5.html#alias_maps">alias_maps</a> =
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+
+ # Send everything to the internal mailhub
+ #
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
+
+ # Indexed table macro:
+ # (use "hash", ... when <a href="CDB_README.html">cdb</a> is not available)
+ #
+ <a href="postconf.5.html#default_database_type">default_database_type</a> = cdb
+ indexed = ${<a href="postconf.5.html#default_database_type">default_database_type</a>}:${<a href="postconf.5.html#config_directory">config_directory</a>}/
+
+ # Expose origin host of mail from "root", ...
+ #
+ <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = ${indexed}generic
+
+ # Send messages addressed to "root", ... to the MTA support team
+ #
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = ${indexed}virtual
+
+/etc/postfix/generic:
+ # The smarthost supports "+" addressing (<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +).
+ # Mail from "root" exposes the origin host, without replies
+ # and bounces going back to the same host.
+ #
+ # On clustered MTAs this file is typically machine-built from
+ # a template file. The build process expands the template into
+ # "mtaadmin+root=mta1"
+ #
+ root mtaadmin+root=mta1
+
+/etc/postfix/virtual:
+ # Caretaker aliases:
+ #
+ root mtaadmin
+ postmaster root
+</pre>
+</blockquote>
+
+<p> You would typically also add a Makefile, to automatically run
+<a href="postmap.1.html">postmap(1)</a> commands when source files change. This Makefile also
+creates a "generic" database when none exists. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/Makefile:
+ MTAADMIN=mtaadmin
+
+ all: virtual.cdb generic.cdb
+
+ generic: Makefile
+ @echo Creating $@
+ @rm -f $@.tmp
+ @printf '%s\t%s+root=%s\n' root ${MTAADMIN} `uname -n` &gt; $@.tmp
+ @mv $@.tmp generic
+
+ %.<a href="CDB_README.html">cdb</a>: %
+ postmap <a href="CDB_README.html">cdb</a>:$&lt;
+</pre>
+</blockquote>
+
+<p> Construct the "virtual" and "generic" databases (the latter is
+created by running "make"), then start and test the null-client:
+</p>
+
+<blockquote>
+<pre>
+# cd /etc/postfix; make
+# postfix start
+# sendmail -i -f root -t &lt;&lt;EOF
+From: root
+To: root
+Subject: test
+
+testing
+EOF
+</pre>
+</blockquote>
+
+<p> The test message should be delivered to the members of the "mtaadmin"
+address group (or whatever address group you choose) with the
+following headers: </p>
+
+<blockquote>
+<pre>
+From: mtaadmin+root=mta1@example.com
+To: mtadmin+root=mta1@example.com
+Subject: test
+</pre>
+</blockquote>
+
+<h3>Setting up the "output" Postfix instance </h3>
+
+<p> With the null-client instance out of the way, we can create the
+MTA "output" instance that will deliver filtered mail to the inside
+network. We add the "output" instance first, because the output
+instance needs to be up and running before the input instance can
+be fully tested, and when the system boots, the "output" instance
+must start before the input instance. We will put the output and
+input instances into a single instance group named "mta". </p>
+
+<p> Just once, when adding the first secondary instance, enable
+multi-instance support in the default (null-client) instance: </p>
+
+<blockquote>
+<pre>
+# postmulti -e init
+</pre>
+</blockquote>
+
+<p> Then create the output instance: <p>
+
+<blockquote>
+<pre>
+# postmulti -I postfix-out -G mta -e create
+</pre>
+</blockquote>
+
+<p> The instance configuration directory defaults to /etc/postfix-out,
+more precisely, the "postfix-out" subdirectory of the parent directory
+of the default-instance configuration directory. The new instance will
+be created in a "disabled" state: </p>
+
+<blockquote>
+<pre>
+/etc/postfix-out/<a href="postconf.5.html">main.cf</a>
+ #
+ # ... "stock" <a href="postconf.5.html">main.cf</a> settings ...
+ #
+ <a href="postconf.5.html#multi_instance_name">multi_instance_name</a> = postfix-out
+ <a href="postconf.5.html#queue_directory">queue_directory</a> = /var/spool/postfix-out
+ <a href="postconf.5.html#data_directory">data_directory</a> = /var/lib/postfix-out
+ #
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no
+ <a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
+ <a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> =
+</pre>
+</blockquote>
+
+<p> This instance has a "stock" <a href="master.5.html">master.cf</a> file, and its queue and
+data directories, also named "postfix-out", will be located in the
+same parent directories as the corresponding directories of the
+default instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
+</p>
+
+<p> While this instance is immediately safe to start, it is not yet
+usefully configured. It needs to be customized to fit the role of a
+post-filter re-injection SMTP service. Typical additions include: </p>
+
+<blockquote>
+<pre>
+/etc/postfix-out/<a href="master.5.html">master.cf</a>:
+ # Replace default "smtp inet" entry with one listening on port 10026.
+ 127.0.0.1:10026 inet n - n - - smtpd
+
+/etc/postfix-out/<a href="postconf.5.html">main.cf</a>
+ # ...
+
+ # Comment out if you don't use IPv6 internally
+ # <a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
+ <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+
+ # Don't <a href="anvil.8.html">anvil(8)</a> control the re-injection port.
+ #
+ <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> = 0
+ <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+
+ # Best practice when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> is set, as this is not a
+ # "secondary IP personality" configuration.
+ #
+ <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> = 0.0.0.0
+
+ # All header rewriting happens upstream
+ #
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+
+ # No local delivery on border gateway
+ #
+ <a href="postconf.5.html#mydestination">mydestination</a> =
+ <a href="postconf.5.html#alias_maps">alias_maps</a> =
+ <a href="postconf.5.html#alias_database">alias_database</a> =
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+ <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:5.1.1 Mailbox unavailable
+
+ # May need a <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> for per-user transport lookups:
+ #
+ <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +
+
+ # Only one (unrestricted client)
+ # With multiple instances, rarely need "-o param=value" overrides
+ # in <a href="master.5.html">master.cf</a>, each instance gets its own <a href="postconf.5.html">main.cf</a> file.
+ #
+ # Postfix 2.10 and later: specify empty <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
+
+ # Tolerate occasional high latency in the content filter.
+ #
+ <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = 1200s
+
+ # Best when empty, with all parent domain matches explicit.
+ #
+ <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> =
+
+ # Use the "relay" transport for inbound mail, and the default
+ # "smtp" transport for outbound mail (bounces, ...). The latter
+ # won't starve the former of delivery agent slots.
+ #
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = example.com, .example.com
+
+ # With xforward, match the input instance setting, if you
+ # want "yes", set both to "yes".
+ #
+ <a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> = no
+
+ # Transport settings ...
+ # Message size limit
+ # Concurrency tuning for "relay" and "smtp" transport
+ # ...
+</pre>
+</blockquote>
+
+<p> With the "output" configuration in place, enable and start the
+instance: </p>
+
+<blockquote>
+<pre>
+1 # postmulti -i postfix-out -x postconf -e \
+2 "<a href="postconf.5.html#master_service_disable">master_service_disable</a> =" "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root"
+3 # postmulti -i postfix-out -e enable
+4 # postmulti -i postfix-out -p start
+</pre>
+</blockquote>
+
+<p> This uses the <a href="postmulti.1.html">postmulti(1)</a> command to invoke <a href="postconf.1.html">postconf(1)</a> in the
+context (MAIL_CONFIG=/etc/postfix-out) of the output instance. </p>
+
+<ul>
+
+<li> <p> Lines 1-2: With "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root", the
+superuser can test the postfix-out instance with "postmulti -i
+postfix-out -x sendmail -bv recipient...", but otherwise local
+submission remains disabled. </p>
+
+<li> <p> Lines 1-2: With "<a href="postconf.5.html#master_service_disable">master_service_disable</a> =", the "inet"
+listeners are re-enabled. </p>
+
+<li> <p> Line 3: The output instance is enabled for multi-instance
+start/stop. </p>
+
+<li> <p> Line 4: The output instance is started. </p>
+
+</ul>
+
+<p> Test the output instance by submitting probe messages via "sendmail
+-bv" and "telnet". For production systems, in-depth configuration tests
+should be done on a lab system. The simple tests just suggested will only
+confirm successful deployment of a configuration that should already be
+known good. </p>
+
+<h3> Setting up the content-filter proxy </h3>
+
+<p> With the output instance ready, deploy your content-filter
+proxy. Most proxies will need their own /etc/rc* start/stop script.
+Some proxies, however, are started on demand by the Postfix <a href="spawn.8.html">spawn(8)</a>
+service, in which case you need to add the relevant <a href="spawn.8.html">spawn(8)</a> entry
+to the output instance <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Configure the proxy to listen on 127.0.0.1:10025 and to re-inject
+filtered email to 127.0.0.1:10026. Start the proxy service if
+necessary, then test the proxy via "telnet" or automated SMTP
+injectors. The proxy should support the following ESMTP features:
+DSN, 8BITMIME, and XFORWARD. In addition, the proxy should support
+multiple mail deliveries within an SMTP session. </p>
+
+<h3> Setting up the input Postfix instance </h3>
+
+<p> The input Postfix instance receives mail from the network and
+sends it through the content filter. Now we create the input instance,
+also part of the "mta" instance group: </p>
+
+<blockquote>
+<pre>
+# postmulti -I postfix-in -G mta -e create
+</pre>
+</blockquote>
+
+<p> The new instance configuration directory defaults to /etc/postfix-in,
+more precisely, the "postfix-in" subdirectory of the parent directory
+of the default-instance configuration directory. The new instance will
+be created in a "disabled" state: </p>
+
+<blockquote>
+<pre>
+/etc/postfix-in/<a href="postconf.5.html">main.cf</a>
+ #
+ # ... "stock" <a href="postconf.5.html">main.cf</a> settings ...
+ #
+ <a href="postconf.5.html#multi_instance_name">multi_instance_name</a> = postfix-in
+ <a href="postconf.5.html#queue_directory">queue_directory</a> = /var/spool/postfix-in
+ <a href="postconf.5.html#data_directory">data_directory</a> = /var/lib/postfix-in
+ #
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no
+ <a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
+ <a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> =
+</pre>
+</blockquote>
+
+<p> As before, make appropriate changes to <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> to
+make the instance production ready. Consider setting "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes"
+during the first few hours of deployment, so you can iron-out any unexpected
+"kinks". </p>
+
+<p> Manual testing can start with:
+
+<blockquote>
+<pre>
+/etc/postfix-in/<a href="postconf.5.html">main.cf</a>
+ # Accept only local traffic, but allow impersonation:
+ <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1
+ <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> = 127.0.0.1
+</pre>
+</blockquote>
+
+<p> This allows you to use the Postfix-specific <a
+href="XCLIENT_README.html">XCLIENT</a> SMTP command to safely
+simulate connections from remote systems before any remote systems
+are able to connect. If the test results look good, revert the above
+settings to the required production values. Typical settings in the
+pre-filter input instance include: </p>
+
+<blockquote>
+<pre>
+/etc/postfix-in/<a href="postconf.5.html">main.cf</a>
+ #
+ # ...
+ #
+
+ # No local delivery on border gateway
+ #
+ <a href="postconf.5.html#mydestination">mydestination</a> =
+ <a href="postconf.5.html#alias_maps">alias_maps</a> =
+ <a href="postconf.5.html#alias_database">alias_database</a> =
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+ <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:5.1.1 Mailbox unavailable
+
+ # Don't rewrite remote headers
+ #
+ <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+
+ # All recipients of not yet filtered email go to the same filter together.
+ #
+ # With multiple instances, the content-filter is specified
+ # via transport settings not the "<a href="postconf.5.html#content_filter">content_filter</a>" transport
+ # switch override! Here the filter listens on local port 10025.
+ #
+ # If you need to route some users or recipient domains directly to the
+ # output instance bypassing the filter, just define a transport table
+ # with suitable entries.
+ #
+ <a href="postconf.5.html#default_transport">default_transport</a> = <a href="smtp.8.html">smtp</a>:[127.0.0.1]:10025
+ <a href="postconf.5.html#relay_transport">relay_transport</a> = $<a href="postconf.5.html#default_transport">default_transport</a>
+ <a href="postconf.5.html#virtual_transport">virtual_transport</a> = $<a href="postconf.5.html#default_transport">default_transport</a>
+ <a href="postconf.5.html#transport_maps">transport_maps</a> =
+
+ # Pass original client log information through the filter.
+ #
+ <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> = yes
+
+ # Avoid splitting the envelope and scanning messages multiple times.
+ # Match the re-injection server's recipient limit.
+ #
+ <a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 1000
+
+ # Tolerate occasional high latency in the content filter.
+ #
+ <a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> = 1200s
+
+ # With xforward, match the output instance setting, if you
+ # want "yes", set both to "yes".
+ #
+ <a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> = no
+
+ # ... Lots of settings for inbound MX host ...
+</pre>
+</blockquote>
+
+<p> With the "input" instance configured, enable and start it: </p>
+
+<blockquote>
+<pre>
+# postmulti -i postfix-in -x postconf -e \
+ "<a href="postconf.5.html#master_service_disable">master_service_disable</a> =" "<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = root"
+# postmulti -i postfix-in -e enable
+# postmulti -i postfix-in -p start
+</pre>
+</blockquote>
+
+<p> That's it. You now have a 3-instance configuration. A null-client
+sending all locally submitted mail to the internal mail hub and a pair of
+"mta" instances that receive mail from the Internet, pass it through a
+content-filter, and then deliver it to the internal destination. </p>
+
+<p> Running "postfix start" or "postfix stop" will now start/stop all
+three Postfix instances. You can use "postfix -c /config/path start"
+to start just one instance, or use the instance name (or instance
+group name) via <a href="postmulti.1.html">postmulti(1)</a>: </p>
+
+<blockquote>
+<pre>
+# postmulti -i - -p stop
+# postmulti -g mta -p status
+# postmulti -i postfix-out -p flush
+# postmulti -i postfix-in -p reload
+# ...
+</pre>
+</blockquote>
+
+<p> This example ends the multi-instance "walk through". The remainder
+of this document provides background information on Postfix
+multi-instance support features and options. </p>
+
+<h2><a name="parts"> Components of a Postfix system </a></h2>
+
+<p> A Postfix system consists of the following components: </p>
+
+<p> Shared among all instances: </p>
+
+<ul>
+
+<li><p> Command-line utilities for administrators and users installed in
+$<a href="postconf.5.html#command_directory">command_directory</a>, $<a href="postconf.5.html#sendmail_path">sendmail_path</a>, $<a href="postconf.5.html#mailq_path">mailq_path</a> and $<a href="postconf.5.html#newaliases_path">newaliases_path</a>. </p>
+
+<li><p> Daemon executables, and run-time support files installed in
+$<a href="postconf.5.html#daemon_directory">daemon_directory</a>. </p>
+
+<li><p> Bundled documentation, installed in $<a href="postconf.5.html#html_directory">html_directory</a>,
+$<a href="postconf.5.html#manpage_directory">manpage_directory</a> and $<a href="postconf.5.html#readme_directory">readme_directory</a>. </p>
+
+<li><p> Entries in /etc/passwd and /etc/group for the $<a href="postconf.5.html#mail_owner">mail_owner</a> user and
+$<a href="postconf.5.html#setgid_group">setgid_group</a> group. The $<a href="postconf.5.html#mail_owner">mail_owner</a> user provides the mail system
+with a protected (non-root) execution context. The $<a href="postconf.5.html#setgid_group">setgid_group</a> group
+is used exclusively to support the setgid <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a>
+utilities (it <b>must not</b> be the primary group or secondary group
+of any users, including the $<a href="postconf.5.html#mail_owner">mail_owner</a> user). </p>
+
+</ul>
+
+<p> Private to each instance: </p>
+
+<ul>
+
+<li><p> The <a href="postconf.5.html">main.cf</a>, <a href="master.5.html">master.cf</a> (and other optional) configuration
+files in $<a href="postconf.5.html#config_directory">config_directory</a>. </p>
+
+<li> <p> The <a href="QSHAPE_README.html#maildrop_queue">maildrop</a>, <a href="QSHAPE_README.html#incoming_queue">incoming</a>, active, deferred and <a href="QSHAPE_README.html#hold_queue">hold queues</a>
+in $<a href="postconf.5.html#queue_directory">queue_directory</a> (which contains additional directories needed
+by Postfix, and which optionally doubles as a chroot jail for Postfix
+daemon processes). </p>
+
+<li> <p> Various caches (TLS session, address verification, ...)
+in $<a href="postconf.5.html#data_directory">data_directory</a>. </p>
+
+</ul>
+
+<p> The Postfix configuration parameters mentioned above are
+collectively referred to as "installation parameters". Their default
+values are set when the Postfix software is built from source, and
+all but one may be optionally set to a non-default value via the
+<a href="postconf.5.html">main.cf</a> file. The one parameter that (catch-22) cannot be set in
+<a href="postconf.5.html">main.cf</a> is $<a href="postconf.5.html#config_directory">config_directory</a>, as this defines the location of the
+<a href="postconf.5.html">main.cf</a> file itself. </p>
+
+<p> Though <a href="postconf.5.html#config_directory">config_directory</a> cannot be set in <a href="postconf.5.html">main.cf</a>, <a href="postfix.1.html">postfix(1)</a> and
+most of the other command-line Postfix utilities allow you to specify a
+non-default configuration directory via a command line option (typically
+<b>-c</b>) or via the MAIL_CONFIG environment variable. In this way,
+it is possible to have multiple configuration directories on the same
+machine, and to have multiple running <a href="master.8.html">master(8)</a> daemons each with its
+own configuration files, queue directory and data directory. </p>
+
+<p> These multiple running copies of <a href="master.8.html">master(8)</a> share the base Postfix
+software. They do not (and cannot) share their configuration
+directories, queue directories or data directories. </p>
+
+<p> Each combination of configuration directory, together with the queue
+directory and data directory (specified in the corresponding <a href="postconf.5.html">main.cf</a> file)
+make up a Postfix <b>instance</b>. </p>
+
+<h2><a name="default"> The default Postfix instance </a></h2>
+
+<p> One Postfix instance is special: this is the instance whose
+configuration directory is the default one compiled into the Postfix
+utilities. The location of the default configuration directory is
+typically /etc/postfix, and can be queried via the "postconf -d
+<a href="postconf.5.html#config_directory">config_directory</a>" command. We call the instance with this configuration
+directory the "default instance". </p>
+
+<p> The default instance is responsible for local mail submission. The
+setgid <a href="postdrop.1.html">postdrop(1)</a> utility is used by the <a href="sendmail.1.html">sendmail(1)</a> local submission
+program to spool messages into the <b>maildrop</b> sub-directory of the
+queue directory of the default instance. </p>
+
+<p> Even in the rare case when "sendmail -C" is used to submit local mail
+into a non-default Postfix instance, for security reasons, <a href="postdrop.1.html">postdrop(1)</a>
+will consult the default <a href="postconf.5.html">main.cf</a> file to check the validity of the
+requested non-default configuration directory. </p>
+
+<p> So, while in most other respects, all instances are equal, the
+default instance is "more equal than others". You may choose to create
+additional instances, but you must have at least the default instance,
+with its configuration directory in the default compiled-in location. </p>
+
+<h2><a name="group"> Instance groups </a></h2>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> multi-instance manager supports the notion of an
+instance "group". Typically, the member instances of an instance group
+constitute a logical service, and are expected to all be running or all
+be stopped. </p>
+
+<p> In many cases a single Postfix instance will be a complete logical
+"service". You should define such instances as stand-alone instances
+that are not members of any instance "group". The null-client
+instance is an example of a non-group instance. </p>
+
+<p> When a logical service consists of multiple Postfix instances,
+often a pair of pre-filter and post-filter instances with a content
+filter proxy between them, the related instances should be members
+of a single instance group (however, the content filter usually has
+its own start/stop procedure that is separate from any Postfix
+instance). </p>
+
+<p> The default instance <a href="postconf.5.html">main.cf</a> file's $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+configuration parameter lists the configuration directories of all
+secondary (non-default) instances. Together with the default instance,
+these secondary instances are managed by the multi-instance manager.
+Instances are started in the order listed, and stopped in the
+opposite order. For instances that are members of a service "group",
+you should arrange to start the service back-to-front, with the
+output stages started and ready to receive mail before the input
+stages are started. </p>
+
+<h2><a name="params"> Multi-instance configuration parameters </a></h2>
+
+<dl>
+
+<dt> <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> </dt>
+
+<dd> <p> This default-instance configuration parameter must be set
+to a suitable multi-instance manager's "wrapper" program that
+controls the starting, stopping, etc. of a multi-instance Postfix
+system. To use the <a href="postmulti.1.html">postmulti(1)</a> manager described in this document,
+this parameter should be set with the "<a href="#init">postmulti
+-e init</a>" command. </p> </dd>
+
+<dt> <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> </dt>
+
+<dd> <p> This default-instance configuration parameter specifies
+an optional list of the secondary instances controlled via the
+multi-instance manager. Instances are listed in their "start" order,
+with the default instance always started first (if enabled). If
+$<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is left empty, the <a href="postfix.1.html">postfix(1)</a> command
+runs with multi-instance support turned off, and none of the
+multi_instance_ configuration parameters will have any effect. </p>
+
+<p> Do not assign a non-empty list of secondary instance configuration
+directories to <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> until you have configured a
+suitable <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> setting! This is best accomplished via
+the "<a href="#init">postmulti -e init</a>" command.
+</p> </dd>
+
+<dt> <a href="postconf.5.html#multi_instance_name">multi_instance_name</a> </dt>
+
+<dd> <p> Each Postfix instance may be assigned a distinct name (with
+"postfix -e create/import/assign -I <i>name</i>..."). This name can
+be used with the <a href="postmulti.1.html">postmulti(1)</a> command-line utility to perform tasks
+on the instance by name (rather than the full pathname of its
+configuration directory). Choose a name that concisely captures the
+role of the instance (it must start with "postfix-"). It is an
+error for two instances to have the same $<a href="postconf.5.html#multi_instance_name">multi_instance_name</a>. You
+can leave an instance "nameless" by leaving this parameter at the
+default empty setting. </p>
+
+<p> To avoid confusion in your logs, if you don't assign each
+secondary instance a non-empty (distinct) $<a href="postconf.5.html#multi_instance_name">multi_instance_name</a>, you
+should make sure that the $<a href="postconf.5.html#syslog_name">syslog_name</a> setting is different for
+each instance. The $<a href="postconf.5.html#syslog_name">syslog_name</a> parameter defaults to $<a href="postconf.5.html#multi_instance_name">multi_instance_name</a>
+when the latter is non-empty. If at all possible, the <a href="postconf.5.html#syslog_name">syslog_name</a>
+should start with "postfix-", this helps log parsers to identify
+log entries from secondary Postfix instances. </p> </dd>
+
+<dt> <a href="postconf.5.html#multi_instance_group">multi_instance_group</a> </dt>
+
+<dd> <p> Each Postfix instance may be assigned an "instance group"
+name (with "postfix -e create/import/assign -G <i>name</i>...").
+The default (empty) value of <a href="postconf.5.html#multi_instance_group">multi_instance_group</a> parameter indicates
+a stand-alone instance that is not part of any group. The group
+name can be used with the <a href="postmulti.1.html">postmulti(1)</a> command-line utility to
+perform a task on the members of a group by name. Choose a single-word
+group name that concisely captures the role of the group. </p>
+</dd>
+
+<dt> <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> </dt>
+
+<dd> <p> This parameter controls whether a Postfix instance will
+be started by a Postfix multi-instance manager. The default value
+is "no". The instance can be started explicitly with "postfix -c
+/path/to/config/directory"; this is useful for testing. </p>
+
+<p> When an instance is disabled, the <a href="postfix.1.html">postfix(1)</a> "start" command
+is replaced by "check". </p>
+
+<p> Some <a href="postfix.1.html">postfix(1)</a> commands (such as "stop", "flush", ...) require
+a running Postfix instance, and skip instances that are disabled.
+</p>
+
+<p> Other <a href="postfix.1.html">postfix(1)</a> commands (such as "status", "set-permissions",
+"upgrade-configuration", ...) do not require a running Postfix
+system, and apply to all instances whether enabled or not. </p>
+</dd>
+
+</dl>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> utility can be used to create (or destroy) instances.
+It can also be used to "import" or "deport" existing instances into or
+from the list of managed instances. When using <a href="postmulti.1.html">postmulti(1)</a> to manage
+instances, the above configuration parameters are managed for you
+automatically. See below. </p>
+
+<h2><a name="how"> Using the postmulti(1) command </a></h2>
+
+<ul>
+
+<li><a href="#init"> Initializing the multi-instance manager </a>
+
+<li><a href="#list"> Listing managed instances </a>
+
+<li><a href="#start"> Starting or stopping a multi-instance system </a>
+
+<li><a href="#adhoc"> Ad-hoc multi-instance operations </a>
+
+<li><a href="#create"> Creating a new Postfix instance </a>
+
+<li><a href="#destroy"> Destroying a Postfix instance </a>
+
+<li><a href="#import"> Importing an existing Postfix instance </a>
+
+<li><a href="#deport"> Deporting a managed Postfix instance </a>
+
+<li><a href="#assign"> Assigning a new name or group name </a>
+
+<li><a href="#enable"> Enabling/disabling managed instances </a>
+
+</ul>
+
+<h3><a name="init"> Initializing the multi-instance manager </a></h3>
+
+<p> Before <a href="postmulti.1.html">postmulti(1)</a> is used for the first time, you must install
+it as the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> for your Postfix system and enable
+multi-instance operation of the default Postfix instance. You can then
+proceed to add <a href="#create">new</a> or <a href="#import">existing</a>
+instances to the multi-instance configuration. This initial installation
+is accomplished as follows: </p>
+
+<blockquote>
+<pre>
+ # postmulti -e init
+</pre>
+</blockquote>
+
+<p> This updates the default instance <a href="postconf.5.html">main.cf</a> file as follows: </p>
+
+<blockquote>
+<pre>
+ # Use <a href="postmulti.1.html">postmulti(1)</a> as a <a href="postfix-wrapper.5.html">postfix-wrapper(5)</a>
+ #
+ <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = ${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p --
+
+ # Configure the default instance to start when in multi-instance mode
+ #
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes
+</pre>
+</blockquote>
+
+<p> If you prefer, you can make these changes by editing the default
+<a href="postconf.5.html">main.cf</a> directly, or by using "postconf -e". </p>
+
+<h3><a name="list"> Listing managed instances </a></h3>
+
+<p> The list of managed instances consists of the default instance and
+the additional instances whose configuration directories are listed
+(in start order) under the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the
+default <a href="postconf.5.html">main.cf</a> configuration file. </p>
+
+<p> You can list selected instances, groups of instances or all
+instances by specifying only the instance matching options with the
+"-l" option. The "-a" option is assumed if no other instance
+selection options are specified (this behavior changes with the
+"-e" option). As a special case, even if it has an explicit name,
+the default instance can always be selected via "-i -". </p>
+
+<blockquote>
+<pre>
+# postmulti -l -a
+# postmulti -l -g a_group
+# postmulti -l -i an_instance
+</pre>
+</blockquote>
+
+<p> The output is one line per instance (in "postfix start" order):
+</p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th align="left">name</th> <th align="left">group</th> <th
+align="left">enabled</th> <th align="left"><a href="postconf.5.html#config_directory">config_directory</a></th>
+</tr>
+
+<tr> <td>-</td> <td>-</td> <td>yes</td> <td>/etc/postfix
+
+<tr> <td>mta-out</td> <td>mta</td> <td>yes</td> <td>/etc/postfix/mta-out
+
+<tr> <td>mta-in</td> <td>mta</td> <td>yes</td> <td>/etc/postfix-mta-in
+
+<tr> <td>msa-out</td> <td>msa</td> <td>yes</td> <td>/etc/postfix-msa-out
+
+<tr> <td>msa-in</td> <td>msa</td> <td>yes</td> <td>/etc/postfix-msa-in
+
+<tr> <td>test</td> <td>-</td> <td>no</td> <td>/etc/postfix-test
+
+</table>
+
+</blockquote>
+
+<p> The first line showing the column headings is not part of the
+output. When either the instance name or the instance group is not
+set, it is shown as a "-". </p>
+
+<p> When selecting an existing instance via the "-i" option, you
+can always use the full pathname of its configuration directory
+instead of the instance (short) name. This is the only way to select
+a non-default nameless instance. The default instance can be selected
+via "-i -", whether it has a name or not. </p>
+
+<p> To list instances in reverse start order, include the "-R"
+option together with the instance selection options. </p>
+
+<h3><a name="start"> Starting or stopping a multi-instance system
+</a></h3>
+
+<p> To start, stop, reload, etc. the complete (already configured as
+above) multi-instance system just use <a href="postfix.1.html">postfix(1)</a> as you would with a
+single-instance system. The Postfix multi-instance wrapper framework
+insulates Postfix init.d start and package upgrade scripts from the
+details of multi-instance management! </p>
+
+<p> The <b>-p</b> option of <a href="postmulti.1.html">postmulti(1)</a> turns on <a href="postfix.1.html">postfix(1)</a> compatibility
+mode. With this option the remaining arguments are exactly those supported
+by <a href="postfix.1.html">postfix(1)</a>, but commands are applied to all instances or all enabled
+instances as appropriate. As described above, this switch is required
+when using <a href="postmulti.1.html">postmulti(1)</a> as the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a>. </p>
+
+<p> If you want to specify a subset of instances by name, or group name,
+or run arbitrary commands (not just "postfix stop/start/etc. in the
+context (MAIL_CONFIG environment variable setting) of a particular
+instance or group of instances, then you can use the instance-aware
+<a href="postmulti.1.html">postmulti(1)</a> utility directly. </p>
+
+<h3><a name="adhoc"> Ad-hoc multi-instance operations </a></h3>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used by the administrator to run arbitrary
+commands in the context of one or more Postfix instances. The most common
+use-case is stopping or starting a group of Postfix instances: </p>
+
+<blockquote>
+<pre>
+# postmulti -g mygroup -p start
+# postmulti -g mygroup -p flush
+# postmulti -g mygroup -p reload
+# postmulti -g mygroup -p status
+# postmulti -g mygroup -p stop
+# postmulti -g mygroup -p upgrade-configuration
+</pre>
+</blockquote>
+
+<p> The <b>-p</b> option is essentially a short-hand for a leading
+<b>postfix</b> command argument, but with appropriate additional options
+turned on depending on the first argument. In the case of "start",
+disabled instances are "checked" (postfix check) rather than simply
+skipped. </p>
+
+<p> The resulting command is executed for each candidate instance with
+the <b>MAIL_CONFIG</b> environment variable set to the configuration
+directory of the corresponding Postfix instance. </p>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> utility is able to launch commands other than
+<a href="postfix.1.html">postfix(1)</a>, Use the <b>-x</b> option to ask postmulti to execute an
+ad-hoc command for all instances, a group of instances, or just one
+instance. With ad-hoc commands the <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> parameter
+is ignored: the command is unconditionally executed for the instances
+selected via -a, -g or -i. In addition to MAIL_CONFIG, the following
+instance parameters are exported into the command environment: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#command_directory">command_directory</a>=$<a href="postconf.5.html#command_directory">command_directory</a>
+<a href="postconf.5.html#daemon_directory">daemon_directory</a>=$<a href="postconf.5.html#daemon_directory">daemon_directory</a>
+<a href="postconf.5.html#config_directory">config_directory</a>=$<a href="postconf.5.html#config_directory">config_directory</a>
+<a href="postconf.5.html#queue_directory">queue_directory</a>=$<a href="postconf.5.html#queue_directory">queue_directory</a>
+<a href="postconf.5.html#data_directory">data_directory</a>=$<a href="postconf.5.html#data_directory">data_directory</a>
+<a href="postconf.5.html#multi_instance_name">multi_instance_name</a>=$<a href="postconf.5.html#multi_instance_name">multi_instance_name</a>
+<a href="postconf.5.html#multi_instance_group">multi_instance_group</a>=$<a href="postconf.5.html#multi_instance_group">multi_instance_group</a>
+<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>=$<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>
+</pre>
+</blockquote>
+
+<p> The <a href="postconf.5.html#config_directory">config_directory</a> setting is of course the same as MAIL_CONFIG,
+and is arguably redundant, but leaving it in is less surprising. If
+you want to skip disabled instances, just check <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>
+environment variable and exit if it is set to "no". </p>
+
+<p> The ability to run ad-hoc commands opens up a wealth of additional
+possibilities: </p>
+
+<ul>
+
+<li><p> Specify an instance by name rather than configuration directory
+when using <a href="sendmail.1.html">sendmail(1)</a> to send a verification probe: </p>
+
+<blockquote>
+<pre>
+$ postmulti -i postfix-myinst -x sendmail -bv test@example.net
+</pre>
+</blockquote>
+
+<li><p> Display non-default <a href="postconf.5.html">main.cf</a> settings of all Postfix instances.
+This uses an inline shell script to package together multiple shell
+commands to execute for each instance: </p>
+
+<blockquote>
+<pre>
+$ postmulti -x sh -c 'echo "-- $MAIL_CONFIG"; postconf -n'
+</pre>
+</blockquote>
+
+<li><p> Put all mail in enabled member instances of a group on hold: </p>
+
+<blockquote>
+<pre>
+# postmulti -g group_name -x \
+ sh -c 'test $<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes &amp;&amp; postsuper -h ALL'
+</pre>
+</blockquote>
+
+<li><p> Show top 10 domains in the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> of all instances:
+</p>
+
+<blockquote>
+<pre>
+# postmulti -x sh -c 'echo "-- $MAIL_CONFIG"; qshape deferred | head -12'
+</pre>
+</blockquote>
+
+</ul>
+
+<h3><a name="create"> Creating a new Postfix instance </a></h3>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used to create additional Postfix
+instances. New instances are created with local submission and all "inet"
+services disabled via the following non-default parameter settings in
+the <a href="postconf.5.html">main.cf</a> file: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> =
+<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
+</pre>
+</blockquote>
+
+<p> The above settings ensure that new instances are safe to start
+immediately: they will not conflict with inet listeners in existing
+Postfix instances. They will also not accept any mail until they are
+fully configured, at which point you can do away with one or both of
+the above safety measures. </p>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> command encourages a preferred way of organizing
+the configuration directories, queue directories and data directories
+of non-default instances. If the default instance settings are: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#config_directory">config_directory</a> = /conf-path/postfix
+<a href="postconf.5.html#queue_directory">queue_directory</a> = /queue-path/postfix
+<a href="postconf.5.html#data_directory">data_directory</a> = /data-path/postfix
+</pre>
+</blockquote>
+
+<p> A newly-created instance named <i>postfix-myinst</i> will by default
+have: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no
+<a href="postconf.5.html#multi_instance_name">multi_instance_name</a> = postfix-myinst
+<a href="postconf.5.html#config_directory">config_directory</a> = /conf-path/postfix-myinst
+<a href="postconf.5.html#queue_directory">queue_directory</a> = /queue-path/postfix-myinst
+<a href="postconf.5.html#data_directory">data_directory</a> = /data-path/postfix-myinst
+</pre>
+</blockquote>
+
+<p> You can override any of these defaults when creating the instance,
+but unless you want to spread instance queue directories over multiple
+file-systems, use the default naming strategy. It keeps the multiple
+instances organized in a uniform, predictable fashion. </p>
+
+<p> When specifying the instance name later, you can refer to it
+either as "postfix-myinst", or via the full path of the configuration
+directory. </p>
+
+<p> To create a new instance just use the <b>-e create</b> option: </p>
+
+<blockquote>
+<pre>
+# postmulti -I postfix-myinst -e create
+</pre>
+</blockquote>
+
+<p> If the new instance is to belong to a group of related instances that
+implement a single logical service, assign it to a group: </p>
+
+<blockquote>
+<pre>
+# postmulti -I postfix-myinst -G mygroup -e create
+</pre>
+</blockquote>
+
+<p> If you want to override the conventional values of the instance
+installation parameters, specify their values on the command-line: </p>
+
+<blockquote>
+<pre>
+# postmulti [-I postfix-myinst] [-G mygroup] -e create \
+ "<a href="postconf.5.html#config_directory">config_directory</a> = /path/to/config_directory" \
+ "<a href="postconf.5.html#queue_directory">queue_directory</a> = /path/to/queue_directory" \
+ "<a href="postconf.5.html#data_directory">data_directory</a> = /path/to/data_directory"
+</pre>
+</blockquote>
+
+<p> A note on the <b>-I</b> and <b>-G</b> options above. These are always
+used to assign a name or group name to an instance, while the <b>-i</b>
+and <b>-g</b> options always select existing instances. By default,
+the configuration directories of newly managed instances are appended
+to the instance list. You can use the "-i" or "-g" or "-a" options to
+insert the new instance before the specified instance or group, or at
+the beginning of the instance list (<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter
+of the default instance). </p>
+
+<p> If you do specify a name (use "-I" with a name that is not "-")
+for the new instance, you may omit any of the 3 instance installation
+parameters whose instance-name based value is acceptable. Otherwise, all
+three instance installation parameters are required. You should set the
+"<a href="postconf.5.html#syslog_name">syslog_name</a>" explicitly in the <a href="postconf.5.html">main.cf</a> file of a "nameless" instance,
+in order to avoid confusion in the mail logs when multiple instances
+are in use. </p>
+
+<h3><a name="destroy"> Destroying a Postfix instance </a></h3>
+
+<p> If you no longer need an instance, you can destroy it via: </p>
+
+<blockquote>
+<pre>
+# postmulti -i postfix-myinst -p stop
+# postmulti -i postfix-myinst -e disable
+# postmulti -i postfix-myinst -e destroy
+</pre>
+</blockquote>
+
+<p> The instance must be stopped, disabled and have no queued messages.
+This is expected to fully delete a just created instance that has never
+been used. If the instance is not freshly created, files added after
+the instance was created will remain in the configuration, queue or
+data directories, in which case the corresponding directory may not
+be fully removed and a warning to that effect will be displayed. You
+can complete the destruction of the instance manually by removing any
+unwanted remnants of the instance-specific "private" directories. </p>
+
+<h3><a name="import"> Importing an existing Postfix instance </a></h3>
+
+<p> If you already have an existing secondary Postfix instance that is
+not yet managed via <a href="postmulti.1.html">postmulti(1)</a>, you can "import" it into the list
+of managed instances. If your instance is already using the default
+configuration directory naming scheme, just specify the corresponding
+instance name (the <a href="postconf.5.html#multi_instance_name">multi_instance_name</a> parameter in its configuration
+file will be adjusted to match this name if necessary): </p>
+
+<blockquote>
+<pre>
+# postmulti -I postfix-myinst [-G mygroup] -e import
+</pre>
+</blockquote>
+
+<p> Otherwise, you must specify the location of its configuration
+directory: </p>
+
+<blockquote>
+<pre>
+# postmulti [-I postfix-myinst] [-G mygroup] -e import \
+ "<a href="postconf.5.html#config_directory">config_directory</a> = /path/of/config_directory"
+</pre>
+</blockquote>
+
+<p> When the instance is imported, you can assign a name or a group. As
+with <a href="#create">"create"</a>, you can control the placement of the
+new instance in the start order by using "-i", "-g" or "-a" to prepend
+before the selected instance or instances. </p>
+
+<p> An imported instance is usually not multi-instance "enabled",
+unless it was part of a multi-instance configuration at an earlier
+time. If it is fully configured and ready to run, don't forget
+to <a href="#enable">enable</a> it and if necessary start it. When
+other enabled instances are already running, new instances need to
+be started individually when they are first created or imported.
+</p>
+
+<p> To find out what instances are running, use: </p>
+
+<blockquote>
+<pre>
+# postfix status
+</pre>
+</blockquote>
+
+<h3><a name="deport"> Deporting a managed Postfix instance </a></h3>
+
+<p> You can "deport" an existing instance from the list of managed
+instances. This does not destroy the instance, rather the instance
+just becomes a stand-alone Postfix instance not registered with the
+multi-instance manager. <a href="postmulti.1.html">postmulti(1)</a> will refuse to "deport" an
+instance that is not stopped and disabled. </p>
+
+<blockquote>
+<pre>
+# postmulti -i postfix-myinst -p stop
+# postmulti -i postfix-myinst -e disable
+# postmulti -i postfix-myinst -e deport
+</pre>
+</blockquote>
+
+<h3><a name="assign"> Assigning a new name or group name </a></h3>
+
+<p> You can assign a new name or new group to a managed instance.
+Use "-" as the new value to assign the instance to no group or make it
+nameless. To specify a nameless secondary instance use the configuration
+directory path instead of the old name: </p>
+
+<blockquote>
+<pre>
+# postmulti -i postfix-old [-I postfix-new] [-G newgroup] -e assign
+</pre>
+</blockquote>
+
+<h3><a name="enable"> Enabling/disabling managed instances </a></h3>
+
+<p> You can enable or disable a managed instance. As documented in
+<a href="postfix-wrapper.5.html">postfix-wrapper(5)</a>, disabled instances are skipped with actions
+that <a href="postconf.5.html#postmulti_start_commands">start</a>,
+<a href="postconf.5.html#postmulti_start_commands">stop</a> or <a
+href="postconf.5.html#postmulti_control_commands">control</a> running
+Postfix instances. </p>
+
+<blockquote>
+<pre>
+# postmulti -i postfix-myinst -e enable
+# postmulti -i postfix-myinst -e disable
+</pre>
+</blockquote>
+
+<h2><a name="credits"> Credits </a></h2>
+
+<p> Wietse Venema created Postfix, designed and implemented the
+multi-instance wrapper framework and provided design feedback that made
+the <a href="postmulti.1.html">postmulti(1)</a> utility much more general and useful than originally
+envisioned. </p>
+
+<p> The <a href="postmulti.1.html">postmulti(1)</a> utility was developed by Victor Duchovni of Morgan
+Stanley, who also wrote the initial version of this document. </p>
+
+</body> </html>
diff --git a/html/MYSQL_README.html b/html/MYSQL_README.html
new file mode 100644
index 0000000..ca0feb7
--- /dev/null
+++ b/html/MYSQL_README.html
@@ -0,0 +1,187 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix MySQL Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix MySQL Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> The Postfix mysql map type allows you to hook up Postfix to a
+MySQL database. This implementation allows for multiple mysql
+databases: you can use one for a <a href="virtual.5.html">virtual(5)</a> table, one for an
+<a href="access.5.html">access(5)</a> table, and one for an <a href="aliases.5.html">aliases(5)</a> table if you want. You
+can specify multiple servers for the same database, so that Postfix
+can switch to a good database server if one goes bad. </p>
+
+<p> Busy mail servers using mysql maps will generate lots of
+concurrent mysql clients, so the mysql server(s) should be run with
+this fact in mind. You can reduce the number of concurrent mysql
+clients by using the Postfix <a href="proxymap.8.html">proxymap(8)</a> service. </p>
+
+<h2>Building Postfix with MySQL support</h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> Note: to use mysql with Debian GNU/Linux's Postfix, all you
+need is to install the postfix-mysql package and you're done.
+There is no need to recompile Postfix. </p>
+
+<p> The Postfix MySQL client utilizes the mysql client library,
+which can be obtained from: </p>
+
+<blockquote>
+ <p> <a href="http://www.mysql.com/downloads/">http://www.mysql.com/downloads/</a> </p>
+</blockquote>
+
+<p> In order to build Postfix with mysql map support, you will need to add
+-DHAS_MYSQL and -I for the directory containing the mysql headers, and
+the mysqlclient library (and libm) to <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>, for example: </p>
+
+<blockquote>
+<pre>
+make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include" \
+ "<a href="MYSQL_README.html">AUXLIBS_MYSQL</a>=-L/usr/local/mysql/lib -lmysqlclient -lz -lm"
+</pre>
+</blockquote>
+
+<p> If your MySQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lmysqlclient". </p>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded MySQL database client, but only the new
+<a href="MYSQL_README.html">AUXLIBS_MYSQL</a> variable supports building a dynamically-loaded or
+statically-loaded MySQL database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="MYSQL_README.html">AUXLIBS_MYSQL</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have MYSQL database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> On Solaris, use this instead: </p>
+
+<blockquote>
+<pre>
+make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include" \
+ "<a href="MYSQL_README.html">AUXLIBS_MYSQL</a>=-L/usr/local/mysql/lib -R/usr/local/mysql/lib \
+ -lmysqlclient -lz -lm"
+</pre>
+</blockquote>
+
+<p> Then, just run 'make'. This requires libz, the compression
+library. Older mysql implementations build without libz. </p>
+
+<h2>Using MySQL tables</h2>
+
+<p> Once Postfix is built with mysql support, you can specify a
+map type in <a href="postconf.5.html">main.cf</a> like this: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/postfix/mysql-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/mysql-aliases.cf specifies lots of
+information telling Postfix how to reference the mysql database.
+For a complete description, see the <a href="mysql_table.5.html">mysql_table(5)</a> manual page. </p>
+
+<h2>Example: local aliases </h2>
+
+<pre>
+#
+# mysql config file for <a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> lookups
+#
+
+# The user name and password to log into the mysql server.
+user = someone
+password = some_password
+
+# The database name on the servers.
+dbname = customer_database
+
+# For Postfix 2.2 and later The SQL query template.
+# See <a href="mysql_table.5.html">mysql_table(5)</a> for details.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+
+# For Postfix releases prior to 2.2. See <a href="mysql_table.5.html">mysql_table(5)</a> for details.
+select_field = forw_addr
+table = mxaliases
+where_field = alias
+# Don't forget the leading "AND"!
+additional_conditions = AND status = 'paid'
+
+# This is necessary to make UTF8 queries work for Postfix 2.11 .. 3.1,
+# and is the default setting as of Postfix 3.2.
+option_group = client
+</pre>
+
+<h2>Additional notes</h2>
+
+<p> Postfix 3.2 and later read <b>[client]</b> option group settings
+by default. To disable this, specify no <b>option_file</b> and
+specify "<b>option_group =</b>" (i.e. an empty value). </p>
+
+<p> Postfix 3.1 and earlier don't read <b>[client]</b> option group
+settings unless a non-empty <b>option_file</b> or <b>option_group</b>
+value are specified. To enable this, specify, for example
+"<b>option_group = client</b>". </p>
+
+<p> The MySQL configuration interface setup allows for multiple
+mysql databases: you can use one for a virtual table, one for an
+access table, and one for an aliases table if you want. </p>
+
+<p> Since sites that have a need for multiple mail exchangers may
+enjoy the convenience of using a networked mailer database, but do
+not want to introduce a single point of failure to their system,
+we've included the ability to have Postfix reference multiple hosts
+for access to a single mysql map. This will work if sites set up
+mirrored mysql databases on two or more hosts. Whenever queries
+fail with an error at one host, the rest of the hosts will be tried
+in random order. If no mysql server hosts are reachable, then mail
+will be deferred until at least one of those hosts is reachable.
+</p>
+
+<h2>Credits</h2>
+
+<ul>
+
+<li> The initial version was contributed by Scott Cotton and Joshua
+Marcus, IC Group, Inc.</li>
+
+<li> Liviu Daia revised the configuration interface and added the
+<a href="postconf.5.html">main.cf</a> configuration feature.</li>
+
+<li> Liviu Daia with further refinements from Jose Luis Tallon and
+Victor Duchovni developed the common query, result_format, domain and
+expansion_limit interface for LDAP, MySQL and PostgreSQL.</li>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/Makefile.in b/html/Makefile.in
new file mode 100644
index 0000000..c5481f8
--- /dev/null
+++ b/html/Makefile.in
@@ -0,0 +1,351 @@
+SHELL = /bin/sh
+
+# For now, just hard-coded rules for daemons, commands, config files.
+
+DAEMONS = bounce.8.html cleanup.8.html defer.8.html error.8.html local.8.html \
+ lmtp.8.html master.8.html pickup.8.html pipe.8.html qmgr.8.html \
+ showq.8.html smtp.8.html smtpd.8.html trivial-rewrite.8.html \
+ oqmgr.8.html spawn.8.html flush.8.html virtual.8.html qmqpd.8.html \
+ trace.8.html verify.8.html proxymap.8.html anvil.8.html \
+ scache.8.html discard.8.html tlsmgr.8.html postscreen.8.html \
+ dnsblog.8.html tlsproxy.8.html postlogd.8.html
+COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
+ postconf.1.html postfix.1.html postkick.1.html postlock.1.html \
+ postlog.1.html postdrop.1.html postmap.1.html postmulti.1.html \
+ postqueue.1.html postsuper.1.html sendmail.1.html \
+ smtp-source.1.html smtp-sink.1.html posttls-finger.1.html \
+ qmqp-source.1.html qmqp-sink.1.html \
+ qshape.1.html postfix-tls.1.html makedefs.1.html
+CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
+ transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
+ cidr_table.5.html tcp_table.5.html header_checks.5.html \
+ ldap_table.5.html lmdb_table.5.html mysql_table.5.html \
+ pgsql_table.5.html memcache_table.5.html \
+ master.5.html nisplus_table.5.html generic.5.html bounce.5.html \
+ postfix-wrapper.5.html sqlite_table.5.html socketmap_table.5.html
+OTHER = postfix-manuals.html
+AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }'
+MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
+NROFF = LANG=C GROFF_NO_SGR=1 nroff
+
+update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER)
+
+clean:
+ echo clean
+
+tidy: clean
+
+clobber:
+ rm -f $(DAEMONS) $(COMMANDS) $(CONFIG)
+
+bounce.8.html: ../src/bounce/bounce.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+defer.8.html: bounce.8.html
+ rm -f $@
+ ln $? $@
+
+discard.8.html: ../src/discard/discard.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+dnsblog.8.html: ../src/dnsblog/dnsblog.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+error.8.html: ../src/error/error.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+flush.8.html: ../src/flush/flush.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+cleanup.8.html: ../src/cleanup/cleanup.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+anvil.8.html: ../src/anvil/anvil.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+scache.8.html: ../src/scache/scache.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+lmtp.8.html: smtp.8.html
+ rm -f $@
+ ln $? $@
+
+local.8.html: ../src/local/local.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+master.8.html: ../src/master/master.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+oqmgr.8.html: ../src/oqmgr/qmgr.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | sed -e 's/qmgr[^_]/o&/' \
+ -e 's/qmgr$$/o&/' \
+ -e 's/QMGR[^_]/O&/' | \
+ $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+pickup.8.html: ../src/pickup/pickup.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+pipe.8.html: ../src/pipe/pipe.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postlogd.8.html: ../src/postlogd/postlogd.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postscreen.8.html: ../src/postscreen/postscreen.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+proxymap.8.html: ../src/proxymap/proxymap.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+qmgr.8.html: ../src/qmgr/qmgr.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+qmqpd.8.html: ../src/qmqpd/qmqpd.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+showq.8.html: ../src/showq/showq.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+spawn.8.html: ../src/spawn/spawn.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+smtp.8.html: ../src/smtp/smtp.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+smtpd.8.html: ../src/smtpd/smtpd.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+tlsproxy.8.html: ../src/tlsproxy/tlsproxy.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+virtual.8.html: ../src/virtual/virtual.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+tlsmgr.8.html: ../src/tlsmgr/tlsmgr.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+trace.8.html: bounce.8.html
+ rm -f $@
+ ln $? $@
+
+trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+verify.8.html: ../src/verify/verify.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postalias.1.html: ../src/postalias/postalias.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postcat.1.html: ../src/postcat/postcat.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postconf.1.html: ../src/postconf/postconf.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postdrop.1.html: ../src/postdrop/postdrop.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postfix.1.html: ../src/postfix/postfix.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postfix-tls.1.html: ../conf/postfix-tls-script
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postkick.1.html: ../src/postkick/postkick.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postlock.1.html: ../src/postlock/postlock.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postlog.1.html: ../src/postlog/postlog.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postmap.1.html: ../src/postmap/postmap.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postmulti.1.html: ../src/postmulti/postmulti.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postqueue.1.html: ../src/postqueue/postqueue.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postsuper.1.html: ../src/postsuper/postsuper.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+sendmail.1.html: ../src/sendmail/sendmail.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+mailq.1.html: sendmail.1.html
+ rm -f $@
+ ln $? $@
+
+newaliases.1.html: sendmail.1.html
+ PATH=../mantools:$$PATH; \
+ rm -f $@
+ ln $? $@
+
+smtp-source.1.html: ../src/smtpstone/smtp-source.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+smtp-sink.1.html: ../src/smtpstone/smtp-sink.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+posttls-finger.1.html: ../src/posttls-finger/posttls-finger.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+qmqp-source.1.html: ../src/smtpstone/qmqp-source.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+qmqp-sink.1.html: ../src/smtpstone/qmqp-sink.c
+ PATH=../mantools:$$PATH; \
+ srctoman $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+qshape.1.html: ../auxiliary/qshape/qshape.pl
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+makedefs.1.html: ../makedefs
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+access.5.html: ../proto/access
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+aliases.5.html: ../proto/aliases
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+bounce.5.html: ../proto/bounce
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+canonical.5.html: ../proto/canonical
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+cidr_table.5.html: ../proto/cidr_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+header_checks.5.html: ../proto/header_checks
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+generic.5.html: ../proto/generic
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+ldap_table.5.html: ../proto/ldap_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+lmdb_table.5.html: ../proto/lmdb_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+master.5.html: ../proto/master
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+memcache_table.5.html: ../proto/memcache_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+mysql_table.5.html: ../proto/mysql_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+socketmap_table.5.html: ../proto/socketmap_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+sqlite_table.5.html: ../proto/sqlite_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+nisplus_table.5.html: ../proto/nisplus_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+pcre_table.5.html: ../proto/pcre_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+pgsql_table.5.html: ../proto/pgsql_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+regexp_table.5.html: ../proto/regexp_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+relocated.5.html: ../proto/relocated
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+tcp_table.5.html: ../proto/tcp_table
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+transport.5.html: ../proto/transport
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+virtual.5.html: ../proto/virtual
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postfix-wrapper.5.html: ../proto/postfix-wrapper
+ PATH=../mantools:$$PATH; \
+ srctoman - $? | $(AWK) | $(NROFF) -man | uniq | $(MAN2HTML) | postlink >$@
+
+postfix-manuals.html: ../src/postfix/postfix.c ../mantools/makemanidx
+ PATH=../mantools:$$PATH; \
+ makemanidx ../src/postfix/postfix.c | postlink >$@
diff --git a/html/NFS_README.html b/html/NFS_README.html
new file mode 100644
index 0000000..0a9a8c0
--- /dev/null
+++ b/html/NFS_README.html
@@ -0,0 +1,138 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix and NFS</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and NFS</h1>
+
+<hr>
+
+<h2> Postfix support status for NFS </h2>
+
+<p> What is the status of support for Postfix on NFS? The answer
+is that Postfix itself is supported when you use NFS, but there is
+no promise that an NFS-related problem will promptly receive a
+Postfix workaround, or that a workaround will even be possible.
+</p>
+
+<p> That said, Postfix will in many cases work very well on NFS,
+because Postfix implements a number of workarounds (see below).
+Good NFS implementations seldom if ever give problems with Postfix,
+so Wietse recommends that you spend your money wisely. </p>
+
+<h2> Postfix file locking and NFS </h2>
+
+<p> For the Postfix mail queue, it does not matter how well NFS
+file locking works. The reason is that you cannot share Postfix
+queues among multiple running Postfix instances. You can use NFS
+to switch a Postfix mail queue from one NFS client to another one,
+but only one NFS client can access a Postfix mail queue at any
+particular point in time. </p>
+
+<p> For mailbox file sharing with NFS, your options are to use
+<b>fcntl</b> (kernel locks), <b>dotlock</b> (<i>username</i>.lock
+files), to use both locking methods simultaneously, or to switch
+to maildir format. The maildir format uses one file per message and
+needs no file locking support in Postfix or in other mail software.
+</p>
+
+<p> Many sites that use mailbox format play safe and use both locking
+methods simultaneously. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> = fcntl, dotlock
+ <a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = fcntl, dotlock
+</pre>
+</blockquote>
+
+<h2> Postfix NFS workarounds </h2>
+
+<p> The list below summarizes the workarounds that exist for running
+Postfix on NFS as of the middle of 2003. As a reminder, Postfix
+itself is still supported when it runs on NFS, but there is no
+promise that an NFS-related problem will promptly receive a Postfix
+workaround, or that a workaround will even be possible. </p>
+
+<ul>
+
+<li> <p> Problem: when renaming a file, the operation may succeed
+but report an error anyway<sup>[1]</sup>. </p>
+
+<p> Workaround: when rename(old, new) reports an error, Postfix
+checks if the new name exists and the old name is gone. If the check
+succeeds, Postfix assumes that the rename() operation completed
+normally. </p>
+
+<li> <p> Problem: when creating a directory, the operation may succeed
+but report an error anyway<sup>[1]</sup>. </p>
+
+<p> Workaround: when mkdir(new) reports an EEXIST error, Postfix
+checks if the new name resolves to a directory. If the check succeeds,
+Postfix assumes that the mkdir() operation completed normally. </p>
+
+<li> <p> Problem: when creating a hardlink to a file, the operation
+may succeed but report an error anyway<sup>[1]</sup>. </p>
+
+<p> Workaround: when link(old, new) fails, Postfix compares the
+device and inode number of the old and new files. When the two files
+are identical, Postfix assumes that the link() operation completed
+normally. </p>
+
+<li> <p> Problem: when creating a dotlock (<i>username</i>.lock)
+file, the operation may succeed but report an error anyway<sup>[1]</sup>.
+</p>
+
+<p> Workaround: in this case, the only safe action is to back off
+and try again later. </p>
+
+<li> <p> Problem: when a file server's "time of day" clock is not
+synchronized with the client's "time of day" clock, email deliveries
+are delayed by a minute or more. </p>
+
+<p> Workaround: Postfix explicitly sets file time stamps to avoid
+delays with new mail (Postfix uses "last modified" file time stamps
+to decide when a queue file is ready for delivery). </p>
+
+</ul>
+
+<p> <sup>[1]</sup> How can an operation succeed and report an error
+anyway? </p>
+
+<p> Suppose that an NFS server executes a client request successfully,
+and that the server's reply to the client is lost. After some time
+the client retransmits the request to the server. Normally, the
+server remembers that it already completed the request (it keeps a
+list of recently-completed requests and replies), and simply
+retransmits the reply. </p>
+
+<p> However, when the server has rebooted or when it has been very
+busy, the server no longer remembers that it already completed the
+request, and repeats the operation. This causes no problems with
+file read/write requests (they contain a file offset and can therefore
+be repeated safely), but fails with non-idempotent operations. For
+example, when the server executes a retransmitted rename() request,
+the server reports an ENOENT error because the old name does not
+exist; and when the server executes a retransmitted link(), mkdir()
+or create() request, the server reports an EEXIST error because the
+name already exists. </p>
+
+<p> Thus, successful, non-idempotent, NFS operations will report
+false errors when the server reply is lost, the client retransmits
+the request, and the server does not remember that it already
+completed the request. </p>
+
+</body>
+</html>
diff --git a/html/OVERVIEW.html b/html/OVERVIEW.html
new file mode 100644
index 0000000..767e2f0
--- /dev/null
+++ b/html/OVERVIEW.html
@@ -0,0 +1,937 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Architecture Overview </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1> <img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Architecture Overview </h1>
+
+<hr>
+
+<h2> Introduction </h2>
+
+<p> This document presents an overview of the Postfix architecture,
+and provides pointers to descriptions of every Postfix command
+or server program. The text gives the general context in which
+each command or server program is used, and provides pointers to
+documents with specific usage examples and background information.
+</p>
+
+<p> Topics covered by this document: </p>
+
+<ul>
+
+<li> <a href="#receiving"> How Postfix receives mail </a>
+
+<li> <a href="#delivering"> How Postfix delivers mail </a>
+
+<li> <a href="#behind"> Postfix behind the scenes </a>
+
+<li> <a href="#commands"> Postfix support commands </a>
+
+</ul>
+
+<h2><a name="receiving"> How Postfix receives mail </a> </h2>
+
+<p> When a message enters the Postfix mail system, the first stop
+on the inside is the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>. The figure below shows the
+main processes that are involved with new mail. Names followed by
+a number are Postfix commands or server programs, while unnumbered
+names inside shaded areas represent Postfix queues. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+<td colspan="4"> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a> </td>
+
+</tr>
+
+<tr>
+
+<td> Network </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="smtpd.8.html">smtpd(8)</a>
+</td>
+
+<td> </td>
+
+<td rowspan="2" align="center"> <table> <tr> <td align="center">
+^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
+</td> </tr> </table> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="3"> </td> <td> <tt> \ </tt> </td>
+
+</tr>
+
+<tr>
+
+<td> Network </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="qmqpd.8.html">qmqpd(8)</a>
+</td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="cleanup.8.html">cleanup(8)</a>
+</td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
+href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="3"> </td> <td> <tt> / </tt> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="pickup.8.html">pickup(8)</a>
+</td>
+
+<td> <tt> &lt;- </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a
+href="QSHAPE_README.html#maildrop_queue"> maildrop </a> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="4" align="center"> </td>
+
+<td align="center"> ^<br> <tt> | </tt> </td>
+
+</tr>
+
+<tr>
+
+<td> Local </td> <td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="sendmail.1.html">sendmail(1)</a>
+</td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center" valign="middle"> <a href="postdrop.1.html">postdrop(1)</a>
+</td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<ul>
+
+<li> <p> Network mail enters Postfix via the <a href="smtpd.8.html">smtpd(8)</a> or <a href="qmqpd.8.html">qmqpd(8)</a>
+servers. These servers remove the SMTP or QMQP protocol encapsulation,
+enforce some sanity checks to protect Postfix, and give the sender,
+recipients and message content to the <a href="cleanup.8.html">cleanup(8)</a> server. The
+<a href="smtpd.8.html">smtpd(8)</a> server can be configured to block unwanted mail, as
+described in the <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document. </p>
+
+<li> <p> Local submissions are received with the Postfix <a href="sendmail.1.html">sendmail(1)</a>
+compatibility command, and are queued in the <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a> by
+the privileged <a href="postdrop.1.html">postdrop(1)</a> command. This arrangement even works
+while the Postfix mail system is not running. The local <a href="pickup.8.html">pickup(8)</a>
+server picks up local submissions, enforces some sanity checks to
+protect Postfix, and gives the sender, recipients and message
+content to the <a href="cleanup.8.html">cleanup(8)</a> server. </p>
+
+<li> <p> Mail from internal sources is given directly to the
+<a href="cleanup.8.html">cleanup(8)</a> server. These sources are not shown in the figure, and
+include: mail that is forwarded by the <a href="local.8.html">local(8)</a> delivery agent (see
+next section), messages that are returned to the sender by the
+<a href="bounce.8.html">bounce(8)</a> server (see second-next section), and postmaster
+notifications about problems with Postfix. </p>
+
+<li> <p> The <a href="cleanup.8.html">cleanup(8)</a> server implements the final processing
+stage before mail is queued. It adds missing From: and other message
+headers, and transforms addresses as described in the
+<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>
+document. Optionally, the <a href="cleanup.8.html">cleanup(8)</a> server can be configured to
+do light-weight content inspection with regular expressions as
+described in the <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a> document. The <a href="cleanup.8.html">cleanup(8)</a>
+server places the result as a single file into the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>,
+and notifies the queue manager (see next section) of the arrival
+of new mail. </p>
+
+<li> <p> The <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server rewrites addresses to the
+standard "user@fully.qualified.domain" form, as described in the
+<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document. Postfix currently does not
+implement a rewriting language, but a lot can be done via table
+lookups and, if need be, regular expressions. </p>
+
+</ul>
+
+<h2> <a name="delivering"> How Postfix delivers mail </a> </h2>
+
+<p> Once a message has reached the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> the next step is
+to deliver it. The figure shows the main components of the Postfix
+mail delivery apparatus. Names followed by a number are Postfix
+commands or server programs, while unnumbered names inside shaded
+areas represent Postfix queues. </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+<td rowspan="2" colspan="4"> </td>
+
+<td rowspan="2" bgcolor="#f0f0ff" align="center"> <a href="trivial-rewrite.8.html">trivial-<br>rewrite(8)</a>
+</td>
+
+<td> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="smtp.8.html">smtp(8)</a> </td>
+
+<td> <tt> -&gt; </tt> </td> <td> Network </td>
+
+</tr>
+
+<tr>
+
+<td align="right"> <tt> / </tt> </td>
+
+</tr>
+
+<tr>
+
+<td rowspan="2" colspan="4"> </td>
+
+<td rowspan="2" align="center"> <table> <tr> <td align="center">
+^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
+</td> </tr> </table> </td>
+
+<td align="right"> <tt> - </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="lmtp.8.html">lmtp(8)</a> </td>
+
+<td> <tt> -&gt; </tt> </td> <td> Network </td>
+
+</tr>
+
+<tr>
+
+<td align="left"> <tt> / </tt> </td>
+
+</tr>
+
+<tr>
+
+<td bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#incoming_queue"> incoming </a> </td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#active_queue"> active </a> </td>
+
+<td> <tt> -&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="qmgr.8.html">qmgr(8)</a> </td>
+
+<td align="right"> <tt> --- </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="local.8.html">local(8)</a> </td>
+
+<td> <tt> -&gt; </tt> </td> <td> File, command </td>
+
+</tr>
+
+<tr>
+
+<td rowspan="2" colspan="2"> </td>
+
+<td rowspan="2" align="center"> <table> <tr> <td align="center">
+^<br> <tt> | </tt> </td> <td align="center"> <tt> |<br> v </tt>
+</td> </tr> </table> </td>
+
+<td rowspan="2" colspan="2"> </td>
+
+<td align="left"> <tt> \ </tt> </td>
+
+</tr>
+
+<tr>
+
+<td align="right"> <tt> - </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a href="virtual.8.html">virtual(8)</a> </td>
+
+<td> <tt> -&gt; </tt> </td> <td> File </td>
+
+</tr>
+
+<tr>
+
+<td colspan="2"> </td>
+
+<td bgcolor="#f0f0ff" align="center"> <a
+href="QSHAPE_README.html#deferred_queue"> deferred </a> </td>
+
+<td colspan="2"> </td>
+
+<td align="right"> <tt> \ </tt> </td>
+
+</tr>
+
+<tr>
+
+<td colspan="6">
+
+<td bgcolor="#f0f0ff" align="center"> <a href="pipe.8.html">pipe(8)</a> </td>
+
+<td> <tt> -&gt; </tt> </td> <td> Command </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<ul>
+
+<li> <p> The queue manager (the <a href="qmgr.8.html">qmgr(8)</a> server process in the
+figure) is the heart of Postfix mail delivery. It contacts the
+<a href="smtp.8.html">smtp(8)</a>, <a href="lmtp.8.html">lmtp(8)</a>, <a href="local.8.html">local(8)</a>, <a href="virtual.8.html">virtual(8)</a>, <a href="pipe.8.html">pipe(8)</a>, <a href="discard.8.html">discard(8)</a> or
+<a href="error.8.html">error(8)</a> delivery agents, and sends a delivery request for one
+or more recipient addresses. The <a href="discard.8.html">discard(8)</a> and <a href="error.8.html">error(8)</a> delivery
+agents are special: they discard or bounce all mail, and are not
+shown in the figure above. </p>
+
+<p> The queue manager maintains a small <a href="QSHAPE_README.html#active_queue">active queue</a> with the
+messages that it has opened for delivery. The <a href="QSHAPE_README.html#active_queue">active queue</a> acts as
+a limited window on potentially large <a href="QSHAPE_README.html#incoming_queue">incoming</a> or <a href="QSHAPE_README.html#deferred_queue">deferred queues</a>.
+The limited <a href="QSHAPE_README.html#active_queue">active queue</a> prevents the queue manager from running
+out of memory under heavy load. </p>
+
+<p> The queue manager maintains a separate <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> for mail
+that cannot be delivered, so that a large mail backlog will not
+slow down normal queue accesses. The queue manager's strategy for
+delayed mail delivery attempts is described in the <a href="QSHAPE_README.html">QSHAPE_README</a>
+and <a href="TUNING_README.html">TUNING_README</a> documents. </p>
+
+<li> <p> The <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server resolves each recipient
+address according to its local or remote address class, as defined
+in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> document. Additional routing information
+can be specified with the optional <a href="transport.5.html">transport(5)</a> table. The
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> server optionally queries the <a href="relocated.5.html">relocated(5)</a> table
+for recipients whose address has changed; mail for such recipients is
+returned to the sender with an explanation. </p>
+
+<li> <p> The <a href="smtp.8.html">smtp(8)</a> client looks up a list of mail exchangers for
+the destination host, sorts the list by preference, and tries each
+server in turn until it finds a server that responds. It then
+encapsulates the sender, recipient and message content as required
+by the SMTP protocol; this includes conversion of 8-bit MIME to
+7-bit encoding. </p>
+
+<li> <p> The <a href="lmtp.8.html">lmtp(8)</a> client speaks a protocol similar to SMTP that
+is optimized for delivery to mailbox servers such as Cyrus. The
+advantage of this setup is that one Postfix machine can feed multiple
+mailbox servers over LMTP. The opposite is true as well: one
+mailbox server can be fed over LMTP by multiple Postfix machines.
+</p>
+
+<li> <p> The <a href="local.8.html">local(8)</a> delivery agent understands UNIX-style mailboxes,
+qmail-compatible maildir files, Sendmail-style system-wide <a href="aliases.5.html">aliases(5)</a>
+databases, and Sendmail-style per-user .forward files. Multiple
+local delivery agents can be run in parallel, but parallel delivery
+to the same user is usually limited. </p>
+
+<p> The <a href="local.8.html">local(8)</a> delivery agent has hooks for alternative forms of
+local delivery: you can configure it to deliver to mailbox files
+in user home directories, you can configure it to delegate mailbox
+delivery to an external command such as procmail, or you can delegate
+delivery to a different Postfix delivery agent. </p>
+
+<li> <p> The <a href="virtual.8.html">virtual(8)</a> delivery agent is a bare-bones delivery
+agent that delivers to UNIX-style mailbox or qmail-style maildir
+files only. This delivery agent can deliver mail for multiple
+domains, which makes it especially suitable for hosting lots of
+small domains on a single machine. This is described in the
+<a href="VIRTUAL_README.html">VIRTUAL_README</a> document. </p>
+
+<li> <p> The <a href="pipe.8.html">pipe(8)</a> mailer is the outbound interface to other mail
+processing systems (the Postfix <a href="sendmail.1.html">sendmail(1)</a> command being the
+inbound interface). The interface is UNIX compatible: it provides
+information on the command line and on the standard input stream,
+and expects a process exit status code as defined in &lt;sysexits.h&gt;.
+Examples of delivery via the <a href="pipe.8.html">pipe(8)</a> mailer are in the <a href="MAILDROP_README.html">MAILDROP_README</a>
+and <a href="UUCP_README.html">UUCP_README</a> documents.
+
+</ul>
+
+<h2> <a name="behind"> Postfix behind the scenes </a> </h2>
+
+<p> The previous sections gave an overview of how Postfix server
+processes send and receive mail. These server processes rely on
+other server processes that do things behind the scenes. The text
+below attempts to visualize each service in its own context. As
+before, names followed by a number are Postfix commands or server
+programs, while unnumbered names inside shaded areas represent
+Postfix queues. </p>
+
+<ul>
+
+<li> <p> The resident <a href="master.8.html">master(8)</a> server is the supervisor that keeps
+an eye on the well-being of the Postfix mail system. It is typically
+started at system boot time with the "postfix start" command, and
+keeps running until the system goes down. The <a href="master.8.html">master(8)</a> server is
+responsible for starting Postfix server processes to receive and
+deliver mail, and for restarting servers that terminate prematurely
+because of some problem. The <a href="master.8.html">master(8)</a> server is also responsible
+for enforcing the server process count limits as specified in the
+<a href="master.5.html"><b>master.cf</b></a> configuration file. The picture below gives the
+program hierarchy when Postfix is started up. Only some of the mail
+handling daemon processes are shown. </p>
+
+<table>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+<a href="postfix.1.html">postfix(1)</a> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center"> |<br> |</td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+postfix-script(1) </td> </tr>
+
+<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr>
+<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center">
+|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr>
+<td> </td> <td> \ </td> </tr> </table> </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="postsuper.1.html">postsuper(1)</a> </td> <td>
+</td> <td align="center" bgcolor="#f0f0ff"> <a href="master.8.html">master(8)</a> </td> <td>
+</td> <td align="center" bgcolor="#f0f0ff"> <a href="postlog.1.html">postlog(1)</a> </td> </tr>
+
+<tr> <td> </td> <td> <table> <tr> <td> </td> <td> / </td> </tr>
+<tr> <td> / </td> <td> </td> </tr> </table> </td> <td align="center">
+|<br> |</td> <td> <table> <tr> <td> \ </td> <td> </td> </tr> <tr>
+<td> </td> <td> \ </td> </tr> </table> </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="smtpd.8.html">smtpd(8)</a> </td> <td>
+</td> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td>
+</td> <td align="center" bgcolor="#f0f0ff"> <a href="local.8.html">local(8)</a> </td> </tr>
+
+</table>
+
+<li> <p> The <a href="anvil.8.html">anvil(8)</a> server implements client connection and
+request rate
+limiting for all <a href="smtpd.8.html">smtpd(8)</a> servers. The <a href="TUNING_README.html">TUNING_README</a> document
+provides guidance for dealing with mis-behaving SMTP clients. The
+<a href="anvil.8.html">anvil(8)</a> service is available in Postfix version 2.2 and later.
+</p>
+
+<table>
+
+<tr> <td> Network </td> <td> <tt> -&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a><br><br> </td> <td> <tt> &lt;-&gt;
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="anvil.8.html">anvil(8)</a><br><br>
+</td> </tr>
+
+</table>
+
+<li> <p> The <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a> and <a href="trace.8.html">trace(8)</a> services each maintain
+their own queue directory trees with per-message logfiles. Postfix
+uses this information when sending "failed", "delayed" or "success"
+delivery status notifications to the sender. </p>
+
+<p> The <a href="trace.8.html">trace(8)</a> service also implements support for the Postfix
+"sendmail
+-bv" and "sendmail -v" commands which produce reports about how
+Postfix delivers mail, and is available with Postfix version 2.1
+and later. See <a href="DEBUG_README.html#trace_mail"> DEBUG_README
+</a> for examples. </p>
+
+<table>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="cleanup.8.html">cleanup(8)</a> </td> <td
+valign="middle"> <tt> -&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a><br> Postfix<br> queue </td> <td
+valign="middle"> <tt> -&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> Delivery<br> agents</td> </tr>
+
+<tr> <td align="center"> ^<br> <tt> | </tt> </td> <td> </td> <td
+align="center"> <tt> |<br> v </tt> </td> <td> </td> <td align="center">
+<tt> |<br> v </tt> </td> </tr>
+
+<tr> <td align="center"> (Non-)<br> delivery<br> notice </td> <td
+valign="middle"> <tt> &lt;- </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <a href="bounce.8.html">bounce(8)</a><br> <a href="defer.8.html">defer(8)</a><br> <a href="trace.8.html">trace(8)</a> </td> <td
+valign="middle"> <tt> &lt;- </tt> </td> <td align="center"> Queue
+id,<br> recipient,<br> status</td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center"> <table> <tr> <td
+align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt>
+|<br> v </tt> </td> </tr> </table> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+Per- <br> message<br> logfiles </td> </tr>
+
+</table>
+
+<li> <p> The <a href="flush.8.html">flush(8)</a> servers maintain per-destination logs and
+implement both ETRN and "sendmail -qRdestination", as described
+in the <a href="ETRN_README.html">ETRN_README</a> document. This moves selected queue files from
+the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> back to the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> and requests their
+delivery. The <a href="flush.8.html">flush(8)</a> service is available with Postfix version
+1.0 and later. </p>
+
+<table>
+
+<tr> <td colspan="4"> </td> <td align="center" bgcolor="#f0f0ff">
+<a href="QSHAPE_README.html#incoming_queue"> incoming </a><br>^
+<br><a href="QSHAPE_README.html#deferred_queue"> deferred </a>
+</td> </tr>
+
+<tr> <td colspan="4"> </td> <td align="center"> ^<br> |</td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="smtpd.8.html">smtpd(8)</a><br> <a href="sendmail.1.html">sendmail(1)</a><br>
+<a href="postqueue.1.html">postqueue(1)</a> </td> <td> <tt> - </tt> </td> <td align="center">
+Destination<br> to flush</td> <td> <tt> -&gt; </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <a href="flush.8.html">flush(8)</a> </td> <td> <tt> &lt;-
+</tt> </td> <td align="center"> Deferred<br> destination,<br> queue
+id </td> <td> <tt> - </tt> </td> <td align="center" bgcolor="#f0f0ff">
+Delivery<br> agents,<br> <a href="qmgr.8.html">qmgr(8)</a> </td> </tr>
+
+<tr> <td colspan="4"> </td> <td align="center"> <table> <tr> <td
+align="center"> ^<br> <tt> | </tt> </td> <td align="center"> <tt>
+|<br> v </tt> </td> </tr> </table> </td> </tr>
+
+<tr> <td colspan="4"> </td> <td align="center"> Per-dest-<br>
+ination<br> logs </td> </tr>
+
+</table>
+
+<li> <p> The <a href="proxymap.8.html">proxymap(8)</a> servers provide read-only and read-write
+table lookup
+service to Postfix processes. This overcomes chroot restrictions,
+reduces the number of open lookup tables by sharing one open
+table among multiple processes, and implements single-updater
+tables. </p>
+
+<li> <p> The <a href="scache.8.html">scache(8)</a> server maintains the connection cache for
+the Postfix <a href="smtp.8.html">smtp(8)</a> client. When connection caching is enabled for
+selected destinations, the <a href="smtp.8.html">smtp(8)</a> client does not disconnect
+immediately after a mail transaction, but gives the connection to
+the connection cache server which keeps the connection open for a
+limited amount of time. The <a href="smtp.8.html">smtp(8)</a> client continues with some
+other mail delivery request. Meanwhile, any <a href="smtp.8.html">smtp(8)</a> process can
+ask the <a href="scache.8.html">scache(8)</a> server for that cached connection and reuse it
+for mail delivery. As a safety measure, Postfix limits the number
+of times that a connection may be reused. </p>
+
+<p> When delivering mail to a destination with multiple mail servers,
+connection caching can help to skip over a non-responding server,
+and thus dramatically speed up delivery. SMTP connection caching
+is available in Postfix version 2.2 and later. More information
+about this feature is in the <a href="CONNECTION_CACHE_README.html">CONNECTION_CACHE_README</a> document. </p>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+<p> A Postfix <a href="smtp.8.html">smtp(8)</a> client can reuse a TLS-encrypted connection
+(with "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = yes"). This can greatly reduce
+the overhead of connection setup and improves message delivery
+rates. After a Postfix <a href="smtp.8.html">smtp(8)</a> client connects to a remote SMTP
+server and sends plaintext EHLO and STARTTLS commands, the <a href="smtp.8.html">smtp(8)</a>
+client inserts a <a href="tlsproxy.8.html">tlsproxy(8)</a> process into the connection as shown
+below. </p>
+
+<p> After the mail transaction completes, the Postfix <a href="smtp.8.html">smtp(8)</a> client
+gives the <a href="smtp.8.html">smtp(8)</a>-to-<a href="tlsproxy.8.html">tlsproxy(8)</a> connection to the <a href="scache.8.html">scache(8)</a>
+server, which keeps the connection open for a limited amount of
+time. The <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery
+request. Meanwhile, any Postfix <a href="smtp.8.html">smtp(8)</a> client can ask the <a href="scache.8.html">scache(8)</a>
+server for that cached connection and reuse it for mail delivery.
+</p>
+
+<table>
+
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--&gt; </tt> </td> <td align="center"bgcolor="#f0f0ff"> <a href="tlsproxy.8.html">tlsproxy(8)</a>
+</td> <td> <tt> --&gt; </tt> </td> <td> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td>
+</tr>
+
+<tr> <td> &nbsp; </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="4" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left">
+&nbsp; </td> </tr>
+
+<tr> <td colspan="2"> &nbsp; </td> <td> </td> <td
+align="center"><tt>^<br>|</tt></td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
+
+</table>
+
+<li> <p> The <a href="showq.8.html">showq(8)</a> servers list the Postfix queue status. This
+is the queue listing service that does the work for the <a href="mailq.1.html">mailq(1)</a>
+and <a href="postqueue.1.html">postqueue(1)</a> commands. </p>
+
+<table>
+
+<tr> <td> Output </td> <td> <tt> &lt;- </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <a href="mailq.1.html">mailq(1)</a><br>
+
+<a href="postqueue.1.html"> post-<br>queue(1) </a> <br> </td> <td>
+<tt> &lt;- </tt> </td> <td align="center" valign="middle"
+bgcolor="#f0f0ff"> <a href="showq.8.html">showq(8)</a> </td> <td> <tt> &lt;- </tt></td> <td
+align="center" valign="middle" bgcolor="#f0f0ff"> Postfix<br> queue
+</td> </tr>
+
+</table>
+
+<li> <p> The <a href="spawn.8.html">spawn(8)</a> servers run non-Postfix commands on request,
+with the client connected via socket or FIFO to the command's
+standard input, output and error streams. You can find examples of
+its use in the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> document. </p>
+
+<li> <p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> server runs when TLS (Transport Layer
+Security, formerly known as SSL) is turned on in the Postfix <a href="smtp.8.html">smtp(8)</a>
+client or <a href="smtpd.8.html">smtpd(8)</a> server. This process has two duties: </p>
+
+<ul>
+
+<li> <p> Maintain the pseudo-random number generator (PRNG) that
+is used to seed the TLS engines in Postfix <a href="smtp.8.html">smtp(8)</a> client or <a href="smtpd.8.html">smtpd(8)</a>
+server processes. The state of this PRNG is periodically saved to
+a file, and is read when <a href="tlsmgr.8.html">tlsmgr(8)</a> starts up. </p>
+
+<li> <p> Maintain the optional Postfix <a href="smtp.8.html">smtp(8)</a> client or <a href="smtpd.8.html">smtpd(8)</a>
+server caches with TLS session keys. Saved keys can improve
+performance by reducing the amount of computation at the start of
+a TLS session. </p>
+
+</ul>
+
+<p> TLS support is available in Postfix version 2.2 and later.
+Information about the Postfix TLS implementation is in the <a href="TLS_README.html">TLS_README</a>
+document. </p>
+
+<table>
+
+<tr> <td>Network<tt>-&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> &nbsp; </td> <td colspan="2">
+<tt> &lt;---seed---<br><br>&lt;-session-&gt; </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> &nbsp; </td>
+<td colspan="3"> <tt> ---seed---&gt;<br> <br>&lt;-session-&gt;
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+&nbsp; </td> <td> <tt> -&gt;</tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> cache </td>
+<td colspan="2"> </td> </tr>
+
+</table>
+
+
+<li> <p> The <a href="verify.8.html">verify(8)</a> server verifies that a sender or recipient
+address is deliverable before the <a href="smtpd.8.html">smtpd(8)</a> server accepts it. The
+<a href="verify.8.html">verify(8)</a> server queries a cache with address verification results.
+If a result is not found, the <a href="verify.8.html">verify(8)</a> server injects a probe
+message into the Postfix queue and processes the status update from
+a delivery agent or queue manager.
+This process is described in the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>
+document. The <a href="verify.8.html">verify(8)</a> service is available with Postfix version
+2.1 and later. </p>
+
+<table>
+
+<tr>
+
+ <td rowspan="2" colspan="5" align="center" valign="middle">
+ &nbsp; </td> <td rowspan="3" align="center" valign="bottom">
+ <tt> -&gt; </tt> </td> <td rowspan="3" align="center"
+ valign="middle"> probe<br> message </td> <td rowspan="3"
+ align="center" valign="middle"> <tt> -&gt; </tt> </td> <td
+ rowspan="3" bgcolor="#f0f0ff" align="center" valign="middle">
+ Postfix<br> mail<br> queue </td>
+
+</tr>
+
+<tr> <td> </td> </tr>
+
+<tr>
+
+ <td rowspan="3" align="center" valign="middle"> Network </td>
+ <td rowspan="3" align="center" valign="middle"> <tt> -&gt; </tt>
+ </td> <td rowspan="3" bgcolor="#f0f0ff" align="center"
+ valign="middle"> <a href="smtpd.8.html">smtpd(8)</a> </td> <td rowspan="3" align="center"
+ valign="middle"> <tt> &lt;-&gt; </tt> </td> <td rowspan="3"
+ bgcolor="#f0f0ff" align="center" valign="middle"> <a href="verify.8.html">verify(8)</a>
+ </td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="1" colspan="3"> </td> <td rowspan="1" align="center"
+ valign="middle"> <tt> |</tt><br> <tt> v</tt> </td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="3" align="center" valign="top"> <tt> &lt;- </tt>
+ </td> <td rowspan="3" align="center" valign="middle"> probe<br>
+ status </td> <td rowspan="3" align="center" valign="middle">
+ <tt> &lt;- </tt> </td> <td rowspan="3" bgcolor="#f0f0ff"
+ align="center" valign="middle"> Postfix<br> delivery<br> agents
+ </td> <td rowspan="3" align="left" valign="middle"> <tt>-&gt;</tt>
+ Local<br> <tt>-&gt;</tt> Network</td>
+
+</tr>
+
+<tr>
+
+ <td rowspan="3" colspan="4" align="center" valign="middle">
+ &nbsp; </td> <td rowspan="3" align="center" valign="middle">
+ <tt> ^</tt><br> <tt> |</tt><br> <tt> v</tt> </td>
+
+</tr>
+
+<tr> <td> </td> </tr>
+
+<tr> <td colspan="4"> &nbsp; </td> </tr>
+
+<tr>
+
+ <td colspan="4" align="center" valign="middle"> &nbsp; </td>
+ <td bgcolor="#f0f0ff" align="center" valign="middle"> Address<br>
+ verification<br> cache </td>
+
+</tr>
+
+</table>
+
+<li> <p> The <a href="postscreen.8.html">postscreen(8)</a> server can be put "in front" of Postfix
+<a href="smtpd.8.html">smtpd(8)</a> processes. Its purpose is to accept connections from the
+network and to decide what SMTP clients are allowed to talk to
+Postfix. According to the 2008 MessageLabs annual report, 81% of
+all email was spam, and 90% of that was sent by botnets; by 2010,
+those numbers were 92% and 95%, respectively. While <a href="postscreen.8.html">postscreen(8)</a>
+keeps the zombies away, more <a href="smtpd.8.html">smtpd(8)</a> processes remain available
+for legitimate clients. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary allowlist for clients that
+pass its tests; by allowing allowlisted clients to skip tests,
+<a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic.
+</p>
+
+<p> The <a href="postscreen.8.html">postscreen(8)</a> server is available with Postfix 2.8 and
+later. To keep the implementation simple, <a href="postscreen.8.html">postscreen(8)</a> delegates
+DNS allow/denylist lookups to <a href="dnsblog.8.html">dnsblog(8)</a> server processes, and
+delegates TLS encryption/decryption to <a href="tlsproxy.8.html">tlsproxy(8)</a> server processes.
+This delegation is invisible to the remote SMTP client. </p>
+
+<table>
+
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="left"> <tt> \ </tt> </td> </tr>
+
+<tr> <td> zombie </td> <td> <tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> <a href="tlsproxy.8.html">tlsproxy(8)</a> </td> <td align="left"> <tt> - </tt> </td> <td>
+</td> <td> </td> <td> </td> <td align="right"> <tt> - </tt> </td>
+<td bgcolor="#f0f0ff" align="center"> <a href="smtpd.8.html">smtpd(8)</a> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <tt> \ </tt> </td> <td> </td>
+<td align="left"> <tt> / </tt> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td> <tt>
+--- </tt> </td> <td bgcolor="#f0f0ff" align="center" valign="middle">
+<a href="postscreen.8.html">postscreen(8)</a> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <tt> / </tt> </td> <td> </td>
+<td align="right"> <tt> \ </tt> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td bgcolor="#f0f0ff" align="center"> other </td> <td align="left">
+<tt> - </tt> </td> <td> </td> <td> </td> <td> </td> <td align="right">
+<tt> - </tt> </td> <td bgcolor="#f0f0ff" align="center"> <a href="smtpd.8.html">smtpd(8)</a>
+</td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="left"> <tt> / </tt> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center"> zombie </td> </tr>
+
+</table>
+
+<li> <p>The <a href="postlogd.8.html">postlogd(8)</a> server provides an alternative to syslog
+logging, which remains the default. This feature is available with
+Postfix version 3.4 or later, and supports the following modes:
+</p>
+
+
+<ul>
+
+<li> <p>Logging to file, which addresses a usability problem with
+MacOS, and eliminates information loss caused by systemd rate limits.
+</p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> &nbsp; </td> </tr>
+
+<tr> <td colspan="2"> <td> <tt> -&gt; </tt> </td> <td bgcolor="#f0f0ff">
+<a href="postlogd.8.html">postlogd(8)</a> </td> <td> <tt> -&gt; </tt> </td> <td> /path/to/file
+</td> </tr>
+
+<tr> <td colspan=6> &nbsp; </td> </tr>
+
+</table>
+
+<li> <p>Logging to stdout, which eliminates a syslog dependency
+when Postfix runs inside a container. </p>
+
+<table>
+
+<tr> <td bgcolor="#f0f0ff" rowspan="3" valign="middle" align="center">
+commands<br>or daemons</td> <td colspan="4"> &nbsp; </td> <td
+rowspan="3" align="center"> stdout inherited<br>from "postfix
+start-fg" </td> </tr>
+
+<tr> <td colspan="2"> <tt> -&gt; </tt> </td> <td bgcolor="#f0f0ff">
+<a href="postlogd.8.html">postlogd(8)</a> </td> <td> <tt> -&gt; </tt> </td> </tr>
+
+<tr> <td colspan=5> &nbsp; </td> </tr>
+
+</table>
+
+</ul>
+
+<p> See <a href="MAILLOG_README.html">MAILLOG_README</a> for details and limitations. </p>
+
+</ul>
+
+<h2> <a name="commands"> Postfix support commands </a> </h2>
+
+<p> The Postfix architecture overview ends with a summary of
+command-line utilities for day-to-day use of the Postfix mail
+system. Besides the Sendmail-compatible <a href="sendmail.1.html">sendmail(1)</a>, <a href="mailq.1.html">mailq(1)</a>, and
+<a href="newaliases.1.html">newaliases(1)</a> commands, the Postfix system comes with it own
+collection of command-line utilities. For consistency, these are
+all named post<i>something</i>. </p>
+
+<ul>
+
+<li> <p> The <a href="postfix.1.html">postfix(1)</a> command controls the operation of the mail
+system. It is the interface for starting, stopping, and restarting
+the mail system, as well as for some other administrative operations.
+This command is reserved to the super-user. </p>
+
+<li> <p> The <a href="postalias.1.html">postalias(1)</a> command maintains Postfix <a href="aliases.5.html">aliases(5)</a> type
+databases. This is the program that does the work for the
+<a href="newaliases.1.html">newaliases(1)</a> command. </p>
+
+<li> <p> The <a href="postcat.1.html">postcat(1)</a> command displays the contents of Postfix
+queue files. This is a limited, preliminary utility. This program
+is likely to be superseded by something more powerful that can also
+edit Postfix queue files. </p>
+
+<li> <p> The <a href="postconf.1.html">postconf(1)</a> command displays or updates Postfix <a href="postconf.5.html">main.cf</a>
+parameters and displays system dependent information about the
+supported file locking methods, and the supported types of lookup
+tables. </p>
+
+<li> <p> The <a href="postdrop.1.html">postdrop(1)</a> command is the mail posting utility that
+is run by the Postfix <a href="sendmail.1.html">sendmail(1)</a> command in order to deposit mail
+into the <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a> directory. </p>
+
+<li> <p> The <a href="postkick.1.html">postkick(1)</a> command makes some Postfix internal
+communication channels available for use in, for example, shell
+scripts. </p>
+
+<li> <p> The <a href="postlock.1.html">postlock(1)</a> command provides Postfix-compatible mailbox
+locking for use in, for example, shell scripts. </p>
+
+<li> <p> The <a href="postlog.1.html">postlog(1)</a> command provides Postfix-compatible logging
+for shell scripts. </p>
+
+<li> <p> The <a href="postmap.1.html">postmap(1)</a> command maintains Postfix lookup tables
+such as <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a> and others. It is a cousin of the
+UNIX makemap command. </p>
+
+<li> <p> The <a href="postmulti.1.html">postmulti(1)</a> command repeats the "postfix start" etc.
+command for each Postfix instance, and supports creation, deletion
+etc. of Postfix instances. For a tutorial, see <a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a>.
+</p>
+
+<li> <p> The <a href="postqueue.1.html">postqueue(1)</a> command is the privileged command that
+is run by Postfix <a href="sendmail.1.html">sendmail(1)</a> and <a href="mailq.1.html">mailq(1)</a> in order to flush or
+list the
+mail queue. </p>
+
+<li> <p> The <a href="postsuper.1.html">postsuper(1)</a> command maintains the Postfix queue. It
+removes old temporary files, and moves queue files into the right
+directory after a change in the hashing depth of queue directories.
+This command is run at mail system startup time and when Postfix
+is restarted. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/PACKAGE_README.html b/html/PACKAGE_README.html
new file mode 100644
index 0000000..ecf071f
--- /dev/null
+++ b/html/PACKAGE_README.html
@@ -0,0 +1,155 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Guidelines for Package Builders</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Guidelines for Package Builders</h1>
+
+<hr>
+
+<h2>Purpose of this document</h2>
+
+<p> This document has hints and tips for those who manage their
+own Postfix binary distribution for internal use, and for those who
+maintain Postfix binary distributions for general use. </p>
+
+<h2>General distributions: please provide a small default main.cf
+file</h2>
+
+<p> The installed <a href="postconf.5.html">main.cf</a> file must be small. PLEASE resist the
+temptation to list all parameters in the <a href="postconf.5.html">main.cf</a> file. Postfix
+is supposed to be easy to configure. Listing all parameters in <a href="postconf.5.html">main.cf</a>
+defeats the purpose. It is an invitation for hobbyists to make
+random changes without understanding what they do, and gets them
+into endless trouble. </p>
+
+<h2>General distributions: please include README or HTML files</h2>
+
+<p> Please provide the applicable README or HTML files. They are
+referenced by the Postfix manual pages and by other files. Without
+README or HTML files, Postfix will be difficult if not impossible
+to configure. </p>
+
+<h2>Postfix Installation parameters</h2>
+
+<p> Postfix installation is controlled by a dozen installation
+parameters. See the postfix-install and post-install files for
+details. Most parameters have system-dependent default settings
+that are configurable at compile time, as described in the <a href="INSTALL.html">INSTALL</a>
+file. </p>
+
+<h2>Preparing a pre-built package for distribution to other
+systems</h2>
+
+<p> You can build a Postfix package on a machine that does not have
+Postfix installed on it. All you need is Postfix source code and
+a compilation environment that is compatible with the target system.
+</p>
+
+<p> You can build a pre-built Postfix package as an unprivileged
+user. </p>
+
+<p> First compile Postfix. After successful compilation, execute:
+</p>
+
+<blockquote> <pre> % <b>make package</b> </pre>
+</blockquote>
+
+<p> With Postfix versions before 2.2 you must invoke the post-install
+script directly (<tt>% <b>sh post-install</b></tt>). </p>
+
+<p> You will be prompted for installation parameters. Specify an
+install_root directory other than /. The <a href="postconf.5.html#mail_owner">mail_owner</a> and <a href="postconf.5.html#setgid_group">setgid_group</a>
+installation parameter settings will be recorded in the <a href="postconf.5.html">main.cf</a>
+file, but they won't take effect until the package is unpacked and
+installed on the destination machine. </p>
+
+<p> If you want to fully automate this process, specify all the
+non-default installation parameters on the command line: </p>
+
+<blockquote>
+<pre> % <b>make non-interactive-package install_root=/some/where</b>...
+</pre> </blockquote>
+
+<p> With Postfix versions before 2.2 you must invoke the post-install
+script directly (<tt>% <b>sh post-install -non-interactive
+install_root...</b></tt>). </p>
+
+<p> With Postfix 3.0 and later, the command "make package name=value
+..." will replace the string MAIL_VERSION in a configuration parameter
+value with the Postfix release version. Do not try to specify
+something like $<a href="postconf.5.html#mail_version">mail_version</a> on this command line. This produces
+inconsistent results with different versions of the make(1) command.
+</p>
+
+<h2>Begin Security Alert</h2>
+
+<p> <b> When building an archive for distribution, be sure to
+archive only files and symbolic links, not their parent directories.
+Otherwise, unpacking a pre-built Postfix package may mess up
+permission and/or ownership of system directories such as / /etc
+/usr /usr/bin /var /var/spool and so on. This is especially an
+issue if you executed postfix-install (see above) as an unprivileged
+user. </b> </p>
+
+<h2>End Security Alert</h2>
+
+<p> Thus, to tar up the pre-built package, take the following steps:
+</p>
+
+<blockquote> <pre>
+% cd INSTALL_ROOT
+% rm -f SOMEWHERE/outputfile
+% find . \! -type d -print | xargs tar rf SOMEWHERE/outputfile
+% gzip SOMEWHERE/outputfile </pre> </blockquote>
+
+<p>This way you will not include any directories that might cause
+trouble upon extraction. </p>
+
+<h2>Installing a pre-built Postfix package</h2>
+
+<ul>
+
+<li> <p> To unpack a pre-built Postfix package, execute the equivalent
+of: </p>
+
+<pre>
+# umask 022
+# gzip -d &lt;outputfile.tar.gz | (cd / ; tar xvpf -) </pre>
+
+<p> The umask command is necessary for getting the correct permissions
+on non-Postfix directories that need to be created in the process.
+</p>
+
+<li> <p> Create the necessary <a href="postconf.5.html#mail_owner">mail_owner</a> account and <a href="postconf.5.html#setgid_group">setgid_group</a>
+group for exclusive use by Postfix. </p>
+
+<li> <p> Execute the postfix command to set ownership and permission
+of Postfix files and directories, and to update Postfix configuration
+files. If necessary, specify any non-default settings for <a href="postconf.5.html#mail_owner">mail_owner</a>
+or <a href="postconf.5.html#setgid_group">setgid_group</a> on the postfix command line: </p>
+
+<pre>
+# postfix set-permissions upgrade-configuration \
+ <a href="postconf.5.html#setgid_group">setgid_group</a>=xxx <a href="postconf.5.html#mail_owner">mail_owner</a>=yyy
+</pre>
+
+<p> With Postfix versions before 2.1 you achieve the same result
+by invoking the post-install script directly. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/PCRE_README.html b/html/PCRE_README.html
new file mode 100644
index 0000000..2488e37
--- /dev/null
+++ b/html/PCRE_README.html
@@ -0,0 +1,124 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix PCRE Support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix PCRE Support</h1>
+
+<hr>
+
+<h2>PCRE (Perl Compatible Regular Expressions) map support</h2>
+
+<p> The optional "pcre" map type allows you to specify regular
+expressions with the PERL style notation such as \s for space and
+\S for non-space. The main benefit, however, is that pcre lookups
+are often faster than regexp lookups. This is because the pcre
+implementation is often more efficient than the POSIX regular
+expression implementation that you find on many systems. </p>
+
+<p> A description of how to use pcre tables, including examples,
+is given in the <a href="pcre_table.5.html">pcre_table(5)</a> manual page. Information about PCRE
+itself can be found at <a href="http://www.pcre.org/">http://www.pcre.org/</a>. </p>
+
+<h2>Using Postfix packages with PCRE support</h2>
+
+<p> To use pcre with Debian GNU/Linux's Postfix, or with Fedora or
+RHEL Postfix, all you
+need is to install the postfix-pcre package and you're done. There
+is no need to recompile Postfix. </p>
+
+<h2>Building Postfix from source with PCRE support</h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. </p>
+
+<p> To build Postfix from source with pcre support, you need a pcre
+library. Install a vendor package, or download the source code from
+locations in <a href="https://www.pcre.org/">https://www.pcre.org/</a> and build that yourself.
+
+<p> Postfix can build with the pcre2 library or the legacy pcre
+library. It's probably easiest to let the Postfix build procedure
+pick one. The following commands will first discover if the pcre2
+library is installed, and if that is not available, will discover
+if the legacy pcre library is installed. </p>
+
+<blockquote>
+<pre>
+$ make -f Makefile.init makefiles
+$ make
+</pre>
+</blockquote>
+
+<p> To build Postfix explicitly with a pcre2 library (Postfix 3.7
+and later): </p>
+
+<blockquote>
+<pre>
+$ make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_PCRE=2 `pcre2-config --cflags`" \
+ "<a href="PCRE_README.html">AUXLIBS_PCRE</a>=`pcre2-config --libs8`"
+$ make
+</pre>
+</blockquote>
+
+<p> To build Postfix explicitly with a legacy pcre library (all
+Postfix versions): </p>
+
+<blockquote>
+<pre>
+$ make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_PCRE=1 `pcre-config --cflags`" \
+ "<a href="PCRE_README.html">AUXLIBS_PCRE</a>=`pcre-config --libs`"
+$ make
+</pre>
+</blockquote>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="PCRE_README.html">AUXLIBS_PCRE</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded PCRE database client, but only the new
+<a href="PCRE_README.html">AUXLIBS_PCRE</a> variable supports building a dynamically-loaded or
+statically-loaded PCRE database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="PCRE_README.html">AUXLIBS_PCRE</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have PCRE library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<h2>Things to know</h2>
+
+<ul>
+
+<li> <p> When Postfix searches a <a href="pcre_table.5.html">pcre</a>: or <a href="regexp_table.5.html">regexp</a>: lookup table,
+each pattern is applied to the entire input string. Depending on
+the application, that string is an entire client hostname, an entire
+client IP address, or an entire mail address. Thus, no parent domain
+or parent network search is done, "user@domain" mail addresses are
+not broken up into their user and domain constituent parts, and
+"user+foo" is not broken up into user and foo. </p>
+
+<li> <p> Regular expression tables such as <a href="pcre_table.5.html">pcre</a>: or <a href="regexp_table.5.html">regexp</a>: are
+not allowed to do $number substitution in lookup results that can
+be security sensitive: currently, that restriction applies to the
+local <a href="aliases.5.html">aliases(5)</a> database or the <a href="virtual.8.html">virtual(8)</a> delivery agent tables.
+</p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/PGSQL_README.html b/html/PGSQL_README.html
new file mode 100644
index 0000000..3909e6d
--- /dev/null
+++ b/html/PGSQL_README.html
@@ -0,0 +1,175 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix PostgreSQL Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix PostgreSQL Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> The Postfix pgsql map type allows you to hook up Postfix to a
+PostgreSQL database. This implementation allows for multiple pgsql
+databases: you can use one for a <a href="virtual.5.html">virtual(5)</a> table, one for an
+<a href="access.5.html">access(5)</a> table, and one for an <a href="aliases.5.html">aliases(5)</a> table if you want. You
+can specify multiple servers for the same database, so that Postfix
+can switch to a good database server if one goes bad. </p>
+
+<p> Busy mail servers using pgsql maps will generate lots of
+concurrent pgsql clients, so the pgsql server(s) should be run with
+this fact in mind. You can reduce the number of concurrent pgsql
+clients by using the Postfix <a href="proxymap.8.html">proxymap(8)</a> service. </p>
+
+<h2>Building Postfix with PostgreSQL support</h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> Note: to use pgsql with Debian GNU/Linux's Postfix, all you
+need to do is to install the postfix-pgsql package and you're done.
+There is no need to recompile Postfix. </p>
+
+<p> In order to build Postfix with pgsql map support, you specify
+-DHAS_PGSQL, the directory with the PostgreSQL header files, and
+the location of the libpq library file. </p>
+
+<p> For example: </p>
+
+<blockquote>
+<pre>
+% make tidy
+% make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_PGSQL -I/usr/local/include/pgsql" \
+ "<a href="PGSQL_README.html">AUXLIBS_PGSQL</a>=-L/usr/local/lib -lpq"
+</pre>
+</blockquote>
+
+<p> If your PostgreSQL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lpq". </p>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded PostgreSQL database client, but only
+the new <a href="PGSQL_README.html">AUXLIBS_PGSQL</a> variable supports building a dynamically-loaded
+or statically-loaded PostgreSQL database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="PGSQL_README.html">AUXLIBS_PGSQL</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have PGSQL database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> Then just run 'make'. </p>
+
+<h2>Configuring PostgreSQL lookup tables</h2>
+
+<p> Once Postfix is built with pgsql support, you can specify a
+map type in <a href="postconf.5.html">main.cf</a> like this: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="pgsql_table.5.html">pgsql</a>:/etc/postfix/pgsql-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/pgsql-aliases.cf specifies lots of
+information telling postfix how to reference the pgsql database.
+For a complete description, see the <a href="pgsql_table.5.html">pgsql_table(5)</a> manual page. </p>
+
+<h2>Example: local aliases </h2>
+
+<pre>
+#
+# pgsql config file for <a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> lookups
+#
+
+#
+# The hosts that Postfix will try to connect to
+hosts = host1.some.domain host2.some.domain
+
+# The user name and password to log into the pgsql server.
+user = someone
+password = some_password
+
+# The database name on the servers.
+dbname = customer_database
+
+# Postfix 2.2 and later The SQL query template. See <a href="pgsql_table.5.html">pgsql_table(5)</a>.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+
+# For Postfix releases prior to 2.2. See <a href="pgsql_table.5.html">pgsql_table(5)</a> for details.
+select_field = forw_addr
+table = mxaliases
+where_field = alias
+# Don't forget the leading "AND"!
+additional_conditions = AND status = 'paid'
+</pre>
+
+<h2>Using mirrored databases</h2>
+
+<p> Sites that have a need for multiple mail exchangers may enjoy
+the convenience of using a networked mailer database, but do not
+want to introduce a single point of failure to their system. </p>
+
+<p> For this reason we've included the ability to have Postfix
+reference multiple hosts for access to a single pgsql map. This
+will work if sites set up mirrored pgsql databases on two or more
+hosts. </p>
+
+<p> Whenever queries fail with an error at one host, the rest of
+the hosts will be tried in random order. If no pgsql server hosts
+are reachable, then mail will be deferred until at least one of
+those hosts is reachable. </p>
+
+<h2>Credits</h2>
+
+<ul>
+
+<li> This code is based upon the Postfix mysql map by Scott Cotton
+and Joshua Marcus, IC Group, Inc.</li>
+
+<li> The PostgreSQL changes were done by Aaron Sethman.</li>
+
+<li> Updates for Postfix 1.1.x and PostgreSQL 7.1+ and support for
+calling stored procedures were added by Philip Warner.</li>
+
+<li> LaMont Jones was the initial Postfix pgsql maintainer.</li>
+
+<li> Liviu Daia revised the configuration interface and added the
+<a href="postconf.5.html">main.cf</a> configuration feature.</li>
+
+<li> Liviu Daia revised the configuration interface and added the <a href="postconf.5.html">main.cf</a>
+configuration feature.</li>
+
+<li> Liviu Daia with further refinements from Jose Luis Tallon and
+Victor Duchovni developed the common query, result_format, domain and
+expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+
+<li> Leandro Santi updated the PostgreSQL client after the PostgreSQL
+developers made major database API changes in response to SQL
+injection problems, and made PQexec() handling more robust. </li>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/POSTSCREEN_3_5_README.html b/html/POSTSCREEN_3_5_README.html
new file mode 100644
index 0000000..269b44a
--- /dev/null
+++ b/html/POSTSCREEN_3_5_README.html
@@ -0,0 +1,1199 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<head>
+
+<title>Postfix Postscreen Howto (Postfix 2.8 - 3.5)</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Postscreen Howto (Postfix 2.8 - 3.5)</h1>
+
+<hr>
+
+<h2> <a name="intro">Introduction</a> </h2>
+
+<p> This document describes features that are available in Postfix
+2.8 - 3.5. </p>
+
+<p> The Postfix <a href="postscreen.8.html">postscreen(8)</a> daemon provides additional protection
+against mail server overload. One <a href="postscreen.8.html">postscreen(8)</a> process handles
+multiple inbound SMTP connections, and decides which clients may
+talk to a Postfix SMTP server process. By keeping spambots away,
+<a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server processes available for
+legitimate clients, and delays the onset of <a
+href="STRESS_README.html">server overload</a> conditions. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> should not be used on SMTP ports that receive
+mail from end-user clients (MUAs). In a typical deployment,
+<a href="postscreen.8.html">postscreen(8)</a> handles the MX service on TCP port 25, while MUA
+clients submit mail via the submission service on TCP port 587 which
+requires client authentication. Alternatively, a site could set up
+a dedicated, non-postscreen, "port 25" server that provides submission
+service and client authentication, but no MX service. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary allowlist for clients that
+pass its tests; by allowing allowlisted clients to skip tests,
+<a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic.
+</p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> is part of a multi-layer defense. <p>
+
+<ul>
+
+<li> <p> As the first layer, <a href="postscreen.8.html">postscreen(8)</a> blocks connections from
+zombies and other spambots that are responsible for about 90% of
+all spam. It is implemented as a single process to make this defense
+as inexpensive as possible. </p>
+
+<li> <p> The second layer implements more complex SMTP-level access
+checks with <a href="SMTPD_ACCESS_README.html">Postfix SMTP servers</a>,
+<a href="SMTPD_POLICY_README.html">policy daemons</a>, and
+<a href="MILTER_README.html">Milter applications</a>. </p>
+
+<li> <p> The third layer performs light-weight content inspection
+with the Postfix built-in <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. This can
+block unacceptable attachments such as executable programs, and
+worms or viruses with easy-to-recognize signatures. </p>
+
+<li> <p> The fourth layer provides heavy-weight content inspection
+with external content filters. Typical examples are <a
+href="http://www.ijs.si/software/amavisd/">Amavisd-new</a>, <a
+href="http://spamassassin.apache.org/">SpamAssassin</a>, and <a
+href="MILTER_README.html">Milter applications</a>. </p>
+
+</ul>
+
+<p> Each layer reduces the spam volume. The general strategy is to
+use the less expensive defenses first, and to use the more expensive
+defenses only for the spam that remains. </p>
+
+<p> Topics in this document: </p>
+
+<ul>
+
+<li> <a href="#intro">Introduction</a>
+
+<li> <a href="#basic">The basic idea behind postscreen(8)</a>
+
+<li> <a href="#general"> General operation </a>
+
+<li> <a href="#quick">Quick tests before everything else</a>
+
+<li> <a href="#before_220"> Tests before the 220 SMTP server greeting </a>
+
+<li> <a href="#after_220">Tests after the 220 SMTP server greeting</a>
+
+<li> <a href="#other_error">Other errors</a>
+
+<li> <a href="#victory">When all tests succeed</a>
+
+<li> <a href="#config"> Configuring the postscreen(8) service</a>
+
+<li> <a href="#historical"> Historical notes and credits </a>
+
+</ul>
+
+<h2> <a name="basic">The basic idea behind postscreen(8)</a> </h2>
+
+<p> Most email is spam, and most spam is sent out by zombies (malware
+on compromised end-user computers). Wietse expects that the zombie
+problem will get worse before things improve, if ever. Without a
+tool like <a href="postscreen.8.html">postscreen(8)</a> that keeps the zombies away, Postfix would be
+spending most of its resources not receiving email. </p>
+
+<p> The main challenge for <a href="postscreen.8.html">postscreen(8)</a> is to make an is-a-zombie
+decision based on a single measurement. This is necessary because
+many zombies try to fly under the radar and avoid spamming the same
+site repeatedly. Once <a href="postscreen.8.html">postscreen(8)</a> decides that a client is
+not-a-zombie, it allowlists the client temporarily to avoid further
+delays for legitimate mail. </p>
+
+<p> Zombies have challenges too: they have only a limited amount
+of time to deliver spam before their IP address becomes denylisted.
+To speed up spam deliveries, zombies make compromises in their SMTP
+protocol implementation. For example, they speak before their turn,
+or they ignore responses from SMTP servers and continue sending
+mail even when the server tells them to go away. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> uses a variety of measurements to recognize
+zombies. First, <a href="postscreen.8.html">postscreen(8)</a> determines if the remote SMTP client
+IP address is denylisted. Second, <a href="postscreen.8.html">postscreen(8)</a> looks for protocol
+compromises that are made to speed up delivery. These are good
+indicators for making is-a-zombie decisions based on single
+measurements. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> does not inspect message content. Message content
+can vary from one delivery to the next, especially with clients
+that (also) send legitimate email. Content is not a good indicator
+for making is-a-zombie decisions based on single measurements,
+and that is the problem that <a href="postscreen.8.html">postscreen(8)</a> is focused on. </p>
+
+<h2> <a name="general"> General operation </a> </h2>
+
+<p> For each connection from an SMTP client, <a href="postscreen.8.html">postscreen(8)</a> performs
+a number of tests
+in the order as described below. Some tests introduce a delay of
+a few seconds. <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary allowlist for
+clients that pass its tests; by allowing allowlisted clients to
+skip tests, <a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email
+traffic. </p>
+
+<p> By default, <a href="postscreen.8.html">postscreen(8)</a> hands off all connections to a Postfix
+SMTP server process after logging its findings. This mode is useful
+for non-destructive testing. </p>
+
+<p> In a typical production setting, <a href="postscreen.8.html">postscreen(8)</a> is configured
+to reject mail from clients that fail one or more tests, after
+logging the helo, sender and recipient information. </p>
+
+<p> Note: <a href="postscreen.8.html">postscreen(8)</a> is not an SMTP proxy; this is intentional.
+The purpose is to keep zombies away from Postfix, with minimal
+overhead for legitimate clients. </p>
+
+<h2> <a name="quick">Quick tests before everything else</a> </h2>
+
+<p> Before engaging in SMTP-level tests. <a href="postscreen.8.html">postscreen(8)</a> queries a
+number of local deny and allowlists. These tests speed up the
+handling of known clients. </p>
+
+<ul>
+
+<li> <a href="#perm_white_black"> Permanent allow/denylist test </a>
+
+<li> <a href="#temp_white"> Temporary allowlist test </a>
+
+<li> <a href="#white_veto"> MX Policy test </a>
+
+</ul>
+
+<h3> <a name="perm_white_black"> Permanent allow/denylist test </a> </h3>
+
+<p> The <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter (default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)
+specifies a permanent access list for SMTP client IP addresses. Typically
+one would specify something that allowlists local networks, followed
+by a CIDR table for selective allow- and denylisting. </p>
+
+<p> Example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ # Rules are evaluated in the order as specified.
+ # Denylist 192.168.* except 192.168.0.1.
+ 192.168.0.1 permit
+ 192.168.0.0/16 reject
+</pre>
+
+<p> See the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> manpage documentation for more
+details. </p>
+
+<p> When the SMTP client address matches a "permit" action,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<pre>
+ <b>WHITELISTED</b> <i>[address]:port</i>
+</pre>
+
+<p> The allowlist action is not configurable: immediately hand off the
+connection to a Postfix SMTP server process. </p>
+
+<p> When the SMTP client address matches a "reject" action,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<pre>
+ <b>BLACKLISTED</b> <i>[address]:port</i>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter specifies the action
+that is taken next. See "<a href="#fail_before_220">When tests
+fail before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="temp_white"> Temporary allowlist test </a> </h3>
+
+<p> The <a href="postscreen.8.html">postscreen(8)</a> daemon maintains a <i>temporary</i>
+allowlist for SMTP client IP addresses that have passed all
+the tests described below. The <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> parameter
+specifies the location of the temporary allowlist. The
+temporary allowlist is not used for SMTP client addresses
+that appear on the <i>permanent</i> access list. </p>
+
+<p> By default the temporary allowlist is not shared with other
+<a href="postscreen.8.html">postscreen(8)</a> daemons. See
+<a href="#temp_white_sharing"> Sharing
+the temporary allowlist </a> below for alternatives. </p>
+
+<p> When the SMTP client address appears on the temporary
+allowlist, <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port
+number as: </p>
+
+<pre>
+ <b>PASS OLD</b> <i>[address]:port</i>
+</pre>
+
+<p> The action is not configurable: immediately hand off the
+connection to a Postfix SMTP server process. The client is
+excluded from further tests until its temporary allowlist
+entry expires, as controlled with the postscreen_*_ttl
+parameters. Expired entries are silently renewed if possible. </p>
+
+<h3> <a name="white_veto"> MX Policy test </a> </h3>
+
+<p> When the remote SMTP client is not on the static access list
+or temporary allowlist, <a href="postscreen.8.html">postscreen(8)</a> can implement a number of
+allowlist tests, before it grants the client a temporary allowlist
+status that allows it to talk to a Postfix SMTP server process. </p>
+
+<p> When <a href="postscreen.8.html">postscreen(8)</a> is configured to monitor all primary and
+backup MX addresses, it can refuse to allowlist clients that connect
+to a backup MX address only (an old spammer trick to take advantage
+of backup MX hosts with weaker anti-spam policies than primary MX
+hosts). </p>
+
+<blockquote> <p> NOTE: The following solution is for small sites.
+Larger sites would have to share the <a href="postscreen.8.html">postscreen(8)</a> cache between
+primary and backup MTAs, which would introduce a common point of
+failure. </p> </blockquote>
+
+<ul>
+
+<li> <p> First, configure the host to listen on both primary and
+backup MX addresses. Use the appropriate <tt>ifconfig</tt> or <tt>ip</tt>
+command for the local operating system, or update the appropriate
+configuration files and "refresh" the network protocol stack. </p>
+
+<p> <p> Second, configure Postfix to listen on the new IP address
+(this step is needed when you have specified <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in
+<a href="postconf.5.html">main.cf</a>). </p>
+
+<li> <p> Then, configure <a href="postscreen.8.html">postscreen(8)</a> to deny the temporary allowlist
+status on the backup MX address(es). An example for Wietse's
+server is: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> = !168.100.189.8 <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+
+<p> Translation: allow clients to obtain the temporary allowlist
+status on all server IP addresses except 168.100.189.8, which is a
+backup MX address. </p>
+
+</ul>
+
+<p> When a non-allowlisted client connects the backup MX address,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<pre>
+ <b>CONNECT from</b> <i>[address]:port</i> <b>to [168.100.189.8]:25</b>
+ <b>WHITELIST VETO</b> <i>[address]:port</i>
+</pre>
+
+<p> Translation: the client at <i>[address]:port</i> connected to
+the backup MX address 168.100.189.8 while it was not allowlisted.
+The client will not be granted the temporary allowlist status, even
+if passes all the allowlist tests described below. </p>
+
+<h2> <a name="before_220"> Tests before the 220 SMTP server greeting </a> </h2>
+
+<p> The <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter specifies a short time
+interval before the "220 <i>text</i>..." server greeting, where
+<a href="postscreen.8.html">postscreen(8)</a> can run a number of tests in parallel. </p>
+
+<p> When a good client passes these tests, and no "<a
+href="#after_220">deep protocol tests</a>"
+are configured, <a href="postscreen.8.html">postscreen(8)</a>
+adds the client to the temporary allowlist and hands off the "live"
+connection to a Postfix SMTP server process. The client can then
+continue as if <a href="postscreen.8.html">postscreen(8)</a> never even existed (except of course
+for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay). </p>
+
+<ul>
+
+<li> <a href="#pregreet"> Pregreet test </a>
+
+<li> <a href="#dnsbl"> DNS Allow/denylist test </a>
+
+<li> <a href="#fail_before_220">When tests fail before the 220 SMTP server greeting</a>
+
+</ul>
+
+<h3> <a name="pregreet"> Pregreet test </a> </h3>
+
+<p> The SMTP protocol is a classic example of a protocol where the
+server speaks before the client. <a href="postscreen.8.html">postscreen(8)</a> detects zombies
+that are in a hurry and that speak before their turn. This test is
+enabled by default. </p>
+
+<p> The <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> parameter specifies the <i>text</i>
+portion of a "220-<i>text</i>..." teaser banner (default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>).
+Note that this becomes the first part of a multi-line server greeting.
+The <a href="postscreen.8.html">postscreen(8)</a> daemon sends this before the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
+timer is started. The purpose of the teaser banner is to confuse
+zombies so that they speak before their turn. It has no effect on
+SMTP clients that correctly implement the protocol. </p>
+
+<p> To avoid problems with poorly-implemented SMTP engines in network
+appliances or network testing tools, either exclude them from all
+tests with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> feature or else specify
+an empty teaser banner: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Exclude broken clients by allowlisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a>
+ # should always be allowlisted.
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ 192.168.254.0/24 permit
+</pre>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Disable the teaser banner (try allowlisting first if you can).
+ <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> =
+</pre>
+
+<p> When an SMTP client sends a command before the
+<a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, <a href="postscreen.8.html">postscreen(8)</a> logs this as:
+</p>
+
+<pre>
+ <b>PREGREET</b> <i>count</i> <b>after</b> <i>time</i> <b>from</b> <i>[address]:port text...</i>
+</pre>
+
+<p> Translation: the client at <i>[address]:port</i> sent <i>count</i>
+bytes before its turn to speak. This happened <i>time</i> seconds
+after the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> timer was started. The <i>text</i>
+is what the client sent (truncated to 100 bytes, and with non-printable
+characters replaced with C-style escapes such as \r for carriage-return
+and \n for newline). </p>
+
+<p> The <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> parameter specifies the action that
+is taken next. See "<a href="#fail_before_220">When tests fail
+before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="dnsbl"> DNS Allow/denylist test </a> </h3>
+
+<p> The <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter (default: empty) specifies
+a list of DNS blocklist servers with optional filters and weight
+factors (positive weights for denylisting, negative for allowlisting).
+These servers will be queried in parallel with the reverse client
+IP address. This test is disabled by default. </p>
+
+<blockquote>
+<p>
+CAUTION: when postscreen rejects mail, its SMTP reply contains the
+DNSBL domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to
+hide "password" information in DNSBL domain names.
+</p>
+</blockquote>
+
+<p> When the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, and the combined
+DNSBL score is equal to or greater than the <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
+parameter value, <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p>
+
+<pre>
+ <b>DNSBL rank</b> <i>count</i> <b>for</b> <i>[address]:port</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> has a combined
+DNSBL score of <i>count</i>. </p>
+
+<p> The <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> parameter specifies the action that
+is taken when the combined DNSBL score is equal to or greater than
+the threshold. See "<a href="#fail_before_220">When tests fail
+before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="fail_before_220">When tests fail before the 220 SMTP server greeting</a> </h3>
+
+<p> When the client address matches the permanent denylist, or
+when the client fails the pregreet or DNSBL tests, the action is
+specified with <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a>, <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a>,
+or <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a>, respectively. </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects. This option
+is useful for testing and collecting statistics without blocking
+mail. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<h2> <a name="after_220">Tests after the 220 SMTP server greeting</a> </h2>
+
+<p> In this phase of the protocol, <a href="postscreen.8.html">postscreen(8)</a> implements a
+number of "deep protocol" tests. These tests use an SMTP protocol
+engine that is built into the <a href="postscreen.8.html">postscreen(8)</a> server. </p>
+
+<p> Important note: these protocol tests are disabled by default.
+They are more intrusive than the pregreet and DNSBL tests, and they
+have limitations as discussed next. </p>
+
+<ul>
+
+<li> <p> The main limitation of "after 220 greeting" tests is that
+a new client must disconnect after passing these tests (reason:
+postscreen is not a proxy). Then the client must reconnect from
+the same IP address before it can deliver mail. The following
+measures may help to avoid email delays: </p>
+
+<ul>
+
+<li> <p> Allow "good" clients to skip tests with the
+<a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> feature (Postfix 2.11 and
+later). This is especially effective for sites such as Google that
+never retry immediately from the same IP address. </p>
+
+<li> <p> Small sites: Configure <a href="postscreen.8.html">postscreen(8)</a> to listen on multiple
+IP addresses, published in DNS as different IP addresses for the
+same MX hostname or for different MX hostnames. This avoids mail
+delivery delays with clients that reconnect immediately from the
+same IP address. </p>
+
+<li> <p> Large sites: Share the <a href="postscreen.8.html">postscreen(8)</a> cache between different
+Postfix MTAs with a large-enough <a href="memcache_table.5.html">memcache_table(5)</a>. Again, this
+avoids mail delivery delays with clients that reconnect immediately
+from the same IP address. </p>
+
+</ul>
+
+<li> <p> <a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP engine does not implement the
+AUTH, XCLIENT, and XFORWARD features. If you need to make these
+services available on port 25, then do not enable the tests after
+the 220 server greeting. </p>
+
+<li> <p> End-user clients should connect directly to the submission
+service, so that they never have to deal with <a href="postscreen.8.html">postscreen(8)</a>'s tests.
+</p>
+
+</ul>
+
+<p> The following "after 220 greeting" tests are available: </p>
+
+<ul>
+
+<li> <a href="#pipelining">Command pipelining test</a>
+
+<li> <a href="#non_smtp">Non-SMTP command test</a>
+
+<li> <a href="#barelf">Bare newline test</a>
+
+<li> <a href="#fail_after_220">When tests fail after the 220 SMTP server greeting</a>
+
+</ul>
+
+<h3> <a name="pipelining">Command pipelining test</a> </h3>
+
+<p> By default, SMTP is a half-duplex protocol: the sender and
+receiver send one command and one response at a time. Unlike the
+Postfix SMTP server, <a href="postscreen.8.html">postscreen(8)</a> does not announce support
+for ESMTP command pipelining. Therefore, clients are not allowed
+to send multiple commands. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a> detects
+zombies that send multiple commands, instead of sending one command
+and waiting for the server to reply. </p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends multiple commands, <a href="postscreen.8.html">postscreen(8)</a> logs this
+as: </p>
+
+<pre>
+ <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
+multiple SMTP commands, instead of sending one command and then
+waiting for the server to reply. This happened after the client
+sent <i>command</i>. The <i>text</i> shows part of the input that
+was sent too early; it is not logged with Postfix 2.8. </p>
+
+<p> The <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> parameter specifies the action
+that is taken next. See "<a href="#fail_after_220">When tests fail
+after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="non_smtp">Non-SMTP command test</a> </h3>
+
+<p> Some spambots send their mail through open proxies. A symptom
+of this is the usage of commands such as CONNECT and other non-SMTP
+commands. Just like the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+feature, <a href="postscreen.8.html">postscreen(8)</a> has an equivalent <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+feature to block these clients. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a>
+detects zombies that send commands specified with the
+<a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter. This also detects commands
+with the syntax of a message header label. The latter is a symptom
+that the client is sending message content after ignoring all the
+responses from <a href="postscreen.8.html">postscreen(8)</a> that reject mail. </p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends non-SMTP commands, <a href="postscreen.8.html">postscreen(8)</a> logs this
+as: </p>
+
+<pre>
+ <b>NON-SMTP COMMAND from</b> <i>[address]:port</i> <b>after</b> <i>command: text</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent a
+command that matches the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+parameter, or that has the syntax of a message header label (text
+followed by optional space and ":").
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> The <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> parameter specifies
+the action that is taken next. See "<a href="#fail_after_220">When
+tests fail after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="barelf">Bare newline test</a> </h3>
+
+<p> SMTP is a line-oriented protocol: lines have a limited length,
+and are terminated with &lt;CR&gt;&lt;LF&gt;. Lines ending in a
+"bare" &lt;LF&gt;, that is newline not preceded by carriage return,
+are not allowed in SMTP. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a>
+detects clients that send lines ending in bare newline characters.
+</p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends bare newline characters, <a href="postscreen.8.html">postscreen(8)</a> logs
+this as:
+</p>
+
+<pre>
+ <b>BARE NEWLINE from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent a bare
+newline character, that is newline not preceded by carriage
+return.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> The <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> parameter specifies the
+action that is taken next. See "<a href="#fail_after_220">When
+tests fail after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="fail_after_220">When tests fail after the 220 SMTP server greeting</a> </h3>
+
+<p> When the client fails the pipelining, non-SMTP command or bare
+newline tests, the action is specified with <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a>,
+<a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> or <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a>,
+respectively. </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default for bare newline) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Do NOT repeat this test before the result from some other test
+expires.
+
+This option is useful for testing and collecting statistics without
+blocking mail permanently. </dd>
+
+<dt> <b>enforce</b> (default for pipelining) </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver
+mail with a 550 SMTP reply, and log the helo/sender/recipient
+information. Repeat this test the next time the client connects.
+</dd>
+
+<dt> <b>drop</b> (default for non-SMTP commands) </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. This action is
+compatible with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+feature. </dd>
+
+</dl>
+
+<h2> <a name="other_error">Other errors</a> </h2>
+
+<p> When an SMTP client hangs up unexpectedly, <a href="postscreen.8.html">postscreen(8)</a> logs
+this as: </p>
+
+<pre>
+ <b>HANGUP after</b> <i>time</i> <b>from</b> <i>[address]:port</i> <b>in</b> <i>test name</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> disconnected
+unexpectedly, <i>time</i> seconds after the start of the
+test named <i>test name</i>. </p>
+
+<p> There is no punishment for hanging up. A client that hangs up
+without sending the QUIT command can still pass all <a href="postscreen.8.html">postscreen(8)</a>
+tests. </p>
+
+<!--
+
+<p> While an unexpired penalty is in effect, an SMTP client is not
+allowed to pass any tests, and <a href="postscreen.8.html">postscreen(8)</a> logs each connection
+with the remaining amount of penalty time as: </p>
+
+<pre>
+ <b>PENALTY</b> <i>time</i> <b>for</b> <i>[address]:port</i>
+</pre>
+
+<p> During this time, all attempts by the client to deliver mail
+will be deferred with a 450 SMTP status. </p>
+
+-->
+
+<p> The following errors are reported by the built-in SMTP engine.
+This engine never accepts mail, therefore it has per-session limits
+on the number of commands and on the session length. </p>
+
+<pre>
+ <b>COMMAND TIME LIMIT</b> <b>from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-command time limit as specified with the <a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a>
+parameter. The session is terminated immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<pre>
+ <b>COMMAND COUNT LIMIT from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-session command count limit as specified with the
+<a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> parameter. The session is terminated
+immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<pre>
+ <b>COMMAND LENGTH LIMIT from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-command length limit, as specified with the <a href="postconf.5.html#line_length_limit">line_length_limit</a>
+parameter. The session is terminated immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> When an SMTP client makes too many connections at the same time,
+<a href="postscreen.8.html">postscreen(8)</a> rejects the connection with a 421 status code and logs: </p>
+
+<pre>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: too many connections</b>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> parameter controls this limit. </p>
+
+<p> When an SMTP client connects after <a href="postscreen.8.html">postscreen(8)</a> has reached a
+connection count limit, <a href="postscreen.8.html">postscreen(8)</a> rejects the connection with
+a 421 status code and logs: </p>
+
+<pre>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all screening ports busy</b>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all server ports busy</b>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> and <a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a>
+parameters control these limits. </p>
+
+<h2> <a name="victory">When all tests succeed</a> </h2>
+
+<p> When a new SMTP client passes all tests (i.e. it is not allowlisted
+via some mechanism), <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p>
+
+<pre>
+ <b>PASS NEW</b> <i>[address]:port</i>
+</pre>
+
+<p> Where <i>[address]:port</i> are the client IP address and port.
+Then, <a href="postscreen.8.html">postscreen(8)</a>
+creates a temporary allowlist entry that excludes the client IP
+address from further tests until the temporary allowlist entry
+expires, as controlled with the postscreen_*_ttl parameters. </p>
+
+<p> When no "<a href="#after_220">deep protocol tests</a>" are
+configured, <a href="postscreen.8.html">postscreen(8)</a> hands off the "live" connection to a Postfix
+SMTP server process. The client can then continue as if <a href="postscreen.8.html">postscreen(8)</a>
+never even existed (except for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay).
+</p>
+
+<p> When any "<a href="#after_220">deep protocol tests</a>" are
+configured, <a href="postscreen.8.html">postscreen(8)</a> cannot hand off the "live" connection to
+a Postfix SMTP server process in the middle of the session. Instead,
+<a href="postscreen.8.html">postscreen(8)</a> defers mail delivery attempts with a 4XX status, logs
+the helo/sender/recipient information, and waits for the client to
+disconnect. The next time the client connects it will be allowed
+to talk to a Postfix SMTP server process to deliver its mail.
+<a href="postscreen.8.html">postscreen(8)</a> mitigates the impact of this limitation by giving
+<a href="#after_220">deep protocol tests</a> a long expiration
+time. </p>
+
+<h2> <a name="config"> Configuring the postscreen(8) service</a>
+</h2>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> has been tested on FreeBSD [4-8], Linux 2.[4-6]
+and Solaris 9 systems. </p>
+
+<ul>
+
+<li> <a href="#enable"> Turning on postscreen(8) without blocking
+mail</a>
+
+<li> <a href="#starttls"> postscreen(8) TLS configuration </a>
+
+<li> <a href="#blocking"> Blocking mail with postscreen(8) </a>
+
+<li> <a href="#turnoff"> Turning off postscreen(8) </a>
+
+<li> <a href="#temp_white_sharing"> Sharing the temporary allowlist
+</a>
+
+</ul>
+
+<h3> <a name="enable"> Turning on postscreen(8) without blocking mail</a> </h3>
+
+<p> To enable the <a href="postscreen.8.html">postscreen(8)</a> service and log client information
+without blocking mail: </p>
+
+<ol>
+
+<li> <p> Make sure that local clients and systems with non-standard
+SMTP implementations are excluded from any <a href="postscreen.8.html">postscreen(8)</a> tests. The
+default is to exclude all clients in <a href="postconf.5.html#mynetworks">mynetworks</a>. To exclude additional
+clients, for example, third-party performance monitoring tools (these
+tend to have broken SMTP implementations): </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Exclude broken clients by allowlisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a>
+ # should always be allowlisted.
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ 192.168.254.0/24 permit
+</pre>
+
+<li> <p> Comment out the "<tt>smtp inet ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtp inet n - n - - smtpd
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries
+from the smtpd service that was commented out in the previous step.
+</p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtpd pass - - n - - smtpd
+ -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the new "<tt>smtp inet ... postscreen</tt>"
+service in <a href="master.5.html">master.cf</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - 1 postscreen
+</pre>
+
+<li> <p> Uncomment the new "<tt>tlsproxy unix ... tlsproxy</tt>"
+service in <a href="master.5.html">master.cf</a>. This service implements STARTTLS support for
+<a href="postscreen.8.html">postscreen(8)</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ tlsproxy unix - - n - 0 tlsproxy
+</pre>
+
+<li> <p> Uncomment the new "<tt>dnsblog unix ... dnsblog</tt>"
+service in <a href="master.5.html">master.cf</a>. This service does DNSBL lookups for <a href="postscreen.8.html">postscreen(8)</a>
+and logs results. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ dnsblog unix - - n - 0 dnsblog
+</pre>
+
+<li> <p> To enable DNSBL lookups, list some DNS blocklist sites in
+<a href="postconf.5.html">main.cf</a>, separated by whitespace. Different sites can have different
+weights. For example:
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2
+ <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = zen.spamhaus.org*2
+ bl.spamcop.net*1 b.barracudacentral.org*1
+</pre>
+
+<p> Note: if your DNSBL queries have a "secret" in the domain name,
+you must censor this information from the <a href="postscreen.8.html">postscreen(8)</a> SMTP replies.
+For example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply
+</pre>
+
+<pre>
+/etc/postfix/dnsbl_reply:
+ # Secret DNSBL name Name in <a href="postscreen.8.html">postscreen(8)</a> replies
+ secret.zen.dq.spamhaus.net zen.spamhaus.org
+</pre>
+
+<p> The <a href="DATABASE_README.html#types">texthash</a>: format is similar to <a href="DATABASE_README.html#types">hash</a>: except that there is
+no need to run <a href="postmap.1.html">postmap(1)</a> before the file can be used, and that it
+does not detect changes after the file is read. It is new with
+Postfix version 2.8. </p>
+
+<li> <p> Read the new configuration with "<tt>postfix reload</tt>".
+</p>
+
+</ol>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Some <a href="postscreen.8.html">postscreen(8)</a> configuration parameters implement
+stress-dependent behavior. This is supported only when the default
+value is stress-dependent (that is, "postconf -d <i>parametername</i>"
+output shows
+"<i>parametername</i>&nbsp;=&nbsp;${stress?<i>something</i>}${stress:<i>something</i>}" or
+"<i>parametername</i>&nbsp;=&nbsp;${stress?{<i>something</i>}:{<i>something</i>}}").
+Other parameters always evaluate as if the stress value is the empty
+string. </p>
+
+<li> <p> See "<a href="#before_220">Tests before the 220 SMTP server
+greeting</a>" for details about the logging from these
+<a href="postscreen.8.html">postscreen(8)</a> tests. </p>
+
+<li> <p> If you run Postfix 2.6 or earlier you must stop and start
+the master daemon ("<tt>postfix stop; postfix start</tt>"). This
+is needed because the Postfix "pass" master service type did not
+work reliably on all systems. </p>
+
+</ul>
+
+<h3> <a name="starttls"> postscreen(8) TLS configuration </a> </h3>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> TLS support is available for remote SMTP clients
+that aren't allowlisted, including clients that need to renew their
+temporary allowlist status. When a remote SMTP client requests TLS
+service, <a href="postscreen.8.html">postscreen(8)</a> invisibly hands off the connection to a
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process. Then, <a href="tlsproxy.8.html">tlsproxy(8)</a> encrypts and decrypts the
+traffic between <a href="postscreen.8.html">postscreen(8)</a> and the remote SMTP client. One
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process can handle multiple SMTP sessions. The number
+of <a href="tlsproxy.8.html">tlsproxy(8)</a> processes slowly increases with server load, but it
+should always be much smaller than the number of <a href="postscreen.8.html">postscreen(8)</a> TLS
+sessions. </p>
+
+<p> TLS support for <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a> uses the same
+parameters as with <a href="smtpd.8.html">smtpd(8)</a>. We recommend that you keep the relevant
+configuration parameters in <a href="postconf.5.html">main.cf</a>. If you must specify "-o
+smtpd_mumble=value" parameter overrides in <a href="master.5.html">master.cf</a> for a
+postscreen-protected <a href="smtpd.8.html">smtpd(8)</a> service, then you should specify those
+same parameter overrides for the <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a>
+services. </p>
+
+<h3> <a name="blocking"> Blocking mail with postscreen(8) </a> </h3>
+
+<p> For compatibility with <a href="smtpd.8.html">smtpd(8)</a>, <a href="postscreen.8.html">postscreen(8)</a> implements the
+<a href="postconf.5.html#soft_bounce">soft_bounce</a> safety feature. This causes Postfix to reject mail with
+a "try again" reply code. </p>
+
+<ul>
+
+<li> <p> To turn this on for all of Postfix, specify "<tt><a href="postconf.5.html#soft_bounce">soft_bounce</a>
+= yes</tt>" in <a href="postconf.5.html">main.cf</a>. </p>
+
+<li> <p> To turn this on for <a href="postscreen.8.html">postscreen(8)</a> only, append "<tt>-o
+<a href="postconf.5.html#soft_bounce">soft_bounce</a>=yes</tt>" (note: NO SPACES around '=') to the postscreen
+entry in <a href="master.5.html">master.cf</a>. <p>
+
+</ul>
+
+<p> Execute "<tt>postfix reload</tt>" to make the change effective. </p>
+
+<p> After testing, do not forget to remove the <a href="postconf.5.html#soft_bounce">soft_bounce</a> feature,
+otherwise senders won't receive their non-delivery notification
+until many days later. </p>
+
+<p> To use the <a href="postscreen.8.html">postscreen(8)</a> service to block mail, edit <a href="postconf.5.html">main.cf</a> and
+specify one or more of: </p>
+
+<ul>
+
+<li> <p> "<tt><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> = enforce</tt>", to reject
+clients that are on DNS blocklists, and to log the helo/sender/recipient
+information. With good DNSBLs this reduces the amount of load on
+Postfix SMTP servers dramatically. </p>
+
+<li> <p> "<tt><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> = enforce</tt>", to reject
+clients that talk before their turn, and to log the helo/sender/recipient
+information. This stops over half of all known-to-be illegitimate
+connections to Wietse's mail server. It is backup protection for
+zombies that haven't yet been denylisted. </p>
+
+<li> <p> You can also enable "<a href="#after_220">deep protocol
+tests</a>", but these are more intrusive than the pregreet or DNSBL
+tests. </p>
+
+<p> When a good client passes the "<a href="#after_220">deep
+protocol tests</a>",
+<a href="postscreen.8.html">postscreen(8)</a> adds the client to the temporary
+allowlist but it cannot hand off the "live" connection to a Postfix
+SMTP server process in the middle of the session. Instead, <a href="postscreen.8.html">postscreen(8)</a>
+defers mail delivery attempts with a 4XX status, logs the
+helo/sender/recipient information, and waits for the client to
+disconnect. </p>
+
+<p> When the good client comes back in a later session, it is allowed
+to talk directly to a Postfix SMTP server. See "<a href="#after_220">Tests
+after the 220 SMTP server greeting</a>" above for limitations with
+AUTH and other features that clients may need. </p>
+
+<p> An unexpected benefit from "<a href="#after_220">deep protocol
+tests</a>" is that some "good" clients don't return after the 4XX
+reply; these clients were not so good after all. </p>
+
+<p> Unfortunately, some senders will retry requests from different
+IP addresses, and may never get allowlisted. For this reason,
+Wietse stopped using "<a href="#after_220">deep protocol tests</a>"
+on his own internet-facing mail server. </p>
+
+<li> <p> There is also support for permanent denylisting and
+allowlisting; see the description of the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a>
+parameter for details. </p>
+
+</ul>
+
+<h3> <a name="turnoff"> Turning off postscreen(8) </a> </h3>
+
+<p> To turn off <a href="postscreen.8.html">postscreen(8)</a> and handle mail directly with Postfix
+SMTP server processes: </p>
+
+<ol>
+
+<li> <p> Comment out the "<tt>smtp inet ... postscreen</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtp inet n - n - 1 postscreen
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Comment out the "<tt>dnsblog unix ... dnsblog</tt>" service
+in <a href="master.5.html">master.cf</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #dnsblog unix - - n - 0 dnsblog
+</pre>
+
+<li> <p> Comment out the "<tt>smtpd pass ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtpd pass - - n - - smtpd
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Comment out the "<tt>tlsproxy unix ... tlsproxy</tt>"
+service in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>"
+entries that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #tlsproxy unix - - n - 0 tlsproxy
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the "<tt>smtp inet ... smtpd</tt>" service in
+<a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries that
+may follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd
+ -o parameter=value ...
+</pre>
+
+<li> <p> Read the new configuration with "<tt>postfix reload</tt>".
+</p>
+
+</ol>
+
+<h3> <a name="temp_white_sharing"> Sharing the temporary allowlist </a> </h3>
+
+<p> By default, the temporary allowlist is not shared between
+multiple <a href="postscreen.8.html">postscreen(8)</a> daemons. To enable sharing, choose one
+of the following options: </p>
+
+<ul>
+
+<li> <p> A non-persistent <a href="memcache_table.5.html">memcache</a>: temporary allowlist can be shared
+ between <a href="postscreen.8.html">postscreen(8)</a> daemons on the same host or different
+ hosts. Disable cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
+ = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons because <a href="memcache_table.5.html">memcache</a>: has no
+ first-next API (but see example 4 below for <a href="memcache_table.5.html">memcache</a>: with
+ persistent backup). This requires Postfix 2.9 or later. </p>
+
+ <pre>
+ # Example 1: non-persistent <a href="memcache_table.5.html">memcache</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/postscreen_cache
+ <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ /etc/postfix/postscreen_cache:
+ memcache = inet:127.0.0.1:11211
+ key_format = postscreen:%s
+ </pre>
+
+<li> <p>
+ A persistent <a href="lmdb_table.5.html">lmdb</a>: temporary allowlist can be shared between
+ <a href="postscreen.8.html">postscreen(8)</a> daemons that run under the same <a href="master.8.html">master(8)</a> daemon,
+ or under different <a href="master.8.html">master(8)</a> daemons on the same host. Disable
+ cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0) in all
+ <a href="postscreen.8.html">postscreen(8)</a> daemons except one that is responsible for cache
+ cleanup. This requires Postfix 2.11 or later. </p>
+
+ <pre>
+ # Example 2: persistent <a href="lmdb_table.5.html">lmdb</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="lmdb_table.5.html">lmdb</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+ </pre>
+
+<li> <p> Other kinds of persistent temporary allowlist can be shared
+ only between <a href="postscreen.8.html">postscreen(8)</a> daemons that run under the same
+ <a href="master.8.html">master(8)</a> daemon. In this case, temporary allowlist access must
+ be shared through the <a href="proxymap.8.html">proxymap(8)</a> daemon. This requires Postfix
+ 2.9 or later. </p>
+
+ <pre>
+ # Example 3: proxied <a href="DATABASE_README.html#types">btree</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> =
+ <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ # Example 4: proxied <a href="DATABASE_README.html#types">btree</a>: allowlist with <a href="memcache_table.5.html">memcache</a>: accelerator.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/postscreen_cache
+ <a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> =
+ <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ ... other proxied tables ...
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ /etc/postfix/postscreen_cache:
+ # Note: the $<a href="postconf.5.html#data_directory">data_directory</a> macro is not defined in this context.
+ memcache = inet:127.0.0.1:11211
+ backup = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ key_format = postscreen:%s
+ </pre>
+
+ <p> Note 1: disable cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
+ = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons except one that is responsible
+ for cache cleanup. </p>
+
+ <p> Note 2: <a href="postscreen.8.html">postscreen(8)</a> cache sharing via <a href="proxymap.8.html">proxymap(8)</a> requires Postfix
+ 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> implementations don't support
+ cache cleanup. </p>
+
+</ul>
+
+<h2> <a name="historical"> Historical notes and credits </a> </h2>
+
+<p> Many ideas in <a href="postscreen.8.html">postscreen(8)</a> were explored in earlier work by
+Michael Tokarev, in OpenBSD spamd, and in MailChannels Traffic
+Control. </p>
+
+<p> Wietse threw together a crude prototype with pregreet and dnsbl
+support in June 2009, because he needed something new for a Mailserver
+conference presentation in July. Ralf Hildebrandt ran this code on
+several servers to collect real-world statistics. This version used
+the <a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p>
+
+<p> Wietse needed new material for a LISA conference presentation
+in November 2010, so he added support for DNSBL weights and filters
+in August, followed by a major code rewrite, deep protocol tests,
+helo/sender/recipient logging, and stress-adaptive behavior in
+September. Ralf Hildebrandt ran this code on several servers to
+collect real-world statistics. This version still used the embarrassing
+<a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p>
+
+<p> Wietse added STARTTLS support in December 2010. This makes
+<a href="postscreen.8.html">postscreen(8)</a> usable for sites that require TLS support. The
+implementation introduces the <a href="tlsproxy.8.html">tlsproxy(8)</a> event-driven TLS proxy
+that decrypts/encrypts the sessions for multiple SMTP clients. </p>
+
+<p> The <a href="tlsproxy.8.html">tlsproxy(8)</a> implementation led to the discovery of a "new"
+class of vulnerability (<a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411"
+>CVE-2011-0411</a>) that affected multiple implementations of SMTP,
+POP, IMAP, NNTP, and FTP over TLS. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> was officially released as part of the Postfix
+2.8 stable release in January 2011.</p>
+
+</body>
+
+</html>
diff --git a/html/POSTSCREEN_README.html b/html/POSTSCREEN_README.html
new file mode 100644
index 0000000..bca2ef0
--- /dev/null
+++ b/html/POSTSCREEN_README.html
@@ -0,0 +1,1215 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<head>
+
+<title>Postfix Postscreen Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Postscreen Howto</h1>
+
+<hr>
+
+<h2> <a name="intro">Introduction</a> </h2>
+
+<p> This document describes features that are available in Postfix
+3.6 and later. See <a href="POSTSCREEN_3_5_README.html">
+POSTSCREEN_3_5_README.html</a> for Postfix versions 2.8 - 3.5. </p>
+
+<p> The Postfix <a href="postscreen.8.html">postscreen(8)</a> daemon provides additional protection
+against mail server overload. One <a href="postscreen.8.html">postscreen(8)</a> process handles
+multiple inbound SMTP connections, and decides which clients may
+talk to a Postfix SMTP server process. By keeping spambots away,
+<a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server processes available for
+legitimate clients, and delays the onset of <a
+href="STRESS_README.html">server overload</a> conditions. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> should not be used on SMTP ports that receive
+mail from end-user clients (MUAs). In a typical deployment,
+<a href="postscreen.8.html">postscreen(8)</a> handles the MX service on TCP port 25, while MUA
+clients submit mail via the submission service on TCP port 587 which
+requires client authentication. Alternatively, a site could set up
+a dedicated, non-postscreen, "port 25" server that provides submission
+service and client authentication, but no MX service. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary allowlist for clients that
+pass its tests; by allowing allowlisted clients to skip tests,
+<a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email traffic.
+</p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> is part of a multi-layer defense. <p>
+
+<ul>
+
+<li> <p> As the first layer, <a href="postscreen.8.html">postscreen(8)</a> blocks connections from
+zombies and other spambots that are responsible for about 90% of
+all spam. It is implemented as a single process to make this defense
+as inexpensive as possible. </p>
+
+<li> <p> The second layer implements more complex SMTP-level access
+checks with <a href="SMTPD_ACCESS_README.html">Postfix SMTP servers</a>,
+<a href="SMTPD_POLICY_README.html">policy daemons</a>, and
+<a href="MILTER_README.html">Milter applications</a>. </p>
+
+<li> <p> The third layer performs light-weight content inspection
+with the Postfix built-in <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. This can
+block unacceptable attachments such as executable programs, and
+worms or viruses with easy-to-recognize signatures. </p>
+
+<li> <p> The fourth layer provides heavy-weight content inspection
+with external content filters. Typical examples are <a
+href="http://www.ijs.si/software/amavisd/">Amavisd-new</a>, <a
+href="http://spamassassin.apache.org/">SpamAssassin</a>, and <a
+href="MILTER_README.html">Milter applications</a>. </p>
+
+</ul>
+
+<p> Each layer reduces the spam volume. The general strategy is to
+use the less expensive defenses first, and to use the more expensive
+defenses only for the spam that remains. </p>
+
+<p> Topics in this document: </p>
+
+<ul>
+
+<li> <a href="#intro">Introduction</a>
+
+<li> <a href="#basic">The basic idea behind postscreen(8)</a>
+
+<li> <a href="#general"> General operation </a>
+
+<li> <a href="#quick">Quick tests before everything else</a>
+
+<li> <a href="#before_220"> Tests before the 220 SMTP server greeting </a>
+
+<li> <a href="#after_220">Tests after the 220 SMTP server greeting</a>
+
+<li> <a href="#other_error">Other errors</a>
+
+<li> <a href="#victory">When all tests succeed</a>
+
+<li> <a href="#config"> Configuring the postscreen(8) service</a>
+
+<li> <a href="#historical"> Historical notes and credits </a>
+
+</ul>
+
+<h2> <a name="basic">The basic idea behind postscreen(8)</a> </h2>
+
+<p> Most email is spam, and most spam is sent out by zombies (malware
+on compromised end-user computers). Wietse expects that the zombie
+problem will get worse before things improve, if ever. Without a
+tool like <a href="postscreen.8.html">postscreen(8)</a> that keeps the zombies away, Postfix would be
+spending most of its resources not receiving email. </p>
+
+<p> The main challenge for <a href="postscreen.8.html">postscreen(8)</a> is to make an is-a-zombie
+decision based on a single measurement. This is necessary because
+many zombies try to fly under the radar and avoid spamming the same
+site repeatedly. Once <a href="postscreen.8.html">postscreen(8)</a> decides that a client is
+not-a-zombie, it allowlists the client temporarily to avoid further
+delays for legitimate mail. </p>
+
+<p> Zombies have challenges too: they have only a limited amount
+of time to deliver spam before their IP address becomes denylisted.
+To speed up spam deliveries, zombies make compromises in their SMTP
+protocol implementation. For example, they speak before their turn,
+or they ignore responses from SMTP servers and continue sending
+mail even when the server tells them to go away. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> uses a variety of measurements to recognize
+zombies. First, <a href="postscreen.8.html">postscreen(8)</a> determines if the remote SMTP client
+IP address is denylisted. Second, <a href="postscreen.8.html">postscreen(8)</a> looks for protocol
+compromises that are made to speed up delivery. These are good
+indicators for making is-a-zombie decisions based on single
+measurements. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> does not inspect message content. Message content
+can vary from one delivery to the next, especially with clients
+that (also) send legitimate email. Content is not a good indicator
+for making is-a-zombie decisions based on single measurements,
+and that is the problem that <a href="postscreen.8.html">postscreen(8)</a> is focused on. </p>
+
+<h2> <a name="general"> General operation </a> </h2>
+
+<p> For each connection from an SMTP client, <a href="postscreen.8.html">postscreen(8)</a> performs
+a number of tests
+in the order as described below. Some tests introduce a delay of
+a few seconds. <a href="postscreen.8.html">postscreen(8)</a> maintains a temporary allowlist for
+clients that pass its tests; by allowing allowlisted clients to
+skip tests, <a href="postscreen.8.html">postscreen(8)</a> minimizes its impact on legitimate email
+traffic. </p>
+
+<p> By default, <a href="postscreen.8.html">postscreen(8)</a> hands off all connections to a Postfix
+SMTP server process after logging its findings. This mode is useful
+for non-destructive testing. </p>
+
+<p> In a typical production setting, <a href="postscreen.8.html">postscreen(8)</a> is configured
+to reject mail from clients that fail one or more tests, after
+logging the helo, sender and recipient information. </p>
+
+<p> Note: <a href="postscreen.8.html">postscreen(8)</a> is not an SMTP proxy; this is intentional.
+The purpose is to keep zombies away from Postfix, with minimal
+overhead for legitimate clients. </p>
+
+<h2> <a name="quick">Quick tests before everything else</a> </h2>
+
+<p> Before engaging in SMTP-level tests. <a href="postscreen.8.html">postscreen(8)</a> queries a
+number of local deny and allowlists. These tests speed up the
+handling of known clients. </p>
+
+<ul>
+
+<li> <a href="#perm_allow_deny"> Permanent allow/denylist test </a>
+
+<li> <a href="#temp_allow"> Temporary allowlist test </a>
+
+<li> <a href="#allow_veto"> MX Policy test </a>
+
+</ul>
+
+<h3> <a name="perm_allow_deny"> Permanent allow/denylist test </a> </h3>
+
+<p> The <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter (default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)
+specifies a permanent access list for SMTP client IP addresses. Typically
+one would specify something that allowlists local networks, followed
+by a CIDR table for selective allow- and denylisting. </p>
+
+<p> Example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ # Rules are evaluated in the order as specified.
+ # Denylist 192.168.* except 192.168.0.1.
+ 192.168.0.1 permit
+ 192.168.0.0/16 reject
+</pre>
+
+<p> See the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> manpage documentation for more
+details. </p>
+
+<p> When the SMTP client address matches a "permit" action,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<blockquote>
+<pre>
+<b>ALLOWLISTED</b> <i>[address]:port</i>
+</pre>
+</blockquote>
+
+<blockquote> <p> Use the <a href="postconf.5.html#respectful_logging">respectful_logging</a> configuration parameter to
+select a deprecated form of this logging. </p> </blockquote>
+
+<p> The allowlist action is not configurable: immediately hand off the
+connection to a Postfix SMTP server process. </p>
+
+<p> When the SMTP client address matches a "reject" action,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<blockquote>
+<pre>
+<b>DENYLISTED</b> <i>[address]:port</i>
+</pre>
+</blockquote>
+
+<blockquote> <p> Use the <a href="postconf.5.html#respectful_logging">respectful_logging</a> configuration parameter to
+select a deprecated form of this logging. </p> </blockquote>
+
+<p> The <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> parameter specifies the action
+that is taken next. See "<a href="#fail_before_220">When tests
+fail before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="temp_allow"> Temporary allowlist test </a> </h3>
+
+<p> The <a href="postscreen.8.html">postscreen(8)</a> daemon maintains a <i>temporary</i>
+allowlist for SMTP client IP addresses that have passed all
+the tests described below. The <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> parameter
+specifies the location of the temporary allowlist. The
+temporary allowlist is not used for SMTP client addresses
+that appear on the <i>permanent</i> access list. </p>
+
+<p> By default the temporary allowlist is not shared with other
+<a href="postscreen.8.html">postscreen(8)</a> daemons. See
+<a href="#temp_allow_sharing"> Sharing
+the temporary allowlist </a> below for alternatives. </p>
+
+<p> When the SMTP client address appears on the temporary
+allowlist, <a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port
+number as: </p>
+
+<pre>
+ <b>PASS OLD</b> <i>[address]:port</i>
+</pre>
+
+<p> The action is not configurable: immediately hand off the
+connection to a Postfix SMTP server process. The client is
+excluded from further tests until its temporary allowlist
+entry expires, as controlled with the postscreen_*_ttl
+parameters. Expired entries are silently renewed if possible. </p>
+
+<h3> <a name="allow_veto"> MX Policy test </a> </h3>
+
+<p> When the remote SMTP client is not on the static access list
+or temporary allowlist, <a href="postscreen.8.html">postscreen(8)</a> can implement a number of
+allowlist tests, before it grants the client a temporary allowlist
+status that allows it to talk to a Postfix SMTP server process. </p>
+
+<p> When <a href="postscreen.8.html">postscreen(8)</a> is configured to monitor all primary and
+backup MX addresses, it can refuse to allowlist clients that connect
+to a backup MX address only (an old spammer trick to take advantage
+of backup MX hosts with weaker anti-spam policies than primary MX
+hosts). </p>
+
+<blockquote> <p> NOTE: The following solution is for small sites.
+Larger sites would have to share the <a href="postscreen.8.html">postscreen(8)</a> cache between
+primary and backup MTAs, which would introduce a common point of
+failure. </p> </blockquote>
+
+<ul>
+
+<li> <p> First, configure the host to listen on both primary and
+backup MX addresses. Use the appropriate <tt>ifconfig</tt> or <tt>ip</tt>
+command for the local operating system, or update the appropriate
+configuration files and "refresh" the network protocol stack. </p>
+
+<p> <p> Second, configure Postfix to listen on the new IP address
+(this step is needed when you have specified <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in
+<a href="postconf.5.html">main.cf</a>). </p>
+
+<li> <p> Then, configure <a href="postscreen.8.html">postscreen(8)</a> to deny the temporary allowlist
+status on the backup MX address(es). An example for Wietse's
+server is: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> = !168.100.189.8 <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+
+<p> Translation: allow clients to obtain the temporary allowlist
+status on all server IP addresses except 168.100.189.8, which is a
+backup MX address. </p>
+
+</ul>
+
+<p> When a non-allowlisted client connects the backup MX address,
+<a href="postscreen.8.html">postscreen(8)</a> logs this with the client address and port number as:
+</p>
+
+<blockquote> <pre>
+<b>CONNECT from</b> <i>[address]:port</i> <b>to [168.100.189.8]:25</b>
+<b>ALLOWLIST VETO</b> <i>[address]:port</i>
+</pre> </blockquote>
+
+<blockquote> <p> Use the <a href="postconf.5.html#respectful_logging">respectful_logging</a> configuration parameter to
+select a deprecated form of this logging. </p> </blockquote>
+
+<p> Translation: the client at <i>[address]:port</i> connected to
+the backup MX address 168.100.189.8 while it was not allowlisted.
+The client will not be granted the temporary allowlist status, even
+if passes all the allowlist tests described below. </p>
+
+<h2> <a name="before_220"> Tests before the 220 SMTP server greeting </a> </h2>
+
+<p> The <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter specifies a short time
+interval before the "220 <i>text</i>..." server greeting, where
+<a href="postscreen.8.html">postscreen(8)</a> can run a number of tests in parallel. </p>
+
+<p> When a good client passes these tests, and no "<a
+href="#after_220">deep protocol tests</a>"
+are configured, <a href="postscreen.8.html">postscreen(8)</a>
+adds the client to the temporary allowlist and hands off the "live"
+connection to a Postfix SMTP server process. The client can then
+continue as if <a href="postscreen.8.html">postscreen(8)</a> never even existed (except of course
+for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay). </p>
+
+<ul>
+
+<li> <a href="#pregreet"> Pregreet test </a>
+
+<li> <a href="#dnsbl"> DNS Allow/denylist test </a>
+
+<li> <a href="#fail_before_220">When tests fail before the 220 SMTP server greeting</a>
+
+</ul>
+
+<h3> <a name="pregreet"> Pregreet test </a> </h3>
+
+<p> The SMTP protocol is a classic example of a protocol where the
+server speaks before the client. <a href="postscreen.8.html">postscreen(8)</a> detects zombies
+that are in a hurry and that speak before their turn. This test is
+enabled by default. </p>
+
+<p> The <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> parameter specifies the <i>text</i>
+portion of a "220-<i>text</i>..." teaser banner (default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>).
+Note that this becomes the first part of a multi-line server greeting.
+The <a href="postscreen.8.html">postscreen(8)</a> daemon sends this before the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
+timer is started. The purpose of the teaser banner is to confuse
+zombies so that they speak before their turn. It has no effect on
+SMTP clients that correctly implement the protocol. </p>
+
+<p> To avoid problems with poorly-implemented SMTP engines in network
+appliances or network testing tools, either exclude them from all
+tests with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> feature or else specify
+an empty teaser banner: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Exclude broken clients by allowlisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a>
+ # should always be allowlisted.
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ 192.168.254.0/24 permit
+</pre>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Disable the teaser banner (try allowlisting first if you can).
+ <a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> =
+</pre>
+
+<p> When an SMTP client sends a command before the
+<a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, <a href="postscreen.8.html">postscreen(8)</a> logs this as:
+</p>
+
+<pre>
+ <b>PREGREET</b> <i>count</i> <b>after</b> <i>time</i> <b>from</b> <i>[address]:port text...</i>
+</pre>
+
+<p> Translation: the client at <i>[address]:port</i> sent <i>count</i>
+bytes before its turn to speak. This happened <i>time</i> seconds
+after the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> timer was started. The <i>text</i>
+is what the client sent (truncated to 100 bytes, and with non-printable
+characters replaced with C-style escapes such as \r for carriage-return
+and \n for newline). </p>
+
+<p> The <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> parameter specifies the action that
+is taken next. See "<a href="#fail_before_220">When tests fail
+before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="dnsbl"> DNS Allow/denylist test </a> </h3>
+
+<p> The <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter (default: empty) specifies
+a list of DNS blocklist servers with optional filters and weight
+factors (positive weights for denylisting, negative for allowlisting).
+These servers will be queried in parallel with the reverse client
+IP address. This test is disabled by default. </p>
+
+<blockquote>
+<p>
+CAUTION: when postscreen rejects mail, its SMTP reply contains the
+DNSBL domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to
+hide "password" information in DNSBL domain names.
+</p>
+</blockquote>
+
+<p> When the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> time has elapsed, and the combined
+DNSBL score is equal to or greater than the <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
+parameter value, <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p>
+
+<pre>
+ <b>DNSBL rank</b> <i>count</i> <b>for</b> <i>[address]:port</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> has a combined
+DNSBL score of <i>count</i>. </p>
+
+<p> The <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> parameter specifies the action that
+is taken when the combined DNSBL score is equal to or greater than
+the threshold. See "<a href="#fail_before_220">When tests fail
+before the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="fail_before_220">When tests fail before the 220 SMTP server greeting</a> </h3>
+
+<p> When the client address matches the permanent denylist, or
+when the client fails the pregreet or DNSBL tests, the action is
+specified with <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a>, <a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a>,
+or <a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a>, respectively. </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects. This option
+is useful for testing and collecting statistics without blocking
+mail. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<h2> <a name="after_220">Tests after the 220 SMTP server greeting</a> </h2>
+
+<p> In this phase of the protocol, <a href="postscreen.8.html">postscreen(8)</a> implements a
+number of "deep protocol" tests. These tests use an SMTP protocol
+engine that is built into the <a href="postscreen.8.html">postscreen(8)</a> server. </p>
+
+<p> Important note: these protocol tests are disabled by default.
+They are more intrusive than the pregreet and DNSBL tests, and they
+have limitations as discussed next. </p>
+
+<ul>
+
+<li> <p> The main limitation of "after 220 greeting" tests is that
+a new client must disconnect after passing these tests (reason:
+postscreen is not a proxy). Then the client must reconnect from
+the same IP address before it can deliver mail. The following
+measures may help to avoid email delays: </p>
+
+<ul>
+
+<li> <p> Allow "good" clients to skip tests with the
+<a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> feature. This is especially effective
+for large providers that usually don't retry from the same IP
+address. </p>
+
+<li> <p> Small sites: Configure <a href="postscreen.8.html">postscreen(8)</a> to listen on multiple
+IP addresses, published in DNS as different IP addresses for the
+same MX hostname or for different MX hostnames. This avoids mail
+delivery delays with clients that reconnect immediately from the
+same IP address. </p>
+
+<li> <p> Large sites: Share the <a href="postscreen.8.html">postscreen(8)</a> cache between different
+Postfix MTAs with a large-enough <a href="memcache_table.5.html">memcache_table(5)</a>. Again, this
+avoids mail delivery delays with clients that reconnect immediately
+from the same IP address. </p>
+
+</ul>
+
+<li> <p> <a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP engine does not implement the
+AUTH, XCLIENT, and XFORWARD features. If you need to make these
+services available on port 25, then do not enable the tests after
+the 220 server greeting. </p>
+
+<li> <p> End-user clients should connect directly to the submission
+service, so that they never have to deal with <a href="postscreen.8.html">postscreen(8)</a>'s tests.
+</p>
+
+</ul>
+
+<p> The following "after 220 greeting" tests are available: </p>
+
+<ul>
+
+<li> <a href="#pipelining">Command pipelining test</a>
+
+<li> <a href="#non_smtp">Non-SMTP command test</a>
+
+<li> <a href="#barelf">Bare newline test</a>
+
+<li> <a href="#fail_after_220">When tests fail after the 220 SMTP server greeting</a>
+
+</ul>
+
+<h3> <a name="pipelining">Command pipelining test</a> </h3>
+
+<p> By default, SMTP is a half-duplex protocol: the sender and
+receiver send one command and one response at a time. Unlike the
+Postfix SMTP server, <a href="postscreen.8.html">postscreen(8)</a> does not announce support
+for ESMTP command pipelining. Therefore, clients are not allowed
+to send multiple commands. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a> detects
+zombies that send multiple commands, instead of sending one command
+and waiting for the server to reply. </p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends multiple commands, <a href="postscreen.8.html">postscreen(8)</a> logs this
+as: </p>
+
+<pre>
+ <b>COMMAND PIPELINING from</b> <i>[address]:port</i> <b>after</b> <i>command</i>: <i>text</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent
+multiple SMTP commands, instead of sending one command and then
+waiting for the server to reply. This happened after the client
+sent <i>command</i>. The <i>text</i> shows part of the input that
+was sent too early; it is not logged with Postfix 2.8. </p>
+
+<p> The <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> parameter specifies the action
+that is taken next. See "<a href="#fail_after_220">When tests fail
+after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="non_smtp">Non-SMTP command test</a> </h3>
+
+<p> Some spambots send their mail through open proxies. A symptom
+of this is the usage of commands such as CONNECT and other non-SMTP
+commands. Just like the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+feature, <a href="postscreen.8.html">postscreen(8)</a> has an equivalent <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+feature to block these clients. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a>
+detects zombies that send commands specified with the
+<a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter. This also detects commands
+with the syntax of a message header label. The latter is a symptom
+that the client is sending message content after ignoring all the
+responses from <a href="postscreen.8.html">postscreen(8)</a> that reject mail. </p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends non-SMTP commands, <a href="postscreen.8.html">postscreen(8)</a> logs this
+as: </p>
+
+<pre>
+ <b>NON-SMTP COMMAND from</b> <i>[address]:port</i> <b>after</b> <i>command: text</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent a
+command that matches the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+parameter, or that has the syntax of a message header label (text
+followed by optional space and ":").
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> The <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> parameter specifies
+the action that is taken next. See "<a href="#fail_after_220">When
+tests fail after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="barelf">Bare newline test</a> </h3>
+
+<p> SMTP is a line-oriented protocol: lines have a limited length,
+and are terminated with &lt;CR&gt;&lt;LF&gt;. Lines ending in a
+"bare" &lt;LF&gt;, that is newline not preceded by carriage return,
+are not allowed in SMTP. <a href="postscreen.8.html">postscreen(8)</a>'s
+<a href="#after_220">deep
+protocol test</a> for this is disabled by default. </p>
+
+<p> With "<a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> = yes", <a href="postscreen.8.html">postscreen(8)</a>
+detects clients that send lines ending in bare newline characters.
+</p>
+
+<p> This test is opportunistically enabled when <a href="postscreen.8.html">postscreen(8)</a> has
+to use the built-in SMTP engine anyway. This is to make <a href="postscreen.8.html">postscreen(8)</a>
+logging more informative. </p>
+
+<p> When a client sends bare newline characters, <a href="postscreen.8.html">postscreen(8)</a> logs
+this as:
+</p>
+
+<pre>
+ <b>BARE NEWLINE from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> sent a bare
+newline character, that is newline not preceded by carriage
+return.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> The <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> parameter specifies the
+action that is taken next. See "<a href="#fail_after_220">When
+tests fail after the 220 SMTP server greeting</a>" below. </p>
+
+<h3> <a name="fail_after_220">When tests fail after the 220 SMTP server greeting</a> </h3>
+
+<p> When the client fails the pipelining, non-SMTP command or bare
+newline tests, the action is specified with <a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a>,
+<a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> or <a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a>,
+respectively. </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default for bare newline) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Do NOT repeat this test before the result from some other test
+expires.
+
+This option is useful for testing and collecting statistics without
+blocking mail permanently. </dd>
+
+<dt> <b>enforce</b> (default for pipelining) </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver
+mail with a 550 SMTP reply, and log the helo/sender/recipient
+information. Repeat this test the next time the client connects.
+</dd>
+
+<dt> <b>drop</b> (default for non-SMTP commands) </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. This action is
+compatible with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+feature. </dd>
+
+</dl>
+
+<h2> <a name="other_error">Other errors</a> </h2>
+
+<p> When an SMTP client hangs up unexpectedly, <a href="postscreen.8.html">postscreen(8)</a> logs
+this as: </p>
+
+<pre>
+ <b>HANGUP after</b> <i>time</i> <b>from</b> <i>[address]:port</i> <b>in</b> <i>test name</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> disconnected
+unexpectedly, <i>time</i> seconds after the start of the
+test named <i>test name</i>. </p>
+
+<p> There is no punishment for hanging up. A client that hangs up
+without sending the QUIT command can still pass all <a href="postscreen.8.html">postscreen(8)</a>
+tests. </p>
+
+<!--
+
+<p> While an unexpired penalty is in effect, an SMTP client is not
+allowed to pass any tests, and <a href="postscreen.8.html">postscreen(8)</a> logs each connection
+with the remaining amount of penalty time as: </p>
+
+<pre>
+ <b>PENALTY</b> <i>time</i> <b>for</b> <i>[address]:port</i>
+</pre>
+
+<p> During this time, all attempts by the client to deliver mail
+will be deferred with a 450 SMTP status. </p>
+
+-->
+
+<p> The following errors are reported by the built-in SMTP engine.
+This engine never accepts mail, therefore it has per-session limits
+on the number of commands and on the session length. </p>
+
+<pre>
+ <b>COMMAND TIME LIMIT</b> <b>from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-command time limit as specified with the <a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a>
+parameter. The session is terminated immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<pre>
+ <b>COMMAND COUNT LIMIT from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-session command count limit as specified with the
+<a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> parameter. The session is terminated
+immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<pre>
+ <b>COMMAND LENGTH LIMIT from</b> <i>[address]:port</i> <b>after</b> <i>command</i>
+</pre>
+
+<p> Translation: the SMTP client at <i>[address]:port</i> reached the
+per-command length limit, as specified with the <a href="postconf.5.html#line_length_limit">line_length_limit</a>
+parameter. The session is terminated immediately.
+The "<tt><b>after</b> <i>command</i></tt>" portion is logged with
+Postfix 2.10 and later. </p>
+
+<p> When an SMTP client makes too many connections at the same time,
+<a href="postscreen.8.html">postscreen(8)</a> rejects the connection with a 421 status code and logs: </p>
+
+<pre>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: too many connections</b>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> parameter controls this limit. </p>
+
+<p> When an SMTP client connects after <a href="postscreen.8.html">postscreen(8)</a> has reached a
+connection count limit, <a href="postscreen.8.html">postscreen(8)</a> rejects the connection with
+a 421 status code and logs: </p>
+
+<pre>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all screening ports busy</b>
+ <b>NOQUEUE: reject: CONNECT from</b> <i>[address]:port</i><b>: all server ports busy</b>
+</pre>
+
+<p> The <a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> and <a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a>
+parameters control these limits. </p>
+
+<h2> <a name="victory">When all tests succeed</a> </h2>
+
+<p> When a new SMTP client passes all tests (i.e. it is not allowlisted
+via some mechanism), <a href="postscreen.8.html">postscreen(8)</a> logs this as: </p>
+
+<pre>
+ <b>PASS NEW</b> <i>[address]:port</i>
+</pre>
+
+<p> Where <i>[address]:port</i> are the client IP address and port.
+Then, <a href="postscreen.8.html">postscreen(8)</a>
+creates a temporary allowlist entry that excludes the client IP
+address from further tests until the temporary allowlist entry
+expires, as controlled with the postscreen_*_ttl parameters. </p>
+
+<p> When no "<a href="#after_220">deep protocol tests</a>" are
+configured, <a href="postscreen.8.html">postscreen(8)</a> hands off the "live" connection to a Postfix
+SMTP server process. The client can then continue as if <a href="postscreen.8.html">postscreen(8)</a>
+never even existed (except for the short <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> delay).
+</p>
+
+<p> When any "<a href="#after_220">deep protocol tests</a>" are
+configured, <a href="postscreen.8.html">postscreen(8)</a> cannot hand off the "live" connection to
+a Postfix SMTP server process in the middle of the session. Instead,
+<a href="postscreen.8.html">postscreen(8)</a> defers mail delivery attempts with a 4XX status, logs
+the helo/sender/recipient information, and waits for the client to
+disconnect. The next time the client connects it will be allowed
+to talk to a Postfix SMTP server process to deliver its mail.
+<a href="postscreen.8.html">postscreen(8)</a> mitigates the impact of this limitation by giving
+<a href="#after_220">deep protocol tests</a> a long expiration
+time. </p>
+
+<h2> <a name="config"> Configuring the postscreen(8) service</a>
+</h2>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> has been tested on FreeBSD [4-8], Linux 2.[4-6]
+and Solaris 9 systems. </p>
+
+<ul>
+
+<li> <a href="#enable"> Turning on postscreen(8) without blocking
+mail</a>
+
+<li> <a href="#starttls"> postscreen(8) TLS configuration </a>
+
+<li> <a href="#blocking"> Blocking mail with postscreen(8) </a>
+
+<li> <a href="#turnoff"> Turning off postscreen(8) </a>
+
+<li> <a href="#temp_allow_sharing"> Sharing the temporary allowlist
+</a>
+
+</ul>
+
+<h3> <a name="enable"> Turning on postscreen(8) without blocking mail</a> </h3>
+
+<p> To enable the <a href="postscreen.8.html">postscreen(8)</a> service and log client information
+without blocking mail: </p>
+
+<ol>
+
+<li> <p> Make sure that local clients and systems with non-standard
+SMTP implementations are excluded from any <a href="postscreen.8.html">postscreen(8)</a> tests. The
+default is to exclude all clients in <a href="postconf.5.html#mynetworks">mynetworks</a>. To exclude additional
+clients, for example, third-party performance monitoring tools (these
+tend to have broken SMTP implementations): </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Exclude broken clients by allowlisting. Clients in <a href="postconf.5.html#mynetworks">mynetworks</a>
+ # should always be allowlisted.
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ 192.168.254.0/24 permit
+</pre>
+
+<li> <p> Comment out the "<tt>smtp inet ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtp inet n - n - - smtpd
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the new "<tt>smtpd pass ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, and duplicate any "<tt>-o parameter=value</tt>" entries
+from the smtpd service that was commented out in the previous step.
+</p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtpd pass - - n - - smtpd
+ -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the new "<tt>smtp inet ... postscreen</tt>"
+service in <a href="master.5.html">master.cf</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - 1 postscreen
+</pre>
+
+<li> <p> Uncomment the new "<tt>tlsproxy unix ... tlsproxy</tt>"
+service in <a href="master.5.html">master.cf</a>. This service implements STARTTLS support for
+<a href="postscreen.8.html">postscreen(8)</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ tlsproxy unix - - n - 0 tlsproxy
+</pre>
+
+<li> <p> Uncomment the new "<tt>dnsblog unix ... dnsblog</tt>"
+service in <a href="master.5.html">master.cf</a>. This service does DNSBL lookups for <a href="postscreen.8.html">postscreen(8)</a>
+and logs results. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ dnsblog unix - - n - 0 dnsblog
+</pre>
+
+<li> <p> To enable DNSBL lookups, list some DNS blocklist sites in
+<a href="postconf.5.html">main.cf</a>, separated by whitespace. Different sites can have different
+weights. For example:
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2
+ <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = zen.spamhaus.org*2
+ bl.spamcop.net*1 b.barracudacentral.org*1
+</pre>
+
+<p> Note: if your DNSBL queries have a "secret" in the domain name,
+you must censor this information from the <a href="postscreen.8.html">postscreen(8)</a> SMTP replies.
+For example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply
+</pre>
+
+<pre>
+/etc/postfix/dnsbl_reply:
+ # Secret DNSBL name Name in <a href="postscreen.8.html">postscreen(8)</a> replies
+ secret.zen.dq.spamhaus.net zen.spamhaus.org
+</pre>
+
+<p> The <a href="DATABASE_README.html#types">texthash</a>: format is similar to <a href="DATABASE_README.html#types">hash</a>: except that there is
+no need to run <a href="postmap.1.html">postmap(1)</a> before the file can be used, and that it
+does not detect changes after the file is read. It is new with
+Postfix version 2.8. </p>
+
+<li> <p> Read the new configuration with "<tt>postfix reload</tt>".
+</p>
+
+</ol>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Some <a href="postscreen.8.html">postscreen(8)</a> configuration parameters implement
+stress-dependent behavior. This is supported only when the default
+value is stress-dependent (that is, "postconf -d <i>parametername</i>"
+output shows
+"<i>parametername</i>&nbsp;=&nbsp;${stress?<i>something</i>}${stress:<i>something</i>}" or
+"<i>parametername</i>&nbsp;=&nbsp;${stress?{<i>something</i>}:{<i>something</i>}}").
+Other parameters always evaluate as if the stress value is the empty
+string. </p>
+
+<li> <p> See "<a href="#before_220">Tests before the 220 SMTP server
+greeting</a>" for details about the logging from these
+<a href="postscreen.8.html">postscreen(8)</a> tests. </p>
+
+<li> <p> If you run Postfix 2.6 or earlier you must stop and start
+the master daemon ("<tt>postfix stop; postfix start</tt>"). This
+is needed because the Postfix "pass" master service type did not
+work reliably on all systems. </p>
+
+</ul>
+
+<h3> <a name="starttls"> postscreen(8) TLS configuration </a> </h3>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> TLS support is available for remote SMTP clients
+that aren't allowlisted, including clients that need to renew their
+temporary allowlist status. When a remote SMTP client requests TLS
+service, <a href="postscreen.8.html">postscreen(8)</a> invisibly hands off the connection to a
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process. Then, <a href="tlsproxy.8.html">tlsproxy(8)</a> encrypts and decrypts the
+traffic between <a href="postscreen.8.html">postscreen(8)</a> and the remote SMTP client. One
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process can handle multiple SMTP sessions. The number
+of <a href="tlsproxy.8.html">tlsproxy(8)</a> processes slowly increases with server load, but it
+should always be much smaller than the number of <a href="postscreen.8.html">postscreen(8)</a> TLS
+sessions. </p>
+
+<p> TLS support for <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a> uses the same
+parameters as with <a href="smtpd.8.html">smtpd(8)</a>. We recommend that you keep the relevant
+configuration parameters in <a href="postconf.5.html">main.cf</a>. If you must specify "-o
+smtpd_mumble=value" parameter overrides in <a href="master.5.html">master.cf</a> for a
+postscreen-protected <a href="smtpd.8.html">smtpd(8)</a> service, then you should specify those
+same parameter overrides for the <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a>
+services. </p>
+
+<h3> <a name="blocking"> Blocking mail with postscreen(8) </a> </h3>
+
+<p> For compatibility with <a href="smtpd.8.html">smtpd(8)</a>, <a href="postscreen.8.html">postscreen(8)</a> implements the
+<a href="postconf.5.html#soft_bounce">soft_bounce</a> safety feature. This causes Postfix to reject mail with
+a "try again" reply code. </p>
+
+<ul>
+
+<li> <p> To turn this on for all of Postfix, specify "<tt><a href="postconf.5.html#soft_bounce">soft_bounce</a>
+= yes</tt>" in <a href="postconf.5.html">main.cf</a>. </p>
+
+<li> <p> To turn this on for <a href="postscreen.8.html">postscreen(8)</a> only, append "<tt>-o
+<a href="postconf.5.html#soft_bounce">soft_bounce</a>=yes</tt>" (note: NO SPACES around '=') to the postscreen
+entry in <a href="master.5.html">master.cf</a>. <p>
+
+</ul>
+
+<p> Execute "<tt>postfix reload</tt>" to make the change effective. </p>
+
+<p> After testing, do not forget to remove the <a href="postconf.5.html#soft_bounce">soft_bounce</a> feature,
+otherwise senders won't receive their non-delivery notification
+until many days later. </p>
+
+<p> To use the <a href="postscreen.8.html">postscreen(8)</a> service to block mail, edit <a href="postconf.5.html">main.cf</a> and
+specify one or more of: </p>
+
+<ul>
+
+<li> <p> "<tt><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> = enforce</tt>", to reject
+clients that are on DNS blocklists, and to log the helo/sender/recipient
+information. With good DNSBLs this reduces the amount of load on
+Postfix SMTP servers dramatically. </p>
+
+<li> <p> "<tt><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> = enforce</tt>", to reject
+clients that talk before their turn, and to log the helo/sender/recipient
+information. This stops over half of all known-to-be illegitimate
+connections to Wietse's mail server. It is backup protection for
+zombies that haven't yet been denylisted. </p>
+
+<li> <p> You can also enable "<a href="#after_220">deep protocol
+tests</a>", but these are more intrusive than the pregreet or DNSBL
+tests. </p>
+
+<p> When a good client passes the "<a href="#after_220">deep
+protocol tests</a>",
+<a href="postscreen.8.html">postscreen(8)</a> adds the client to the temporary
+allowlist but it cannot hand off the "live" connection to a Postfix
+SMTP server process in the middle of the session. Instead, <a href="postscreen.8.html">postscreen(8)</a>
+defers mail delivery attempts with a 4XX status, logs the
+helo/sender/recipient information, and waits for the client to
+disconnect. </p>
+
+<p> When the good client comes back in a later session, it is allowed
+to talk directly to a Postfix SMTP server. See "<a href="#after_220">Tests
+after the 220 SMTP server greeting</a>" above for limitations with
+AUTH and other features that clients may need. </p>
+
+<p> An unexpected benefit from "<a href="#after_220">deep protocol
+tests</a>" is that some "good" clients don't return after the 4XX
+reply; these clients were not so good after all. </p>
+
+<p> Unfortunately, some senders will retry requests from different
+IP addresses, and may never get allowlisted. For this reason,
+Wietse stopped using "<a href="#after_220">deep protocol tests</a>"
+on his own internet-facing mail server. </p>
+
+<li> <p> There is also support for permanent denylisting and
+allowlisting; see the description of the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a>
+parameter for details. </p>
+
+</ul>
+
+<h3> <a name="turnoff"> Turning off postscreen(8) </a> </h3>
+
+<p> To turn off <a href="postscreen.8.html">postscreen(8)</a> and handle mail directly with Postfix
+SMTP server processes: </p>
+
+<ol>
+
+<li> <p> Comment out the "<tt>smtp inet ... postscreen</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtp inet n - n - 1 postscreen
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Comment out the "<tt>dnsblog unix ... dnsblog</tt>" service
+in <a href="master.5.html">master.cf</a>. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #dnsblog unix - - n - 0 dnsblog
+</pre>
+
+<li> <p> Comment out the "<tt>smtpd pass ... smtpd</tt>" service
+in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries
+that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #smtpd pass - - n - - smtpd
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Comment out the "<tt>tlsproxy unix ... tlsproxy</tt>"
+service in <a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>"
+entries that follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ #tlsproxy unix - - n - 0 tlsproxy
+ # -o parameter=value ...
+</pre>
+
+<li> <p> Uncomment the "<tt>smtp inet ... smtpd</tt>" service in
+<a href="master.5.html">master.cf</a>, including any "<tt>-o parameter=value</tt>" entries that
+may follow. </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp inet n - n - - smtpd
+ -o parameter=value ...
+</pre>
+
+<li> <p> Read the new configuration with "<tt>postfix reload</tt>".
+</p>
+
+</ol>
+
+<h3> <a name="temp_allow_sharing"> Sharing the temporary allowlist </a> </h3>
+
+<p> By default, the temporary allowlist is not shared between
+multiple <a href="postscreen.8.html">postscreen(8)</a> daemons. To enable sharing, choose one
+of the following options: </p>
+
+<ul>
+
+<li> <p> A non-persistent <a href="memcache_table.5.html">memcache</a>: temporary allowlist can be shared
+ between <a href="postscreen.8.html">postscreen(8)</a> daemons on the same host or different
+ hosts. Disable cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
+ = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons because <a href="memcache_table.5.html">memcache</a>: has no
+ first-next API (but see example 4 below for <a href="memcache_table.5.html">memcache</a>: with
+ persistent backup). This requires Postfix 2.9 or later. </p>
+
+ <pre>
+ # Example 1: non-persistent <a href="memcache_table.5.html">memcache</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/postscreen_cache
+ <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ /etc/postfix/postscreen_cache:
+ memcache = inet:127.0.0.1:11211
+ key_format = postscreen:%s
+ </pre>
+
+<li> <p>
+ A persistent <a href="lmdb_table.5.html">lmdb</a>: temporary allowlist can be shared between
+ <a href="postscreen.8.html">postscreen(8)</a> daemons that run under the same <a href="master.8.html">master(8)</a> daemon,
+ or under different <a href="master.8.html">master(8)</a> daemons on the same host. Disable
+ cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0) in all
+ <a href="postscreen.8.html">postscreen(8)</a> daemons except one that is responsible for cache
+ cleanup. This requires Postfix 2.11 or later. </p>
+
+ <pre>
+ # Example 2: persistent <a href="lmdb_table.5.html">lmdb</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="lmdb_table.5.html">lmdb</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+ </pre>
+
+<li> <p> Other kinds of persistent temporary allowlist can be shared
+ only between <a href="postscreen.8.html">postscreen(8)</a> daemons that run under the same
+ <a href="master.8.html">master(8)</a> daemon. In this case, temporary allowlist access must
+ be shared through the <a href="proxymap.8.html">proxymap(8)</a> daemon. This requires Postfix
+ 2.9 or later. </p>
+
+ <pre>
+ # Example 3: proxied <a href="DATABASE_README.html#types">btree</a>: allowlist.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> =
+ <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ # Example 4: proxied <a href="DATABASE_README.html#types">btree</a>: allowlist with <a href="memcache_table.5.html">memcache</a>: accelerator.
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/postscreen_cache
+ <a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> =
+ <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ ... other proxied tables ...
+ # See note 1 below.
+ # <a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> = 0
+
+ /etc/postfix/postscreen_cache:
+ # Note: the $<a href="postconf.5.html#data_directory">data_directory</a> macro is not defined in this context.
+ memcache = inet:127.0.0.1:11211
+ backup = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/postscreen_cache
+ key_format = postscreen:%s
+ </pre>
+
+ <p> Note 1: disable cache cleanup (<a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
+ = 0) in all <a href="postscreen.8.html">postscreen(8)</a> daemons except one that is responsible
+ for cache cleanup. </p>
+
+ <p> Note 2: <a href="postscreen.8.html">postscreen(8)</a> cache sharing via <a href="proxymap.8.html">proxymap(8)</a> requires Postfix
+ 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a> implementations don't support
+ cache cleanup. </p>
+
+</ul>
+
+<h2> <a name="historical"> Historical notes and credits </a> </h2>
+
+<p> Many ideas in <a href="postscreen.8.html">postscreen(8)</a> were explored in earlier work by
+Michael Tokarev, in OpenBSD spamd, and in MailChannels Traffic
+Control. </p>
+
+<p> Wietse threw together a crude prototype with pregreet and dnsbl
+support in June 2009, because he needed something new for a Mailserver
+conference presentation in July. Ralf Hildebrandt ran this code on
+several servers to collect real-world statistics. This version used
+the <a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p>
+
+<p> Wietse needed new material for a LISA conference presentation
+in November 2010, so he added support for DNSBL weights and filters
+in August, followed by a major code rewrite, deep protocol tests,
+helo/sender/recipient logging, and stress-adaptive behavior in
+September. Ralf Hildebrandt ran this code on several servers to
+collect real-world statistics. This version still used the embarrassing
+<a href="dnsblog.8.html">dnsblog(8)</a> ad-hoc DNS client program. </p>
+
+<p> Wietse added STARTTLS support in December 2010. This makes
+<a href="postscreen.8.html">postscreen(8)</a> usable for sites that require TLS support. The
+implementation introduces the <a href="tlsproxy.8.html">tlsproxy(8)</a> event-driven TLS proxy
+that decrypts/encrypts the sessions for multiple SMTP clients. </p>
+
+<p> The <a href="tlsproxy.8.html">tlsproxy(8)</a> implementation led to the discovery of a "new"
+class of vulnerability (<a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0411"
+>CVE-2011-0411</a>) that affected multiple implementations of SMTP,
+POP, IMAP, NNTP, and FTP over TLS. </p>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> was officially released as part of the Postfix
+2.8 stable release in January 2011.</p>
+
+<p> Noel Jones helped with the Postfix 3.6 transition towards respectful
+documentation. </p>
+
+</body>
+</html>
diff --git a/html/QSHAPE_README.html b/html/QSHAPE_README.html
new file mode 100644
index 0000000..0ac3a13
--- /dev/null
+++ b/html/QSHAPE_README.html
@@ -0,0 +1,939 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Bottleneck Analysis</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Bottleneck Analysis</h1>
+
+<hr>
+
+<h2>Purpose of this document </h2>
+
+<p> This document is an introduction to Postfix queue congestion analysis.
+It explains how the <a href="qshape.1.html">qshape(1)</a> program can help to track down the
+reason for queue congestion. <a href="qshape.1.html">qshape(1)</a> is bundled with Postfix
+2.1 and later source code, under the "auxiliary" directory. This
+document describes <a href="qshape.1.html">qshape(1)</a> as bundled with Postfix 2.4. </p>
+
+<p> This document covers the following topics: </p>
+
+<ul>
+
+<li><a href="#qshape">Introducing the qshape tool</a>
+
+<li><a href="#trouble_shooting">Trouble shooting with qshape</a>
+
+<li><a href="#healthy">Example 1: Healthy queue</a>
+
+<li><a href="#dictionary_bounce">Example 2: Deferred queue full of
+dictionary attack bounces</a></li>
+
+<li><a href="#active_congestion">Example 3: Congestion in the active
+queue</a></li>
+
+<li><a href="#backlog">Example 4: High volume destination backlog</a>
+
+<li><a href="#queues">Postfix queue directories</a>
+
+<ul>
+
+<li> <a href="#maildrop_queue"> The "maildrop" queue </a>
+
+<li> <a href="#hold_queue"> The "hold" queue </a>
+
+<li> <a href="#incoming_queue"> The "incoming" queue </a>
+
+<li> <a href="#active_queue"> The "active" queue </a>
+
+<li> <a href="#deferred_queue"> The "deferred" queue </a>
+
+</ul>
+
+<li><a href="#credits">Credits</a>
+
+</ul>
+
+<h2><a name="qshape">Introducing the qshape tool</a></h2>
+
+<p> When mail is draining slowly or the queue is unexpectedly large,
+run <a href="qshape.1.html">qshape(1)</a> as the super-user (root) to help zero in on the problem.
+The <a href="qshape.1.html">qshape(1)</a> program displays a tabular view of the Postfix queue
+contents. </p>
+
+<ul>
+
+<li> <p> On the horizontal axis, it displays the queue age with
+fine granularity for recent messages and (geometrically) less fine
+granularity for older messages. </p>
+
+<li> <p> The vertical axis displays the destination (or with the
+"-s" switch the sender) domain. Domains with the most messages are
+listed first. </p>
+
+</ul>
+
+<p> For example, in the output below we see the top 10 lines of
+the (mostly forged) sender domain distribution for captured spam
+in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>: </p>
+
+<blockquote>
+<pre>
+$ qshape -s hold | head
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 486 0 0 1 0 0 2 4 20 40 419
+ yahoo.com 14 0 0 1 0 0 0 0 1 0 12
+ extremepricecuts.net 13 0 0 0 0 0 0 0 2 0 11
+ ms35.hinet.net 12 0 0 0 0 0 0 0 0 1 11
+ winnersdaily.net 12 0 0 0 0 0 0 0 2 0 10
+ hotmail.com 11 0 0 0 0 0 0 0 0 1 10
+ worldnet.fr 6 0 0 0 0 0 0 0 0 0 6
+ ms41.hinet.net 6 0 0 0 0 0 0 0 0 0 6
+ osn.de 5 0 0 0 0 0 1 0 0 0 4
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The "T" column shows the total (in this case sender) count
+for each domain. The columns with numbers above them, show counts
+for messages aged fewer than that many minutes, but not younger
+than the age limit for the previous column. The row labeled "TOTAL"
+shows the total count for all domains. </p>
+
+<li> <p> In this example, there are 14 messages allegedly from
+yahoo.com, 1 between 10 and 20 minutes old, 1 between 320 and 640
+minutes old and 12 older than 1280 minutes (1440 minutes in a day).
+</p>
+
+</ul>
+
+<p> When the output is a terminal intermediate results showing the top 20
+domains (-n option) are displayed after every 1000 messages (-N option)
+and the final output also shows only the top 20 domains. This makes
+qshape useful even when the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> is very large and it may
+otherwise take prohibitively long to read the entire "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. </p>
+
+<p> By default, qshape shows statistics for the union of both the
+"<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queues</a> which are the most relevant queues to
+look at when analyzing performance. </p>
+
+<p> One can request an alternate list of queues: </p>
+
+<blockquote>
+<pre>
+$ qshape deferred
+$ qshape incoming active deferred
+</pre>
+</blockquote>
+
+<p> this will show the age distribution of the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> or
+the union of the "<a href="QSHAPE_README.html#incoming_queue">incoming"</a>, "<a href="QSHAPE_README.html#active_queue">active"</a> and "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a>. </p>
+
+<p> Command line options control the number of display "buckets",
+the age limit for the smallest bucket, display of parent domain
+counts and so on. The "-h" option outputs a summary of the available
+switches. </p>
+
+<h2><a name="trouble_shooting">Trouble shooting with qshape</a>
+</h2>
+
+<p> Large numbers in the qshape output represent a large number of
+messages that are destined to (or alleged to come from) a particular
+domain. It should be possible to tell at a glance which domains
+dominate the queue sender or recipient counts, approximately when
+a burst of mail started, and when it stopped. </p>
+
+<p> The problem destinations or sender domains appear near the top
+left corner of the output table. Remember that the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+can accommodate up to 20000 ($<a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>) messages.
+To check whether this limit has been reached, use: </p>
+
+<blockquote>
+<pre>
+$ qshape -s active <i>(show sender statistics)</i>
+</pre>
+</blockquote>
+
+<p> If the total sender count is below 20000 the "<a href="QSHAPE_README.html#active_queue">active" queue</a> is
+not yet saturated, any high volume sender domains show near the
+top of the output.
+
+<p> With <a href="qmgr.8.html">oqmgr(8)</a> the "<a href="QSHAPE_README.html#active_queue">active" queue</a> is also limited to at most 20000
+recipient addresses ($<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>). To check for
+exhaustion of this limit use: </p>
+
+<blockquote>
+<pre>
+$ qshape active <i>(show recipient statistics)</i>
+</pre>
+</blockquote>
+
+<p> Having found the high volume domains, it is often useful to
+search the logs for recent messages pertaining to the domains in
+question. </p>
+
+<blockquote>
+<pre>
+# Find deliveries to example.com
+#
+$ tail -10000 /var/log/maillog |
+ grep -E -i ': to=&lt;.*@example\.com&gt;,' |
+ less
+
+# Find messages from example.com
+#
+$ tail -10000 /var/log/maillog |
+ grep -E -i ': from=&lt;.*@example\.com&gt;,' |
+ less
+</pre>
+</blockquote>
+
+<p> You may want to drill in on some specific queue ids: </p>
+
+<blockquote>
+<pre>
+# Find all messages for a specific queue id.
+#
+$ tail -10000 /var/log/maillog | grep -E ': 2B2173FF68: '
+</pre>
+</blockquote>
+
+<p> Also look for queue manager warning messages in the log. These
+warnings can suggest strategies to reduce congestion. </p>
+
+<blockquote>
+<pre>
+$ grep -E 'qmgr.*(panic|fatal|error|warning):' /var/log/maillog
+</pre>
+</blockquote>
+
+<p> When all else fails try the Postfix mailing list for help, but
+please don't forget to include the top 10 or 20 lines of <a href="qshape.1.html">qshape(1)</a>
+output. </p>
+
+<h2><a name="healthy">Example 1: Healthy queue</a></h2>
+
+<p> When looking at just the "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queues</a>, under
+normal conditions (no congestion) the "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queues</a>
+are nearly empty. Mail leaves the system almost as quickly as it
+comes in or is deferred without congestion in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>.
+</p>
+
+<blockquote>
+<pre>
+$ qshape <i>(show "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queue</a> status)</i>
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 5 0 0 0 1 0 0 0 1 1 2
+ meri.uwasa.fi 5 0 0 0 1 0 0 0 1 1 2
+</pre>
+</blockquote>
+
+<p> If one looks at the two queues separately, the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>
+is empty or perhaps briefly has one or two messages, while the
+"<a href="QSHAPE_README.html#active_queue">active" queue</a> holds more messages and for a somewhat longer time:
+</p>
+
+<blockquote>
+<pre>
+$ qshape incoming
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 0 0 0 0 0 0 0 0 0 0 0
+
+$ qshape active
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 5 0 0 0 1 0 0 0 1 1 2
+ meri.uwasa.fi 5 0 0 0 1 0 0 0 1 1 2
+</pre>
+</blockquote>
+
+<h2><a name="dictionary_bounce">Example 2: Deferred queue full of
+dictionary attack bounces</a></h2>
+
+<p> This is from a server where recipient validation is not yet
+available for some of the <a href="VIRTUAL_README.html#canonical">hosted domains</a>. Dictionary attacks on
+the unvalidated domains result in bounce backscatter. The bounces
+dominate the queue, but with proper tuning they do not saturate the
+"<a href="QSHAPE_README.html#incoming_queue">incoming"</a> or "<a href="QSHAPE_README.html#active_queue">active" queues</a>. The high volume of deferred mail is not
+a direct cause for alarm. </p>
+
+<blockquote>
+<pre>
+$ qshape deferred | head
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 2234 4 2 5 9 31 57 108 201 464 1353
+ heyhihellothere.com 207 0 0 1 1 6 6 8 25 68 92
+ pleazerzoneprod.com 105 0 0 0 0 0 0 0 5 44 56
+ groups.msn.com 63 2 1 2 4 4 14 14 14 8 0
+ orion.toppoint.de 49 0 0 0 1 0 2 4 3 16 23
+ kali.com.cn 46 0 0 0 0 1 0 2 6 12 25
+ meri.uwasa.fi 44 0 0 0 0 1 0 2 8 11 22
+ gjr.paknet.com.pk 43 1 0 0 1 1 3 3 6 12 16
+ aristotle.algonet.se 41 0 0 0 0 0 1 2 11 12 15
+</pre>
+</blockquote>
+
+<p> The domains shown are mostly bulk-mailers and all the volume
+is the tail end of the time distribution, showing that short term
+arrival rates are moderate. Larger numbers and lower message ages
+are more indicative of current trouble. Old mail still going nowhere
+is largely harmless so long as the "<a href="QSHAPE_README.html#active_queue">active"</a> and "<a href="QSHAPE_README.html#incoming_queue">incoming" queues</a> are
+short. We can also see that the groups.msn.com undeliverables are
+low rate steady stream rather than a concentrated dictionary attack
+that is now over. </p>
+
+<blockquote>
+<pre>
+$ qshape -s deferred | head
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 2193 4 4 5 8 33 56 104 205 465 1309
+ MAILER-DAEMON 1709 4 4 5 8 33 55 101 198 452 849
+ example.com 263 0 0 0 0 0 0 0 0 2 261
+ example.org 209 0 0 0 0 0 1 3 6 11 188
+ example.net 6 0 0 0 0 0 0 0 0 0 6
+ example.edu 3 0 0 0 0 0 0 0 0 0 3
+ example.gov 2 0 0 0 0 0 0 0 1 0 1
+ example.mil 1 0 0 0 0 0 0 0 0 0 1
+</pre>
+</blockquote>
+
+<p> Looking at the sender distribution, we see that as expected
+most of the messages are bounces. </p>
+
+<h2><a name="active_congestion">Example 3: Congestion in the active
+queue</a></h2>
+
+<p> This example is taken from a Feb 2004 discussion on the Postfix
+Users list. Congestion was reported with the
+"<a href="QSHAPE_README.html#active_queue">active"</a> and "<a href="QSHAPE_README.html#incoming_queue">incoming" queues</a>
+large and not shrinking despite very large delivery agent
+process limits. The thread is archived at:
+<a href="http://groups.google.com/groups?threadm=c0b7js$2r65$1@FreeBSD.csie.NCTU.edu.tw">http://groups.google.com/groups?threadm=c0b7js$2r65$1@FreeBSD.csie.NCTU.edu.tw</a>
+and
+<a href="http://archives.neohapsis.com/archives/postfix/2004-02/thread.html#1371">http://archives.neohapsis.com/archives/postfix/2004-02/thread.html#1371</a>
+</p>
+
+<p> Using an older version of <a href="qshape.1.html">qshape(1)</a> it was quickly determined
+that all the messages were for just a few destinations: </p>
+
+<blockquote>
+<pre>
+$ qshape <i>(show "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queue</a> status)</i>
+
+ T A 5 10 20 40 80 160 320 320+
+ TOTAL 11775 9996 0 0 1 1 42 94 221 1420
+ user.sourceforge.net 7678 7678 0 0 0 0 0 0 0 0
+ lists.sourceforge.net 2313 2313 0 0 0 0 0 0 0 0
+ gzd.gotdns.com 102 0 0 0 0 0 0 0 2 100
+</pre>
+</blockquote>
+
+<p> The "A" column showed the count of messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>,
+and the numbered columns showed totals for the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. At
+10000 messages (Postfix 1.x "<a href="QSHAPE_README.html#active_queue">active" queue</a> size limit) the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+is full. The "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> was growing rapidly. </p>
+
+<p> With the trouble destinations clearly identified, the administrator
+quickly found and fixed the problem. It is substantially harder to
+glean the same information from the logs. While a careful reading
+of <a href="mailq.1.html">mailq(1)</a> output should yield similar results, it is much harder
+to gauge the magnitude of the problem by looking at the queue
+one message at a time. </p>
+
+<h2><a name="backlog">Example 4: High volume destination backlog</a></h2>
+
+<p> When a site you send a lot of email to is down or slow, mail
+messages will rapidly build up in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>, or worse, in
+the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. The qshape output will show large numbers for
+the destination domain in all age buckets that overlap the starting
+time of the problem: </p>
+
+<blockquote>
+<pre>
+$ qshape deferred | head
+
+ T 5 10 20 40 80 160 320 640 1280 1280+
+ TOTAL 5000 200 200 400 800 1600 1000 200 200 200 200
+ highvolume.com 4000 160 160 320 640 1280 1440 0 0 0 0
+ ...
+</pre>
+</blockquote>
+
+<p> Here the "highvolume.com" destination is continuing to accumulate
+deferred mail. The "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#active_queue">active" queues</a> are fine, but the
+"<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> started growing some time between 1 and 2 hours ago
+and continues to grow. </p>
+
+<p> If the high volume destination is not down, but is instead
+slow, one might see similar congestion in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>.
+"<a href="QSHAPE_README.html#active_queue">Active" queue</a> congestion is a greater cause for alarm; one might need to
+take measures to ensure that the mail is deferred instead or even
+add an <a href="access.5.html">access(5)</a> rule asking the sender to try again later. </p>
+
+<p> If a high volume destination exhibits frequent bursts of consecutive
+connections refused by all MX hosts or "421 Server busy errors", it
+is possible for the queue manager to mark the destination as "dead"
+despite the transient nature of the errors. The destination will be
+retried again after the expiration of a $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> timer.
+If the error bursts are frequent enough it may be that only a small
+quantity of email is delivered before the destination is again marked
+"dead". In some cases enabling static (not on demand) connection
+caching by listing the appropriate nexthop domain in a table included in
+"<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>" may help to reduce the error rate,
+because most messages will re-use existing connections. </p>
+
+<p> The MTA that has been observed most frequently to exhibit such
+bursts of errors is Microsoft Exchange, which refuses connections
+under load. Some proxy virus scanners in front of the Exchange
+server propagate the refused connection to the client as a "421"
+error. </p>
+
+<p> Note that it is now possible to configure Postfix to exhibit similarly
+erratic behavior by misconfiguring the <a href="anvil.8.html">anvil(8)</a> service. Do not use
+<a href="anvil.8.html">anvil(8)</a> for steady-state rate limiting, its purpose is (unintentional)
+DoS prevention and the rate limits set should be very generous! </p>
+
+<p> If one finds oneself needing to deliver a high volume of mail to a
+destination that exhibits frequent brief bursts of errors and connection
+caching does not solve the problem, there is a subtle workaround. </p>
+
+<ul>
+
+<li> <p> Postfix version 2.5 and later: </p>
+
+<ul>
+
+<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp" transport
+for the destination in question. In the example below we will call
+it "fragile". </p>
+
+<li> <p> In <a href="master.5.html">master.cf</a> configure a reasonable process limit for the
+cloned smtp transport (a number in the 10-20 range is typical). </p>
+
+<li> <p> IMPORTANT!!! In <a href="postconf.5.html">main.cf</a> configure a large per-destination
+pseudo-cohort failure limit for the cloned smtp transport. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+ fragile_destination_concurrency_failed_cohort_limit = 100
+ fragile_destination_concurrency_limit = 20
+
+/etc/postfix/transport:
+ example.com fragile:
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # service type private unpriv chroot wakeup maxproc command
+ fragile unix - - n - 20 smtp
+</pre>
+
+<p> See also the documentation for
+<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> and
+<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>. </p>
+
+</ul>
+
+<li> <p> Earlier Postfix versions: </p>
+
+<ul>
+
+<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp"
+transport for the destination in question. In the example below
+we will call it "fragile". </p>
+
+<li> <p> In <a href="master.5.html">master.cf</a> configure a reasonable process limit for the
+transport (a number in the 10-20 range is typical). </p>
+
+<li> <p> IMPORTANT!!! In <a href="postconf.5.html">main.cf</a> configure a very large initial
+and destination concurrency limit for this transport (say 2000). </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+ <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> = 2000
+ fragile_destination_concurrency_limit = 2000
+
+/etc/postfix/transport:
+ example.com fragile:
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # service type private unpriv chroot wakeup maxproc command
+ fragile unix - - n - 20 smtp
+</pre>
+
+<p> See also the documentation for <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>.
+</p>
+
+</ul>
+
+</ul>
+
+<p> The effect of this configuration is that up to 2000
+consecutive errors are tolerated without marking the destination
+dead, while the total concurrency remains reasonable (10-20
+processes). This trick is only for a very specialized situation:
+high volume delivery into a channel with multi-error bursts
+that is capable of high throughput, but is repeatedly throttled by
+the bursts of errors. </p>
+
+<p> When a destination is unable to handle the load even after the
+Postfix process limit is reduced to 1, a desperate measure is to
+insert brief delays between delivery attempts. </p>
+
+<ul>
+
+<li> <p> Postfix version 2.5 and later: </p>
+
+<ul>
+
+<li> <p> In <a href="master.5.html">master.cf</a> set up a dedicated clone of the "smtp" transport
+for the problem destination. In the example below we call it "slow".
+</p>
+
+<li> <p> In <a href="postconf.5.html">main.cf</a> configure a short delay between deliveries to
+the same destination. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+ slow_destination_rate_delay = 1
+ slow_destination_concurrency_failed_cohort_limit = 100
+
+/etc/postfix/transport:
+ example.com slow:
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # service type private unpriv chroot wakeup maxproc command
+ slow unix - - n - - smtp
+</pre>
+
+</ul>
+
+<p> See also the documentation for <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>. </p>
+
+<p> This solution forces the Postfix <a href="smtp.8.html">smtp(8)</a> client to wait for
+$slow_destination_rate_delay seconds between deliveries to the same
+destination. </p>
+
+<p> IMPORTANT!! The large slow_destination_concurrency_failed_cohort_limit
+value is needed. This prevents Postfix from deferring all mail for
+the same destination after only one connection or handshake error
+(the reason for this is that non-zero slow_destination_rate_delay
+forces a per-destination concurrency of 1). </p>
+
+<li> <p> Earlier Postfix versions: </p>
+
+<ul>
+
+<li> <p> In the transport map entry for the problem destination,
+specify a dead host as the primary nexthop. </p>
+
+<li> <p> In the <a href="master.5.html">master.cf</a> entry for the transport specify the
+problem destination as the <a href="postconf.5.html#fallback_relay">fallback_relay</a> and specify a small
+<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> value. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+
+/etc/postfix/transport:
+ example.com slow:[dead.host]
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # service type private unpriv chroot wakeup maxproc command
+ slow unix - - n - 1 smtp
+ -o <a href="postconf.5.html#fallback_relay">fallback_relay</a>=problem.example.com
+ -o <a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a>=1
+ -o <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>=no
+</pre>
+
+</ul>
+
+<p> This solution forces the Postfix <a href="smtp.8.html">smtp(8)</a> client to wait for
+$<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> seconds between deliveries. The connection
+caching feature is disabled to prevent the client from skipping
+over the dead host. </p>
+
+</ul>
+
+<h2><a name="queues">Postfix queue directories</a></h2>
+
+<p> The following sections describe Postfix queues: their purpose,
+what normal behavior looks like, and how to diagnose abnormal
+behavior. </p>
+
+<h3> <a name="maildrop_queue"> The "maildrop" queue </a> </h3>
+
+<p> Messages that have been submitted via the Postfix <a href="sendmail.1.html">sendmail(1)</a>
+command, but not yet brought into the main Postfix queue by the
+<a href="pickup.8.html">pickup(8)</a> service, await processing in the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a>. Messages
+can be added to the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a> even when the Postfix system
+is not running. They will begin to be processed once Postfix is
+started. </p>
+
+<p> The "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a> is drained by the single threaded <a href="pickup.8.html">pickup(8)</a>
+service scanning the queue directory periodically or when notified
+of new message arrival by the <a href="postdrop.1.html">postdrop(1)</a> program. The <a href="postdrop.1.html">postdrop(1)</a>
+program is a setgid helper that allows the unprivileged Postfix
+<a href="sendmail.1.html">sendmail(1)</a> program to inject mail into the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a> and
+to notify the <a href="pickup.8.html">pickup(8)</a> service of its arrival. </p>
+
+<p> All mail that enters the main Postfix queue does so via the
+<a href="cleanup.8.html">cleanup(8)</a> service. The cleanup service is responsible for envelope
+and header rewriting, header and body regular expression checks,
+automatic bcc recipient processing, milter content processing, and
+reliable insertion of the message into the Postfix "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>. </p>
+
+<p> In the absence of excessive CPU consumption in <a href="cleanup.8.html">cleanup(8)</a> header
+or body regular expression checks or other software consuming all
+available CPU resources, Postfix performance is disk I/O bound.
+The rate at which the <a href="pickup.8.html">pickup(8)</a> service can inject messages into
+the queue is largely determined by disk access times, since the
+<a href="cleanup.8.html">cleanup(8)</a> service must commit the message to stable storage before
+returning success. The same is true of the <a href="postdrop.1.html">postdrop(1)</a> program
+writing the message to the "maildrop" directory. </p>
+
+<p> As the pickup service is single threaded, it can only deliver
+one message at a time at a rate that does not exceed the reciprocal
+disk I/O latency (+ CPU if not negligible) of the cleanup service.
+</p>
+
+<p> Congestion in this queue is indicative of an excessive local message
+submission rate or perhaps excessive CPU consumption in the <a href="cleanup.8.html">cleanup(8)</a>
+service due to excessive <a href="postconf.5.html#body_checks">body_checks</a>, or (Postfix &ge; 2.3) high latency
+milters. </p>
+
+<p> Note, that once the "<a href="QSHAPE_README.html#active_queue">active" queue</a> is full, the cleanup service
+will attempt to slow down message injection by pausing $<a href="postconf.5.html#in_flow_delay">in_flow_delay</a>
+for each message. In this case "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a> congestion may be
+a consequence of congestion downstream, rather than a problem in
+its own right. </p>
+
+<p> Note, you should not attempt to deliver large volumes of mail via
+the <a href="pickup.8.html">pickup(8)</a> service. High volume sites should avoid using "simple"
+content filters that re-inject scanned mail via Postfix <a href="sendmail.1.html">sendmail(1)</a>
+and <a href="postdrop.1.html">postdrop(1)</a>. </p>
+
+<p> A high arrival rate of locally submitted mail may be an indication
+of an uncaught forwarding loop, or a run-away notification program.
+Try to keep the volume of local mail injection to a moderate level.
+</p>
+
+<p> The "postsuper -r" command can place selected messages into
+the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a> for reprocessing. This is most useful for
+resetting any stale <a href="postconf.5.html#content_filter">content_filter</a> settings. Requeuing a large number
+of messages using "postsuper -r" can clearly cause a spike in the
+size of the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a>. </p>
+
+<h3> <a name="hold_queue"> The "hold" queue </a> </h3>
+
+<p> The administrator can define "smtpd" <a href="access.5.html">access(5)</a> policies, or
+<a href="cleanup.8.html">cleanup(8)</a> header/body checks that cause messages to be automatically
+diverted from normal processing and placed indefinitely in the
+"<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Messages placed in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> stay there until
+the administrator intervenes. No periodic delivery attempts are
+made for messages in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. The <a href="postsuper.1.html">postsuper(1)</a> command
+can be used to manually release messages into the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>.
+</p>
+
+<p> Messages can potentially stay in the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> longer than
+$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a>. If such "old" messages need to be released from
+the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>, they should typically be moved into the "<a href="QSHAPE_README.html#maildrop_queue">maildrop" queue</a>
+using "postsuper -r", so that the message gets a new timestamp and
+is given more than one opportunity to be delivered. Messages that are
+"young" can be moved directly into the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> using
+"postsuper -H". </p>
+
+<p> The "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> plays little role in Postfix performance, and
+monitoring of the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a> is typically more closely motivated
+by tracking spam and malware, than by performance issues. </p>
+
+<h3> <a name="incoming_queue"> The "incoming" queue </a> </h3>
+
+<p> All new mail entering the Postfix queue is written by the
+<a href="cleanup.8.html">cleanup(8)</a> service into the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>. New queue files are
+created owned by the "postfix" user with an access bitmask (or
+mode) of 0600. Once a queue file is ready for further processing
+the <a href="cleanup.8.html">cleanup(8)</a> service changes the queue file mode to 0700 and
+notifies the queue manager of new mail arrival. The queue manager
+ignores incomplete queue files whose mode is 0600, as these are
+still being written by cleanup. </p>
+
+<p> The queue manager scans the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> bringing any new
+mail into the "<a href="QSHAPE_README.html#active_queue">active" queue</a> if the "<a href="QSHAPE_README.html#active_queue">active" queue</a> resource limits
+have not been exceeded. By default, the "<a href="QSHAPE_README.html#active_queue">active" queue</a> accommodates
+at most 20000 messages. Once the "<a href="QSHAPE_README.html#active_queue">active" queue</a> message limit is
+reached, the queue manager stops scanning the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>
+(and the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>, see below). </p>
+
+<p> Under normal conditions the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> is nearly empty (has
+only mode 0600 files), with the queue manager able to import new
+messages into the "<a href="QSHAPE_README.html#active_queue">active" queue</a> as soon as they become available.
+</p>
+
+<p> The "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> grows when the message input rate spikes
+above the rate at which the queue manager can import messages into
+the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. The main factors slowing down the queue manager
+are disk I/O and lookup queries to the trivial-rewrite service. If the queue
+manager is routinely not keeping up, consider not using "slow"
+lookup services (MySQL, LDAP, ...) for transport lookups or speeding
+up the hosts that provide the lookup service. If the problem is I/O
+starvation, consider striping the queue over more disks, faster controllers
+with a battery write cache, or other hardware improvements. At the very
+least, make sure that the queue directory is mounted with the "noatime"
+option if applicable to the underlying filesystem. </p>
+
+<p> The <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> parameter is used to clamp the input rate
+when the queue manager starts to fall behind. The <a href="cleanup.8.html">cleanup(8)</a> service
+will pause for $<a href="postconf.5.html#in_flow_delay">in_flow_delay</a> seconds before creating a new queue
+file if it cannot obtain a "token" from the queue manager. </p>
+
+<p> Since the number of <a href="cleanup.8.html">cleanup(8)</a> processes is limited in most
+cases by the SMTP server concurrency, the input rate can exceed
+the output rate by at most "SMTP connection count" / $<a href="postconf.5.html#in_flow_delay">in_flow_delay</a>
+messages per second. </p>
+
+<p> With a default process limit of 100, and an <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> of
+1s, the coupling is strong enough to limit a single run-away injector
+to 1 message per second, but is not strong enough to deflect an
+excessive input rate from many sources at the same time. </p>
+
+<p> If a server is being hammered from multiple directions, consider
+raising the <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> to 10 seconds, but only if the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>
+is growing even while the "<a href="QSHAPE_README.html#active_queue">active" queue</a> is not full and the
+trivial-rewrite service is using a fast transport lookup mechanism.
+</p>
+
+<h3> <a name="active_queue"> The "active" queue </a> </h3>
+
+<p> The queue manager is a delivery agent scheduler; it works to
+ensure fast and fair delivery of mail to all destinations within
+designated resource limits. </p>
+
+<p> The "<a href="QSHAPE_README.html#active_queue">active" queue</a> is somewhat analogous to an operating system's
+process run queue. Messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a> are ready to be
+sent (runnable), but are not necessarily in the process of being
+sent (running). </p>
+
+<p> While most Postfix administrators think of the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+as a directory on disk, the real "<a href="QSHAPE_README.html#active_queue">active" queue</a> is a set of data
+structures in the memory of the queue manager process. </p>
+
+<p> Messages in the "<a href="QSHAPE_README.html#maildrop_queue">maildrop"</a>, "<a href="QSHAPE_README.html#hold_queue">hold"</a>, "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a>
+(see below) do not occupy memory; they are safely stored on
+disk waiting for their turn to be processed. The envelope information
+for messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a> is managed in memory, allowing
+the queue manager to do global scheduling, allocating available
+delivery agent processes to an appropriate message in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. </p>
+
+<p> Within the "<a href="QSHAPE_README.html#active_queue">active" queue</a>, (multi-recipient) messages are broken
+up into groups of recipients that share the same transport/nexthop
+combination; the group size is capped by the transport's recipient
+concurrency limit. </p>
+
+<p> Multiple recipient groups (from one or more messages) are queued
+for delivery grouped by transport/nexthop combination. The
+<b>destination</b> concurrency limit for the transports caps the number
+of simultaneous delivery attempts for each nexthop. Transports with
+a <b>recipient</b> concurrency limit of 1 are special: these are grouped
+by the actual recipient address rather than the nexthop, yielding
+per-recipient concurrency limits rather than per-domain
+concurrency limits. Per-recipient limits are appropriate when
+performing final delivery to mailboxes rather than when relaying
+to a remote server. </p>
+
+<p> Congestion occurs in the "<a href="QSHAPE_README.html#active_queue">active" queue</a> when one or more destinations
+drain slower than the corresponding message input rate. </p>
+
+<p> Input into the "<a href="QSHAPE_README.html#active_queue">active" queue</a> comes both from new mail in the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>,
+and retries of mail in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. Should the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+get really large, retries of old mail can dominate the arrival
+rate of new mail. Systems with more CPU, faster disks and more network
+bandwidth can deal with larger "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a>, but as a rule of thumb
+the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> scales to somewhere between 100,000 and 1,000,000
+messages with good performance unlikely above that "limit". Systems with
+queues this large should typically stop accepting new mail, or put the
+backlog "on hold" until the underlying issue is fixed (provided that
+there is enough capacity to handle just the new mail). </p>
+
+<p> When a destination is down for some time, the queue manager will
+mark it dead, and immediately defer all mail for the destination without
+trying to assign it to a delivery agent. In this case the messages
+will quickly leave the "<a href="QSHAPE_README.html#active_queue">active" queue</a> and end up in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+(with Postfix &lt; 2.4, this is done directly by the queue manager,
+with Postfix &ge; 2.4 this is done via the "retry" delivery agent). </p>
+
+<p> When the destination is instead simply slow, or there is a problem
+causing an excessive arrival rate the "<a href="QSHAPE_README.html#active_queue">active" queue</a> will grow and will
+become dominated by mail to the congested destination. </p>
+
+<p> The only way to reduce congestion is to either reduce the input
+rate or increase the throughput. Increasing the throughput requires
+either increasing the concurrency or reducing the latency of
+deliveries. </p>
+
+<p> For high volume sites a key tuning parameter is the number of
+"smtp" delivery agents allocated to the "smtp" and "relay" transports.
+High volume sites tend to send to many different destinations, many
+of which may be down or slow, so a good fraction of the available
+delivery agents will be blocked waiting for slow sites. Also mail
+destined across the globe will incur large SMTP command-response
+latencies, so high message throughput can only be achieved with
+more concurrent delivery agents. </p>
+
+<p> The default "smtp" process limit of 100 is good enough for most
+sites, and may even need to be lowered for sites with low bandwidth
+connections (no use increasing concurrency once the network pipe
+is full). When one finds that the queue is growing on an "idle"
+system (CPU, disk I/O and network not exhausted) the remaining
+reason for congestion is insufficient concurrency in the face of
+a high average latency. If the number of outbound SMTP connections
+(either ESTABLISHED or SYN_SENT) reaches the process limit, mail
+is draining slowly and the system and network are not loaded, raise
+the "smtp" and/or "relay" process limits! </p>
+
+<p> When a high volume destination is served by multiple MX hosts with
+typically low delivery latency, performance can suffer dramatically when
+one of the MX hosts is unresponsive and SMTP connections to that host
+timeout. For example, if there are 2 equal weight MX hosts, the SMTP
+connection timeout is 30 seconds and one of the MX hosts is down, the
+average SMTP connection will take approximately 15 seconds to complete.
+With a default per-destination concurrency limit of 20 connections,
+throughput falls to just over 1 message per second. </p>
+
+<p> The best way to avoid bottlenecks when one or more MX hosts is
+non-responsive is to use connection caching. Connection caching was
+introduced with Postfix 2.2 and is by default enabled on demand for
+destinations with a backlog of mail in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. When connection
+caching is in effect for a particular destination, established connections
+are re-used to send additional messages, this reduces the number of
+connections made per message delivery and maintains good throughput even
+in the face of partial unavailability of the destination's MX hosts. </p>
+
+<p> If connection caching is not available (Postfix &lt; 2.2) or does
+not provide a sufficient latency reduction, especially for the "relay"
+transport used to forward mail to "your own" domains, consider setting
+lower than default SMTP connection timeouts (1-5 seconds) and higher
+than default destination concurrency limits. This will further reduce
+latency and provide more concurrency to maintain throughput should
+latency rise. </p>
+
+<p> Setting high concurrency limits to domains that are not your own may
+be viewed as hostile by the receiving system, and steps may be taken
+to prevent you from monopolizing the destination system's resources.
+The defensive measures may substantially reduce your throughput or block
+access entirely. Do not set aggressive concurrency limits to remote
+domains without coordinating with the administrators of the target
+domain. </p>
+
+<p> If necessary, dedicate and tune custom transports for selected high
+volume destinations. The "relay" transport is provided for forwarding mail
+to domains for which your server is a primary or backup MX host. These can
+make up a substantial fraction of your email traffic. Use the "relay" and
+not the "smtp" transport to send email to these domains. Using the "relay"
+transport allocates a separate delivery agent pool to these destinations
+and allows separate tuning of timeouts and concurrency limits. </p>
+
+<p> Another common cause of congestion is unwarranted flushing of the
+entire "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. The "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> holds messages that are likely
+to fail to be delivered and are also likely to be slow to fail delivery
+(time out). As a result the most common reaction to a large "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+(flush it!) is more than likely counter-productive, and typically makes
+the congestion worse. Do not flush the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> unless you expect
+that most of its content has recently become deliverable (e.g. <a href="postconf.5.html#relayhost">relayhost</a>
+back up after an outage)! </p>
+
+<p> Note that whenever the queue manager is restarted, there may
+already be messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a> directory, but the "real"
+"<a href="QSHAPE_README.html#active_queue">active" queue</a> in memory is empty. In order to recover the in-memory
+state, the queue manager moves all the "<a href="QSHAPE_README.html#active_queue">active" queue</a> messages
+back into the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>, and then uses its normal "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>
+scan to refill the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. The process of moving all
+the messages back and forth, redoing transport table (<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>
+resolve service) lookups, and re-importing the messages back into
+memory is expensive. At all costs, avoid frequent restarts of the
+queue manager (e.g. via frequent execution of "postfix reload"). </p>
+
+<h3> <a name="deferred_queue"> The "deferred" queue </a> </h3>
+
+<p> When all the deliverable recipients for a message are delivered,
+and for some recipients delivery failed for a transient reason (it
+might succeed later), the message is placed in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>.
+</p>
+
+<p> The queue manager scans the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> periodically. The scan
+interval is controlled by the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> parameter. While a "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+scan is in progress, if an "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> scan is also in progress
+(ideally these are brief since the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a> should be short), the
+queue manager alternates between looking for messages in the "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>
+and in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>. This "round-robin" strategy prevents
+starvation of either the "<a href="QSHAPE_README.html#incoming_queue">incoming"</a> or the "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a>. </p>
+
+<p> Each "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> scan only brings a fraction of the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+back into the "<a href="QSHAPE_README.html#active_queue">active" queue</a> for a retry. This is because each
+message in the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> is assigned a "cool-off" time when
+it is deferred. This is done by time-warping the modification
+time of the queue file into the future. The queue file is not
+eligible for a retry if its modification time is not yet reached.
+</p>
+
+<p> The "cool-off" time is at least $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> and at
+most $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. The next retry time is set by doubling
+the message's age in the queue, and adjusting up or down to lie
+within the limits. This means that young messages are initially
+retried more often than old messages. </p>
+
+<p> If a high volume site routinely has large "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a>, it
+may be useful to adjust the <a href="postconf.5.html#queue_run_delay">queue_run_delay</a>, <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> and
+<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> to provide short enough delays on first failure
+(Postfix &ge; 2.4 has a sensibly low minimal backoff time by default),
+with perhaps longer delays after multiple failures, to reduce the
+retransmission rate of old messages and thereby reduce the quantity
+of previously deferred mail in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>. If you want a really
+low <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>, you may also want to lower <a href="postconf.5.html#queue_run_delay">queue_run_delay</a>,
+but understand that more frequent scans will increase the demand for
+disk I/O. </p>
+
+<p> One common cause of large "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a> is failure to validate
+recipients at the SMTP input stage. Since spammers routinely launch
+dictionary attacks from unrepliable sender addresses, the bounces
+for invalid recipient addresses clog the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> (and at high
+volumes proportionally clog the "<a href="QSHAPE_README.html#active_queue">active" queue</a>). Recipient validation
+is strongly recommended through use of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and
+<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> parameters. Even when bounces drain quickly they
+inundate innocent victims of forgery with unwanted email. To avoid
+this, do not accept mail for invalid recipients. </p>
+
+<p> When a host with lots of deferred mail is down for some time,
+it is possible for the entire "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a> to reach its retry
+time simultaneously. This can lead to a very full "<a href="QSHAPE_README.html#active_queue">active" queue</a> once
+the host comes back up. The phenomenon can repeat approximately
+every <a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> seconds if the messages are again deferred
+after a brief burst of congestion. Perhaps, a future Postfix release
+will add a random offset to the retry time (or use a combination
+of strategies) to reduce the odds of repeated complete "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>
+flushes. </p>
+
+<h2><a name="credits">Credits</a></h2>
+
+<p> The <a href="qshape.1.html">qshape(1)</a> program was developed by Victor Duchovni of Morgan
+Stanley, who also wrote the initial version of this document. </p>
+
+</body>
+
+</html>
diff --git a/html/RESTRICTION_CLASS_README.html b/html/RESTRICTION_CLASS_README.html
new file mode 100644
index 0000000..1d2be09
--- /dev/null
+++ b/html/RESTRICTION_CLASS_README.html
@@ -0,0 +1,240 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Per-Client/User/etc. Access Control</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Per-Client/User/etc. Access Control</h1>
+
+<hr>
+
+<h2>Postfix restriction classes</h2>
+
+<p> The Postfix SMTP server supports access restrictions such as
+<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> or <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> on the right-hand side
+of SMTP server <a href="access.5.html">access(5)</a> tables. This allows you to implement
+different junk mail restrictions for different clients or users.
+</p>
+
+<p> Having to specify lists of access restrictions for every
+recipient becomes tedious quickly. Postfix restriction classes
+allow you to give easy-to-remember names to groups of UCE restrictions
+(such as "permissive", "restrictive", and so on). </p>
+
+<p> The real reason for the existence of Postfix restriction classes
+is more mundane: you can't specify a lookup table on the right-hand
+side of a Postfix access table. This is because Postfix needs to
+open lookup tables ahead of time, but the reader probably does not
+care about these low-level details. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = restrictive, permissive
+ # With Postfix &lt; 2.3 specify <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client</a>.
+ restrictive = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> ...
+ permissive = permit
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ # <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
+ # relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+ # (available with Postfix 2.10 and later).
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_access
+ ...
+
+/etc/postfix/recipient_access:
+ joe@my.domain permissive
+ jane@my.domain restrictive
+</pre>
+</blockquote>
+
+<p> With this in place, you can use "restrictive" or "permissive"
+on the right-hand side of your per-client, helo, sender, or recipient
+SMTPD access tables. </p>
+
+<p> The remainder of this document gives examples of how Postfix
+access restriction classes can be used to: </p>
+
+<ul>
+
+<li> <a href="#internal"> Shield an internal mailing list from
+outside posters</a>,
+
+<li> <a href="#external"> Prevent external access by internal
+senders</a>.
+
+</ul>
+
+<p> These questions come up frequently, and the examples hopefully
+make clear that Postfix restriction classes aren't really the right
+solution. They should be used for what they were designed to do,
+different junk mail restrictions for different clients or users.
+</p>
+
+<h2><a name="internal">Protecting internal email distribution
+lists</a></h2>
+
+<blockquote>
+
+<p> We want to implement an internal email distribution list.
+Something like all@our.domain.com, which aliases to all employees.
+My first thought was to use the aliases map, but that would lead
+to "all" being accessible from the "outside", and this is not
+desired... :-) </p>
+
+</blockquote>
+
+<p> Postfix can implement per-address access controls. What follows
+is based on the SMTP client IP address, and therefore is subject
+to IP spoofing. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access
+ <i>...the usual stuff...</i>
+
+/etc/postfix/access:
+ all@my.domain <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+ all@my.hostname <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+</pre>
+</blockquote>
+
+<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>. </p>
+
+<p> Now, that would be sufficient when your machine receives all
+Internet mail directly from the Internet. That's unlikely if your
+network is a bit larger than an office. For example, your backup
+MX hosts would "launder" the client IP address of mail from the
+outside so it would appear to come from a trusted machine. </p>
+
+<p> In the general case you need two lookup tables: one table that
+lists destinations that need to be protected, and one table that
+lists domains that are allowed to send to the protected destinations.
+</p>
+
+<p> What follows is based on the sender SMTP envelope address, and
+therefore is subject to SMTP sender spoofing. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/protected_destinations
+ <i>...the usual stuff...</i>
+
+ <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = insiders_only
+ insiders_only = <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/insiders, reject
+
+/etc/postfix/protected_destinations:
+ all@my.domain insiders_only
+ all@my.hostname insiders_only
+
+/etc/postfix/insiders:
+ my.domain OK <i>matches my.domain and subdomains</i>
+ another.domain OK <i>matches another.domain and subdomains</i>
+</pre>
+</blockquote>
+
+<p> Getting past this scheme is relatively easy, because all one
+has to do is to spoof the SMTP sender address. </p>
+
+<p> If the internal list is a low-volume one, perhaps it makes more
+sense to make it moderated. </p>
+
+<h2><a name="external">Restricting what users can send mail to
+off-site destinations</a></h2>
+
+<blockquote>
+
+<p> How can I configure Postfix in a way that some users can send
+mail to the internet and other users not. The users with no access
+should receive a generic bounce message. Please don't discuss
+whether such access restrictions are necessary, it was not my
+decision. </p>
+
+</blockquote>
+
+<p> Postfix has support for per-user restrictions. The restrictions
+are implemented by the SMTP server. Thus, users that violate the
+policy have their mail rejected by the SMTP server. Like this:
+</p>
+
+<blockquote>
+<pre>
+554 &lt;user@remote&gt;: Access denied
+</pre>
+</blockquote>
+
+<p> The implementation uses two lookup tables. One table defines
+what users are restricted in where they can send mail, and the
+other table defines what destinations are local. It is left as an
+exercise for the reader to change this into a scheme where only
+some users have permission to send mail to off-site destinations,
+and where most users are restricted. </p>
+
+<p> The example assumes DB/DBM files, but this could also be done
+with LDAP or SQL. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/restricted_senders
+ <i>...other stuff...</i>
+
+ <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = local_only
+ local_only =
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/local_domains, reject
+
+/etc/postfix/restricted_senders:
+ foo@domain local_only
+ bar@domain local_only
+
+/etc/postfix/local_domains:
+ this.domain OK <i>matches this.domain and subdomains</i>
+ that.domain OK <i>matches that.domain and subdomains</i>
+</pre>
+</blockquote>
+
+<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command <b>postconf -m</b>. </p>
+
+<p> Note: this scheme does not authenticate the user, and therefore it can be
+bypassed in several ways: </p>
+
+<ul>
+
+<li> <p> By sending mail via a less restrictive mail
+<a href="postconf.5.html#relayhost">relay host</a>. </p>
+
+<li> <p> By sending mail as someone else who does have permission
+to send mail to off-site destinations. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/SASL_README.html b/html/SASL_README.html
new file mode 100644
index 0000000..ce3b893
--- /dev/null
+++ b/html/SASL_README.html
@@ -0,0 +1,2278 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<head>
+
+<title>Postfix SASL Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SASL Howto</h1>
+
+<hr>
+
+<h2><a name="intro">How Postfix uses SASL authentication</a></h2>
+
+<p> SMTP servers need to decide whether an SMTP client is authorized
+to send mail to remote destinations, or only to destinations that
+the server itself is responsible for. Usually, SMTP servers accept
+mail to remote destinations when the client's IP address is in the
+"same network" as the server's IP address. </p>
+
+<p> SMTP clients outside the SMTP server's network need a different
+way to get "same network" privileges. To address this need, Postfix
+supports SASL authentication (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>, formerly <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a>). With
+this a remote SMTP client can authenticate to the Postfix SMTP
+server, and the Postfix SMTP client can authenticate to a remote
+SMTP server. Once a client is authenticated, a server can give it
+"same network" privileges. </p>
+
+<p> Postfix does not implement SASL itself, but instead uses existing
+implementations as building blocks. This means that some SASL-related
+configuration files will belong to Postfix, while other
+configuration files belong to the specific SASL
+implementation that Postfix will use. This document covers both the
+Postfix and non-Postfix configuration. </p>
+
+<p> NOTE: People who go to the trouble of installing Postfix may
+have the expectation that Postfix is more secure than some other
+mailers. The Cyrus SASL library contains a lot of code. With this,
+Postfix becomes as secure as other mail systems that use the Cyrus
+SASL library. Dovecot provides an alternative that may be worth
+considering. </p>
+
+<p> You can read more about the following topics: </p>
+
+<ul>
+
+<li><a href="#server_sasl">Configuring SASL authentication in the
+Postfix SMTP server</a></li>
+
+<li><a href="#client_sasl">Configuring SASL authentication in the Postfix SMTP/LMTP client</a></li>
+
+<li><a href="#postfix_build">Building Postfix with SASL support</a></li>
+
+<li><a href="#cyrus_legacy">Using Cyrus SASL version 1.5.x</a></li>
+
+<li><a href="#credits">Credits</a></li>
+
+</ul>
+
+<h2><a name="server_sasl">Configuring SASL authentication in the
+Postfix SMTP server</a></h2>
+
+<p> As mentioned earlier, SASL is implemented separately from
+Postfix. For this reason, configuring SASL authentication in the
+Postfix SMTP server involves two different steps: </p>
+
+<ul>
+
+<li> <p> Configuring the SASL implementation to offer a list of
+mechanisms that are suitable for SASL authentication and, depending
+on the SASL implementation used, configuring authentication backends
+that verify the remote SMTP client's authentication data against
+the system password file or some other database. </p> </li>
+
+<li> <p> Configuring the Postfix SMTP server to enable SASL
+authentication, and to authorize clients to relay mail or to control
+what envelope sender addresses the client may use. </p> </li>
+
+</ul>
+
+<p> Successful authentication in the Postfix SMTP server requires
+a functional SASL framework. Configuring SASL should therefore
+always be the first step, before configuring Postfix. </p>
+
+<p> You can read more about the following topics: </p>
+
+<ul>
+
+<li><a href="#server_which">Which SASL Implementations are
+supported?</a></li>
+
+<li><a href="#server_dovecot">Configuring Dovecot SASL</a>
+
+<ul>
+
+<li><a href="#server_dovecot_comm">Postfix to Dovecot SASL
+communication</a></li>
+
+</ul> </li>
+
+<li><a href="#server_cyrus">Configuring Cyrus SASL</a>
+
+<ul>
+
+<li><a href="#server_cyrus_name">Cyrus SASL configuration file
+name</a></li>
+
+<li><a href="#server_cyrus_location">Cyrus SASL configuration
+file location</a></li>
+
+<li><a href="#server_cyrus_comm">Postfix to Cyrus SASL
+communication</a></li>
+
+</ul> </li>
+
+<li><a href="#server_sasl_enable">Enabling SASL authentication and
+authorization in the Postfix SMTP server</a>
+
+<ul>
+
+<li><a href="#server_sasl_authc">Enabling SASL authentication in
+the Postfix SMTP server</a></li>
+
+<li><a href="#smtpd_sasl_security_options">Postfix SMTP Server
+policy - SASL mechanism properties</a></li>
+
+<li><a href="#server_sasl_authz">Enabling SASL authorization in the
+Postfix SMTP server</a></li>
+
+<li><a href="#server_sasl_other">Additional SMTP Server SASL
+options</a></li>
+
+</ul></li>
+
+<li><a href="#server_test">Testing SASL authentication in the Postfix
+SMTP server</a></li>
+
+</ul>
+
+
+<h3><a name="server_which">Which SASL Implementations are
+supported?</a></h3>
+
+<p> Currently the Postfix SMTP server supports the Cyrus SASL and
+Dovecot SASL implementations. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Current Postfix versions have a plug-in architecture that can
+support multiple SASL implementations. Before Postfix version 2.3,
+Postfix had support only for Cyrus SASL. </p>
+
+</blockquote>
+
+<p> To find out what SASL implementations are compiled into Postfix,
+use the following commands: </p>
+
+<blockquote>
+<pre>
+% <strong><code>postconf -a</code></strong> (SASL support in the SMTP server)
+% <strong><code>postconf -A</code></strong> (SASL support in the SMTP+LMTP client)
+</pre>
+</blockquote>
+
+<p> These commands are available only with Postfix version 2.3 and
+later. </p>
+
+<h3><a name="server_dovecot">Configuring Dovecot SASL</a></h3>
+
+<p> Dovecot is a POP/IMAP server that has its own configuration to
+authenticate POP/IMAP clients. When the Postfix SMTP server uses
+Dovecot SASL, it reuses parts of this configuration. Consult the
+<a href="http://wiki.dovecot.org">Dovecot documentation</a> for how
+to configure and operate the Dovecot authentication server. </p>
+
+<h4><a name="server_dovecot_comm">Postfix to Dovecot SASL communication</a></h4>
+
+<p> Communication between the Postfix SMTP server and Dovecot SASL
+happens over a UNIX-domain socket or over a TCP socket. We will
+be using a UNIX-domain socket for better privacy. </p>
+
+<p> The following fragment for Dovecot version 2 assumes that the
+Postfix queue is under <code>/var/spool/postfix/</code>. </p>
+
+<blockquote>
+<pre>
+ 1 conf.d/10-master.conf:
+ 2 service auth {
+ 3 ...
+ 4 unix_listener /var/spool/postfix/private/auth {
+ 5 mode = 0660
+ 6 # Assuming the default Postfix user and group
+ 7 user = postfix
+ 8 group = postfix
+ 9 }
+10 ...
+11 }
+12
+13 conf.d/10-auth.conf
+14 auth_mechanisms = plain login
+</pre>
+</blockquote>
+
+<p> Line 4 places the Dovecot SASL socket in
+<code>/var/spool/postfix/private/auth</code>, lines 5-8 limit
+read+write permissions to user and group <code>postfix</code> only,
+and line 14 provides <code>plain</code> and <code>login</code> as
+mechanisms for the Postfix SMTP server. </p>
+
+<p> Proceed with the section "<a href="#server_sasl_enable">Enabling
+SASL authentication and authorization in the Postfix SMTP server</a>"
+to turn on and use SASL in the Postfix SMTP server. </p>
+
+<h3><a name="server_cyrus">Configuring Cyrus SASL</a></h3>
+
+<p> The Cyrus SASL framework supports a wide variety of applications
+(POP, IMAP, SMTP, etc.). Different applications may require different
+configurations. As a consequence each application may have its own
+configuration file. </p>
+
+<p> The first step configuring Cyrus SASL is to determine name and
+location of a configuration file that describes how the Postfix
+SMTP server will use the SASL framework. </p>
+
+<h4><a name="server_cyrus_name">Cyrus SASL configuration file name</a></h4>
+
+<p> The name of the configuration file (default: <code>smtpd.conf</code>)
+is configurable. It is a concatenation from a value that the Postfix
+SMTP server sends to the Cyrus SASL library, and the suffix
+<code>.conf</code>, added by Cyrus SASL. </p>
+
+<p> The value sent by Postfix is the name of the server component
+that will use Cyrus SASL. It defaults to <code>smtpd</code> and
+is configured with one of the following variables: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Postfix 2.3 and later
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = smtpd
+
+ # Postfix &lt; 2.3
+ <a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> = smtpd
+</pre>
+</blockquote>
+
+<h4><a name="server_cyrus_location">Cyrus SASL configuration file
+location</a></h4>
+
+<p> The location where Cyrus SASL searches for the named file depends
+on the Cyrus SASL version and the OS/distribution used. </p>
+
+<p> You can read more about the following topics: </p>
+
+<ul>
+
+<li> <p> Cyrus SASL version 2.x searches for the configuration file
+in <code>/usr/lib/sasl2/</code>. </p> </li>
+
+<li> <p> Cyrus SASL version 2.1.22 and newer additionally search
+in <code>/etc/sasl2/</code>. </p> </li>
+
+<li> <p> With Postfix 2.5 and later you can explicitly configure the
+search path via the <code><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> configuration
+parameter. Specify zero or more colon-separated directories. If
+set empty (the default value) the search path is the one compiled
+into the Cyrus SASL library. </p> </li>
+
+<li> <p> Some Postfix distributions employ a non-empty default value
+for <code><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> to look for the Cyrus SASL
+configuration file in <code>/etc/postfix/sasl/</code>,
+<code>/var/lib/sasl2/</code> etc. See the output of <code>postconf
+<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a></code> and/or the distribution-specific
+documentation to determine the expected location. </p> </li>
+
+<li> <p> Some Debian-based Postfix distributions patch Postfix to
+hardcode a non-default search path, making it impossible to set an
+alternate search path via the "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" parameter. This
+is likely to be the case when the distribution documents a
+Postfix-specific path (e.g. <code>/etc/postfix/sasl/</code>) that is
+different from the default value of "<a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a>" (which
+then is likely to be empty). </p> </li>
+
+</ul>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Cyrus SASL searches <code>/usr/lib/sasl2/</code> first. If it
+finds the specified configuration file there, it will not examine
+other locations. </p>
+
+</blockquote>
+
+<h4><a name="server_cyrus_comm">Postfix to Cyrus SASL communication</a></h4>
+
+<p> As the Postfix SMTP server is linked with the Cyrus SASL library
+<code>libsasl</code>, communication between Postfix and Cyrus SASL
+takes place by calling functions in the SASL library. </p>
+
+<p> The SASL library may use an external password verification
+service, or an internal plugin to connect to authentication backends
+and verify the SMTP client's authentication data against the system
+password file or other databases. </p>
+
+<p> The following table shows typical combinations discussed in
+this document: </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr>
+
+<th align="center">authentication backend</th>
+
+<th align="center">password verification service / plugin</th>
+
+</tr>
+
+<tr>
+
+<td>/etc/shadow</td>
+
+<td><a href="#saslauthd">saslauthd</a></td>
+
+</tr>
+
+<tr>
+
+<td>PAM</td>
+
+<td><a href="#saslauthd">saslauthd</a></td>
+
+</tr>
+
+<tr>
+
+<td>IMAP server</td>
+
+<td><a href="#saslauthd">saslauthd</a></td>
+
+</tr>
+
+<tr>
+
+<td>sasldb</td>
+
+<td><a href="#auxprop_sasldb">sasldb</a></td>
+
+</tr>
+
+<tr>
+
+<td>MySQL, PostgreSQL, SQLite</td>
+
+<td><a href="#auxprop_sql">sql</a></td>
+
+</tr>
+
+<tr>
+
+<td>LDAP</td>
+
+<td><a href="#auxprop_ldapdb">ldapdb</a></td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Read the Cyrus SASL documentation for other backends it can
+use. </p>
+
+</blockquote>
+
+<h4><a name="saslauthd">saslauthd - Cyrus SASL password verification service</a></h4>
+
+<p> Communication between the Postfix SMTP server (read: Cyrus SASL's
+<code>libsasl</code>) and the <code>saslauthd</code> server takes
+place over a UNIX-domain socket. </p>
+
+<p> <code>saslauthd</code> usually establishes the UNIX domain
+socket in <code>/var/run/saslauthd/</code> and waits for authentication
+requests. The Postfix SMTP server must have read+execute permission
+to this directory or authentication attempts will fail. </p>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Some distributions require the user <code>postfix</code> to be
+member of a special group e.g. <code>sasl</code>, otherwise it
+will not be able to access the <code>saslauthd</code> socket
+directory. </p>
+
+</blockquote>
+
+<p> The following example configures the Cyrus SASL library to
+contact <code>saslauthd</code> as its password verification service:
+</p>
+
+<blockquote>
+<pre>
+/etc/sasl2/smtpd.conf:
+ pwcheck_method: saslauthd
+ mech_list: PLAIN LOGIN
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Do not specify any other mechanisms in <code>mech_list</code>
+than <code>PLAIN</code> or <code>LOGIN</code> when using
+<code>saslauthd</code>! It can only handle these two mechanisms,
+and authentication will fail if clients are allowed to choose other
+mechanisms. </p>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Plaintext mechanisms (<code>PLAIN</code>, <code>LOGIN</code>)
+send credentials unencrypted. This information should be protected
+by an additional security layer such as a TLS-encrypted SMTP session
+(see: <a href="TLS_README.html">TLS_README</a>). </p>
+
+</blockquote>
+
+<p> Additionally the <code>saslauthd</code> server itself must be
+configured. It must be told which authentication backend to turn
+to for password verification. The backend is selected with a
+<code>saslauthd</code> command-line option and will be shown in the
+following examples. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Some distributions use a configuration file to provide saslauthd
+command line options to set e.g. the authentication backend. Typical
+locations are <code>/etc/sysconfig/saslauthd</code> or
+<code>/etc/default/saslauthd</code>. </p>
+
+</blockquote>
+
+<h4><a name="saslauthd_shadow">Using saslauthd with /etc/shadow</a></h4>
+
+<p> Access to the <code>/etc/shadow</code> system password file
+requires <code>root</code> privileges. The Postfix SMTP server
+(and in consequence <code>libsasl</code> linked to the server) runs
+with the least privilege possible. Direct access to
+<code>/etc/shadow</code> would not be possible without breaking the
+Postfix security architecture. </p>
+
+<p> The <code>saslauthd</code> socket builds a safe bridge. Postfix,
+running as limited user <code>postfix</code>, can access the
+UNIX-domain socket that <code>saslauthd</code> receives commands
+on; <code>saslauthd</code>, running as privileged user <code>root</code>,
+has the privileges required to access the shadow file. </p>
+
+<p> The <code>saslauthd</code> server verifies passwords against the
+authentication backend <code>/etc/shadow</code> if started like this: </p>
+
+<blockquote>
+<pre>
+% <strong><code>saslauthd -a shadow</code></strong>
+</pre>
+</blockquote>
+
+<p> See section "<a href="#testing_saslauthd">Testing saslauthd
+authentication</a>" for test instructions. </p>
+
+<h4><a name="saslauthd_pam">Using saslauthd with PAM</a></h4>
+
+<p> Cyrus SASL can use the PAM framework to authenticate credentials.
+<code>saslauthd</code> uses the PAM framework when started like
+this: </p>
+
+<blockquote>
+<pre>
+% <strong><code>saslauthd -a pam</code></strong>
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> PAM configuration for the Postfix SMTP server is usually given
+in <code>/etc/pam.d/smtp</code> and is beyond the scope of this
+document. </p>
+
+</blockquote>
+
+<p> See section "<a href="#testing_saslauthd">Testing saslauthd
+authentication</a>" for test instructions. </p>
+
+<h4><a name="saslauthd_imap">Using saslauthd with an IMAP server</a></h4>
+
+<p> <code>saslauthd</code> can verify the SMTP client credentials
+by using them to log into an IMAP server. If the login succeeds,
+SASL authentication also succeeds. <code>saslauthd</code> contacts
+an IMAP server when started like this: </p>
+
+<blockquote>
+<pre>
+% <strong><code>saslauthd -a rimap -O imap.example.com</code></strong>
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> The option "<code>-O imap.example.com</code>" specifies the
+IMAP server <code>saslauthd</code> should contact when it verifies
+credentials. </p>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> <code>saslauthd</code> sends IMAP login information unencrypted.
+Any IMAP session leaving the local host should be protected by an
+additional security layer such as an SSL tunnel. </p>
+
+</blockquote>
+
+<p> See section "<a href="#testing_saslauthd">Testing saslauthd
+authentication</a>" for test instructions. </p>
+
+<h4><a name="testing_saslauthd">Testing saslauthd authentication</a></h4>
+
+<p> Cyrus SASL provides the <code>testsaslauthd</code> utility to
+test <code>saslauthd</code> authentication. The username and password
+are given as command line arguments. The example shows the response
+when authentication is successful: </p>
+
+<blockquote>
+<pre>
+% <strong><code>testsaslauthd -u <em>username</em> -p <em>password</em></code></strong>
+0: OK "Success."
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Sometimes the <code>testsaslauthd</code> program is not distributed
+with a the Cyrus SASL main package. In that case, it may be
+distributed with <code>-devel</code>, <code>-dev</code> or
+<code>-debug</code> packages. </p>
+
+</blockquote>
+
+<p> Specify an additional "<code>-s smtp</code>" if <code>saslauthd</code>
+was configured to contact the PAM authentication framework, and
+specify an additional "<code>-f <em>/path/to/socketdir/mux</em></code>"
+if <code>saslauthd</code> establishes the UNIX-domain socket in a
+non-default location. </p>
+
+<p> If authentication succeeds, proceed with the section "<a
+href="#server_sasl_enable">Enabling SASL authentication and authorization
+in the Postfix SMTP server</a>". </p>
+
+<h4><a name="auxprop">Cyrus SASL Plugins - auxiliary property
+plugins</a></h4>
+
+<p> Cyrus SASL uses a plugin infrastructure (called <code>auxprop</code>)
+to expand <code>libsasl</code>'s capabilities. Currently Cyrus
+SASL sources provide three authentication plugins. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th>Plugin </th> <th>Description </th> </tr>
+
+<tr> <td><a href="#auxprop_sasldb">sasldb</a></td> <td> Accounts
+are stored stored in a Cyrus SASL Berkeley DB database </td> </tr>
+
+<tr> <td><a href="#auxprop_sql">sql</a></td> <td> Accounts are
+stored in a SQL database </td> </tr>
+
+<tr> <td><a href="#auxprop_ldapdb">ldapdb</a></td> <td> Accounts
+are stored stored in an LDAP database </td> </tr>
+
+</table>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> These three plugins support shared-secret mechanisms i.e.
+CRAM-MD5, DIGEST-MD5 and NTLM. These mechanisms send credentials
+encrypted but their verification process requires the password to
+be available in plaintext. Consequently passwords cannot (!) be
+stored in encrypted form. </p>
+
+</blockquote>
+
+<h4><a name="auxprop_sasldb">The sasldb plugin</a></h4>
+
+<p> The sasldb auxprop plugin authenticates SASL clients against
+credentials that are stored in a Berkeley DB database. The database
+schema is specific to Cyrus SASL. The database is usually located
+at <code>/etc/sasldb2</code>. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> The <code>sasldb2</code> file contains passwords in
+plaintext, and should have read+write access only to user
+<code>postfix</code> or a group that <code>postfix</code> is member
+of. </p>
+
+</blockquote>
+
+<p> The <code>saslpasswd2</code> command-line utility creates
+and maintains the database: </p>
+
+<blockquote>
+<pre>
+% <strong>saslpasswd2 -c -u <em>example.com</em> <em>username</em></strong>
+Password:
+Again (for verification):
+</pre>
+</blockquote>
+
+<p> This command creates an account
+<code><em>username@example.com</em></code>. </p>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> users must specify <code><em>username@example.com</em></code>
+as login name, not <code><em>username</em></code>. </p>
+
+</blockquote>
+
+<p> Run the following command to reuse the Postfix <code><a href="postconf.5.html#mydomain">mydomain</a></code>
+parameter value as the login domain: </p>
+
+<blockquote>
+<pre>
+% <strong>saslpasswd2 -c -u `postconf -h <a href="postconf.5.html#mydomain">mydomain</a>` <em>username</em></strong>
+Password:
+Again (for verification):
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Run <code>saslpasswd2</code> without any options for further
+help on how to use the command. </p>
+
+</blockquote>
+
+<p> The <code>sasldblistusers2</code> command lists all existing
+users in the sasldb database: </p>
+
+<blockquote>
+<pre>
+% <strong>sasldblistusers2</strong>
+username1@example.com: password1
+username2@example.com: password2
+</pre>
+</blockquote>
+
+<p> Configure libsasl to use sasldb with the following instructions: </p>
+
+<blockquote>
+<pre>
+/etc/sasl2/smtpd.conf:
+ pwcheck_method: auxprop
+ auxprop_plugin: sasldb
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> In the above example adjust <code>mech_list</code> to the
+mechanisms that are applicable for your environment. </p>
+
+</blockquote>
+
+<h4><a name="auxprop_sql">The sql plugin</a></h4>
+
+<p> The sql auxprop plugin is a generic SQL plugin. It provides
+access to credentials stored in a MySQL, PostgreSQL or SQLite
+database. This plugin requires that SASL client passwords are
+stored as plaintext. </p>
+
+<blockquote>
+
+<strong>Tip</strong>
+
+<p> If you must store encrypted passwords, you cannot use the sql
+auxprop plugin. Instead, see section "<a href="#saslauthd_pam">Using
+saslauthd with PAM</a>", and configure PAM to look up the encrypted
+passwords with, for example, the <code>pam_mysql</code> module.
+You will not be able to use any of the methods that require access
+to plaintext passwords, such as the shared-secret methods CRAM-MD5
+and DIGEST-MD5. </p>
+
+</blockquote>
+
+<p> The following example configures libsasl to use the sql plugin
+and connects it to a PostgreSQL server: </p>
+
+<blockquote>
+<pre>
+/etc/sasl2/smtpd.conf:
+ pwcheck_method: auxprop
+ auxprop_plugin: sql
+ mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
+ sql_engine: pgsql
+ sql_hostnames: 127.0.0.1, 192.0.2.1
+ sql_user: username
+ sql_passwd: secret
+ sql_database: dbname
+ sql_select: SELECT password FROM users WHERE user = '%u@%r'
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Set appropriate permissions if <code>smtpd.conf</code> contains
+a password. The file should be readable by the <code>postfix</code>
+user. </p>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> In the above example, adjust <code>mech_list</code> to the
+mechanisms that are applicable for your environment. </p>
+
+</blockquote>
+
+<p> The sql plugin has the following configuration options: </p>
+
+<blockquote>
+
+<dl>
+
+<dt>sql_engine</dt>
+
+<dd>
+
+<p> Specify <code>mysql</code> to connect to a MySQL server,
+<code>pgsql</code> for a PostgreSQL server or <code>sqlite</code>
+for an SQLite database </p>
+
+</dd>
+
+<dt>sql_hostnames</dt>
+
+<dd>
+
+<p> Specify one or more servers (hostname or hostname:port) separated
+by commas. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> With MySQL servers, specify <code>localhost</code> to connect
+over a UNIX-domain socket, and specify <code>127.0.0.1</code> to
+connect over a TCP socket. </p>
+
+</blockquote>
+
+</dd>
+
+<dt>sql_user</dt>
+
+<dd>
+
+<p> The login name to gain access to the database. </p>
+
+</dd>
+
+<dt>sql_passwd</dt>
+
+<dd>
+
+<p> The password to gain access to the database. </p>
+
+</dd>
+
+<dt>sql_database</dt>
+
+<dd>
+
+<p> The name of the database to connect to. </p>
+
+</dd>
+
+<dt>sql_select</dt>
+
+<dd>
+
+<p> The SELECT statement that should retrieve the plaintext password
+from a database table. </p>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Do not enclose the statement in quotes! Use single quotes to
+escape macros! </p>
+
+</blockquote>
+
+</dd>
+
+</dl>
+
+</blockquote>
+
+<p> The sql plugin provides macros to build <code>sql_select</code>
+statements. They will be replaced with arguments sent from the client. The
+following macros are available: </p>
+
+<blockquote>
+
+<dl>
+
+<dt>%u</dt>
+
+<dd>
+
+<p> The name of the user whose properties are being selected. </p>
+
+</dd>
+
+<dt>%p</dt>
+
+<dd>
+
+<p> The name of the property being selected. While this could technically be
+anything, Cyrus SASL will try userPassword and cmusaslsecretMECHNAME (where
+MECHNAME is the name of a SASL mechanism). </p>
+
+</dd>
+
+<dt>%r</dt>
+
+<dd>
+
+<p> The name of the realm to which the user belongs. This could be
+the KERBEROS realm, the fully-qualified domain name of the computer
+the SASL application is running on, or the domain after the "@" in a
+username. </p>
+
+</dd>
+
+</dl>
+
+</blockquote>
+
+<h4><a name="auxprop_ldapdb">The ldapdb plugin</a></h4>
+
+<p> The ldapdb auxprop plugin provides access to credentials stored
+in an LDAP server. This plugin requires that SASL client passwords are
+stored as plaintext. </p>
+
+<blockquote>
+
+<strong>Tip</strong>
+
+<p> If you must store encrypted passwords, you cannot use the ldapdb
+auxprop plugin. Instead, you can use "<code>saslauthd -a ldap</code>"
+to query the LDAP database directly, with appropriate configuration
+in <code>saslauthd.conf</code>, <a
+href="http://git.cyrusimap.org/cyrus-sasl/tree/saslauthd/LDAP_SASLAUTHD">as
+described here</a>. You will not be able to use any of the
+methods that require access to plaintext passwords, such as the
+shared-secret methods CRAM-MD5 and DIGEST-MD5. </p>
+
+</blockquote>
+
+<p> The ldapdb plugin implements proxy authorization. This means
+that the ldapdb plugin uses its own username and password to
+authenticate with the LDAP server, before it asks the LDAP server
+for the remote SMTP client's password. The LDAP server then decides
+if the ldapdb plugin is authorized to read the remote SMTP client's
+password. </p>
+
+<p> In a nutshell: Configuring ldapdb means authentication and
+authorization must be configured twice - once in the Postfix SMTP
+server to authenticate and authorize the remote SMTP client, and
+once in the LDAP server to authenticate and authorize the ldapdb
+plugin. </p>
+
+<p> This example configures libsasl to use the ldapdb plugin and
+the plugin to connect to an LDAP server: </p>
+
+<blockquote>
+<pre>
+/etc/sasl2/smtpd.conf:
+ pwcheck_method: auxprop
+ auxprop_plugin: ldapdb
+ mech_list: PLAIN LOGIN NTLM CRAM-MD5 DIGEST-MD5
+ ldapdb_uri: <a href="ldap_table.5.html">ldap</a>://localhost
+ ldapdb_id: proxyuser
+ ldapdb_pw: password
+ ldapdb_mech: DIGEST-MD5
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Set appropriate permissions if <code>smtpd.conf</code> contains a
+password. The file should be readable by the <code>postfix</code>
+user. </p>
+
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> The shared-secret mechanisms (CRAM-MD5, etc.) require that the
+SASL client passwords are stored as plaintext. </p>
+
+</blockquote>
+
+<p> The following is a summary of applicable <code>smtpd.conf</code>
+file entries: </p>
+
+<blockquote>
+
+<dl>
+
+<dt>auxprop_plugin</dt>
+
+<dd> <p> Specify <code>ldapdb</code> to enable the plugin. </p> </dd>
+
+<dt>ldapdb_uri</dt>
+
+<dd> <p> Specify either <code><a href="ldap_table.5.html">ldapi</a>://</code> to connect over
+a UNIX-domain socket, <code><a href="ldap_table.5.html">ldap</a>://</code> for an unencrypted TCP
+connection, or <code><a href="ldap_table.5.html">ldaps</a>://</code> for an encrypted TCP connection.
+</p> </dd>
+
+<dt>ldapdb_id</dt>
+
+<dd> <p> The login name to authenticate the ldapdb plugin to the
+LDAP server (proxy authorization). </p> </dd>
+
+<dt>ldapdb_pw</dt>
+
+<dd> <p> The password (in plaintext) to authenticate the ldapdb
+plugin to the LDAP server (proxy authorization). </p> </dd>
+
+<dt>ldapdb_mech</dt>
+
+<dd> <p> The mechanism to authenticate the ldapdb plugin to the
+LDAP server. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Specify a mechanism here that is supported by the LDAP server.
+</p>
+
+</blockquote>
+
+</dd>
+
+<dt>ldapdb_rc (optional)</dt>
+
+<dd> <p> The path to a file containing individual configuration
+options for the ldapdb LDAP client (libldap). This allows to specify
+a TLS client certificate which in turn can be used to use the SASL
+EXTERNAL mechanism. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> This mechanism supports authentication over an encrypted transport
+layer, which is recommended if the plugin must connect to an OpenLDAP
+server on a remote machine. </p>
+
+</blockquote>
+
+</dd>
+
+<dt>ldapdb_starttls (optional)</dt>
+
+<dd> <p> The TLS policy for connecting to the LDAP server. Specify
+either <code>try</code> or <code>demand</code>. If the option is
+<code>try</code> the plugin will attempt to establish a TLS-encrypted
+connection with the LDAP server, and will fallback to an unencrypted
+connection if TLS fails. If the policy is <code>demand</code> and
+a TLS-encrypted connection cannot be established, the connection
+fails immediately. </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<p> When the ldapdb plugin connects to the OpenLDAP server and
+successfully authenticates, the OpenLDAP server decides if the
+plugin user is authorized to read SASL account information. </p>
+
+<p> The following configuration gives an example of authorization configuration
+in the OpenLDAP slapd server: </p>
+
+<blockquote>
+<pre>
+/etc/openldap/slapd.conf:
+ authz-regexp
+ uid=(.*),cn=.*,cn=auth
+ <a href="ldap_table.5.html">ldap</a>:///dc=example,dc=com??sub?cn=$1
+ authz-policy to
+</pre>
+</blockquote>
+
+<p> Here, the <code>authz-regexp</code> option serves for authentication
+of the ldapdb user. It maps its login name to a DN in the LDAP
+directory tree where <code>slapd</code> can look up the SASL account
+information. The <code>authz-policy</code> options defines the
+authentication policy. In this case it grants authentication
+privileges "<code>to</code>" the ldapdb plugin. </p>
+
+<p> The last configuration step is to tell the OpenLDAP <code>slapd</code>
+server where ldapdb may search for usernames matching the one given
+by the mail client. The example below adds an additional attribute
+ldapdb user object (here: <code>authzTo</code> because the authz-policy
+is "<code>to</code>") and configures the scope where the login name
+"proxyuser" may search: </p>
+
+<blockquote>
+<pre>
+dn: cn=proxyuser,dc=example,dc=com
+changetype: modify
+add: authzTo
+authzTo: dn.regex:uniqueIdentifier=(.*),ou=people,dc=example,dc=com
+</pre>
+</blockquote>
+
+<p> Use the <code>ldapmodify</code> or <code>ldapadd</code> command
+to add the above attribute. </p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Read the chapter "Using SASL" in the <a
+href="http://www.openldap.org/doc/admin">OpenLDAP Admin Guide</a>
+for more detailed instructions to set up SASL authentication in
+OpenLDAP. </p>
+
+</blockquote>
+
+<h3><a name="server_sasl_enable">Enabling SASL authentication and
+authorization in the Postfix SMTP server</a></h3>
+
+<p> By default the Postfix SMTP server uses the Cyrus SASL
+implementation. If the Dovecot SASL implementation should be used,
+specify an <code><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></code> value of <code>dovecot</code>
+instead of <code>cyrus</code>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> = dovecot
+</pre>
+</blockquote>
+
+<p> Additionally specify how Postfix SMTP server can find the Dovecot
+authentication server. This depends on the settings that you have
+selected in the section "<a href="#server_dovecot_comm">Postfix to
+Dovecot SASL communication</a>". </p>
+
+<ul>
+
+<li> <p> If you configured Dovecot for UNIX-domain socket communication,
+configure Postfix as follows: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = private/auth
+</pre>
+
+<strong>Note</strong>
+
+<p> This example uses a pathname relative to the Postfix queue
+directory, so that it will work whether or not the Postfix SMTP
+server runs chrooted. </p>
+
+<li> <p> If you configured Dovecot for TCP socket communication,
+configure Postfix as follows. If Dovecot runs on a different machine,
+replace 127.0.0.1 by that machine's IP address. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> = inet:127.0.0.1:12345
+</pre>
+
+<strong>Note</strong>
+
+<p> If you specify a remote IP address, information
+will be sent as plaintext over the network. </p>
+
+</ul>
+
+<h4><a name="server_sasl_authc">Enabling SASL authentication
+in the Postfix SMTP server</a></h4>
+
+<p> Regardless of the SASL implementation type, enabling SMTP
+authentication in the Postfix SMTP server always requires setting
+the <code><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a></code> option: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> = yes
+</pre>
+</blockquote>
+
+<p> After a "postfix reload", SMTP clients will see the additional
+capability AUTH in an SMTP session, followed by a list of
+authentication mechanisms the server supports: </p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
+...
+</pre>
+</blockquote>
+
+<p> However not all clients recognize the AUTH capability as defined
+by the SASL authentication RFC. Some historical implementations expect the
+server to send an "<code>=</code>" as separator between the AUTH
+verb and the list of mechanisms that follows it. </p>
+
+<p> The <code><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a></code> configuration option
+lets Postfix repeat the AUTH statement in a form that these broken
+clients understand: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> Enable this option for Outlook up to and including version 2003
+and Outlook Express up to version 6. This option does not hurt other
+clients. </p>
+
+</blockquote>
+
+<p> After "postfix reload", the Postfix SMTP server will propagate
+the AUTH capability twice - once for compliant and once for broken
+clients: </p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
+250-AUTH=DIGEST-MD5 PLAIN CRAM-MD5
+...
+</pre>
+</blockquote>
+
+<h4><a name="smtpd_sasl_security_options">Postfix SMTP Server policy
+- SASL mechanism properties</a></h4>
+
+<p> The Postfix SMTP server supports policies that limit the SASL
+mechanisms that it makes available to clients, based on the properties
+of those mechanisms. The next two sections give examples of how
+these policies are used. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th>Property</th> <th>Description</th> </tr>
+
+<tr> <td>noanonymous</td> <td> Don't use mechanisms that permit
+anonymous authentication. </td> </tr>
+
+<tr> <td>noplaintext</td> <td> Don't use mechanisms that transmit
+unencrypted username and password information. </td> </tr>
+
+<tr> <td>nodictionary</td> <td> Don't use mechanisms that are
+vulnerable to dictionary attacks. </td> </tr>
+
+<tr> <td>forward_secrecy</td> <td> Require forward secrecy between
+sessions (breaking one session does not break earlier sessions).
+</td> </tr>
+
+<tr> <td>mutual_auth</td> <td> Use only mechanisms that authenticate
+both the client and the server to each other. </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h4><a name="id396877">Unencrypted SMTP session</a></h4>
+
+<p> The default policy is to allow any mechanism in the Postfix SMTP server
+except for those based on anonymous authentication: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Specify a list of properties separated by comma or whitespace
+ <a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Always set at least the <code>noanonymous</code> option.
+Otherwise, the Postfix SMTP server can give strangers the same
+authorization as a properly-authenticated client. </p>
+
+</blockquote>
+
+<h4><a name="id396969">Encrypted SMTP session (TLS)</a></h4>
+
+<p> A separate parameter controls Postfix SASL mechanism policy
+during a TLS-encrypted SMTP session. The default is to copy the
+settings from the unencrypted session: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> = $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>
+</pre>
+</blockquote>
+
+<p> A more sophisticated policy allows plaintext mechanisms, but
+only over a TLS-encrypted connection: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext
+ <a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> = noanonymous
+</pre>
+</blockquote>
+
+<p> To offer SASL authentication only after a TLS-encrypted session has been
+established specify this: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes
+</pre>
+</blockquote>
+
+<h4><a name="server_sasl_authz">Enabling SASL authorization in the Postfix
+SMTP server</a></h4>
+
+<p> After the client has authenticated with SASL, the Postfix SMTP
+server decides what the remote SMTP client will be authorized
+for. Examples of possible SMTP clients authorizations are: </p>
+
+<ul>
+
+<li> <p> Send a message to a remote recipient. </p> </li>
+
+<li> <p> Use a specific envelope sender in the MAIL FROM command. </p> </li>
+
+</ul>
+
+<p> These permissions are not enabled by default. </p>
+
+<h4><a name="server_sasl_authz_relay">Mail relay authorization</a></h4>
+
+<p> With <code><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></code> the Postfix SMTP
+server can allow
+SASL-authenticated SMTP clients to send mail to remote destinations.
+Examples:
+</p>
+
+<blockquote>
+<pre>
+# With Postfix 2.10 and later, the mail relay policy is
+# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+</pre>
+
+<pre>
+# Older configurations combine relay control and spam control under
+# <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. To use this example with Postfix &ge;
+# 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <strong><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a></strong>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ ...other rules...
+</pre>
+</blockquote>
+
+<h4><a name="server_sasl_authz_envelope">Envelope sender address
+authorization</a></h4>
+
+<p> By default an SMTP client may specify any envelope sender address
+in the MAIL FROM command. That is because the Postfix SMTP server
+only knows the remote SMTP client hostname and IP address, but not
+the user who controls the remote SMTP client. </p>
+
+<p> This changes the moment an SMTP client uses SASL authentication.
+Now, the Postfix SMTP server knows who the sender is. Given a table
+of envelope sender addresses and SASL login names, the Postfix SMTP
+server can decide if the SASL authenticated client is allowed to
+use a particular envelope sender address: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <strong><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/controlled_envelope_senders</strong>
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <strong><a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a></strong>
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
+ ...
+</pre>
+</blockquote>
+
+<p> The <code>controlled_envelope_senders</code> table specifies
+the binding between a sender envelope address and the SASL login
+names that own that address: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/controlled_envelope_senders
+ # envelope sender owners (SASL login names)
+ john@example.com john@example.com
+ helpdesk@example.com john@example.com, mary@example.com
+ postmaster admin@example.com
+ @example.net barney, fred, john@example.com, mary@example.com
+</pre>
+</blockquote>
+
+<p> With this, the <code><a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a></code>
+restriction above will reject the sender address in the MAIL FROM
+command if <code><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a></code> does not specify
+the SMTP client's login name as an owner of that address. </p>
+
+<p> See also <code><a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></code>,
+<code><a href="postconf.5.html#reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></code>, and
+<code><a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></code> for additional
+control over the SASL login name and the envelope sender. </p>
+
+<h4><a name="server_sasl_other">Additional SMTP Server SASL options</a></h4>
+
+<p> Postfix provides a wide range of SASL authentication configuration
+options. The next section lists a few that are discussed frequently.
+See <a href="postconf.5.html">postconf(5)</a> for a complete list. </p>
+
+<h4><a name="sasl_access">Per-account access control</a></h4>
+
+<p> Postfix can implement policies that depend on the SASL login
+name (Postfix 2.11 and later). Typically this is used to HOLD or
+REJECT mail from accounts whose credentials have been compromised.
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <a href="postconf.5.html#check_sasl_access">check_sasl_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sasl_access
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
+ ...
+
+/etc/postfix/sasl_access:
+ # Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> is empty.
+ username HOLD
+ # Use this when <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>=example.com.
+ username@example.com HOLD
+</pre>
+</blockquote>
+
+<h4><a name="id397172">Default authentication domain</a></h4>
+
+<p> Postfix can append a domain name (or any other string) to a
+SASL login name that does not have a domain part, e.g. "<code>john</code>"
+instead of "<code>john@example.com</code>": </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = example.com
+</pre>
+</blockquote>
+
+<p> This is useful as a default setting and safety net for misconfigured
+clients, or during a migration to an authentication method/backend
+that requires an authentication REALM or domain name, before all
+SMTP clients are configured to send such information. </p>
+
+<h4><a name="id397205">Hiding SASL authentication from clients or
+networks</a></h4>
+
+<p> Some clients insist on using SASL authentication if it is offered, even
+when they are not configured to send credentials - and therefore
+they will always fail and disconnect. </p>
+
+<p> Postfix can hide the AUTH capability from these clients/networks: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = !192.0.2.171/32, 192.0.2.0/24
+</pre>
+</blockquote>
+
+<h4><a name="id397226">Adding the SASL login name to mail headers</a></h4>
+
+<p> To report SASL login names in Received: message headers (Postfix
+version 2.3 and later): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> = yes
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> The SASL login names will be shared with the entire world. </p>
+
+</blockquote>
+
+<h3><a name="server_test">Testing SASL authentication in the Postfix SMTP Server</a></h3>
+
+<p> To test the server side, connect (for example, with
+<code>telnet</code>) to the Postfix SMTP server port and you should
+be able to have a conversation as shown below. Information sent by
+the client (that is, you) is shown in <strong>bold</strong> font.
+</p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-ETRN
+250-AUTH DIGEST-MD5 PLAIN CRAM-MD5
+250 8BITMIME
+<strong>AUTH PLAIN AHRlc3QAdGVzdHBhc3M=</strong>
+235 Authentication successful
+</pre>
+</blockquote>
+
+<p> To test this over a connection that is encrypted with TLS, use
+<code>openssl s_client</code> instead of <code>telnet</code>:
+
+<blockquote>
+<pre>
+% <strong>openssl s_client -connect server.example.com:25 -starttls smtp</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+...see above example for more...
+</pre>
+</blockquote>
+
+<p> Instead of <code>AHRlc3QAdGVzdHBhc3M=</code>, specify the
+base64-encoded form of <code>\0username\0password</code> (the \0
+is a null byte). The example above is for a user named `<code>test</code>'
+with password `<code>testpass</code>'. </p>
+<blockquote>
+
+<strong>Caution</strong>
+
+<p> When posting logs of the SASL negotiations to public lists,
+please keep in mind that username/password information is trivial
+to recover from the base64-encoded form. </p>
+
+</blockquote>
+
+<p> You can use one of the following commands to generate base64
+encoded authentication information: </p>
+
+<ul>
+
+<li> <p> Using a recent version of the <b>bash</b> shell: </p>
+
+<blockquote>
+<pre>
+% <strong>echo -ne '\000username\000password' | openssl base64</strong>
+</pre>
+</blockquote>
+
+<p> Some other shells support similar syntax. </p>
+
+<li> <p> Using the <b>printf</b> command: </p>
+
+<blockquote>
+<pre>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | openssl base64</strong>
+% <strong>printf '\0%s\0%s' '<em>username</em>' '<em>password</em>' | mmencode</strong>
+</pre>
+</blockquote>
+
+<p> The <strong>mmencode</strong> command is part of the metamail
+software. </p>
+
+<li> <p> Using Perl <b>MIME::Base64</b> (from <a href="http://www.cpan.org/">http://www.cpan.org/</a>): </p>
+
+<blockquote>
+<pre>
+% <strong>perl -MMIME::Base64 -e \
+ 'print encode_base64("\0<em>username</em>\0<em>password</em>");'</strong>
+</pre>
+</blockquote>
+
+<p> If the username or password contain "@", you must specify "\@". </p>
+
+<li> <p> Using the <b>gen-auth</b> script: </p>
+
+<blockquote>
+<pre>
+% <strong>gen-auth plain</strong>
+username: <strong><em>username</em></strong>
+password:
+</pre>
+</blockquote>
+
+<p> The <strong>gen-auth</strong> Perl script was written by John
+Jetmore and can be found at <a href="http://jetmore.org/john/code/gen-auth">http://jetmore.org/john/code/gen-auth</a>. </p>
+
+</ul>
+
+<h2><a name="client_sasl">Configuring SASL authentication in the Postfix SMTP/LMTP client</a></h2>
+
+<p> The Postfix SMTP and the LMTP client can authenticate with a
+remote SMTP server via the Cyrus SASL framework. At this time, the
+Dovecot SASL implementation does not provide client functionality.
+</p>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> The examples in this section discuss only the SMTP client.
+Replace <code>smtp_</code> with <code>lmtp_</code> to get the
+corresponding LMTP client configuration. </p>
+
+</blockquote>
+
+<p> You can read more about the following topics: </p>
+
+<ul>
+
+<li><a href="#client_sasl_enable">Enabling SASL authentication in
+the Postfix SMTP/LMTP client</a></li>
+
+<li><a href="#client_sasl_sender">Configuring sender-dependent SASL
+authentication</a></li>
+
+<li><a href="#client_sasl_policy">Postfix SMTP/LMTP client policy
+- SASL mechanism <em>properties</em></a></li>
+
+<li><a href="#client_sasl_filter">Postfix SMTP/LMTP client policy
+- SASL mechanism <em>names</em></a></li>
+
+</ul>
+
+<h3><a name="client_sasl_enable">Enabling SASL authentication in the
+Postfix SMTP/LMTP client</a></h3>
+
+<p> This section shows a typical scenario where the Postfix SMTP
+client sends all messages via a mail gateway server that requires
+SASL authentication. </p>
+
+<blockquote>
+
+<strong> Trouble solving tips: </strong>
+
+<ul>
+
+<li> <p> If your SASL logins fail with "SASL authentication failure:
+No worthy mechs found" in the mail logfile, then see the section
+"<a href="SASL_README.html#client_sasl_policy">Postfix SMTP/LMTP
+client policy - SASL mechanism <em>properties</em></a>".
+
+<li> <p> For a solution to a more obscure class of SASL authentication
+failures, see "<a href="SASL_README.html#client_sasl_filter">Postfix
+SMTP/LMTP client policy - SASL mechanism <em>names</em></a>".
+
+</ul>
+
+</blockquote>
+
+<p> To make the example more readable we introduce it in two parts.
+The first part takes care of the basic configuration, while the
+second part sets up the username/password information. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
+ <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> = noanonymous
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]
+ # Alternative form:
+ # <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]:submission
+ <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sasl_passwd
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The <code><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a></code> setting enables
+client-side authentication. We will configure the client's username
+and password information in the second part of the example. </p>
+</li>
+
+<li> <p> The <code><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></code> setting ensures
+that the connection to the remote smtp server will be encrypted, and
+<code><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a></code> removes the prohibition on
+plaintext passwords. </p>
+
+<li> <p> The <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting forces the Postfix SMTP
+to send all remote messages to the specified mail server instead
+of trying to deliver them directly to their destination. </p> </li>
+
+<li> <p> In the <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting, the "<code>[</code>"
+and "<code>]</code>" prevent the Postfix SMTP client from looking
+up MX (mail exchanger) records for the enclosed name. </p> </li>
+
+<li> <p> The <code><a href="postconf.5.html#relayhost">relayhost</a></code> destination may also specify a
+non-default TCP port. For example, the alternative form
+<code>[mail.isp.example]:submission</code> tells Postfix to connect
+to TCP network port 587, which is reserved for email client
+applications. </p> </li>
+
+<li> <p> The Postfix SMTP client is compatible with SMTP servers
+that use the non-standard "<code>AUTH=<em>method.</em>...</code>"
+syntax in response to the EHLO command; this requires no additional
+Postfix client configuration. </p> </li>
+
+<li> <p> With the setting "<a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes", the Postfix
+SMTP client supports the "wrappermode" protocol, which uses TCP
+port 465 on the SMTP server (Postfix 3.0 and later). </p> </li>
+
+<li> <p> With the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> parameter,
+we configure the Postfix SMTP client to send username and password
+information to the mail gateway server. As discussed in the next
+section, the Postfix SMTP client supports multiple ISP accounts.
+For this reason the username and password are stored in a table
+that contains one username/password combination for each mail gateway
+server. </p>
+
+</ul>
+
+<blockquote>
+<pre>
+/etc/postfix/sasl_passwd:
+ # destination credentials
+ [mail.isp.example] username:password
+ # Alternative form:
+ # [mail.isp.example]:submission username:password
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Keep the SASL client password file in <code>/etc/postfix</code>,
+and make the file read+write only for <code>root</code> to protect
+the username/password combinations against other users. The Postfix
+SMTP client will still be able to read the SASL client passwords.
+It opens the file as user <code>root</code> before it drops privileges,
+and before entering an optional chroot jail. </p>
+
+</blockquote>
+
+<ul>
+
+<li> <p> Use the <code>postmap</code> command whenever you
+change the <code>/etc/postfix/sasl_passwd</code> file. </p> </li>
+
+<li> <p> If you specify the "<code>[</code>" and "<code>]</code>"
+in the <code><a href="postconf.5.html#relayhost">relayhost</a></code> destination, then you must use the
+same form in the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> file. </p>
+</li>
+
+<li> <p> If you specify a non-default TCP Port (such as
+"<code>:submission</code>" or "<code>:587</code>") in the
+<code><a href="postconf.5.html#relayhost">relayhost</a></code> destination, then you must use the same form
+in the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> file. </p> </li>
+
+</ul>
+
+<h3><a name="client_sasl_sender">Configuring Sender-Dependent SASL
+authentication</a></h3>
+
+<p> Postfix supports different ISP accounts for different sender
+addresses (version 2.3 and later). This can be useful when one
+person uses the same machine for work and for personal use, or when
+people with different ISP accounts share the same Postfix server.
+</p>
+
+<p> To make this possible, Postfix supports per-sender SASL passwords
+and per-sender relay hosts. In the example below, the Postfix SMTP
+client will search the SASL password file by sender address before
+it searches that same file by destination. Likewise, the Postfix
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon will search the per-sender <a href="postconf.5.html#relayhost">relayhost</a> file,
+and use the default <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting only as a final
+resort. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> = yes
+ <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_relay
+ <a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
+ <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sasl_passwd
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]
+ # Alternative form:
+ # <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]:submission
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/sasl_passwd:
+ # Per-sender authentication; see also /etc/postfix/sender_relay.
+ user1@example.com username1:password1
+ user2@example.net username2:password2
+ # Login information for the default <a href="postconf.5.html#relayhost">relayhost</a>.
+ [mail.isp.example] username:password
+ # Alternative form:
+ # [mail.isp.example]:submission username:password
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/sender_relay:
+ # Per-sender provider; see also /etc/postfix/sasl_passwd.
+ user1@example.com [mail.example.com]:submission
+ user2@example.net [mail.example.net]
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> If you are creative, then you can try to combine the two
+tables into one single MySQL database, and configure different
+Postfix queries to extract the appropriate information. </p>
+
+<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
+whenever you change the sasl_passwd table. </p>
+
+<li> <p> Execute the command "<b>postmap /etc/postfix/sender_relay</b>"
+whenever you change the sender_relay table. </p>
+
+</ul>
+
+<h3><a name="client_sasl_policy">Postfix SMTP/LMTP client policy -
+SASL mechanism <em>properties</em></a></h3>
+
+<p> Just like the Postfix SMTP server, the SMTP client has a policy
+that determines which SASL mechanisms are acceptable, based on their
+properties. The next two sections give examples of how these policies
+are used. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th>Property</th> <th>Description</th> </tr>
+
+<tr> <td>noanonymous</td> <td> Don't use mechanisms that permit
+anonymous authentication. </td> </tr>
+
+<tr> <td>noplaintext</td> <td> Don't use mechanisms that transmit
+unencrypted username and password information. </td> </tr>
+
+<tr> <td>nodictionary</td> <td> Don't use mechanisms that are
+vulnerable to dictionary attacks. </td> </tr>
+
+<tr> <td>mutual_auth</td> <td> Use only mechanisms that authenticate
+both the client and the server to each other. </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h4>Unencrypted SMTP session</h4>
+
+<p> The default policy is stricter than that of the Postfix SMTP
+server - plaintext mechanisms are not allowed (nor is any anonymous
+mechanism): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext, noanonymous
+</pre>
+</blockquote>
+
+<p> This default policy, which allows no plaintext passwords, leads
+to authentication failures if the remote server only offers plaintext
+authentication mechanisms (the SMTP server announces "<code>AUTH
+PLAIN LOGIN</code>"). In such cases the SMTP client will log the
+following error message: </p>
+
+<blockquote>
+<pre>
+SASL authentication failure: No worthy mechs found
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> This same error message will also be logged when the
+<code>libplain.so</code> or <code>liblogin.so</code> modules are
+not installed in the <code>/usr/lib/sasl2</code> directory. </p>
+
+</blockquote>
+
+<p> The insecure approach is to lower the security standards and
+permit plaintext authentication mechanisms: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noanonymous
+</pre>
+</blockquote>
+
+<p> The more secure approach is to protect the plaintext username
+and password with TLS session encryption. To find out if the remote
+SMTP server supports TLS, connect to the server and see if it
+announces STARTTLS support as shown in the example. Information
+sent by the client (that is, you) is shown in <strong>bold</strong>
+font. </p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-STARTTLS
+...
+</pre>
+</blockquote>
+
+<p> Instead of port 25 (smtp), specify port 587 (submission) where
+appropriate. </p>
+
+<h4>Encrypted SMTP session (TLS)</h4>
+
+<p> To turn on TLS in the Postfix SMTP client, see <a href="TLS_README.html">TLS_README</a> for
+configuration details. </p>
+
+<p> The <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> parameter controls Postfix
+SASL mechanism policy during a TLS-encrypted SMTP session. The
+default is to copy the settings from the unencrypted session: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> = $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>
+</pre>
+</blockquote>
+
+<p> A more sophisticated policy allows plaintext mechanisms, but
+only over a TLS-encrypted connection: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noanonymous, noplaintext
+ <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> = noanonymous
+</pre>
+</blockquote>
+
+<h3><a name="client_sasl_filter">Postfix SMTP/LMTP client policy -
+SASL mechanism <em>names</em></a></h3>
+
+<p> Given the SASL security options of the previous section, the
+Cyrus SASL library will choose the most secure authentication
+mechanism that both the SMTP client and server implement. Unfortunately,
+that authentication mechanism may fail because the client or server
+is not configured to use that mechanism.</p>
+
+<p> To prevent this, the Postfix SMTP client can filter the names
+of the authentication mechanisms from the remote SMTP server. Used
+correctly, the filter hides unwanted mechanisms from the Cyrus SASL
+library, forcing the library to choose from the mechanisms the
+Postfix SMTP client filter passes through. </p>
+
+<p> The following example filters out everything but the mechanisms
+<code>PLAIN</code> and <code>LOGIN</code>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Note</strong>
+
+<p> If the remote server does not offer any of the mechanisms on
+the filter list, authentication will fail. </p>
+
+</blockquote>
+
+<p> We close this section with an example that passes every mechanism
+except for <code>GSSAPI</code> and <code>LOGIN</code>: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+</blockquote>
+
+<h2><a name="postfix_build">Building Postfix with SASL support</a></h2>
+
+<p> As mentioned elsewhere, Postfix supports two SASL implementations:
+Cyrus SASL (SMTP client and server) and Dovecot SASL (SMTP server
+only). Both implementations can be built into Postfix simultaneously.
+</p>
+
+<ul>
+
+<li><a href="#build_dovecot">Building Dovecot SASL support</a></li>
+
+<li><a href="#sasl_support">Building Cyrus SASL support</a></li>
+
+</ul>
+
+<h3><a name="build_dovecot">Building Dovecot SASL support</a></h3>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> Support for the Dovecot version 1 SASL protocol is available
+in Postfix 2.3 and later. At the time of writing, only server-side
+SASL support is available, so you can't use it to authenticate the
+Postfix SMTP client to your network provider's server. </p>
+
+<p> Dovecot uses its own daemon process for authentication. This
+keeps the Postfix build process simple, because there is no need
+to link extra libraries into Postfix. </p>
+
+<p> To generate the necessary Makefiles, execute the following in
+the Postfix top-level directory: </p>
+
+<blockquote>
+<pre>
+% <strong>make tidy</strong> # if you have left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH \
+ -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\""</strong>
+</pre>
+</blockquote>
+
+<p> After this, proceed with "<code>make</code>" as described in
+the <a href="INSTALL.html">INSTALL</a> document. </p>
+
+<strong>Note</strong>
+
+<ul>
+
+<li>
+
+<p> The <code>-DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\"</code> is not
+necessary; it just makes Postfix configuration a little more
+convenient because you don't have to specify the SASL plug-in type
+in the Postfix <a href="postconf.5.html">main.cf</a> file (but this may cause surprises when you
+switch to a later Postfix version that is built with the default
+SASL type of <code>cyrus</code>). </p>
+
+</li>
+
+<li>
+
+<p> If you also want support for LDAP or TLS (or for Cyrus SASL),
+you need to merge their <code>CCARGS</code> and <code>AUXLIBS</code>
+options into the above command line; see the <a href="LDAP_README.html">LDAP_README</a> and
+<a href="TLS_README.html">TLS_README</a> for details. </p>
+
+<blockquote>
+<pre>
+% <strong>make tidy</strong> # if you have left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH \
+ -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\" \
+ ...<i>CCARGS options for LDAP or TLS etc.</i>..." \
+ AUXLIBS="...<i>AUXLIBS options for LDAP or TLS etc.</i>..."</strong>
+</pre>
+</blockquote>
+
+</li>
+
+</ul>
+
+<h3><a name="sasl_support">Building Cyrus SASL support</a></h3>
+
+<h4><a name="build_sasl">Building the Cyrus SASL library</a></h4>
+
+<p> Postfix works with cyrus-sasl-1.5.x or cyrus-sasl-2.1.x, which are
+available from <a href="https://github.com/cyrusimap/cyrus-sasl/releases">https://github.com/cyrusimap/cyrus-sasl/releases</a>. </p>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> If you install the Cyrus SASL libraries as per the default, you will have
+to create a symlink <code>/usr/lib/sasl</code> -&gt;
+<code>/usr/local/lib/sasl</code> for version 1.5.x or
+<code>/usr/lib/sasl2</code> -&gt; <code>/usr/local/lib/sasl2</code>
+for version 2.1.x. </p>
+
+</blockquote>
+
+<p> Reportedly, Microsoft Outlook (Express) requires the non-standard LOGIN
+and/or NTLM authentication mechanism. To enable these authentication
+mechanisms, build the Cyrus SASL libraries with: </p>
+
+<blockquote>
+<pre>
+% <strong>./configure --enable-login --enable-ntlm</strong>
+</pre>
+</blockquote>
+
+<h4><a name="build_postfix">Building Postfix with Cyrus SASL support</a></h4>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> The following assumes that the Cyrus SASL include files are in
+<code>/usr/local/include</code>, and that the Cyrus SASL libraries are in
+<code>/usr/local/lib</code>. </p>
+
+<p> On some systems this generates the necessary <code>Makefile</code>
+definitions: </p>
+
+<dl>
+
+<dt>Cyrus SASL version 2.1.x</dt>
+
+<dd>
+
+<pre>
+% <strong>make tidy</strong> # if you have left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
+ -I/usr/local/include/sasl" AUXLIBS="-L/usr/local/lib -lsasl2"</strong>
+</pre>
+
+<p> If your Cyrus SASL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsasl2". </p>
+
+</dd>
+
+<dt>Cyrus SASL version 1.5.x</dt>
+
+<dd>
+
+<pre>
+% <strong>make tidy</strong> # if you have left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
+ -I/usr/local/include" AUXLIBS="-L/usr/local/lib -lsasl"</strong>
+</pre>
+
+</dd>
+
+</dl>
+
+<p> On Solaris 2.x you need to specify run-time link information,
+otherwise the ld.so run-time linker will not find the SASL shared
+library: </p>
+
+<dl>
+
+<dt>Cyrus SASL version 2.1.x</dt>
+
+<dd>
+
+<pre>
+% <strong>make tidy</strong> # remove left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
+ -I/usr/local/include/sasl" AUXLIBS="-L/usr/local/lib \
+ -R/usr/local/lib -lsasl2"</strong>
+</pre>
+
+</dd>
+
+<dt>Cyrus SASL version 1.5.x</dt>
+
+<dd>
+
+<pre>
+% <strong>make tidy</strong> # if you have left-over files from a previous build
+% <strong>make makefiles CCARGS="-DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
+ -I/usr/local/include" AUXLIBS="-L/usr/local/lib \
+ -R/usr/local/lib -lsasl"</strong>
+</pre>
+
+</dd>
+
+</dl>
+
+<h2><a name="cyrus_legacy">Using Cyrus SASL version 1.5.x</a></h2>
+
+<p> Postfix supports Cyrus SASL version 1.x, but you shouldn't use
+it unless you are forced to. The makers of Cyrus SASL write: </p>
+
+<blockquote> <i> This library is being deprecated and applications
+should transition to using the SASLv2 library</i> (source: <a
+href="http://www.cyrusimap.org/download.html">Project Cyrus:
+Downloads</a>). </blockquote>
+
+<p> If you still need to set it up, here's a quick rundown: </p>
+
+<p> Read the regular section on SMTP server configurations for the
+Cyrus SASL framework. The differences are: </p>
+
+<ul>
+
+<li> <p> Cyrus SASL version 1.5.x searches for configuration
+(<code>smtpd.conf</code>) in <code>/usr/lib/sasl/</code> only. You
+must place the configuration in that directory. Some systems may
+have modified Cyrus SASL and put the files into e.g.
+<code>/var/lib/sasl/</code>. </p> </li>
+
+<li> <p> Use the <code>saslpasswd</code> command instead of
+<code>saslpasswd2</code> to create users in <code>sasldb</code>.
+</p> </li>
+
+<li> <p> Use the <code>sasldblistusers</code> command instead of
+<code>sasldblistusers2</code> to find users in <code>sasldb</code>.
+</p> </li>
+
+<li> <p> In the <code>smtpd.conf</code> file you can't use
+<code>mech_list</code> to limit the range of mechanisms offered.
+Instead, remove their libraries from <code>/usr/lib/sasl/</code>
+(and remember remove those files again when a system update
+re-installs new versions). </p> </li>
+
+</ul>
+
+<h2><a name="credits">Credits</a></h2>
+
+<ul>
+
+<li> Postfix SASL support was originally implemented by Till Franke
+of SuSE Rhein/Main AG. </li>
+
+<li> Wietse trimmed down the code to only the bare necessities.
+ </li>
+
+<li> Support for Cyrus SASL version 2 was contributed by Jason Hoos.
+</li>
+
+<li> Liviu Daia added <a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a>, separated
+<a href="postconf.5.html#reject_sender_login_mismatch">reject_sender_login_mismatch</a> into
+<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a> and
+<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>, and revised the docs.
+ </li>
+
+<li> Wietse made another iteration through the code to add plug-in
+support for multiple SASL implementations, and for reasons that
+have been lost, also changed <a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> into
+<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>. </li>
+
+<li> The Dovecot SMTP server-only plug-in was originally implemented
+by Timo Sirainen of Procontrol, Finland. </li>
+
+<li> Patrick Ben Koetter revised this document for Postfix 2.4 and
+made much needed updates. </li>
+
+<li> Patrick Ben Koetter revised this document again for Postfix
+2.7 and made much needed updates. </li>
+
+</ul>
+
+</body>
+
+</html>
+
diff --git a/html/SCHEDULER_README.html b/html/SCHEDULER_README.html
new file mode 100644
index 0000000..5d16e28
--- /dev/null
+++ b/html/SCHEDULER_README.html
@@ -0,0 +1,1840 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Queue Scheduler</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Queue Scheduler</h1>
+
+<hr>
+
+<h2> Disclaimer </h2>
+
+<p> Many of the <i>transport</i>-specific configuration parameters
+discussed in this document will not show up in "postconf" command
+output before Postfix version 2.9. This limitation applies to many
+parameters whose name is a combination of a <a href="master.5.html">master.cf</a> service name
+such as "relay" and a built-in suffix such as
+"_destination_concurrency_limit". </p>
+
+<h2> Overview </h2>
+
+<p> The queue manager is by far the most complex part of the Postfix
+mail system. It schedules delivery of new mail, retries failed
+deliveries at specific times, and removes mail from the queue after
+the last delivery attempt. There are two major classes of mechanisms
+that control the operation of the queue manager. </p>
+
+<p> Topics covered by this document: </p>
+
+<ul>
+
+<li> <a href="#concurrency"> Concurrency scheduling</a>, concerned
+with the number of concurrent deliveries to a specific destination,
+including decisions on when to suspend deliveries after persistent
+failures.
+
+<li> <a href="#jobs"> Preemptive scheduling</a>, concerned with
+the selection of email messages and recipients for a given destination.
+
+<li> <a href="#credits"> Credits</a>, something this document would not be
+complete without.
+
+</ul>
+
+<!--
+
+<p> Once started, the <a href="qmgr.8.html">qmgr(8)</a> process runs until "postfix reload"
+or "postfix stop". As a persistent process, the queue manager has
+to meet strict requirements with respect to code correctness and
+robustness. Unlike non-persistent daemon processes, the queue manager
+cannot benefit from Postfix's process rejuvenation mechanism that
+limit the impact from resource leaks and other coding errors
+(translation: replacing a process after a short time covers up bugs
+before they can become a problem). </p>
+
+-->
+
+<h2> <a name="concurrency"> Concurrency scheduling </a> </h2>
+
+<p> The following sections document the Postfix 2.5 concurrency
+scheduler, after a discussion of the limitations of the earlier
+concurrency scheduler. This is followed by results of medium-concurrency
+experiments, and a discussion of trade-offs between performance and
+robustness. </p>
+
+<p> The material is organized as follows: </p>
+
+<ul>
+
+<li> <a href="#concurrency_drawbacks"> Drawbacks of the existing
+concurrency scheduler </a>
+
+<li> <a href="#concurrency_summary_2_5"> Summary of the Postfix 2.5
+concurrency feedback algorithm </a>
+
+<li> <a href="#dead_summary_2_5"> Summary of the Postfix 2.5 "dead
+destination" detection algorithm </a>
+
+<li> <a href="#pseudo_code_2_5"> Pseudocode for the Postfix 2.5
+concurrency scheduler </a>
+
+<li> <a href="#concurrency_results"> Results for delivery to
+concurrency limited servers </a>
+
+<li> <a href="#concurrency_discussion"> Discussion of concurrency
+limited server results </a>
+
+<li> <a href="#concurrency_limitations"> Limitations of less-than-1
+per delivery feedback </a>
+
+<li> <a href="#concurrency_config"> Concurrency configuration
+parameters </a>
+
+</ul>
+
+<h3> <a name="concurrency_drawbacks"> Drawbacks of the existing
+concurrency scheduler </a> </h3>
+
+<p> From the start, Postfix has used a simple but robust algorithm
+where the per-destination delivery concurrency is decremented by 1
+after delivery failed due to connection or handshake failure, and
+incremented by 1 otherwise. Of course the concurrency is never
+allowed to exceed the maximum per-destination concurrency limit.
+And when a destination's concurrency level drops to zero, the
+destination is declared "dead" and delivery is suspended. </p>
+
+<p> Drawbacks of +/-1 concurrency feedback per delivery are: <p>
+
+<ul>
+
+<li> <p> Overshoot due to exponential delivery concurrency growth
+with each pseudo-cohort(*). This can be an issue with high-concurrency
+channels. For example, with the default initial concurrency of 5,
+concurrency would proceed over time as (5-10-20). </p>
+
+<li> <p> Throttling down to zero concurrency after a single
+pseudo-cohort(*) failure. This was especially an issue with
+low-concurrency channels where a single failure could be sufficient
+to mark a destination as "dead", causing the suspension of further
+deliveries to the affected destination. </p>
+
+</ul>
+
+<p> (*) A pseudo-cohort is a number of delivery requests equal to
+a destination's delivery concurrency. </p>
+
+<p> The revised concurrency scheduler has a highly modular structure.
+It uses separate mechanisms for per-destination concurrency control
+and for "dead destination" detection. The concurrency control in
+turn is built from two separate mechanisms: it supports less-than-1
+feedback per delivery to allow for more gradual concurrency
+adjustments, and it uses feedback hysteresis to suppress concurrency
+oscillations. And instead of waiting for delivery concurrency to
+throttle down to zero, a destination is declared "dead" after a
+configurable number of pseudo-cohorts reports connection or handshake
+failure. </p>
+
+<h3> <a name="concurrency_summary_2_5"> Summary of the Postfix 2.5
+concurrency feedback algorithm </a> </h3>
+
+<p> We want to increment a destination's delivery concurrency when
+some (not necessarily consecutive) number of deliveries complete
+without connection or handshake failure. This is implemented with
+positive feedback g(N) where N is the destination's delivery
+concurrency. With g(N)=1 feedback per delivery, concurrency increases
+by 1 after each positive feedback event; this gives us the old
+scheduler's exponential growth in time. With g(N)=1/N feedback per
+delivery, concurrency increases by 1 after an entire pseudo-cohort
+N of positive feedback reports; this gives us linear growth in time.
+Less-than-1 feedback per delivery and integer truncation naturally
+give us hysteresis, so that transitions to larger concurrency happen
+every 1/g(N) positive feedback events. </p>
+
+<p> We want to decrement a destination's delivery concurrency when
+some (not necessarily consecutive) number of deliveries complete
+after connection or handshake failure. This is implemented with
+negative feedback f(N) where N is the destination's delivery
+concurrency. With f(N)=1 feedback per delivery, concurrency decreases
+by 1 after each negative feedback event; this gives us the old
+scheduler's behavior where concurrency is throttled down dramatically
+after a single pseudo-cohort failure. With f(N)=1/N feedback per
+delivery, concurrency backs off more gently. Again, less-than-1
+feedback per delivery and integer truncation naturally give us
+hysteresis, so that transitions to lower concurrency happen every
+1/f(N) negative feedback events. </p>
+
+<p> However, with negative feedback we introduce a subtle twist.
+We "reverse" the negative hysteresis cycle so that the transition
+to lower concurrency happens at the <b>beginning</b> of a sequence
+of 1/f(N) negative feedback events. Otherwise, a correction for
+overload would be made too late. This makes the choice of f(N)
+relatively unimportant, as borne out by measurements later in this
+document. </p>
+
+<p> In summary, the main ingredients for the Postfix 2.5 concurrency
+feedback algorithm are a) the option of less-than-1 positive feedback
+per delivery to avoid overwhelming servers, b) the option of
+less-than-1 negative feedback per delivery to avoid giving up too
+fast, c) feedback hysteresis to avoid rapid oscillation, and d) a
+"reverse" hysteresis cycle for negative feedback, so that it can
+correct for overload quickly. </p>
+
+<h3> <a name="dead_summary_2_5"> Summary of the Postfix 2.5 "dead destination" detection algorithm </a> </h3>
+
+<p> We want to suspend deliveries to a specific destination after
+some number of deliveries suffers connection or handshake failure.
+The old scheduler declares a destination "dead" when negative (-1)
+feedback throttles the delivery concurrency down to zero. With
+less-than-1 feedback per delivery, this throttling down would
+obviously take too long. We therefore have to separate "dead
+destination" detection from concurrency feedback. This is implemented
+by introducing the concept of pseudo-cohort failure. The Postfix
+2.5 concurrency scheduler declares a destination "dead" after a
+configurable number of pseudo-cohorts suffers from connection or
+handshake failures. The old scheduler corresponds to the special
+case where the pseudo-cohort failure limit is equal to 1. </p>
+
+<h3> <a name="pseudo_code_2_5"> Pseudocode for the Postfix 2.5 concurrency scheduler </a> </h3>
+
+<p> The pseudo code shows how the ideas behind new concurrency
+scheduler are implemented as of November 2007. The actual code can
+be found in the module qmgr/qmgr_queue.c. </p>
+
+<pre>
+Types:
+ Each destination has one set of the following variables
+ int concurrency
+ double success
+ double failure
+ double fail_cohorts
+
+Feedback functions:
+ N is concurrency; x, y are arbitrary numbers in [0..1] inclusive
+ positive feedback: g(N) = x/N | x/sqrt(N) | x
+ negative feedback: f(N) = y/N | y/sqrt(N) | y
+
+Initialization:
+ concurrency = initial_concurrency
+ success = 0
+ failure = 0
+ fail_cohorts = 0
+
+After success:
+ fail_cohorts = 0
+ Be prepared for feedback &gt; hysteresis, or rounding error
+ success += g(concurrency)
+ while (success >= 1) Hysteresis 1
+ concurrency += 1 Hysteresis 1
+ failure = 0
+ success -= 1 Hysteresis 1
+ Be prepared for overshoot
+ if (concurrency &gt; concurrency limit)
+ concurrency = concurrency limit
+
+Safety:
+ Don't apply positive feedback unless
+ concurrency &lt; busy_refcount + init_dest_concurrency
+ otherwise negative feedback effect could be delayed
+
+After failure:
+ if (concurrency &gt; 0)
+ fail_cohorts += 1.0 / concurrency
+ if (fail_cohorts &gt; cohort_failure_limit)
+ concurrency = 0
+ if (concurrency &gt; 0)
+ Be prepared for feedback &gt; hysteresis, rounding errors
+ failure -= f(concurrency)
+ while (failure &lt; 0)
+ concurrency -= 1 Hysteresis 1
+ failure += 1 Hysteresis 1
+ success = 0
+ Be prepared for overshoot
+ if (concurrency &lt; 1)
+ concurrency = 1
+</pre>
+
+<h3> <a name="concurrency_results"> Results for delivery to concurrency-limited servers </a> </h3>
+
+<p> Discussions about the concurrency scheduler redesign started
+early 2004, when the primary goal was to find alternatives that did
+not exhibit exponential growth or rapid concurrency throttling. No
+code was implemented until late 2007, when the primary concern had
+shifted towards better handling of server concurrency limits. For
+this reason we measure how well the new scheduler does this
+job. The table below compares mail delivery performance of the old
++/-1 feedback per delivery with several less-than-1 feedback
+functions, for different limited-concurrency server scenarios.
+Measurements were done with a FreeBSD 6.2 client and with FreeBSD
+6.2 and various Linux servers. </p>
+
+<p> Server configuration: </p>
+
+<ul> <li> The mail flow was slowed down with 1 second latency per
+recipient ("<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = sleep 1"). The purpose was
+to make results less dependent on hardware details, by avoiding
+slow-downs by queue file I/O, logging I/O, and network I/O.
+
+<li> Concurrency was limited by the server process limit
+("<a href="postconf.5.html#default_process_limit">default_process_limit</a> = 5" and "<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
+= <a href="DATABASE_README.html#types">static</a>:all"). Postfix was stopped and started after changing the
+process limit, because the same number is also used as the backlog
+argument to the listen(2) system call, and "postfix reload" does
+not re-issue this call.
+
+<li> Mail was discarded with "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="DATABASE_README.html#types">static</a>:all" and
+"<a href="postconf.5.html#local_transport">local_transport</a> = discard". The discard action in access maps or
+header/body checks
+could not be used as it fails to update the <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> counters.
+
+</ul>
+
+<p> Client configuration: </p>
+
+<ul>
+
+<li> Queue file overhead was minimized by sending one message to a
+virtual alias that expanded into 2000 different remote recipients.
+All recipients were accounted for according to the maillog file.
+The <a href="postconf.5.html#virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> setting was increased to avoid
+complaints from the <a href="cleanup.8.html">cleanup(8)</a> server.
+
+<li> The number of deliveries was maximized with
+"<a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> = 2". A smaller limit would cause
+Postfix to schedule the concurrency per recipient instead of domain,
+which is not what we want.
+
+<li> Maximum concurrency was limited with
+"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 20", and
+<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> was set to the same value.
+
+<li> The positive and negative concurrency feedback hysteresis was
+1. Concurrency was incremented by 1 at the END of 1/feedback steps
+of positive feedback, and was decremented by 1 at the START of
+1/feedback steps of negative feedback.
+
+<li> The SMTP client used the default 30s SMTP connect timeout and
+300s SMTP greeting timeout.
+
+</ul>
+
+<h4> Impact of the 30s SMTP connect timeout </h4>
+
+<p> The first results are for a FreeBSD 6.2 server, where our
+artificially low listen(2) backlog results in a very short kernel
+queue for established connections. The table shows that all deferred
+deliveries failed due to a 30s connection timeout, and none failed
+due to a server greeting timeout. This measurement simulates what
+happens when the server's connection queue is completely full under
+load, and the TCP engine drops new connections. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <th>client<br> limit</th> <th>server<br> limit</th> <th>feedback<br>
+style</th> <th>connection<br> caching</th> <th>percentage<br>
+deferred</th> <th colspan="2">client concurrency<br> average/stddev</th>
+<th colspan=2>timed-out in<br> connect/greeting </th> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">no</td> <td
+align="center">9.9</td> <td align="center">19.4</td> <td
+align="center">0.49</td> <td align="center">198</td> <td
+align="center">-</td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">yes</td> <td
+align="center">10.3</td> <td align="center">19.4</td> <td
+align="center">0.49</td> <td align="center">206</td> <td
+align="center">-</td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">no</td>
+<td align="center">10.4</td> <td align="center">19.6</td> <td
+align="center">0.59</td> <td align="center">208</td> <td
+align="center">-</td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">yes</td>
+<td align="center">10.6</td> <td align="center">19.6</td> <td
+align="center">0.61</td> <td align="center">212</td> <td
+align="center">-</td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">no</td> <td
+align="center">10.1</td> <td align="center">19.5</td> <td
+align="center">1.29</td> <td align="center">202</td> <td
+align="center">-</td> </tr>
+
+<tr><td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">yes</td> <td
+align="center">10.8</td> <td align="center">19.3</td> <td
+align="center">1.57</td> <td align="center">216</td> <td
+align="center">-</td> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+</table>
+
+<p> A busy server with a completely full connection queue. N is
+the client delivery concurrency. Failed deliveries time out after
+30s without completing the TCP handshake. See text for a discussion
+of results. </p>
+
+</blockquote>
+
+<h4> Impact of the 300s SMTP greeting timeout </h4>
+
+<p> The next table shows results for a Fedora Core 8 server (results
+for RedHat 7.3 are identical). In this case, the artificially small
+listen(2) backlog argument does not impact our measurement. The
+table shows that practically all deferred deliveries fail after the
+300s SMTP greeting timeout. As these timeouts were 10x longer than
+with the first measurement, we increased the recipient count (and
+thus the running time) by a factor of 10 to keep the results
+comparable. The deferred mail percentages are a factor 10 lower
+than with the first measurement, because the 1s per-recipient delay
+was 1/300th of the greeting timeout instead of 1/30th of the
+connection timeout. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <th>client<br> limit</th> <th>server<br> limit</th> <th>feedback<br>
+style</th> <th>connection<br> caching</th> <th>percentage<br>
+deferred</th> <th colspan="2">client concurrency<br> average/stddev</th>
+<th colspan=2>timed-out in<br> connect/greeting </th> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">no</td> <td
+align="center">1.16</td> <td align="center">19.8</td> <td
+align="center">0.37</td> <td align="center">-</td> <td
+align="center">230</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">yes</td> <td
+align="center">1.36</td> <td align="center">19.8</td> <td
+align="center">0.36</td> <td align="center">-</td> <td
+align="center">272</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">no</td>
+<td align="center">1.21</td> <td align="center">19.9</td> <td
+align="center">0.23</td> <td align="center">4</td> <td
+align="center">238</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">yes</td>
+<td align="center">1.36</td> <td align="center">20.0</td> <td
+align="center">0.23</td> <td align="center">-</td> <td
+align="center">272</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">no</td> <td
+align="center">1.18</td> <td align="center">20.0</td> <td
+align="center">0.16</td> <td align="center">-</td> <td
+align="center">236</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">yes</td> <td
+align="center">1.39</td> <td align="center">20.0</td> <td
+align="center">0.16</td> <td align="center">-</td> <td
+align="center">278</td> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+</table>
+
+<p> A busy server with a non-full connection queue. N is the client
+delivery concurrency. Failed deliveries complete at the TCP level,
+but time out after 300s while waiting for the SMTP greeting. See
+text for a discussion of results. </p>
+
+</blockquote>
+
+<h4> Impact of active server concurrency limiter </h4>
+
+<p> The final concurrency-limited result shows what happens when
+SMTP connections don't time out, but are rejected immediately with
+the Postfix server's <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> feature
+(the server replies with a 421 status and disconnects immediately).
+Similar results can be expected with concurrency limiting features
+built into other MTAs or firewalls. For this measurement we specified
+a server concurrency limit and a client initial destination concurrency
+of 5, and a server process limit of 10; all other conditions were
+the same as with the first measurement. The same result would be
+obtained with a FreeBSD or Linux server, because the "pushing back"
+is done entirely by the receiving side. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <th>client<br> limit</th> <th>server<br> limit</th> <th>feedback<br>
+style</th> <th>connection<br> caching</th> <th>percentage<br>
+deferred</th> <th colspan="2">client concurrency<br> average/stddev</th>
+<th>theoretical<br>defer rate</th> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">no</td> <td
+align="center">16.5</td> <td align="center">5.17</td> <td
+align="center">0.38</td> <td align="center">1/6</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/N</td> <td align="center">yes</td> <td
+align="center">16.5</td> <td align="center">5.17</td> <td
+align="center">0.38</td> <td align="center">1/6</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">no</td>
+<td align="center">24.5</td> <td align="center">5.28</td> <td
+align="center">0.45</td> <td align="center">1/4</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1/sqrt(N)</td> <td align="center">yes</td>
+<td align="center">24.3</td> <td align="center">5.28</td> <td
+align="center">0.46</td> <td align="center">1/4</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">no</td> <td
+align="center">49.7</td> <td align="center">5.63</td> <td
+align="center">0.67</td> <td align="center">1/2</td> </tr>
+
+<tr> <td align="center">20</td> <td align="center">5</td> <td
+align="center">1</td> <td align="center">yes</td> <td
+align="center">49.7</td> <td align="center">5.68</td> <td
+align="center">0.70</td> <td align="center">1/2</td> </tr>
+
+<tr> <td align="center" colspan="9"> <hr> </td> </tr>
+
+</table>
+
+<p> A server with active per-client concurrency limiter that replies
+with 421 and disconnects. N is the client delivery concurrency.
+The theoretical defer rate is 1/(1+roundup(1/feedback)). This is
+always 1/2 with the fixed +/-1 feedback per delivery; with the
+concurrency-dependent feedback variants, the defer rate decreases
+with increasing concurrency. See text for a discussion of results.
+</p>
+
+</blockquote>
+
+<h3> <a name="concurrency_discussion"> Discussion of concurrency-limited server results </a> </h3>
+
+<p> All results in the previous sections are based on the first
+delivery runs only; they do not include any second etc. delivery
+attempts. It's also worth noting that the measurements look at
+steady-state behavior only. They don't show what happens when the
+client starts sending at a much higher or lower concurrency.
+</p>
+
+<p> The first two examples show that the effect of feedback
+is negligible when concurrency is limited due to congestion. This
+is because the initial concurrency is already at the client's
+concurrency maximum, and because there is 10-100 times more positive
+than negative feedback. Under these conditions, it is no surprise
+that the contribution from SMTP connection caching is also negligible.
+</p>
+
+<p> In the last example, the old +/-1 feedback per delivery will
+defer 50% of the mail when confronted with an active (anvil-style)
+server concurrency limit, where the server hangs up immediately
+with a 421 status (a TCP-level RST would have the same result).
+Less aggressive feedback mechanisms fare better than more aggressive
+ones. Concurrency-dependent feedback fares even better at higher
+concurrencies than shown here, but has limitations as discussed in
+the next section. </p>
+
+<h3> <a name="concurrency_limitations"> Limitations of less-than-1 per delivery feedback </a> </h3>
+
+<p> Less-than-1 feedback is of interest primarily when sending large
+amounts of mail to destinations with active concurrency limiters
+(servers that reply with 421, or firewalls that send RST). When
+sending small amounts of mail per destination, less-than-1 per-delivery
+feedback won't have a noticeable effect on the per-destination
+concurrency, because the number of deliveries to the same destination
+is too small. You might just as well use zero per-delivery feedback
+and stay with the initial per-destination concurrency. And when
+mail deliveries fail due to congestion instead of active concurrency
+limiters, the measurements above show that per-delivery feedback
+has no effect. With large amounts of mail you might just as well
+use zero per-delivery feedback and start with the maximal per-destination
+concurrency. </p>
+
+<p> The scheduler with less-than-1 concurrency
+feedback per delivery solves a problem with servers that have active
+concurrency limiters. This works only because feedback is handled
+in a peculiar manner: positive feedback will increment the concurrency
+by 1 at the <b>end</b> of a sequence of events of length 1/feedback,
+while negative feedback will decrement concurrency by 1 at the
+<b>beginning</b> of such a sequence. This is how Postfix adjusts
+quickly for overshoot without causing lots of mail to be deferred.
+Without this difference in feedback treatment, less-than-1 feedback
+per delivery would defer 50% of the mail, and would be no better
+in this respect than the old +/-1 feedback per delivery. </p>
+
+<p> Unfortunately, the same feature that corrects quickly for
+concurrency overshoot also makes the scheduler more sensitive for
+noisy negative feedback. The reason is that one lonely negative
+feedback event has the same effect as a complete sequence of length
+1/feedback: in both cases delivery concurrency is dropped by 1
+immediately. As a worst-case scenario, consider multiple servers
+behind a load balancer on a single IP address, and no backup MX
+address. When 1 out of K servers fails to complete the SMTP handshake
+or drops the connection, a scheduler with 1/N (N = concurrency)
+feedback stops increasing its concurrency once it reaches a concurrency
+level of about K, even though the good servers behind the load
+balancer are perfectly capable of handling more traffic. </p>
+
+<p> This noise problem gets worse as the amount of positive feedback
+per delivery gets smaller. A compromise is to use fixed less-than-1
+positive feedback values instead of concurrency-dependent positive
+feedback. For example, to tolerate 1 of 4 bad servers in the above
+load balancer scenario, use positive feedback of 1/4 per "good"
+delivery (no connect or handshake error), and use an equal or smaller
+amount of negative feedback per "bad" delivery. The downside of
+using concurrency-independent feedback is that some of the old +/-1
+feedback problems will return at large concurrencies. Sites that
+must deliver mail at non-trivial per-destination concurrencies will
+require special configuration. </p>
+
+<h3> <a name="concurrency_config"> Concurrency configuration parameters </a> </h3>
+
+<p> The Postfix 2.5 concurrency scheduler is controlled with the
+following configuration parameters, where "<i>transport</i>_foo"
+provides a transport-specific parameter override. All parameter
+default settings are compatible with earlier Postfix versions. </p>
+
+<blockquote>
+
+<table border="0">
+
+<tr> <th> Parameter name </th> <th> Postfix version </th> <th>
+Description </th> </tr>
+
+<tr> <td colspan="3"> <hr> </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a><br>
+<a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> </td> <td
+align="center"> all<br> 2.5 </td> <td> Initial per-destination
+delivery concurrency </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a><br>
+<a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> </td> <td align="center">
+all<br> all </td> <td> Maximum per-destination delivery concurrency
+</td> </tr>
+
+<tr> <td> <a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a><br>
+<a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> </td>
+<td align="center"> 2.5<br> 2.5 </td> <td> Per-destination positive
+feedback amount, per delivery that does not fail with connection
+or handshake failure </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a><br>
+<a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> </td>
+<td align="center"> 2.5<br> 2.5 </td> <td> Per-destination negative
+feedback amount, per delivery that fails with connection or handshake
+failure </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a><br>
+<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> </td>
+<td align="center"> 2.5<br> 2.5 </td> <td> Number of failed
+pseudo-cohorts after which a destination is declared "dead" and
+delivery is suspended </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a></td> <td align="center">
+2.5 </td> <td> Enable verbose logging of concurrency scheduler
+activity </td> </tr>
+
+<tr> <td colspan="3"> <hr> </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2> <a name="jobs"> Preemptive scheduling </a> </h2>
+
+<p>
+
+The following sections describe the new queue manager and its
+preemptive scheduler algorithm. Note that the document was originally
+written to describe the changes between the new queue manager (in
+this text referred to as <tt>nqmgr</tt>, the name it was known by
+before it became the default queue manager) and the old queue manager
+(referred to as <tt>oqmgr</tt>). This is why it refers to <tt>oqmgr</tt>
+every so often.
+
+</p>
+
+<p>
+
+This document is divided into sections as follows:
+
+</p>
+
+<ul>
+
+<li> <a href="#<tt>nqmgr</tt>_structures"> The structures used by
+nqmgr </a>
+
+<li> <a href="#<tt>nqmgr</tt>_pickup"> What happens when nqmgr picks
+up the message </a> - how it is assigned to transports, jobs, peers,
+entries
+
+<li> <a href="#<tt>nqmgr</tt>_selection"> How the entry selection
+works </a>
+
+<li> <a href="#<tt>nqmgr</tt>_preemption"> How the preemption
+works </a> - what messages may be preempted and how and what messages
+are chosen to preempt them
+
+<li> <a href="#<tt>nqmgr</tt>_concurrency"> How destination concurrency
+limits affect the scheduling algorithm </a>
+
+<li> <a href="#<tt>nqmgr</tt>_memory"> Dealing with memory resource
+limits </a>
+
+</ul>
+
+<h3> <a name="<tt>nqmgr</tt>_structures"> The structures used by
+nqmgr </a> </h3>
+
+<p>
+
+Let's start by recapitulating the structures and terms used when
+referring to the queue manager and how it operates. Many of these are
+partially described elsewhere, but it is nice to have a coherent
+overview in one place:
+
+</p>
+
+<ul>
+
+<li> <p> Each message structure represents one mail message which
+Postfix is to deliver. The message recipients specify to what
+destinations is the message to be delivered and what transports are
+going to be used for the delivery. </p>
+
+<li> <p> Each recipient entry groups a batch of recipients of one
+message which are all going to be delivered to the same destination
+(and over the same transport).
+</p>
+
+<li> <p> Each transport structure groups everything what is going
+to be delivered by delivery agents dedicated for that transport.
+Each transport maintains a set of queues (describing the destinations
+it shall talk to) and jobs (referencing the messages it shall
+deliver). </p>
+
+<li> <p> Each transport queue (not to be confused with the on-disk
+"<a href="QSHAPE_README.html#active_queue">active" queue</a> or "<a href="QSHAPE_README.html#incoming_queue">incoming" queue</a>) groups everything what is going be
+delivered to given destination (aka nexthop) by its transport. Each
+queue belongs to one transport, so each destination may be referred
+to by several queues, one for each transport. Each queue maintains
+a list of all recipient entries (batches of message recipients)
+which shall be delivered to given destination (the todo list), and
+a list of recipient entries already being delivered by the delivery
+agents (the busy list). </p>
+
+<li> <p> Each queue corresponds to multiple peer structures. Each
+peer structure is like the queue structure, belonging to one transport
+and referencing one destination. The difference is that it lists
+only the recipient entries which all originate from the same message,
+unlike the queue structure, whose entries may originate from various
+messages. For messages with few recipients, there is usually just
+one recipient entry for each destination, resulting in one recipient
+entry per peer. But for large mailing list messages the recipients
+may need to be split to multiple recipient entries, in which case
+the peer structure may list many entries for single destination.
+</p>
+
+<li> <p> Each transport job groups everything it takes to deliver
+one message via its transport. Each job represents one message
+within the context of the transport. The job belongs to one transport
+and message, so each message may have multiple jobs, one for each
+transport. The job groups all the peer structures, which describe
+the destinations the job's message has to be delivered to. </p>
+
+</ul>
+
+<p>
+
+The first four structures are common to both <tt>nqmgr</tt> and
+<tt>oqmgr</tt>, the latter two were introduced by <tt>nqmgr</tt>.
+
+</p>
+
+<p>
+
+These terms are used extensively in the text below, feel free to
+look up the description above anytime you'll feel you have lost a
+sense what is what.
+
+</p>
+
+<h3> <a name="<tt>nqmgr</tt>_pickup"> What happens when nqmgr picks
+up the message </a> </h3>
+
+<p>
+
+Whenever <tt>nqmgr</tt> moves a queue file into the "<a href="QSHAPE_README.html#active_queue">active" queue</a>,
+the following happens: It reads all necessary information from the
+queue file as <tt>oqmgr</tt> does, and also reads as many recipients
+as possible - more on that later, for now let's just pretend it
+always reads all recipients.
+
+</p>
+
+<p>
+
+Then it resolves the recipients as <tt>oqmgr</tt> does, which
+means obtaining (address, nexthop, transport) triple for each
+recipient. For each triple, it finds the transport; if it does not
+exist yet, it instantiates it (unless it's dead). Within the
+transport, it finds the destination queue for the given nexthop; if it
+does not exist yet, it instantiates it (unless it's dead). The
+triple is then bound to given destination queue. This happens in
+qmgr_resolve() and is basically the same as in <tt>oqmgr</tt>.
+
+</p>
+
+<p>
+
+Then for each triple which was bound to some queue (and thus
+transport), the program finds the job which represents the message
+within that transport's context; if it does not exist yet, it
+instantiates it. Within the job, it finds the peer which represents
+the bound destination queue within this jobs context; if it does
+not exist yet, it instantiates it. Finally, it stores the address
+from the resolved triple to the recipient entry which is appended
+to both the queue entry list and the peer entry list. The addresses
+for the same nexthop are batched in the entries up to the
+<a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> for that transport.
+This happens in qmgr_message_assign(), and apart
+from that it operates with job and peer structures, it is basically the
+same as in <tt>oqmgr</tt>.
+
+</p>
+
+<p>
+
+When the job is instantiated, it is enqueued on the transport's job
+list based on the time its message was picked up by <tt>nqmgr</tt>.
+For first batch of recipients this means it is appended to the end
+of the job list, but the ordering of the job list by the enqueue
+time is important as we will see shortly.
+
+</p>
+
+<p>
+
+[Now you should have a pretty good idea what the state of the
+<tt>nqmgr</tt> is after a couple of messages were picked up, and what the
+relation is between all those job, peer, queue and entry structures.]
+
+</p>
+
+<h3> <a name="<tt>nqmgr</tt>_selection"> How the entry selection
+works </a> </h3>
+
+<p>
+
+Having prepared all those above mentioned structures, the task of
+the <tt>nqmgr</tt>'s scheduler is to choose the recipient entries
+one at a time and pass them to the delivery agent for corresponding
+transport. Now how does this work?
+
+</p>
+
+<p>
+
+The first approximation of the new scheduling algorithm is like this:
+
+</p>
+
+<blockquote>
+<pre>
+foreach transport (round-robin-by-transport)
+do
+ if transport busy continue
+ if transport process limit reached continue
+ foreach transport's job (in the order of the transport's job list)
+ do
+ foreach job's peer (round-robin-by-destination)
+ if peer-&gt;queue-&gt;concurrency &lt; peer-&gt;queue-&gt;window
+ return next peer entry.
+ done
+ done
+done
+</pre>
+</blockquote>
+
+<p>
+
+Now what is the "order of the transport's job list"? As we know
+already, the job list is by default kept in the order the message
+was picked up by the <tt>nqmgr</tt>. So by default we get the
+top-level round-robin transport, and within each transport we get
+the FIFO message delivery. The round-robin of the peers by the
+destination is perhaps of little importance in most real-life cases
+(unless the <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> is reached,
+in one job there
+is only one peer structure for each destination), but theoretically
+it makes sure that even within single jobs, destinations are treated
+fairly.
+
+</p>
+
+<p>
+
+[By now you should have a feeling you really know how the scheduler
+works, except for the preemption, under ideal conditions - that is,
+no recipient resource limits and no destination concurrency problems.]
+
+</p>
+
+<h3> <a name="<tt>nqmgr</tt>_preemption"> How the preemption
+works </a> </h3>
+
+<p>
+
+As you might perhaps expect by now, the transport's job list does
+not remain sorted by the job's message enqueue time all the time.
+The most cool thing about <tt>nqmgr</tt> is not the simple FIFO
+delivery, but that it is able to slip mail with little recipients
+past the mailing-list bulk mail. This is what the job preemption
+is about - shuffling the jobs on the transport's job list to get
+the best message delivery rates. Now how is it achieved?
+
+</p>
+
+<p>
+
+First I have to tell you that there are in fact two job lists in
+each transport. One is the scheduler's job list, which the scheduler
+is free to play with, while the other one keeps the jobs always
+listed in the order of the enqueue time and is used for recipient
+pool management we will discuss later. For now, we will deal with
+the scheduler's job list only.
+
+</p>
+
+<p>
+
+So, we have the job list, which is first ordered by the time the
+jobs' messages were enqueued, oldest messages first, the most recently
+picked one at the end. For now, let's assume that there are no
+destination concurrency problems. Without preemption, we pick some
+entry of the first (oldest) job on the queue, assign it to delivery
+agent, pick another one from the same job, assign it again, and so
+on, until all the entries are used and the job is delivered. We
+would then move onto the next job and so on and on. Now how do we
+manage to sneak in some entries from the recently added jobs when
+the first job on the job list belongs to a message going to the
+mailing-list and has thousands of recipient entries?
+
+</p>
+
+<p>
+
+The <tt>nqmgr</tt>'s answer is that we can artificially "inflate"
+the delivery time of that first job by some constant for free - it
+is basically the same trick you might remember as "accumulation of
+potential" from the amortized complexity lessons. For example,
+instead of delivering the entries of the first job on the job list
+every time a delivery agent becomes available, we can do it only
+every second time. If you view the moments the delivery agent becomes
+available on a timeline as "delivery slots", then instead of using
+every delivery slot for the first job, we can use only every other
+slot, and still the overall delivery efficiency of the first job
+remains the same. So the delivery <tt>11112222</tt> becomes
+<tt>1.1.1.1.2.2.2.2</tt> (1 and 2 are the imaginary job numbers, .
+denotes the free slot). Now what do we do with free slots?
+
+</p>
+
+<p>
+
+As you might have guessed, we will use them for sneaking the mail
+with little recipients in. For example, if we have one four-recipient
+mail followed by four one recipients mail, the delivery sequence
+(that is, the sequence in which the jobs are assigned to the
+delivery slots) might look like this: <tt>12131415</tt>. Hmm, fine
+for sneaking in the single recipient mail, but how do we sneak in
+the mail with more than one recipient? Say if we have one four-recipient
+mail followed by two two-recipient mails?
+
+</p>
+
+<p>
+
+The simple answer would be to use delivery sequence <tt>12121313</tt>.
+But the problem is that this does not scale well. Imagine you have
+mail with a thousand recipients followed by mail with a hundred recipients.
+It is tempting to suggest the delivery sequence like <tt>121212....</tt>,
+but alas! Imagine there arrives another mail with say ten recipients.
+But there are no free slots anymore, so it can't slip by, not even
+if it had only one recipient. It will be stuck until the
+hundred-recipient mail is delivered, which really sucks.
+
+</p>
+
+<p>
+
+So, it becomes obvious that while inflating the message to get
+free slots is a great idea, one has to be really careful of how the
+free slots are assigned, otherwise one might corner himself. So,
+how does <tt>nqmgr</tt> really use the free slots?
+
+</p>
+
+<p>
+
+The key idea is that one does not have to generate the free slots
+in a uniform way. The delivery sequence <tt>111...1</tt> is no
+worse than <tt>1.1.1.1</tt>, in fact, it is even better as some
+entries are in the first case selected earlier than in the second
+case, and none is selected later! So it is possible to first
+"accumulate" the free delivery slots and then use them all at once.
+It is even possible to accumulate some, then use them, then accumulate
+some more and use them again, as in <tt>11..1.1</tt> .
+
+</p>
+
+<p>
+
+Let's get back to the one hundred recipient example. We now know
+that we could first accumulate one hundred free slots, and only
+after then to preempt the first job and sneak the one hundred
+recipient mail in. Applying the algorithm recursively, we see the
+hundred recipient job can accumulate ten free delivery slots, and
+then we could preempt it and sneak in the ten-recipient mail...
+Wait wait wait! Could we? Aren't we overinflating the original one
+thousand recipient mail?
+
+</p>
+
+<p>
+
+Well, despite the fact that it looks so at the first glance, another trick will
+allow us to answer "no, we are not!". If we had said that we will
+inflate the delivery time twice at maximum, and then we consider
+every other slot as a free slot, then we would overinflate in case
+of the recursive preemption. BUT! The trick is that if we use only
+every n-th slot as a free slot for n&gt;2, there is always some worst
+inflation factor which we can guarantee not to be breached, even
+if we apply the algorithm recursively. To be precise, if for every
+k&gt;1 normally used slots we accumulate one free delivery slot, than
+the inflation factor is not worse than k/(k-1) no matter how many
+recursive preemptions happen. And it's not worse than (k+1)/k if
+only non-recursive preemption happens. Now, having got through the
+theory and the related math, let's see how <tt>nqmgr</tt> implements
+this.
+
+</p>
+
+<p>
+
+Each job has so called "available delivery slot" counter. Each
+transport has a <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameter, which
+defaults to <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> parameter which is set to 5
+by default. This is the k from the paragraph above. Each time k
+entries of the job are selected for delivery, this counter is
+incremented by one. Once there are some slots accumulated, a job which
+requires no more than that number of slots to be fully delivered
+can preempt this job.
+
+</p>
+
+<p>
+
+[Well, the truth is, the counter is incremented every time an entry
+is selected and it is divided by k when it is used.
+But to understand, it's good enough to use
+the above approximation of the truth.]
+
+</p>
+
+<p>
+
+OK, so now we know the conditions which must be satisfied so one
+job can preempt another one. But what job gets preempted, how do
+we choose what job preempts it if there are several valid candidates,
+and when does all this exactly happen?
+
+</p>
+
+<p>
+
+The answer for the first part is simple. The job whose entry was
+selected the last time is the so called current job. Normally, it is
+the first job on the scheduler's job list, but destination concurrency
+limits may change this as we will see later. It is always only the
+current job which may get preempted.
+
+</p>
+
+<p>
+
+Now for the second part. The current job has a certain amount of
+recipient entries, and as such may accumulate at maximum some amount
+of available delivery slots. It might have already accumulated some,
+and perhaps even already used some when it was preempted before
+(remember a job can be preempted several times). In either case,
+we know how many are accumulated and how many are left to deliver,
+so we know how many it may yet accumulate at maximum. Every other
+job which may be delivered by less than that number of slots is a
+valid candidate for preemption. How do we choose among them?
+
+</p>
+
+<p>
+
+The answer is - the one with maximum enqueue_time/recipient_entry_count.
+That is, the older the job is, the more we should try to deliver
+it in order to get best message delivery rates. These rates are of
+course subject to how many recipients the message has, therefore
+the division by the recipient (entry) count. No one shall be surprised
+that a message with n recipients takes n times longer to deliver than
+a message with one recipient.
+
+</p>
+
+<p>
+
+Now let's recap the previous two paragraphs. Isn't it too complicated?
+Why don't the candidates come only among the jobs which can be
+delivered within the number of slots the current job already
+accumulated? Why do we need to estimate how much it has yet to
+accumulate? If you found out the answer, congratulate yourself. If
+we did it this simple way, we would always choose the candidate
+with the fewest recipient entries. If there were enough single recipient
+mails coming in, they would always slip by the bulk mail as soon
+as possible, and the two or more recipients mail would never get
+a chance, no matter how long they have been sitting around in the
+job list.
+
+</p>
+
+<p>
+
+This candidate selection has an interesting implication - that when
+we choose the best candidate for preemption (this is done in
+qmgr_choose_candidate()), it may happen that we may not use it for
+preemption immediately. This leads to an answer to the last part
+of the original question - when does the preemption happen?
+
+</p>
+
+<p>
+
+The preemption attempt happens every time next transport's recipient
+entry is to be chosen for delivery. To avoid needless overhead, the
+preemption is not attempted if the current job could never accumulate
+more than <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> (defaults to
+<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> which defaults to 3). If there are
+already enough accumulated slots to preempt the current job by the
+chosen best candidate, it is done immediately. This basically means
+that the candidate is moved in front of the current job on the
+scheduler's job list and decreasing the accumulated slot counter
+by the amount used by the candidate. If there are not enough slots...
+well, I could say that nothing happens and the another preemption
+is attempted the next time. But that's not the complete truth.
+
+</p>
+
+<p>
+
+The truth is that it turns out that it is not really necessary to
+wait until the jobs counter accumulates all the delivery slots in
+advance. Say we have ten-recipient mail followed by two two-recipient
+mails. If the preemption happened when enough delivery slots accumulate
+(assuming slot cost 2), the delivery sequence becomes
+<tt>11112211113311</tt>. Now what would we get if we would wait
+only for 50% of the necessary slots to accumulate and we promise
+we would wait for the remaining 50% later, after we get back
+to the preempted job? If we use such a slot loan, the delivery sequence
+becomes <tt>11221111331111</tt>. As we can see, it makes it not
+considerably worse for the delivery of the ten-recipient mail, but
+it allows the small messages to be delivered sooner.
+
+</p>
+
+<p>
+
+The concept of these slot loans is where the
+<a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> and
+<a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> come from (they default to
+<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> and <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>, whose
+values are by default 50 and 3, respectively). The discount (resp.
+loan) specifies how many percent (resp. how many slots) one "gets
+in advance", when the number of slots required to deliver the best
+candidate is compared with the number of slots the current slot had
+accumulated so far.
+
+</p>
+
+<p>
+
+And that pretty much concludes this chapter.
+
+</p>
+
+<p>
+
+[Now you should have a feeling that you pretty much understand the
+scheduler and the preemption, or at least that you will have
+after you read the last chapter a couple more times. You shall clearly
+see the job list and the preemption happening at its head, in ideal
+delivery conditions. The feeling of understanding shall last until
+you start wondering what happens if some of the jobs are blocked,
+which you might eventually figure out correctly from what had been
+said already. But I would be surprised if your mental image of the
+scheduler's functionality is not completely shattered once you
+start wondering how it works when not all recipients may be read
+in-core. More on that later.]
+
+</p>
+
+<h3> <a name="<tt>nqmgr</tt>_concurrency"> How destination concurrency
+limits affect the scheduling algorithm </a> </h3>
+
+<p>
+
+The <tt>nqmgr</tt> uses the same algorithm for destination concurrency
+control as <tt>oqmgr</tt>. Now what happens when the destination
+limits are reached and no more entries for that destination may be
+selected by the scheduler?
+
+</p>
+
+<p>
+
+From the user's point of view it is all simple. If some of the peers
+of a job can't be selected, those peers are simply skipped by the
+entry selection algorithm (the pseudo-code described before) and
+only the selectable ones are used. If none of the peers may be
+selected, the job is declared a "blocker job". Blocker jobs are
+skipped by the entry selection algorithm and they are also excluded
+from the candidates for preemption of the current job. Thus the scheduler
+effectively behaves as if the blocker jobs didn't exist on the job
+list at all. As soon as at least one of the peers of a blocker job
+becomes unblocked (that is, the delivery agent handling the delivery
+of the recipient entry for the given destination successfully finishes),
+the job's blocker status is removed and the job again participates
+in all further scheduler actions normally.
+
+</p>
+
+<p>
+
+So the summary is that the users don't really have to be concerned
+about the interaction of the destination limits and scheduling
+algorithm. It works well on its own and there are no knobs they
+would need to control it.
+
+</p>
+
+<p>
+
+From a programmer's point of view, the blocker jobs complicate the
+scheduler quite a lot. Without them, the jobs on the job list would
+be normally delivered in strict FIFO order. If the current job is
+preempted, the job preempting it is completely delivered unless it
+is preempted itself. Without blockers, the current job is thus
+always either the first job on the job list, or the top of the stack
+of jobs preempting the first job on the job list.
+
+</p>
+
+<p>
+
+The visualization of the job list and the preemption stack without
+blockers would be like this:
+
+</p>
+
+<blockquote>
+<pre>
+first job-&gt; 1--2--3--5--6--8--... &lt;- job list
+on job list |
+ 4 &lt;- preemption stack
+ |
+current job-&gt; 7
+</pre>
+</blockquote>
+
+<p>
+
+In the example above we see that job 1 was preempted by job 4 and
+then job 4 was preempted by job 7. After job 7 is completed, remaining
+entries of job 4 are selected, and once they are all selected, job
+1 continues.
+
+</p>
+
+<p>
+
+As we see, it's all very clean and straightforward. Now how does
+this change because of blockers?
+
+</p>
+
+<p>
+
+The answer is: a lot. Any job may become a blocker job at any time,
+and also become a normal job again at any time. This has several
+important implications:
+
+</p>
+
+<ol>
+
+<li> <p>
+
+The jobs may be completed in arbitrary order. For example, in the
+example above, if the current job 7 becomes blocked, the next job
+4 may complete before the job 7 becomes unblocked again. Or if both
+7 and 4 are blocked, then 1 is completed, then 7 becomes unblocked
+and is completed, then 2 is completed and only after that 4 becomes
+unblocked and is completed... You get the idea.
+
+</p>
+
+<p>
+
+[Interesting side note: even when jobs are delivered out of order,
+from a single destination's point of view the jobs are still delivered
+in the expected order (that is, FIFO unless there was some preemption
+involved). This is because whenever a destination queue becomes
+unblocked (the destination limit allows selection of more recipient
+entries for that destination), all jobs which have peers for that
+destination are unblocked at once.]
+
+</p>
+
+<li> <p>
+
+The idea of the preemption stack at the head of the job list is
+gone. That is, it must be possible to preempt any job on the job
+list. For example, if the jobs 7, 4, 1 and 2 in the example above
+become all blocked, job 3 becomes the current job. And of course
+we do not want the preemption to be affected by the fact that there
+are some blocked jobs or not. Therefore, if it turns out that job
+3 might be preempted by job 6, the implementation shall make it
+possible.
+
+</p>
+
+<li> <p>
+
+The idea of the linear preemption stack itself is gone. It's no
+longer true that one job is always preempted by only one job at one
+time (that is directly preempted, not counting the recursively
+nested jobs). For example, in the example above, job 1 is directly
+preempted by only job 4, and job 4 by job 7. Now assume job 7 becomes
+blocked, and job 4 is being delivered. If it accumulates enough
+delivery slots, it is natural that it might be preempted for example
+by job 8. Now job 4 is preempted by both job 7 AND job 8 at the
+same time.
+
+</p>
+
+</ol>
+
+<p>
+
+Now combine the points 2) and 3) with point 1) again and you realize
+that the relations on the once linear job list became pretty
+complicated. If we extend the point 3) example: jobs 7 and 8 preempt
+job 4, now job 8 becomes blocked too, then job 4 completes. Tricky,
+huh?
+
+</p>
+
+<p>
+
+If I illustrate the relations after the above mentioned examples
+(but those in point 1), the situation would look like this:
+
+</p>
+
+<blockquote>
+<pre>
+ v- parent
+
+adoptive parent -&gt; 1--2--3--5--... &lt;- "stack" level 0
+ | |
+parent gone -&gt; ? 6 &lt;- "stack" level 1
+ / \
+children -&gt; 7 8 ^- child &lt;- "stack" level 2
+
+ ^- siblings
+</pre>
+</blockquote>
+
+<p>
+
+Now how does <tt>nqmgr</tt> deal with all these complicated relations?
+
+</p>
+
+<p>
+
+Well, it maintains them all as described, but fortunately, all these
+relations are necessary only for the purpose of proper counting of
+available delivery slots. For the purpose of ordering the jobs for
+entry selection, the original rule still applies: "the job preempting
+the current job is moved in front of the current job on the job
+list". So for entry selection purposes, the job relations remain
+as simple as this:
+
+</p>
+
+<blockquote>
+<pre>
+7--8--1--2--6--3--5--.. &lt;- scheduler's job list order
+</pre>
+</blockquote>
+
+<p>
+
+The job list order and the preemption parent/child/siblings relations
+are maintained separately. And because the selection works only
+with the job list, you can happily forget about those complicated
+relations unless you want to study the <tt>nqmgr</tt> sources. In
+that case the text above might provide some helpful introduction
+to the problem domain. Otherwise I suggest you just forget about
+all this and stick with the user's point of view: the blocker jobs
+are simply ignored.
+
+</p>
+
+<p>
+
+[By now, you should have a feeling that there are more things going
+on under the hood than you ever wanted to know. You decide that
+forgetting about this chapter is the best you can do for the sake
+of your mind's health and you basically stick with the idea how the
+scheduler works in ideal conditions, when there are no blockers,
+which is good enough.]
+
+</p>
+
+<h3> <a name="<tt>nqmgr</tt>_memory"> Dealing with memory resource
+limits </a> </h3>
+
+<p>
+
+When discussing the <tt>nqmgr</tt> scheduler, we have so far assumed
+that all recipients of all messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a> are completely
+read into memory. This is simply not true. There is an upper
+bound on the amount of memory the <tt>nqmgr</tt> may use, and
+therefore it must impose some limits on the information it may store
+in memory at any given time.
+
+</p>
+
+<p>
+
+First of all, not all messages may be read in-core at once. At any
+time, only <a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> messages may be read in-core
+at maximum. When read into memory, the messages are picked from the
+"<a href="QSHAPE_README.html#incoming_queue">incoming"</a> and "<a href="QSHAPE_README.html#deferred_queue">deferred" queues</a> and moved to the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+(incoming having priority), so if there are more than
+<a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> messages queued in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>, the
+rest will have to wait until (some of) the messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+are completely delivered (or deferred).
+
+</p>
+
+<p>
+
+Even with the limited amount of in-core messages, there is another
+limit which must be imposed in order to avoid memory exhaustion.
+Each message may contain a huge number of recipients (tens or hundreds
+of thousands are not uncommon), so if <tt>nqmgr</tt> read all
+recipients of all messages in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>, it may easily run
+out of memory. Therefore there must be some upper bound on the
+amount of message recipients which are read into memory at the
+same time.
+
+</p>
+
+<p>
+
+Before discussing how exactly <tt>nqmgr</tt> implements the recipient
+limits, let's see how the sole existence of the limits themselves
+affects the <tt>nqmgr</tt> and its scheduler.
+
+</p>
+
+<p>
+
+The message limit is straightforward - it just limits the size of
+the
+lookahead the <tt>nqmgr</tt>'s scheduler has when choosing which
+message can preempt the current one. Messages not in the "<a href="QSHAPE_README.html#active_queue">active" queue</a>
+are simply not considered at all.
+
+</p>
+
+<p>
+
+The recipient limit complicates more things. First of all, the
+message reading code must support reading the recipients in batches,
+which among other things means accessing the queue file several
+times and continuing where the last recipient batch ended. This is
+invoked by the scheduler whenever the current job has space for more
+recipients, subject to transport's refill_limit and refill_delay parameters.
+It is also done any time when all
+in-core recipients of the message are dealt with (which may also
+mean they were deferred) but there are still more in the queue file.
+
+</p>
+
+<p>
+
+The second complication is that with some recipients left unread
+in the queue file, the scheduler can't operate with exact counts
+of recipient entries. With unread recipients, it is not clear how
+many recipient entries there will be, as they are subject to
+per-destination grouping. It is not even clear to what transports
+(and thus jobs) the recipients will be assigned. And with messages
+coming from the "<a href="QSHAPE_README.html#deferred_queue">deferred" queue</a>, it is not even clear how many unread
+recipients are still to be delivered. This all means that the
+scheduler must use only estimates of how many recipients entries
+there will be. Fortunately, it is possible to estimate the minimum
+and maximum correctly, so the scheduler can always err on the safe
+side. Obviously, the better the estimates, the better the results, so
+it is best when we are able to read all recipients in-core and turn
+the estimates into exact counts, or at least try to read as many
+as possible to make the estimates as accurate as possible.
+
+</p>
+
+<p>
+
+The third complication is that it is no longer true that the scheduler
+is done with a job once all of its in-core recipients are delivered.
+It is possible that the job will be revived later, when another
+batch of recipients is read in core. It is also possible that some
+jobs will be created for the first time long after the first batch
+of recipients was read in core. The <tt>nqmgr</tt> code must be
+ready to handle all such situations.
+
+</p>
+
+<p>
+
+And finally, the fourth complication is that the <tt>nqmgr</tt>
+code must somehow impose the recipient limit itself. Now how does
+it achieve it?
+
+</p>
+
+<p>
+
+Perhaps the easiest solution would be to say that each message may
+have at maximum X recipients stored in-core, but such a solution would
+be poor for several reasons. With reasonable <a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>
+values, the X would have to be quite low to maintain a reasonable
+memory footprint. And with low X lots of things would not work well.
+The <tt>nqmgr</tt> would have problems to use the
+<a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> efficiently. The
+scheduler's preemption would be suboptimal as the recipient count
+estimates would be inaccurate. The message queue file would have
+to be accessed many times to read in more recipients again and
+again.
+
+</p>
+
+<p>
+
+Therefore it seems reasonable to have a solution which does not use
+a limit imposed on a per-message basis, but which maintains a pool
+of available recipient slots, which can be shared among all messages
+in the most efficient manner. And as we do not want separate
+transports to compete for resources whenever possible, it seems
+appropriate to maintain such a recipient pool for each transport
+separately. This is the general idea, now how does it work in
+practice?
+
+</p>
+
+<p>
+
+First we have to solve a little chicken-and-egg problem. If we want
+to use the per-transport recipient pools, we first need to know to
+what transport(s) the message is assigned. But we will find that
+out only after we first read in the recipients. So it is obvious
+that we first have to read in some recipients, use them to find out
+to what transports the message is to be assigned, and only after
+that can we use the per-transport recipient pools.
+
+</p>
+
+<p>
+
+Now how many recipients shall we read for the first time? This is
+what <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> and <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+values control. The <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> value specifies
+how many recipients of each message we will read the first time,
+no matter what. It is necessary to read at least one recipient
+before we can assign the message to a transport and create the first
+job. However, reading only <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> recipients
+even if there are only few messages with few recipients in-core would
+be wasteful. Therefore if there are fewer than <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+recipients in-core so far, the first batch of recipients may be
+larger than <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> - as large as is required
+to reach the <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> limit.
+
+</p>
+
+<p>
+
+Once the first batch of recipients was read in core and the message
+jobs were created, the size of the subsequent recipient batches (if
+any - of course it's best when all recipients are read in one batch)
+is based solely on the position of the message jobs on their
+corresponding transports' job lists. Each transport has a pool of
+<a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> recipient slots which it can
+distribute among its jobs (how this is done is described later).
+The subsequent recipient batch may be as large as the sum of all
+recipient slots of all jobs of the message permits (plus the
+<a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> amount which always applies).
+
+</p>
+
+<p>
+
+For example, if a message has three jobs, the first with 1 recipient
+still in-core and 4 recipient slots, the second with 5 recipients in-core
+and 5 recipient slots, and the third with 2 recipients in-core and 0
+recipient slots, it has 1+5+2=8 recipients in-core and 4+5+0=9 jobs'
+recipients slots in total. This means that we could immediately
+read 2+<a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> more recipients of that message
+in core.
+
+</p>
+
+<p>
+
+The above example illustrates several things which might be worth
+mentioning explicitly: first, note that although the per-transport
+slots are assigned to particular jobs, we can't guarantee that once
+the next batch of recipients is read in core, that the corresponding
+amounts of recipients will be assigned to those jobs. The jobs lend
+its slots to the message as a whole, so it is possible that some
+jobs end up sponsoring other jobs of their message. For example,
+if in the example above the 2 newly read recipients were assigned
+to the second job, the first job sponsored the second job with 2
+slots. The second notable thing is the third job, which has more
+recipients in-core than it has slots. Apart from sponsoring by other
+job we just saw it can be result of the first recipient batch, which
+is sponsored from global recipient pool of <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+recipients. It can be also sponsored from the message recipient
+pool of <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> recipients.
+
+</p>
+
+<p>
+
+Now how does each transport distribute the recipient slots among
+its jobs? The strategy is quite simple. As most scheduler activity
+happens on the head of the job list, it is our intention to make
+sure that the scheduler has the best estimates of the recipient
+counts for those jobs. As we mentioned above, this means that we
+want to try to make sure that the messages of those jobs have all
+recipients read in-core. Therefore the transport distributes the
+slots "along" the job list from start to end. In this case the job
+list sorted by message enqueue time is used, because it doesn't
+change over time as the scheduler's job list does.
+
+</p>
+
+<p>
+
+More specifically, each time a job is created and appended to the
+job list, it gets all unused recipient slots from its transport's
+pool. It keeps them until all recipients of its message are read.
+When this happens, all unused recipient slots are transferred to
+the next job (which is now in fact the first such job) on the job
+list which still has some recipients unread, or eventually back to
+the transport pool if there is no such job. Such a transfer then also
+happens whenever a recipient entry of that job is delivered.
+
+</p>
+
+<p>
+
+There is also a scenario when a job is not appended to the end of
+the job list (for example it was created as a result of a second or
+later recipient batch). Then it works exactly as above, except that
+if it was put in front of the first unread job (that is, the job
+of a message which still has some unread recipients in the queue file),
+that job is first forced to return all of its unused recipient slots
+to the transport pool.
+
+</p>
+
+<p>
+
+The algorithm just described leads to the following state: The first
+unread job on the job list always gets all the remaining recipient
+slots of that transport (if there are any). The jobs queued before
+this job are completely read (that is, all recipients of their
+message were already read in core) and have at maximum as many slots
+as they still have recipients in-core (the maximum is there because
+of the sponsoring mentioned before) and the jobs after this job get
+nothing from the transport recipient pool (unless they got something
+before and then the first unread job was created and enqueued in
+front of them later - in such a case, they also get at maximum as many
+slots as they have recipients in-core).
+
+</p>
+
+<p>
+
+Things work fine in such a state for most of the time, because the
+current job is either completely read in-core or has as many recipient
+slots as there are, but there is one situation which we still have
+to take care of specially. Imagine if the current job is preempted
+by some unread job from the job list and there are no more recipient
+slots available, so this new current job could read only batches
+of <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> recipients at a time. This would
+really degrade performance. For this reason, each transport has an
+extra pool of <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> recipient
+slots, dedicated exactly for this situation. Each time an unread
+job preempts the current job, it gets half of the remaining recipient
+slots from the normal pool and this extra pool.
+
+</p>
+
+<p>
+
+And that's it. It sure does sound pretty complicated, but fortunately
+most people don't really have to care exactly how it works as long
+as it works. Perhaps the only important things to know for most
+people are the following upper bound formulas:
+
+</p>
+
+<p>
+
+Each transport has at maximum
+
+</p>
+
+<blockquote>
+<pre>
+max(
+<a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> * <a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>
++ *_recipient_limit + *_extra_recipient_limit,
+<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+)
+</pre>
+</blockquote>
+
+<p>
+
+recipients in core.
+
+</p>
+
+<p>
+
+The total amount of recipients in core is
+
+</p>
+
+<blockquote>
+<pre>
+max(
+<a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> * <a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>
++ sum( *_recipient_limit + *_extra_recipient_limit ),
+<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+)
+</pre>
+</blockquote>
+
+<p>
+
+where the sum is over all used transports.
+
+</p>
+
+<p>
+
+And this terribly complicated chapter concludes the documentation
+of the <tt>nqmgr</tt> scheduler.
+
+</p>
+
+<p>
+
+[By now you should theoretically know the <tt>nqmgr</tt> scheduler
+inside out. In practice, you still hope that you will never have
+to really understand the last or last two chapters completely, and
+fortunately most people really won't. Understanding how the scheduler
+works in ideal conditions is more than good enough for the vast majority
+of users.]
+
+</p>
+
+<h2> <a name="credits"> Credits </a> </h2>
+
+<ul>
+
+<li> Wietse Venema designed and implemented the initial queue manager
+with per-domain FIFO scheduling, and per-delivery +/-1 concurrency
+feedback.
+
+<li> Patrik Rak designed and implemented preemption where mail with
+fewer recipients can slip past mail with more recipients in a
+controlled manner, and wrote up its documentation.
+
+<li> Wietse Venema initiated a discussion with Patrik Rak and Victor
+Duchovni on alternatives for the +/-1 feedback scheduler's aggressive
+behavior. This is when K/N feedback was reviewed (N = concurrency).
+The discussion ended without a good solution for both negative
+feedback and dead site detection.
+
+<li> Victor Duchovni resumed work on concurrency feedback in the
+context of concurrency-limited servers.
+
+<li> Wietse Venema then re-designed the concurrency scheduler in
+terms of the simplest possible concepts: less-than-1 concurrency
+feedback per delivery, forward and reverse concurrency feedback
+hysteresis, and pseudo-cohort failure. At this same time, concurrency
+feedback was separated from dead site detection.
+
+<li> These simplifications, and their modular implementation, helped
+to develop further insights into the different roles that positive
+and negative concurrency feedback play, and helped to identify some
+worst-case scenarios.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/SMTPD_ACCESS_README.html b/html/SMTPD_ACCESS_README.html
new file mode 100644
index 0000000..55e9fd3
--- /dev/null
+++ b/html/SMTPD_ACCESS_README.html
@@ -0,0 +1,440 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SMTP relay and access control </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+SMTP relay and access control </h1>
+
+<hr>
+
+<h2> Introduction </h2>
+
+<p> The Postfix SMTP server receives mail from the network and is
+exposed to the big bad world of junk email and viruses. This document
+introduces the built-in and external methods that control what SMTP
+mail Postfix will accept, what mistakes to avoid, and how to test
+your configuration. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li> <a href="#relay"> Relay control, junk mail control, and per-user
+policies </a>
+
+<li> <a href="#global"> Restrictions that apply to all SMTP mail
+</a>
+
+<li> <a href="#lists"> Getting selective with SMTP access restriction
+lists </a>
+
+<li> <a href="#timing"> Delayed evaluation of SMTP access restriction lists </a>
+
+<li> <a href="#danger"> Dangerous use of smtpd_recipient_restrictions
+</a>
+
+<li> <a href="#testing"> SMTP access rule testing </a>
+
+</ul>
+
+<h2> <a name="relay"> Relay control, junk mail control, and per-user
+policies </a> </h2>
+
+<p> In a distant past, the Internet was a friendly environment.
+Mail servers happily forwarded mail on behalf of anyone towards
+any destination. On today's Internet, spammers abuse servers that
+forward mail from arbitrary systems, and abused systems end up on
+anti-spammer denylists. See, for example, the information on
+<a href="http://www.mail-abuse.org/">http://www.mail-abuse.org/</a> and other websites. </p>
+
+<p> By default, Postfix has a moderately restrictive approach to
+mail relaying. Postfix forwards mail only from clients in trusted
+networks, from clients that have authenticated with SASL, or to
+domains that are configured as authorized relay
+destinations. For a description of the default mail relay policy,
+see the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual
+page, and the information that is referenced from there. </p>
+
+<blockquote> <p> NOTE: Postfix versions before 2.10 did not have
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. They combined the mail relay and spam
+blocking policies, under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. This could
+lead to unexpected results. For example, a permissive spam blocking
+policy could unexpectedly result in a permissive mail relay policy.
+An example of this is documented under "<a href="#danger">Dangerous
+use of smtpd_recipient_restrictions</a>". </p> </blockquote>
+
+<p> Most of the Postfix SMTP server access controls are targeted
+at stopping junk email. </p>
+
+<ul>
+
+<li> <p> Protocol oriented: some SMTP server access controls block
+mail by being very strict with respect to the SMTP protocol; these
+catch poorly implemented and/or poorly configured junk email
+software, as well as email worms that come with their own non-standard
+SMTP client implementations. Protocol-oriented access controls
+become less useful over time as spammers and worm writers learn to
+read RFC documents. </p>
+
+<li> <p> Denylist oriented: some SMTP server access controls
+query denylists with known to be bad sites such as open mail
+relays, open web proxies, and home computers that have been
+compromised and that are under remote control by criminals. The
+effectiveness of these denylists depends on how complete and how
+up to date they are. </p>
+
+<li> <p> Threshold oriented: some SMTP server access controls attempt
+to raise the bar by either making the client do more work (greylisting)
+or by asking for a second opinion (SPF and sender/recipient address
+verification). The greylisting and SPF policies are implemented
+externally, and are the subject of the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> document.
+Sender/recipient address verification is the subject of the
+<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> document. </p>
+
+</ul>
+
+<p> Unfortunately, all junk mail controls have the possibility of
+falsely rejecting legitimate mail. This can be a problem for sites
+with many different types of users. For some users it is unacceptable
+when any junk email slips through, while for other users the world
+comes to an end when a single legitimate email message is blocked.
+Because there is no single policy that is "right" for all users,
+Postfix supports different SMTP access restrictions for different
+users. This is described in the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document.
+</p>
+
+<h2> <a name="global"> Restrictions that apply to all SMTP mail </a> </h2>
+
+<p> Besides the restrictions that can be made configurable per
+client or per user as described in the next section, Postfix
+implements a few restrictions that apply to all SMTP mail. </p>
+
+<ul>
+
+<li> <p> The built-in <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> content
+restrictions, as described in the <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a> document.
+This happens while Postfix receives mail, before it is stored in
+the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>. </p>
+
+<li> <p> The external before-queue content restrictions, as described
+in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document. This happens while Postfix
+receives mail, before it is stored in the <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>. </p>
+
+<li> <p> Requiring that the client sends the HELO or EHLO command
+before sending the MAIL FROM or ETRN command. This may cause problems
+with home-grown applications that send mail. For this reason, the
+requirement is disabled by default ("<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = no").
+</p>
+
+<li> <p> Disallowing illegal syntax in MAIL FROM or RCPT TO commands.
+This may cause problems with home-grown applications that send
+mail, and with ancient PC mail clients. For this reason, the
+requirement is disabled by default ("<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> =
+no"). </p>
+
+<ul>
+
+<li> <p> Disallowing <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> address syntax (example: "MAIL FROM: the
+dude &lt;dude@example.com&gt;"). </p>
+
+<li> <p> Disallowing addresses that are not enclosed with &lt;&gt;
+(example: "MAIL FROM: dude@example.com"). </p>
+
+</ul>
+
+<li> <p> Rejecting mail from a non-existent sender address. This form
+of egress filtering helps to slow down worms and other malware, but
+may cause problems with home-grown software that sends out mail
+software with an unreplyable address. For this reason the requirement
+is disabled by default ("<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> = no"). </p>
+
+<li> <p> Rejecting mail for a non-existent recipient address. This
+form of ingress filtering helps to keep the mail queue free of
+undeliverable MAILER-DAEMON messages. This requirement is enabled
+by default ("<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> = yes"). </p>
+
+</ul>
+
+<h2> <a name="lists"> Getting selective with SMTP access restriction
+lists </a> </h2>
+
+<p> Postfix allows you to specify lists of access restrictions for
+each stage of the SMTP conversation. Individual restrictions are
+described in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
+
+<p> Examples of simple restriction lists are: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Allow connections from trusted networks only.
+ <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
+
+ # Don't talk to mail systems that don't know their own hostname.
+ # With Postfix &lt; 2.3, specify <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_hostname</a>.
+ <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
+
+ # Don't accept mail from domains that don't exist.
+ <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
+
+ # Spam control: exclude local clients and authenticated clients
+ # from DNSBL lookups.
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
+ # <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if the mail
+ # relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+ # (available with Postfix 2.10 and later).
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org,
+ <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> dbl.spamhaus.org,
+ <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> dbl.spamhaus.org,
+ <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> dbl.spamhaus.org
+
+ # Relay control (Postfix 2.10 and later): local clients and
+ # authenticated clients may specify any destination domain.
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+
+ # Block clients that speak too early.
+ <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
+
+ # Enforce mail volume quota via policy service callouts.
+ <a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
+</pre>
+
+<p> Each restriction list is evaluated from left to right until
+some restriction produces a result of PERMIT, REJECT or DEFER (try
+again later). The end of each list is equivalent to a PERMIT result.
+By placing a PERMIT restriction before a REJECT restriction you
+can make exceptions for specific clients or users. This is called
+allowlisting; the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> example above allows mail from local
+networks, and from SASL authenticated clients, but otherwise rejects mail
+to arbitrary destinations. </p>
+
+<p> The table below summarizes the purpose of each SMTP access
+restriction list. All lists use the exact same syntax; they differ
+only in the time of evaluation and in the effect of a REJECT or
+DEFER result. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Restriction list name </th> <th> Version </th> <th> Status
+</th> <th> Effect
+of REJECT or DEFER result </th> </tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> </td> <td> All </td> <td>
+Optional </td> <td>
+Reject all client commands </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> </td> <td> All </td> <td> Optional
+</td> <td>
+Reject HELO/EHLO information </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> </td> <td> All </td> <td>
+Optional </td> <td>
+Reject MAIL FROM information </td> </tr>
+
+<tr> <td rowspan="2"> <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> </td> <td> &ge;
+2.10 </td> <td> Required if <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> does not enforce
+relay policy</td>
+<td rowspan="2"> Reject RCPT TO information </td> </tr>
+
+<tr> <td> &lt; 2.10</td> <td> Required </td> </tr>
+
+<tr> <td rowspan="2"> <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> </td> <td> &ge; 2.10
+</td> <td> Required if <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> does not enforce
+relay policy</td>
+<td rowspan="2"> Reject RCPT TO information </td> </tr>
+
+<tr> <td> &lt; 2.10</td> <td> Not available </td>
+</tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> </td> <td> &ge; 2.0 </td> <td>
+Optional </td> <td>
+Reject DATA command </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> </td> <td> &ge; 2.2 </td>
+<td> Optional </td> <td>
+Reject END-OF-DATA command </td> </tr>
+
+<tr> <td> <a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> </td> <td> All </td> <td> Optional
+</td> <td>
+Reject ETRN command </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2> <a name="timing"> Delayed evaluation of SMTP access restriction lists
+</a> </h2>
+
+<p> Early Postfix versions evaluated SMTP access restrictions lists
+as early as possible. The client restriction list was evaluated
+before Postfix sent the "220 $<a href="postconf.5.html#myhostname">myhostname</a>..." greeting banner to
+the SMTP client, the helo restriction list was evaluated before
+Postfix replied to the HELO (EHLO) command, the sender restriction
+list was evaluated before Postfix replied to the MAIL FROM command,
+and so on. This approach turned out to be difficult to use. </p>
+
+<p> Current Postfix versions postpone the evaluation of client,
+helo and sender restriction lists until the RCPT TO or ETRN command.
+This behavior is controlled by the <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> parameter.
+Restriction lists are still evaluated in the proper order of (client,
+helo, etrn) or (client, helo, sender, relay, recipient, data, or
+end-of-data) restrictions.
+When a restriction list (example: client) evaluates to REJECT or
+DEFER the restriction lists that follow (example: helo, sender, etc.)
+are skipped. </p>
+
+<p> Around the time that <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> was introduced, Postfix
+was also changed to support mixed restriction lists that combine
+information about the client, helo, sender and recipient or etrn
+command. </p>
+
+<p> Benefits of delayed restriction evaluation, and of restriction
+mixing: </p>
+
+<ul>
+
+<li> <p> Some SMTP clients do not expect a negative reply early in
+the SMTP session. When the bad news is postponed until the RCPT TO
+reply, the client goes away as it is supposed to, instead of hanging
+around until a timeout happens, or worse, going into an endless
+connect-reject-connect loop. </p>
+
+<li> <p> Postfix can log more useful information. For example, when
+Postfix rejects a client name or address and delays the action
+until the RCPT TO command, it can log the sender and the recipient
+address. This is more useful than logging only the client hostname
+and IP address and not knowing whose mail was being blocked. </p>
+
+<li> <p> Mixing is needed for complex allowlisting policies. For
+example, in order to reject local sender addresses in mail from
+non-local clients, you need to be able to mix restrictions on client
+information with restrictions on sender information in the same
+restriction list. Without this ability, many per-user access
+restrictions would be impossible to express. </p>
+
+</ul>
+
+<h2> <a name="danger"> Dangerous use of smtpd_recipient_restrictions </a> </h2>
+
+<p> By now the reader may wonder why we need smtpd client, helo
+or sender restrictions, when their evaluation is postponed until
+the RCPT TO or ETRN command. Some people recommend placing ALL the
+access restrictions in the <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> list.
+Unfortunately, this can result in too permissive access. How is
+this possible? </p>
+
+<p> The purpose of the <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> feature is to
+control how Postfix replies to the RCPT TO command. If the restriction
+list evaluates to REJECT or DEFER, the recipient address is rejected;
+no surprises here. If the result is PERMIT, then the recipient
+address is accepted. And this is where surprises can happen. </p>
+
+<p> The problem is that Postfix versions before 2.10 did not have
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>. They combined the mail relay and spam
+blocking policies, under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. The result
+is that a permissive spam blocking policy could unexpectedly result
+in a permissive mail relay policy. </p>
+
+<p> Here is an example that shows when a PERMIT result can result
+in too much access permission: </p>
+
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+3 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+4 <a href="postconf.5.html#check_helo_access">check_helo_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/helo_access
+5 <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
+6 <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>
+7
+8 /etc/postfix/helo_access:
+9 localhost.localdomain PERMIT
+</pre>
+
+<p> Line 5 rejects mail from hosts that don't specify a proper
+hostname in the HELO command (with Postfix &lt; 2.3, specify
+<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_hostname</a>). Lines 4 and 9 make an exception to
+allow mail from some machine that announces itself with "HELO
+localhost.localdomain". </p>
+
+<p> The problem with this configuration is that
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> evaluates to PERMIT for EVERY host
+that announces itself as "localhost.localdomain", making Postfix
+an open relay for all such hosts. </p>
+
+<p> With Postfix before version 2.10 you should place non-recipient
+restrictions AFTER the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> restriction, not
+before. In the above example, the HELO based restrictions should
+be placed AFTER <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, or better, the HELO
+based restrictions should be placed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>
+where they can do no harm. </p>
+
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+3 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+4 <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>
+5 <a href="postconf.5.html#check_helo_access">check_helo_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/helo_access
+6 <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
+7
+8 /etc/postfix/helo_access:
+9 localhost.localdomain PERMIT
+</pre>
+
+<p> The above mistake will not happen with Postfix 2.10 and later,
+when the relay policy is specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>,
+and the spam blocking policy under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+Then, a permissive spam blocking policy will not result in a
+permissive mail relay policy. </p>
+
+<h2> <a name="testing"> SMTP access rule testing </a> </h2>
+
+<p> Postfix has several features that aid in SMTP access rule
+testing: </p>
+
+<dl>
+
+<dt> <a href="postconf.5.html#soft_bounce">soft_bounce</a> </dt> <dd> <p> This is a safety net that changes
+SMTP server REJECT actions into DEFER (try again later) actions.
+This keeps mail queued that would otherwise be returned to the
+sender. Specify "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" in the <a href="postconf.5.html">main.cf</a> file to prevent
+the Postfix SMTP server from rejecting mail permanently, by changing
+all 5xx SMTP reply codes into 4xx. </p> </dd>
+
+<dt> <a href="postconf.5.html#warn_if_reject">warn_if_reject</a> </dt> <dd> <p> When placed before a reject-type
+restriction, access table query, or <a href="postconf.5.html#check_policy_service">check_policy_service</a> query,
+this logs a "reject_warning" message instead of rejecting a request
+(when a reject-type restriction fails due to a temporary error,
+this logs a "reject_warning" message for any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>"
+actions that would normally prevent mail from being accepted by
+some later access restriction). This feature has no effect on
+<a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </p> </dd>
+
+<dt> XCLIENT </dt> <dd> <p> With this feature, an authorized SMTP
+client can impersonate other systems and perform realistic SMTP
+access rule tests. Examples of how to impersonate other systems
+for access rule testing are given at the end of the <a href="XCLIENT_README.html">XCLIENT_README</a>
+document. <br> This feature is available in Postfix 2.1. </p>
+</dd>
+
+</dl>
+
+</body>
+
+</html>
diff --git a/html/SMTPD_POLICY_README.html b/html/SMTPD_POLICY_README.html
new file mode 100644
index 0000000..be729aa
--- /dev/null
+++ b/html/SMTPD_POLICY_README.html
@@ -0,0 +1,826 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SMTP Access Policy Delegation </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SMTP Access Policy Delegation </h1>
+
+<hr>
+
+<h2>Purpose of Postfix SMTP access policy delegation</h2>
+
+<p> The Postfix SMTP server has a number of built-in mechanisms to
+block or accept mail at specific SMTP protocol stages. In addition,
+the Postfix SMTP server can delegate decisions to an external policy
+server (Postfix 2.1 and later). </p>
+
+<p> With this policy delegation mechanism, a simple
+<a href="#greylist">greylist</a> policy can be implemented with only a dozen lines of
+Perl, as is shown at the end of this document. A complete example
+can be found in the Postfix source code, in the directory
+examples/smtpd-policy. </p>
+
+<p> Another example of policy delegation is the SPF policy server
+at <a href="https://web.archive.org/web/20190221142057/http://www.openspf.org/Software">https://web.archive.org/web/20190221142057/http://www.openspf.org/Software</a>. </p>
+
+<p> Policy delegation is now the preferred method for adding policies
+to Postfix. It's much easier to develop a new feature in few lines
+of Perl, Python, Ruby, or TCL, than trying to do the same in C code.
+The difference in
+performance will be unnoticeable except in the most demanding
+environments. On active systems a policy daemon process is used
+multiple times, for up to $<a href="postconf.5.html#max_use">max_use</a> incoming SMTP connections. </p>
+
+<p> This document covers the following topics: </p>
+
+<ul>
+
+<li><a href="#protocol">Policy protocol description</a>
+
+<li><a href="#client_config">Simple policy client/server configuration</a>
+
+<li><a href="#advanced">Advanced policy client configuration</a>
+
+<li><a href="#greylist">Example: greylist policy server</a>
+
+<li><a href="#frequent">Greylisting mail from frequently forged domains</a>
+
+<li><a href="#all_mail">Greylisting all your mail</a>
+
+<li><a href="#maintenance">Routine greylist maintenance</a>
+
+<li><a href="#greylist_code">Example Perl greylist server</a>
+
+</ul>
+
+<h2><a name="protocol">Protocol description</a></h2>
+
+<p> The Postfix policy delegation protocol is really simple. The client
+sends a request and the server sends a response. Unless there was an
+error, the server must not close the connection, so that the same
+connection can be used multiple times. </p>
+
+<p> The client request is a sequence of name=value attributes separated
+by newline, and is terminated by an empty line. The server reply is one
+name=value attribute and it, too, is terminated by an empty line. </p>
+
+<p> Here is an example of all the attributes that the Postfix SMTP
+server sends in a delegated SMTPD access policy request: </p>
+
+<blockquote>
+<pre>
+<b>Postfix version 2.1 and later:</b>
+request=smtpd_access_policy
+protocol_state=RCPT
+protocol_name=SMTP
+helo_name=some.domain.tld
+queue_id=8045F2AB23
+sender=foo@bar.tld
+recipient=bar@foo.tld
+recipient_count=0
+client_address=1.2.3.4
+client_name=another.domain.tld
+reverse_client_name=another.domain.tld
+instance=123.456.7
+<b>Postfix version 2.2 and later:</b>
+sasl_method=plain
+sasl_username=you
+sasl_sender=
+size=12345
+ccert_subject=solaris9.porcupine.org
+ccert_issuer=Wietse+20Venema
+ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
+<b>Postfix version 2.3 and later:</b>
+encryption_protocol=TLSv1/SSLv3
+encryption_cipher=DHE-RSA-AES256-SHA
+encryption_keysize=256
+etrn_domain=
+<b>Postfix version 2.5 and later:</b>
+stress=
+<b>Postfix version 2.9 and later:</b>
+ccert_pubkey_fingerprint=68:B3:29:DA:98:93:E3:40:99:C7:D8:AD:5C:B9:C9:40
+<b>Postfix version 3.0 and later:</b>
+client_port=1234
+<b>Postfix version 3.1 and later:</b>
+policy_context=submission
+<b>Postfix version 3.2 and later:</b>
+server_address=10.3.2.1
+server_port=54321
+<b>Postfix version 3.8 and later:</b>
+<a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>major</i>.<i>minor</i>.<i>patch</i>
+<a href="postconf.5.html#mail_version">mail_version</a>=3.8.0
+[empty line]
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+ <li> <p> The "request" attribute is required. In this example
+ the request type is "smtpd_access_policy". </p>
+
+ <li> <p> The order of the attributes does not matter. The policy
+ server should ignore any attributes that it does not care about.
+ </p>
+
+ <li> <p> When the same attribute name is sent more than once,
+ the server may keep the first value or the last attribute value.
+ </p>
+
+ <li> <p> When an attribute value is unavailable, the client
+ either does not send the attribute, sends the attribute with
+ an empty value ("name="), or sends a zero value ("name=0") in
+ the case of a numerical attribute. </p>
+
+ <li> <p> The "recipient" attribute is available in the "RCPT
+ TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE"
+ stages if Postfix accepted only one recipient for the current
+ message.
+ The DATA protocol state also applies to email that is received
+ with BDAT commands (Postfix 3.4 and later). </p>
+
+ <li> <p> The "recipient_count" attribute (Postfix 2.3 and later)
+ is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It
+ specifies the number of recipients that Postfix accepted for
+ the current message.
+ The DATA protocol state also applies to email that is received
+ with BDAT commands (Postfix 3.4 and later). </p>
+
+ <li> <p> The remote client or local server IP address is an
+ IPv4 dotted quad in the form 1.2.3.4 or it is an IPv6 address
+ in the form 1:2:3::4:5:6. </p>
+
+ <li> <p> The remote client or local server port is a decimal
+ number in the range 0-65535. </p>
+
+ <li> <p> For a discussion of the differences between reverse
+ and verified client_name information, see the
+ <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> discussion in the <a href="postconf.5.html">postconf(5)</a>
+ document. </p>
+
+ <li> <p> An attribute name must not contain "=", null or newline,
+ and an attribute value must not contain null or newline. </p>
+
+ <li> <p> The "instance" attribute value can be used to correlate
+ different requests regarding the same message delivery. These
+ requests are sent over the same policy connection (unless the
+ policy daemon terminates the connection). Once Postfix sends
+ a query with a different instance attribute over that same
+ policy connection, the previous message delivery is either
+ completed or aborted. </p>
+
+ <li> <p> The "size" attribute value specifies the message size
+ that the client specified in the MAIL FROM command (zero if
+ none was specified). With Postfix 2.2 and later, it specifies
+ the actual message size after the client sends the END-OF-MESSAGE.
+ </p>
+
+ <li> <p> The "sasl_*" attributes (Postfix 2.2 and later) specify
+ information about how the client was authenticated via SASL.
+ These attributes are empty in case of no SASL authentication.
+ </p>
+
+ <li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
+ information about how the client was authenticated via TLS.
+ These attributes are empty in case of no certificate authentication.
+ As of Postfix 2.2.11 these attribute values are encoded as
+ xtext: some characters are represented by +XX, where XX is the
+ two-digit hexadecimal representation of the character value. With
+ Postfix 2.6 and later, the decoded string is an UTF-8 string
+ without non-printable ASCII characters. </p>
+
+ <li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
+ specify information about how the connection is encrypted. With
+ plaintext connections the protocol and cipher attributes are
+ empty and the keysize is zero. </p>
+
+ <li> <p> The "etrn_domain" attribute is defined only in the
+ context of the ETRN command, and specifies the ETRN command
+ parameter. </p>
+
+ <li> <p> The "stress" attribute is either empty or "yes". See
+ the <a href="STRESS_README.html">STRESS_README</a> document for further information. </p>
+
+ <li> <p> The "policy_context" attribute provides a way to pass
+ information that is not available via other attributes (Postfix
+ version 3.1 and later). </p>
+
+ <li> <p> The "<a href="postconf.5.html#compatibility_level">compatibility_level</a>" attribute corresponds to the
+ <a href="postconf.5.html#compatibility_level">compatibility_level</a> parameter value. It has the form
+ <i>major</i>.<i>minor</i>.<i>patch</i> where <i>minor</i> and
+ <i>patch</i> may be absent. </p>
+
+ <li> <p> The "<a href="postconf.5.html#mail_version">mail_version</a>" attribute corresponds to the
+ <a href="postconf.5.html#mail_version">mail_version</a> parameter value. It has the form
+ <i>major</i>.<i>minor</i>.<i>patch</i> for stable releases, and
+ <i>major</i>.<i>minor</i>-<i>yyyymmdd</i> for unstable releases.
+ </p>
+
+</ul>
+
+<p> The following is specific to SMTPD delegated policy requests:
+</p>
+
+<ul>
+
+ <li> <p> Protocol names are ESMTP or SMTP. </p>
+
+ <li> <p> Protocol states are CONNECT, EHLO, HELO, MAIL, RCPT,
+ DATA, END-OF-MESSAGE, VRFY or ETRN; these are the SMTP protocol
+ states where
+ the Postfix SMTP server makes an OK/REJECT/HOLD/etc. decision.
+ The DATA protocol state also applies to email that is received
+ with BDAT commands (Postfix 3.4 and later).
+ </p>
+
+</ul>
+
+<p> The policy server replies with any action that is allowed in a
+Postfix SMTPD <a href="access.5.html">access(5)</a> table. Example: </p>
+
+<blockquote>
+<pre>
+action=<a href="postconf.5.html#defer_if_permit">defer_if_permit</a> Service temporarily unavailable
+[empty line]
+</pre>
+</blockquote>
+
+<p> This causes the Postfix SMTP server to reject the request with
+a 450 temporary error code and with text "Service temporarily
+unavailable", if the Postfix SMTP server finds no reason to reject
+the request permanently. </p>
+
+<p> In case of trouble the policy server must not send a reply.
+Instead the server must log a warning and disconnect. Postfix will
+retry the request at some later time. </p>
+
+<h2><a name="client_config">Simple policy client/server configuration</a></h2>
+
+<p> The Postfix delegated policy client can connect to a TCP socket
+or to a UNIX-domain socket. Examples: </p>
+
+<blockquote>
+<pre>
+inet:127.0.0.1:9998
+unix:/some/where/policy
+unix:private/policy
+</pre>
+</blockquote>
+
+<p> The first example specifies that the policy server listens on
+a TCP socket at 127.0.0.1 port 9998. The second example specifies
+an absolute pathname of a UNIX-domain socket. The third example
+specifies a pathname relative to the Postfix queue directory; use
+this for policy servers that are spawned by the Postfix master
+daemon. On many systems, "local" is a synonym for "unix".</p>
+
+<p> To create a policy service that listens on a UNIX-domain socket
+called "policy", and that runs under control of the Postfix <a href="spawn.8.html">spawn(8)</a>
+daemon, you would use something like this: </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 policy unix - n n - 0 spawn
+ 3 user=nobody argv=/some/where/policy-server
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 7 ...
+ 8 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ 9 <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
+10 ...
+11 <a href="postconf.5.html#transport_time_limit">policy_time_limit</a> = 3600
+12 # <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> = 1
+</pre>
+</blockquote>
+
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Lines 2-3: this creates the service called "policy" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix <a href="spawn.8.html">spawn(8)</a> daemon, which executes the policy server program
+that is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
+
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
+
+<li> <p> Line 8: <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if
+the mail relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+(available with Postfix 2.10 and later). </p>
+
+<li> <p> Lines 8, 9: always specify "<a href="postconf.5.html#check_policy_service">check_policy_service</a>" AFTER
+"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
+open relay. </p>
+
+<li> <p> Line 11: this increases the time that a policy server
+process may run to 3600 seconds. The default time limit of 1000
+seconds is too short; the policy daemon needs to run as long as the
+SMTP server process that talks to it.
+See the <a href="spawn.8.html">spawn(8)</a> manpage for more information about the
+<a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameter. </p>
+
+<blockquote> <p> Note: the "<a href="postconf.5.html#transport_time_limit">policy_time_limit</a>" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name (in the above example, "policy") and a
+built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
+
+<li> <p> Line 12: specify <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> to
+avoid error-recovery delays with policy servers that cannot
+maintain a persistent connection. </p>
+
+<li> <p> With Solaris &lt; 9, or Postfix &lt; 2.10 on any Solaris
+version, use TCP sockets instead of UNIX-domain sockets: </p>
+
+</ul>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
+ 3 user=nobody argv=/some/where/policy-server
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 7 ...
+ 8 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ 9 <a href="postconf.5.html#check_policy_service">check_policy_service</a> inet:127.0.0.1:9998
+10 ...
+11 127.0.0.1:9998_time_limit = 3600
+12 # <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> = 1
+</pre>
+</blockquote>
+
+<p> Configuration parameters that control the client side of the
+policy delegation protocol: </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_default_action">smtpd_policy_service_default_action</a> (default: 451 4.3.5
+Server configuration problem): The default action when an SMTPD
+policy service request fails. Available with Postfix 3.0 and
+later. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (default: 300s): The amount
+of time before the Postfix SMTP server closes an unused policy
+client connection. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (default: 1000s): The amount
+of time before the Postfix SMTP server closes an active policy
+client connection. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (default: 0): The maximal
+number of requests per policy connection, or zero (no limit).
+Available with Postfix 3.0 and later. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (default: 100s): The time
+limit to connect to, send to or receive from a policy server. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (default: 2): The maximal
+number of attempts to send an SMTPD policy service request before
+giving up. Available with Postfix 3.0 and later. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (default: 1s): The delay
+between attempts to resend a failed SMTPD policy service request.
+Available with Postfix 3.0 and later. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (default: empty):
+Optional information that is passed in the "policy_context" attribute
+of an SMTPD policy service request (originally, to share the same
+SMTPD service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+Available with Postfix 3.1 and later. </p>
+
+</ul>
+
+<p> Configuration parameters that control the server side of the
+policy delegation protocol: </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>): The
+maximal amount of time the policy daemon is allowed to run before
+it is terminated. The <i>transport</i> is the service name of the
+<a href="master.5.html">master.cf</a> entry for the policy daemon service. In the above
+examples, the service name is "policy" or "127.0.0.1:9998". </p>
+
+</ul>
+
+<h2><a name="advanced">Advanced policy client configuration</a></h2>
+
+<p> The previous section lists a number of Postfix <a href="postconf.5.html">main.cf</a> parameters
+that control time limits and other settings for all policy clients.
+This is sufficient for simple configurations. With more complex
+configurations it becomes desirable to have different settings per
+policy client. This is supported with Postfix 3.0 and later. </p>
+
+<p> The following example shows a "non-critical" policy service
+with a short timeout, and with "DUNNO" as default action when the
+service is unvailable. The "DUNNO" action causes Postfix to ignore
+the result. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 mua_recipient_restrictions =
+3 ...
+4 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+5 <a href="postconf.5.html#check_policy_service">check_policy_service</a> { inet:host:port,
+6 timeout=10s, default_action=DUNNO
+7 policy_context=submission }
+8 ...
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 5: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 6-7: The remainder of the list contains per-client
+settings. These settings override global <a href="postconf.5.html">main.cf</a> parameters,
+and have the same name as those parameters, without the
+"smtpd_policy_service_" prefix. </p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+<a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space or comma within a value or around
+"="</b>. This comes in handy when different policy servers require
+different default actions with different SMTP status codes or text:
+</p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+3 ...
+4 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+5 <a href="postconf.5.html#check_policy_service">check_policy_service</a> {
+6 inet:host:port1,
+7 { default_action = 451 4.3.5 See <a href="http://www.example.com/support1">http://www.example.com/support1</a> }
+8 }
+9 ...
+</pre>
+</blockquote>
+
+<h2><a name="greylist">Example: greylist policy server</a></h2>
+
+<p> Greylisting is a defense against junk email that is described at
+<a href="http://www.greylisting.org/">http://www.greylisting.org/</a>. The idea was discussed on the
+postfix-users mailing list <a
+href="http://archives.neohapsis.com/archives/postfix/2002-03/0846.html">
+one year before it was popularized</a>. </p>
+
+<p> The file examples/smtpd-policy/greylist.pl in the Postfix source
+tree implements a simplified greylist policy server. This server
+stores a time stamp for every (client, sender, recipient) triple.
+By default, mail is not accepted until a time stamp is more than
+60 seconds old. This stops junk mail with randomly selected sender
+addresses, and mail that is sent through randomly selected open
+proxies. It also stops junk mail from spammers that change their
+IP address frequently. </p>
+
+<p> Copy examples/smtpd-policy/greylist.pl to /usr/libexec/postfix
+or whatever location is appropriate for your system. </p>
+
+<p> In the greylist.pl Perl script you need to specify the
+location of the greylist database file, and how long mail will
+be delayed before it is accepted. The default settings are:
+</p>
+
+<blockquote>
+<pre>
+$database_name="/var/mta/greylist.db";
+$greylist_delay=60;
+</pre>
+</blockquote>
+
+<p> The /var/mta directory (or whatever you choose) should be
+writable by "nobody", or by whatever username you configure below
+in <a href="master.5.html">master.cf</a> for the policy service. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+# mkdir /var/mta
+# chown nobody /var/mta
+</pre>
+</blockquote>
+
+<p> Note: DO NOT create the greylist database in a world-writable
+directory such as /tmp or /var/tmp, and DO NOT create the greylist
+database in a file system that may run out of space. Postfix can
+survive "out of space" conditions with the mail queue and with the
+mailbox store, but it cannot survive a corrupted greylist database.
+If the file becomes corrupted you may not be able to receive mail
+at all until you delete the file by hand. </p>
+
+<p> The greylist.pl Perl script can be run under control by
+the Postfix master daemon. For example, to run the script as user
+"nobody", using a UNIX-domain socket that is accessible by Postfix
+processes only: </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 greylist unix - n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 <a href="postconf.5.html#transport_time_limit">greylist_time_limit</a> = 3600
+ 7 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 8 ...
+ 9 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10 <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/greylist
+11 ...
+12 # <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> = 1
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Lines 2-3: this creates the service called "greylist" that
+listens on a UNIX-domain socket. The service is implemented by the
+Postfix <a href="spawn.8.html">spawn(8)</a> daemon, which executes the greylist.pl script that
+is specified with the <b>argv</b> attribute, using the privileges
+specified with the <b>user</b> attribute. </p>
+
+<li> <p> Line 2: specify a "0" process limit instead of the default
+"-", to avoid "connection refused" and other problems when you
+increase the smtpd process limit. </p>
+
+<li> <p> Line 3: Specify "greylist.pl -v" for verbose logging of
+each request and reply. </p>
+
+<li> <p> Line 6: this increases the time that a greylist server
+process may run to 3600 seconds. The default time limit of 1000
+seconds is too short; the greylist daemon needs to run as long as the
+SMTP server process that talks to it.
+See the <a href="spawn.8.html">spawn(8)</a> manpage for more information about the
+<a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameter. </p>
+
+<li> <p> Line 9: <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if
+the mail relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+(available with Postfix 2.10 and later). </p>
+
+<blockquote> <p> Note: the "<a href="postconf.5.html#transport_time_limit">greylist_time_limit</a>" parameter will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name (in the above example, "greylist") and
+a built-in suffix (in the above example: "_time_limit"). </p>
+</blockquote>
+
+<li> <p> Line 12: specify <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> to
+avoid error-recovery delays with policy servers that cannot
+maintain a persistent connection. </p>
+
+</ul>
+
+<p> With Solaris &lt; 9, or Postfix &lt; 2.10 on any Solaris
+version, use inet: style sockets instead of unix:
+style, as detailed in the "<a href="#client_config">Policy
+client/server configuration</a>" section above. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 2 127.0.0.1:9998 inet n n n - 0 spawn
+ 3 user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
+ 4
+ 5 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 6 127.0.0.1:9998_time_limit = 3600
+ 7 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 8 ...
+ 9 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10 <a href="postconf.5.html#check_policy_service">check_policy_service</a> inet:127.0.0.1:9998
+11 ...
+12 # <a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> = 1
+</pre>
+</blockquote>
+
+<h2><a name="frequent">Greylisting mail from frequently forged domains</a></h2>
+
+<p> It is relatively safe to turn on greylisting for specific
+domains that often appear in forged email. At some point
+in cyberspace/time a list of frequently
+forged MAIL FROM domains could be found at
+<a href="https://web.archive.org/web/20080526153208/http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in">https://web.archive.org/web/20080526153208/http://www.monkeys.com/anti-spam/filtering/sender-domain-validate.in</a>.
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 3 <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a>
+ 4 ...
+ 5 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ 6 <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_access
+ 7 ...
+ 8 <a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> = greylist
+ 9 greylist = <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/greylist
+10
+11 /etc/postfix/sender_access:
+12 aol.com greylist
+13 hotmail.com greylist
+14 bigfoot.com greylist
+15 ... <i>etcetera</i> ...
+</pre>
+</blockquote>
+
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Line 9: On Solaris &lt; 9, or Postfix &lt; 2.10 on any
+Solaris version, use inet: style sockets
+instead of unix: style, as detailed in the "<a href="#greylist">Example:
+greylist policy server</a>" section above. </p>
+
+<li> <p> Line 5: <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if
+the mail relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+(available with Postfix 2.10 and later). </p>
+
+<li> <p> Line 6: Be sure to specify "<a href="postconf.5.html#check_sender_access">check_sender_access</a>" AFTER
+"<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>" or else your system could become an
+open mail relay. </p>
+
+<li> <p> Line 3: With Postfix 2.0 snapshot releases,
+"<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a>" is called "check_recipient_maps".
+Postfix 2.1 understands both forms. </p>
+
+<li> <p> Line 3: The greylist database gets polluted quickly with
+bogus addresses. It helps if you protect greylist lookups with
+other restrictions that reject unknown senders and/or recipients.
+</p>
+
+</ul>
+
+<h2><a name="all_mail">Greylisting all your mail</a></h2>
+
+<p> If you turn on greylisting for all mail you may want to make
+exceptions for mailing lists that use one-time sender addresses,
+because each message will be delayed due to greylisting, and the
+one-time sender addresses can pollute your greylist database
+relatively quickly. Instead of making exceptions, you can automatically
+allowlist clients that survive greylisting repeatedly; this avoids
+most of the delays and most of the database pollution problem. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 3 <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a>
+ 4 ...
+ 5 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ 6 <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_access
+ 7 <a href="postconf.5.html#check_policy_service">check_policy_service</a> unix:private/policy
+ 8 ...
+ 9
+10 /etc/postfix/sender_access:
+11 securityfocus.com OK
+12 ...
+</pre>
+</blockquote>
+
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Line 7: On Solaris &lt; 9, or Postfix &lt; 2.10 on any
+Solaris version, use inet: style sockets
+instead of unix: style, as detailed in the "<a href="#greylist">Example:
+greylist policy server</a>" section above. </p>
+
+<li> <p> Line 5: <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> is not needed here if
+the mail relay policy is specified with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+(available with Postfix 2.10 and later). </p>
+
+<li> <p> Lines 6-7: Be sure to specify <a href="postconf.5.html#check_sender_access">check_sender_access</a> and
+<a href="postconf.5.html#check_policy_service">check_policy_service</a> AFTER <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> or else your
+system could become an open mail relay. </p>
+
+<li> <p> Line 3: The greylist database gets polluted quickly with
+bogus addresses. It helps if you precede greylist lookups with
+restrictions that reject unknown senders and/or recipients. </p>
+
+</ul>
+
+<h2><a name="maintenance">Routine greylist maintenance</a></h2>
+
+<p> The greylist database grows over time, because the greylist server
+never removes database entries. If left unattended, the greylist
+database will eventually run your file system out of space. </p>
+
+<p> When the status file size exceeds some threshold you can simply
+rename or remove the file without adverse effects; Postfix
+automatically creates a new file. In the worst case, new mail will
+be delayed by an hour or so. To lessen the impact, rename or remove
+the file in the middle of the night at the beginning of a weekend.
+</p>
+
+<h2><a name="greylist_code">Example Perl greylist server</a></h2>
+
+<p> This is the Perl subroutine that implements the example greylist
+policy. It is part of a general purpose sample policy server that
+is distributed with the Postfix source as
+examples/smtpd-policy/greylist.pl. </p>
+
+<pre>
+#
+# greylist status database and greylist time interval. DO NOT create the
+# greylist status database in a world-writable directory such as /tmp
+# or /var/tmp. DO NOT create the greylist database in a file system
+# that can run out of space.
+#
+$database_name="/var/mta/greylist.db";
+$greylist_delay=60;
+
+#
+# Auto-allowlist threshold. Specify 0 to disable, or the number of
+# successful "come backs" after which a client is no longer subject
+# to greylisting.
+#
+$auto_allowlist_threshold = 10;
+
+#
+# Demo SMTPD access policy routine. The result is an action just like
+# it would be specified on the right-hand side of a Postfix access
+# table. Request attributes are available via the %attr hash.
+#
+sub smtpd_access_policy {
+ my($key, $time_stamp, $now);
+
+ # Open the database on the fly.
+ open_database() unless $database_obj;
+
+ # Search the auto-allowlist.
+ if ($auto_allowlist_threshold &gt; 0) {
+ $count = read_database($attr{"client_address"});
+ if ($count &gt; $auto_allowlist_threshold) {
+ return "dunno";
+ }
+ }
+
+ # Lookup the time stamp for this client/sender/recipient.
+ $key =
+ lc $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"};
+ $time_stamp = read_database($key);
+ $now = time();
+
+ # If new request, add this client/sender/recipient to the database.
+ if ($time_stamp == 0) {
+ $time_stamp = $now;
+ update_database($key, $time_stamp);
+ }
+
+ # The result can be any action that is allowed in a Postfix <a href="access.5.html">access(5)</a> map.
+ #
+ # To label the mail, return ``PREPEND headername: headertext''
+ #
+ # In case of success, return ``DUNNO'' instead of ``OK'', so that the
+ # <a href="postconf.5.html#check_policy_service">check_policy_service</a> restriction can be followed by other restrictions.
+ #
+ # In case of failure, return ``DEFER_IF_PERMIT optional text...'',
+ # so that mail can still be blocked by other access restrictions.
+ #
+ syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose;
+ if ($now - $time_stamp &gt; $greylist_delay) {
+ # Update the auto-allowlist.
+ if ($auto_allowlist_threshold &gt; 0) {
+ update_database($attr{"client_address"}, $count + 1);
+ }
+ return "dunno";
+ } else {
+ return "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a> Service temporarily unavailable";
+ }
+}
+</pre>
+
+</body>
+
+</html>
diff --git a/html/SMTPD_PROXY_README.html b/html/SMTPD_PROXY_README.html
new file mode 100644
index 0000000..ee7dfbd
--- /dev/null
+++ b/html/SMTPD_PROXY_README.html
@@ -0,0 +1,438 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Before-Queue Content Filter </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Before-Queue Content Filter </h1>
+
+<hr>
+
+<h2>WARNING </h2>
+
+<p> The before-queue content filtering feature described in this
+document limits the amount of mail that a site can handle. See the
+"<a href="#pros_cons">Pros and Cons</a>" section below for details.
+</p>
+
+<h2>The Postfix before-queue content filter feature</h2>
+
+<p> As of version 2.1, the Postfix SMTP server can forward all
+incoming mail to a content filtering proxy server that inspects all
+mail BEFORE it is stored in the Postfix mail queue. It is roughly
+equivalent in capabilities to the approach described in <a href="MILTER_README.html">MILTER_README</a>,
+except that the latter uses a dedicated protocol instead of SMTP.
+
+<p> The before-queue content filter is meant to be used as follows: </p>
+
+<blockquote>
+
+<table>
+
+<tr>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> Internet </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="smtpd.8.html">Postfix SMTP server</a>
+ </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <b>Before</b> <b>queue</b> <b>filter</b> </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="smtpd.8.html">Postfix SMTP server</a>
+ </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="cleanup.8.html">Postfix cleanup
+ server</a> </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> Postfix queue </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&lt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="smtp.8.html">smtp</a><br> <a
+ href="local.8.html">local</a><br> <a
+ href="virtual.8.html">virtual</a> </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> The before-queue content filter is not to be confused with the
+approach described in the <a href="FILTER_README.html">FILTER_README</a> document, where mail is
+filtered AFTER it is stored in the Postfix mail queue. </p>
+
+<p> This document describes the following topics: </p>
+
+<ul>
+
+<li><a href="#principles">Principles of operation</a>
+
+<li><a href="#pros_cons">Pros and cons of before-queue content filtering</a>
+
+<li><a href="#config">Configuring the Postfix SMTP pass-through
+proxy feature</a>
+
+<li><a href="#parameters">Configuration parameters</a>
+
+<li><a href="#protocol">How Postfix talks to the before-queue content
+filter</a>
+
+</ul>
+
+<h2><a name="principles">Principles of operation</a></h2>
+
+<p> As shown in the diagram above, the before-queue filter sits
+between two Postfix SMTP server processes. </p>
+
+<ul>
+
+<li> <p> The before-filter Postfix SMTP server accepts connections from the
+Internet and does the usual relay access control, SASL authentication,
+TLS negotiation,
+RBL lookups, rejecting non-existent sender or recipient addresses,
+etc. </p>
+
+<li> <p> The before-queue filter receives unfiltered mail content from
+Postfix and does one of the following: </p>
+
+<ol>
+
+ <li> <p> Re-inject the mail back into Postfix via SMTP, perhaps
+ after changing its content and/or destination. </p>
+
+ <li> <p> Discard or quarantine the mail. </p>
+
+ <li> <p> Reject the mail by sending a suitable SMTP status code
+ back to Postfix. Postfix passes the status back to the remote
+ SMTP client. This way, Postfix does not have to send a bounce
+ message. </p>
+
+</ol>
+
+<li> <p>The after-filter Postfix SMTP server receives mail from the
+content filter. From then on Postfix processes the mail as usual. </p>
+
+</ul>
+
+<p> The before-queue content filter described here works just like
+the after-queue content filter described in the <a href="FILTER_README.html">FILTER_README</a>
+document. In many cases you can use the same software, within the
+limitations as discussed in the "<a href="#pros_cons">Pros and
+Cons</a>" section below. </p>
+
+<h2><a name="pros_cons">Pros and cons of before-queue content
+filtering</a></h2>
+
+<ul>
+
+<li> <p> Pro: Postfix can reject mail before the incoming SMTP mail
+transfer completes, so that Postfix does not have to send rejected
+mail back to the sender (which is usually forged anyway). Mail
+that is not accepted remains the responsibility of the remote SMTP
+client. </p>
+
+<li> <p> Con: The <a href="smtpd.8.html">smtpd(8)</a> service before the <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>
+cannot support features that involve header or body access, or that
+involve queue file manipulation (i.e., anything that involves
+processing by the <a href="cleanup.8.html">cleanup(8)</a> service). </p>
+
+<ul>
+
+<li> <p> No support for HOLD actions in Postfix smtpd <a href="access.5.html">access(5)</a>
+restrictions. </p>
+
+<li> <p> No support for <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> features that involve message
+header or body content. </p>
+
+<li> <p> No support for <a href="postconf.5.html#receive_override_options">receive_override_options</a>.
+
+</ul>
+
+<p> Instead, specify those features with the <a href="smtpd.8.html">smtpd(8)</a> service behind
+the <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>. In some cases, it may be possible to combine
+a before-filter PREPEND action that emits a unique pattern (for
+example containing the MTA domain name), with an after-filter
+<a href="postconf.5.html#header_checks">header_checks</a> action that does what you want, and with an
+<a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> IGNORE action that deletes the prepended header
+from transit mail. </p>
+
+<li> <p> Con: The remote SMTP client expects an SMTP reply within
+a deadline. As the system load increases, fewer and fewer CPU
+cycles remain available to answer within the deadline, and eventually
+you either have to stop accepting mail or you have to stop filtering
+mail. It is for this reason that the before-queue content filter
+limits the amount of mail that a site can handle. </p>
+
+<li> <p> Con: Content filtering software can use lots of memory
+resources. You have to reduce the number of simultaneous content
+filter processes so that a burst of mail will not drive your system
+into the ground. </p>
+
+<ul>
+
+<li> <p> With Postfix versions 2.7 and later, SMTP clients will
+experience an increase in the delay between the time the client
+sends "end-of-message" and the time the Postfix SMTP server replies
+(here, the number of before-filter SMTP server processes can be
+larger than the number of filter processes). </p>
+
+<li> <p> With Postfix versions before 2.7, SMTP clients will
+experience an increase in the delay before they can receive service
+(here, the number of before-filter SMTP server processes is always
+equal to the number of filter processes). </p>
+
+</ul>
+
+</ul>
+
+<h2><a name="config">Configuring the Postfix SMTP pass-through
+proxy feature</a></h2>
+
+<p> In the following example, the before-filter Postfix SMTP server
+gives mail to a content filter that listens on localhost port 10025.
+The after-filter Postfix SMTP server receives mail from the content
+filter via localhost port 10026. From then on mail is processed as
+usual. </p>
+
+<p> The content filter itself is not described here. You can use
+any filter that is SMTP enabled. For non-SMTP capable content
+filtering software, Bennett Todd's SMTP proxy implements a nice
+Perl-based framework. See:
+<a href="https://web.archive.org/web/20151022025756/http://bent.latency.net/smtpprox/">https://web.archive.org/web/20151022025756/http://bent.latency.net/smtpprox/</a>
+or <a href="https://github.com/jnorell/smtpprox/">https://github.com/jnorell/smtpprox/</a> </p>
+
+<blockquote>
+
+<table border="0">
+
+<tr>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> Internet </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="smtpd.8.html">Postfix SMTP server on
+ port 25</a> </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> filter on localhost port 10025 </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="smtpd.8.html">Postfix SMTP server on
+ localhost port 10026</a> </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> <a href="cleanup.8.html">Postfix cleanup
+ server</a> </td>
+
+ <td align="center" valign="middle" width="5%"> <tt> -&gt; </tt> </td>
+
+ <td bgcolor="#f0f0ff" align="center" valign="middle"
+ width="10%"> Postfix <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> </td>
+
+</tr>
+
+</table>
+
+</blockquote>
+
+<p> This is configured by editing the <a href="master.5.html">master.cf</a> file: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ #
+ # Before-filter SMTP server. Receive mail from the network and
+ # pass it to the content filter on localhost port 10025.
+ #
+ smtp inet n - n - 20 smtpd
+ -o <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>=127.0.0.1:10025
+ -o <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>=10
+ # Postfix 2.7 and later performance feature.
+ # -o <a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a>=speed_adjust
+ #
+ # After-filter SMTP server. Receive mail from the content filter
+ # on localhost port 10026.
+ #
+ 127.0.0.1:10026 inet n - n - - smtpd
+ -o <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>=127.0.0.0/8
+ -o <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>=
+ # Postfix 2.10 and later: specify empty <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+ -o <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=
+ -o <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>=<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,reject
+ -o <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>=
+ -o <a href="postconf.5.html#mynetworks">mynetworks</a>=127.0.0.0/8
+ -o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>
+</pre>
+</blockquote>
+
+<p> Note: do not specify spaces around the "=" or "," characters. </p>
+
+<p> The before-filter SMTP server entry is a modified version of the
+default Postfix SMTP server entry that is normally configured at
+the top of the <a href="master.5.html">master.cf</a> file: </p>
+
+<ul>
+
+ <li> <p> The number of SMTP sessions is reduced from the default
+ 100 to only 20. This prevents a burst of mail from running your
+ system into the ground with too many content filter processes. </p>
+
+ <li> <p> The "-o <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>=10" prevents
+ one SMTP client from using up all 20 SMTP server processes.
+ This limit is not necessary if you receive all mail from a
+ trusted <a href="postconf.5.html#relayhost">relay host</a>. </p>
+
+ <p> Note: this setting is available in Postfix version 2.2 and
+ later. Earlier Postfix versions will ignore it. </p>
+
+ <li> <p> The "-o <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>=127.0.0.1:10025" tells the
+ before-filter SMTP server that it should give incoming mail to
+ the content filter that listens on localhost TCP port 10025.
+
+ <li> <p> The "-o <a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a>=speed_adjust" tells the
+ before-filter SMTP server that it should receive an entire email
+ message before it connects to a content filter. This reduces
+ the number of simultaneous filter processes. </p>
+
+ <p> NOTE 1: When this option is turned on, a content filter must
+ not <i>selectively</i> reject recipients of a multi-recipient
+ message. Rejecting all recipients is OK, as is accepting all
+ recipients. </p>
+
+ <p> NOTE 2: This feature increases the minimum amount of free
+ queue space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed
+ to save the message to a temporary file. </p>
+
+ <li> <p> Postfix &ge; 2.3 supports both TCP and UNIX-domain filters.
+ The above filter could be specified as "inet:127.0.0.1:10025".
+ To specify a UNIX-domain filter, specify "unix:<i>pathname</i>".
+ A relative pathname is interpreted relative to the Postfix queue
+ directory. </p>
+
+</ul>
+
+<p> The after-filter SMTP server is a new <a href="master.5.html">master.cf</a> entry: </p>
+
+<ul>
+
+ <li> <p> The "127.0.0.1:10026" makes the after-filter SMTP
+ server listen
+ on the localhost address only, without exposing it to the
+ network. NEVER expose the after-filter SMTP server to the
+ Internet :-) </p>
+
+ <li> <p> The "-o <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>=127.0.0.0/8"
+ allows the after-filter SMTP server to receive remote SMTP
+ client information from the before-filter SMTP server, so that
+ the after-filter Postfix daemons log the remote SMTP client
+ information instead of logging localhost[127.0.0.1]. </p>
+
+ <li> <p> The other after-filter SMTP server settings avoid
+ duplication of work that is already done in the "before filter"
+ SMTP server. </p>
+
+</ul>
+
+<p> By default, the filter has 100 seconds to do its work. If it
+takes longer then Postfix gives up and reports an error to the
+remote SMTP client. You can increase this time limit (see the <a href="#parameters">"Configuration
+parameters"</a> section below) but doing so is pointless because you
+can't control when the remote SMTP client times out. </p>
+
+<h2><a name="parameters">Configuration parameters</a></h2>
+
+<p> Parameters that control proxying: </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (syntax: host:port): The host and TCP
+port of the before-queue content filter. When no host or host:
+is specified here, localhost is assumed. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (default: 100s): Timeout for connecting
+to the before-queue content filter and for sending and receiving
+commands and data. All proxy errors are logged to the maillog
+file. For privacy reasons, all the remote SMTP client sees is "451
+Error: queue file write error". It would not be right to disclose
+internal details to strangers. </p>
+
+<li> <p> <a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> (default: $<a href="postconf.5.html#myhostname">myhostname</a>): The hostname to
+use when sending an EHLO command to the before-queue content filter.
+</p>
+
+</ul>
+
+<h2><a name="protocol">How Postfix talks to the before-queue content
+filter</a></h2>
+
+<p> The before-filter Postfix SMTP server connects to the content
+filter, delivers one message, and disconnects. While sending mail
+into the content filter, Postfix speaks ESMTP but uses no command
+pipelining. Postfix generates its own EHLO, XFORWARD (for logging
+the remote client IP address instead of localhost[127.0.0.1]), DATA
+and QUIT commands, and forwards unmodified copies of all the MAIL
+FROM and RCPT TO commands that the before-filter Postfix SMTP server
+didn't reject itself.
+Postfix sends no other SMTP commands. </p>
+
+<p> The content filter should accept the same MAIL FROM and RCPT
+TO command syntax as the before-filter Postfix SMTP server, and
+should forward the commands without modification to the after-filter
+SMTP server. If the content filter or after-filter SMTP server
+does not support all the ESMTP features that the before-filter
+Postfix SMTP server supports, then the missing features must be
+turned off in the before-filter Postfix SMTP server with the
+<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> parameter. </p>
+
+<p> When the filter rejects content, it should send a negative SMTP
+response back to the before-filter Postfix SMTP server, and it
+should abort the connection with the after-filter Postfix SMTP
+server without completing the SMTP conversation with the after-filter
+Postfix SMTP server. </p>
+
+</body>
+
+</html>
diff --git a/html/SMTPUTF8_README.html b/html/SMTPUTF8_README.html
new file mode 100644
index 0000000..5634ca4
--- /dev/null
+++ b/html/SMTPUTF8_README.html
@@ -0,0 +1,400 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SMTPUTF8 support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">
+Postfix SMTPUTF8 support
+</h1>
+
+<hr>
+
+<h2> Overview </h2>
+
+<p> This document describes Postfix support for Email Address
+Internationalization (EAI) as defined in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (SMTPUTF8 extension),
+<a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized email headers) and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized
+delivery status notifications). Introduced with Postfix version
+3.0, this fully supports UTF-8 email addresses and UTF-8 message
+header values. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#building">Building with/without SMTPUTF8 support</a>
+
+<li><a href="#enabling">Enabling Postfix SMTPUTF8 support</a>
+
+<li><a href="#using">Using Postfix SMTPUTF8 support</a>
+
+<li><a href="#detecting">SMTPUTF8 autodetection</a>
+
+<li><a href="#limitations">Limitations of the current implementation</a>
+
+<li><a href="#compatibility">Compatibility with pre-SMTPUTF8 environments</a>
+
+<li><a href="#idna2003">Compatibility with IDNA2003</a>
+
+<li><a href="#credits">Credits</a>
+
+</ul>
+
+<h2> <a name="building">Building Postfix with/without SMTPUTF8 support</a> </h2>
+
+<p> Postfix will build with SMTPUTF8 support if the ICU version
+&ge; 46 library and header files are installed on the system. The
+package name varies with the OS distribution. The table shows package
+names for a number of platforms at the time this text was written.
+</p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> OS Distribution </th> <th> Package </th> </tr>
+
+<tr> <td> FreeBSD, NetBSD, etc. </td> <td> icu </td> </tr>
+
+<tr> <td> Centos, Fedora, RHEL </td> <td> libicu-devel </td> </tr>
+
+<tr> <td> Debian, Ubuntu </td> <td> libicu-dev </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> To force Postfix to build without SMTPUTF8, specify: </p>
+
+<blockquote>
+<pre>
+$ <b>make makefiles CCARGS="-DNO_EAI ..."</b>
+</pre>
+</blockquote>
+
+<p> See the <a href="INSTALL.html">INSTALL</a> document for more "make makefiles" options. </p>
+
+<h2> <a name="enabling">Enabling Postfix SMTPUTF8 support</a> </h2>
+
+<p> There is more to SMTPUTF8 than just Postfix itself. The rest
+of your email infrastructure also needs to be able to handle UTF-8
+email addresses and message header values. This includes SMTPUTF8
+protocol support in SMTP-based content filters (Amavisd), LMTP
+servers (Dovecot), and down-stream SMTP servers. </p>
+
+<p> Postfix SMTPUTF8 support is enabled by default, but it may be
+disabled as part of a backwards-compatibility safety net (see the
+<a href="COMPATIBILITY_README.html">COMPATIBILITY_README</a> file). </p>
+
+<p> SMTPUTF8 support is enabled by setting the <a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>
+parameter in <a href="postconf.5.html">main.cf</a>:</p>
+
+<blockquote>
+<pre>
+# <b>postconf "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes"</b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<p> (With Postfix &le; 3.1, you may also need to specify "<b>option_group
+= client</b>" in Postfix MySQL client files, to enable UTF8 support
+in MySQL queries. This setting is the default as of Postfix 3.2.) </p>
+
+<p> With SMTPUTF8 support enabled, Postfix changes behavior with
+respect to earlier Postfix releases: </p>
+
+<ul>
+
+<li> <p> UTF-8 is permitted in the <a href="postconf.5.html#myorigin">myorigin</a> parameter value. However,
+the <a href="postconf.5.html#myhostname">myhostname</a> and <a href="postconf.5.html#mydomain">mydomain</a> parameters must currently specify
+ASCII-only domain names. This limitation may be removed later. </p>
+
+<li> <p> UTF-8 is the only form of non-ASCII text that Postfix
+supports in access tables, address rewriting tables, and other
+tables that are indexed with an email address, hostname, or domain
+name. </p>
+
+<li> <p> The <a href="postconf.5.html#header_checks">header_checks</a>-like and <a href="postconf.5.html#body_checks">body_checks</a>-like features are
+not UTF-8 enabled, and therefore they do not enforce UTF-8 syntax
+rules on inputs and outputs. The reason is that non-ASCII text may
+be sent in encodings other than UTF-8, and that real email sometimes
+contains malformed headers. Instead of skipping non-UTF-8 content,
+Postfix should be able to filter it. You may try to enable UTF-8
+processing by starting a PCRE pattern with the sequence (*UTF8),
+but this is will result in "message not accepted, try again later"
+errors when the PCRE pattern matcher encounters non-UTF-8 input.
+Other features that are not UTF-8 enabled are <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>,
+<a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a>, the *_delivery_status_filter features, and the
+*_dns_reply_filter features (the latter because DNS is by definition
+an ASCII protocol). </p>
+
+<li> <p> The Postfix SMTP server announces SMTPUTF8 support in the
+EHLO response. </p>
+
+<pre>
+220 server.example.com ESMTP Postfix
+<b>EHLO client.example.com</b>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-STARTTLS
+250-AUTH PLAIN LOGIN
+250-ENHANCEDSTATUSCODES
+250-8BITMIME
+250-DSN
+250 SMTPUTF8
+</pre>
+
+<li> <p> The Postfix SMTP server accepts the SMTPUTF8 request in
+MAIL FROM and VRFY commands. </p>
+
+<pre>
+<b>MAIL FROM:&lt;address&gt; SMTPUTF8 ...</b>
+
+<b>VRFY address SMTPUTF8</b>
+</pre>
+
+<li> <p> The Postfix SMTP client may issue the SMTPUTF8 request in
+MAIL FROM commands. </p>
+
+<li> <p> The Postfix SMTP server accepts UTF-8 in email address
+domains, but only after the remote SMTP client issues the
+SMTPUTF8 request in MAIL FROM or VRFY commands. </p>
+
+</ul>
+
+<p> Postfix already permitted UTF-8 in message header values
+and in address localparts. This does not change. </p>
+
+<h2> <a name="using">Using Postfix SMTPUTF8 support</a> </h2>
+
+<p> After Postfix SMTPUTF8 support is turned on, Postfix behavior
+will depend on 1) whether a remote SMTP client requests SMTPUTF8
+support, 2) the presence of UTF-8 content in the message envelope
+and headers, and 3) whether a down-stream SMTP (or LMTP) server
+announces SMTPUTF8 support. </p>
+
+<ul>
+
+<li> <p> When the Postfix SMTP server receives a message WITHOUT
+the SMTPUTF8 request, Postfix handles the message as it has always
+done (at least that is the default, see autodetection below).
+Specifically, the Postfix SMTP server does not accept UTF-8 in the
+envelope sender domain name or envelope recipient domain name, and
+the Postfix SMTP client does not issue the SMTPUTF8 request when
+delivering that message to an SMTP or LMTP server that announces
+SMTPUTF8 support (again, that is the default). Postfix will accept
+UTF-8 in message header values and in the localpart of envelope
+sender and recipient addresses, because it has always done that.
+</p>
+
+<li> <p> When the Postfix SMTP server receives a message WITH the
+SMTPUTF8 request, Postfix will issue the SMTPUTF8 request when
+delivering that message to an SMTP or LMTP server that announces
+SMTPUTF8 support. This is not configurable. </p>
+
+<li> <p> When a message is received with the SMTPUTF8 request,
+Postfix will deliver the message to a non-SMTPUTF8 SMTP or LMTP
+server ONLY if: </p>
+
+ <ul>
+
+ <li> <p> No message header value contains UTF-8. </p>
+
+ <li> <p> The envelope sender address contains no UTF-8, </p>
+
+ <li> <p> No envelope recipient address for that specific
+ SMTP/LMTP delivery transaction contains UTF-8. </p>
+
+ <blockquote> <p> NOTE: Recipients in other email delivery
+ transactions for that same message may still contain UTF-8.
+ </p> </blockquote>
+
+ </ul>
+
+ <p> Otherwise, Postfix will return the recipient(s) for that
+ email delivery transaction as undeliverable. The delivery status
+ notification message will be an SMTPUTF8 message. It will therefore
+ be subject to the same restrictions as email that is received
+ with the SMTPUTF8 request. </p>
+
+<li> <p> When the Postfix SMTP server receives a message with the
+SMTPUTF8 request, that request also applies after the message is
+forwarded via a virtual or local alias, or $HOME/.forward file.
+</p>
+
+</ul>
+
+<h2> <a name="detecting">SMTPUTF8 autodetection</a> </h2>
+
+<p> This section applies only to systems that have SMTPUTF8 support
+turned on (<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes). </p>
+
+<p> For compatibility with pre-SMTPUTF8 environments, Postfix does
+not automatically set the "SMTPUTF8 requested" flag on messages
+from non-SMTPUTF8 clients that contain a UTF-8 header value or
+UTF-8 address localpart. This would make such messages undeliverable
+to non-SMTPUTF8 servers, and could be a barrier to SMTPUTF8 adoption.
+</p>
+
+<p> By default, Postfix sets the "SMTPUTF8 requested" flag only on
+address verification probes and on Postfix sendmail submissions
+that contain UTF-8 in the sender address, UTF-8 in a recipient
+address, or UTF-8 in a message header value. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> = sendmail, verify
+</pre>
+</blockquote>
+
+<p> However, if you have a non-ASCII <a href="postconf.5.html#myorigin">myorigin</a> or <a href="postconf.5.html#mydomain">mydomain</a> setting,
+or if you have a configuration that introduces UTF-8 addresses with
+virtual aliases, canonical mappings, or BCC mappings, then you may
+have to apply SMTPUTF8 autodetection to all email: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> = all
+</pre>
+</blockquote>
+
+<p> This will, of course, also flag email that was received without
+SMTPUTF8 request, but that contains UTF-8 in a sender address
+localpart, receiver address localpart, or message header value.
+Such email was not standards-compliant, but Postfix would have
+delivered it if SMTPUTF8 support was disabled. </p>
+
+<h2> <a name="limitations">Limitations of the current implementation</a>
+</h2>
+
+<p> The Postfix implementation is a work in progress; limitations
+are steadily being removed. The text below describes the situation
+at one point in time. </p>
+
+<h3> No automatic conversions between ASCII and UTF-8 domain names. </h3>
+
+<p> Some background: According to <a href="https://tools.ietf.org/html/rfc6530">RFC 6530</a> and related documents,
+an internationalized domain name can appear in two forms: the UTF-8
+form, and the ASCII (xn--mumble) form. An internationalized address
+localpart must be encoded in UTF-8; the RFCs do not define an ASCII
+alternative form. </p>
+
+<p> Postfix currently does not convert internationalized domain
+names from UTF-8 into ASCII (or from ASCII into UTF-8) before using
+domain names in SMTP commands and responses, before looking up
+domain names in lists such as <a href="postconf.5.html#mydestination">mydestination</a>, <a href="postconf.5.html#relay_domains">relay_domains</a> or in
+lookup tables such as access tables, etc., before using domain names
+in a policy daemon or Milter request, or before logging events.
+</p>
+
+<p> Postfix does, however, casefold domain names and email addresses
+before matching them against a Postfix configuration parameter or
+lookup table. </p>
+
+<p> In order to use Postfix SMTPUTF8 support: </p>
+
+<ul>
+
+<li> <p> The Postfix parameters <a href="postconf.5.html#myhostname">myhostname</a> and <a href="postconf.5.html#mydomain">mydomain</a> must be in
+ASCII form. One is a substring of the other, and the <a href="postconf.5.html#myhostname">myhostname</a>
+value is used in SMTP commands and responses that require ASCII.
+The parameter <a href="postconf.5.html#myorigin">myorigin</a> (added to local addresses without domain)
+supports UTF-8. </p>
+
+<li> <p> You need to configure both the ASCII and UTF-8 forms of
+an Internationalized domain name in Postfix parameters such as
+<a href="postconf.5.html#mydestination">mydestination</a> and <a href="postconf.5.html#relay_domains">relay_domains</a>, as well as lookup table search
+keys. </p>
+
+<li> <p> Milters, content filters, policy servers and logfile
+analysis tools need to be able to handle both the ASCII and UTF-8
+forms of Internationalized domain names. </p>
+
+</ul>
+
+<h2> <a name="compatibility">Compatibility with pre-SMTPUTF8
+environments</a> </h2>
+
+<h3> Mailing lists with UTF-8 and non-UTF-8 subscribers </h3>
+
+<p> With Postfix, there is no need to split mailing lists into UTF-8 and
+non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers
+over "traditional" non-SMTPUTF8 sessions, as long as the message
+has an ASCII envelope sender address and all-ASCII header values.
+The mailing list manager may have to apply <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encoding to
+satisfy that last condition. </p>
+
+<h3> Pre-existing non-ASCII email flows </h3>
+
+<p> With "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = no", Postfix handles email with non-ASCII
+in address localparts (and in headers) as before. The vast majority
+of email software is perfectly capable of handling such email, even
+if pre-SMTPUTF8 standards do not support such practice. </p>
+
+<h3> Rejecting non-UTF8 addresses </h3>
+
+<p> With "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", Postfix
+requires that non-ASCII address information is encoded in UTF-8 and
+will reject other encodings such as ISO-8859. It is not practical
+for Postfix to support multiple encodings at the same time. There
+is no problem with <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=",
+because those use only characters from the ASCII characterset. </p>
+
+<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>
+
+<p> Setting "<a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> = yes" in addition to "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a>
+= yes" will enable stricter enforcement of the SMTPUTF8 protocol.
+Specifically, the Postfix SMTP server will not only reject non-UTF8
+sender or recipient addresses, it will in addition accept UTF-8
+sender or recipient addresses only when the client requests an
+SMTPUTF8 mail transaction. </p>
+
+<h2> <a name="idna2003">Compatibility with IDNA2003</a> </h2>
+
+<p> Postfix &ge; 3.2 by default disables the 'transitional'
+compatibility between IDNA2003 and IDNA2008, when converting UTF-8
+domain names to/from the ASCII form that is used in DNS lookups.
+This makes Postfix behavior consistent with current versions of the
+Firefox and Chrome web browsers. Specify "<a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a>
+= yes" to get the historical behavior. </p>
+
+<p> This affects the conversion of domain names that contain for
+example the German sz (ß) and the Greek zeta (ς). See
+<a href="http://unicode.org/cldr/utility/idna.jsp">http://unicode.org/cldr/utility/idna.jsp</a> for more examples. </p>
+
+<h2> <a name="credits">Credits</a> </h2>
+
+<ul>
+
+<li> <p> May 15, 2014: Arnt Gulbrandsen posted his patch for Unicode
+email support. This work was sponsored by CNNIC. </p>
+
+<li> <p> July 15, 2014: Wietse integrated Arnt Gulbrandsen's code
+and released Postfix with SMTPUTF8 support. </p>
+
+<li> <p> January 2015: Wietse added UTF-8 support for casefolding
+in Postfix lookup tables and caseless string comparison in Postfix
+list-based features. </p>
+
+</ul>
+
+</body>
+
+</html>
+
diff --git a/html/SOHO_README.html b/html/SOHO_README.html
new file mode 100644
index 0000000..2c5def7
--- /dev/null
+++ b/html/SOHO_README.html
@@ -0,0 +1,418 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Small/Home Office Hints and Tips</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Small/Home Office Hints and Tips</h1>
+
+<hr>
+
+<h2>Overview</h2>
+
+<p> This document combines hints and tips for "small office/home
+office" applications into one document so that they are easier to
+find. The text describes the mail sending side only. If your machine
+does not receive mail directly (i.e. it does not have its own
+Internet domain name and its own fixed IP address), then you will
+need a solution such as "fetchmail", which is outside the scope of
+the Postfix documentation. </p>
+
+<ul>
+
+<li> <p> Selected topics from the <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> document: </p>
+
+<ul>
+
+<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
+
+<li><a href="#fantasy">Postfix on hosts without a real
+Internet hostname</a>
+
+</ul>
+
+<p> Selected topics from the <a href="SASL_README.html">SASL_README</a> document: </p>
+
+<ul>
+
+<li><a href="#client_sasl_enable">Enabling SASL authentication in the
+Postfix SMTP client</a></li>
+
+<li><a href="#client_sasl_sender">Configuring Sender-Dependent SASL
+authentication </a></li>
+
+</ul>
+
+</ul>
+
+<p> See the <a href="SASL_README.html">SASL_README</a> and <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents for
+further information on these topics. </p>
+
+<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2>
+
+<p> Postfix should work out of the box without change on a stand-alone
+machine that has direct Internet access. At least, that is how
+Postfix installs when you download the Postfix source code via
+<a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
+
+<p> You can use the command "<b>postconf -n</b>" to find out what
+settings are overruled by your <a href="postconf.5.html">main.cf</a>. Besides a few pathname
+settings, few parameters should be set on a stand-alone box, beyond
+what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Optional: send mail as user@domainname instead of user@hostname.
+ #<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+
+ # Optional: specify NAT/proxy external address.
+ #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
+
+ # Alternative 1: don't relay mail from other hosts.
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
+ <a href="postconf.5.html#relay_domains">relay_domains</a> =
+
+ # Alternative 2: relay mail from local clients only.
+ # <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28
+ # <a href="postconf.5.html#relay_domains">relay_domains</a> =
+</pre>
+</blockquote>
+
+<p> See also the section "<a href="#fantasy">Postfix on hosts without
+a real Internet hostname</a>" if this is applicable to your configuration.
+</p>
+
+<h2><a name="fantasy">Postfix on hosts without a real Internet
+hostname</a></h2>
+
+<p> This section is for hosts that don't have their own Internet
+hostname. Typically these are systems that get a dynamic IP address
+via DHCP or via dialup. Postfix will let you send and receive mail
+just fine between accounts on a machine with a fantasy name. However,
+you cannot use a fantasy hostname in your email address when sending
+mail into the Internet, because no-one would be able to reply to
+your mail. In fact, more and more sites refuse mail addresses with
+non-existent domain names. </p>
+
+<p> Note: the following information is Postfix version dependent.
+To find out what Postfix version you have, execute the command
+"<b>postconf <a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
+
+<h3>Solution 1: Postfix version 2.2 and later </h3>
+
+<p> Postfix 2.2 uses the <a href="generic.5.html">generic(5)</a> address mapping to replace
+local fantasy email addresses by valid Internet addresses. This
+mapping happens ONLY when mail leaves the machine; not when you
+send mail between users on the same machine. </p>
+
+<p> The following example presents additional configuration. You
+need to combine this with basic configuration information as
+discussed in the first half of this document. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic
+3
+4 /etc/postfix/generic:
+5 his@localdomain.local hisaccount@hisisp.example
+6 her@localdomain.local heraccount@herisp.example
+7 @localdomain.local hisaccount+local@hisisp.example
+</pre>
+</blockquote>
+
+<p> When mail is sent to a remote host via SMTP: </p>
+
+<ul>
+
+<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP
+mail address, </p>
+
+<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP
+mail address, and </p>
+
+<li> <p> Line 7 replaces other local addresses by his ISP account,
+with an address extension of +<i>local</i> (this example assumes
+that the ISP supports "+" style address extensions). </p>
+
+</ul>
+
+<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/generic</b>"
+whenever you change the generic table. </p>
+
+<h3>Solution 2: Postfix version 2.1 and earlier </h3>
+
+<p> The solution with older Postfix systems is to use valid
+Internet addresses where possible, and to let Postfix map valid
+Internet addresses to local fantasy addresses. With this, you can
+send mail to the Internet and to local fantasy addresses, including
+mail to local fantasy addresses that don't have a valid Internet
+address of their own.</p>
+
+<p> The following example presents additional configuration. You
+need to combine this with basic configuration information as
+discussed in the first half of this document. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.localdomain
+ 3 <a href="postconf.5.html#mydomain">mydomain</a> = localdomain
+ 4
+ 5 <a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
+ 6
+ 7 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 8
+ 9 /etc/postfix/canonical:
+10 your-login-name your-account@your-isp.com
+11
+12 /etc/postfix/virtual:
+13 your-account@your-isp.com your-login-name
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
+use a domain name that is already in use by real organizations
+on the Internet. See <a href="https://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
+names that are guaranteed not to be owned by anyone. </p>
+
+<li> <p> Lines 5, 9, 10: This provides the mapping from
+"your-login-name@hostname.localdomain" to "your-account@your-isp.com".
+This part is required. </p>
+
+<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com"
+locally, instead of sending it to the ISP. This part is not required
+but is convenient.
+
+</ul>
+
+<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/canonical</b>"
+whenever you change the canonical table. </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>"
+whenever you change the virtual table. </p>
+
+<h2><a name="client_sasl_enable">Enabling SASL authentication in the
+Postfix SMTP/LMTP client</a></h2>
+
+<p> This section shows a typical scenario where the Postfix SMTP
+client sends all messages via a mail gateway server that requires
+SASL authentication. </p>
+
+<blockquote>
+
+<strong> Trouble solving tips: </strong>
+
+<ul>
+
+<li> <p> If your SASL logins fail with "SASL authentication failure:
+No worthy mechs found" in the mail logfile, then see the section
+"<a href="SASL_README.html#client_sasl_policy">Postfix SMTP/LMTP
+client policy - SASL mechanism <em>properties</em></a>".
+
+<li> <p> For a solution to a more obscure class of SASL authentication
+failures, see "<a href="SASL_README.html#client_sasl_filter">Postfix
+SMTP/LMTP client policy - SASL mechanism <em>names</em></a>".
+
+</ul>
+
+</blockquote>
+
+<p> To make the example more readable we introduce it in two parts.
+The first part takes care of the basic configuration, while the
+second part sets up the username/password information. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
+ <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> = noanonymous
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]
+ # Alternative form:
+ # <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]:submission
+ <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sasl_passwd
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> The <code><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a></code> setting enables
+client-side authentication. We will configure the client's username
+and password information in the second part of the example. </p>
+</li>
+
+<li> <p> The <code><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></code> setting ensures
+that the connection to the remote smtp server will be encrypted, and
+<code><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a></code> removes the prohibition on
+plaintext passwords. </p>
+
+<li> <p> The <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting forces the Postfix SMTP
+to send all remote messages to the specified mail server instead
+of trying to deliver them directly to their destination. </p> </li>
+
+<li> <p> In the <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting, the "<code>[</code>"
+and "<code>]</code>" prevent the Postfix SMTP client from looking
+up MX (mail exchanger) records for the enclosed name. </p> </li>
+
+<li> <p> The <code><a href="postconf.5.html#relayhost">relayhost</a></code> destination may also specify a
+non-default TCP port. For example, the alternative form
+<code>[mail.isp.example]:submission</code> tells Postfix to connect
+to TCP network port 587, which is reserved for email client
+applications. </p> </li>
+
+<li> <p> The Postfix SMTP client is compatible with SMTP servers
+that use the non-standard "<code>AUTH=<em>method.</em>...</code>"
+syntax in response to the EHLO command; this requires no additional
+Postfix client configuration. </p> </li>
+
+<li> <p> With the setting "<a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes", the Postfix
+SMTP client supports the "wrappermode" protocol, which uses TCP
+port 465 on the SMTP server (Postfix 3.0 and later). </p> </li>
+
+<li> <p> With the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> parameter,
+we configure the Postfix SMTP client to send username and password
+information to the mail gateway server. As discussed in the next
+section, the Postfix SMTP client supports multiple ISP accounts.
+For this reason the username and password are stored in a table
+that contains one username/password combination for each mail gateway
+server. </p>
+
+</ul>
+
+<blockquote>
+<pre>
+/etc/postfix/sasl_passwd:
+ # destination credentials
+ [mail.isp.example] username:password
+ # Alternative form:
+ # [mail.isp.example]:submission username:password
+</pre>
+</blockquote>
+
+<blockquote>
+
+<strong>Important</strong>
+
+<p> Keep the SASL client password file in <code>/etc/postfix</code>,
+and make the file read+write only for <code>root</code> to protect
+the username/password combinations against other users. The Postfix
+SMTP client will still be able to read the SASL client passwords.
+It opens the file as user <code>root</code> before it drops privileges,
+and before entering an optional chroot jail. </p>
+
+</blockquote>
+
+<ul>
+
+<li> <p> Use the <code>postmap</code> command whenever you
+change the <code>/etc/postfix/sasl_passwd</code> file. </p> </li>
+
+<li> <p> If you specify the "<code>[</code>" and "<code>]</code>"
+in the <code><a href="postconf.5.html#relayhost">relayhost</a></code> destination, then you must use the
+same form in the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> file. </p>
+</li>
+
+<li> <p> If you specify a non-default TCP Port (such as
+"<code>:submission</code>" or "<code>:587</code>") in the
+<code><a href="postconf.5.html#relayhost">relayhost</a></code> destination, then you must use the same form
+in the <code><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a></code> file. </p> </li>
+
+</ul>
+
+<h2><a name="client_sasl_sender">Configuring Sender-Dependent SASL
+authentication</a></h2>
+
+<p> Postfix supports different ISP accounts for different sender
+addresses (version 2.3 and later). This can be useful when one
+person uses the same machine for work and for personal use, or when
+people with different ISP accounts share the same Postfix server.
+</p>
+
+<p> To make this possible, Postfix supports per-sender SASL passwords
+and per-sender relay hosts. In the example below, the Postfix SMTP
+client will search the SASL password file by sender address before
+it searches that same file by destination. Likewise, the Postfix
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon will search the per-sender <a href="postconf.5.html#relayhost">relayhost</a> file,
+and use the default <code><a href="postconf.5.html#relayhost">relayhost</a></code> setting only as a final
+resort. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> = yes
+ <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_relay
+ <a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
+ <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sasl_passwd
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]
+ # Alternative form:
+ # <a href="postconf.5.html#relayhost">relayhost</a> = [mail.isp.example]:submission
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/sasl_passwd:
+ # Per-sender authentication; see also /etc/postfix/sender_relay.
+ user1@example.com username1:password1
+ user2@example.net username2:password2
+ # Login information for the default <a href="postconf.5.html#relayhost">relayhost</a>.
+ [mail.isp.example] username:password
+ # Alternative form:
+ # [mail.isp.example]:submission username:password
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/sender_relay:
+ # Per-sender provider; see also /etc/postfix/sasl_passwd.
+ user1@example.com [mail.example.com]:submission
+ user2@example.net [mail.example.net]
+</pre>
+</blockquote>
+
+<ul>
+
+<li> <p> If you are creative, then you can try to combine the two
+tables into one single MySQL database, and configure different
+Postfix queries to extract the appropriate information. </p>
+
+<li> <p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<li> <p> Execute the command "<b>postmap /etc/postfix/sasl_passwd</b>"
+whenever you change the sasl_passwd table. </p>
+
+<li> <p> Execute the command "<b>postmap /etc/postfix/sender_relay</b>"
+whenever you change the sender_relay table. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/SQLITE_README.html b/html/SQLITE_README.html
new file mode 100644
index 0000000..fac6f73
--- /dev/null
+++ b/html/SQLITE_README.html
@@ -0,0 +1,115 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix SQLite Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix SQLite Howto</h1>
+
+<hr>
+
+<h2>Introduction</h2>
+
+<p> The Postfix sqlite map type allows you to hook up Postfix to a
+SQLite database. This implementation allows for multiple sqlite
+databases: you can use one for a <a href="virtual.5.html">virtual(5)</a> table, one for an
+<a href="access.5.html">access(5)</a> table, and one for an <a href="aliases.5.html">aliases(5)</a> table if you want. </p>
+
+<h2>Building Postfix with SQLite support</h2>
+
+<p> The Postfix SQLite client utilizes the sqlite3 library,
+which can be obtained from: </p>
+
+<blockquote>
+ <p> <a href="http://www.sqlite.org/">http://www.sqlite.org/</a> </p>
+</blockquote>
+
+<p> In order to build Postfix with sqlite map support, you will
+need to add to CCARGS the flags -DHAS_SQLITE and -I with the directory
+containing the sqlite header files, and you will need to add to
+AUXLIBS the directory and name of the sqlite3 library, plus the
+name of the standard POSIX thread library (pthread). For example:
+</p>
+
+<blockquote>
+<pre>
+make -f Makefile.init makefiles \
+ "CCARGS=-DHAS_SQLITE -I/usr/local/include" \
+ "<a href="SQLITE_README.html">AUXLIBS_SQLITE</a>=-L/usr/local/lib -lsqlite3 -lpthread"
+</pre>
+</blockquote>
+
+<p> If your SQLite shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lsqlite3". </p>
+
+<p> Postfix versions before 3.0 use AUXLIBS instead of <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>.
+With Postfix 3.0 and later, the old AUXLIBS variable still supports
+building a statically-loaded SQLite database client, but only the new
+<a href="SQLITE_README.html">AUXLIBS_SQLITE</a> variable supports building a dynamically-loaded or
+statically-loaded SQLite database client. </p>
+
+<blockquote>
+
+<p> Failure to use the <a href="SQLITE_README.html">AUXLIBS_SQLITE</a> variable will defeat the purpose
+of dynamic database client loading. Every Postfix executable file
+will have SQLITE database library dependencies. And that was exactly
+what dynamic database client loading was meant to avoid. </p>
+
+</blockquote>
+
+<p> Then, just run 'make'.</p>
+
+<h2>Using SQLite tables</h2>
+
+<p> Once Postfix is built with sqlite support, you can specify a
+map type in <a href="postconf.5.html">main.cf</a> like this: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/sqlite-aliases.cf
+</pre>
+</blockquote>
+
+<p> The file /etc/postfix/sqlite-aliases.cf specifies lots of
+information telling Postfix how to reference the sqlite database.
+For a complete description, see the <a href="sqlite_table.5.html">sqlite_table(5)</a> manual page. </p>
+
+<h2>Example: local aliases </h2>
+
+<pre>
+#
+# sqlite config file for <a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> lookups
+#
+
+# Path to database
+dbpath = /some/path/to/sqlite_database
+
+# See <a href="sqlite_table.5.html">sqlite_table(5)</a> for details.
+query = SELECT forw_addr FROM mxaliases WHERE alias='%s' AND status='paid'
+</pre>
+
+<h2>Credits</h2>
+
+<p> SQLite support was added with Postfix version 2.8. </p>
+
+<ul>
+
+<li>Implementation by Axel Steiner</li>
+<li>Documentation by Jesus Garcia Crespo</li>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/STANDARD_CONFIGURATION_README.html b/html/STANDARD_CONFIGURATION_README.html
new file mode 100644
index 0000000..998d1bd
--- /dev/null
+++ b/html/STANDARD_CONFIGURATION_README.html
@@ -0,0 +1,857 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Standard Configuration Examples</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Standard Configuration Examples</h1>
+
+<hr>
+
+<h2>Purpose of this document</h2>
+
+<p> This document presents a number of typical Postfix configurations.
+This document should be reviewed after you have followed the basic
+configuration steps as described in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>
+document. In particular, do not proceed here if you don't already
+have Postfix working for local mail submission and for local mail
+delivery. </p>
+
+<p> The first part of this document presents standard configurations
+that each solve one specific problem. </p>
+
+<ul>
+
+<li><a href="#stand_alone">Postfix on a stand-alone Internet host</a>
+
+<li><a href="#null_client">Postfix on a null client</a>
+
+<li><a href="#local_network">Postfix on a local network</a>
+
+<li><a href="#firewall">Postfix email firewall/gateway</a>
+
+</ul>
+
+<p> The second part of this document presents additional configurations
+for hosts in specific environments. </p>
+
+<ul>
+
+<li><a href="#some_local">Delivering some but not all accounts locally</a>
+
+<li><a href="#intranet">Running Postfix behind a firewall</a>
+
+<li><a href="#backup">Configuring Postfix as primary or backup MX host for a remote
+site</a>
+
+<li><a href="#dialup">Postfix on a dialup machine</a>
+
+<li><a href="#fantasy">Postfix on hosts without a real
+Internet hostname</a>
+
+</ul>
+
+<h2><a name="stand_alone">Postfix on a stand-alone Internet host</a></h2>
+
+<p> Postfix should work out of the box without change on a stand-alone
+machine that has direct Internet access. At least, that is how
+Postfix installs when you download the Postfix source code via
+<a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
+
+<p> You can use the command "<b>postconf -n</b>" to find out what
+settings are overruled by your <a href="postconf.5.html">main.cf</a>. Besides a few pathname
+settings, few parameters should be set on a stand-alone box, beyond
+what is covered in the <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> document: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Optional: send mail as user@domainname instead of user@hostname.
+ #<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+
+ # Optional: specify NAT/proxy external address.
+ #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
+
+ # Alternative 1: don't relay mail from other hosts.
+ <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host
+ <a href="postconf.5.html#relay_domains">relay_domains</a> =
+
+ # Alternative 2: relay mail from local clients only.
+ # <a href="postconf.5.html#mynetworks">mynetworks</a> = 192.168.1.0/28
+ # <a href="postconf.5.html#relay_domains">relay_domains</a> =
+</pre>
+</blockquote>
+
+<p> See also the section "<a href="#fantasy">Postfix on hosts without
+a real Internet hostname</a>" if this is applicable to your configuration.
+</p>
+
+<h2><a name="null_client">Postfix on a null client</a></h2>
+
+<p> A null client is a machine that can only send mail. It receives no
+mail from the network, and it does not deliver any mail locally. A
+null client typically uses POP, IMAP or NFS for mailbox access. </p>
+
+<p> In this example we assume that the Internet domain name is
+"example.com" and that the machine is named "hostname.example.com".
+As usual, the examples show only parameters that are not left at
+their default settings. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.example.com
+3 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+4 <a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+5 <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
+6 <a href="postconf.5.html#mydestination">mydestination</a> =
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Line 2: Set <a href="postconf.5.html#myhostname">myhostname</a> to hostname.example.com, in case
+the machine name isn't set to a fully-qualified domain name (use
+the command "postconf -d <a href="postconf.5.html#myhostname">myhostname</a>" to find out what the machine
+name is). </p>
+
+<li> <p> Line 2: The <a href="postconf.5.html#myhostname">myhostname</a> value also provides the default
+value for the <a href="postconf.5.html#mydomain">mydomain</a> parameter (here, "<a href="postconf.5.html#mydomain">mydomain</a> = example.com").
+</p>
+
+<li> <p> Line 3: Send mail as "user@example.com" (instead of
+"user@hostname.example.com"), so that nothing ever has a reason
+to send mail to "user@hostname.example.com". </p>
+
+<li> <p> Line 4: Forward all mail to the mail server that is
+responsible for the "example.com" domain. This prevents mail from
+getting stuck on the null client if it is turned off while some
+remote destination is unreachable. Specify a real hostname
+here if your "example.com" domain has no MX record. </p>
+
+<li> <p> Line 5: Do not accept mail from the network. </p>
+
+<li> <p> Line 6: Disable local mail delivery. All mail goes to
+the mail server as specified in line 4. </p>
+
+</ul>
+
+<h2><a name="local_network">Postfix on a local network</a></h2>
+
+<p> This section describes a local area network environment of one
+main server and multiple other systems that send and receive email.
+As usual we assume that the Internet domain name is "example.com".
+All systems are configured to send mail as "user@example.com", and
+all systems receive mail for "user@hostname.example.com". The main
+server also receives mail for "user@example.com". We call this
+machine by the name of mailhost.example.com. </p>
+
+<p> A drawback of sending mail as "user@example.com" is that mail
+for "root" and other system accounts is also sent to the central
+mailhost. See the section "<a href="#some_local">Delivering some
+but not all accounts locally</a>" below for possible solutions.
+</p>
+
+<p> As usual, the examples show only parameters that are not left
+at their default settings. </p>
+
+<p> First we present the non-mailhost configuration, because it is
+the simpler one. This machine sends mail as "user@example.com" and
+is the final destination for "user@hostname.example.com". </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+3 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24
+4 <a href="postconf.5.html#relay_domains">relay_domains</a> =
+5 # Optional: forward all non-local mail to mailhost
+6 #<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Line 2: Send mail as "user@example.com". </p>
+
+<li> <p> Line 3: Specify the trusted networks. </p>
+
+<li> <p> Line 4: This host does not relay mail from untrusted networks. </p>
+
+<li> <p> Line 6: This is needed if no direct Internet access is
+available. See also below, "<a href="#firewall">Postfix behind
+a firewall</a>". </p>
+
+</ul>
+
+<p> Next we present the mailhost configuration. This machine sends
+mail as "user@example.com" and is the final destination for
+"user@hostname.example.com" as well as "user@example.com". </p>
+
+<blockquote>
+<pre>
+ 1 DNS:
+ 2 example.com IN MX 10 mailhost.example.com.
+ 3
+ 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 5 <a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+ 6 <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost $<a href="postconf.5.html#mydomain">mydomain</a>
+ 7 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 10.0.0.0/24
+ 8 <a href="postconf.5.html#relay_domains">relay_domains</a> =
+ 9 # Optional: forward all non-local mail to firewall
+10 #<a href="postconf.5.html#relayhost">relayhost</a> = [firewall.example.com]
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Line 2: Send mail for the domain "example.com" to the
+machine mailhost.example.com. Remember to specify the "." at the
+end of the line. </p>
+
+<li> <p> Line 5: Send mail as "user@example.com". </p>
+
+<li> <p> Line 6: This host is the final mail destination for the
+"example.com" domain, in addition to the names of the machine
+itself. </p>
+
+<li> <p> Line 7: Specify the trusted networks. </p>
+
+<li> <p> Line 8: This host does not relay mail from untrusted networks. </p>
+
+<li> <p> Line 10: This is needed only when the mailhost has to
+forward non-local mail via a mail server on a firewall. The
+<tt>[]</tt> forces Postfix to do no MX record lookups. </p>
+
+</ul>
+
+<p> In an environment like this, users access their mailbox in one
+or more of the following ways:
+
+<ul>
+
+<li> <p> Mailbox access via NFS or equivalent. </p>
+
+<li> <p> Mailbox access via POP or IMAP. </p>
+
+<li> <p> Mailbox on the user's preferred machine. </p>
+
+</ul>
+
+<p> In the latter case, each user has an alias on the mailhost that
+forwards mail to her preferred machine: </p>
+
+<blockquote>
+<pre>
+/etc/aliases:
+ joe: joe@joes.preferred.machine
+ jane: jane@janes.preferred.machine
+</pre>
+</blockquote>
+
+<p> On some systems the alias database is not in /etc/aliases. To
+find out the location for your system, execute the command "<b>postconf
+<a href="postconf.5.html#alias_maps">alias_maps</a></b>". </p>
+
+<p> Execute the command "<b>newaliases</b>" whenever you change
+the aliases file. </p>
+
+<h2><a name="firewall">Postfix email firewall/gateway</a></h2>
+
+<p> The idea is to set up a Postfix email firewall/gateway that
+forwards mail for "example.com" to an inside gateway machine but
+rejects mail for "anything.example.com". There is only one problem:
+with "<a href="postconf.5.html#relay_domains">relay_domains</a> = example.com", the firewall normally also
+accepts mail for "anything.example.com". That would not be right.
+</p>
+
+<p> Note: this example requires Postfix version 2.0 and later. To find
+out what Postfix version you have, execute the command "<b>postconf
+<a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
+
+<p> The solution is presented in multiple parts. This first part
+gets rid of local mail delivery on the firewall, making the firewall
+harder to break. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#myorigin">myorigin</a> = example.com
+3 <a href="postconf.5.html#mydestination">mydestination</a> =
+4 <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+5 <a href="postconf.5.html#local_transport">local_transport</a> = <a href="error.8.html">error</a>:local mail delivery is disabled
+6
+7 /etc/postfix/<a href="master.5.html">master.cf</a>:
+8 Comment out the local delivery agent
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Line 2: Send mail from this machine as "user@example.com",
+so that no reason exists to send mail to "user@firewall.example.com".
+</p>
+
+<li> <p> Lines 3-8: Disable local mail delivery on the firewall
+machine. </p>
+
+</ul>
+
+<p> For the sake of technical correctness the firewall must be able
+to receive mail for postmaster@[firewall ip address]. Reportedly,
+some things actually expect this ability to exist. The second part
+of the solution therefore adds support for postmaster@[firewall ip
+address], and as a bonus we do abuse@[firewall ip address] as well.
+All the mail to these two accounts is forwarded to an inside address.
+</p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+3
+4 /etc/postfix/virtual:
+5 postmaster postmaster@example.com
+6 abuse abuse@example.com
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Because <a href="postconf.5.html#mydestination">mydestination</a> is empty (see the previous example),
+only address literals matching $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>
+are deemed local. So "localpart@[a.d.d.r]" can be matched as simply
+"localpart" in <a href="canonical.5.html">canonical(5)</a> and <a href="virtual.5.html">virtual(5)</a>. This avoids the need to
+specify firewall IP addresses in Postfix configuration files. </p>
+
+</ul>
+
+<p> The last part of the solution does the email forwarding, which
+is the real purpose of the firewall email function. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 12.34.56.0/24
+ 3 <a href="postconf.5.html#relay_domains">relay_domains</a> = example.com
+ 4 <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> =
+ 5 <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> smtpd_access_maps
+<br>
+ 6a # Postfix 2.10 and later support separate relay control and
+ 7a # spam control.
+ 8a <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ 9a <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10a <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = ...spam blocking rules....
+<br>
+ 6b # Older configurations combine relay control and spam control. To
+ 7b # use this with Postfix &ge; 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
+ 8b <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 9b <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10b ...spam blocking rules....
+<br>
+11 <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients
+12 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+13
+14 /etc/postfix/relay_recipients:
+15 user1@example.com x
+16 user2@example.com x
+17 . . .
+18
+19 /etc/postfix/transport:
+20 example.com relay:[inside-gateway.example.com]
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li><p> Lines 1-10: Accept mail from local systems in $<a href="postconf.5.html#mynetworks">mynetworks</a>,
+and accept mail from outside for "user@example.com" but not for
+"user@anything.example.com". The magic is in lines 4-5. </p>
+
+<li> <p> Lines 11, 13-16: Define the list of valid addresses in the
+"example.com" domain that can receive mail from the Internet. This
+prevents the mail queue from filling up with undeliverable
+MAILER-DAEMON messages. If you can't maintain a list of valid
+recipients then you must specify "<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that
+is, an empty value), or you must specify an "@example.com x"
+wild-card in the relay_recipients table. </p>
+
+<li> <p> Lines 12, 19-20: Route mail for "example.com" to the inside
+gateway machine. The <tt>[]</tt> forces Postfix to do no MX lookup.
+This uses the "relay" delivery transport (a copy of the default
+"smtp" delivery transport) to forward inbound mail. This can improve
+performance of deliveries to internal domains because they will
+compete for SMTP clients from the "relay" delivery transport, instead
+of competing with other SMTP deliveries for SMTP clients from the
+default "smtp" delivery transport. </p>
+
+</ul>
+
+<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/relay_recipients</b>"
+whenever you change the relay_recipients table. </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
+whenever you change the transport table. </p>
+
+<p> In some installations, there may be separate instances of Postfix
+processing inbound and outbound mail on a multi-homed firewall. The
+inbound Postfix instance has an SMTP server listening on the external
+firewall interface, and the outbound Postfix instance has an SMTP server
+listening on the internal interface. In such a configuration is it is
+tempting to configure $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in each instance with just the
+corresponding interface address. </p>
+
+<p> In most cases, using <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> in this way will not work,
+because as documented in the $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> reference manual, the
+<a href="smtp.8.html">smtp(8)</a> delivery agent will also use the specified interface address
+as the source address for outbound connections and will be unable to
+reach hosts on "the other side" of the firewall. The symptoms are that
+the firewall is unable to connect to hosts that are in fact up. See the
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> parameter documentation for suggested work-arounds.</p>
+
+<h2><a name="some_local">Delivering some but not all accounts
+locally</a></h2>
+
+<p> A drawback of sending mail as "user@example.com" (instead of
+"user@hostname.example.com") is that mail for "root" and other
+system accounts is also sent to the central mailhost. In order to
+deliver such accounts locally, you can set up virtual aliases as
+follows: </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+3
+4 /etc/postfix/virtual:
+5 root root@localhost
+6 . . .
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Line 5: As described in the <a href="virtual.5.html">virtual(5)</a> manual page, the
+bare name "root" matches "root@site" when "site" is equal to
+$<a href="postconf.5.html#myorigin">myorigin</a>, when "site" is listed in $<a href="postconf.5.html#mydestination">mydestination</a>, or when it
+matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </p>
+
+</ul>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
+editing the file. </p>
+
+<h2><a name="intranet">Running Postfix behind a firewall</a></h2>
+
+<p> The simplest way to set up Postfix on a host behind a firewalled
+network is to send all mail to a gateway host, and to let that mail
+host take care of internal and external forwarding. Examples of that
+are shown in the <a href="#local_network">local area network</a>
+section above. A more sophisticated approach is to send only external
+mail to the gateway host, and to send intranet mail directly. </p>
+
+<p> Note: this example requires Postfix version 2.0 and later. To find
+out what Postfix version you have, execute the command "<b>postconf
+<a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
+
+<p> The following example presents additional configuration. You
+need to combine this with basic configuration information as
+discussed in the first half of this document. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+ 3 <a href="postconf.5.html#relayhost">relayhost</a> =
+ 4 # Optional for a machine that isn't "always on"
+ 5 #<a href="postconf.5.html#fallback_relay">fallback_relay</a> = [gateway.example.com]
+ 6
+ 7 /etc/postfix/transport:
+ 8 # Internal delivery.
+ 9 example.com :
+10 .example.com :
+11 # External delivery.
+12 * <a href="smtp.8.html">smtp</a>:[gateway.example.com]
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Lines 2, 7-12: Request that intranet mail is delivered
+directly, and that external mail is given to a gateway. Obviously,
+this example assumes that the organization uses DNS MX records
+internally. The <tt>[]</tt> forces Postfix to do no MX lookup.
+</p>
+
+<li> <p> Line 3: IMPORTANT: do not specify a <a href="postconf.5.html#relayhost">relayhost</a> in <a href="postconf.5.html">main.cf</a>.
+</p>
+
+<li> <p> Line 5: This prevents mail from being stuck in the queue
+when the machine is turned off. Postfix tries to deliver mail
+directly, and gives undeliverable mail to a gateway. </p>
+
+</ul>
+
+<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/transport</b>" whenever
+you edit the transport table. </p>
+
+<h2><a name="backup">Configuring Postfix as primary or backup MX host for a remote site</a></h2>
+
+<p> This section presents additional configuration. You need to
+combine this with basic configuration information as discussed in the
+first half of this document. </p>
+
+<p> When your system is SECONDARY MX host for a remote site this
+is all you need: </p>
+
+<blockquote>
+<pre>
+ 1 DNS:
+ 2 the.backed-up.domain.tld IN MX 100 your.machine.tld.
+ 3
+ 4 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 5 <a href="postconf.5.html#relay_domains">relay_domains</a> = . . . the.backed-up.domain.tld
+<br>
+ 6a # Postfix 2.10 and later support separate relay control and
+ 7a # spam control.
+ 8a <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ 9a <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10a <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = ...spam blocking rules....
+<br>
+ 6b # Older configurations combine relay control and spam control. To
+ 7b # use this with Postfix &ge; 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
+ 8b <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ 9b <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+10b ...spam blocking rules....
+<br>
+11 # You must specify your NAT/proxy external address.
+12 #<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
+13
+14 <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients
+15
+16 /etc/postfix/relay_recipients:
+17 user1@the.backed-up.domain.tld x
+18 user2@the.backed-up.domain.tld x
+19 . . .
+</pre>
+</blockquote>
+
+<p> When your system is PRIMARY MX host for a remote site you
+need the above, plus: </p>
+
+<blockquote>
+<pre>
+20 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+21 <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+22
+23 /etc/postfix/transport:
+24 the.backed-up.domain.tld relay:[their.mail.host.tld]
+</pre>
+</blockquote>
+
+<p> Important notes:
+
+<ul>
+
+<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#mydestination">mydestination</a>.</p>
+
+<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>.</p>
+
+<li><p>Do not list the.backed-up.domain.tld in <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.</p>
+
+<li> <p> Lines 1-9: Forward mail from the Internet for
+"the.backed-up.domain.tld" to the primary MX host for that domain.
+</p>
+
+<li> <p> Line 12: This is a must if Postfix receives mail via a
+NAT relay or proxy that presents a different IP address to the
+world than the local machine. </p>
+
+<li> <p> Lines 14-18: Define the list of valid addresses in the
+"the.backed-up.domain.tld" domain. This prevents your mail queue
+from filling up with undeliverable MAILER-DAEMON messages. If you
+can't maintain a list of valid recipients then you must specify
+"<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> =" (that is, an empty value), or you must
+specify an "@the.backed-up.domain.tld x" wild-card in the
+relay_recipients table. </p>
+
+<li> <p> Line 24: The <tt>[]</tt> forces Postfix to do no MX lookup. </p>
+
+</ul>
+
+<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/transport</b>"
+whenever you change the transport table. </p>
+
+<p> NOTE for Postfix &lt; 2.2: Do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
+when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In <a href="postconf.5.html">main.cf</a> specify "<tt><a href="postconf.5.html#relay_transport">relay_transport</a> = relay</tt>",
+
+<li> In <a href="master.5.html">master.cf</a> specify "<tt>-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =</tt>" at the
+end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "<tt>relay:<i>nexthop...</i></tt>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> These are default settings in Postfix version 2.2 and later.
+</p>
+
+<h2><a name="dialup">Postfix on a dialup machine</a></h2>
+
+<p> This section applies to dialup connections that are down most
+of the time. For dialup connections that are up 24x7, see the <a
+href="#local_network">local area network</a> section above. </p>
+
+<p> This section presents additional configuration. You need to
+combine this with basic configuration information as discussed in the
+first half of this document. </p>
+
+<p> If you do not have your own hostname and IP address (usually
+with dialup, cable TV or DSL connections) then you should also
+study the section on "<a href="#fantasy">Postfix on hosts without
+a real Internet hostname</a>". </p>
+
+<ul>
+
+<li> Route all outgoing mail to your network provider.
+
+<p> If your machine is disconnected most of the time, there isn't
+a lot of opportunity for Postfix to deliver mail to hard-to-reach
+corners of the Internet. It's better to give the mail to a machine
+that is connected all the time. In the example below, the <tt>[]</tt>
+prevents Postfix from trying to look up DNS MX records. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = [smtprelay.someprovider.com]
+</pre>
+
+<li> <p><a name="spontaneous_smtp">Disable spontaneous SMTP mail
+delivery (if using on-demand dialup IP only).</a> </p>
+
+<p> Normally, Postfix attempts to deliver outbound mail at its convenience.
+If your machine uses on-demand dialup IP, this causes your system
+to place a telephone call whenever you submit new mail, and whenever
+Postfix retries to deliver delayed mail. To prevent such telephone
+calls from being placed, disable spontaneous SMTP mail deliveries. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#defer_transports">defer_transports</a> = smtp (Only for on-demand dialup IP hosts)
+</pre>
+
+<li> <p>Disable SMTP client DNS lookups (dialup LAN only).</p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes (Only for on-demand dialup IP hosts)
+</pre>
+
+<li> Flush the mail queue whenever the Internet link is established.
+
+<p> Put the following command into your PPP or SLIP dialup scripts: </p>
+
+<pre>
+/usr/sbin/sendmail -q (whenever the Internet link is up)
+</pre>
+
+<p> The exact location of the Postfix sendmail command is system-specific.
+Use the command "<b>postconf <a href="postconf.5.html#sendmail_path">sendmail_path</a></b>" to find out where the
+Postfix sendmail command is located on your machine. </p>
+
+<p> In order to find out if the mail queue is flushed, use something
+like: </p>
+
+<pre>
+#!/bin/sh
+
+# Start mail deliveries.
+/usr/sbin/sendmail -q
+
+# Allow deliveries to start.
+sleep 10
+
+# Loop until all messages have been tried at least once.
+while mailq | grep '^[^ ]*\*' &gt;/dev/null
+do
+ sleep 10
+done
+</pre>
+
+<p> If you have disabled <a href="#spontaneous_smtp">spontaneous
+SMTP mail delivery</a>, you also need to run the "<b>sendmail -q</b>"
+command every now and then while the dialup link is up, so that
+newly-posted mail is flushed from the queue. </p>
+
+</ul>
+
+<h2><a name="fantasy">Postfix on hosts without a real Internet
+hostname</a></h2>
+
+<p> This section is for hosts that don't have their own Internet
+hostname. Typically these are systems that get a dynamic IP address
+via DHCP or via dialup. Postfix will let you send and receive mail
+just fine between accounts on a machine with a fantasy name. However,
+you cannot use a fantasy hostname in your email address when sending
+mail into the Internet, because no-one would be able to reply to
+your mail. In fact, more and more sites refuse mail addresses with
+non-existent domain names. </p>
+
+<p> Note: the following information is Postfix version dependent.
+To find out what Postfix version you have, execute the command
+"<b>postconf <a href="postconf.5.html#mail_version">mail_version</a></b>". </p>
+
+<h3>Solution 1: Postfix version 2.2 and later </h3>
+
+<p> Postfix 2.2 uses the <a href="generic.5.html">generic(5)</a> address mapping to replace
+local fantasy email addresses by valid Internet addresses. This
+mapping happens ONLY when mail leaves the machine; not when you
+send mail between users on the same machine. </p>
+
+<p> The following example presents additional configuration. You
+need to combine this with basic configuration information as
+discussed in the first half of this document. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic
+3
+4 /etc/postfix/generic:
+5 his@localdomain.local hisaccount@hisisp.example
+6 her@localdomain.local heraccount@herisp.example
+7 @localdomain.local hisaccount+local@hisisp.example
+</pre>
+</blockquote>
+
+<p> When mail is sent to a remote host via SMTP: </p>
+
+<ul>
+
+<li> <p> Line 5 replaces <i>his@localdomain.local</i> by his ISP
+mail address, </p>
+
+<li> <p> Line 6 replaces <i>her@localdomain.local</i> by her ISP
+mail address, and </p>
+
+<li> <p> Line 7 replaces other local addresses by his ISP account,
+with an address extension of +<i>local</i> (this example assumes
+that the ISP supports "+" style address extensions). </p>
+
+</ul>
+
+<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/generic</b>"
+whenever you change the generic table. </p>
+
+<h3>Solution 2: Postfix version 2.1 and earlier </h3>
+
+<p> The solution with older Postfix systems is to use valid
+Internet addresses where possible, and to let Postfix map valid
+Internet addresses to local fantasy addresses. With this, you can
+send mail to the Internet and to local fantasy addresses, including
+mail to local fantasy addresses that don't have a valid Internet
+address of their own.</p>
+
+<p> The following example presents additional configuration. You
+need to combine this with basic configuration information as
+discussed in the first half of this document. </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#myhostname">myhostname</a> = hostname.localdomain
+ 3 <a href="postconf.5.html#mydomain">mydomain</a> = localdomain
+ 4
+ 5 <a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
+ 6
+ 7 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 8
+ 9 /etc/postfix/canonical:
+10 your-login-name your-account@your-isp.com
+11
+12 /etc/postfix/virtual:
+13 your-account@your-isp.com your-login-name
+</pre>
+</blockquote>
+
+<p> Translation: </p>
+
+<ul>
+
+<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
+use a domain name that is already in use by real organizations
+on the Internet. See <a href="https://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
+names that are guaranteed not to be owned by anyone. </p>
+
+<li> <p> Lines 5, 9, 10: This provides the mapping from
+"your-login-name@hostname.localdomain" to "your-account@your-isp.com".
+This part is required. </p>
+
+<li> <p> Lines 7, 12, 13: Deliver mail for "your-account@your-isp.com"
+locally, instead of sending it to the ISP. This part is not required
+but is convenient.
+
+</ul>
+
+<p>Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what lookup
+tables Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/canonical</b>"
+whenever you change the canonical table. </p>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>"
+whenever you change the virtual table. </p>
+
+</body>
+
+</html>
diff --git a/html/STRESS_README.html b/html/STRESS_README.html
new file mode 100644
index 0000000..ecc4c71
--- /dev/null
+++ b/html/STRESS_README.html
@@ -0,0 +1,567 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Stress-Dependent Configuration</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Stress-Dependent Configuration</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> This document describes the symptoms of Postfix SMTP server
+overload. It presents permanent <a href="postconf.5.html">main.cf</a> changes to avoid overload
+during normal operation, and temporary <a href="postconf.5.html">main.cf</a> changes to cope with
+an unexpected burst of mail. This document makes specific suggestions
+for Postfix 2.5 and later which support stress-adaptive behavior,
+and for earlier Postfix versions that don't. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#overload"> Symptoms of Postfix SMTP server overload </a>
+
+<li><a href="#adapt"> Automatic stress-adaptive behavior </a>
+
+<li><a href="#concurrency"> Service more SMTP clients at the same time </a>
+
+<li><a href="#time"> Spend less time per SMTP client </a>
+
+<li><a href="#hangup"> Disconnect suspicious SMTP clients </a>
+
+<li><a href="#legacy"> Temporary measures for older Postfix releases </a>
+
+<li><a href="#feature"> Detecting support for stress-adaptive behavior </a>
+
+<li><a href="#forcing"> Forcing stress-adaptive behavior on or off </a>
+
+<li><a href="#other"> Other measures to off-load zombies </a>
+
+<li><a href="#credits"> Credits </a>
+
+</ul>
+
+<h2><a name="overload"> Symptoms of Postfix SMTP server overload </a></h2>
+
+<p> Under normal conditions, the Postfix SMTP server responds
+immediately when an SMTP client connects to it; the time to deliver
+mail is noticeable only with large messages. Performance degrades
+dramatically when the number of SMTP clients exceeds the number of
+Postfix SMTP server processes. When an SMTP client connects while
+all Postfix SMTP server processes are busy, the client must wait
+until a server process becomes available. </p>
+
+<p> SMTP server overload may be caused by a surge of legitimate
+mail (example: a DNS registrar opens a new zone for registrations),
+by mistake (mail explosion caused by a forwarding loop) or by malice
+(worm outbreak, botnet, or other illegitimate activity). </p>
+
+<p> Symptoms of Postfix SMTP server overload are: </p>
+
+<ul>
+
+<li> <p> Remote SMTP clients experience a long delay before Postfix
+sends the "220 hostname.example.com ESMTP Postfix" greeting. </p>
+
+<ul>
+
+<li> <p> NOTE: Broken DNS configurations can also cause lengthy
+delays before Postfix sends "220 hostname.example.com ...". These
+delays also exist when Postfix is NOT overloaded. </p>
+
+<li> <p> NOTE: To avoid "overload" delays for end-user mail
+clients, enable the "submission" service entry in <a href="master.5.html">master.cf</a> (present
+since Postfix 2.1), and tell users to connect to this instead of
+the public SMTP service. </p>
+
+</ul>
+
+<li> <p> The Postfix SMTP server logs an increased number of "lost
+connection after CONNECT" events. This happens because remote SMTP
+clients disconnect before Postfix answers the connection. </p>
+
+<ul>
+
+<li> <p> NOTE: A portscan for open SMTP ports can also result in
+"lost connection ..." logfile messages. </p>
+
+</ul>
+
+<li> <p> Postfix 2.3 and later logs a warning that all server ports
+are busy: </p>
+
+<pre>
+Oct 3 20:39:27 spike postfix/master[28905]: warning: service "smtp"
+ (25) has reached its process limit "30": new clients may experience
+ noticeable delays
+Oct 3 20:39:27 spike postfix/master[28905]: warning: to avoid this
+ condition, increase the process count in <a href="master.5.html">master.cf</a> or reduce the
+ service time per client
+Oct 3 20:39:27 spike postfix/master[28905]: warning: see
+ <a href="http://www.postfix.org/STRESS_README.html">http://www.postfix.org/STRESS_README.html</a> for examples of
+ stress-adapting configuration settings
+</pre>
+
+</ul>
+
+<p> Legitimate mail that doesn't get through during an episode of
+Postfix SMTP server overload is not necessarily lost. It should
+still arrive once the situation returns to normal, as long as the
+overload condition is temporary. </p>
+
+<h2><a name="adapt"> Automatic stress-adaptive behavior </a></h2>
+
+<p> Postfix version 2.5 introduces automatic stress-adaptive behavior.
+It works as follows. When a "public" network service such as the
+SMTP server runs into an "all server ports are busy" condition, the
+Postfix <a href="master.8.html">master(8)</a> daemon logs a warning, restarts the service
+(without interrupting existing network sessions), and runs the
+service with "-o stress=yes" on the server process command line:
+</p>
+
+<blockquote>
+<pre>
+80821 ?? S 0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
+</pre>
+</blockquote>
+
+<p> Normally, the Postfix <a href="master.8.html">master(8)</a> daemon runs such a service with
+"-o stress=" on the command line (i.e. with an empty parameter
+value): </p>
+
+<blockquote>
+<pre>
+83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
+</pre>
+</blockquote>
+
+<p> You won't see "-o stress" command-line parameters with services
+that have local clients only. These include services internal to
+Postfix such as the queue manager, and services that listen on a
+loopback interface only, such as after-filter SMTP services. </p>
+
+<p> The "stress" parameter value is the key to making <a href="postconf.5.html">main.cf</a>
+parameter settings stress adaptive. The following settings are the
+default with Postfix 2.6 and later. </p>
+
+<blockquote>
+<pre>
+1 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = ${stress?{10}:{300}}s
+2 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = ${stress?{1}:{20}}
+3 <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> = ${stress?{1}:{100}}
+4 # Parameters added after Postfix 2.6:
+5 <a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> = ${stress?{yes}:{no}}
+6 <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> = ${stress?{10}:{300}}s
+7 <a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = ${stress?{1}:{3}}
+</pre>
+</blockquote>
+
+<p> Postfix versions before 3.0 use the older form ${stress?x}${stress:y}
+instead of the newer form ${stress?{x}:{y}}. </p>
+
+<p> The syntax of ${name?{value}:{value}}, ${name?value} and
+${name:value} is explained at the beginning of the <a href="postconf.5.html">postconf(5)</a>
+manual page. </p>
+
+<p> Translation: <p>
+
+<ul>
+
+<li> <p> Line 1: under conditions of stress, use an <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>
+value of 10 seconds instead of the default 300 seconds. Experience
+on the postfix-users list from a variety of sysadmins shows that
+reducing the "normal" <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 60s is unlikely to affect
+legitimate clients. However, it is unlikely to become the Postfix
+default because it's not RFC compliant. Setting <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to
+10s or even 5s under stress will still allow most
+legitimate clients to connect and send mail, but may delay mail
+from some clients. No mail should be lost, as long as this measure
+is used only temporarily. </p>
+
+<li> <p> Line 2: under conditions of stress, use an <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
+of 1 instead of the default 20. This disconnects clients
+after a single error, giving other clients a chance to connect.
+However, this may cause significant delays with legitimate mail,
+such as a mailing list that contains a few no-longer-active user
+names that didn't bother to unsubscribe. No mail should be lost,
+as long as this measure is used only temporarily. </p>
+
+<li> <p> Line 3: under conditions of stress, use an
+<a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> of 1 instead of the default 100. This
+prevents clients from keeping connections open by repeatedly
+sending HELO, EHLO, NOOP, RSET, VRFY or ETRN commands. </p>
+
+<li> <p> Line 5: under conditions of stress, change the behavior
+of <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a>, from a time limit per
+read or write system call, to a time limit to send or receive a
+complete record (an SMTP command line, SMTP response line, SMTP
+message content line, or TLS protocol message). </p>
+
+<li> <p> Line 6: under conditions of stress, reduce the time limit
+for TLS protocol handshake messages to 10 seconds, from the default
+value of 300 seconds. See also the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> discussion above.
+</p>
+
+<li> <p> Line 7: under conditions of stress, do not wait up to 6
+seconds for the completion of an address verification probe. If the
+result is not already in the address verification cache, reply
+immediately with $<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> or
+$<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>. No mail should be lost, as long
+as this measure is used only temporarily. </p>
+
+</ul>
+
+<p> NOTE: Please keep in mind that the stress-adaptive feature is
+a fairly desperate measure to keep <b>some</b> legitimate mail
+flowing under overload conditions. If a site is reaching the SMTP
+server process limit when there isn't an attack or bot flood
+occurring, then either the process limit needs to be raised or more
+hardware needs to be added. </p>
+
+<h2><a name="concurrency"> Service more SMTP clients at the same time </a> </h2>
+
+<p> This section and the ones that follow discuss permanent measures
+against mail server overload. </p>
+
+<p> One measure to avoid the "all server processes busy" condition
+is to service more SMTP clients simultaneously. For this you need
+to increase the number of Postfix SMTP server processes. This will
+improve the
+responsiveness for remote SMTP clients, as long as the server machine
+has enough hardware and software resources to run the additional
+processes, and as long as the file system can keep up with the
+additional load. </p>
+
+<ul>
+
+<li> <p> You increase the number of SMTP server processes either
+by increasing the <a href="postconf.5.html#default_process_limit">default_process_limit</a> in <a href="postconf.5.html">main.cf</a> (line 3 below),
+or by increasing the SMTP server's "maxproc" field in <a href="master.5.html">master.cf</a>
+(line 10 below). Either way, you need to issue a "postfix reload"
+command to make the change effective. </p>
+
+<li> <p> Process limits above 1000 require Postfix version 2.4 or
+later, and an operating system that supports kernel-based event
+filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
+</p>
+
+<li> <p> More processes use more memory. You can reduce the Postfix
+memory footprint by using <a href="CDB_README.html">cdb</a>:
+lookup tables instead of Berkeley DB's <a href="DATABASE_README.html#types">hash</a>: or <a href="DATABASE_README.html#types">btree</a>: tables. </p>
+
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 # Raise the global process limit, 100 since Postfix 2.0.
+ 3 <a href="postconf.5.html#default_process_limit">default_process_limit</a> = 200
+ 4
+ 5 /etc/postfix/<a href="master.5.html">master.cf</a>:
+ 6 # =============================================================
+ 7 # service type private unpriv chroot wakeup maxproc command
+ 8 # =============================================================
+ 9 # Raise the SMTP service process limit only.
+10 smtp inet n - n - 200 smtpd
+</pre>
+
+<li> <p> NOTE: older versions of the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> document
+contain a mistake: they configure a fixed number of policy daemon
+processes. When you raise the SMTP server's "maxproc" field in
+<a href="master.5.html">master.cf</a>, SMTP server processes will report problems when connecting
+to policy server processes, because there aren't enough of them.
+Examples of errors are "connection refused" or "operation timed
+out". </p>
+
+<p> To fix, edit <a href="master.5.html">master.cf</a> and specify a zero "maxproc" field
+in all policy server entries; see line 6 in the example below.
+Issue a "postfix reload" command to make the change effective. </p>
+
+<pre>
+1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+2 # =============================================================
+3 # service type private unpriv chroot wakeup maxproc command
+4 # =============================================================
+5 # Disable the policy service process limit.
+6 policy unix - n n - 0 spawn
+7 user=nobody argv=/some/where/policy-server
+</pre>
+
+</ul>
+
+<h2><a name="time"> Spend less time per SMTP client </a></h2>
+
+<p> When increasing the number of SMTP server processes is not
+practical, you can improve Postfix server responsiveness by eliminating
+delays. When Postfix spends less time per SMTP session, the same
+number of SMTP server processes can service more clients in a given
+amount of time. </p>
+
+<ul>
+
+<li> <p> Eliminate non-functional RBL lookups (blocklists that are
+no longer in operation). These lookups can degrade performance.
+Postfix logs a warning when an RBL server does not respond. </p>
+
+<li> <p> Eliminate redundant RBL lookups (people often use multiple
+Spamhaus RBLs that include each other). To find out whether RBLs
+include other RBLs, look up the websites that document the RBL's
+policies. </p>
+
+<li> <p> Eliminate <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>, and keep just a few
+emergency patterns to block the latest worm explosion or backscatter
+mail. See <a href="BACKSCATTER_README.html">BACKSCATTER_README</a> for examples of the latter.
+
+<li> <p> Group your <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> patterns to avoid
+unnecessary pattern matching operations:
+
+<pre>
+ 1 /etc/postfix/header_checks:
+ 2 if /^Subject:/
+ 3 /^Subject: virus found in mail from you/ reject
+ 4 /^Subject: ..other../ reject
+ 5 endif
+ 6
+ 7 if /^Received:/
+ 8 /^Received: from (postfix\.org) / reject forged client name in received header: $1
+ 9 /^Received: from ..other../ reject ....
+10 endif
+</pre>
+
+</ul>
+
+<h2><a name="hangup"> Disconnect suspicious SMTP clients </a></h2>
+
+<p> Under conditions of overload you can improve Postfix SMTP server
+responsiveness by hanging up on suspicious clients, so that other
+clients get a chance to talk to Postfix. </p>
+
+<ul>
+
+<li> <p> Use "521" SMTP reply codes (Postfix 2.6 and later) or "421"
+(Postfix 2.3-2.5) to hang up on clients that that match botnet-related
+RBLs (see next bullet) or that match selected non-RBL restrictions
+such as SMTP access maps. The Postfix SMTP server will reject mail
+and disconnect without waiting for the remote SMTP client to send
+a QUIT command. </p>
+
+<li> <p> To hang up connections from denylisted zombies, you can
+set specific Postfix SMTP server reject codes for specific RBLs,
+and for individual responses from specific RBLs. We'll use
+zen.spamhaus.org as an example; by the time you read this document,
+details may have changed. Right now, their documents say that a
+response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP
+address, which means that the machine is probably running a bot of
+some kind. To give a 521 response instead of the default 554
+response, use something like: </p>
+
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
+ 3 <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ 4 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org=127.0.0.10
+ 5 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org=127.0.0.11
+ 6 <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> zen.spamhaus.org
+ 7
+ 8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/rbl_reply_maps
+ 9
+10 /etc/postfix/rbl_reply_maps:
+11 # With Postfix 2.3-2.5 use "421" to hang up connections.
+12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
+13 $rbl_class [$rbl_what] blocked using
+14 $rbl_domain${rbl_reason?; $rbl_reason}
+15
+16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
+17 $rbl_class [$rbl_what] blocked using
+18 $rbl_domain${rbl_reason?; $rbl_reason}
+</pre>
+
+<p> Although the above example shows three RBL lookups (lines 4-6),
+Postfix will only do a single DNS query, so it does not affect the
+performance. </p>
+
+<li> <p> With Postfix 2.3-2.5, use reply code 421 (521 will not
+cause Postfix to disconnect). The down-side of replying with 421
+is that it works only for zombies and other malware. If the client
+is running a real MTA, then it may connect again several times until
+the mail expires in its queue. When this is a problem, stick with
+the default 554 reply, and use "<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1" as
+described below. </p>
+
+<li> <p> You can automatically turn on the above overload measure
+with Postfix 2.5 and later, or with earlier releases that contain
+the stress-adaptive behavior source code patch from the mirrors
+listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>. Simply replace line
+above 8 with: </p>
+
+<pre>
+ 8 <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> = ${stress?<a href="DATABASE_README.html#types">hash</a>:/etc/postfix/rbl_reply_maps}
+</pre>
+
+</ul>
+
+<p> More information about automatic stress-adaptive behavior is
+in section "<a href="#adapt">Automatic stress-adaptive behavior</a>".
+</p>
+
+<h2><a name="legacy"> Temporary measures for older Postfix releases </a></h2>
+
+<p> See the section "<a href="#adapt">Automatic stress-adaptive
+behavior</a>" if you are running Postfix version 2.5 or later, or
+if you have applied the source code patch for stress-adaptive
+behavior from the mirrors listed at <a href="http://www.postfix.org/download.html">http://www.postfix.org/download.html</a>.
+</p>
+
+<p> The following measures can be applied temporarily during overload.
+They still allow <b>most</b> legitimate clients to connect and send
+mail, but may affect some legitimate clients. </p>
+
+<ul>
+
+<li> <p> Reduce <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (default: 300s). Experience on the
+postfix-users list from a variety of sysadmins shows that reducing
+the "normal" <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 60s is unlikely to affect legitimate
+clients. However, it is unlikely to become the Postfix default
+because it's not RFC compliant. Setting <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> to 10s (line
+2 below) or even 5s under stress will still allow <b>most</b>
+legitimate clients to connect and send mail, but may delay mail
+from some clients. No mail should be lost, as long as this measure
+is used only temporarily. </p>
+
+<li> <p> Reduce <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (default: 20). Setting this
+to 1 under stress (line 3 below) helps by disconnecting clients
+after a single error, giving other clients a chance to connect.
+However, this may cause significant delays with legitimate mail,
+such as a mailing list that contains a few no-longer-active user
+names that didn't bother to unsubscribe. No mail should be lost,
+as long as this measure is used only temporarily. </p>
+
+<li> <p> Use an <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> of 1 instead of the default
+100. This prevents clients from keeping idle connections open by
+repeatedly sending NOOP or RSET commands. </p>
+
+</ul>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> = 10
+3 <a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> = 1
+4 <a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> = 1
+</pre>
+</blockquote>
+
+<p> With these measures, no mail should be lost, as long
+as these measures are used only temporarily. The next section of
+this document introduces a way to automate this process. </p>
+
+<h2><a name="feature"> Detecting support for stress-adaptive behavior </a></h2>
+
+<p> To find out if your Postfix installation supports stress-adaptive
+behavior, use the "ps" command, and look for the smtpd processes.
+Postfix has stress-adaptive support when you see "-o stress=" or
+"-o stress=yes" command-line options. Remember that Postfix never
+enables stress-adaptive behavior on servers that listen on local
+addresses only. </p>
+
+<p> The following example is for FreeBSD or Linux. On Solaris, HP-UX
+and other System-V flavors, use "ps -ef" instead of "ps ax". </p>
+
+<blockquote>
+<pre>
+$ ps ax|grep smtpd
+83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress=
+84345 ?? Ss 0:00.11 /usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
+</pre>
+</blockquote>
+
+<p> You can't use <a href="postconf.1.html">postconf(1)</a> to detect stress-adaptive support.
+The <a href="postconf.1.html">postconf(1)</a> command ignores the existence of the stress parameter
+in <a href="postconf.5.html">main.cf</a>, because the parameter has no effect there. Command-line
+"-o parameter" settings always take precedence over <a href="postconf.5.html">main.cf</a> parameter
+settings. <p>
+
+<p> If you configure stress-adaptive behavior in <a href="postconf.5.html">main.cf</a> when it
+isn't supported, nothing bad will happen. The processes will run
+as if the stress parameter always has an empty value. </p>
+
+<h2><a name="forcing"> Forcing stress-adaptive behavior on or off </a></h2>
+
+<p> You can manually force stress-adaptive behavior on, by adding
+a "-o stress=yes" command-line option in <a href="master.5.html">master.cf</a>. This can be
+useful for testing overrides on the SMTP service. Issue "postfix
+reload" to make the change effective. </p>
+
+<p> Note: setting the stress parameter in <a href="postconf.5.html">main.cf</a> has no effect for
+services that accept remote connections. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+2 # =============================================================
+3 # service type private unpriv chroot wakeup maxproc command
+4 # =============================================================
+5 #
+6 smtp inet n - n - - smtpd
+7 -o stress=yes
+8 -o . . .
+</pre>
+</blockquote>
+
+<p> To permanently force stress-adaptive behavior off with a specific
+service, specify "-o stress=" on its <a href="master.5.html">master.cf</a> command line. This
+may be desirable for the "submission" service. Issue "postfix reload"
+to make the change effective. </p>
+
+<p> Note: setting the stress parameter in <a href="postconf.5.html">main.cf</a> has no effect for
+services that accept remote connections. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="master.5.html">master.cf</a>:
+2 # =============================================================
+3 # service type private unpriv chroot wakeup maxproc command
+4 # =============================================================
+5 #
+6 submission inet n - n - - smtpd
+7 -o stress=
+8 -o . . .
+</pre>
+</blockquote>
+
+<h2><a name="other"> Other measures to off-load zombies </a> </h2>
+
+<p> The <a href="postscreen.8.html">postscreen(8)</a> daemon, introduced with Postfix 2.8, provides
+additional protection against mail server overload. One <a href="postscreen.8.html">postscreen(8)</a>
+process handles multiple inbound SMTP connections, and decides which
+clients may talk to a Postfix SMTP server process. By keeping
+spambots away, <a href="postscreen.8.html">postscreen(8)</a> leaves more SMTP server processes
+available for legitimate clients, and delays the onset of server
+overload conditions. </p>
+
+<h2><a name="credits"> Credits </a></h2>
+
+<ul>
+
+<li> Thanks to the postfix-users mailing list members for sharing
+early experiences with the stress-adaptive feature.
+
+<li> The RBL example and several other paragraphs of text were
+adapted from postfix-users postings by Noel Jones.
+
+<li> Wietse implemented stress-adaptive behavior as the smallest
+possible patch while he should be working on other things.
+
+</ul>
+
+</body> </html>
diff --git a/html/TLS_LEGACY_README.html b/html/TLS_LEGACY_README.html
new file mode 100644
index 0000000..da415f6
--- /dev/null
+++ b/html/TLS_LEGACY_README.html
@@ -0,0 +1,1607 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix legacy TLS Support </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix legacy TLS Support
+</h1>
+
+<hr>
+
+<h2> NOTE </h2>
+
+<p> This document describes an old TLS user interface that is based
+on a third-party TLS patch by Lutz J&auml;nicke. As of Postfix
+version 2.3, the old user interface still exists to allow migration
+from earlier Postfix releases, but its functionality is frozen. </p>
+
+<h2> What Postfix TLS support does for you </h2>
+
+<p> Transport Layer Security (TLS, formerly called SSL) provides
+certificate-based authentication and encrypted sessions. An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication.
+
+<p> Postfix version 2.2 introduces support for TLS as described in
+<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>. TLS Support for older Postfix versions was available as
+an add-on patch. The section "<a href="#compat">Compatibility with
+Postfix &lt; 2.2 TLS support</a>" below discusses the differences
+between these implementations. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#how">How Postfix TLS support works</a>
+
+<li><a href="#build_tls">Building Postfix with TLS support</a>
+
+<li><a href="#server_tls">SMTP Server specific settings</a>
+
+<li> <a href="#client_tls">SMTP Client specific settings</a>
+
+<li><a href="#tlsmgr_controls"> TLS manager specific settings </a>
+
+<li><a href="#problems"> Reporting problems </a>
+
+<li><a href="#compat">Compatibility with Postfix &lt; 2.2 TLS support</a>
+
+<li><a href="#credits"> Credits </a>
+
+</ul>
+
+<p> And last but not least, for the impatient: </p>
+
+<ul>
+
+<li><a href="#quick-start">Getting started, quick and dirty</a>
+
+</ul>
+
+<h2><a name="how">How Postfix TLS support works</a></h2>
+
+<p> The diagram below shows the main elements of the Postfix TLS
+architecture and their relationships. Colored boxes with numbered
+names represent Postfix daemon programs. Other colored boxes
+represent storage elements. </p>
+
+<ul>
+
+<li> <p> The <a href="smtpd.8.html">smtpd(8)</a> server implements the SMTP over TLS server
+side. </p>
+
+<li> <p> The <a href="smtp.8.html">smtp(8)</a> client implements the SMTP over TLS client
+side. </p>
+
+<li> <p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the <a href="smtpd.8.html">smtpd(8)</a> server
+and <a href="smtp.8.html">smtp(8)</a> client processes, and maintains the TLS session key
+cache files. </p>
+
+</ul>
+
+<table>
+
+<tr> <td>Network<tt>-&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> &nbsp; </td> <td colspan="2">
+
+<tt> &lt;---seed---<br><br>&lt;-session-&gt; </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> &nbsp; </td>
+<td colspan="3"> <tt> ---seed---&gt;<br> <br>&lt;-session-&gt;
+
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+&nbsp; </td> <td> <tt> -&gt;</tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> key cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> key cache
+</td>
+
+<td colspan="2"> </td> </tr>
+
+</table>
+
+<h2><a name="build_tls">Building Postfix with TLS support</a></h2>
+
+<p> To build Postfix with TLS support, first we need to generate
+the <tt>make(1)</tt> files with the necessary definitions. This is
+done by invoking the command "<tt>make makefiles</tt>" in the Postfix
+top-level directory and with arguments as shown next. </p>
+
+<p> <b> NOTE: Do not use Gnu TLS. It will spontaneously terminate
+a Postfix daemon process with exit status code 2, instead of allowing
+Postfix to 1) report the error to the maillog file, and to 2) provide
+plaintext service where this is appropriate. </b> </p>
+
+<ul>
+
+<li> <p> If the OpenSSL include files (such as <tt>ssl.h</tt>) are
+in directory <tt>/usr/include/openssl</tt>, and the OpenSSL libraries
+(such as <tt>libssl.so</tt> and <tt>libcrypto.so</tt>) are in
+directory <tt>/usr/lib</tt>: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"</b>
+</pre>
+</blockquote>
+
+<li> <p> If the OpenSSL include files (such as <tt>ssl.h</tt>) are
+in directory <tt>/usr/local/include/openssl</tt>, and the OpenSSL
+libraries (such as <tt>libssl.so</tt> and <tt>libcrypto.so</tt>)
+are in directory <tt>/usr/local/lib</tt>: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
+<p> On Solaris, specify the <tt>-R</tt> option as shown below:
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
+</ul>
+
+<p> If you need to apply other customizations (such as Berkeley DB
+databases, MySQL, PosgreSQL, LDAP or SASL), see the respective
+Postfix README documents, and combine their "<tt>make makefiles</tt>"
+instructions with the instructions above: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS \
+ <i>(other -D or -I options)</i>" \
+ AUXLIBS="-lssl -lcrypto \
+ <i>(other -l options for libraries in /usr/lib)</i> \
+ <i>(-L/path/name + -l options for other libraries)</i>"</b>
+</pre>
+</blockquote>
+
+<p> To complete the build process, see the Postfix <a href="INSTALL.html">INSTALL</a>
+instructions. Postfix has TLS support turned off by default, so
+you can start using Postfix as soon as it is installed. </p>
+
+<h2><a name="server_tls">SMTP Server specific settings</a></h2>
+
+<p> Topics covered in this section: </p>
+
+<ul>
+
+<li><a href="#server_cert_key">Server-side certificate and private
+key configuration </a>
+
+<li><a href="#server_logging"> Server-side TLS activity logging
+</a>
+
+<li><a href="#server_enable">Enabling TLS in the Postfix SMTP server </a>
+
+<li><a href="#server_vrfy_client">Client certificate verification</a>
+
+<li><a href="#server_tls_auth">Supporting AUTH over TLS only</a>
+
+<li><a href="#server_tls_cache">Server-side TLS session cache</a>
+
+<li><a href="#server_access">Server access control</a>
+
+<li><a href="#server_cipher">Server-side cipher controls</a>
+
+<li><a href="#server_misc"> Miscellaneous server controls</a>
+
+</ul>
+
+<h3><a name="server_cert_key">Server-side certificate and private
+key configuration </a> </h3>
+
+<p> In order to use TLS, the Postfix SMTP server needs a certificate
+and a private key. Both must be in "pem" format. The private key
+must not be encrypted, meaning: the key must be accessible without
+a password. Both certificate and private key may be in the same
+file. </p>
+
+<p> Both RSA and DSA certificates are supported. Typically you will
+only have RSA certificates issued by a commercial CA. In addition,
+the tools supplied with OpenSSL will by default issue RSA certificates.
+You can have both at the same time, in which case the cipher used
+determines which certificate is presented. For Netscape and OpenSSL
+clients without special cipher choices, the RSA certificate is
+preferred. </p>
+
+<p> In order for remote SMTP clients to check the Postfix SMTP
+server certificates, the CA certificate (in case of a certificate
+chain, all CA certificates) must be available. You should add
+these certificates to the server certificate, the server certificate
+first, then the issuing CA(s). </p>
+
+<p> Example: the certificate for "server.dom.ain" was issued by
+"intermediate CA" which itself has a certificate issued by "root
+CA". Create the server.pem file with: </p>
+
+<blockquote>
+<pre>
+% <b>cat server_cert.pem intermediate_CA.pem &gt; server.pem</b>
+</pre>
+</blockquote>
+
+<p> A Postfix SMTP server certificate supplied here must be usable
+as an SSL server certificate and hence pass the "openssl verify -purpose
+sslserver ..." test. </p>
+
+<p> A client that trusts the root CA has a local copy of the root
+CA certificate, so it is not necessary to include the root CA
+certificate here. Leaving it out of the "server.pem" file reduces
+the overhead of the TLS exchange. </p>
+
+<p> If you want the Postfix SMTP server to accept remote SMTP client
+certificates issued by these CAs, append the root certificate to
+$<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory. When
+you configure trust in a root CA, it is not necessary to explicitly trust
+intermediary CAs signed by the root CA, unless $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>
+is less than the number of CAs in the certificate chain for the clients
+of interest. With a verify depth of 1 you can only verify certificates
+directly signed by a trusted CA, and all trusted intermediary CAs need to
+be configured explicitly. With a verify depth of 2 you can verify clients
+signed by a root CA or a direct intermediary CA (so long as the client
+is correctly configured to supply its intermediate CA certificate). </p>
+
+<p> RSA key and certificate examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>
+</pre>
+</blockquote>
+
+<p> Their DSA counterparts: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem
+ <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> = $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
+</pre>
+</blockquote>
+
+<p> To verify a remote SMTP client certificate, the Postfix SMTP
+server needs to trust the certificates of the issuing Certification
+Authorities. These certificates in "pem" format can be stored in a
+single $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or in multiple files, one CA per file in
+the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory. If you use a directory, don't forget
+to create the necessary "hash" links with: </p>
+
+<blockquote>
+<pre>
+# <b>$OPENSSL_HOME/bin/c_rehash <i>/path/to/directory</i> </b>
+</pre>
+</blockquote>
+
+<p> The $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> contains the CA certificates of one or
+more trusted CAs. The file is opened (with root privileges) before
+Postfix enters the optional chroot jail and so need not be accessible
+from inside the chroot jail. </p>
+
+<p> Additional trusted CAs can be specified via the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>
+directory, in which case the certificates are read (with $<a href="postconf.5.html#mail_owner">mail_owner</a>
+privileges) from the files in the directory when the information
+is needed. Thus, the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory needs to be
+accessible inside the optional chroot jail. </p>
+
+<p> When you configure Postfix to request client certificates (by
+setting $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes), any certificates in
+$<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the client, in order to allow it to
+choose an identity signed by a CA you trust. If no $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
+is specified, no preferred CA list is sent, and the client is free
+to choose an identity signed by any CA. Many clients use a fixed
+identity regardless of the preferred CA list and you may be able
+to reduce TLS negotiation overhead by installing client CA certificates
+mostly or only in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. In the latter case you need
+not specify a $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>. </p>
+
+<p> Note, that unless client certificates are used to allow greater
+access to TLS authenticated clients, it is best to not ask for
+client certificates at all, as in addition to increased overhead
+some clients (notably in some cases qmail) are unable to complete
+the TLS handshake when client certificates are requested. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem
+ <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs
+</pre>
+</blockquote>
+
+<h3><a name="server_logging"> Server-side TLS activity logging </a> </h3>
+
+<p> To get additional information about Postfix SMTP server TLS
+activity you can increase the loglevel from 0..4. Each logging
+level also includes the information that is logged at a lower
+logging level. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> 0 </td> <td> Disable logging of TLS activity.</td> </tr>
+
+<tr> <td> 1 </td> <td> Log TLS handshake and certificate information.
+</td> </tr>
+
+<tr> <td> 2 </td> <td> Log levels during TLS negotiation. </td>
+</tr>
+
+<tr> <td> 3 </td> <td> Log hexadecimal and ASCII dump of TLS
+negotiation process </td> </tr>
+
+<tr> <td> 4 </td> <td> Log hexadecimal and ASCII dump of complete
+transmission after STARTTLS </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Use loglevel 3 only in case of problems. Use of loglevel 4 is
+strongly discouraged. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 0
+</pre>
+</blockquote>
+
+<p> To include information about the protocol and cipher used as
+well as the client and issuer CommonName into the "Received:"
+message header, set the <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> variable to true.
+The default is no, as the information is not necessarily authentic.
+Only information recorded at the final destination is reliable,
+since the headers may be changed by intermediate servers. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
+</pre>
+</blockquote>
+
+<h3><a name="server_enable">Enabling TLS in the Postfix SMTP server </a> </h3>
+
+<p> By default, TLS is disabled in the Postfix SMTP server, so no
+difference to plain Postfix is visible. Explicitly switch it on
+using "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes". </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
+</pre>
+</blockquote>
+
+<p> With this, Postfix SMTP server announces STARTTLS support to
+SMTP clients, but does not require that clients use TLS encryption.
+</p>
+
+<p> Note: when an unprivileged user invokes "sendmail -bs", STARTTLS
+is never offered due to insufficient privileges to access the server
+private key. This is intended behavior. </p>
+
+<p> You can ENFORCE the use of TLS, so that the Postfix SMTP server
+announces STARTTLS and accepts no mail without TLS encryption, by
+setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes". According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST
+NOT be applied in case of a publicly-referenced Postfix SMTP server.
+This option is off by default and should only seldom be used. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
+</pre>
+</blockquote>
+
+<p> TLS is sometimes used in the non-standard "wrapper" mode where
+a server always uses TLS, instead of announcing STARTTLS support
+and waiting for clients to request TLS service. Some clients, namely
+Outlook [Express] prefer the "wrapper" mode. This is true for OE
+(Win32 &lt; 5.0 and Win32 &gt;=5.0 when run on a port&lt;&gt;25
+and OE (5.01 Mac on all ports). </p>
+
+<p> It is strictly discouraged to use this mode from <a href="postconf.5.html">main.cf</a>. If
+you want to support this service, enable a special port in <a href="master.5.html">master.cf</a>
+and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes" as an <a href="smtpd.8.html">smtpd(8)</a> command
+line option. Port 465 (smtps) was once chosen for this feature.
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtps inet n - n - - smtpd
+ -o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes -o <a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>=yes
+</pre>
+</blockquote>
+
+<h3><a name="server_vrfy_client">Client certificate verification</a> </h3>
+
+<p> To receive a remote SMTP client certificate, the Postfix SMTP
+server must explicitly ask for one (any contents of $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
+are also sent to the client as a hint for choosing a certificate
+from a suitable CA). Unfortunately, Netscape clients will either
+complain if no matching client certificate is available or will
+offer the user client a list of certificates to choose from.
+Additionally some MTAs (notably some versions of qmail) are unable
+to complete TLS negotiation when client certificates are requested,
+and abort the SMTP session. So this option is "off" by default.
+You will however need the certificate if you want to use certificate
+based relaying with, for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+feature. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = no
+</pre>
+</blockquote>
+
+<p> You may also decide to REQUIRE a remote SMTP client certificate
+before allowing TLS connections. This feature is included for
+completeness, and implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p>
+
+<p> Please be aware, that this will inhibit TLS connections without
+a proper client certificate and that it makes sense only when
+non-TLS submission is disabled (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes). Otherwise,
+clients could bypass the restriction by simply not using STARTTLS
+at all. </p>
+
+<p> When TLS is not enforced, the connection will be handled as
+if only "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes" is specified, and a warning is
+logged. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = no
+</pre>
+</blockquote>
+
+<p> A client certificate verification depth of 1 is sufficient if
+the certificate is directly issued by a CA listed in the CA file.
+The default value (5) should also suffice for longer chains (root
+CA issues special CA which then issues the actual certificate...)
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> = 5
+</pre>
+</blockquote>
+
+<h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
+
+<p> Sending AUTH data over an unencrypted channel poses a security
+risk. When TLS layer encryption is required (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> =
+yes), the Postfix SMTP server will announce and accept AUTH only
+after the TLS layer has been activated with STARTTLS. When TLS
+layer encryption is optional (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = no), it may
+however still be useful to only offer AUTH when TLS is active. To
+maintain compatibility with non-TLS clients, the default is to
+accept AUTH without encryption. In order to change this behavior,
+set "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = no
+</pre>
+</blockquote>
+
+<h3><a name="server_tls_cache">Server-side TLS session cache</a> </h3>
+
+<p> The Postfix SMTP server and the remote SMTP client negotiate
+a session, which takes some computer time and network bandwidth.
+By default, this session information is cached only in the <a href="smtpd.8.html">smtpd(8)</a>
+process actually using this session and is lost when the process
+terminates. To share the session information between multiple
+<a href="smtpd.8.html">smtpd(8)</a> processes, a persistent session cache can be used. You
+can specify any database type that can store objects of several
+kbytes and that supports the sequence operator. DBM databases are
+not suitable because they can only store small objects. The cache
+is maintained by the <a href="tlsmgr.8.html">tlsmgr(8)</a> process, so there is no problem with
+concurrent access. Session caching is highly recommended, because
+the cost of repeatedly negotiating TLS session keys is high.</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/etc/postfix/smtpd_scache
+</pre>
+</blockquote>
+
+<p> As of version 2.5, Postfix will no longer maintain this file
+in a directory with non-Postfix ownership. As a migration aid,
+attempts to open such files are redirected to the Postfix-owned
+$<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> Cached Postfix SMTP server session information expires after
+a certain amount of time. Postfix/TLS does not use the OpenSSL
+default of 300s, but a longer time of 3600sec (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
+recommends a maximum of 24 hours. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> = 3600s
+</pre>
+</blockquote>
+
+<h3><a name="server_access">Server access control</a> </h3>
+
+<p> Postfix TLS support introduces three additional features for
+Postfix SMTP server access control: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP
+client SMTP request if the client certificate passes verification,
+and if its fingerprint is listed in the list of client certificates
+(see <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> discussion below). </p> </dd>
+
+<dt> <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </dt> <dd> <p> Allow the remote
+client SMTP request if the client certificate passes verification.
+</p> </dd>
+
+<dt> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html">type:table</a></dt> <dd>
+<p> If the client certificate passes verification, use its fingerprint
+as a key for the specified <a href="access.5.html">access(5)</a> table. </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<p> The <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> feature must be used with caution,
+because it can result in too many access permissions. Use this
+feature only if a special CA issues the client certificates, and
+only if this CA is listed as a trusted CA. If other CAs are trusted,
+any owner of a valid client certificate would be authorized.
+The <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> feature can be practical for a
+specially created email relay server. </p>
+
+<p> It is however recommended to stay with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+feature and list all certificates via $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>, as
+<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> does not permit any control when a
+certificate must no longer be used (e.g. an employee leaving). </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ ...
+</pre>
+</blockquote>
+
+<p> The Postfix list manipulation routines give special treatment
+to whitespace and some other characters, making the use of certificate
+names impractical. Instead we use the certificate fingerprints as
+they are difficult to fake but easy to use for lookup. Postfix
+lookup tables are in the form of (key, value) pairs. Since we only
+need the key, the value can be chosen freely, e.g. the name of
+the user or host.</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts
+
+/etc/postfix/relay_clientcerts:
+ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home
+</pre>
+</blockquote>
+
+<h3><a name="server_cipher">Server-side cipher controls</a> </h3>
+
+<p> To influence the Postfix SMTP server cipher selection scheme,
+you can give cipherlist string. A detailed description would go
+too far here; please refer to the OpenSSL documentation. If you
+don't know what to do with it, simply don't touch it and leave the
+(openssl-)compiled in default! </p>
+
+<p> DO NOT USE " to enclose the string, specify just the string!!! </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> = DEFAULT
+</pre>
+</blockquote>
+
+<p> If you want to take advantage of ciphers with EDH, DH parameters
+are needed. Instead of using the built-in DH parameters for both
+1024bit and 512bit, it is better to generate "own" parameters,
+since otherwise it would "pay" for a possible attacker to start a
+brute force attack against parameters that are used by everybody.
+For this reason, the parameters chosen are already different from
+those distributed with other TLS packages. </p>
+
+<p> To generate your own set of DH parameters, use: </p>
+
+<blockquote>
+<pre>
+% <b>openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024</b>
+% <b>openssl gendh -out /etc/postfix/dh_512.pem -2 -rand /var/run/egd-pool 512</b>
+</pre>
+</blockquote>
+
+<p> Examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh_1024.pem
+ <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem
+</pre>
+</blockquote>
+
+<h3><a name="server_misc"> Miscellaneous server controls</a> </h3>
+
+<p> The <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> parameter limits the time of Postfix
+SMTP server write and read operations during TLS startup and shutdown
+handshake procedures. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> = 300s
+</pre>
+</blockquote>
+
+<h2> <a name="client_tls">SMTP Client specific settings</a> </h2>
+
+<p> Topics covered in this section: </p>
+
+<ul>
+
+<li><a href="#client_cert_key">Client-side certificate and private
+key configuration </a>
+
+<li><a href="#client_logging"> Client-side TLS activity logging
+</a>
+
+<li><a href="#client_tls_cache">Client-side TLS session cache</a>
+
+<li><a href="#client_tls_enable"> Enabling TLS in the Postfix SMTP client </a>
+
+<li><a href="#client_tls_require"> Requiring TLS encryption </a>
+
+<li><a href="#client_tls_nopeer"> Disabling server certificate verification </a>
+
+<li><a href="#client_tls_per_site"> Per-site TLS policies </a>
+
+<!--
+<li><a href="#client_tls_obs"> Obsolete per-site TLS policy support </a>
+-->
+
+<li><a href="#client_tls_harden"> Closing a DNS loophole with <!-- legacy --> per-site TLS policies </a>
+
+<li><a href="#client_tls_discover"> Discovering servers that support TLS </a>
+
+<li><a href="#client_vrfy_server">Server certificate verification depth</a>
+
+<li> <a href="#client_cipher">Client-side cipher controls </a>
+
+<li> <a href="#client_misc"> Miscellaneous client controls </a>
+
+</ul>
+
+<h3><a name="client_cert_key">Client-side certificate and private
+key configuration </a> </h3>
+
+<p> During TLS startup negotiation the Postfix SMTP client may present
+a certificate to the remote SMTP server. The Netscape client is
+rather clever here and lets the user select between only those
+certificates that match CA certificates offered by the remote SMTP
+server. As the Postfix SMTP client uses the "SSL_connect()" function
+from the OpenSSL package, this is not possible and we have to choose
+just one certificate. So for now the default is to use _no_
+certificate and key unless one is explicitly specified here. </p>
+
+<p> Both RSA and DSA certificates are supported. You can have both
+at the same time, in which case the cipher used determines which
+certificate is presented. </p>
+
+<p> It is possible for the Postfix SMTP client to use the same
+key/certificate pair as the Postfix SMTP server. If a certificate
+is to be presented, it must be in "pem" format. The private key
+must not be encrypted, meaning: it must be accessible without
+a password. Both parts (certificate and private key) may be in the
+same file. </p>
+
+<p> In order for remote SMTP servers to verify the Postfix SMTP
+client certificates, the CA certificate (in case of a certificate
+chain, all CA certificates) must be available. You should add
+these certificates to the client certificate, the client certificate
+first, then the issuing CA(s). </p>
+
+<p> Example: the certificate for "client.example.com" was issued by
+"intermediate CA" which itself has a certificate of "root CA".
+Create the client.pem file with: </p>
+
+<blockquote>
+<pre>
+% <b>cat client_cert.pem intermediate_CA.pem &gt; client.pem </b>
+</pre>
+</blockquote>
+
+<p> A Postfix SMTP client certificate supplied here must be usable
+as an SSL client certificate and hence pass the "openssl verify -purpose
+sslclient ..." test. </p>
+
+<p> A server that trusts the root CA has a local copy of the root
+CA certificate, so it is not necessary to include the root CA
+certificate here. Leaving it out of the "client.pem" file reduces
+the overhead of the TLS exchange. </p>
+
+<p> If you want the Postfix SMTP client to accept remote SMTP server
+certificates issued by these CAs, append the root certificate to
+$<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. When
+you configure trust in a root CA, it is not necessary to explicitly trust
+intermediary CAs signed by the root CA, unless $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
+is less than the number of CAs in the certificate chain for the servers
+of interest. With a verify depth of 1 you can only verify certificates
+directly signed by a trusted CA, and all trusted intermediary CAs need to
+be configured explicitly. With a verify depth of 2 you can verify servers
+signed by a root CA or a direct intermediary CA (so long as the server
+is correctly configured to supply its intermediate CA certificate). </p>
+
+<p> RSA key and certificate examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem
+ <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
+</pre>
+</blockquote>
+
+<p> Their DSA counterparts: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
+ <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
+</pre>
+</blockquote>
+
+<p> To verify a remote SMTP server certificate, the Postfix SMTP
+client needs to trust the certificates of the issuing Certification
+Authorities. These certificates in "pem" format can be stored in a
+single $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or in multiple files, one CA per file in
+the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. If you use a directory, don't forget
+to create the necessary "hash" links with: </p>
+
+<blockquote>
+<pre>
+# <b>$OPENSSL_HOME/bin/c_rehash <i>/path/to/directory</i> </b>
+</pre>
+</blockquote>
+
+<p> The $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> contains the CA certificates of one or more
+trusted CAs. The file is opened (with root privileges) before Postfix
+enters the optional chroot jail and so need not be accessible from inside the
+chroot jail. </p>
+
+<p> Additional trusted CAs can be specified via the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>
+directory, in which case the certificates are read (with $<a href="postconf.5.html#mail_owner">mail_owner</a>
+privileges) from the files in the directory when the information
+is needed. Thus, the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory needs to be accessible
+inside the optional chroot jail. </p>
+
+<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> is
+a space/time tradeoff. If there are many trusted CAs, the cost of
+preloading them all into memory may not pay off in reduced access time
+when the certificate is needed. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem
+ <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs
+</pre>
+</blockquote>
+
+<h3><a name="client_logging"> Client-side TLS activity logging </a> </h3>
+
+<p> To get additional information about Postfix SMTP client TLS
+activity you can increase the loglevel from 0..4. Each logging
+level also includes the information that is logged at a lower
+logging level. </p>
+
+<blockquote>
+
+<table>
+
+<tr> <td> 0 </td> <td> Disable logging of TLS activity.</td> </tr>
+
+<tr> <td> 1 </td> <td> Log TLS handshake and certificate information.
+</td> </tr>
+
+<tr> <td> 2 </td> <td> Log levels during TLS negotiation. </td>
+</tr>
+
+<tr> <td> 3 </td> <td> Log hexadecimal and ASCII dump of TLS
+negotiation process </td> </tr>
+
+<tr> <td> 4 </td> <td> Log hexadecimal and ASCII dump of complete
+transmission after STARTTLS </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 0
+</pre>
+</blockquote>
+
+<h3><a name="client_tls_cache">Client-side TLS session cache</a> </h3>
+
+<p> The remote SMTP server and the Postfix SMTP client negotiate a
+session, which takes some computer time and network bandwidth. By
+default, this session information is cached only in the <a href="smtp.8.html">smtp(8)</a>
+process actually using this session and is lost when the process
+terminates. To share the session information between multiple
+<a href="smtp.8.html">smtp(8)</a> processes, a persistent session cache can be used. You
+can specify any database type that can store objects of several
+kbytes and that supports the sequence operator. DBM databases are
+not suitable because they can only store small objects. The cache
+is maintained by the <a href="tlsmgr.8.html">tlsmgr(8)</a> process, so there is no problem with
+concurrent access. Session caching is highly recommended, because
+the cost of repeatedly negotiating TLS session keys is high. Future
+Postfix SMTP servers may limit the number of sessions that a client
+is allowed to negotiate per unit time.</p>
+
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/etc/postfix/smtp_scache
+</pre>
+</blockquote>
+
+<p> As of version 2.5, Postfix will no longer maintain this file
+in a directory with non-Postfix ownership. As a migration aid,
+attempts to open such files are redirected to the Postfix-owned
+$<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> Cached Postfix SMTP client session information expires after
+a certain amount of time. Postfix/TLS does not use the OpenSSL
+default of 300s, but a longer time of 3600s (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
+recommends a maximum of 24 hours. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> = 3600s
+</pre>
+</blockquote>
+
+<h3><a name="client_tls_enable"> Enabling TLS in the Postfix SMTP
+client </a> </h3>
+
+<p> By default, TLS is disabled in the Postfix SMTP client, so no
+difference to plain Postfix is visible. If you enable TLS, the
+Postfix SMTP client will send STARTTLS when TLS support is announced
+by the remote SMTP server. </p>
+
+<p> When the server accepts the STARTTLS command, but the subsequent
+TLS handshake fails, and no other server is available, the Postfix SMTP
+client defers the delivery attempt, and the mail stays in the queue. After
+a handshake failure, the communications channel is in an indeterminate
+state and cannot be used for non-TLS deliveries. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
+</pre>
+</blockquote>
+
+<h3><a name="client_tls_require"> Requiring TLS encryption </a>
+</h3>
+
+<p> You can ENFORCE the use of TLS, so that the Postfix SMTP client
+will not deliver mail over unencrypted connections. In this mode,
+the remote SMTP server hostname must match the information in the
+remote server certificate, and the server certificate must be issued
+by a CA that is trusted by the Postfix SMTP client. If the remote
+server certificate doesn't verify or the remote SMTP server hostname
+doesn't match, and no other server is available, the delivery
+attempt is deferred and the mail stays in the queue. </p>
+
+<p> The remote SMTP server hostname is verified against all names
+provided as dNSNames
+in the SubjectAlternativeName. If no dNSNames are specified, the
+CommonName is checked. Verification may be turned off with the
+<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option which is discussed below. </p>
+
+<p> Enforcing the use of TLS is useful if you know that you will
+only
+connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that present server
+certificates that meet the above requirements. An example would
+be a client only sends email to one specific mailhub that offers
+the necessary STARTTLS support. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes
+</pre>
+</blockquote>
+
+<h3> <a name="client_tls_nopeer"> Disabling server certificate
+verification </a> </h3>
+
+<p> As of <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking for MTA
+clients are not set. When TLS is required (<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes),
+the option <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> can be set to "no" to disable
+strict remote SMTP server hostname checking. In this case, the mail
+delivery will proceed regardless of the CommonName etc. listed in
+the certificate. </p>
+
+<p> Despite the potential for eliminating "man-in-the-middle" and
+other attacks, mandatory certificate/peername verification is not
+viable as a default Internet mail delivery policy at this time. A
+significant fraction of TLS enabled MTAs uses self-signed certificates,
+or certificates that are signed by a private Certification Authority.
+On a machine that delivers mail to the Internet, if you set
+<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes, you should probably also set
+<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no. You can use the per-site TLS
+policies (see below) to enable full peer verification for specific
+destinations that are known to have verifiable TLS server certificates.
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes
+ <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no
+</pre>
+</blockquote>
+
+<h3> <a name="client_tls_per_site"> Per-site TLS policies </a> </h3>
+
+<p> A small fraction of servers offer STARTTLS but the negotiation
+consistently fails, leading to mail aging out of the queue and
+bouncing back to the sender. In such cases, you can use the per-site
+policies to disable TLS for the problem sites. Alternatively, you
+can enable TLS for just a few specific sites and not enable it for
+all sites. </p>
+
+<!-- insert new-style TLS policy mechanism here
+
+<h3> <a name="client_tls_obs"> Obsolete per-site TLS policy support
+</a> </h3>
+
+<p> This section describes an obsolete per-site TLS policy mechanism.
+Unlike the newer mechanism it supports TLS policy lookup by server
+hostname, and lacks control over what names can appear in server
+certificates. Because of this, the obsolete mechanism is vulnerable
+to false DNS hostname information in MX or CNAME records. These
+attacks can be eliminated only with great difficulty. </p>
+
+-->
+
+<p> The <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table is searched for a policy that matches
+the following information: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> remote SMTP server hostname </dt> <dd> This is simply the DNS
+name of the server that the Postfix SMTP client connects to; this
+name may be obtained from other DNS lookups, such as MX lookups or
+CNAME lookups. </dd>
+
+<dt> next-hop destination </dt> <dd> This is normally the domain
+portion of the recipient address, but it may be overruled by
+information from the <a href="transport.5.html">transport(5)</a> table, from the <a href="postconf.5.html#relayhost">relayhost</a> parameter
+setting, or from the <a href="postconf.5.html#relay_transport">relay_transport</a> setting. When it's not the
+recipient domain, the next-hop destination can have the Postfix-specific
+form "<tt>[name]</tt>", <tt>[name]:port</tt>", "<tt>name</tt>" or
+"<tt>name:port</tt>". </dd>
+
+</dl>
+
+</blockquote>
+
+<p> When both the hostname lookup and the next-hop lookup succeed,
+the host policy does not automatically override the next-hop policy.
+Instead, precedence is given to either the more specific or the
+more secure per-site policy as described below. </p>
+
+<p> The <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table uses a simple "<i>name whitespace
+value</i>" format. Specify host names or next-hop destinations on
+the left-hand side; no wildcards are allowed. On the right hand
+side specify one of the following keywords: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less
+specific <b>MAY</b> lookup result from the alternate host or next-hop
+lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,
+and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
+
+<dt> MAY </dt> <dd> Try to use TLS if the server announces support,
+otherwise use the unencrypted connection. This has less precedence
+than a more specific result (including <b>NONE</b>) from the alternate
+host or next-hop lookup key, and has less precedence than the more
+specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+= yes". </dd>
+
+<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not
+require that the remote SMTP server hostname matches the information
+in the remote SMTP server certificate, or that the server certificate
+was issued by a trusted CA. This overrides a less secure <b>NONE</b>
+or a less specific <b>MAY</b> lookup result from the alternate host
+or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
+<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
+
+<dt> MUST </dt> <dd> Require TLS encryption, require that the remote
+SMTP server hostname matches the information in the remote SMTP
+server certificate, and require that the remote SMTP server certificate
+was issued by a trusted CA. This overrides a less secure <b>NONE</b>
+and <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup
+result from the alternate host or next-hop lookup key, and overrides
+the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+settings. </dd>
+
+</dl>
+
+</blockquote>
+
+<p> The precedences between global (<a href="postconf.5.html">main.cf</a>) and per-site TLS
+policies can be summarized as follows: </p>
+
+<ul>
+
+<li> <p> When neither the remote SMTP server hostname nor the
+next-hop destination are found in the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, the
+policy is based on <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and
+<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. Note: "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
+"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" imply "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes". </p>
+
+<li> <p> When both hostname and next-hop destination lookups produce
+a result, the more specific per-site policy (NONE, MUST, etc.)
+overrides the less specific one (MAY), and the more secure per-site
+policy (MUST, etc.) overrides the less secure one (NONE). </p>
+
+<li> <p> After the per-site policy lookups are combined, the result
+generally overrides the global policy. The exception is the less
+specific <b>MAY</b> per-site policy, which is overruled by the more
+specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" with server certificate
+verification as specified with the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+parameter. </p>
+
+</ul>
+
+<h3> <a name="client_tls_harden"> Closing a DNS loophole with
+<!-- legacy --> per-site TLS policies </a> </h3>
+
+<p> As long as no secure DNS lookup mechanism is available, false
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname
+and the server certificate, there is no guarantee that Postfix is
+connected to the right server. To avoid this loophole take the
+following steps: </p>
+
+<ul>
+
+<li> <p> Eliminate MX lookups. Specify local <a href="transport.5.html">transport(5)</a> table
+entries for sensitive domains with explicit <a href="smtp.8.html">smtp</a>:[<i>mailhost</i>]
+or <a href="smtp.8.html">smtp</a>:[<i>mailhost</i>]:<i>port</i> destinations (you can assure
+security of this table unlike DNS); in the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table
+specify the value <b>MUST</b> for the key [<i>mailhost</i>] or
+<a href="smtp.8.html">smtp</a>:[<i>mailhost</i>]:<i>port</i>. This prevents false hostname
+information in DNS MX records from changing the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. </p>
+
+<li> <p> Disallow CNAME hostname overrides. In <a href="postconf.5.html">main.cf</a> specify
+"<a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> = no". This prevents false hostname
+information in DNS CNAME records from changing the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. This feature requires Postfix 2.2.9 or later. </p>
+
+</ul>
+
+<p> Example: </p>
+
+<blockquote> <pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_per_site
+ <a href="postconf.5.html#relayhost">relayhost</a> = [msa.example.net]:587
+
+/etc/postfix/tls_per_site:
+ # <a href="postconf.5.html#relayhost">relayhost</a> exact nexthop match
+ [msa.example.net]:587 MUST
+
+ # TLS should not be used with the <i>example.org</i> MX hosts.
+ example.org NONE
+
+ # TLS should not be used with the host <i>smtp.example.com</i>.
+ [smtp.example.com] NONE
+</pre>
+</blockquote>
+
+<h3> <a name="client_tls_discover"> Discovering servers that support
+TLS </a> </h3>
+
+<p> As we decide on a "per site" basis whether or not to use TLS,
+it would be good to have a list of sites that offered "STARTTLS".
+We can collect it ourselves with this option. </p>
+
+<p> If the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> feature is enabled and a
+server offers STARTTLS while TLS is not already enabled for that
+server, the Postfix SMTP client logs a line as follows: </p>
+
+<blockquote>
+<pre>
+postfix/smtp[pid]: Host offered STARTTLS: [hostname.example.com]
+</pre>
+</blockquote>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> = yes
+</pre>
+</blockquote>
+
+<h3><a name="client_vrfy_server">Server certificate verification depth</a> </h3>
+
+<p> When verifying a remote SMTP server certificate, a verification
+depth of 1 is sufficient if the certificate is directly issued by
+a CA specified with <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>. The default
+value of 5 should also suffice for longer chains (root CA issues
+special CA which then issues the actual certificate...) </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> = 5
+</pre>
+</blockquote>
+
+<h3> <a name="client_cipher">Client-side cipher controls </a> </h3>
+
+<p> To influence the Postfix SMTP client cipher selection scheme,
+you can give cipherlist string. A detailed description would go
+too far here; please refer to the OpenSSL documentation. If you
+don't know what to do with it, simply don't touch it and leave the
+(openssl-)compiled in default! </p>
+
+<p> DO NOT USE " to enclose the string, specify just the string!!! </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> = DEFAULT
+</pre>
+</blockquote>
+
+<h3> <a name="client_misc"> Miscellaneous client controls </a> </h3>
+
+<p> The <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> parameter limits the time of Postfix
+SMTP client write and read operations during TLS startup and shutdown
+handshake procedures. In case of problems the Postfix SMTP client
+tries the next network address on the mail exchanger list, and
+defers delivery if no alternative server is available. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> = 300s
+</pre>
+</blockquote>
+
+<h2><a name="tlsmgr_controls"> TLS manager specific settings </a> </h2>
+
+<p> The security of cryptographic software such as TLS depends
+critically on the ability to generate unpredictable numbers for
+keys and other information. To this end, the <a href="tlsmgr.8.html">tlsmgr(8)</a> process
+maintains a Pseudo Random Number Generator (PRNG) pool. This is
+queried by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes when they initialize.
+By default, these daemons request 32 bytes, the equivalent to 256
+bits. This is more than sufficient to generate a 128bit (or 168bit)
+session key. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> = 32
+</pre>
+</blockquote>
+
+<p> In order to feed its in-memory PRNG pool, the <a href="tlsmgr.8.html">tlsmgr(8)</a> reads
+entropy from an external source, both at startup and during run-time.
+Specify a good entropy source, like EGD or /dev/urandom; be sure
+to only use non-blocking sources (on OpenBSD, use /dev/arandom
+when <a href="tlsmgr.8.html">tlsmgr(8)</a> complains about /dev/urandom timeout errors).
+If the entropy source is not a
+regular file, you must prepend the source type to the source name:
+"dev:" for a device special file, or "egd:" for a source with EGD
+compatible socket interface. </p>
+
+<p> Examples (specify only one in <a href="postconf.5.html">main.cf</a>): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
+ <a href="postconf.5.html#tls_random_source">tls_random_source</a> = egd:/var/run/egd-pool
+</pre>
+</blockquote>
+
+<p> By default, <a href="tlsmgr.8.html">tlsmgr(8)</a> reads 32 bytes from the external entropy
+source at each seeding event. This amount (256bits) is more than
+sufficient for generating a 128bit symmetric key. With EGD and
+device entropy sources, the <a href="tlsmgr.8.html">tlsmgr(8)</a> limits the amount of data
+read at each step to 255 bytes. If you specify a regular file as
+entropy source, a larger amount of data can be read. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> = 32
+</pre>
+</blockquote>
+
+<p> In order to update its in-memory PRNG pool, the <a href="tlsmgr.8.html">tlsmgr(8)</a>
+queries the external entropy source again after a pseudo-random
+amount of time. The time is calculated using the PRNG, and is
+between 0 and the maximal time specified with <a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a>.
+The default maximal time interval is 1 hour. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> = 3600s
+</pre>
+</blockquote>
+
+<p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> process saves the PRNG state to a persistent
+exchange file at regular times and when the process terminates, so
+that it can recover the PRNG state the next time it starts up.
+This file is created when it does not exist. Its default location
+is under the Postfix configuration directory, which is not the
+proper place for information that is modified by Postfix. Instead,
+the file location should probably be on the /var partition (but
+<b>not</b> inside the chroot jail). </p>
+
+<p> Examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> = /etc/postfix/prng_exch
+ <a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> = 3600s
+</pre>
+</blockquote>
+
+<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
+
+<p> The following steps will get you started quickly. Because you
+sign your own Postfix public key certificate, you get TLS encryption
+but no TLS authentication. This is sufficient for testing, and
+for exchanging email with sites that you have no trust relationship
+with. For real authentication, your Postfix public key certificate
+needs to be signed by a recognized Certification Authority, and
+Postfix needs to be configured with a list of public key certificates
+of Certification Authorities, so that Postfix can verify the public key
+certificates of remote hosts. </p>
+
+<p> In the examples below, user input is shown in <b><tt>bold</tt></b>
+font, and a "<tt>#</tt>" prompt indicates a super-user shell. </p>
+
+<ul>
+
+<li> <p> Become your own Certification Authority, so that you can
+sign your own public keys. This example uses the CA.pl script that
+ships with OpenSSL. By default, OpenSSL installs this as
+<tt>/usr/local/ssl/misc/CA.pl</tt>, but your mileage may vary.
+The script creates a private key in <tt>./demoCA/private/cakey.pem</tt>
+and a public key in <tt>./demoCA/cacert.pem</tt>.</p>
+
+<blockquote>
+<pre>
+% <b>/usr/local/ssl/misc/CA.pl -newca</b>
+CA certificate filename (or enter to create)
+
+Making CA certificate ...
+Using configuration from /etc/ssl/openssl.cnf
+Generating a 1024 bit RSA private key
+....................++++++
+.....++++++
+writing new private key to './demoCA/private/cakey.pem'
+Enter PEM pass phrase:<b>whatever</b>
+</pre>
+</blockquote>
+
+<li> <p> Create an unpassworded private key for host FOO and create
+an unsigned public key certificate. </p>
+
+<blockquote>
+<pre>
+% <b>openssl req -new -nodes -keyout FOO-key.pem -out FOO-req.pem -days 365</b>
+Using configuration from /etc/ssl/openssl.cnf
+Generating a 1024 bit RSA private key
+........................................++++++
+....++++++
+writing new private key to 'FOO-key.pem'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:<b>US</b>
+State or Province Name (full name) [Some-State]:<b>New York</b>
+Locality Name (eg, city) []:<b>Westchester</b>
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:<b>Porcupine</b>
+Organizational Unit Name (eg, section) []:
+Common Name (eg, YOUR name) []:<b>FOO</b>
+Email Address []:<b>wietse@porcupine.org</b>
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:<b>whatever</b>
+An optional company name []:
+</pre>
+</blockquote>
+
+<li> <p> Sign the public key certificate for host FOO with the
+Certification Authority private key that we created a few
+steps ago. </p>
+
+<blockquote>
+<pre>
+% <b>openssl ca -out FOO-cert.pem -infiles FOO-req.pem</b>
+Uing configuration from /etc/ssl/openssl.cnf
+Enter PEM pass phrase:<b>whatever</b>
+Check that the request matches the signature
+Signature ok
+The Subjects Distinguished Name is as follows
+countryName :PRINTABLE:'US'
+stateOrProvinceName :PRINTABLE:'New York'
+localityName :PRINTABLE:'Westchester'
+organizationName :PRINTABLE:'Porcupine'
+commonName :PRINTABLE:'FOO'
+emailAddress :IA5STRING:'wietse@porcupine.org'
+Certificate is to be certified until Nov 21 19:40:56 2005 GMT (365 days)
+Sign the certificate? [y/n]:<b>y</b>
+
+
+1 out of 1 certificate requests certified, commit? [y/n]<b>y</b>
+Write out database with 1 new entries
+Data Base Updated
+</pre>
+</blockquote>
+
+<li> <p> Install the host private key, the host public key certificate,
+and the Certification Authority certificate files. This requires
+super-user privileges. </p>
+
+<blockquote>
+<pre>
+# <b>cp demoCA/cacert.pem FOO-key.pem FOO-cert.pem /etc/postfix</b>
+# <b>chmod 644 /etc/postfix/FOO-cert.pem /etc/postfix/cacert.pem</b>
+# <b>chmod 400 /etc/postfix/FOO-key.pem</b>
+</pre>
+</blockquote>
+
+<li> <p> Configure Postfix, by adding the following to
+<tt>/etc/postfix/<a href="postconf.5.html">main.cf</a> </tt>. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
+<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
+<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = /etc/postfix/FOO-key.pem
+<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/run/smtp_tls_session_cache
+<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
+<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
+<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
+<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
+<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
+<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/run/smtpd_tls_session_cache
+<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
+<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
+</pre>
+</blockquote>
+
+</ul>
+
+
+<h2> <a name="problems"> Reporting problems </a> </h2>
+
+<p> When reporting a problem, please be thorough in the report.
+Patches, when possible, are greatly appreciated too. </p>
+
+<p> Please differentiate when possible between: </p>
+
+<ul>
+
+<li> Problems in the TLS code: &lt;postfix_tls@aet.tu-cottbus.de&gt;
+
+<li> Problems in vanilla Postfix: &lt;postfix-users@postfix.org&gt;
+
+</ul>
+
+<h2><a name="compat">Compatibility with Postfix &lt; 2.2 TLS support</a></h2>
+
+<p> Postfix version 2.2 TLS support is based on the Postfix/TLS
+patch by Lutz J&auml;nicke, but differs in a few minor ways. </p>
+
+<ul>
+
+<li> <p> <a href="postconf.5.html">main.cf</a>: Specify "btree" instead of "sdbm" for TLS
+session cache databases. </p>
+
+<p> TLS session cache databases are now accessed only by the
+<a href="tlsmgr.8.html">tlsmgr(8)</a> process, so there are no more concurrency issues. Although
+Postfix has an sdbm client, the sdbm library (1000
+lines of code) is not included with Postfix. </p>
+
+<p> TLS session caches can use any database that can store objects
+of several kbytes or more, and that implements the sequence operation.
+In most cases, btree databases should be adequate. </p>
+
+<p> NOTE: You cannot use dbm databases. TLS session objects
+are too large. </p>
+
+<li> <p> <a href="master.5.html">master.cf</a>: Specify "unix" instead of "fifo" as
+the tlsmgr service type. </p>
+
+<p> The <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes now use a client-server
+protocol in order to access the <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo-random number
+generation (PRNG) pool, and in order to access the TLS session
+cache databases. Such a protocol cannot be run across fifos. </p>
+
+<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: the MUST_NOPEERMATCH per-site policy
+cannot override the global "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" setting.
+</p>
+
+<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: a combined (NONE + MAY) lookup result
+for (hostname and next-hop destination) produces counter-intuitive
+results for different <a href="postconf.5.html">main.cf</a> settings. TLS is enabled with
+"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no", but it is disabled when both
+"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes".
+</p>
+
+</ul>
+
+<p> The <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> limitations were removed by the end of
+the Postfix 2.2 support cycle. </p>
+
+<h2><a name="credits">Credits </a> </h2>
+
+<ul>
+
+<li> TLS support for Postfix was originally developed by Lutz
+J&auml;nicke at Cottbus Technical University.
+
+<li> Wietse Venema adopted the code, did some restructuring, and
+compiled this part of the documentation from Lutz's documents.
+
+<li> Victor Duchovni was instrumental with the re-implementation
+of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> code in terms of enforcement levels, which
+simplified the implementation greatly.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/TLS_README.html b/html/TLS_README.html
new file mode 100644
index 0000000..eb9965a
--- /dev/null
+++ b/html/TLS_README.html
@@ -0,0 +1,3253 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix TLS Support </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix TLS Support
+</h1>
+
+<hr>
+
+<h2> What Postfix TLS support does for you </h2>
+
+<p> Transport Layer Security (TLS, formerly called SSL) provides
+certificate-based authentication and encrypted sessions. An
+encrypted session protects the information that is transmitted with
+SMTP mail or with SASL authentication. </p>
+
+<p> NOTE: By turning on TLS support in Postfix, you not only get
+the ability to encrypt mail and to authenticate remote SMTP clients
+or servers. You also turn on hundreds of thousands of lines of
+OpenSSL library code. Assuming that OpenSSL is written as carefully
+as Wietse's own code, every 1000 lines introduces one additional bug
+into Postfix. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#how">How Postfix TLS support works</a>
+
+<li><a href="#server_tls">SMTP Server specific settings</a>
+
+<li> <a href="#client_tls">SMTP Client specific settings</a>
+
+<li><a href="#tlsmgr_controls"> TLS manager specific settings </a>
+
+<li><a href="#build_tls">Building Postfix with TLS support</a>
+
+<li><a href="#problems"> Reporting problems </a>
+
+<li><a href="#credits"> Credits </a>
+
+</ul>
+
+<p> And last but not least, for the impatient: </p>
+
+<ul>
+
+<li><a href="#quick-start">Getting started, quick and dirty</a>
+
+</ul>
+
+<h2><a name="how">How Postfix TLS support works</a></h2>
+
+<p> The diagram below shows the main elements of the Postfix TLS
+architecture and their relationships. Colored boxes with numbered
+names represent Postfix daemon programs. Other colored boxes
+represent storage elements. </p>
+
+<ul>
+
+<li> <p> The <a href="smtpd.8.html">smtpd(8)</a> server implements the SMTP over TLS server
+side. </p>
+
+<li> <p> The <a href="smtp.8.html">smtp(8)</a> client implements the SMTP (and LMTP) over TLS
+client side. </p>
+
+<li> <p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> server maintains the pseudo-random number
+generator (PRNG) that seeds the TLS engines in the <a href="smtpd.8.html">smtpd(8)</a> server
+and <a href="smtp.8.html">smtp(8)</a> client processes, and maintains the TLS session key
+cache files. </p>
+
+</ul>
+
+<p> Not shown in the figure are the <a href="tlsproxy.8.html">tlsproxy(8)</a> server and the
+<a href="postscreen.8.html">postscreen(8)</a> server. These use TLS in the same manner as <a href="smtpd.8.html">smtpd(8)</a>.
+</p>
+
+<table>
+
+<tr> <td>Network<tt>-&gt; </tt> </td> <td align="center"
+bgcolor="#f0f0ff"> <br> <a href="smtpd.8.html">smtpd(8)</a> <br> &nbsp; </td> <td colspan="2">
+
+<tt> &lt;---seed----<br><br>&lt;-key/cert-&gt; </tt> </td> <td
+align="center" bgcolor="#f0f0ff"> <br> <a href="tlsmgr.8.html">tlsmgr(8)</a> <br> &nbsp; </td>
+<td colspan="3"> <tt> ----seed---&gt;<br> <br>&lt;-key/cert-&gt;
+
+</tt> </td> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
+&nbsp; </td> <td> <tt> -&gt;</tt>Network </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="right"> <table> <tr> <td>
+
+</td> <td> / </td> </tr> <tr> <td> / </td> <td> </td> </tr> </table>
+</td> <td align="center"> |<br> |</td> <td align="left"> <table>
+
+<tr> <td> \ </td> <td> </td> </tr> <tr> <td> </td> <td> \ </td>
+</tr> </table> </td> <td colspan="3"> </td> </tr>
+
+<tr> <td colspan="2"> </td> <td align="center" bgcolor="#f0f0ff">
+smtpd<br> session<br> key cache </td> <td> </td> <td align="center"
+bgcolor="#f0f0ff"> PRNG<br> state <br>file </td> <td> </td> <td
+align="center" bgcolor="#f0f0ff"> smtp<br> session<br> key cache
+</td>
+
+<td colspan="2"> </td> </tr>
+
+</table>
+
+<h2><a name="server_tls">SMTP Server specific settings</a></h2>
+
+<p> Topics covered in this section: </p>
+
+<ul>
+
+<li><a href="#server_cert_key">Server-side certificate and private
+key configuration </a>
+
+<li><a href="#server_pfs">Server-side forward-secrecy configuration </a>
+
+<li><a href="#server_logging"> Server-side TLS activity logging
+</a>
+
+<li><a href="#server_enable">Enabling TLS in the Postfix SMTP server </a>
+
+<li><a href="#server_vrfy_client">Client certificate verification</a>
+
+<li><a href="#server_tls_auth">Supporting AUTH over TLS only</a>
+
+<li><a href="#server_tls_cache">Server-side TLS session cache</a>
+
+<li><a href="#server_access">Server access control</a>
+
+<li><a href="#server_cipher">Server-side cipher controls</a>
+
+<li><a href="#server_misc"> Miscellaneous server controls</a>
+
+</ul>
+
+<h3><a name="server_cert_key">Server-side certificate and private
+key configuration </a> </h3>
+
+<p> In order to use TLS, the Postfix SMTP server generally needs
+a certificate and a private key. Both must be in "PEM" format. The
+private key must not be encrypted, meaning: the key must be accessible
+without a password. The certificate and private key may be in the same
+file, in which case the certificate file should be owned by "root" and
+not be readable by any other user. If the key is stored separately,
+this access restriction applies to the key file only, and the
+certificate file may be "world-readable". </p>
+
+<p> Public Internet MX hosts without certificates signed by a
+well-known public CA must still generate, and be prepared to present
+to most clients, a self-signed or private-CA signed certificate.
+The remote SMTP client will generally not be able to verify the
+self-signed certificate, but unless the client is running Postfix
+or similar software, it will only negotiate TLS ciphersuites that
+require a server certificate. </p>
+
+<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
+run without certificates you'd have to disable the TLS 1.3 protocol by
+including "&lt;=TLSv1.2" (or, for Postfix &lt; 3.6, "!TLSv1.3") in
+"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>".
+It is simpler instead to just configure a certificate chain.
+Certificate-less operation is not recommended. <p>
+
+<p> RSA, DSA and ECDSA (Postfix &ge; 2.6) certificates are supported.
+Most sites only have RSA certificates. You can configure all three
+at the same time, in which case the ciphersuite negotiated with the
+remote SMTP client determines which certificate is used. If your
+DNS zone is signed, and you want to publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>,
+<a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records, these must match all of the configured
+certificate chains. Since the best practice is to publish "3 1 1"
+certificate associations, create a separate TLSA record to match
+each public-key certificate digest. </p>
+
+<h4> Creating the server certificate file </h4>
+
+<p> To verify the Postfix SMTP server certificate, the remote SMTP
+client must receive the issuing CA certificates via the TLS handshake
+or via public-key infrastructure. This means that the Postfix server
+public-key certificate file must include the server certificate
+first, then the issuing CA(s) (bottom-up order). The Postfix SMTP
+server certificate must be usable as an SSL server certificate and
+hence pass the "<tt>openssl verify -purpose sslserver ...</tt>" test.
+</p>
+
+<p> The examples that follow show how to create a server certificate
+file. We assume that the certificate for "server.example.com" was
+issued by "intermediate CA" which itself has a certificate issued
+by "root CA". </p>
+
+<ul>
+
+<li> <p> With legacy public CA trust verification, you can omit the
+root certificate from the "server.pem" certificate file. If the
+client trusts the root CA, it will already have a local copy of the
+root CA certificate. Omitting the root CA certificate reduces the
+size of the server TLS handshake. </p>
+
+<blockquote>
+<pre>
+% <b>cat server_cert.pem intermediate_CA.pem &gt; server.pem</b>
+</pre>
+</blockquote>
+
+<li> <p> If you publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>)
+"2 0 1" or "2 1 1" records to specify root CA certificate digests,
+you must include the corresponding root CA certificates in the
+"server.pem" certificate file. </p>
+
+<blockquote>
+<pre>
+% <b>cat server_cert.pem intermediate_CA.pem root.pem &gt; server.pem</b>
+</pre>
+</blockquote>
+
+<p> Remote SMTP clients will be able to use the TLSA record you
+publish (which only contains the certificate digest) only if they
+have access to the corresponding certificate. Failure to verify
+certificates per the server's published TLSA records will typically
+cause the SMTP client to defer mail delivery. The foregoing also
+applies to "2 0 2" and "2 1 2" TLSA records or any other digest of
+a CA certificate, but it is expected that SHA256 will be by far the
+most common digest for TLSA. </p>
+
+<p> As a best practice, publish "3 1 1" TLSA associations that specify
+the SHA256 digest of the server's public key. These continue to work
+unmodified when a certificate is renewed with the same public/private
+key pair. </p>
+
+</ul>
+
+<p> For instructions on how to compute the digest of a certificate
+or its public key for use in TLSA records, see the documentation of
+the <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> <a href="postconf.5.html">main.cf</a> parameter. </p>
+
+<p> When a new key or certificate is generated, an additional TLSA
+record with the new digest must be published in advance of the
+actual deployment of the new key or certificate on the server. You
+must allow sufficient time for any TLSA RRsets with only the old
+digest to expire from DNS caches. The safest practice is to wait
+until the DNSSEC signature on the previous TLSA RRset expires, and
+only then switch the server to use new keys published in the updated
+TLSA RRset. Once the new certificate trust chain and private key
+are in effect, the DNS should be updated once again to remove the
+old digest from the TLSA RRset. </p>
+
+<p> If you want the Postfix SMTP server to accept remote SMTP client
+certificates issued by one or more root CAs, append the root
+certificate to $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>
+directory. </p>
+
+<h4> Configuring the server certificate and key files </h4>
+
+<p> Example: Postfix &ge; 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy just a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to
+five chains, one each for RSA, ECDSA, ED25519, ED448, and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix &ge; 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates. The root CA
+ # cert may also be needed when published as a DANE trust anchor.
+ #
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix &ge; 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix &le; 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+&ge; 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" interface shown
+above. <p>
+
+<p> RSA key and certificate examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>
+</pre>
+</blockquote>
+
+<p> Their DSA counterparts: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem
+ <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> = $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
+</pre>
+</blockquote>
+
+<p> Their ECDSA counterparts (Postfix &ge; 2.6 + OpenSSL &ge; 1.0.0): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Some clients will not be ECDSA capable, so you will likely still need
+ # an RSA certificate and private key.
+ #
+ <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/server-ecdsa.pem
+ <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> = $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>
+</pre>
+</blockquote>
+
+<p> TLS without certificates for servers serving exclusively
+anonymous-cipher capable clients: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Not recommended: breaks TLS 1.3 and clients that don't support
+ # anonymous cipher suites.
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none
+</pre>
+</blockquote>
+
+<p> To verify a remote SMTP client certificate, the Postfix SMTP
+server needs to trust the certificates of the issuing Certification
+Authorities. These certificates in "PEM" format can be stored in a
+single $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or in multiple files, one CA per file in
+the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory. If you use a directory, don't forget
+to create the necessary "hash" links with: </p>
+
+<blockquote>
+<pre>
+# <b>$OPENSSL_HOME/bin/c_rehash <i>/path/to/directory</i> </b>
+</pre>
+</blockquote>
+
+<p> The $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> contains the CA certificates of one or
+more trusted CAs. The file is opened (with root privileges) before
+Postfix enters the optional chroot jail and so need not be accessible
+from inside the chroot jail. </p>
+
+<p> Additional trusted CAs can be specified via the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>
+directory, in which case the certificates are read (with $<a href="postconf.5.html#mail_owner">mail_owner</a>
+privileges) from the files in the directory when the information
+is needed. Thus, the $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> directory needs to be
+accessible inside the optional chroot jail. </p>
+
+<p> When you configure the Postfix SMTP server to request <a
+href="#server_vrfy_client">client certificates</a>, the DNs of Certification
+Authorities in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the client, in order to allow
+it to choose an identity signed by a CA you trust. If no $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
+is specified, no preferred CA list is sent, and the client is free to
+choose an identity signed by any CA. Many clients use a fixed identity
+regardless of the preferred CA list and you may be able to reduce TLS
+negotiation overhead by installing client CA certificates mostly or
+only in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. In the latter case you need not specify a
+$<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>. </p>
+
+<p> Note, that unless client certificates are used to allow greater
+access to TLS authenticated clients, it is best to not ask for
+client certificates at all, as in addition to increased overhead
+some clients (notably in some cases qmail) are unable to complete
+the TLS handshake when client certificates are requested. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem
+ <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs
+</pre>
+</blockquote>
+
+<h3><a name="server_pfs"> Server-side forward-secrecy configuration </a> </h3>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+forward secrecy support in one place: what forward secrecy is, how
+to tweak settings, and what you can expect to see when Postfix uses
+ciphers with forward secrecy. </p>
+
+<h3><a name="server_logging"> Server-side TLS activity logging </a> </h3>
+
+<p> To get additional information about Postfix SMTP server TLS
+activity you can increase the log level from 0..4. Each logging
+level also includes the information that is logged at a lower
+logging level. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
+releases. </th> </tr>
+
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity. </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
+message on TLS handshake completion &mdash; no logging of client
+certificate trust-chain verification errors if client certificate
+verification is not required. </td> <td valign="top"> Log the summary
+message, peer certificate summary information and unconditionally log
+trust-chain verification errors. </td> </tr>
+
+<tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
+log levels during TLS negotiation. </td> </tr>
+
+<tr> <td valign="top"> 3 </td> <td valign="top" colspan="2"> Also
+log hexadecimal and ASCII dump of TLS negotiation process. </td>
+</tr>
+
+<tr> <td valign="top"> 4 </td> <td valign="top" colspan="2"> Also
+log hexadecimal and ASCII dump of complete transmission after
+STARTTLS. </td></tr>
+
+</table>
+
+</blockquote>
+
+<p> Use log level 3 only in case of problems. Use of log level 4 is
+strongly discouraged. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 0
+</pre>
+</blockquote>
+
+<p> To include information about the protocol and cipher used as
+well as the client and issuer CommonName into the "Received:"
+message header, set the <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> variable to true.
+The default is no, as the information is not necessarily authentic.
+Only information recorded at the final destination is reliable,
+since the headers may be changed by intermediate servers. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
+</pre>
+</blockquote>
+
+<h3><a name="server_enable">Enabling TLS in the Postfix SMTP server </a> </h3>
+
+<p> By default, TLS is disabled in the Postfix SMTP server, so no
+difference to plain Postfix is visible. Explicitly switch it on
+with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may". </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
+</pre>
+</blockquote>
+
+<p> With this, the Postfix SMTP server announces STARTTLS support to
+remote SMTP clients, but does not require that clients use TLS encryption.
+</p>
+
+<p> Note: when an unprivileged user invokes "sendmail -bs", STARTTLS
+is never offered due to insufficient privileges to access the Postfix
+SMTP server
+private key. This is intended behavior. </p>
+
+<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
+so that the Postfix SMTP server announces STARTTLS and accepts no
+mail without TLS encryption, by setting
+"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt". According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this
+MUST NOT be applied in case
+of a publicly-referenced Postfix SMTP server. This option is off
+by default and should only seldom be used. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
+</pre>
+</blockquote>
+
+<p> TLS is also used in the "wrapper" mode where
+a server always uses TLS, instead of announcing STARTTLS support
+and waiting for remote SMTP clients to request TLS service. Some
+clients, namely
+Outlook [Express] prefer the "wrapper" mode. This is true for OE
+(Win32 &lt; 5.0 and Win32 &gt;=5.0 when run on a port&lt;&gt;25
+and OE (5.01 Mac on all ports). </p>
+
+<p> It is strictly discouraged to use this mode from <a href="postconf.5.html">main.cf</a>. If
+you want to support this service, enable a special port in <a href="master.5.html">master.cf</a>
+and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" (note: no space around
+the "=") as an <a href="smtpd.8.html">smtpd(8)</a> command line option. Port 465 (smtps) was
+once chosen for this feature.
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtps inet n - n - - smtpd
+ -o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes -o <a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>=yes
+</pre>
+</blockquote>
+
+<h3><a name="server_vrfy_client">Client certificate verification</a> </h3>
+
+<p> To receive a remote SMTP client certificate, the Postfix SMTP
+server must explicitly ask for one (any contents of $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>
+are also sent to the client as a hint for choosing a certificate from
+a suitable CA). Unfortunately, Netscape clients will either complain
+if no matching client certificate is available or will offer the user
+client a list of certificates to choose from. Additionally some MTAs
+(notably some versions of qmail) are unable to complete TLS negotiation
+when client certificates are requested, and abort the SMTP session. So
+this option is "off" by default. You will however need the certificate
+if you want to use certificate based relaying with, for example, the
+<a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. A server that wants client certificates
+must first present its own certificate. While Postfix by default
+offers anonymous ciphers to remote SMTP clients, these are automatically
+suppressed
+when the Postfix SMTP server is configured to ask for client
+certificates. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
+</pre>
+</blockquote>
+
+<p> When TLS is <a href="#server_enforce">enforced</a> you may also decide
+to REQUIRE a remote SMTP client certificate for all TLS connections,
+by setting "<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes". This feature implies
+"<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". When TLS is not enforced,
+"<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes" is ignored and a warning is
+logged. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
+</pre>
+</blockquote>
+
+<p> The client certificate verification depth is specified with the
+<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> parameter. The default verification
+depth is 9 (the OpenSSL default), for compatibility with Postfix
+versions before 2.5 where <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> was ignored.
+When you configure trust in a
+root CA, it is not necessary to explicitly trust intermediary CAs signed
+by the root CA, unless $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> is less than the
+number of CAs in the certificate chain for the clients of interest. With
+a verify depth of 1 you can only verify certificates directly signed
+by a trusted CA, and all trusted intermediary CAs need to be configured
+explicitly. With a verify depth of 2 you can verify clients signed by a
+root CA or a direct intermediary CA (so long as the client is correctly
+configured to supply its intermediate CA certificate). </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> = 2
+</pre>
+</blockquote>
+
+<h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
+
+<p> Sending AUTH data over an unencrypted channel poses a security
+risk. When TLS layer encryption is required
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt"), the Postfix SMTP server will
+announce and accept AUTH only after the TLS layer has been activated
+with STARTTLS. When TLS layer encryption is optional
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may"), it may however still be useful
+to only offer AUTH when TLS is active. To maintain compatibility
+with non-TLS clients, the default is to accept AUTH without encryption.
+In order to change this behavior, set
+"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = no
+</pre>
+</blockquote>
+
+<h3><a name="server_tls_cache">Server-side TLS session cache</a> </h3>
+
+<p> The Postfix SMTP server and the remote SMTP client negotiate a
+session, which takes some computer time and network bandwidth. SSL
+protocol versions other than SSLv2 support resumption of cached
+sessions. Not only is this more CPU and bandwidth efficient, it
+also reduces latency as only one network round-trip is used to
+resume a session while it takes two round-trips to create a session
+from scratch. </p>
+
+<p> Since Postfix uses multiple <a href="smtpd.8.html">smtpd(8)</a> service processes, an
+in-memory cache is not sufficient for session re-use. Clients store
+at most one cached session per server and are very unlikely to
+repeatedly connect to the same server process. Thus session caching
+in the Postfix SMTP server generally requires a shared cache (an
+alternative available with Postfix &ge; 2.11 is described below).
+</p>
+
+<p> To share the session information between multiple
+<a href="smtpd.8.html">smtpd(8)</a> processes, a session cache database is used. You
+can specify any database type that can store objects of several
+kbytes and that supports the sequence operator. DBM databases are
+not suitable because they can only store small objects. The cache
+is maintained by the <a href="tlsmgr.8.html">tlsmgr(8)</a> process, so there is no problem with
+concurrent access. Session caching is highly recommended, because
+the cost of repeatedly negotiating TLS session keys is high.</p>
+
+<p> Starting with Postfix 2.11, linked with a compatible OpenSSL
+library (at least 0.9.8h, preferably 1.0.0 or later) the Postfix
+SMTP server supports <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session resumption without
+server-side state when the remote SMTP client also supports <a href="https://tools.ietf.org/html/rfc5077">RFC</a>
+<a href="https://tools.ietf.org/html/rfc5077">5077</a>. The session is encrypted by the server in a <i>session
+ticket</i> returned to client for storage. When a client sends a
+valid session ticket, the server decrypts it and resumes the session,
+provided neither the ticket nor the session have expired. This
+makes it possible to resume cached sessions without allocating space
+for a shared database on the server. Consequently, for Postfix
+&ge; 2.11 the <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> parameter should
+generally be left empty. Session caching can be disabled by setting
+the session cache timeout to zero, otherwise the timeout must be
+at least 2 minutes and at most 100 days. </p>
+
+<p> Note, session tickets can only be negotiated if the client
+disables SSLv2 and does not use the legacy SSLv2 compatible HELLO
+message. This is true by default with the Postfix &ge; 2.6 SMTP
+client. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtpd_scache
+</pre>
+</blockquote>
+
+<p> Note: as of version 2.5, Postfix no longer uses root privileges
+when opening this file. The file should now be stored under the
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
+open the file under a non-Postfix directory is redirected to the
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> Cached Postfix SMTP server session information expires after
+a certain amount of time. Postfix/TLS does not use the OpenSSL
+default of 300s, but a longer time of 3600sec (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
+recommends a maximum of 24 hours. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> = 3600s
+</pre>
+</blockquote>
+
+<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
+&le; 0, session caching is disabled. If set to a positive value
+less than 2 minutes, the minimum value of 2 minutes is used instead. </p>
+
+<p> When the Postfix SMTP server does not save TLS sessions to an
+external cache database, client-side session caching is unlikely
+to be useful. To reduce waste of client resources, the Postfix SMTP server can
+be configured to not issue TLS session ids. By default the Postfix
+SMTP server always issues TLS session ids. This works around known
+interoperability issues with some MUAs, and prevents possible
+interoperability issues with other MTAs. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+ <a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no
+</pre>
+</blockquote>
+
+<h3><a name="server_access">Server access control</a> </h3>
+
+<p> Postfix TLS support introduces three additional features for
+Postfix SMTP server access control: </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP
+client request if the client certificate fingerprint or certificate
+public key fingerprint (Postfix 2.9 and later) is listed in the
+client certificate table (see <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> discussion below).
+</p> </dd>
+
+<dt> <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </dt> <dd> <p> Allow the remote SMTP
+client request if the client certificate passes trust chain verification.
+Useful with private-label CAs that only issue certificates to trusted
+clients (and not otherwise). </p> </dd>
+
+<dt> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html">type:table</a></dt> <dd> <p> Use the remote
+SMTP client certificate fingerprint or public key fingerprint
+(Postfix 2.9 and later) as the lookup key for the specified <a href="access.5.html">access(5)</a>
+table. </p> </dd>
+
+</dl>
+
+</blockquote>
+
+<p> The digest algorithm used to compute the client certificate
+fingerprints is specified with the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>
+parameter. The default algorithm is <b>sha256</b> with Postfix &ge;
+3.6 and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With
+Postfix &le; 3.5, the default algorithm is <b>md5</b>. The
+best-practice algorithm is now <b>sha256</b>. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in
+favor of sha256. However, as long as there are no known "second
+pre-image" attacks against the older algorithms, their use in this
+context, though not recommended, is still likely safe. </p>
+
+<p> The <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> feature must be used with caution,
+because it can result in too many access permissions. Use this
+feature only if a special CA issues the client certificates, and
+only if this CA is listed as a trusted CA. If other CAs are trusted,
+any owner of a valid client certificate would be authorized.
+The <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> feature can be practical for a
+specially created email relay server. </p>
+
+<p> It is however recommended to stay with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+feature and list all certificates via $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>, as
+<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> does not permit any control when a
+certificate must no longer be used (e.g. an employee leaving). </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+# With Postfix 2.10 and later, the mail relay policy is
+# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+</pre>
+
+<pre>
+# Older configurations combine relay control and spam control under
+# <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. To use this example with Postfix &ge;
+# 2.10 specify "<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>=".
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>
+ <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ ...other rules...
+</pre>
+</blockquote>
+
+<p> Example: Postfix lookup tables are in the form of (key, value)
+pairs. Since we only need the key, the value can be chosen freely, e.g.
+the name of the user or host:</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts
+
+/etc/postfix/relay_clientcerts:
+ D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home
+</pre>
+</blockquote>
+
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+$ openssl x509 -in cert.pem -noout -pubkey |
+ openssl pkey -pubin -outform DER |
+ openssl dgst -sha256 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:...:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<h3><a name="server_cipher">Server-side cipher controls</a> </h3>
+
+<p> The Postfix SMTP server supports 5 distinct cipher grades as
+specified by the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter,
+which determines the minimum cipher grade with mandatory TLS
+encryption. The default minimum cipher grade for mandatory TLS is
+"medium" which is essentially 128-bit encryption or better. The
+<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> parameter (Postfix &ge; 2.6) controls the minimum
+cipher grade used with opportunistic TLS. Here, the default minimum
+cipher grade is "medium" for Postfix releases after the middle of
+2015, "export" for older Postfix releases. With Postfix &lt; 2.6,
+the minimum opportunistic TLS cipher grade is always "export". </p>
+
+<p> By default anonymous ciphers are enabled. They are automatically
+disabled when remote SMTP client certificates are requested. If
+clients are expected to always verify the Postfix SMTP
+server certificate you may want to disable anonymous ciphers
+by setting "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL" or
+"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL", as appropriate. One can't force
+a remote SMTP client to check the server certificate, so excluding
+anonymous ciphers is generally unnecessary. </p>
+
+<p> With mandatory and opportunistic TLS encryption, the Postfix
+SMTP server by default disables SSLv2 and SSLv3 with Postfix releases
+after the middle of 2015; older releases only disable SSLv2 for
+mandatory TLS. The mandatory TLS protocol list is specified via the
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> configuration parameter. The
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> parameter (Postfix &ge; 2.6)
+controls the TLS protocols used with opportunistic TLS. </p>
+
+<p> Note that the OpenSSL library only supports protocol exclusion
+(not inclusion). For this reason, Postfix can exclude only protocols
+that are known at the time the Postfix software is written. If new
+protocols are added to the OpenSSL library, they cannot be excluded
+without corresponding changes to the Postfix source code. </p>
+
+<p> For a server that is not a public Internet MX host, Postfix
+supports configurations with no <a href="#server_cert_key">server
+certificates</a> that use <b>only</b> the anonymous ciphers. This is
+enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
+and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>.
+Such configurations may not interoperate with some clients, and require
+that TLSv1.3 be explicitly disabled. Therefore, they are not
+recommended, it is better and simpler to just configure a suitable
+certificate. </p>
+
+<p> Example, MSA that requires TLSv1.2 or higher, with high grade
+ciphers: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/cert.pem
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
+ <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
+ <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
+ # Preferred syntax with Postfix &ge; 3.6:
+ <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2
+ # Legacy syntax:
+ <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+</pre>
+</blockquote>
+
+<p> With Postfix &ge; 3.4, specify instead a single file that holds the
+key followed by the corresponding certificate and any associated issuing
+certificates, leaving the "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>" and "<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>"
+and related DSA and ECDSA parameters empty. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = /etc/postfix/rsachain.pem
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> =
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> =
+ ...
+</pre>
+</blockquote>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+forward secrecy support in one place: what forward secrecy is, how
+to tweak settings, and what you can expect to see when Postfix uses
+ciphers with forward secrecy. </p>
+
+<p> Postfix 2.8 and later, in combination with OpenSSL 0.9.7 and later
+allows TLS servers to preempt the TLS client's cipher-suite preference list.
+This is possible only with SSLv3 and later, as in SSLv2 the client
+chooses the cipher-suite from a list supplied by the server. </p>
+
+<p> By default, the OpenSSL server selects the client's most preferred
+cipher-suite that the server supports. With SSLv3 and later, the server
+may choose its own most preferred cipher-suite that is supported (offered)
+by the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server
+cipher-suite preferences. The default OpenSSL behavior applies with
+"<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = no". </p>
+
+<p> While server cipher-suite selection may in some cases lead to
+a more secure or performant cipher-suite choice, there is some risk
+of interoperability issues. In the past, some SSL clients have
+listed lower priority ciphers that they did not implement correctly.
+If the server chooses a cipher that the client prefers less, it may
+select a cipher whose client implementation is flawed. Most notably
+Windows 2003 Microsoft Exchange servers have flawed implementations
+of DES-CBC3-SHA, which OpenSSL considers stronger than RC4-SHA.
+Enabling server cipher-suite selection may create interoperability
+issues with Windows 2003 Microsoft Exchange clients. </p>
+
+<h3><a name="server_misc"> Miscellaneous server controls</a> </h3>
+
+<p> The <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> parameter limits the time of Postfix
+SMTP server write and read operations during TLS startup and shutdown
+handshake procedures. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> = 300s
+</pre>
+</blockquote>
+
+<p> With Postfix 2.8 and later, the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter
+specifies a list or bit-mask of default-enabled OpenSSL bug
+work-arounds to disable. This may be necessary if one of the
+work-arounds enabled by default in OpenSSL proves to pose a security
+risk, or introduces an unexpected interoperability issue. The list
+of enabled bug work-arounds is OpenSSL-release-specific. See the
+<a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter documentation for the list of
+supported values.</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> = 0xFFFFFFFF
+ <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> = CVE-2010-4180
+</pre>
+</blockquote>
+
+<p> With Postfix &ge; 2.11, the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter specifies
+a list or bit-mask of OpenSSL options to enable. Specify one or
+more of the named options below, or a hexadecimal bitmask of options
+found in the ssl.h file corresponding to the run-time OpenSSL
+library. While it may be reasonable to turn off all bug workarounds
+(see above), it is not a good idea to attempt to turn on all features.
+See the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter documentation for the list of
+supported values. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> = no_ticket, no_compression
+</pre>
+</blockquote>
+
+<p> You should only enable features via the hexadecimal mask when
+the need to control the feature is critical (to deal with a new
+vulnerability or a serious interoperability problem). Postfix DOES
+NOT promise backwards compatible behavior with respect to the mask
+bits. A feature enabled via the mask in one release may be enabled
+by other means in a later release, and the mask bit will then be
+ignored. Therefore, use of the hexadecimal mask is only a temporary
+measure until a new Postfix or OpenSSL release provides a better
+solution. </p>
+
+<h2> <a name="client_tls">SMTP Client specific settings</a> </h2>
+
+<p> Topics covered in this section: </p>
+
+<ul>
+
+<li><a href="#client_tls_levels"> Configuring TLS in the SMTP/LMTP client </a>
+
+<li><a href="#client_logging"> Client-side TLS activity logging </a>
+
+<li><a href="#client_cert_key">Client-side certificate and private
+key configuration </a>
+
+<li><a href="#client_tls_reuse">Client-side TLS connection reuse</a>
+
+<li><a href="#client_tls_cache">Client-side TLS session cache</a>
+
+<li><a href="#client_tls_limits"> Client TLS limitations </a>
+
+<li><a href="#client_tls_policy"> Per-destination TLS policy </a>
+
+<li><a href="#client_tls_discover"> Discovering servers that support TLS </a>
+
+<li><a href="#client_vrfy_server">Server certificate verification depth</a>
+
+<li> <a href="#client_cipher">Client-side cipher controls </a>
+
+<li> <a href="#client_smtps">Client-side SMTPS support </a>
+
+<li> <a href="#client_misc"> Miscellaneous client controls </a>
+
+</ul>
+
+<h3><a name="client_tls_levels"> Configuring TLS in the SMTP/LMTP client </a>
+</h3>
+
+<p> Similar to the Postfix SMTP server, the Postfix SMTP/LMTP client
+implements multiple TLS security levels. These levels are described
+in more detail in the sections that follow.</p>
+
+<dl>
+<dt><b>none</b></dt>
+<dd><a href="#client_tls_none">No TLS.</a></dd>
+<dt><b>may</b></dt>
+<dd><a href="#client_tls_may">Opportunistic TLS.</a></dd>
+<dt><b>encrypt</b></dt>
+<dd><a href="#client_tls_encrypt">Mandatory TLS encryption.</a>
+<dt><b>dane</b></dt>
+<dd><a href="#client_tls_dane">Opportunistic DANE TLS.</a>
+<dt><b>dane-only</b></dt>
+<dd><a href="#client_tls_dane">Mandatory DANE TLS.</a>
+<dt><b>fingerprint</b></dt>
+<dd><a href="#client_tls_fprint">Certificate fingerprint verification.</a>
+<dt><b>verify</b></dt>
+<dd><a href="#client_tls_verify">Mandatory server certificate verification.</a>
+<dt><b>secure</b></dt>
+<dd><a href="#client_tls_secure">Secure-channel TLS.</a>
+</dl>
+
+<h4><a name="client_lmtp_tls"> TLS support in the LMTP delivery agent </a> </h4>
+
+<p> The <a href="smtp.8.html">smtp(8)</a> and <a href="lmtp.8.html">lmtp(8)</a> delivery agents are implemented by a
+single dual-purpose program. Specifically, all the TLS features
+described below apply
+equally to SMTP and LMTP, after replacing the "smtp_" prefix of the each
+parameter name with "lmtp_".
+
+<p> The Postfix LMTP delivery agent can communicate with LMTP servers
+listening
+on UNIX-domain sockets. When server certificate verification is enabled
+and the server is listening on a UNIX-domain socket, the $<a href="postconf.5.html#myhostname">myhostname</a>
+parameter is used to set the TLS verification <i>nexthop</i> and
+<i>hostname</i>. </p>
+
+<p> NOTE: Opportunistic encryption of LMTP traffic over UNIX-domain
+sockets or loopback TCP connections is futile. TLS is only useful
+in this context when
+it is mandatory, typically to allow at least one of the server or the
+client to authenticate the other. The "null" cipher grade may be
+appropriate in this context, when available on both client and server.
+The "null" ciphers provide authentication without encryption. </p>
+
+<h4><a name="client_tls_none"> No TLS encryption </a> </h4>
+
+<p> At the "none" TLS security level, TLS encryption is
+disabled. This is the default security level, and
+can be configured explicitly by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none".
+For LMTP, use the corresponding "lmtp_" parameter. </p>
+
+<p> Per-destination settings may override this default setting, in which case
+TLS is used selectively, only with destinations explicitly configured
+for TLS. </p>
+
+<p> You can disable TLS for a subset of destinations, while leaving
+it enabled for the rest. With the Postfix TLS <a
+href="#client_tls_policy">policy table</a>, specify the "none"
+security level.
+
+<h4><a name="client_tls_may"> Opportunistic TLS </a> </h4>
+
+<p> At the "may" TLS security level, TLS encryption is <i>opportunistic</i>.
+The SMTP transaction is encrypted if the STARTTLS ESMTP feature
+is supported by the server. Otherwise, messages are sent in the clear.
+Opportunistic TLS can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may".
+For LMTP, use the corresponding "lmtp_" parameter. </p>
+
+<p> The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration
+parameters (Postfix &ge; 2.6) provide control over the cipher grade
+and protocols used with opportunistic TLS. With earlier Postfix
+releases, opportunistic TLS always uses the cipher grade "export"
+and enables all protocols. </p>
+
+<p> With opportunistic TLS, mail delivery continues even if the
+server certificate is untrusted or bears the wrong name.
+When the TLS handshake fails for an opportunistic
+TLS session, rather than give up on mail delivery, the Postfix SMTP
+client retries the transaction
+with TLS disabled. Trying an unencrypted connection makes
+it possible to deliver mail to sites with non-interoperable server
+TLS implementations. </p>
+
+<p> Opportunistic encryption is never used for LMTP over UNIX-domain
+sockets. The communications channel is already confidential without
+TLS, so the only potential benefit of TLS is authentication. Do not
+configure opportunistic TLS for LMTP deliveries over UNIX-domain sockets.
+Only configure TLS for LMTP over UNIX-domain sockets at the
+<a href="#client_tls_encrypt">encrypt</a> security level or higher.
+Attempts to configure opportunistic encryption of LMTP sessions will
+be ignored with a warning written to the mail logs. </p>
+
+<p> You can enable opportunistic TLS just for selected destinations. With
+the Postfix TLS <a href="#client_tls_policy">policy table</a>,
+specify the "may" security level. </p>
+
+<p> This is the most common security level for TLS protected SMTP
+sessions, stronger security is not generally available and, if needed,
+is typically only configured on a per-destination basis. See the section
+on TLS <a href="#client_tls_limits">limitations</a> above. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+</pre>
+</blockquote>
+
+<h4><a name="client_tls_encrypt"> Mandatory TLS encryption </a> </h4>
+
+<p> At the "encrypt" TLS security level, messages are sent only
+over TLS encrypted sessions. The SMTP transaction is aborted unless
+the STARTTLS ESMTP feature is supported by the remote SMTP server.
+If no suitable
+servers are found, the message will be deferred.
+Mandatory TLS encryption can be configured by setting
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt". Even though TLS
+encryption is always used, mail delivery continues even if the server
+certificate is untrusted or bears the wrong name.
+For LMTP, use the corresponding "lmtp_" parameter. </p>
+
+<p> At this security level and higher, the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+and <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameters determine
+the list of sufficiently secure SSL protocol versions and the minimum
+cipher strength. If the protocol or cipher requirements are not
+met, the mail transaction is aborted. The documentation for these
+parameters includes useful interoperability and security guidelines.
+</p>
+
+<p> Despite the potential for eliminating passive eavesdropping attacks,
+mandatory TLS encryption is not viable as a default security level for
+mail delivery to the public Internet. Some MX hosts do not support TLS at
+all, and some of those that do have broken implementations. On a host
+that delivers mail to the Internet, you should not configure mandatory
+TLS encryption as the default security level. </p>
+
+<p> You can enable mandatory TLS encryption just for specific destinations.
+With the Postfix TLS <a href="#client_tls_policy">policy
+table</a>, specify the "encrypt" security level.
+</p>
+
+<p> Examples: </p>
+
+<p> In the example below, traffic to <i>example.com</i> and its sub-domains
+via the corresponding MX hosts always uses TLS. The SSLv2 protocol
+will be disabled (the default setting of <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+excludes SSLv2+3). Only high- or medium-strength (i.e. 128 bit or
+better) ciphers will be used by default for all "encrypt" security
+level sessions. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+
+/etc/postfix/tls_policy:
+ example.com encrypt
+ .example.com encrypt
+</pre>
+</blockquote>
+
+<p> In the next example, secure message submission is configured
+via the MSA "<tt>[example.net]:587</tt>". TLS sessions are encrypted
+without authentication, because this MSA does not possess an acceptable
+certificate. This MSA is known to be capable of "TLSv1" and "high" grade
+ciphers, so these are selected via the <a href="#client_tls_policy">policy
+table</a>. </p>
+
+<p><b>Note:</b> the policy table lookup key is the verbatim next-hop
+specification from the recipient domain, <a href="transport.5.html">transport(5)</a> table or <a href="postconf.5.html#relayhost">relayhost</a>
+parameter, with any enclosing square brackets and optional port. Take
+care to be consistent: the suffixes ":smtp" or ":25" or no port suffix
+result in different policy table lookup keys, even though they are
+functionally equivalent nexthop specifications. Use at most one of these
+forms for all destinations. Below, the policy table has multiple keys,
+just in case the transport table entries are not specified consistently. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+
+/etc/services:
+ submission 587/tcp msa # mail message submission
+
+/etc/postfix/tls_policy:
+ # Postfix &ge; 3.6 "protocols" syntax
+ [example.net]:587 encrypt protocols=&gt;=TLSv1.2 ciphers=high
+ # Legacy "protocols" syntax
+ [example.net]:msa encrypt protocols=!SSLv2:!SSLv3 ciphers=high
+</pre>
+</blockquote>
+
+<h4><a name="client_tls_dane">DANE TLS authentication.</a> </h4>
+
+<p> The Postfix SMTP client supports two TLS security levels based
+on DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records. The opportunistic
+"dane" level and the mandatory "dane-only" level. </p>
+
+<p> The "dane" level is a stronger form of <a
+href="#client_tls_may">opportunistic</a> TLS that is resistant to
+man in the middle and downgrade attacks when the destination domain
+uses DNSSEC to publish DANE TLSA records for its MX hosts. If a
+remote SMTP server has "usable" (see section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) DANE
+TLSA records, the server connection will be authenticated. When
+DANE authentication fails, there is no fallback to unauthenticated
+or plaintext delivery. </p>
+
+<p> If TLSA records are published for a given remote SMTP server
+(implying TLS support), but are all "unusable" due to unsupported
+parameters or malformed data, the Postfix SMTP client will use <a
+href="#client_tls_encrypt">mandatory</a> unauthenticated TLS.
+Otherwise, when no TLSA records are published, the Postfix SMTP
+client behavior is the same as with <a href="#client_tls_may">may</a>. </p>
+
+<p> TLSA records must be published in DNSSEC validated DNS zones.
+Any TLSA records in DNS zones not protected via DNSSEC are ignored.
+The Postfix SMTP client will not look for TLSA records associated
+with MX hosts whose "A" or "AAAA" records lie in an "insecure" DNS
+zone. Such lookups have been observed to cause interoperability
+issues with poorly implemented DNS servers, and are in any case not
+expected to ever yield "secure" results, since that would require
+a very unlikely DLV DNS trust anchor configured between the host
+record and the associated "_25._tcp" child TLSA record. </p>
+
+<p> The "dane-only" level is a form of <a
+href="#client_tls_secure">secure-channel</a> TLS based on the DANE PKI.
+If "usable" TLSA records are present these are used to authenticate the
+remote SMTP server. Otherwise, or when server certificate verification
+fails, delivery via the server in question tempfails. </p>
+
+<p> At both security levels, the TLS policy for the destination is
+obtained via TLSA records validated with DNSSEC. For TLSA policy
+to be in effect, the destination domain's containing DNS zone must
+be signed and the Postfix SMTP client's operating system must be
+configured to send its DNS queries to a recursive DNS nameserver
+that is able to validate the signed records. Each MX host's DNS
+zone needs to also be signed, and needs to publish DANE TLSA (see
+section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records that specify how that MX host's TLS
+certificate is to be verified. </p>
+
+<p> TLSA records do not preempt the normal SMTP MX host
+selection algorithm, if some MX hosts support TLSA and others do
+not, TLS security will vary from delivery to delivery. It is up
+to the domain owner to configure their MX hosts and their DNS
+sensibly. To configure the Postfix SMTP client for DNSSEC lookups
+see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a>
+parameter. The <a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a> parameter controls the list of
+supported digests. </p>
+
+<p> As explained in section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>, certificate usages "0"
+and "1", which are intended to "constrain" existing Web-PKI trust,
+are not supported with MTA-to-MTA SMTP. Rather, TLSA records with
+usages "0" and "1" are treated as "unusable". </p>
+
+<p> The Postfix SMTP client supports only certificate usages "2"
+and "3". Experimental support for silently mapping certificate
+usage "1" to "3" has been withdrawn starting with Postfix 3.2. </p>
+
+<p> When usable TLSA records are obtained for the remote SMTP server
+the Postfix SMTP client sends the SNI TLS extension in its SSL
+client hello message. This may help the remote SMTP server live
+up to its promise to provide a certificate that matches its TLSA
+records. </p>
+
+<p> For purposes of protocol and cipher selection, the "dane"
+security level is treated like a "mandatory" TLS security level,
+and weak ciphers and protocols are disabled. Since DANE authenticates
+server certificates the "aNULL" cipher-suites are transparently
+excluded at this level, no need to configure this manually. <a href="https://tools.ietf.org/html/rfc7672">RFC</a>
+<a href="https://tools.ietf.org/html/rfc7672">7672</a> (DANE) TLS authentication is available with Postfix 2.11 and
+later. </p>
+
+<p> When a DANE TLSA record specifies a trust-anchor (TA) certificate
+(that is an issuing CA), the strategy used to verify the peername
+of the server certificate is unconditionally "nexthop, hostname".
+Both the nexthop domain and the hostname obtained from the
+DNSSEC-validated MX lookup are safe from forgery and the server
+certificate must contain at least one of these names. </p>
+
+<p> When a DANE TLSA record specifies an end-entity (EE) certificate,
+(that is the actual server certificate), as with the fingerprint
+security level below, no name checks or certificate expiration checks
+are applied. The server certificate (or its public key) either matches
+the DANE record or not. Server administrators should publish such
+EE records in preference to all other types. </p>
+
+<p> The pre-requisites for DANE support in the Postfix SMTP client are: </p>
+<ul>
+<li> A <i>compile-time</i> OpenSSL library that supports the TLS SNI
+extension and "SHA-2" message digests.
+<li> A <i>compile-time</i> DNS resolver library that supports DNSSEC.
+Postfix binaries built on an older system will not support DNSSEC even
+if deployed on a system with an updated resolver library.
+<li> The "<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" must be set to "dnssec".
+<li> The "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter must include "dns".
+<li> A DNSSEC-validating recursive resolver (see note below).
+</ul>
+<p> The above client pre-requisites do not apply to the Postfix SMTP server.
+It will support DANE provided it supports TLSv1 and its TLSA records are
+published in a DNSSEC signed zone. To receive DANE secured mail for multiple
+domains, use the same hostname to add the server to each domain's MX
+records. The Postfix SMTP server supports SNI (Postfix 3.4 and later),
+configured with <a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a>. </p>
+
+<p> Note: The Postfix SMTP client's internal stub DNS resolver is
+DNSSEC-aware, but it does not itself validate DNSSEC records, rather
+it delegates DNSSEC validation to the operating system's configured
+recursive DNS nameserver. The Postfix DNS client relies on a secure
+channel to the resolver's cache for DNSSEC integrity, but does not
+support TSIG to protect the transmission channel between itself and
+the nameserver. Therefore, it is strongly recommended (DANE security
+guarantee void otherwise) that each MTA run a local DNSSEC-validating
+recursive resolver ("unbound" from nlnetlabs.nl is a reasonable
+choice) listening on the loopback interface, and that the system
+be configured to use <i>only</i> this local nameserver. The local
+nameserver may forward queries to an upstream recursive resolver
+on another host if desired. </p>
+
+<p> Note: When the operating system's recursive nameserver is not
+local, enabling EDNS0 expanded DNS packet sizes and turning on the
+DNSSEC "DO" bit in the DNS request and/or the new DNSSEC-specific
+records returned in the nameserver's replies may cause problems
+with older or buggy firewall and DNS server implementations.
+Therefore, Postfix does not enable DNSSEC by default. Since MX
+lookups happen before the security level is determined, DANE support
+is disabled for all destinations unless you set "<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
+= dnssec". To enable DNSSEC lookups selectively, define a new
+dedicated transport with a "-o <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>=dnssec"
+override in <a href="master.5.html">master.cf</a> and route selected domains to that transport.
+If DNSSEC proves to be sufficiently reliable for these domains, you
+can enable it for all destinations by changing the global
+<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> in <a href="postconf.5.html">main.cf</a>. </p>
+
+<p><b>Example</b>: "dane" security for selected destinations, with
+opportunistic TLS by default. This is the recommended configuration
+for early adopters. <p>
+<ul>
+<li> <p> The "example.com" destination uses DANE, but if TLSA records
+are not present or are unusable, mail is deferred. </p>
+
+<li> <p> The "example.org" destination uses DANE if possible, but if no TLSA
+records are found opportunistic TLS is used. </p>
+</ul>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html">main.cf</a>:
+ indexed = ${<a href="postconf.5.html#default_database_type">default_database_type</a>}:${<a href="postconf.5.html#config_directory">config_directory</a>}/
+ #
+ # default: Opportunistic TLS with no DNSSEC lookups.
+ #
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+ <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = enabled
+ #
+ # Per-destination TLS policy
+ #
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = ${indexed}tls_policy
+ #
+ # <a href="postconf.5.html#default_transport">default_transport</a> = smtp, but some destinations are special:
+ #
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = ${indexed}transport
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+transport:
+ example.com dane
+ example.org dane
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+tls_policy:
+ example.com dane-only
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+<a href="master.5.html">master.cf</a>:
+ dane unix - - n - - smtp
+ -o <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>=dnssec
+ -o <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>=dane
+</pre>
+</blockquote>
+
+<h4><a name="client_tls_fprint"> Certificate fingerprint verification </a> </h4>
+
+<p> At the <i>fingerprint</i> security level, no trusted Certification
+Authorities are used or required. The certificate trust chain,
+expiration date, etc., are not checked. Instead, the
+<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> parameter or the "match" attribute
+in the <a href="#client_tls_policy">policy</a> table lists the
+remote SMTP server certificate fingerprint or public key fingerprint.
+Certificate fingerprint verification is available with Postfix 2.5
+and later, public-key fingerprint support is available with Postfix
+2.9 and later. </p>
+
+<p> If certificate fingerprints are exchanged securely, this is the
+strongest, and least scalable security level. The administrator needs
+to securely collect the fingerprints of the X.509 certificates of each
+peer server, store them into a local file, and update this local file
+whenever the peer server's public certificate changes. If public key
+fingerprints are used in place of fingerprints of the entire certificate,
+the fingerprints remain valid even after the certificate is renewed,
+<b>provided</b> that the same public/private keys are used to obtain
+the new certificate. </p>
+
+<p> Fingerprint verification may be feasible for an SMTP "VPN" connecting
+a small number of branch offices over the Internet, or for secure
+connections to a central mail hub. It works poorly if the remote SMTP
+server is managed by a third party, and its public certificate changes
+periodically without prior coordination with the verifying site. </p>
+
+<p> The digest algorithm used to calculate the fingerprint is
+selected by the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. In the <a
+href="#client_tls_policy">policy</a> table multiple fingerprints can be
+combined with a "|" delimiter in a single match attribute, or multiple
+match attributes can be employed. The ":" character is not used as a
+delimiter as it occurs between each pair of fingerprint (hexadecimal)
+digits. </p>
+
+<p> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher; with Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. The
+best-practice algorithm is now <b>sha256</b>. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in
+favor of sha256. However, as long as there are no known "second
+pre-image" attacks against the older algorithms, their use in this
+context, though not recommended, is still likely safe. </p>
+
+<p> Example: fingerprint TLS security with an internal mailhub.
+Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple
+physical hosts behind a load-balancer, each with its own private/public
+key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may
+be in the process of switching from one set of private/public keys to
+another, and both keys are trusted just prior to the transition. </p>
+
+<blockquote>
+<pre>
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+ <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
+ 51:e9:af:2e:1e:40:1f:de:64:...:30:35:2d:09:16:31:5a:eb:82:76
+ b6:b4:72:34:e2:59:cd:fb:c2:...:63:0d:4d:cc:2c:7d:84:de:e6:2f
+</pre>
+</blockquote>
+
+<p> Example: Certificate fingerprint verification with selected destinations.
+As in the example above, we show two matching fingerprints: </p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+</pre>
+</blockquote>
+<blockquote>
+<pre>
+/etc/postfix/tls_policy:
+ example.com fingerprint
+ match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
+ match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
+</pre>
+</blockquote>
+
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+$ openssl x509 -in cert.pem -noout -pubkey |
+ openssl pkey -pubin -outform DER |
+ openssl dgst -sha256 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:...:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<h4><a name="client_tls_verify"> Mandatory server certificate verification </a> </h4>
+
+<p> At the <i>verify</i> TLS security level, messages are sent only over
+TLS encrypted sessions if the remote SMTP server certificate is
+valid (not
+expired or revoked, and signed by a trusted Certification Authority)
+and where the server certificate name matches a known pattern.
+Mandatory
+server certificate verification can be configured by setting
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify". The
+<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
+"hostname" certificate name matching strategy. Fine-tuning the
+matching strategy is generally only appropriate for <a
+href="#client_tls_secure">secure-channel</a> destinations.
+For LMTP use the corresponding "lmtp_" parameters. </p>
+
+<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
+and <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName
+certificate extension are used to verify the remote SMTP server name.
+If no
+DNS names are specified, the certificate CommonName is checked.
+If you want mandatory encryption without server certificate
+verification, see <a href="#client_tls_encrypt">above</a>. </p>
+
+<p> With Postfix &ge; 2.11 the "<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter
+or more typically the corresponding per-destination "tafile" attribute
+optionally modifies trust chain verification. If the parameter is
+not empty the root CAs in CAfile and CApath are no longer trusted.
+Rather, the Postfix SMTP client will only trust certificate-chains
+signed by one of the trust-anchors contained in the chosen files.
+The specified trust-anchor certificates and public keys are not
+subject to expiration, and need not be (self-signed) root CAs. They
+may, if desired, be intermediate certificates. Therefore, these
+certificates also may be found "in the middle" of the trust chain
+presented by the remote SMTP server, and any untrusted issuing
+parent certificates will be ignored. </p>
+
+<p> Despite the potential for eliminating "man-in-the-middle" and other
+attacks, mandatory certificate trust chain and subject name verification
+is not viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
+MTAs use self-signed certificates, or certificates that are signed by
+a private Certification Authority. On a machine that delivers mail to
+the Internet, you should not configure mandatory server certificate
+verification as a default policy. </p>
+
+<p> Mandatory server certificate verification as a default security
+level may be appropriate if you know that you will only connect to
+servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present verifiable
+server certificates. An example would be a client that sends all
+email to a central mailhub that offers the necessary STARTTLS
+support. In such cases, you can often use a <a
+href="#client_tls_secure">secure-channel</a> configuration instead.
+</p>
+
+<p> You can enable mandatory server certificate verification just
+for specific destinations. With the Postfix TLS <a
+href="#client_tls_policy">policy table</a>, specify the "verify"
+security level. </p>
+
+<p> Example: </p>
+
+<p> In this example, the Postfix SMTP client encrypts all traffic to the
+<i>example.com</i> domain. The peer hostname is verified, but
+verification is vulnerable to DNS response forgery. Mail transmission
+to <i>example.com</i> recipients uses "high" grade ciphers. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ indexed = ${<a href="postconf.5.html#default_database_type">default_database_type</a>}:${<a href="postconf.5.html#config_directory">config_directory</a>}/
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/CAfile.pem
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = ${indexed}tls_policy
+
+/etc/postfix/tls_policy:
+ example.com verify ciphers=high
+</pre>
+</blockquote>
+
+<h4><a name="client_tls_secure"> Secure server certificate verification </a> </h4>
+
+<p> At the <i>secure</i> TLS security level, messages are sent only over
+<i>secure-channel</i> TLS sessions where DNS forgery resistant server
+certificate verification succeeds. If no suitable servers are found, the
+message will be deferred. Postfix secure-channels
+can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure".
+The <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter can override the default
+"nexthop, dot-nexthop" certificate match strategy.
+For LMTP, use the corresponding "lmtp_" parameters. </p>
+
+<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and
+<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName certificate
+extension are used to verify the remote SMTP server name. If no DNS names
+are
+specified, the CommonName is checked. If you want mandatory encryption
+without server certificate verification, see <a
+href="#client_tls_encrypt">above</a>. </p>
+
+<p> With Postfix &ge; 2.11 the "<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter
+or more typically the corresponding per-destination "tafile" attribute
+optionally modifies trust chain verification. If the parameter is
+not empty the root CAs in CAfile and CApath are no longer trusted.
+Rather, the Postfix SMTP client will only trust certificate-chains
+signed by one of the trust-anchors contained in the chosen files.
+The specified trust-anchor certificates and public keys are not
+subject to expiration, and need not be (self-signed) root CAs. They
+may, if desired, be intermediate certificates. Therefore, these
+certificates also may be found "in the middle" of the trust chain
+presented by the remote SMTP server, and any untrusted issuing
+parent certificates will be ignored. </p>
+
+<p> Despite the potential for eliminating "man-in-the-middle" and other
+attacks, mandatory secure server certificate verification is not
+viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
+MTAs use self-signed certificates, or certificates that are signed
+by a private Certification Authority. On a machine that delivers mail
+to the Internet, you should not configure secure TLS verification
+as a default policy. </p>
+
+<p> Mandatory secure server certificate verification as a default
+security level may be appropriate if you know that you will only
+connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present
+verifiable server certificates. An example would be a client that
+sends all email to a central mailhub that offers the necessary
+STARTTLS support. </p>
+
+<p> You can enable secure TLS verification just for specific destinations.
+With the Postfix TLS <a href="#client_tls_policy">policy table</a>,
+specify the "secure" security level. </p>
+
+<p> Examples: </p>
+
+<ul>
+
+<li> <p> Secure-channel TLS without <a href="transport.5.html">transport(5)</a> table overrides: </p>
+
+<p> The Postfix SMTP client will encrypt all traffic and verify the
+destination name
+immune from forged DNS responses. MX lookups are still used to find
+the hostnames of the SMTP servers for <i>example.com</i>, but these
+hostnames are not used when
+checking the names in the server certificate(s). Rather, the requirement
+is that the MX hosts for <i>example.com</i> have trusted certificates
+with a subject name of <i>example.com</i> or a sub-domain, see the
+documentation for the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. </p>
+
+<p> The related domains <i>example.co.uk</i> and <i>example.co.jp</i> are
+hosted on the same MX hosts as the primary <i>example.com</i> domain, and
+traffic to these is secured by verifying the primary <i>example.com</i>
+domain in the server certificates. This frees the server administrator
+from needing the CA to sign certificates that list all the secondary
+domains. The downside is that clients that want secure channels to the
+secondary domains need explicit TLS <a href="#client_tls_policy">policy
+table</a> entries. </p>
+
+<p> Note, there are two ways to handle related domains. The first is to
+use the default routing for each domain, but add policy table entries
+to override the expected certificate subject name. The second is to
+override the next-hop in the transport table, and use a single policy
+table entry for the common nexthop. We choose the first approach,
+because it works better when domain ownership changes. With the second
+approach we securely deliver mail to the wrong destination, with the
+first approach, authentication fails and mail stays in the local queue,
+the first approach is more appropriate in most cases. <p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAfile.pem
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+
+/etc/postfix/transport:
+
+/etc/postfix/tls_policy:
+ example.com secure
+ example.co.uk secure match=example.com:.example.com
+ example.co.jp secure match=example.com:.example.com
+</pre>
+</blockquote>
+
+<li> <p> Secure-channel TLS with <a href="transport.5.html">transport(5)</a> table overrides: <p>
+
+<p> In this case traffic to <i>example.com</i> and its related domains
+is sent to a single logical gateway (to avoid a single point of failure,
+its name may resolve to one or more load-balancer addresses, or to the
+combined addresses of multiple physical hosts). All the physical hosts
+reachable via the gateway's IP addresses have the logical gateway name
+listed in their certificates. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAfile.pem
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+
+/etc/postfix/transport:
+ example.com <a href="smtp.8.html">smtp</a>:[tls.example.com]
+ example.co.uk <a href="smtp.8.html">smtp</a>:[tls.example.com]
+ example.co.jp <a href="smtp.8.html">smtp</a>:[tls.example.com]
+
+/etc/postfix/tls_policy:
+ [tls.example.com] secure match=tls.example.com
+</pre>
+</blockquote>
+
+</ul>
+
+<h3><a name="client_logging"> Client-side TLS activity logging </a> </h3>
+
+<p> To get additional information about Postfix SMTP client TLS
+activity you can increase the loglevel from 0..4. Each logging
+level also includes the information that is logged at a lower
+logging level. </p>
+
+<blockquote>
+
+<table border="1">
+
+<tr> <th> Level </th> <th> Postfix 2.9 and later</th> <th> Earlier
+releases. </th> </tr>
+
+<tr> <td valign="top"> 0 </td> <td valign="top" colspan="2"> Disable
+logging of TLS activity. </td> </tr>
+
+<tr> <td valign="top"> 1 </td> <td valign="top"> Log only a summary
+message on TLS handshake completion &mdash; no logging of remote SMTP
+server certificate trust-chain verification errors if server certificate
+verification is not required. </td> <td valign="top"> Log the summary
+message and unconditionally log trust-chain verification errors.
+</td> </tr>
+
+<tr> <td valign="top"> 2 </td> <td valign="top" colspan="2"> Also
+log levels during TLS negotiation. </td> </tr>
+
+<tr> <td valign="top"> 3 </td> <td valign="top" colspan="2"> Also
+log hexadecimal and ASCII dump of TLS negotiation process. </td>
+</tr>
+
+<tr> <td valign="top"> 4 </td> <td valign="top" colspan="2"> Also
+log hexadecimal and ASCII dump of complete transmission after
+STARTTLS. </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 0
+</pre>
+</blockquote>
+
+<h3><a name="client_cert_key">Client-side certificate and private
+key configuration </a> </h3>
+
+<p> Do not configure Postfix SMTP client certificates unless you <b>must</b>
+present
+client TLS certificates to one or more servers. Client certificates are
+not usually needed, and can cause problems in configurations that work
+well without them. The recommended setting is to let the defaults stand: </p>
+
+<blockquote>
+<pre>
+ <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> =
+ <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> =
+ <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> =
+ <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> =
+ # Postfix &ge; 2.6
+ <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> =
+ <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> =
+ # Postfix &ge; 3.4
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+</pre>
+</blockquote>
+
+<p> The best way to use the default settings is to comment out the above
+parameters in <a href="postconf.5.html">main.cf</a> if present. </p>
+
+<p> During TLS startup negotiation the Postfix SMTP client may present a
+certificate to the remote SMTP server. Browsers typically let the user
+select among the certificates that match the CA names indicated by the
+remote SMTP server. The Postfix SMTP client does not yet have a mechanism
+to select from multiple candidate certificates on the fly, and supports a
+single set of certificates (at most one per public key algorithm). </p>
+
+<p> RSA, DSA and ECDSA (Postfix &ge; 2.6) certificates are supported.
+You can configure all three at the same time, in which case the
+cipher used determines which certificate is presented. </p>
+
+<p> It is possible for the Postfix SMTP client to use the same
+key/certificate pair as the Postfix SMTP server. If a certificate
+is to be presented, it must be in "PEM" format. The private key
+must not be encrypted, meaning: it must be accessible without
+a password. Both parts (certificate and private key) may be in the
+same file. </p>
+
+<p> With OpenSSL 1.1.1 and Postfix &ge; 3.4 it is also possible to
+configure Ed25519 and Ed448 certificates. Rather than add two more
+pairs of key and certificate parameters, Postfix 3.4 introduces a new
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter which specifies all the configured
+certificates at once, and handles files that hold both the key and the
+associated certificates in one pass, thereby avoiding potential race
+conditions during key rollover. </p>
+
+<p> To enable remote SMTP servers to verify the Postfix SMTP client
+certificate, the issuing CA certificates must be made available to the
+server. You should include the required certificates in the client
+certificate file, the client certificate first, then the issuing
+CA(s) (bottom-up order). </p>
+
+<p> Example: the certificate for "client.example.com" was issued by
+"intermediate CA" which itself has a certificate issued by "root CA".
+As the "root" super-user create the client.pem file with: </p>
+
+<blockquote>
+<pre>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem &gt; chain.pem </b>
+</pre>
+</blockquote>
+
+<p> A Postfix SMTP client certificate supplied here must be usable
+as an SSL client certificate and hence pass the "openssl verify -purpose
+sslclient ..." test. </p>
+
+<p> A server that trusts the root CA has a local copy of the root
+CA certificate, so it is not necessary to include the root CA
+certificate here. Leaving it out of the "chain.pem" file reduces
+the overhead of the TLS exchange. </p>
+
+<p> If you want the Postfix SMTP client to accept remote SMTP server
+certificates issued by these CAs, append the root certificate to
+$<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. </p>
+
+<p> Example: Postfix &ge; 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy at most a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up
+five chains, one each for RSA, ECDSA, ED25519, ED448, and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix &ge; 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates.
+ #
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix &ge; 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix &le; 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+&ge; 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" interface shown
+above. <p>
+
+<p> RSA key and certificate examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem
+ <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
+</pre>
+</blockquote>
+
+<p> Their DSA counterparts: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
+ <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> = $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
+</pre>
+</blockquote>
+
+<p> Their ECDSA counterparts (Postfix &ge; 2.6 + OpenSSL &ge; 1.0.0): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/client-ecdsa.pem
+ <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> = $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>
+</pre>
+</blockquote>
+
+<p> To verify a remote SMTP server certificate, the Postfix SMTP
+client needs to trust the certificates of the issuing Certification
+Authorities. These certificates in "pem" format can be stored in a
+single $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or in multiple files, one CA per file in
+the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. If you use a directory, don't forget
+to create the necessary "hash" links with: </p>
+
+<blockquote>
+<pre>
+# <b>$OPENSSL_HOME/bin/c_rehash <i>/path/to/directory</i> </b>
+</pre>
+</blockquote>
+
+<p> The $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> contains the CA certificates of one or more
+trusted CAs. The file is opened (with root privileges) before Postfix
+enters the optional chroot jail and so need not be accessible from inside the
+chroot jail. </p>
+
+<p> Additional trusted CAs can be specified via the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>
+directory, in which case the certificates are read (with $<a href="postconf.5.html#mail_owner">mail_owner</a>
+privileges) from the files in the directory when the information
+is needed. Thus, the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory needs to be accessible
+inside the optional chroot jail. </p>
+
+<p> The choice between $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> is
+a space/time tradeoff. If there are many trusted CAs, the cost of
+preloading them all into memory may not pay off in reduced access time
+when the certificate is needed. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem
+ <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs
+</pre>
+</blockquote>
+
+<h3><a name="client_tls_reuse">Client-side TLS connection reuse</a> </h3>
+
+<p> Historically, the Postfix SMTP client has supported multiple
+deliveries per plaintext connection. Postfix 3.4 introduces support
+for multiple deliveries per TLS-encrypted connection. Multiple
+deliveries per connection improve mail delivery performance,
+especially for destinations that throttle clients that don't combine
+deliveries. </p>
+
+<p> To enable multiple deliveries per TLS connection, specify:</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = yes
+</pre>
+</blockquote>
+
+<p> Alternatively, specify the attribute "connection_reuse=yes" in
+an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> entry. </p>
+
+<p> The implementation of TLS connection reuse relies on the same
+<a href="scache.8.html">scache(8)</a> service as used for delivering plaintext SMTP mail, the
+same <a href="tlsproxy.8.html">tlsproxy(8)</a> daemon as used by the <a href="postscreen.8.html">postscreen(8)</a> service, and
+relies on the same hints from the <a href="qmgr.8.html">qmgr(8)</a> daemon.
+
+See "<a href="CONNECTION_CACHE_README.html">Postfix Connection
+Cache</a>" for a description of the underlying connection reuse
+infrastructure. </p>
+
+<p> Initial SMTP handshake:</p>
+<pre> <a href="smtp.8.html">smtp(8)</a> -&gt; remote SMTP server</pre>
+
+<p> Reused SMTP/TLS connection, or new SMTP/TLS connection: </p>
+<pre> <a href="smtp.8.html">smtp(8)</a> -&gt; <a href="tlsproxy.8.html">tlsproxy(8)</a> -&gt; remote SMTP server </pre>
+
+<p> Cached SMTP/TLS connection:</p>
+<pre> <a href="scache.8.html">scache(8)</a> -&gt; <a href="tlsproxy.8.html">tlsproxy(8)</a> -&gt; remote SMTP server</pre>
+
+<p> As of Postfix 3.4, TLS connection reuse is disabled by default.
+This may change once the impact on over-all performance is understood.
+</p>
+
+<h3><a name="client_tls_cache">Client-side TLS session cache</a> </h3>
+
+<p> The remote SMTP server and the Postfix SMTP client negotiate a
+session, which takes some computer time and network bandwidth. By
+default, this session information is cached only in the <a href="smtp.8.html">smtp(8)</a>
+process actually using this session and is lost when the process
+terminates. To share the session information between multiple
+<a href="smtp.8.html">smtp(8)</a> processes, a persistent session cache can be used. You
+can specify any database type that can store objects of several
+kbytes and that supports the sequence operator. DBM databases are
+not suitable because they can only store small objects. The cache
+is maintained by the <a href="tlsmgr.8.html">tlsmgr(8)</a> process, so there is no problem with
+concurrent access. Session caching is highly recommended, because
+the cost of repeatedly negotiating TLS session keys is high. Future
+Postfix SMTP servers may limit the number of sessions that a client
+is allowed to negotiate per unit time.</p>
+
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtp_scache
+</pre>
+</blockquote>
+
+<p> Note: as of version 2.5, Postfix no longer uses root privileges
+when opening this file. The file should now be stored under the
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to
+open the file under a non-Postfix directory is redirected to the
+Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> Cached Postfix SMTP client session information expires after
+a certain amount of time. Postfix/TLS does not use the OpenSSL
+default of 300s, but a longer time of 3600s (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
+recommends a maximum of 24 hours. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> = 3600s
+</pre>
+</blockquote>
+
+<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
+&le; 0, session caching is disabled. If set to a positive value
+less than 2 minutes, the minimum value of 2 minutes is used instead. </p>
+
+<h3><a name="client_tls_limits"> Client TLS limitations </a>
+</h3>
+
+<p> The security properties of TLS communication channels are
+application specific. While the TLS protocol can provide a confidential,
+tamper-resistant, mutually authenticated channel between client
+and server, not all of these security features are applicable to every
+communication. </p>
+
+<p> For example, while mutual TLS authentication between browsers and web
+servers is possible, it is not practical, or even useful, for web-servers
+that serve the public to verify the identity of every potential user. In
+practice, most HTTPS transactions are asymmetric: the browser verifies
+the HTTPS server's identity, but the user remains anonymous. Much of
+the security policy is up to the client. If the client chooses to not
+verify the server's name, the server is not aware of this. There are many
+interesting browser security topics, but we shall not dwell
+on them here. Rather, our goal is to understand the security features
+of TLS in conjunction with SMTP. </p>
+
+<p> An important SMTP-specific observation is that a public MX host is
+even more at the mercy of the SMTP client than is an HTTPS server. Not only
+can it not enforce due care in the client's use of TLS, but it cannot even
+enforce the use of TLS, because TLS support in SMTP clients is still the
+exception rather than the rule. One cannot, in practice, limit access to
+one's MX hosts to just TLS-enabled clients. Such a policy would result
+in a vast reduction in one's ability to communicate by email with the
+world at large. </p>
+
+<p> One may be tempted to try enforcing TLS for mail from specific
+sending organizations, but this, too, runs into obstacles. One such
+obstacle is that we don't know who is (allegedly) sending mail until
+we see the "MAIL FROM:" SMTP command, and at that point, if TLS
+is not already in use, a potentially sensitive sender address (and
+with SMTP PIPELINING one or more of the recipients) has (have) already been
+leaked in the clear. Another obstacle is that mail from the sender to
+the recipient may be forwarded, and the forwarding organization may not
+have any security arrangements with the final destination. Bounces also
+need to be protected. These can only be identified by the IP address and
+HELO name of the connecting client, and it is difficult to keep track
+of all the potential IP addresses or HELO names of the outbound email
+servers of the sending organization. </p>
+
+<p> Consequently, TLS security for mail delivery to public MX hosts is
+almost entirely the client's responsibility. The server is largely a
+passive enabler of TLS security, the rest is up to the client. While the
+server has a greater opportunity to mandate client security policy when
+it is a dedicated MSA that only handles outbound mail from trusted clients,
+below we focus on the client security policy. </p>
+
+<p> On the SMTP client, there are further complications. When
+delivering mail to a given domain, in contrast to HTTPS, one rarely
+uses the domain name directly as the target host of the SMTP session.
+More typically, one uses MX lookups &mdash; these are usually
+unauthenticated &mdash; to obtain the domain's SMTP server hostname(s).
+When, as is current practice, the client verifies the insecurely
+obtained MX hostname, it is subject to a DNS man-in-the-middle
+attack. </p>
+
+<p> Adoption of DNSSEC and <a href="https://tools.ietf.org/html/rfc6698">RFC6698</a> (DANE) may gradually (as domains
+implement DNSSEC and publish TLSA records for their MX hosts) address
+the DNS man-in-the-middle risk and provide scalable key management
+for SMTP with TLS. Postfix &ge; 2.11 supports the new <a
+href="#client_tls_dane">dane</a> and <a href="#client_tls_dane">dane-only</a>
+security levels that take advantage of these standards. </p>
+
+<p> If clients instead attempted to verify the recipient domain name,
+an SMTP server for multiple domains would need to
+list all its email domain names in its certificate, and generate a
+new certificate each time a new domain were added. At least some CAs set
+fairly low limits (20 for one prominent CA) on the number of names that
+server certificates can contain. This approach is not consistent with
+current practice and does not scale. </p>
+
+<p> It is regrettably the case that TLS <i>secure-channels</i>
+(fully authenticated and immune to man-in-the-middle attacks) impose
+constraints on the sending and receiving sites that preclude ubiquitous
+deployment. One needs to manually configure this type of security for
+each destination domain, and in many cases implement non-default TLS
+<a href="#client_tls_policy">policy table</a> entries for additional
+domains hosted at a common secured destination. For these reasons
+secure-channel configurations
+will never be the norm. For the generic domain with which you
+have made no specific security arrangements, this security level is not
+a good fit. </p>
+
+<p> Given that strong authentication is not generally possible, and that
+verifiable certificates cost time and money, many servers that implement
+TLS use self-signed certificates or private CAs. This further limits
+the applicability of verified TLS on the public Internet. </p>
+
+<p> Historical note: while the documentation of these issues and many of the
+related features were new with Postfix 2.3, the issue was well
+understood before Postfix 1.0, when Lutz J&auml;nicke was designing
+the first unofficial Postfix TLS patch. See his original post <a
+href="http://www.imc.org/ietf-apps-tls/mail-archive/msg00304.html">http://www.imc.org/ietf-apps-tls/mail-archive/msg00304.html</a>
+and the first response <a
+href="http://www.imc.org/ietf-apps-tls/mail-archive/msg00305.html">http://www.imc.org/ietf-apps-tls/mail-archive/msg00305.html</a>.
+The problem is not even unique to SMTP or even TLS, similar issues exist
+for secure connections via aliases for HTTPS and Kerberos. SMTP merely
+uses indirect naming (via MX records) more frequently. </p>
+
+<h3> <a name="client_tls_policy"> TLS policy table </a>
+</h3>
+
+<p> A small fraction of servers offer STARTTLS but the negotiation
+consistently fails. As long as encryption is not mandatory, the
+Postfix SMTP client retries the delivery immediately with TLS
+disabled, without any need to explicitly disable TLS for the problem
+destinations. </p>
+
+<p> The policy table is specified via the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+parameter. This lists optional lookup tables with the Postfix SMTP client
+TLS security policy by next-hop destination. </p>
+
+<p> The TLS policy table is indexed by the full next-hop destination,
+which is either the recipient domain, or the verbatim next-hop
+specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>,
+$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing
+square brackets and any non-default destination server port suffix. The
+<a href="#client_lmtp_tls">LMTP</a> socket type prefix (inet: or unix:)
+is not included in the lookup key. </p>
+
+<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain
+sockets, is used as the nexthop name for certificate verification. The
+port and any enclosing square brackets are used in the table lookup key,
+but are not used for server name verification. </p>
+
+<p> When the lookup key is a domain name without enclosing square brackets
+or any <i>:port</i> suffix (typically the recipient domain), and the full
+domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table,
+the parent domain starting with a leading "." is matched recursively. This
+allows one to specify a security policy for a recipient domain and all
+its sub-domains. </p>
+
+<p> The lookup result is a security level, followed by an optional
+list of whitespace and/or comma separated name=value attributes
+that override related <a href="postconf.5.html">main.cf</a> settings. The TLS security <a
+href="#client_tls_levels">levels</a> are described above. Below, we
+describe the corresponding table syntax: </p>
+
+<dl>
+
+<dt><b>none</b></dt> <dd><a href="#client_tls_none">No TLS</a>. No
+additional attributes are supported at this level. </dd>
+
+<dt><b>may</b></dt> <dd><a href="#client_tls_may">Opportunistic TLS</a>.
+The optional "ciphers", "exclude" and "protocols" attributes
+(available for opportunistic TLS with Postfix &ge; 2.6) override the
+"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>"
+configuration parameters. At this level and higher, the optional
+"servername" attribute (available with Postfix &ge; 3.4) overrides the
+global "<a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a>" parameter, enabling per-destination
+configuration of the SNI extension sent to the remote SMTP server. </dd>
+
+<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>.
+Mail is delivered only if the remote SMTP server offers STARTTLS
+and the TLS handshake succeeds. At this level and higher, the optional
+"protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+parameter, the optional "ciphers" attribute overrides the
+<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the optional
+"exclude" attribute (Postfix &ge; 2.6) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. </dd>
+
+<dt><b>dane</b></dt> <dd><a href="#client_tls_dane">Opportunistic DANE TLS</a>.
+The TLS policy for the destination is obtained via TLSA records in
+DNSSEC. If no TLSA records are found, the effective security level
+used is <a href="#client_tls_may">may</a>. If TLSA records are
+found, but none are usable, the effective security level is <a
+href="#client_tls_encrypt">encrypt</a>. When usable TLSA records
+are obtained for the remote SMTP server, SSLv2+3 are automatically
+disabled (see <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>), and the server certificate
+must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication
+and DNSSEC support is available with Postfix 2.11 and later. </dd>
+
+<dt><b>dane-only</b></dt> <dd><a href="#client_tls_dane">Mandatory DANE TLS</a>.
+The TLS policy for the destination is obtained via TLSA records in
+DNSSEC. If no TLSA records are found, or none are usable, no
+connection is made to the server. When usable TLSA records are
+obtained for the remote SMTP server, SSLv2+3 are automatically disabled
+(see <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>), and the server certificate must
+match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication and
+DNSSEC support is available with Postfix 2.11 and later. </dd>
+
+<dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate
+fingerprint verification.</a> Available with Postfix 2.5 and
+later. At this security level, there are no trusted Certification
+Authorities. The certificate trust chain, expiration date, ... are
+not checked. Instead, the optional <b>match</b> attribute, or else
+the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists
+the server certificate fingerprints or public key fingerprints
+(Postfix 2.9 and later). The
+digest algorithm used to calculate fingerprints is selected by the
+<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can
+be combined with a "|" delimiter in a single match attribute, or multiple
+match attributes can be employed. The ":" character is not used as a
+delimiter as it occurs between each pair of fingerprint (hexadecimal)
+digits. </dd>
+
+<dt><b>verify</b></dt> <dd><a href="#client_tls_verify">Mandatory
+server certificate verification</a>. Mail is delivered only if the
+TLS handshake succeeds, if the remote SMTP server certificate can
+be validated (not expired or revoked, and signed by a trusted
+Certification Authority), and if the server certificate name matches
+the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
+parameter value when no optional "match" attribute is specified).
+With Postfix &ge; 2.11 the "tafile" attribute optionally modifies
+trust chain verification in the same manner as the
+"<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter. The "tafile" attribute
+may be specified multiple times to load multiple trust-anchor
+files. </dd>
+
+<dt><b>secure</b></dt> <dd><a href="#client_tls_secure">Secure certificate
+verification.</a> Mail is delivered only if the TLS handshake succeeds,
+and DNS forgery resistant remote SMTP certificate verification succeeds
+(not expired or revoked, and signed by a trusted Certification Authority),
+and if the server certificate name matches the optional "match" attribute
+(or the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter value when no optional
+"match" attribute is specified). With Postfix &ge; 2.11 the "tafile"
+attribute optionally modifies trust chain verification in the same manner
+as the "<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>" parameter. The "tafile" attribute
+may be specified multiple times to load multiple trust-anchor
+files. </dd>
+
+</dl>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The "match" attribute is especially useful to verify TLS
+certificates for domains that are hosted on a shared server. In
+that case, specify "match" rules for the shared server's name.
+While secure verification can also be achieved with manual routing
+overrides in Postfix <a href="transport.5.html">transport(5)</a> tables, that approach can deliver
+mail to the wrong host when domains are assigned to new gateway
+hosts. The "match" attribute approach avoids the problems of manual
+routing overrides; mail is deferred if verification of a new MX
+host fails. </p>
+
+<li> <p> When a policy table entry specifies multiple match patterns,
+multiple match strategies, or multiple protocols, these must be
+separated by colons. </p>
+
+<li> <p> The "exclude" attribute (Postfix &ge; 2.6) is used to disable
+ciphers that cause handshake failures with a specific mandatory TLS
+destination, without disabling the ciphers for all mandatory destinations.
+Alternatively, you can exclude ciphers that cause issues with multiple
+remote servers in <a href="postconf.5.html">main.cf</a>, and selectively enable them on a per-destination
+basis in the policy table by setting a shorter or empty exclusion list. The
+per-destination "exclude" list preempts both the opportunistic and
+mandatory security level exclusions, so that all excluded ciphers
+can be enabled for known-good destinations. For non-mandatory TLS
+destinations that exhibit cipher-specific problems, Postfix will fall
+back to plain-text delivery. If plain-text is not acceptable make TLS
+mandatory and exclude the problem ciphers. </p>
+
+</ul>
+
+<p>
+Example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+ # Postfix 2.5 and later
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+/etc/postfix/tls_policy:
+ example.edu none
+ example.mil may
+ example.gov encrypt ciphers=high
+ example.com verify match=hostname:dot-nexthop ciphers=high
+ example.net secure
+ .example.net secure match=.example.net:example.net
+ [mail.example.org]:587 secure match=nexthop
+ # Postfix 2.5 and later
+ [thumb.example.org] fingerprint
+ match=b6:b4:72:34:e2:59:cd:fb:...:0d:4d:cc:2c:7d:84:de:e6:2f
+ match=51:e9:af:2e:1e:40:1f:de:...:35:2d:09:16:31:5a:eb:82:76
+ # Postfix &ge; 3.6 "protocols" syntax
+ example.info may protocols=&gt;=TLSv1 ciphers=medium exclude=3DES
+ # Legacy protocols syntax
+ example.info may protocols=!SSLv2:!SSLv3 ciphers=medium exclude=3DES
+</pre>
+</blockquote>
+
+<p> <b>Note:</b> The "hostname" strategy if listed in a non-default setting
+of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the "match" attribute in the policy
+table can render the "secure" level vulnerable to DNS forgery. Do not use
+the "hostname" strategy for <a href="#client_tls_secure">secure-channel</a>
+configurations in environments where DNS security is not assured. </p>
+
+<h3> <a name="client_tls_discover"> Discovering servers that support
+TLS </a> </h3>
+
+<p> As we decide on a "per site" basis whether or not to use TLS,
+it would be good to have a list of sites that offered "STARTTLS".
+We can collect it ourselves with this option. </p>
+
+<p> If the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> feature is enabled and a
+server offers STARTTLS while TLS is not already enabled for that
+server, the Postfix SMTP client logs a line as follows: </p>
+
+<blockquote>
+<pre>
+postfix/smtp[pid]: Host offered STARTTLS: [hostname.example.com]
+</pre>
+</blockquote>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> = yes
+</pre>
+</blockquote>
+
+<h3><a name="client_vrfy_server">Server certificate verification depth</a> </h3>
+
+<p> The server certificate verification depth is specified with the
+<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> parameter. The default verification
+depth is 9 (the OpenSSL default), for compatibility with Postfix
+versions before 2.5 where <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> was ignored.
+When you configure trust
+in a root CA, it is not necessary to explicitly trust intermediary CAs
+signed by the root CA, unless $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> is less than the
+number of CAs in the certificate chain for the servers of interest. With
+a verify depth of 1 you can only verify certificates directly signed
+by a trusted CA, and all trusted intermediary CAs need to be configured
+explicitly. With a verify depth of 2 you can verify servers signed by a
+root CA or a direct intermediary CA (so long as the server is correctly
+configured to supply its intermediate CA certificate). </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> = 2
+</pre>
+</blockquote>
+
+<h3> <a name="client_cipher">Client-side cipher controls </a> </h3>
+
+<p> The Postfix SMTP client supports 5 distinct cipher grades
+as specified by the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration
+parameter. This setting controls the minimum acceptable SMTP client
+TLS cipher grade for use with mandatory TLS encryption. The default
+value "medium" is suitable for most destinations with which you may
+want to enforce TLS, and is beyond the reach of today's cryptanalytic
+methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
+ciphers on a per-destination basis. </p>
+
+<p> By default anonymous ciphers are allowed, and automatically
+disabled when remote SMTP server certificates are verified. If you
+want to
+disable anonymous ciphers even at the "encrypt" security level, set
+"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL"; and to
+disable anonymous ciphers even with opportunistic TLS, set
+"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". There is generally
+no need to take these measures. Anonymous ciphers save bandwidth
+and TLS session cache space, if certificates are ignored, there is
+little point in requesting them. </p>
+
+<p> The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" configuration parameter (Postfix &ge; 2.6)
+provides control over the minimum cipher grade for opportunistic TLS.
+The default minimum cipher grade for opportunistic TLS is "medium"
+for Postfix releases after the middle of 2015, and "export" for
+older releases. With Postfix &lt; 2.6, the minimum opportunistic
+TLS cipher grade is always "export". </p>
+
+<p> With mandatory and opportunistic TLS encryption, the Postfix
+SMTP client will by default disable SSLv2 and SSLv3. The mandatory
+TLS protocol list is specified via the
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> configuration parameter. The corresponding
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> parameter (Postfix &ge; 2.6) controls
+the TLS protocols used with opportunistic TLS. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = medium
+ <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = RC4, MD5
+ <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
+ <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
+ # Preferred form with Postfix &ge; 3.6:
+ <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
+ <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1
+ # Legacy form for Postfix &lt; 3.6:
+ <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+ <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2,!SSLv3
+</pre>
+</blockquote>
+
+<h3> <a name="client_smtps">Client-side SMTPS support </a> </h3>
+
+<p> These sections show how to send mail to a server that does not
+support STARTTLS, but that provides the SMTPS service
+on TCP port 465. Depending on the Postfix version, some additional
+tooling may be required. </p>
+
+<h4> Postfix &ge; 3.0 </h4>
+
+<p> The Postfix SMTP client has SMTPS support built-in as of version
+3.0. Use one of the following examples, to send all remote mail,
+or to send only some remote mail, to an SMTPS server. </p>
+
+<h5> Postfix &ge; 3.0: Sending all remote mail to an SMTPS server </h5>
+
+<p> The first example will send all remote mail over SMTPS through
+a provider's server called "mail.example.com": </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Client-side SMTPS requires "encrypt" or stronger.
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
+ <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes
+ # The [] suppress MX lookups.
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.example.com]:465
+</pre>
+</blockquote>
+
+<p> Use "postfix reload" to make the change effective. </p>
+
+<p> See <a href="SOHO_README.html">SOHO_README</a> for additional information about SASL authentication.
+</p>
+
+<h5> Postfix &ge; 3.0: Sending only mail for a specific destination
+via SMTPS </h5>
+
+<p> The second example will send only mail for "example.com" via
+SMTPS. This time, Postfix uses a transport map to deliver only
+mail for "example.com" via SMTPS: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+
+/etc/postfix/transport:
+ example.com relay-smtps:example.com:465
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ relay-smtps unix - - n - - smtp
+ # Client-side SMTPS requires "encrypt" or stronger.
+ -o <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>=encrypt
+ -o <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a>=yes
+</pre>
+</blockquote>
+
+<p> Use "postmap <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport" and "postfix reload"
+to make the change effective. </p>
+
+<p> See <a href="SOHO_README.html">SOHO_README</a> for additional information about SASL
+authentication. </p>
+
+<h4> Postfix &lt; 3.0 </h4>
+
+<p> Although older Postfix SMTP client versions do not support TLS
+wrapper mode, it is relatively easy to forward a connection through
+the stunnel program if Postfix needs to deliver mail to some legacy
+system that doesn't support STARTTLS. </p>
+
+<h5> Postfix &lt; 3.0: Sending all remote mail to an SMTPS server </h5>
+
+<p> The first example uses SMTPS to send all remote mail to a
+provider's mail server called "mail.example.com". </p>
+
+<p> A minimal stunnel.conf file is sufficient to set up a tunnel
+from local port 11125 to the remote destination "mail.example.com"
+and port "smtps". Postfix will later use this tunnel to connect to
+the remote server. </p>
+
+<blockquote>
+<pre>
+/path/to/stunnel.conf:
+ [smtp-tls-wrapper]
+ accept = 11125
+ client = yes
+ connect = mail.example.com:smtps
+</pre>
+</blockquote>
+
+<p> To test this tunnel, use: </p>
+
+<blockquote>
+<pre>
+$ telnet localhost 11125
+</pre>
+</blockquote>
+
+<p> This should produce the greeting from the remote SMTP server
+at mail.example.com. </p>
+
+<p> On the Postfix side, the <a href="postconf.5.html#relayhost">relayhost</a> feature sends all remote
+mail through the local stunnel listener on port 11125: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = [127.0.0.1]:11125
+</pre>
+</blockquote>
+
+<p> Use "postfix reload" to make the change effective. </p>
+
+<p> See <a href="SOHO_README.html">SOHO_README</a> for additional information about SASL
+authentication. </p>
+
+<h4> Postfix &lt; 3.0: Sending only mail for a specific destination via SMTPS </h4>
+
+<p> The second example will use SMTPS to send only mail for
+"example.com" via SMTPS. It uses the same stunnel configuration
+file as the first example, so it won't be repeated here. </p>
+
+<p> This time, the Postfix side uses a transport map to direct only
+mail for "example.com" through the tunnel: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+
+/etc/postfix/transport:
+ example.com relay:[127.0.0.1]:11125
+</pre>
+</blockquote>
+
+<p> Use "postmap <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport" and "postfix reload"
+to make the change effective. </p>
+
+<p> See <a href="SOHO_README.html">SOHO_README</a> for additional information about SASL authentication.
+</p>
+
+<h3> <a name="client_misc"> Miscellaneous client controls </a> </h3>
+
+<p> The <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> parameter limits the time of Postfix
+SMTP client write and read operations during TLS startup and shutdown
+handshake procedures. In case of problems the Postfix SMTP client
+tries the next network address on the mail exchanger list, and
+defers delivery if no alternative server is available. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> = 300s
+</pre>
+</blockquote>
+
+<p> With Postfix 2.8 and later, the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter
+specifies a list or bit-mask of OpenSSL bug work-arounds to disable. This
+may be necessary if one of the work-arounds enabled by default in
+OpenSSL proves to pose a security risk, or introduces an unexpected
+interoperability issue. Some bug work-arounds known to be problematic
+are disabled in the default value of the parameter when linked with
+an OpenSSL library that could be vulnerable. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> = 0xFFFFFFFF
+ <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> = CVE-2010-4180, LEGACY_SERVER_CONNECT
+</pre>
+</blockquote>
+
+<p> Note: Disabling LEGACY_SERVER_CONNECT is not wise at this
+time, lots of servers are still unpatched and Postfix is <a
+href="http://www.postfix.org/wip.html#tls-renegotiation">not
+significantly vulnerable</a> to the renegotiation issue in the TLS
+protocol. </p>
+
+<p> With Postfix &ge; 2.11, the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter specifies
+a list or bit-mask of OpenSSL options to enable. Specify one or
+more of the named options below, or a hexadecimal bitmask of options
+found in the ssl.h file corresponding to the run-time OpenSSL
+library. While it may be reasonable to turn off all bug workarounds
+(see above), it is not a good idea to attempt to turn on all features.
+</p>
+
+<p> A future version of OpenSSL may by default no longer allow
+connections to servers that don't support secure renegotiation.
+Since the exposure for SMTP is minimal, and some SMTP servers may
+remain unpatched, you can add LEGACY_SERVER_CONNECT to the
+options to restore the more permissive default of current OpenSSL
+releases. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> = NO_TICKET, NO_COMPRESSION, LEGACY_SERVER_CONNECT
+</pre>
+</blockquote>
+
+<p> You should only enable features via the hexadecimal mask when
+the need to control the feature is critical (to deal with a new
+vulnerability or a serious interoperability problem). Postfix DOES
+NOT promise backwards compatible behavior with respect to the mask
+bits. A feature enabled via the mask in one release may be enabled
+by other means in a later release, and the mask bit will then be
+ignored. Therefore, use of the hexadecimal mask is only a temporary
+measure until a new Postfix or OpenSSL release provides a better
+solution. </p>
+
+<h2><a name="tlsmgr_controls"> TLS manager specific settings </a> </h2>
+
+<p> The security of cryptographic software such as TLS depends
+critically on the ability to generate unpredictable numbers for
+keys and other information. To this end, the <a href="tlsmgr.8.html">tlsmgr(8)</a> process
+maintains a Pseudo Random Number Generator (PRNG) pool. This is
+queried by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes when they initialize.
+By default, these daemons request 32 bytes, the equivalent to 256
+bits. This is more than sufficient to generate a 128bit (or 168bit)
+session key. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> = 32
+</pre>
+</blockquote>
+
+<p> In order to feed its in-memory PRNG pool, the <a href="tlsmgr.8.html">tlsmgr(8)</a> reads
+entropy from an external source, both at startup and during run-time.
+Specify a good entropy source, like EGD or /dev/urandom; be sure
+to only use non-blocking sources (on OpenBSD, use /dev/arandom
+when <a href="tlsmgr.8.html">tlsmgr(8)</a> complains about /dev/urandom timeout errors).
+If the entropy source is not a
+regular file, you must prepend the source type to the source name:
+"dev:" for a device special file, or "egd:" for a source with EGD
+compatible socket interface. </p>
+
+<p> Examples (specify only one in <a href="postconf.5.html">main.cf</a>): </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
+ <a href="postconf.5.html#tls_random_source">tls_random_source</a> = egd:/var/run/egd-pool
+</pre>
+</blockquote>
+
+<p> By default, <a href="tlsmgr.8.html">tlsmgr(8)</a> reads 32 bytes from the external entropy
+source at each seeding event. This amount (256bits) is more than
+sufficient for generating a 128bit symmetric key. With EGD and
+device entropy sources, the <a href="tlsmgr.8.html">tlsmgr(8)</a> limits the amount of data
+read at each step to 255 bytes. If you specify a regular file as
+entropy source, a larger amount of data can be read. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> = 32
+</pre>
+</blockquote>
+
+<p> In order to update its in-memory PRNG pool, the <a href="tlsmgr.8.html">tlsmgr(8)</a>
+queries the external entropy source again after a pseudo-random
+amount of time. The time is calculated using the PRNG, and is
+between 0 and the maximal time specified with <a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a>.
+The default maximal time interval is 1 hour. </p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> = 3600s
+</pre>
+</blockquote>
+
+<p> The <a href="tlsmgr.8.html">tlsmgr(8)</a> process saves the PRNG state to a persistent
+exchange file at regular times and when the process terminates, so
+that it can recover the PRNG state the next time it starts up.
+This file is created when it does not exist. </p>
+
+<p> Examples: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> = /var/lib/postfix/prng_exch
+ <a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> = 3600s
+</pre>
+</blockquote>
+
+<p> As of version 2.5, Postfix no longer uses root privileges when
+opening this file. The file should now be stored under the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
+under a non-Postfix directory is redirected to the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. If you wish to continue
+using a pre-existing PRNG state file, move it to the <a href="postconf.5.html#data_directory">data_directory</a>
+and change the ownership to the account specified with the <a href="postconf.5.html#mail_owner">mail_owner</a>
+parameter. </p>
+
+<p> With earlier Postfix versions the default file location
+is under the Postfix configuration directory, which is not the
+proper place for information that is modified by Postfix. </p>
+
+<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
+
+<p> The following steps will get you started quickly. Because you
+sign your own Postfix public key certificate, you get TLS encryption
+but no TLS authentication. This is sufficient for testing, and
+for exchanging email with sites that you have no trust relationship
+with. For real authentication you need also enable DNSSEC record
+signing for your domain and publish TLSA records and/or your Postfix
+public key certificate needs to be signed by a recognized Certification
+Authority. To authenticate the certificates of a remote host you
+need a DNSSEC-validating local resolver and to enable <a
+href="#client_tls_dane">DANE</a> authentication and/or configure
+the Postfix SMTP client with a list of public key certificates of
+Certification Authorities, but make sure to read about the <a
+href="#client_tls_limits">limitations</a> of the latter approach.
+</p>
+
+<p> In the examples below, user input is shown in <b><tt>bold</tt></b>
+font, and a "<tt>#</tt>" prompt indicates a super-user shell. </p>
+
+<ul>
+
+<li> <p> <a href="#built-in">Quick-start TLS with Postfix &ge; 3.1</a>.</p>
+
+<li> <p> <a href="#self-signed">Self-signed server certificate</a>.</p>
+
+<li> <p> <a href="#private-ca">Private Certification Authority</a>. </p>
+
+</ul>
+
+<h3><a name="built-in">Quick-start TLS with Postfix &ge; 3.1</a></h3>
+
+<p> Postfix 3.1 provides built-in support for enabling TLS in the
+SMTP client and server and for ongoing certificate and DANE TLSA
+record management.
+
+<ul>
+<li> <p> <a href="#quick-client">Quick-start TLS in the Postfix &ge; 3.1 SMTP client</a>. </p>
+<li> <p> <a href="#quick-server">Quick-start TLS in the Postfix &ge; 3.1 SMTP server</a>. </p>
+</ul>
+
+<h4> <a name="quick-client">Quick-start TLS in the Postfix &ge; 3.1 SMTP client</a>. </h4>
+
+<p> If you are using Postfix 3.1 or later, and your SMTP client TLS
+settings are in their default state, you can enable <a
+href="#client_tls_may">opportunistic</a> TLS in the SMTP client as
+follows: </p>
+
+<blockquote>
+<pre>
+# <a href="postfix-tls.1.html">postfix tls</a> enable-client
+# postfix reload
+</pre>
+</blockquote>
+
+<p> If some of the Postfix SMTP client TLS settings are not in their
+default state, this will not make any changes, but will instead
+suggest the minimal required settings for SMTP client TLS. The
+"postfix reload" command is optional, it is only needed if you want
+the settings to take effect right away. Note, this does not enable
+trust in any public certification authorities, and does not configure
+client TLS certificates as these are largely pointless with <a
+href="#client_tls_may">opportunistic</a> TLS. </p>
+
+<p> There is not yet a turn-key command for enabling <a
+href="#client_tls_dane">DANE</a> authentication. This is because
+DANE requires changes to your <b>resolv.conf</b> file and a
+corresponding DNSSEC-validating resolver local to the Postfix host,
+these changes are difficult to automate in a portable way. </p>
+
+<p> If you're willing to revert your settings to the defaults and
+switch to a "stock" opportunistic TLS configuration, then you can:
+erase all the SMTP client TLS settings and then enable client TLS: </p>
+
+<blockquote>
+<pre>
+# postconf -X `postconf -nH | grep -E '^smtp(_|_enforce_|_use_)tls'`
+# <a href="postfix-tls.1.html">postfix tls</a> enable-client
+# postfix reload
+</pre>
+</blockquote>
+
+<h4><a name="quick-server">Quick-start TLS in the Postfix &ge; 3.1 SMTP server</a>.</h4>
+
+<p> If you are using Postfix 3.1 or later, and your SMTP server TLS
+settings are in their default state, you can enable
+opportunistic TLS in the SMTP server as follows: </p>
+
+<blockquote>
+<pre>
+# <a href="postfix-tls.1.html">postfix tls</a> enable-server
+# postfix reload
+</pre>
+</blockquote>
+
+<p> If some of the Postfix SMTP client TLS settings are not in their
+default state, this will not make any changes, but will instead
+suggest the minimal required settings for SMTP client TLS. The
+"postfix reload" command is optional, it is only needed if you want
+the settings to take effect right away. This will generate a
+self-signed private key and certificate and enable TLS in the Postfix
+SMTP server. </p>
+
+<p> If you're willing to revert your settings to the defaults and
+switch to a "stock" server TLS configuration, then you can: erase
+all the SMTP server TLS settings and then enable server TLS: </p>
+
+<blockquote>
+<pre>
+# postconf -X `postconf -nH | grep -E '^smtpd(_|_enforce_|_use_)tls'`
+# <a href="postfix-tls.1.html">postfix tls</a> enable-server
+# postfix reload
+</pre>
+</blockquote>
+
+<p> Postfix &ge; 3.1 provides additional built-in support for ongoing
+management of TLS in the SMTP server, via additional "<a href="postfix-tls.1.html">postfix tls</a>"
+sub-commands. These make it easy to generate certificate signing
+requests, create and deploy new keys and certificates, and generate
+DANE TLSA records. See the <a href="postfix-tls.1.html">postfix-tls(1)</a> documentation for details.
+</p>
+
+<h3><a name="self-signed">Self-signed server certificate</a></h3>
+
+<p> The following commands (credits: Viktor Dukhovni) generate and
+install a 2048-bit RSA private key and 10-year self-signed certificate
+for the local Postfix system. This requires super-user privileges.
+(By using date-specific filenames for the certificate and key files,
+and updating <a href="postconf.5.html">main.cf</a> with new filenames, a potential race condition
+in which the key and certificate might not match is avoided).
+</p>
+
+<blockquote>
+<pre>
+# dir="$(postconf -h <a href="postconf.5.html#config_directory">config_directory</a>)"
+# fqdn=$(postconf -h <a href="postconf.5.html#myhostname">myhostname</a>)
+# case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
+# ymd=$(date +%Y-%m-%d)
+# key="${dir}/key-${ymd}.pem"; rm -f "${key}"
+# cert="${dir}/cert-${ymd}.pem"; rm -f "${cert}"
+# (umask 077; openssl genrsa -out "${key}" 2048) &&
+ openssl req -new -key "${key}" \
+ -x509 -subj "/CN=${fqdn}" -days 3650 -out "${cert}" &&
+ postconf -e \
+ "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = ${cert}" \
+ "<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = ${key}" \
+ '<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may' \
+ '<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes' \
+ '<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 1' \
+ '<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may' \
+ '<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 1' \
+ '<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:${<a href="postconf.5.html#data_directory">data_directory</a>}/smtp_scache' \
+ '<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom'
+</pre>
+</blockquote>
+
+<p> Note: the last command requires both single (') and double (")
+quotes. </p>
+
+<p> The <a href="postconf.1.html">postconf(1)</a> command above enables opportunistic TLS for
+receiving and sending mail. It also enables logging of TLS connections
+and recording of TLS use in the "Received" header. TLS session
+caching is also enabled in the Postfix SMTP client. With Postfix
+&ge; 2.10, the SMTP server does not need an explicit session cache
+since session reuse is better handled via <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session
+tickets. </p>
+
+<h3><a name="private-ca">Private Certification Authority</a></h3>
+
+<ul>
+
+<li> <p> Become your own Certification Authority, so that you can
+sign your own certificates, and so that your own systems can
+authenticate certificates from your own CA. This example uses the
+CA.pl script that ships with OpenSSL. On some systems, OpenSSL
+installs this as <tt>/usr/local/openssl/misc/CA.pl</tt>. Some systems
+install this as
+part of a package named <tt>openssl-perl</tt> or something similar.
+The script creates a private key in <tt>./demoCA/private/cakey.pem</tt>
+and a public key in <tt>./demoCA/cacert.pem</tt>.</p>
+
+<blockquote>
+<pre>
+% <b>/usr/local/ssl/misc/CA.pl -newca</b>
+CA certificate filename (or enter to create)
+
+Making CA certificate ...
+Using configuration from /etc/ssl/openssl.cnf
+Generating a 1024 bit RSA private key
+....................++++++
+.....++++++
+writing new private key to './demoCA/private/cakey.pem'
+Enter PEM pass phrase:<b>whatever</b>
+</pre>
+</blockquote>
+
+<li> <p> Create an unpassworded private key for host foo.porcupine.org and create
+an unsigned public key certificate. </p>
+
+<blockquote>
+<pre>
+% <b>(umask 077; openssl req -new -newkey rsa:2048 -nodes -keyout foo-key.pem -out foo-req.pem)</b>
+Using configuration from /etc/ssl/openssl.cnf
+Generating a 2048 bit RSA private key
+........................................++++++
+....++++++
+writing new private key to 'foo-key.pem'
+-----
+You are about to be asked to enter information that will be incorporated
+into your certificate request.
+What you are about to enter is what is called a Distinguished Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.
+-----
+Country Name (2 letter code) [AU]:<b>US</b>
+State or Province Name (full name) [Some-State]:<b>New York</b>
+Locality Name (eg, city) []:<b>Westchester</b>
+Organization Name (eg, company) [Internet Widgits Pty Ltd]:<b>Porcupine</b>
+Organizational Unit Name (eg, section) []:
+Common Name (eg, YOUR name) []:<b>foo.porcupine.org</b>
+Email Address []:<b>wietse@porcupine.org</b>
+
+Please enter the following 'extra' attributes
+to be sent with your certificate request
+A challenge password []:<b>whatever</b>
+An optional company name []:
+</pre>
+</blockquote>
+
+<li> <p> Sign the public key certificate for host foo.porcupine.org with the
+Certification Authority private key that we created a few
+steps ago. </p>
+
+<blockquote>
+<pre>
+% <b>openssl ca -out foo-cert.pem -days 365 -infiles foo-req.pem</b>
+Using configuration from /etc/ssl/openssl.cnf
+Enter PEM pass phrase:<b>whatever</b>
+Check that the request matches the signature
+Signature ok
+The Subjects Distinguished Name is as follows
+countryName :PRINTABLE:'US'
+stateOrProvinceName :PRINTABLE:'New York'
+localityName :PRINTABLE:'Westchester'
+organizationName :PRINTABLE:'Porcupine'
+commonName :PRINTABLE:'foo.porcupine.org'
+emailAddress :IA5STRING:'wietse@porcupine.org'
+Certificate is to be certified until Nov 21 19:40:56 2005 GMT (365 days)
+Sign the certificate? [y/n]:<b>y</b>
+
+
+1 out of 1 certificate requests certified, commit? [y/n]<b>y</b>
+Write out database with 1 new entries
+Data Base Updated
+</pre>
+</blockquote>
+
+<li> <p> Install the host private key, the host public key certificate,
+and the Certification Authority certificate files. This requires
+super-user privileges. </p>
+
+<p> The following commands assume that the key and certificate will
+be installed for the local Postfix MTA. You will need to adjust the
+commands if the Postfix MTA is on a different host. </p>
+
+<blockquote>
+<pre>
+# <b>cp demoCA/cacert.pem foo-key.pem foo-cert.pem /etc/postfix</b>
+# <b>chmod 644 /etc/postfix/foo-cert.pem /etc/postfix/cacert.pem</b>
+# <b>chmod 400 /etc/postfix/foo-key.pem</b>
+</pre>
+</blockquote>
+
+<li> <p> Configure Postfix, by adding the following to
+<tt>/etc/postfix/<a href="postconf.5.html">main.cf</a> </tt>. It is generally best to not configure
+client certificates, unless there are servers which authenticate your mail
+submission via client certificates. Often servers that perform TLS client
+authentication will issue the required certificates signed by their own
+CA. If you configure the client certificate and key incorrectly, you
+will be unable to send mail to sites that request a client certificate,
+but don't require them from all clients. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
+ <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
+ <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtp_tls_session_cache
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+ <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 1
+ <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/foo-cert.pem
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/foo-key.pem
+ <a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
+ <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtpd_tls_session_cache
+ <a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
+ <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
+ <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 1
+</pre>
+</blockquote>
+
+</ul>
+
+
+<h2><a name="build_tls">Building Postfix with TLS support</a></h2>
+
+<p> These instructions assume that you build Postfix from source
+code as described in the <a href="INSTALL.html">INSTALL</a> document. Some modification may
+be required if you build Postfix from a vendor-specific source
+package. </p>
+
+<p> To build Postfix with TLS support, first we need to generate
+the <tt>make(1)</tt> files with the necessary definitions. This is
+done by invoking the command "<tt>make makefiles</tt>" in the Postfix
+top-level directory and with arguments as shown next. </p>
+
+<p> <b> NOTE: Do not use Gnu TLS. It will spontaneously terminate
+a Postfix daemon process with exit status code 2, instead of allowing
+Postfix to 1) report the error to the maillog file, and to 2) provide
+plaintext service where this is appropriate. </b> </p>
+
+<ul>
+
+<li> <p> If the OpenSSL include files (such as <tt>ssl.h</tt>) are
+in directory <tt>/usr/include/openssl</tt>, and the OpenSSL libraries
+(such as <tt>libssl.so</tt> and <tt>libcrypto.so</tt>) are in
+directory <tt>/usr/lib</tt>: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS" AUXLIBS="-lssl -lcrypto"</b>
+</pre>
+</blockquote>
+
+<li> <p> If the OpenSSL include files (such as <tt>ssl.h</tt>) are
+in directory <tt>/usr/local/include/openssl</tt>, and the OpenSSL
+libraries (such as <tt>libssl.so</tt> and <tt>libcrypto.so</tt>)
+are in directory <tt>/usr/local/lib</tt>: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
+<p> If your OpenSSL shared library is in a directory that the RUN-TIME
+linker does not know about, add a "-Wl,-R,/path/to/directory" option after
+"-lcrypto". </p>
+
+<p> On Solaris, specify the <tt>-R</tt> option as shown below:
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS -I/usr/local/include" \
+ AUXLIBS="-R/usr/local/lib -L/usr/local/lib -lssl -lcrypto" </b>
+</pre>
+</blockquote>
+
+</ul>
+
+<p> If you need to apply other customizations (such as Berkeley DB
+databases, MySQL, PostgreSQL, LDAP or SASL), see the respective
+Postfix README documents, and combine their "<tt>make makefiles</tt>"
+instructions with the instructions above: </p>
+
+<blockquote>
+<pre>
+% <b>make tidy</b> # if you have left-over files from a previous build
+% <b>make makefiles CCARGS="-DUSE_TLS \
+ <i>(other -D or -I options)</i>" \
+ AUXLIBS="-lssl -lcrypto \
+ <i>(other -l options for libraries in /usr/lib)</i> \
+ <i>(-L/path/name + -l options for other libraries)</i>"</b>
+</pre>
+</blockquote>
+
+<p> To complete the build process, see the Postfix <a href="INSTALL.html">INSTALL</a>
+instructions. Postfix has TLS support turned off by default, so
+you can start using Postfix as soon as it is installed. </p>
+
+<h2> <a name="problems"> Reporting problems </a> </h2>
+
+<p> Problems are preferably reported via &lt;postfix-users@postfix.org&gt;.
+See <a href="http://www.postfix.org/lists.html">http://www.postfix.org/lists.html</a> for subscription information.
+When reporting a problem, please be thorough in the report. Patches,
+when possible, are greatly appreciated too. </p>
+
+<h2><a name="credits">Credits </a> </h2>
+
+<ul>
+
+<li> TLS support for Postfix was originally developed by Lutz
+J&auml;nicke at Cottbus Technical University.
+
+<li> Wietse Venema adopted the code, did some restructuring, and
+compiled this part of the documentation from Lutz's documents.
+
+<li> Victor Duchovni was instrumental with the re-implementation
+of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> code in terms of enforcement levels, which
+simplified the implementation greatly.
+
+<li> Victor Duchovni implemented the fingerprint security level,
+added more sanity checks, and separated TLS connection management
+from security policy enforcement. The latter change simplified the
+code that verifies certificate signatures, certificate names, and
+certificate fingerprints.
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/TUNING_README.html b/html/TUNING_README.html
new file mode 100644
index 0000000..eac9b73
--- /dev/null
+++ b/html/TUNING_README.html
@@ -0,0 +1,705 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Performance Tuning</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">
+Postfix Performance Tuning</h1>
+
+<hr>
+
+<h2>Purpose of Postfix performance tuning </h2>
+
+<p> The hints and tips in this document help you improve the
+performance of Postfix systems that already work. If your Postfix
+system is unable to receive or deliver mail, then you need to solve
+those problems first, using the <a href="DEBUG_README.html">DEBUG_README</a> document as guidance.
+
+<p> For tuning external content filter performance, first read the
+respective information in the <a href="FILTER_README.html">FILTER_README</a> and <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>
+documents. Then make sure to avoid latency in the content filter
+code. As much as possible avoid performing queries against external
+data sources with a high or highly variable delay. Your content
+filter will run with a small concurrency to avoid CPU/memory
+starvation, and if any latency creeps in, content filter throughput
+will suffer. High volume environments should avoid RBL lookups,
+complex database queries and so on. </p>
+
+<p>Topics on mail receiving performance: </p>
+
+<ul>
+
+<li> <a href="#server_tips">General mail receiving performance tips</a>
+
+<li> <a href="#speedup">Doing more work with your SMTP server processes</a>
+
+<li> <a href="#slowdown">Slowing down SMTP clients that make many errors</a>
+
+<li> <a href="#conn_limit">Measures against clients that make too many connections</a>
+
+</ul>
+
+<p>Topics on mail delivery performance: </p>
+
+<ul>
+
+<li> <a href="#mailing_tips">General mail delivery performance tips</a>
+
+<li> <a href="#hammer">Tuning the frequency of deferred mail delivery attempts</a>
+
+<li> <a href="#rope">Tuning the number of simultaneous deliveries</a>
+
+<li> <a href="#rcpts">Tuning the number of recipients per delivery</a>
+
+</ul>
+
+<p>Other Postfix performance tuning topics: </p>
+
+<ul>
+
+<li> <a href="#proc_limit">Tuning the number of Postfix processes</a>
+
+<li> <a href="#proc_sys">Tuning the number of processes on the system</a>
+
+<li> <a href="#file_limit">Tuning the number of open files or
+sockets</a>
+
+</ul>
+
+<p> The following tools can be used to measure mail system performance
+under artificial loads. They are normally not installed with Postfix.
+</p>
+
+<ul>
+
+<li> <a href="smtp-source.1.html">smtp-source, SMTP/LMTP message
+generator</a>
+
+<li> <a href="smtp-sink.1.html">smtp-sink, SMTP/LMTP message dump
+</a>
+
+<li> <a href="qmqp-source.1.html">qmqp-source, QMQP message generator
+</a>
+
+<li> <a href="qmqp-sink.1.html">qmqp-sink, QMQP message dump </a>
+
+</ul>
+
+<h2><a name="server_tips">General mail receiving performance
+tips</a></h2>
+
+<ul>
+
+<li> <p> Read and understand the <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>,
+and <a href="QSHAPE_README.html#active_queue">active queue</a> discussions in the <a href="QSHAPE_README.html">QSHAPE_README</a> document. </p>
+
+<li> <p> Run a local name server to reduce slow-down due to DNS
+lookups. If you run multiple Postfix systems, point each local name
+server to a shared forwarding server to reduce the number of lookups
+across the upstream network link. </p>
+
+<li> <p> Eliminate unnecessary LDAP lookups, by specifying a domain
+filter. This eliminates lookups for addresses in remote domains,
+and eliminates lookups of partial addresses. See <a href="ldap_table.5.html">ldap_table(5)</a> for
+details. </p>
+
+</ul>
+
+<p> When Postfix responds slowly to SMTP clients: </p>
+
+<ul>
+
+<li> <p> <a href="DEBUG_README.html#logging">Look for obvious signs
+of trouble</a> as described in the DEBUG_README document, and
+eliminate those problems first. </p>
+
+<li> <p> Turn off your <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> patterns and
+see if the problem goes away. </p>
+
+<li> <p> <a href="DEBUG_README.html#no_chroot">Turn off chroot
+operation</a> as described in the DEBUG_README document and see
+if the problem goes away. </p>
+
+<li> <p> If Postfix logs the SMTP client as "unknown" then you have
+a name service problem: the name server is bad, or the resolv.conf
+file contains bad information, or some packet filter is blocking
+the DNS requests or replies. </p>
+
+<li> <p> If the number of <a href="smtpd.8.html">smtpd(8)</a> processes has reached the process
+limit as specified in <a href="master.5.html">master.cf</a>, new SMTP clients must wait until
+a process becomes available. See the <a href="STRESS_README.html">STRESS_README</a> and <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>
+documents for measures that help to prevent SMTP server overload. </p>
+
+</ul>
+
+<h2><a name="speedup">Doing more work with your SMTP server
+processes</a></h2>
+
+<p> With Postfix versions 2.0 and earlier, the <a href="smtpd.8.html">smtpd(8)</a> server
+pauses before reporting an error to an SMTP client. The idea is
+called tar pitting. However, these delays also slow down Postfix.
+When the <a href="smtpd.8.html">smtpd(8)</a> server replies slowly, sessions take more time,
+so that more <a href="smtpd.8.html">smtpd(8)</a> server processes are needed to handle the
+load. When your Postfix <a href="smtpd.8.html">smtpd(8)</a> server process limit is reached,
+new clients must wait until a server process becomes available.
+This means that all clients experience poor performance. </p>
+
+<p> You can speed up the handling of <a href="smtpd.8.html">smtpd(8)</a> server error replies
+by turning off the delay: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Not needed with Postfix 2.1
+ <a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> = 0
+</pre>
+</blockquote>
+
+<p> With the above setting, Postfix 2.0 and earlier can serve more
+SMTP clients with the same number SMTP server processes. The next
+section describes how Postfix deals with clients that make a large
+number of errors. </p>
+
+<h2><a name="slowdown"> Slowing down SMTP clients that make many errors</a></h2>
+
+<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server maintains a per-session error count.
+The error count is reset when a message is transferred successfully,
+and is incremented when a client request is unrecognized or
+unimplemented, when a client request violates <a
+href="SMTPD_ACCESS_README.html">access restrictions</a>, or when
+some other error happens. </p>
+
+<p> As the per-session error count increases, the <a href="smtpd.8.html">smtpd(8)</a> server
+changes behavior and begins to insert delays into the responses.
+The idea is to slow down a run-away client in order to limit resource
+usage. The behavior is Postfix version dependent. </p>
+
+<p> IMPORTANT: These delays slow down Postfix, too. When too much
+delay is configured, the number of simultaneous SMTP sessions will
+increase until it reaches the <a href="smtpd.8.html">smtpd(8)</a> server process limit, and new
+SMTP clients must wait until an <a href="smtpd.8.html">smtpd(8)</a> server process becomes available.
+</p>
+
+<p> Postfix version 2.1 and later:</p>
+
+<ul>
+
+<li> <p> When the error count reaches $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+(default: 10), the Postfix <a href="smtpd.8.html">smtpd(8)</a> server delays all non-error and
+error responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> seconds (default: 1
+second). </p>
+
+<li><p>When the error count reaches $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
+(default: 20) the Postfix <a href="smtpd.8.html">smtpd(8)</a> server breaks the connection. </p>
+
+</ul>
+
+<p> Postfix version 2.0 and earlier:</p>
+
+<ul>
+
+<li> <p> When the error count is less than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+(default: 10) the Postfix <a href="smtpd.8.html">smtpd(8)</a> server delays all error replies by
+$<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1 second with Postfix 2.0, 5 seconds with
+Postfix 1.1 and earlier). </p>
+
+<li> <p> When the error count reaches $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>,
+the Postfix <a href="smtpd.8.html">smtpd(8)</a> server delays all responses by "error count"
+seconds or $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>, whichever is more. </p>
+
+<li><p>When the error count reaches $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a>
+(default: 20) the Postfix <a href="smtpd.8.html">smtpd(8)</a> server breaks the connection. </p>
+
+</ul>
+
+<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
+
+<p> Note: these features use the Postfix <a href="anvil.8.html">anvil(8)</a> service, introduced
+with Postfix version 2.2. </p>
+
+<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
+connections from the same SMTP client, as well as the connection
+rate and the rate of certain SMTP commands from the same client.
+These statistics are maintained by the <a href="anvil.8.html">anvil(8)</a> server (translation:
+if <a href="anvil.8.html">anvil(8)</a> breaks, then connection limits stop working). </p>
+
+<p> IMPORTANT: These limits must not be used to regulate legitimate
+traffic: mail will suffer grotesque delays if you do so. The limits
+are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server against abuse by
+out-of-control clients. </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
+The maximum number of connections that an SMTP client may make
+simultaneously. </dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of connections that an SMTP client may make
+in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
+60s). </dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (default: no limit) </dt> <dd>
+The maximum number of message delivery requests that an SMTP client
+may make in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of recipient addresses that an SMTP client
+may specify in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (default: no limit)
+</dt> <dd> The maximum number of new TLS sessions (without using
+the TLS session cache) that an SMTP client may negotiate in the
+time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default: 60s).
+</dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (default: no limit) </dt> <dd>
+The maximum number of AUTH commands that an SMTP client may send
+in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
+60s). Available in Postfix 3.1 and later. </dd>
+
+<dt> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)
+</dt> <dd> SMTP clients that are excluded from connection and rate
+limits specified above. </dd>
+
+</dl>
+
+</blockquote>
+
+<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
+
+<ul>
+
+<li> <p> Read and understand the <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>,
+<a href="QSHAPE_README.html#active_queue">active queue</a> and <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> discussions in the <a href="QSHAPE_README.html">QSHAPE_README</a>
+document. </p>
+
+<li> <p> In case of slow delivery, run the qshape tool as described
+in the <a href="QSHAPE_README.html">QSHAPE_README</a> document. </p>
+
+<li> <p> Submit multiple recipients per message instead of submitting
+messages with only a few recipients. </p>
+
+<li> <p> Submit mail via SMTP instead of /usr/sbin/sendmail. You
+may have to adjust the <a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> parameter setting.
+</p>
+
+<li> <p> Don't overwhelm the disk with mail submissions. Optimize
+the mail submission rate by tuning the number of parallel submissions
+and/or by tuning the Postfix <a href="postconf.5.html#in_flow_delay">in_flow_delay</a> parameter setting. </p>
+
+<li> <p> Run a local name server to reduce slow-down due to DNS
+lookups. If you run multiple Postfix systems, point each local name
+server to a shared forwarding server to reduce the number of lookups
+across the upstream network link. </p>
+
+<li> <p> Reduce the <a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> and <a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a>
+values so that Postfix does not waste lots of time connecting
+to non-responding remote SMTP servers. </p>
+
+<li> <p> Use a dedicated mail delivery transport for problematic
+destinations, with reduced timeouts and with adjusted concurrency.
+See "<a href="#rope">Tuning the number of simultaneous deliveries</a>"
+below.
+</p>
+
+<li> <p> Use a <a href="postconf.5.html#fallback_relay">fallback_relay</a> host for mail that cannot be delivered
+upon the first attempt. This "graveyard" machine can use shorter
+retry times for difficult to reach destinations. See "<a
+href="#hammer">Tuning the frequency of deferred mail delivery
+attempts</a>" below. </p>
+
+<li> <p> Speed up disk updates with a large (64MB) persistent write
+cache. This allows disk updates to be sorted for optimal access
+speed without compromising file system integrity when the system
+crashes. </p>
+
+<li> <p> Use a solid-state disk (a persistent RAM disk). This
+is an expensive solution that should be used in combination
+with short SMTP timeouts and a <a href="postconf.5.html#fallback_relay">fallback_relay</a> "graveyard"
+machine that delivers mail for problem destinations. </p>
+
+</ul>
+
+<h2><a name="rope">Tuning the number of simultaneous deliveries</a></h2>
+
+<p> Although Postfix can be configured to run 1000 SMTP client
+processes at the same time, it is rarely desirable that it makes
+1000 simultaneous connections to the same remote system. For this
+reason, Postfix has safety mechanisms in place to avoid this
+so-called "thundering herd" problem. </p>
+
+<p> The Postfix queue manager implements the analog of the TCP slow
+start flow control strategy: when delivering to a site, send a
+small number of messages first, then increase the concurrency as
+long as all goes well; reduce concurrency in the face of congestion.
+</p>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> parameter (default: 5)
+controls how many messages are initially sent to the same destination
+before adapting delivery concurrency. Of course, this setting is
+effective only as long as it does not exceed the process limit and
+the destination concurrency limit for the specific mail transport
+channel. </p>
+
+<li> <p> The <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter (default:
+20) controls how many messages may be sent to the same destination
+simultaneously. You can override this setting for specific message
+delivery transports by taking the name of the <a href="master.5.html">master.cf</a> entry
+and appending "_destination_concurrency_limit". </p>
+
+</ul>
+
+<p> Examples of transport specific concurrency limits are: </p>
+
+<ul>
+
+<li> <p> The <a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> parameter (default:
+2) controls how many messages are delivered simultaneously to the
+same local recipient. The recommended limit is low because delivery
+to the same mailbox must happen sequentially, so massive parallelism
+is not useful. Another good reason to limit delivery concurrency
+to the same recipient: if the recipient has an expensive shell
+command in her .forward file, or if the recipient is a mailing list
+manager, you don't want to run too many instances of those processes
+at the same time. </p>
+
+<li> <p> The default <a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> of 20 seems
+enough to noticeably load a system without bringing it to its knees.
+Be careful when changing this to a much larger number. </p>
+
+</ul>
+
+<p> The above default values of the concurrency limits work well
+in a broad range of situations. Knee-jerk changes to these parameters
+in the face of congestion can actually make problems worse.
+Specifically, large destination concurrencies should never be the
+default. They should be used only for transports that deliver mail
+to a small number of high volume domains. </p>
+
+<p> A common situation where high concurrency is called for is on
+gateways relaying a high volume of mail between the Internet
+and an intranet mail environment. Approximately half the mail
+(assuming equal volumes inbound and outbound) will be destined
+for the internal mail hubs. Since the internal mail hubs will be
+receiving all external mail exclusively from the gateway, it is
+reasonable to configure the gateway to make greater demands on the
+capacity of the internal SMTP servers. </p>
+
+<p> The tuning of the inbound concurrency limits need not be trial
+and error. A high volume capable mailhub should be able to easily
+handle 50 or 100 (rather than the default 20) simultaneous connections,
+especially if the gateway forwards to multiple MX hosts. When all
+MX hosts are up and accepting connections in a timely fashion,
+throughput will be high. If any MX host is down and completely
+unresponsive, the average connection latency rises to at least 1/N
+* $<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a>, if there are N MX hosts. This limits
+throughput to at most the destination concurrency * N /
+$<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a>. </p>
+
+<p> For example, with a destination concurrency of 100 and 2 MX
+hosts, each host will handle up to 50 simultaneous connections. If
+one MX host is down and the default SMTP connection timeout is 30s,
+the throughput limit is 100 * 2 / 30 ~= 6 messages per second. This
+suggests that high volume destinations with good connectivity and
+multiple MX hosts need a lower connection timeout, values as low
+as 5s or even 1s can be used to prevent congestion when one or
+more, but not all MX hosts are down. </p>
+
+<p> If necessary, set a higher <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a>
+(in <a href="postconf.5.html">main.cf</a> since this is a queue manager parameter) and a lower
+<a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (with a "-o" override in <a href="master.5.html">master.cf</a> since
+this parameter has no per-transport name) for the relay transport
+and any transports dedicated for specific high volume destinations.
+</p>
+
+<h2><a name="rcpts">Tuning the number of recipients per delivery</a></h2>
+
+<p> The <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter (default:
+50) controls how many recipients a Postfix delivery agent will send
+with each copy of an email message. You can override this setting
+for specific Postfix delivery agents. For example,
+"uucp_destination_recipient_limit = 100" would limit the number of
+recipients per UUCP delivery to 100. </p>
+
+<p> If an email message exceeds the recipient limit for some
+destination, the Postfix queue manager breaks up the list of
+recipients into smaller lists. Postfix will attempt to send multiple
+copies of the message in parallel. </p>
+
+<p> IMPORTANT: Be careful when increasing the recipient limit per
+message delivery; some SMTP servers abort the connection when they
+run out of memory or when a hard recipient limit is reached, so
+that the message will never be delivered. </p>
+
+<p> The <a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> parameter (default: 1000) controls
+how many recipients the Postfix <a href="smtpd.8.html">smtpd(8)</a> server will take per
+delivery. The default limit is more than any reasonable SMTP client
+would send. The limit exists to protect the local mail system
+against a run-away client. </p>
+
+<h2><a name="hammer">Tuning the frequency of deferred mail delivery attempts</a></h2>
+
+<p> When a Postfix delivery agent (<a href="smtp.8.html">smtp(8)</a>, <a href="local.8.html">local(8)</a>, etc.) is
+unable to deliver a message it may blame the message itself, or it
+may blame the receiving party. </p>
+
+<ul>
+
+<li> <p> When the delivery agent blames the message, the queue
+manager gives the queue file a time stamp into the future, so it
+won't be looked at for a while. By default, the amount of time to
+cool down is the amount of time that has passed since the message
+arrived. This results in so-called exponential backoff behavior.
+</p>
+
+<li> <p> When the delivery agent blames the receiving party (for
+example a local recipient user, or a remote host), the queue manager
+not only advances the queue file time stamp, but also puts the
+receiving party on a "dead" list so that it will be skipped for
+some amount of time. </p>
+
+</ul>
+
+<p> This process is governed by a bunch of little parameters. </p>
+
+<blockquote>
+
+<dl>
+
+<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 300 seconds; before Postfix 2.4:
+1000s) </dt> <dd> How often
+the queue manager scans the queue for deferred mail. </dd>
+
+<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 300 seconds; before Postfix
+2.4: 1000s) </dt> <dd> The
+minimal amount of time a message won't be looked at, and the minimal
+amount of time to stay away from a "dead" destination. </dd>
+
+<dt> <a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (default: 4000 seconds) </dt> <dd> The
+maximal amount of time a message won't be looked at after a delivery
+failure. </dd>
+
+<dt> <a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (default: 5 days) </dt> <dd> How long
+a message stays in the queue before it is sent back as undeliverable.
+Specify 0 for mail that should be returned immediately after the
+first unsuccessful delivery attempt. </dd>
+
+<dt> <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (default: 5 days, available with Postfix
+version 2.1 and later) </dt> <dd> How long a MAILER-DAEMON message
+stays in the queue before it is considered undeliverable. Specify
+0 for mail that should be tried only once. </dd>
+
+<dt> <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (default: 20000) </dt> <dd> The
+size of many in-memory queue manager data structures. Among others,
+this parameter limits the size of the short-term, in-memory list
+of "dead" destinations. Destinations that don't fit the list are
+not added. </dd>
+
+<dt> <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>
+</dt> <dd> Controls when a destination is considered "dead". This
+parameter is critical with a non-zero
+<a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a>, with a reduced
+<a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a>, or with
+a reduced <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>. </dd>
+
+</dl>
+
+</blockquote>
+
+<p> IMPORTANT: If you increase the frequency of deferred mail
+delivery attempts, or if you flush the deferred mail queue frequently,
+then you may find that Postfix mail delivery performance actually
+becomes worse. The symptoms are as follows: </p>
+
+<ul>
+
+<li> <p> The <a href="QSHAPE_README.html#active_queue">active queue</a> becomes saturated with mail that has
+delivery problems. New mail enters the <a href="QSHAPE_README.html#active_queue">active queue</a> only when
+an old message is deferred. This is a slow process that usually
+requires timing out one or more SMTP connections. </p>
+
+<li> <p> All available Postfix delivery agents become occupied
+trying to connect to unreachable sites etc. New mail has to wait
+until a delivery agent becomes available. This is a slow process
+that usually requires timing out one or more SMTP connections. </p>
+
+</ul>
+
+<p> When mail is being deferred frequently, fixing the problem is
+always better than increasing the frequency of delivery attempts.
+However, if you can control only the delivery attempt frequency,
+consider using a dedicated <a href="postconf.5.html#fallback_relay">fallback_relay</a> "graveyard" machine for
+bad destinations, so that these destinations do not ruin the
+performance of normal
+mail deliveries. </p>
+
+<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
+
+<p> The <a href="postconf.5.html#default_process_limit">default_process_limit</a> configuration parameter gives direct
+control over how many daemon processes Postfix will run. As of
+Postfix 2.0 the default limit is 100 SMTP client processes, 100
+SMTP server processes, and so on. This may overwhelm systems with
+little memory, as well as networks with low bandwidth. </p>
+
+<p> You can change the global process limit by specifying a
+non-default <a href="postconf.5.html#default_process_limit">default_process_limit</a> in the <a href="postconf.5.html">main.cf</a> file. For example,
+to run up to 10 SMTP client processes, 10 SMTP server processes,
+and so on: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#default_process_limit">default_process_limit</a> = 10
+</pre>
+</blockquote>
+
+<p> You need to execute "postfix reload" to make the change effective.
+This limit is enforced by the Postfix <a href="master.8.html">master(8)</a> daemon which does
+not automatically read <a href="postconf.5.html">main.cf</a> when it changes. </p>
+
+<p> You can override the process limit for specific Postfix daemons
+by editing the <a href="master.5.html">master.cf</a> file. For example, if you do not wish to
+receive 100 SMTP messages at the same time, but do not want to
+change the process limits for other Postfix daemons, you could
+specify: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # ====================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ====================================================================
+ . . .
+ smtp inet n - - - 10 smtpd
+ . . .
+</pre>
+</blockquote>
+
+<h2><a name="proc_sys">Tuning the number of processes on the system</a></h2>
+
+<ul>
+
+<li> <p> MacOS X will run out of process slots when you increase
+Postfix process limits. The following works with OSX 10.4 and OSX
+10.5. </p>
+
+<p> MacOS X kernel parameters can be specified in /etc/sysctl.conf.
+</p>
+
+<pre>
+/etc/sysctl.conf:
+ kern.maxproc=2048
+ kern.maxprocperuid=2048
+</pre>
+
+<p> Unfortunately these can't simply be set on the fly with "sysctl
+-w". You also have to set the following in /etc/launchd.conf so
+that the root user after boot will have the right process limit
+(2048). Otherwise you have to always run ulimit -u 2048 as root,
+then start a user shell, and then start processes for things to
+take effect. </p>
+
+<pre>
+/etc/launchd.conf:
+ limit maxproc 2048
+</pre>
+
+<p> Once these are in place, reboot the system. After that, the limits will
+stay in place. </p>
+
+</ul>
+
+<h2><a name="file_limit">Tuning the number of open files or sockets</a></h2>
+
+<p> When Postfix opens too many files or sockets, processes will
+abort with fatal errors, and the system may log "file table full"
+errors. </p>
+
+<ul>
+
+<li> <p> Depending on your Postfix and operating system versions
+you may need to recompile Postfix if you need more than 1024 file
+descriptors per process: </p>
+
+<ul> <li> <p> No recompilation is needed for Postfix version 2.4
+and later, when it was compiled for systems that support BSD kqueue(2)
+(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
+Linux 2.6 epoll(4). </p>
+
+<li> <p> Otherwise, Postfix needs to be recompiled to override the
+default FD_SETSIZE value. </p>
+
+</ul>
+
+<li> <p> Reduce the number of processes as described under "<a
+href="#proc_limit">Tuning the number of Postfix processes</a>" above.
+Fewer processes need fewer open files and sockets. </p>
+
+<li> <p> Configure the kernel for more open files and sockets.
+The details are extremely system dependent and change with the
+operating system version. Be sure to verify the following information
+with your system tuning guide: </p>
+
+<ul>
+
+<li> <p> Some FreeBSD kernel parameters can be specified in
+/boot/loader.conf, and some can be specified in /etc/sysctl.conf
+or changed with sysctl commands.
+Which is which depends on the version.
+</p>
+
+<pre>
+kern.ipc.maxsockets="5000"
+kern.ipc.nmbclusters="65536"
+kern.maxproc="2048"
+kern.maxfiles="16384"
+kern.maxfilesperproc="16384"
+</pre>
+
+<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
+or changed with sysctl commands: </p>
+
+<pre>
+fs.file-max=16384
+kernel.threads-max=2048
+</pre>
+
+<li> <p> Solaris kernel parameters can be specified in /etc/system,
+as described in the <a
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
+FAQ</a> entry titled "How can I increase the number of file
+descriptors per process?" </p>
+
+<pre>
+* set hard limit on file descriptors
+set rlim_fd_max = 4096
+* set soft limit on file descriptors
+set rlim_fd_cur = 1024
+</pre>
+
+</ul>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/UUCP_README.html b/html/UUCP_README.html
new file mode 100644
index 0000000..e5f7587
--- /dev/null
+++ b/html/UUCP_README.html
@@ -0,0 +1,201 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix and UUCP </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and UUCP </h1>
+
+<hr>
+
+<h2><a name="uucp-tcp">Using UUCP over TCP</a></h2>
+
+<p> Despite a serious lack of sex-appeal, email via UUCP over TCP
+is a practical option for sites without permanent Internet connections,
+and for sites without a fixed IP address. For first-hand information,
+see the following guides: </p>
+
+<ul>
+
+<li> Jim Seymour's guide for using UUCP over TCP at
+<a href="http://jimsun.LinxNet.com/jdp/uucp_over_tcp/index.html">http://jimsun.LinxNet.com/jdp/uucp_over_tcp/index.html</a>,
+
+<li> Craig Sanders's guide for SSL-encrypted UUCP over TCP
+using stunnel at <a href="http://taz.net.au/postfix/uucp/">http://taz.net.au/postfix/uucp/</a>.
+
+</ul>
+
+Here's a graphical description of what this document is about:
+
+<blockquote>
+
+<table>
+
+<tr> <td> Local network <tt> &lt;---&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"><a href="#lan-uucp">LAN to<br>
+UUCP<br> Gateway</a></td>
+
+<td> <tt> &lt;--- </tt> UUCP <tt> ---&gt; </tt> </td>
+
+<td bgcolor="#f0f0ff" align="center"><a href="#internet-uucp">Internet<br>
+to UUCP<br> Gateway</a></td>
+
+<td> <tt> &lt;---&gt; </tt> Internet </td> </tr>
+
+</table>
+
+</blockquote>
+
+<p> And here's the table of contents of this document: </p>
+
+<ul>
+
+<li><a href="#internet-uucp">Setting up a Postfix Internet to UUCP
+gateway</a>
+
+<li><a href="#lan-uucp">Setting up a Postfix LAN to UUCP
+gateway</a>
+
+</ul>
+
+<h2><a name="internet-uucp">Setting up a Postfix Internet to UUCP
+gateway</a></h2>
+
+<p> Here is how to set up a machine that sits on the Internet and
+that forwards mail to a LAN that is connected via UUCP. See
+the <a href="#lan-uucp">LAN to UUCP gateway</a> section for
+the other side of the story. </p>
+
+<ul>
+
+<li> <p> You need an <b>rmail</b> program that extracts the sender
+address from mail that arrives via UUCP, and that feeds the mail
+into the Postfix <b>sendmail</b> command. Most UNIX systems come
+with an <b>rmail</b> utility. If you're in a pinch, try the one
+bundled with the Postfix source code in the <b>auxiliary/rmail</b>
+directory. </p>
+
+<li> <p> Define a <a href="pipe.8.html">pipe(8)</a> based mail delivery transport for delivery
+via UUCP: </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ uucp unix - n n - - pipe
+ flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+</pre>
+
+<p> This runs the <b>uux</b> command to place outgoing mail into
+the UUCP queue after replacing $nexthop by the next-hop hostname
+(the receiving UUCP host) and after replacing $recipient by the
+recipients. The <a href="pipe.8.html">pipe(8)</a> delivery agent executes the <b>uux</b>
+command without assistance from the shell, so there are no problems
+with shell meta characters in command-line parameters. </p>
+
+<li> <p> Specify that mail for <i>example.com</i>, should be
+delivered via UUCP, to a host named <i>uucp-host</i>: </p>
+
+<pre>
+/etc/postfix/transport:
+ example.com uucp:uucp-host
+ .example.com uucp:uucp-host
+</pre>
+
+<p> See the <a href="transport.5.html">transport(5)</a> manual page for more details. </p>
+
+<li> <p> Execute the command "<b>postmap /etc/postfix/transport</b>"
+whenever you change the <b>transport</b> file. </p>
+
+<li> <p> Enable <b>transport</b> table lookups: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+</pre>
+
+<p> Specify <b>dbm</b> instead of <b>hash</b> if your system uses
+<b>dbm</b> files instead of <b>db</b> files. To find out what map
+types Postfix supports, use the command "<b>postconf -m</b>". </p>
+
+<li> <p> Add <i>example.com</i> to the list of domains that your site
+is willing to relay mail for. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relay_domains">relay_domains</a> = example.com ...<i>other <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a></i>...
+</pre>
+
+<p> See the <a href="postconf.5.html#relay_domains">relay_domains</a> configuration parameter description for
+details. </p>
+
+<li> <p> Execute the command "<b>postfix reload</b>" to make the
+changes effective. </p>
+
+</ul>
+
+<h2><a name="lan-uucp">Setting up a Postfix LAN to UUCP
+gateway</a></h2>
+
+<p> Here is how to relay mail from a LAN via UUCP to the
+Internet. See the <a href="#internet-uucp">Internet to UUCP
+gateway</a> section for the other side of the story. </p>
+
+<ul>
+
+<li> <p> You need an <b>rmail</b> program that extracts the sender
+address from mail that arrives via UUCP, and that feeds the mail
+into the Postfix <b>sendmail</b> command. Most UNIX systems come
+with an <b>rmail</b> utility. If you're in a pinch, try the one
+bundled with the Postfix source code in the <b>auxiliary/rmail</b>
+directory. </p>
+
+<li> <p> Specify that all remote mail must be sent via the <b>uucp</b>
+mail transport to your UUCP gateway host, say, <i>uucp-gateway</i>: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#relayhost">relayhost</a> = uucp-gateway
+ <a href="postconf.5.html#default_transport">default_transport</a> = uucp
+</pre>
+
+<p> Postfix 2.0 and later also allows the following more succinct form: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#default_transport">default_transport</a> = uucp:uucp-gateway
+</pre>
+
+<li> <p> Define a <a href="pipe.8.html">pipe(8)</a> based message delivery transport for mail
+delivery via UUCP: </p>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ uucp unix - n n - - pipe
+ flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+</pre>
+
+<p> This runs the <b>uux</b> command to place outgoing mail into
+the UUCP queue. It substitutes the next-hop hostname (<i>uucp-gateway</i>,
+or whatever you specified) and the recipients before executing the
+command. The <b>uux</b> command is executed without assistance
+from the shell, so there are no problems with shell meta characters.
+</p>
+
+<li> <p> Execute the command "<b>postfix reload</b>" to make the
+changes effective. </p>
+
+</ul>
+
+</body>
+
+</html>
diff --git a/html/VERP_README.html b/html/VERP_README.html
new file mode 100644
index 0000000..8ec6f1d
--- /dev/null
+++ b/html/VERP_README.html
@@ -0,0 +1,290 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix VERP Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix VERP Howto</h1>
+
+<hr>
+
+<h2>Postfix VERP support</h2>
+
+<p> Postfix versions 1.1 and later support variable envelope return
+path addresses on request. When VERP style delivery is requested,
+each recipient of a message receives a customized copy of the
+message, with his/her own recipient address encoded in the envelope
+sender address. </p>
+
+<p> For example, when VERP style delivery is requested, Postfix
+delivers mail from "<tt>owner-listname@origin</tt>" for a recipient
+"<tt>user@domain</tt>", with a sender address that encodes the
+recipient as follows: </p>
+
+<blockquote>
+<pre>
+owner-listname+user=domain@origin
+</pre>
+</blockquote>
+
+<p> Thus, undeliverable mail can reveal the undeliverable recipient
+address without requiring the list owner to parse bounce messages.
+</p>
+
+<p> The VERP concept was popularized by the qmail MTA and by the ezmlm
+mailing list manager. See <a href="http://cr.yp.to/proto/verp.txt">http://cr.yp.to/proto/verp.txt</a> for the
+ideas behind this concept. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li> <a href="#config"> Postfix VERP configuration parameters </a>
+
+<li> <a href="#majordomo"> Using VERP with majordomo etc. mailing lists </a>
+
+<li> <a href="#smtp"> VERP support in the Postfix SMTP server</a>
+
+<li> <a href="#sendmail"> VERP support in the Postfix sendmail command </a>
+
+<li> <a href="#qmqp"> VERP support in the Postfix QMQP server </a>
+
+</ul>
+
+<h2> <a name="config"> Postfix VERP configuration parameters </a> </h2>
+
+With Postfix, the whole process is controlled by four configuration
+parameters.
+
+<dl>
+
+<dt> <a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (default value: +=)
+
+ <dd> <p> What VERP delimiter characters Postfix uses when VERP
+ style delivery is requested but no explicit delimiters are
+ specified. </p>
+
+<dt> <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (default: -+=)
+
+ <dd> <p> What characters Postfix accepts as VERP delimiter
+ characters on the sendmail command line and in SMTP commands.
+ Many characters must not be used as VERP delimiter characters,
+ either because they already have a special meaning in email
+ addresses (such as the @ or the %), because they are used as
+ part of a username or domain name (such as alphanumerics), or
+ because they are non-ASCII or control characters. And who
+ knows, some characters may tickle bugs in vulnerable software,
+ and we would not want that to happen. </p> </dd>
+
+<dt> <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> (default value: none)
+
+ <dd> <p> What SMTP clients are allowed to request VERP style
+ delivery. The Postfix QMQP server uses its own access control
+ mechanism, and local submission (via /usr/sbin/sendmail etc.)
+ is always authorized. To authorize a host, list its name, IP
+ address, subnet (net/mask) or parent .domain. </p>
+
+ <p> With Postfix versions 1.1 and 2.0, this parameter is called
+ <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>). </p> </dd>
+
+<dt> <a href="postconf.5.html#disable_verp_bounces">disable_verp_bounces</a> (default: no)
+
+ <dd> <p> Send one bounce report for multi-recipient VERP mail,
+ instead of one bounce report per recipient. The default,
+ one per recipient, is what ezmlm needs. </p> </dd>
+
+</dl>
+
+<h2> <a name="majordomo"> Using VERP with majordomo etc. mailing lists </a> </h2>
+
+<p> In order to make VERP useful with majordomo etc. mailing lists,
+you would configure the list manager to submit mail according
+to one of the following two forms: </p>
+
+<p> Postfix 2.3 and later: </p>
+
+<blockquote>
+<pre>
+% sendmail -XV -f owner-listname other-arguments...
+
+% sendmail -XV+= -f owner-listname other-arguments...
+</pre>
+</blockquote>
+
+<p> Postfix 2.2 and earlier (Postfix 2.3 understands the old syntax
+for backwards compatibility, but will log a warning that reminds
+you of the new syntax): </p>
+
+<blockquote>
+<pre>
+% sendmail -V -f owner-listname other-arguments...
+
+% sendmail -V+= -f owner-listname other-arguments...
+</pre>
+</blockquote>
+
+<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiter characters.
+The second form allows you to explicitly specify the VERP delimiter
+characters. The example shows the recommended values. </p>
+
+<p> This text assumes that you have set up an owner-listname alias
+that routes undeliverable mail to a real person: </p>
+
+<blockquote>
+<pre>
+/etc/aliases:
+ owner-listname: yourname+listname
+</pre>
+</blockquote>
+
+<p> In order to process bounces we are going to make extensive use
+of address extension tricks. </p>
+
+<p> You need to tell Postfix that + is the separator between an
+address and its optional address extension, that address extensions
+are appended to .forward file names, and that address extensions
+are to be discarded when doing alias expansions: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +
+ <a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension},
+ $home/.forward
+ <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual
+</pre>
+</blockquote>
+
+<p> (the last two parameter settings are default settings). </p>
+
+<p> You need to set up a file named .forward+listname with the
+commands that process all the mail that is sent to the owner-listname
+address: </p>
+
+<blockquote>
+<pre>
+~/.forward+listname:
+ "|/some/where/command ..."
+</pre>
+</blockquote>
+
+<p> With this set up, undeliverable mail for user@domain will be returned
+to the following address: </p>
+
+<blockquote>
+<pre>
+owner-listname+user=domain@your.domain
+</pre>
+</blockquote>
+
+<p> which is processed by the command in your .forward+listname file.
+The message should contain, among others, a To: header with the
+encapsulated recipient sender address: </p>
+
+<blockquote>
+<pre>
+To: owner-listname+user=domain@your.domain
+</pre>
+</blockquote>
+
+<p> It is left as an exercise for the reader to parse the To: header
+line and to pull out the user=domain part from the recipient address.
+</p>
+
+<h2> <a name="smtp"> VERP support in the Postfix SMTP server </a> </h2>
+
+<p> The Postfix SMTP server implements a command XVERP to enable
+VERP style delivery. The syntax allows two forms: </p>
+
+<blockquote>
+<pre>
+MAIL FROM:&lt;sender@domain&gt; XVERP
+
+MAIL FROM:&lt;sender@domain&gt; XVERP=+=
+</pre>
+</blockquote>
+
+<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiters, the
+second form overrides them explicitly. The values shown are the
+recommended ones. </p>
+
+<p> You can use the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> feature to append XVERP
+to SMTP commands from legacy software. This requires Postfix 2.7
+or later. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/append_verp.pcre
+ <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+
+/etc/postfix/append_verp.<a href="pcre_table.5.html">pcre</a>:
+ /^(MAIL FROM:&lt;listname@example\.com&gt;.*)/ $1 XVERP
+</pre>
+</blockquote>
+
+<h2> <a name="sendmail"> VERP support in the Postfix sendmail command </a> </h2>
+
+<p> The Postfix sendmail command has a -V flag to request VERP style
+delivery. Specify one of the following two forms: </p>
+
+<p> Postfix 2.3 and later:</p>
+<blockquote>
+<pre>
+% sendmail -XV -f owner-listname ....
+
+% sendmail -XV+= -f owner-listname ....
+</pre>
+</blockquote>
+
+<p> Postfix 2.2 and earlier (Postfix 2.3 understands the old syntax
+for backwards compatibility, but will log a warning that reminds
+you of the new syntax): </p>
+
+<blockquote>
+<pre>
+% sendmail -V -f owner-listname ....
+
+% sendmail -V+= -f owner-listname ....
+</pre>
+</blockquote>
+
+<p> The first form uses the default <a href="postconf.5.html">main.cf</a> VERP delimiters, the
+second form overrides them explicitly. The values shown are the
+recommended ones. </p>
+
+<h2> <a name="qmqp"> VERP support in the Postfix QMQP server </a> </h2>
+
+<p> When the Postfix QMQP server receives mail with an envelope
+sender address of the form: </p>
+
+<blockquote>
+<pre>
+listname-@your.domain-@[]
+</pre>
+</blockquote>
+
+<p> Postfix generates sender addresses
+"<tt>listname-user=domain@your.domain</tt>", using "-=" as the VERP
+delimiters because qmail/ezmlm expect this. </p>
+
+<p> More generally, a sender address of "<tt>prefix@origin-@[]</tt>"
+requests VERP style delivery with sender addresses of the form
+"<tt>prefixuser=domain@origin</tt>". However, Postfix allows only
+VERP delimiters that are specified with the <a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a>
+parameter. In particular, the "=" delimiter is required for qmail
+compatibility (see the qmail addresses(5) manual page for details).
+
+</body>
+
+</html>
diff --git a/html/VIRTUAL_README.html b/html/VIRTUAL_README.html
new file mode 100644
index 0000000..57f53d8
--- /dev/null
+++ b/html/VIRTUAL_README.html
@@ -0,0 +1,649 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Virtual Domain Hosting Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Virtual Domain Hosting Howto</h1>
+
+<hr>
+
+<h2>Purpose of this document</h2>
+
+<p> This document requires Postfix version 2.0 or later. </p>
+
+<p> This document gives an overview of how Postfix can be used for
+hosting multiple Internet domains, both for final delivery on the
+machine itself and for the purpose of forwarding to destinations
+elsewhere. </p>
+
+<p> The text not only describes delivery mechanisms that are built
+into Postfix, but also gives pointers for using non-Postfix mail
+delivery software. </p>
+
+<p> The following topics are covered: </p>
+
+<ul>
+
+<li> <a href="#canonical">Canonical versus hosted versus other domains</a>
+
+<li> <a href="#local_vs_database">Local files versus network databases</a>
+
+<li> <a href="#local">As simple as can be: shared domains,
+UNIX system accounts</a>
+
+<li> <a href="#virtual_alias">Postfix virtual ALIAS example:
+separate domains, UNIX system accounts</a>
+
+<li> <a href="#virtual_mailbox">Postfix virtual MAILBOX example:
+separate domains, non-UNIX accounts</a>
+
+<li> <a href="#in_virtual_other">Non-Postfix mailbox store: separate
+domains, non-UNIX accounts</a>
+
+<li> <a href="#forwarding">Mail forwarding domains</a>
+
+<li> <a href="#mailing_lists">Mailing lists</a>
+
+<li> <a href="#autoreplies">Autoreplies</a>
+
+</ul>
+
+<h2><a name="canonical">Canonical versus hosted versus
+other domains</a></h2>
+
+<p>Most Postfix systems are the <b>final destination</b> for only a
+few domain names. These include the hostnames and [the IP addresses]
+of the machine that Postfix runs on, and sometimes also include
+the parent domain of the hostname. The remainder of this document
+will refer to these domains as the <a href="VIRTUAL_README.html#canonical">canonical domains</a>. They are
+usually implemented with the Postfix <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> address class,
+as defined in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file.</p>
+
+<p> Besides the <a href="VIRTUAL_README.html#canonical">canonical domains</a>, Postfix can be configured to be
+the <b>final destination</b> for any number of additional domains.
+These domains are called hosted, because they are not directly
+associated with the name of the machine itself. Hosted domains are
+usually implemented with the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> address class
+and/or with the <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domain</a> address class, as defined
+in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
+
+<p> But wait! There is more. Postfix can be configured as a backup
+MX host for other domains. In this case Postfix is <b>not the final
+destination</b> for those domains. It merely queues the mail when
+the primary MX host is down, and forwards the mail when the primary
+MX host becomes available. This function is implemented with the
+<a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domain</a> address class, as defined in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
+file. </p>
+
+<p> Finally, Postfix can be configured as a transit host for sending
+mail across the internet. Obviously, Postfix is not the final destination
+for such mail. This function is available only for authorized
+clients and/or users, and is implemented by the <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a>
+address class, as defined in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
+
+<h2><a name="local_vs_database">Local files versus network databases</a></h2>
+
+<p> The examples in this text use table lookups from local files
+such as DBM or Berkeley DB. These are easy to debug with the
+<b>postmap</b> command: </p>
+
+<blockquote>
+Example: <tt>postmap -q info@example.com <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual</tt>
+</blockquote>
+
+<p> See the documentation in <a href="LDAP_README.html">LDAP_README</a>, <a href="MYSQL_README.html">MYSQL_README</a> and <a href="PGSQL_README.html">PGSQL_README</a>
+for how to replace local files by databases. The reader is strongly
+advised to make the system work with local files before migrating
+to network databases, and to use the <b>postmap</b> command to verify
+that network database lookups produce the exact same results as
+local file lookup. </p>
+
+<blockquote>
+Example: <tt>postmap -q info@example.com <a href="ldap_table.5.html">ldap</a>:/etc/postfix/virtual.cf</tt>
+</blockquote>
+
+<h2><a name="local">As simple as can be: shared domains, UNIX system
+accounts</a></h2>
+
+<p> The simplest method to host an additional domain is to add the
+domain name to the domains listed in the Postfix <a href="postconf.5.html#mydestination">mydestination</a>
+configuration parameter, and to add the user names to the UNIX
+password file. </p>
+
+<p> This approach makes no distinction between canonical and hosted
+domains. Each username can receive mail in every domain. </p>
+
+<p> In the examples we will use "example.com" as the domain that is
+being hosted on the local Postfix machine. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> ... example.com
+</pre>
+</blockquote>
+
+<p> The limitations of this approach are: </p>
+
+<ul>
+
+<li>A total lack of separation: mail for info@my.host.name is
+delivered to the same UNIX system account as mail for info@example.com.
+
+<li> With users in the UNIX password file, administration of large
+numbers of users becomes inconvenient.
+
+</ul>
+
+<p> The examples that follow provide solutions for both limitations.
+</p>
+
+<h2><a name="virtual_alias">Postfix virtual ALIAS example:
+separate domains, UNIX system accounts</a></h2>
+
+<p> With the approach described in this section, every <a href="VIRTUAL_README.html#canonical">hosted domain</a>
+can have its own info etc. email address. However, it still uses
+UNIX system accounts for local mailbox deliveries. </p>
+
+<p> With <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>, each hosted address is aliased to
+a local UNIX system account or to a remote address. The example
+below shows how to use this mechanism for the example.com domain.
+</p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = example.com ...other <a href="VIRTUAL_README.html#canonical">hosted domains</a>...
+ 3 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 4
+ 5 /etc/postfix/virtual:
+ 6 postmaster@example.com postmaster
+ 7 info@example.com joe
+ 8 sales@example.com jane
+ 9 # Uncomment entry below to implement a catch-all address
+10 # @example.com jim
+11 ...virtual aliases for more domains...
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Line 2: the <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> setting tells Postfix
+that example.com is a so-called <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. If you omit
+this setting then Postfix will reject mail (relay access denied)
+or will not be able to deliver it (mail for example.com loops back
+to myself). </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name as a <a href="postconf.5.html#mydestination">mydestination</a>
+domain! </p>
+
+<li> <p> Lines 3-8: the /etc/postfix/virtual file contains the virtual
+aliases. With the example above, mail for postmaster@example.com
+goes to the local postmaster, while mail for info@example.com goes
+to the UNIX account joe, and mail for sales@example.com goes to
+the UNIX account jane. Mail for all other addresses in example.com
+is rejected with the error message "User unknown". </p>
+
+<li> <p> Line 10: the commented out entry (text after #) shows how
+one would implement a catch-all virtual alias that receives mail
+for every example.com address not listed in the virtual alias file.
+This is not without risk. Spammers nowadays try to send mail from
+(or mail to) every possible name that they can think of. A catch-all
+mailbox is likely to receive many spam messages, and many bounces
+for spam messages that were sent in the name of anything@example.com.
+</p>
+
+</ul>
+
+<p>Execute the command "<b>postmap /etc/postfix/virtual</b>" after
+changing the virtual file, and execute the command "<b>postfix
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<p> Note: virtual aliases can resolve to a local address or to a
+remote address, or both. They don't have to resolve to UNIX system
+accounts on your machine. </p>
+
+<p> More details about the virtual alias file are given in the
+<a href="virtual.5.html">virtual(5)</a> manual page, including multiple addresses on the right-hand
+side. </p>
+
+<p> Virtual aliasing solves one problem: it allows each domain to
+have its own info mail address. But there still is one drawback:
+each virtual address is aliased to a UNIX system account. As you
+add more virtual addresses you also add more UNIX system accounts.
+The next section eliminates this problem. </p>
+
+<h2><a name="virtual_mailbox">Postfix virtual MAILBOX example:
+separate domains, non-UNIX accounts</a></h2>
+
+<p> As a system hosts more and more domains and users, it becomes less
+desirable to give every user their own UNIX system account.</p>
+
+<p> With the Postfix <a href="virtual.8.html">virtual(8)</a> mailbox delivery agent, every
+recipient address can have its own virtual mailbox. Unlike virtual
+alias domains, <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a> do not need the clumsy
+translation from each recipient addresses into a different address,
+and owners of a virtual mailbox address do not need to have a UNIX
+system account.</p>
+
+<p> The Postfix <a href="virtual.8.html">virtual(8)</a> mailbox delivery agent looks up the user
+mailbox pathname, uid and gid via separate tables that are searched
+with the recipient's mail address. Maildir style delivery is turned
+on by terminating the mailbox pathname with "/".</p>
+
+<p> If you find the idea of multiple tables bothersome, remember
+that you can migrate the information (once it works), to an SQL
+database. If you take that route, be sure to review the <a
+href="#local_vs_database"> "local files versus databases"</a>
+section at the top of this document.</p>
+
+<p> Here is an example of a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domain</a> "example.com":
+</p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = example.com ...more domains...
+ 3 <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail/vhosts
+ 4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/vmailbox
+ 5 <a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> = 100
+ 6 <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
+ 7 <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> = <a href="DATABASE_README.html#types">static</a>:5000
+ 8 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 9
+10 /etc/postfix/vmailbox:
+11 info@example.com example.com/info
+12 sales@example.com example.com/sales/
+13 # Comment out the entry below to implement a catch-all.
+14 # @example.com example.com/catchall
+15 ...virtual mailboxes for more domains...
+16
+17 /etc/postfix/virtual:
+18 postmaster@example.com postmaster
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Line 2: The <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> setting tells Postfix
+that example.com is a so-called <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domain</a>. If you omit
+this setting then Postfix will reject mail (relay access denied)
+or will not be able to deliver it (mail for example.com loops back
+to myself). </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual MAILBOX domain</a> name as a <a href="postconf.5.html#mydestination">mydestination</a>
+domain! </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual MAILBOX domain</a> name as a virtual ALIAS
+domain! </p>
+
+<li> <p> Line 3: The <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> parameter specifies a
+prefix for all virtual mailbox pathnames. This is a safety mechanism
+in case someone makes a mistake. It prevents mail from being
+delivered all over the file system. </p>
+
+<li> <p> Lines 4, 10-15: The <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> parameter specifies
+the lookup table with mailbox (or maildir) pathnames, indexed by
+the virtual mail address. In this example, mail for info@example.com
+goes to the mailbox at /var/mail/vhosts/example.com/info while mail
+for sales@example.com goes to the maildir located at
+/var/mail/vhosts/example.com/sales/. </p>
+
+<li> <p> Line 5: The <a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> specifies a lower bound
+on the mailbox or maildir owner's UID. This is a safety mechanism
+in case someone makes a mistake. It prevents mail from being written
+to sensitive files. </p>
+
+<li> <p> Lines 6, 7: The <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> and <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a>
+parameters specify that all the virtual mailboxes are owned by a
+fixed uid and gid 5000. If this is not what you want, specify
+lookup tables that are searched by the recipient's mail address.
+</p>
+
+<li> <p> Line 14: The commented out entry (text after #) shows how
+one would implement a catch-all virtual mailbox address. Be prepared
+to receive a lot of spam, as well as bounced spam that was sent in
+the name of anything@example.com. </p>
+
+<p> NEVER put a virtual MAILBOX wild-card in the virtual ALIAS
+file!! </p>
+
+<li> <p> Lines 8, 17, 18: As you see, it is possible to mix virtual
+aliases with virtual mailboxes. We use this feature to redirect
+mail for example.com's postmaster address to the local postmaster.
+You can use the same mechanism to redirect an address to a remote
+address. </p>
+
+<li> <p> Line 18: This example assumes that in <a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a>
+is listed under the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is
+not the case, specify an explicit domain name on the right-hand
+side of the virtual alias table entries or else mail will go to
+the wrong domain. </p>
+
+</ul>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
+changing the virtual file, execute "<b>postmap /etc/postfix/vmailbox</b>"
+after changing the vmailbox file, and execute the command "<b>postfix
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<p> Note: mail delivery happens with the recipient's UID/GID
+privileges specified with <a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> and <a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a>.
+Postfix 2.0 and earlier will not create mailDIRs in world-writable
+parent directories; you must create them in advance before you can
+use them. Postfix may be able to create mailBOX files by itself,
+depending on parent directory write permissions, but it is safer
+to create mailBOX files ahead of time. </p>
+
+<p> More details about the virtual mailbox delivery agent are given
+in the <a href="virtual.8.html">virtual(8)</a> manual page. </p>
+
+<h2><a name="in_virtual_other">Non-Postfix mailbox store: separate
+domains, non-UNIX accounts</a></h2>
+
+<p> This is a variation on the Postfix <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a>.
+Again, every hosted address can have its own mailbox. However, most
+parameters that control the <a href="virtual.8.html">virtual(8)</a> delivery agent are no longer
+applicable: only <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> and <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+stay in effect. These parameters are needed to reject mail for
+unknown recipients. </p>
+
+<p> While non-Postfix software is being used for final delivery,
+some Postfix concepts are still needed in order to glue everything
+together. For additional background on this glue you may want to
+take a look at the <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domain</a> class as defined in the
+<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
+
+<p> The text in this section describes what things should look like
+from Postfix's point of view. See <a href="CYRUS_README.html">CYRUS_README</a> or <a href="MAILDROP_README.html">MAILDROP_README</a>
+for specific information about Cyrus or about Courier maildrop.
+</p>
+
+<p> Here is an example for a <a href="VIRTUAL_README.html#canonical">hosted domain</a> example.com that delivers
+to a non-Postfix delivery agent: </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#virtual_transport">virtual_transport</a> = ...see below...
+ 3 <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = example.com ...more domains...
+ 4 <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/vmailbox
+ 5 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 6
+ 7 /etc/postfix/vmailbox:
+ 8 info@example.com whatever
+ 9 sales@example.com whatever
+10 # Comment out the entry below to implement a catch-all.
+11 # Configure the mailbox store to accept all addresses.
+12 # @example.com whatever
+13 ...virtual mailboxes for more domains...
+14
+15 /etc/postfix/virtual:
+16 postmaster@example.com postmaster
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Line 2: With delivery to a non-Postfix mailbox store for
+<a href="VIRTUAL_README.html#canonical">hosted domains</a>, the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter usually specifies
+the Postfix LMTP client, or the name of a <a href="master.5.html">master.cf</a> entry that
+executes non-Postfix software via the pipe delivery agent. Typical
+examples (use only one): </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#virtual_transport">virtual_transport</a> = <a href="lmtp.8.html">lmtp</a>:unix:/path/name (uses UNIX-domain socket)
+<a href="postconf.5.html#virtual_transport">virtual_transport</a> = <a href="lmtp.8.html">lmtp</a>:hostname:port (uses TCP socket)
+<a href="postconf.5.html#virtual_transport">virtual_transport</a> = maildrop: (uses <a href="pipe.8.html">pipe(8)</a> to command)
+</pre>
+</blockquote>
+
+<p> Postfix comes ready with support for LMTP. And an example
+maildrop delivery method is already defined in the default Postfix
+<a href="master.5.html">master.cf</a> file. See the <a href="MAILDROP_README.html">MAILDROP_README</a> document for more details.
+</p>
+
+<li> <p> Line 3: The <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> setting tells Postfix
+that example.com is delivered via the <a href="postconf.5.html#virtual_transport">virtual_transport</a> that was
+discussed in the previous paragraph. If you omit this
+<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> setting then Postfix will either reject
+mail (relay access denied) or will not be able to deliver it (mail
+for example.com loops back to myself). </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual MAILBOX domain</a> name as a <a href="postconf.5.html#mydestination">mydestination</a>
+domain! </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual MAILBOX domain</a> name as a virtual ALIAS
+domain! </p>
+
+<li> <p> Lines 4, 7-13: The <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> parameter specifies
+the lookup table with all valid recipient addresses. The lookup
+result value is ignored by Postfix. In the above example,
+info@example.com
+and sales@example.com are listed as valid addresses; other mail for
+example.com is rejected with "User unknown" by the Postfix SMTP
+server. It's left up to the non-Postfix delivery agent to reject
+non-existent recipients from local submission or from local alias
+expansion. If you intend to
+use LDAP, MySQL or PgSQL instead of local files, be sure to review
+the <a href="#local_vs_database"> "local files versus databases"</a>
+section at the top of this document! </p>
+
+<li> <p> Line 12: The commented out entry (text after #) shows how
+one would inform Postfix of the existence of a catch-all address.
+Again, the lookup result is ignored by Postfix. </p>
+
+<p> NEVER put a virtual MAILBOX wild-card in the virtual ALIAS
+file!! </p>
+
+<p> Note: if you specify a wildcard in <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>, then
+you still need to configure the non-Postfix mailbox store to receive
+mail for any address in that domain. </p>
+
+<li> <p> Lines 5, 15, 16: As you see above, it is possible to mix
+virtual aliases with virtual mailboxes. We use this feature to
+redirect mail for example.com's postmaster address to the local
+postmaster. You can use the same mechanism to redirect any addresses
+to a local or remote address. </p>
+
+<li> <p> Line 16: This example assumes that in <a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a>
+is listed under the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is
+not the case, specify an explicit domain name on the right-hand
+side of the virtual alias table entries or else mail will go to
+the wrong domain. </p>
+
+</ul>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
+changing the virtual file, execute "<b>postmap /etc/postfix/vmailbox</b>"
+after changing the vmailbox file, and execute the command "<b>postfix
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<h2><a name="forwarding">Mail forwarding domains</a></h2>
+
+<p> Some providers host domains that have no (or only a few) local
+mailboxes. The main purpose of these domains is to forward mail
+elsewhere. The following example shows how to set up example.com
+as a mail forwarding domain: </p>
+
+<blockquote>
+<pre>
+ 1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ 2 <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = example.com ...other <a href="VIRTUAL_README.html#canonical">hosted domains</a>...
+ 3 <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+ 4
+ 5 /etc/postfix/virtual:
+ 6 postmaster@example.com postmaster
+ 7 joe@example.com joe@somewhere
+ 8 jane@example.com jane@somewhere-else
+ 9 # Uncomment entry below to implement a catch-all address
+10 # @example.com jim@yet-another-site
+11 ...virtual aliases for more domains...
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Line 2: The <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> setting tells Postfix
+that example.com is a so-called <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. If you omit
+this setting then Postfix will reject mail (relay access denied)
+or will not be able to deliver it (mail for example.com loops back
+to myself). </p>
+
+<p> NEVER list a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name as a <a href="postconf.5.html#mydestination">mydestination</a>
+domain! </p>
+
+<li> <p> Lines 3-11: The /etc/postfix/virtual file contains the
+virtual aliases. With the example above, mail for postmaster@example.com
+goes to the local postmaster, while mail for joe@example.com goes
+to the remote address joe@somewhere, and mail for jane@example.com
+goes to the remote address jane@somewhere-else. Mail for all other
+addresses in example.com is rejected with the error message "User
+unknown". </p>
+
+<li> <p> Line 10: The commented out entry (text after #) shows how
+one would implement a catch-all virtual alias that receives mail
+for every example.com address not listed in the virtual alias file.
+This is not without risk. Spammers nowadays try to send mail from
+(or mail to) every possible name that they can think of. A catch-all
+mailbox is likely to receive many spam messages, and many bounces
+for spam messages that were sent in the name of anything@example.com.
+</p>
+
+</ul>
+
+<p> Execute the command "<b>postmap /etc/postfix/virtual</b>" after
+changing the virtual file, and execute the command "<b>postfix
+reload</b>" after changing the <a href="postconf.5.html">main.cf</a> file. </p>
+
+<p> More details about the virtual alias file are given in the
+<a href="virtual.5.html">virtual(5)</a> manual page, including multiple addresses on the right-hand
+side. </p>
+
+<h2><a name="mailing_lists">Mailing lists</a></h2>
+
+<p> The examples that were given above already show how to direct
+mail for virtual postmaster addresses to a local postmaster. You
+can use the same method to direct mail for any address to a local
+or remote address. </p>
+
+<p> There is one major limitation: virtual aliases and virtual
+mailboxes can't directly deliver to mailing list managers such as
+majordomo. The solution is to set up virtual aliases that direct
+virtual addresses to the local delivery agent: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+
+/etc/postfix/virtual:
+ listname-request@example.com listname-request
+ listname@example.com listname
+ owner-listname@example.com owner-listname
+
+/etc/aliases:
+ listname: "|/some/where/majordomo/wrapper ..."
+ owner-listname: ...
+ listname-request: ...
+</pre>
+</blockquote>
+
+<p> This example assumes that in <a href="postconf.5.html">main.cf</a>, $<a href="postconf.5.html#myorigin">myorigin</a> is listed under
+the <a href="postconf.5.html#mydestination">mydestination</a> parameter setting. If that is not the case,
+specify an explicit domain name on the right-hand side of the
+virtual alias table entries or else mail will go to the wrong
+domain. </p>
+
+<p> More information about the Postfix local delivery agent can be
+found in the <a href="local.8.html">local(8)</a> manual page. </p>
+
+<p> Why does this example use a clumsy virtual alias instead of a
+more elegant transport mapping? The reason is that mail for the
+virtual mailing list would be rejected with "User unknown". In
+order to make the transport mapping work one would still need a
+bunch of virtual alias or virtual mailbox table entries. </p>
+
+<ul>
+
+<li> In case of a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, there would need to be one
+identity mapping from each mailing list address to itself.
+
+<li> In case of a <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domain</a>, there would need to be
+a dummy mailbox for each mailing list address.
+
+</ul>
+
+<h2><a name="autoreplies">Autoreplies</a></h2>
+
+<p> In order to set up an autoreply for virtual recipients while
+still delivering mail as normal, set up a rule in a virtual alias
+table: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+
+/etc/postfix/virtual:
+ user@domain.tld user@domain.tld, user@domain.tld@autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld
+</pre>
+</blockquote>
+
+<p> This delivers mail to the recipient, and sends a copy of the
+mail to the address that produces automatic replies. The address
+can be serviced on a different machine, or it can be serviced
+locally by setting up a transport map entry that pipes all mail
+for autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld into some script that sends an automatic
+reply back to the sender. </p>
+
+<p> DO NOT list autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld in <a href="postconf.5.html#mydestination">mydestination</a>! </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+
+/etc/postfix/transport:
+ autoreply.<a href="postconf.5.html#mydomain">mydomain</a>.tld autoreply:
+
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ # =============================================================
+ # service type private unpriv chroot wakeup maxproc command
+ # (yes) (yes) (yes) (never) (100)
+ # =============================================================
+ autoreply unix - n n - - pipe
+ flags= user=nobody argv=/path/to/autoreply $sender $mailbox
+</pre>
+</blockquote>
+
+<p> This invokes /path/to/autoreply with the sender address and
+the user@domain.tld recipient address on the command line. </p>
+
+<p> For more information, see the <a href="pipe.8.html">pipe(8)</a> manual page, and the
+comments in the Postfix <a href="master.5.html">master.cf</a> file. </p>
+
+</body>
+
+</html>
diff --git a/html/XCLIENT_README.html b/html/XCLIENT_README.html
new file mode 100644
index 0000000..2286294
--- /dev/null
+++ b/html/XCLIENT_README.html
@@ -0,0 +1,268 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix XCLIENT Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix XCLIENT Howto</h1>
+
+<hr>
+
+<h2>Purpose of the XCLIENT extension to SMTP</h2>
+
+<p> When an SMTP server announces support for the XCLIENT command,
+an SMTP client may send information that overrides one or more
+client-related session attributes. The XCLIENT command targets the
+following problems: </p>
+
+<ol>
+
+ <li> <p> Access control tests. SMTP server access rules are
+ difficult to verify when decisions can be triggered only by
+ remote clients. In order to facilitate access rule testing,
+ an authorized SMTP client test program needs the ability to
+ override the SMTP server's idea of the SMTP client hostname,
+ network address, and other client information, for the entire
+ duration of an SMTP session. </p>
+
+ <li> <p> Client software that downloads mail from an up-stream
+ mail server and injects it into a local MTA via SMTP. In order
+ to take advantage of the local MTA's SMTP server access rules,
+ the client software needs the ability to override the SMTP
+ server's idea of the remote client name, client address and
+ other information. Such information can typically be extracted
+ from the up-stream mail server's Received: message header. </p>
+
+ <li> <p> Post-filter access control and logging. With
+ Internet-&gt;filter-&gt;MTA style content filter applications,
+ the filter can be simplified if it can delegate decisions
+ concerning mail relay and other access control to the MTA. This
+ is especially useful when the filter acts as a transparent
+ proxy for SMTP commands. This requires that the filter can
+ override the MTA's idea of the SMTP client hostname, network
+ address, and other information. </p>
+
+</ol>
+
+<h2>XCLIENT Command syntax</h2>
+
+<p> An example client-server conversation is given at the end
+of this document. </p>
+
+<p> In SMTP server EHLO replies, the keyword associated with this
+extension is XCLIENT. It is followed by the names of the attributes
+that the XCLIENT implementation supports. </p>
+
+<p> The XCLIENT command may be sent at any time, except in the
+middle of a mail delivery transaction (i.e. between MAIL and DOT,
+or MAIL and RSET). The XCLIENT command may be pipelined when the
+server supports ESMTP command pipelining. To avoid triggering
+spamware detectors, the command should be sent at the end of a
+command group. </p>
+
+<p> The syntax of XCLIENT requests is described below. Upper case
+and quoted strings specify terminals, lowercase strings specify
+meta terminals, and SP is whitespace. Although command and attribute
+names are shown in upper case, they are in fact case insensitive.
+</p>
+
+<blockquote>
+<p>
+ xclient-command = XCLIENT 1*( SP attribute-name"="attribute-value )
+</p>
+<p>
+ attribute-name = ( NAME | ADDR | PORT | PROTO | HELO | LOGIN | DESTADDR | DESTPORT )
+</p>
+<p>
+ attribute-value = xtext
+</p>
+</blockquote>
+
+<ul>
+
+ <li> <p> Attribute values are xtext encoded as per <a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>.
+ </p>
+
+ <li> <p> The NAME attribute specifies a remote SMTP client
+ hostname (not an SMTP client address), [UNAVAILABLE] when client
+ hostname lookup failed due to a permanent error, or [TEMPUNAVAIL]
+ when the lookup error condition was transient. </p>
+
+ <li> <p> The ADDR attribute specifies a remote SMTP client
+ numerical IPv4 network address, an IPv6 address prefixed with
+ IPV6:, or [UNAVAILABLE] when the address information is
+ unavailable. Address information is not enclosed with []. </p>
+
+ <li> <p> The PORT attribute specifies a remote SMTP client TCP
+ port number as a decimal number, or [UNAVAILABLE] when the
+ information is unavailable. </p>
+
+ <li> <p> The PROTO attribute specifies either SMTP or ESMTP.
+ </p>
+
+ <li> <p> The DESTADDR attribute specifies a local SMTP server
+ numerical IPv4 network address, an IPv6 address prefixed with
+ IPV6:, or [UNAVAILABLE] when the address information is
+ unavailable. Address information is not enclosed with []. </p>
+
+ <li> <p> The DESTPORT attribute specifies a local SMTP server
+ TCP port number as a decimal number, or [UNAVAILABLE] when the
+ information is unavailable. </p>
+
+ <li> <p> The HELO attribute specifies an SMTP HELO parameter
+ value, or the value [UNAVAILABLE] when the information is
+ unavailable. </p>
+
+ <li> <p> The LOGIN attribute specifies a SASL login name, or
+ the value [UNAVAILABLE] when the information is unavailable.
+ </p>
+
+</ul>
+
+<p> Note 1: syntactically valid NAME and HELO attribute-value
+elements can be up to 255 characters long. The client must not send
+XCLIENT commands that exceed the 512 character limit for SMTP
+commands. To avoid exceeding the limit the client should send the
+information in multiple XCLIENT commands; for example, send NAME
+and ADDR last, after HELO and PROTO. Once ADDR is sent, the client
+is usually no longer authorized to send XCLIENT commands. </p>
+
+<p> Note 2: [UNAVAILABLE], [TEMPUNAVAIL] and IPV6: may be specified
+in upper case, lower case or mixed case. </p>
+
+<p> Note 3: Postfix implementations prior to version 2.3 do not
+xtext encode attribute values. Servers that wish to interoperate
+with these older implementations should be prepared to receive
+unencoded information. </p>
+
+<p> Note 4: Some Postfix implementations do not implement the PORT
+or LOGIN attributes. </p>
+
+<h2>XCLIENT Server response</h2>
+
+<p> Upon receipt of a correctly formatted XCLIENT command, the
+server resets state to the initial SMTP greeting protocol stage.
+Depending on the outcome of optional access decisions, the server
+responds with 220 or with a suitable rejection code.
+
+<p> For practical reasons it is not always possible to reset the
+complete server state to the initial SMTP greeting protocol stage:
+</p>
+
+<ul>
+
+<li> <p> TLS session information may not be reset, because turning off
+TLS leaves the connection in an undefined state. Consequently, the
+server may not announce STARTTLS when TLS is already active, and
+access decisions may be influenced by client certificate information
+that was received prior to the XCLIENT command. </p>
+
+<li> <p> The SMTP server must not reset attributes that were received
+with the last XCLIENT command. This includes HELO or PROTO attributes.
+</p>
+
+</ul>
+
+<p> NOTE: Postfix implementations prior to version 2.3 do not jump
+back to the initial SMTP greeting protocol stage. These older
+implementations will not correctly simulate connection-level access
+decisions under some conditions. </p>
+
+<h2> XCLIENT server reply codes </h2>
+
+<blockquote>
+
+<table border="1" bgcolor="#f0f0ff">
+
+<tr> <th> Code </th> <th> Meaning </th> </tr>
+
+<tr> <td> 220 </td> <td> success </td> </tr>
+
+<tr> <td> 421 </td> <td> unable to proceed, disconnecting </td> </tr>
+
+<tr> <td> 501 </td> <td> bad command parameter syntax </td> </tr>
+
+<tr> <td> 503 </td> <td> mail transaction in progress </td> </tr>
+
+<tr> <td> 550 </td> <td> insufficient authorization </td> </tr>
+
+<tr> <td> other </td> <td> connection rejected by connection-level
+access decision </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2>XCLIENT Example</h2>
+
+<p> In the example, the client impersonates a mail originating
+system by passing all SMTP client information via the XCLIENT
+command. Information sent by the client is shown in bold font.
+</p>
+
+<blockquote>
+<pre>
+220 server.example.com ESMTP Postfix
+<b>EHLO client.example.com</b>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-XCLIENT NAME ADDR PROTO HELO
+250 8BITMIME
+<b>XCLIENT NAME=spike.porcupine.org ADDR=168.100.189.2</b>
+220 server.example.com ESMTP Postfix
+<b>EHLO spike.porcupine.org</b>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-XCLIENT NAME ADDR PROTO HELO
+250 8BITMIME
+<b>MAIL FROM:&lt;wietse@porcupine.org&gt;</b>
+250 Ok
+<b>RCPT TO:&lt;user@example.com&gt;</b>
+250 Ok
+<b>DATA</b>
+354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;
+<b>. . .<i>message content</i>. . .</b>
+<b>.</b>
+250 Ok: queued as 763402AAE6
+<b>QUIT</b>
+221 Bye
+</pre>
+</blockquote>
+
+<h2>Security</h2>
+
+<p> The XCLIENT command changes audit trails and/or SMTP client
+access permissions. Use of this command must be restricted to
+authorized SMTP clients. </p>
+
+<h2>SMTP connection caching</h2>
+
+<p> XCLIENT attributes persist until the end of an SMTP session.
+If one session is used to deliver mail on behalf of different SMTP
+clients, the XCLIENT attributes need to be reset as appropriate
+before each MAIL FROM command. </p>
+
+<h2> References </h2>
+
+<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
+<a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
+
+</body>
+
+</html>
diff --git a/html/XFORWARD_README.html b/html/XFORWARD_README.html
new file mode 100644
index 0000000..ce58bb7
--- /dev/null
+++ b/html/XFORWARD_README.html
@@ -0,0 +1,242 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix XFORWARD Howto</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix XFORWARD Howto</h1>
+
+<hr>
+
+<h2>Purpose of the XFORWARD extension to SMTP</h2>
+
+<p> When an SMTP server announces support for the XFORWARD command,
+an SMTP client may send information that overrides one or more
+client-related logging attributes. The XFORWARD command targets
+the following problem: </p>
+
+<ul>
+
+ <li> <p> Logging after SMTP-based content filter. With the
+ deployment of Internet-&gt;MTA1-&gt;filter-&gt;MTA2 style
+ content filter applications, the logging of client and message
+ identifying information changes when MTA1 gives the mail to
+ the content filter. To simplify the interpretation of MTA2
+ logging, it would help if MTA1 could forward remote client
+ and/or message identifying information through the content
+ filter to MTA2, so that the information could be logged as part
+ of mail handling transactions. </p>
+
+</ul>
+
+<p> This extension is implemented as a separate ESMTP command, and
+can be used to transmit client or message attributes incrementally.
+It is not implemented by passing additional parameters via the MAIL
+FROM command, because doing so would require extending the MAIL
+FROM command length limit by another 600 or more characters beyond
+the space that is already needed to support other extensions such
+as AUTH and DSN. </p>
+
+<h2>XFORWARD Command syntax</h2>
+
+<p> An example of a client-server conversation is given at the end
+of this document. </p>
+
+<p> In SMTP server EHLO replies, the keyword associated with this
+extension is XFORWARD. The keyword is followed by the names of the
+attributes that the XFORWARD implementation supports. </p>
+
+<p> After receiving the server's announcement for XFORWARD support,
+the client may send XFORWARD requests at any time except in
+the middle of a mail delivery transaction (i.e. between MAIL and
+RSET or DOT). The command may be pipelined when the server supports
+ESMTP command pipelining. </p>
+
+<p> The syntax of XFORWARD requests is described below. Upper case
+and quoted strings specify terminals, lowercase strings specify
+meta terminals, and SP is whitespace. Although command and attribute
+names are shown in upper case, they are in fact case insensitive.
+</p>
+
+<blockquote>
+<p>
+ xforward-command = XFORWARD 1*( SP attribute-name"="attribute-value )
+</p>
+<p>
+ attribute-name = ( NAME | ADDR | PORT | PROTO | HELO | IDENT | SOURCE )
+</p>
+<p>
+ attribute-value = xtext
+</p>
+</blockquote>
+
+<ul>
+
+ <li> <p> Attribute values are xtext encoded as per <a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>.
+ </p>
+
+ <li> <p> The NAME attribute specifies the up-stream hostname,
+ or [UNAVAILABLE] when the information is unavailable. The
+ hostname may be a non-DNS hostname. </p>
+
+ <li> <p> The ADDR attribute specifies the up-stream network
+ address: a numerical IPv4 network address, an IPv6 address
+ prefixed with IPV6:, or [UNAVAILABLE] when the address information
+ is unavailable. Address information is not enclosed with [].
+ </p>
+
+ <li> <p> The PORT attribute specifies an up-stream client TCP
+ port number in decimal, or [UNAVAILABLE] when the information
+ is unavailable. </p>
+
+ <li> <p> The PROTO attribute specifies the mail protocol for
+ receiving mail from the up-stream host. This may be an SMTP or
+ non-SMTP protocol name of up to 64 characters, or [UNAVAILABLE]
+ when the information is unavailable. </p>
+
+ <li> <p> The HELO attribute specifies the hostname that the
+ up-stream host announced itself with (not necessarily via the
+ SMTP HELO command), or [UNAVAILABLE] when the information is
+ unavailable. The hostname may be a non-DNS hostname. </p>
+
+ <li> <p> The IDENT attribute specifies a local message identifier
+ on the up-stream host, or [UNAVAILABLE] when the information
+ is unavailable. The down-stream MTA may log this information
+ together with its own local message identifier to facilitate
+ message tracking across MTAs. </p>
+
+ <li> <p> The SOURCE attribute specifies LOCAL when the message
+ was received from a source that is local with respect to the
+ up-stream host (for example, the message originated from the
+ up-stream host itself), REMOTE for all other mail, or [UNAVAILABLE]
+ when the information is unavailable. The down-stream MTA may
+ decide to enable features such as header munging or address
+ qualification with mail from local sources but not other sources.
+ </p>
+
+</ul>
+
+<p> Note 1: an attribute-value element must not be longer than
+255 characters (specific attributes may impose shorter lengths).
+After xtext decoding, attribute values must not contain control
+characters, non-ASCII characters, whitespace, or other characters
+that are special in message headers. </p>
+
+<p> Note 2: DNS hostnames can be up to 255 characters long. The
+XFORWARD client implementation must not send XFORWARD commands that
+exceed the 512 character limit for SMTP commands. </p>
+
+<p> Note 3: [UNAVAILABLE] may be specified in upper case, lower
+case or mixed case. </p>
+
+<p> Note 4: Postfix implementations prior to version 2.3 do not
+xtext encode attribute values. Servers that wish to interoperate
+with these older implementations should be prepared to receive
+unencoded information. </p>
+
+<h2> XFORWARD Server operation </h2>
+
+<p> The server maintains a set of XFORWARD attributes with forwarded
+information, in addition the current SMTP session attributes.
+Normally, all XFORWARD attributes are in the undefined state, and
+the server uses the current SMTP session attributes for logging
+purposes. </p>
+
+<p> Upon receipt of an initial XFORWARD command, the SMTP server
+initializes all XFORWARD attributes to [UNAVAILABLE]. With each
+valid XFORWARD command, the server updates XFORWARD attributes with
+the specified values. </p>
+
+<p> The server must not mix client attributes from XFORWARD with
+client attributes from the current SMTP session. </p>
+
+<p> At the end of each MAIL FROM transaction (i.e. RSET or DOT),
+the server resets all XFORWARD attributes to the undefined state,
+and is ready to receive another initial XFORWARD command. </p>
+
+<h2> XFORWARD Server reply codes </h2>
+
+<blockquote>
+
+<table bgcolor="#f0f0ff" border="1">
+
+<tr> <th> Code </th> <th> Meaning </th> </tr>
+
+<tr> <td> 250 </td> <td> success </td> </tr>
+
+<tr> <td> 421 </td> <td> unable to proceed, disconnecting </td> </tr>
+
+<tr> <td> 501 </td> <td> bad command parameter syntax </td> </tr>
+
+<tr> <td> 503 </td> <td> mail transaction in progress </td> </tr>
+
+<tr> <td> 550 </td> <td> insufficient authorization </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2>XFORWARD Example</h2>
+
+<p> In the following example, information sent by the client is
+shown in bold font. </p>
+
+<blockquote>
+<pre>
+220 server.example.com ESMTP Postfix
+<b>EHLO client.example.com</b>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-VRFY
+250-ETRN
+250-XFORWARD NAME ADDR PROTO HELO
+250 8BITMIME
+<b>XFORWARD NAME=spike.porcupine.org ADDR=168.100.189.2 PROTO=ESMTP </b>
+250 Ok
+<b>XFORWARD HELO=spike.porcupine.org</b>
+250 Ok
+<b>MAIL FROM:&lt;wietse@porcupine.org&gt;</b>
+250 Ok
+<b>RCPT TO:&lt;user@example.com&gt;</b>
+250 Ok
+<b>DATA</b>
+354 End data with &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;
+<b>. . .<i>message content</i>. . .</b>
+<b>.</b>
+250 Ok: queued as 3CF6B2AAE8
+<b>QUIT</b>
+221 Bye
+</pre>
+</blockquote>
+
+<h2>Security</h2>
+
+<p> The XFORWARD command changes audit trails. Use of this command
+must be restricted to authorized clients. </p>
+
+<h2>SMTP connection caching</h2>
+
+<p> SMTP connection caching makes it possible to deliver multiple
+messages within the same SMTP session. The XFORWARD attributes are
+reset after the MAIL FROM transaction completes (after RSET or DOT),
+so there is no risk of information leakage. </p>
+
+<h2> References </h2>
+
+<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
+<a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
+
+</body>
+
+</html>
diff --git a/html/access.5.html b/html/access.5.html
new file mode 100644
index 0000000..24f844b
--- /dev/null
+++ b/html/access.5.html
@@ -0,0 +1,439 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - access(5) </title>
+</head> <body> <pre>
+ACCESS(5) ACCESS(5)
+
+<b>NAME</b>
+ access - Postfix SMTP server access table
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/access</b>
+
+ <b>postmap -q "</b><i>string</i><b>" /etc/postfix/access</b>
+
+ <b>postmap -q - /etc/postfix/access</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ This document describes access control on remote SMTP client informa-
+ tion: host names, network addresses, and envelope sender or recipient
+ addresses; it is implemented by the Postfix SMTP server. See
+ <a href="header_checks.5.html"><b>header_checks</b>(5)</a> or <a href="header_checks.5.html"><b>body_checks</b>(5)</a> for access control on the content of
+ email messages.
+
+ Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b>
+ or <b>db</b> format, is used for fast searching by the mail system. Execute
+ the command "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
+ after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those cases, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <i>pattern action</i>
+ When <i>pattern</i> matches a mail address, domain or host address,
+ perform the corresponding <i>action</i>.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>EMAIL ADDRESS PATTERNS</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
+
+ <i>user</i>@<i>domain</i>
+ Matches the specified mail address.
+
+ <i>domain.tld</i>
+ Matches <i>domain.tld</i> as the domain part of an email address.
+
+ The pattern <i>domain.tld</i> also matches subdomains, but only when
+ the string <b>smtpd_access_maps</b> is listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
+
+ <i>.domain.tld</i>
+ Matches subdomains of <i>domain.tld</i>, but only when the string
+ <b>smtpd_access_maps</b> is not listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
+
+ <i>user</i>@ Matches all mail addresses with the specified user part.
+
+ Note: lookup of the null sender address is not possible with some types
+ of lookup table. By default, Postfix uses &lt;&gt; as the lookup key for such
+ addresses. The value is specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b>
+ parameter in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file.
+
+<b>EMAIL ADDRESS EXTENSION</b>
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@, and <i>user</i>@.
+
+<b>HOST NAME/ADDRESS PATTERNS</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, the following lookup patterns are
+ examined in the order as listed:
+
+ <i>domain.tld</i>
+ Matches <i>domain.tld</i>.
+
+ The pattern <i>domain.tld</i> also matches subdomains, but only when
+ the string <b>smtpd_access_maps</b> is listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
+
+ <i>.domain.tld</i>
+ Matches subdomains of <i>domain.tld</i>, but only when the string
+ <b>smtpd_access_maps</b> is not listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
+
+ <i>net.work.addr.ess</i>
+
+ <i>net.work.addr</i>
+
+ <i>net.work</i>
+
+ <i>net</i> Matches a remote IPv4 host address or network address range.
+ Specify one to four decimal octets separated by ".". Do not
+ specify "[]" , "/", leading zeros, or hexadecimal forms.
+
+ Network ranges are matched by repeatedly truncating the last
+ ".octet" from a remote IPv4 host address string, until a match
+ is found in the access table, or until further truncation is not
+ possible.
+
+ NOTE: use the <b>cidr</b> lookup table type to specify network/netmask
+ patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
+
+ <i>net:work:addr:ess</i>
+
+ <i>net:work:addr</i>
+
+ <i>net:work</i>
+
+ <i>net</i> Matches a remote IPv6 host address or network address range.
+ Specify three to eight hexadecimal octet pairs separated by ":",
+ using the compressed form "::" for a sequence of zero-valued
+ octet pairs. Do not specify "[]", "/", leading zeros, or
+ non-compressed forms.
+
+ A network range is matched by repeatedly truncating the last
+ ":octetpair" from the compressed-form remote IPv6 host address
+ string, until a match is found in the access table, or until
+ further truncation is not possible.
+
+ NOTE: use the <b>cidr</b> lookup table type to specify network/netmask
+ patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
+
+ IPv6 support is available in Postfix 2.2 and later.
+
+<b>ACCEPT ACTIONS</b>
+ <b>OK</b> Accept the address etc. that matches the pattern.
+
+ <i>all-numerical</i>
+ An all-numerical result is treated as OK. This format is gener-
+ ated by address-based relay authorization schemes such as
+ pop-before-smtp.
+
+ For other accept actions, see "OTHER ACTIONS" below.
+
+<b>REJECT ACTIONS</b>
+ Postfix version 2.3 and later support enhanced status codes as defined
+ in <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified at the beginning of the <i>text</i>
+ below, Postfix inserts a default enhanced status code of "5.7.1" in the
+ case of reject actions, and "4.7.1" in the case of defer actions. See
+ "ENHANCED STATUS CODES" below.
+
+ <b>4</b><i>NN text</i>
+
+ <b>5</b><i>NN text</i>
+ Reject the address etc. that matches the pattern, and respond
+ with the numerical three-digit code and text. <b>4</b><i>NN</i> means "try
+ again later", while <b>5</b><i>NN</i> means "do not try again".
+
+ The following responses have special meaning for the Postfix
+ SMTP server:
+
+ <b>421</b> <i>text</i> (Postfix 2.3 and later)
+
+ <b>521</b> <i>text</i> (Postfix 2.6 and later)
+ After responding with the numerical three-digit code and
+ text, disconnect immediately from the SMTP client. This
+ frees up SMTP server resources so that they can be made
+ available to another SMTP client.
+
+ Note: The "521" response should be used only with botnets
+ and other malware where interoperability is of no con-
+ cern. The "send 521 and disconnect" behavior is NOT
+ defined in the SMTP standard.
+
+ <b>REJECT</b> <i>optional text...</i>
+ Reject the address etc. that matches the pattern. Reply with
+ "<b>$<a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a></b> <i>optional text...</i>" when the optional
+ text is specified, otherwise reply with a generic error response
+ message.
+
+ <b>DEFER</b> <i>optional text...</i>
+ Reject the address etc. that matches the pattern. Reply with
+ "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a></b> <i>optional text...</i>" when the optional text
+ is specified, otherwise reply with a generic error response mes-
+ sage.
+
+ This feature is available in Postfix 2.6 and later.
+
+ <b>DEFER_IF_REJECT</b> <i>optional text...</i>
+ Defer the request if some later restriction would result in a
+ REJECT action. Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional</i>
+ <i>text...</i>" when the optional text is specified, otherwise reply
+ with a generic error response message.
+
+ Prior to Postfix 2.6, the SMTP reply code is 450.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>DEFER_IF_PERMIT</b> <i>optional text...</i>
+ Defer the request if some later restriction would result in an
+ explicit or implicit PERMIT action. Reply with
+ "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>" when the
+ optional text is specified, otherwise reply with a generic error
+ response message.
+
+ Prior to Postfix 2.6, the SMTP reply code is 450.
+
+ This feature is available in Postfix 2.1 and later.
+
+ For other reject actions, see "OTHER ACTIONS" below.
+
+<b>OTHER ACTIONS</b>
+ <i>restriction...</i>
+ Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
+ <b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
+
+ <b>BCC</b> <i>user@domain</i>
+ Send one copy of the message to the specified recipient.
+
+ If multiple BCC actions are specified within the same SMTP MAIL
+ transaction, with Postfix 3.0 only the last action will be used.
+
+ This feature is available in Postfix 3.0 and later.
+
+ <b>DISCARD</b> <i>optional text...</i>
+ Claim successful delivery and silently discard the message. Log
+ the optional text if specified, otherwise log a generic message.
+
+ Note: this action currently affects all recipients of the mes-
+ sage. To discard only one recipient without discarding the
+ entire message, use the <a href="transport.5.html">transport(5)</a> table to direct mail to the
+ <a href="discard.8.html">discard(8)</a> service.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>DUNNO</b> Pretend that the lookup key was not found. This prevents Postfix
+ from trying substrings of the lookup key (such as a subdomain
+ name, or a network address subnetwork).
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>FILTER</b> <i>transport:destination</i>
+ After the message is queued, send the entire message through the
+ specified external content filter. The <i>transport</i> name specifies
+ the first field of a mail delivery agent definition in <a href="master.5.html">mas-
+ ter.cf</a>; the syntax of the next-hop <i>destination</i> is described in
+ the manual page of the corresponding delivery agent. More
+ information about external content filters is in the Postfix
+ <a href="FILTER_README.html">FILTER_README</a> file.
+
+ Note 1: do not use $<i>number</i> regular expression substitutions for
+ <i>transport</i> or <i>destination</i> unless you know that the information
+ has a trusted origin.
+
+ Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In the case
+ that multiple <b>FILTER</b> actions fire, only the last one is exe-
+ cuted.
+
+ Note 3: the purpose of the FILTER command is to override message
+ routing. To override the recipient's <i>transport</i> but not the
+ next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post-
+ fix 2.7 and later), or specify a <i>transport:destination</i> that
+ delivers through a different Postfix instance (Postfix 2.6 and
+ earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b>
+ <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b>
+ <b>_transport_maps</a></b> features.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>HOLD</b> <i>optional text...</i>
+ Place the message on the <b>hold</b> queue, where it will sit until
+ someone either deletes it or releases it for delivery. Log the
+ optional text if specified, otherwise log a generic message.
+
+ Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a>
+ command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ command.
+
+ Note: use "<b>postsuper -r</b>" to release mail that was kept on hold
+ for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for
+ mail that will not expire within a few delivery attempts.
+
+ Note: this action currently affects all recipients of the mes-
+ sage.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>PREPEND</b> <i>headername: headervalue</i>
+ Prepend the specified message header to the message. When more
+ than one PREPEND action executes, the first prepended header
+ appears before the second etc. prepended header.
+
+ Note: this action must execute before the message content is
+ received; it cannot execute in the context of
+ <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>REDIRECT</b> <i>user@domain</i>
+ After the message is queued, send the message to the specified
+ address instead of the intended recipient(s). When multiple <b>RE-</b>
+ <b>DIRECT</b> actions fire, only the last one takes effect.
+
+ Note: this action overrides the FILTER action, and currently
+ overrides all recipients of the message.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>INFO</b> <i>optional text...</i>
+ Log an informational record with the optional text, together
+ with client information and if available, with helo, sender,
+ recipient and protocol information.
+
+ This feature is available in Postfix 3.0 and later.
+
+ <b>WARN</b> <i>optional text...</i>
+ Log a warning with the optional text, together with client
+ information and if available, with helo, sender, recipient and
+ protocol information.
+
+ This feature is available in Postfix 2.1 and later.
+
+<b>ENHANCED STATUS CODES</b>
+ Postfix version 2.3 and later support enhanced status codes as defined
+ in <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status code is specified in an access
+ table, it is subject to modification. The following transformations are
+ needed when the same access table is used for client, helo, sender, or
+ recipient access restrictions; they happen regardless of whether Post-
+ fix replies to a MAIL FROM, RCPT TO or other SMTP command.
+
+ <b>o</b> When a sender address matches a REJECT action, the Postfix SMTP
+ server will transform a recipient DSN status (e.g., 4.1.1-4.1.6)
+ into the corresponding sender DSN status, and vice versa.
+
+ <b>o</b> When non-address information matches a REJECT action (such as
+ the HELO command argument or the client hostname/address), the
+ Postfix SMTP server will transform a sender or recipient DSN
+ status into a generic non-address DSN status (e.g., 4.0.0).
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ string being looked up. Depending on the application, that string is an
+ entire client hostname, an entire client IP address, or an entire mail
+ address. Thus, no parent domain or parent network search is done,
+ <i>user@domain</i> mail addresses are not broken up into their <i>user@</i> and
+ <i>domain</i> constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Actions are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
+
+ Each lookup operation uses the entire query string once. Depending on
+ the application, that string is an entire client hostname, an entire
+ client IP address, or an entire mail address. Thus, no parent domain
+ or parent network search is done, <i>user@domain</i> mail addresses are not
+ broken up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Actions are the same as with indexed file lookups.
+
+<b>EXAMPLE</b>
+ The following example uses an indexed file, so that the order of table
+ entries does not matter. The example permits access by the client at
+ address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of
+ <b>hash</b> lookup tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on your system.
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
+ <a href="postconf.5.html#check_client_access">check_client_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access
+
+ /etc/postfix/access:
+ 1.2.3 REJECT
+ 1.2.3.4 OK
+
+ Execute the command "<b>postmap /etc/postfix/access</b>" after editing the
+ file.
+
+<b>BUGS</b>
+ The table format does not understand quoting conventions.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="transport.5.html">transport(5)</a>, transport:nexthop syntax
+
+<b>README FILES</b>
+ <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, built-in SMTP server access control
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ ACCESS(5)
+</pre> </body> </html>
diff --git a/html/aliases.5.html b/html/aliases.5.html
new file mode 100644
index 0000000..27cfe69
--- /dev/null
+++ b/html/aliases.5.html
@@ -0,0 +1,209 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - aliases(5) </title>
+</head> <body> <pre>
+ALIASES(5) ALIASES(5)
+
+<b>NAME</b>
+ aliases - Postfix local alias database format
+
+<b>SYNOPSIS</b>
+ <b>newaliases</b>
+
+<b>DESCRIPTION</b>
+ The <a href="aliases.5.html"><b>aliases</b>(5)</a> table provides a system-wide mechanism to redirect mail
+ for local recipients. The redirections are processed by the Postfix
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent.
+
+ Normally, the <a href="aliases.5.html"><b>aliases</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postalias.1.html"><b>postalias</b>(1)</a> command. The result, an indexed file in
+ <b>dbm</b> or <b>db</b> format, is used for fast lookup by the mail system. Execute
+ the command <b>newaliases</b> in order to rebuild the indexed file after
+ changing the Postfix alias database.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions. In this case, the
+ lookups are done in a slightly different way as described below under
+ "REGULAR EXPRESSION TABLES".
+
+ Users can control delivery of their own mail by setting up <b>.forward</b>
+ files in their home directory. Lines in per-user <b>.forward</b> files have
+ the same syntax as the right-hand side of <a href="aliases.5.html"><b>aliases</b>(5)</a> entries.
+
+ The format of the alias database input file is as follows:
+
+ <b>o</b> An alias definition has the form
+
+ <i>name</i>: <i>value1</i>, <i>value2</i>, <i>...</i>
+
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ The <i>name</i> is a local address (no domain part). Use double quotes when
+ the name contains any special characters such as whitespace, `#', `:',
+ or `@'. The <i>name</i> is folded to lowercase, in order to make database
+ lookups case insensitive.
+
+ In addition, when an alias exists for <b>owner-</b><i>name</i>, this will override
+ the envelope sender address, so that delivery diagnostics are directed
+ to <b>owner-</b><i>name</i>, instead of the originator of the message (for details,
+ see <b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>, <b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a></b> and <b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a></b>).
+ This is typically used to direct delivery errors to the maintainer of a
+ mailing list, who is in a better position to deal with mailing list
+ delivery problems than the originator of the undelivered mail.
+
+ The <i>value</i> contains one or more of the following:
+
+ <i>address</i>
+ Mail is forwarded to <i>address</i>, which is compatible with the <a href="https://tools.ietf.org/html/rfc822">RFC</a>
+ <a href="https://tools.ietf.org/html/rfc822">822</a> standard.
+
+ <i>/file/name</i>
+ Mail is appended to <i>/file/name</i>. For details on how a file is
+ written see the sections "EXTERNAL FILE DELIVERY" and "DELIVERY
+ RIGHTS" in the <a href="local.8.html"><b>local</b>(8)</a> documentation. Delivery is not limited
+ to regular files. For example, to dispose of unwanted mail,
+ deflect it to <b>/dev/null</b>.
+
+ |<i>command</i>
+ Mail is piped into <i>command</i>. Commands that contain special char-
+ acters, such as whitespace, should be enclosed between double
+ quotes. For details on how a command is executed see "EXTERNAL
+ COMMAND DELIVERY" and "DELIVERY RIGHTS" in the <a href="local.8.html"><b>local</b>(8)</a> documen-
+ tation.
+
+ When the command fails, a limited amount of command output is
+ mailed back to the sender. The file <b>/usr/include/sysexits.h</b>
+ defines the expected exit status codes. For example, use <b>"|exit</b>
+ <b>67"</b> to simulate a "user unknown" error, and <b>"|exit 0"</b> to imple-
+ ment an expensive black hole.
+
+ <b>:include:</b><i>/file/name</i>
+ Mail is sent to the destinations listed in the named file.
+ Lines in <b>:include:</b> files have the same syntax as the right-hand
+ side of alias entries.
+
+ A destination can be any destination that is described in this
+ manual page. However, delivery to "|<i>command</i>" and <i>/file/name</i> is
+ disallowed by default. To enable, edit the <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_com</a>-</b>
+ <b><a href="postconf.5.html#allow_mail_to_commands">mands</a></b> and <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameters.
+
+<b>ADDRESS EXTENSION</b>
+ When alias database search fails, and the recipient localpart contains
+ the optional recipient delimiter (e.g., <i>user+foo</i>), the search is
+ repeated for the unextended address (e.g., <i>user</i>).
+
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
+
+<b>CASE FOLDING</b>
+ The <a href="local.8.html">local(8)</a> delivery agent always folds the search string to lowercase
+ before database lookup.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ NOTE: these formats do not use ":" at the end of a pattern.
+
+ Each regular expression is applied to the entire search string. Thus, a
+ search string <i>user+foo</i> is not broken up into <i>user</i> and <i>foo</i>.
+
+ Regular expressions are applied in the order as specified in the table,
+ until a regular expression is found that matches the search string.
+
+ Lookup results are the same as with indexed file lookups. For security
+ reasons there is no support for <b>$1</b>, <b>$2</b> etc. substring interpolation.
+
+<b>SECURITY</b>
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
+ directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
+ terminate with a fatal error.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
+
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
+ The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a> delivery.
+
+ <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
+
+ <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
+
+ <b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
+ When delivering to an alias "<i>aliasname</i>" that has an
+ "owner-<i>aliasname</i>" companion alias, set the envelope sender
+ address to the expansion of the "owner-<i>aliasname</i>" alias.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
+ Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
+ address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
+ of a delivery attempt; do not update the Delivered-To: address
+ while expanding aliases or .forward files.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+
+<b>SEE ALSO</b>
+ <a href="local.8.html">local(8)</a>, local delivery agent
+ <a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
+ <a href="postalias.1.html">postalias(1)</a>, create/update alias database
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ ALIASES(5)
+</pre> </body> </html>
diff --git a/html/anvil.8.html b/html/anvil.8.html
new file mode 100644
index 0000000..2ce53ad
--- /dev/null
+++ b/html/anvil.8.html
@@ -0,0 +1,243 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - anvil(8) </title>
+</head> <body> <pre>
+ANVIL(8) ANVIL(8)
+
+<b>NAME</b>
+ anvil - Postfix session count and request rate control
+
+<b>SYNOPSIS</b>
+ <b>anvil</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec-
+ tion counts or client request rates. This information can be used to
+ defend against clients that hammer a server with either too many simul-
+ taneous sessions, or with too many successive requests within a config-
+ urable time interval. This server is designed to run under control by
+ the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
+
+ In the following text, <b>ident</b> specifies a (service, client) combination.
+ The exact syntax of that information is application-dependent; the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care.
+
+<b>CONNECTION COUNT/RATE CONTROL</b>
+ To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
+ server:
+
+ <b>request=connect</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections
+ and the number of connections per unit time for the (service, client)
+ combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>count=</b><i>number</i>
+ <b>rate=</b><i>number</i>
+
+ To register a disconnect event send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=disconnect</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server replies with:
+
+ <b>status=0</b>
+
+<b>MESSAGE RATE CONTROL</b>
+ To register a message delivery request send the following request to
+ the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=message</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery
+ requests per unit time for the (service, client) combination specified
+ with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>RECIPIENT RATE CONTROL</b>
+ To register a recipient request send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=recipient</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per
+ unit time for the (service, client) combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>TLS SESSION NEGOTIATION RATE CONTROL</b>
+ The features described in this section are available with Postfix 2.3
+ and later.
+
+ To register a request for a new (i.e. not cached) TLS session send the
+ following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+
+ <b>request=newtls</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+ To retrieve new TLS session request rate information without updating
+ the counter information, send:
+
+ <b>request=newtls_report</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>AUTH RATE CONTROL</b>
+ To register an AUTH request send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
+ server:
+
+ <b>request=auth</b>
+ <b>ident=</b><i>string</i>
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of auth requests per unit
+ time for the (service, client) combination specified with <b>ident</b>:
+
+ <b>status=0</b>
+ <b>rate=</b><i>number</i>
+
+<b>SECURITY</b>
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and
+ can run chrooted at fixed low privilege.
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about
+ recent clients requests. No persistent state is kept because standard
+ system library routines are not sufficiently robust for update-inten-
+ sive applications.
+
+ Although the in-memory state is kept only temporarily, this may require
+ a lot of memory on systems that handle connections from many remote
+ clients. To reduce memory usage, reduce the time unit over which state
+ is kept.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs
+ the maximal count and rate values measured, together with (service,
+ client) information and the time of day associated with those events.
+ In order to avoid unnecessary overhead, no measurements are done for
+ activity that isn't concurrency limited or rate limited.
+
+<b>BUGS</b>
+ Systems behind network address translating routers or proxies appear to
+ have the same client address and can run into connection count and/or
+ rate limits falsely.
+
+ In this preliminary implementation, a count (or rate) limited server
+ process can have only one remote client at a time. If a server process
+ reports multiple simultaneous clients, state is kept only for the last
+ reported client.
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information
+ after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding
+ client request rate information too early or too late, a rate limited
+ service should always register connect/disconnect events even when it
+ does not explicitly limit them.
+
+<b>CONFIGURATION PARAMETERS</b>
+ On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati-
+ cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On
+ other mail systems, use the command "<b>postfix reload</b>" to speed up a
+ change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
+ The time unit over which client connection rates and other rates
+ are calculated.
+
+ <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
+ How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server
+ logs peak usage information.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+
+<b>README FILES</b>
+ <a href="TUNING_README.html">TUNING_README</a>, performance tuning
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The anvil service is available in Postfix 2.2 and later.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ ANVIL(8)
+</pre> </body> </html>
diff --git a/html/bounce.5.html b/html/bounce.5.html
new file mode 100644
index 0000000..e9850b6
--- /dev/null
+++ b/html/bounce.5.html
@@ -0,0 +1,206 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - bounce(5) </title>
+</head> <body> <pre>
+BOUNCE(5) BOUNCE(5)
+
+<b>NAME</b>
+ bounce - Postfix bounce message template format
+
+<b>SYNOPSIS</b>
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> = /etc/postfix/bounce.cf</b>
+
+ <b>postconf -b</b> [<i>template</i><b>_</b><i>file</i>]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="bounce.8.html"><b>bounce</b>(8)</a> server produces delivery status notification
+ (DSN) messages for undeliverable mail, delayed mail, successful deliv-
+ ery or address verification requests.
+
+ By default, these notifications are generated from built-in templates
+ with message headers and message text. Sites can override the built-in
+ information by specifying a bounce template file with the <b><a href="postconf.5.html#bounce_template_file">bounce_tem</a>-</b>
+ <b><a href="postconf.5.html#bounce_template_file">plate_file</a></b> configuration parameter.
+
+ This document describes the general procedure to create a bounce tem-
+ plate file, followed by the specific details of bounce template for-
+ mats.
+
+<b>GENERAL PROCEDURE</b>
+ To create a customized bounce template file, create a temporary copy of
+ the file <b>/etc/postfix/bounce.cf.default</b> and edit the temporary file.
+
+ To preview the results of $<i>name</i> expansions in the template text, use
+ the command
+
+ <b>postconf -b</b> <i>temporary</i><b>_</b><i>file</i>
+
+ Errors in the template will be reported to the standard error stream
+ and to the syslog daemon.
+
+ While previewing the text, be sure to pay particular attention to the
+ expansion of time value parameters that appear in the delayed mail
+ notification text.
+
+ Once the result is satisfactory, copy the template to the Postfix con-
+ figuration directory and specify in <a href="postconf.5.html">main.cf</a> something like:
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#bounce_template_file">bounce_template_file</a> = /etc/postfix/bounce.cf
+
+<b>TEMPLATE FILE FORMAT</b>
+ The template file can specify templates for failed mail, delayed mail,
+ successful delivery or for address verification. These templates are
+ named <b>failure_template</b>, <b>delay_template</b>, <b>success_template</b> and <b>ver-</b>
+ <b>ify_template</b>, respectively. You can but do not have to specify all
+ four templates in a bounce template file.
+
+ Each template starts with "<i>template</i><b>_</b><i>name</i> <b>=</b> &lt;&lt;<b>EOF</b>" and ends with a line
+ that contains the word "<b>EOF</b>" only. You can change the word EOF, but you
+ can't enclose it in quotes as with the shell or with Perl (<i>tem-</i>
+ <i>plate</i><b>_</b><i>name</i> <b>=</b> &lt;&lt;<b>'EOF'</b>). Here is an example:
+
+ # The failure template is used for undeliverable mail.
+
+ failure_template = &lt;&lt;EOF
+ Charset: us-ascii
+ From: MAILER-DAEMON (Mail Delivery System)
+ Subject: Undelivered Mail Returned to Sender
+ Postmaster-Subject: Postmaster Copy: Undelivered Mail
+
+ This is the mail system at host $<a href="postconf.5.html#myhostname">myhostname</a>.
+
+ I'm sorry to have to inform you that your message could not
+ be delivered to one or more recipients. It's attached below.
+
+ For further assistance, please send mail to postmaster.
+
+ If you do so, please include this problem report. You can
+ delete your own text from the attached returned message.
+
+ The mail system
+ EOF
+
+ The usage and specification of bounce templates is subject to the fol-
+ lowing restrictions:
+
+ <b>o</b> No special meaning is given to the backslash character or to
+ leading whitespace; these are always taken literally.
+
+ <b>o</b> Inside the &lt;&lt; context, the "$" character is special. To produce
+ a "$" character as output, specify "$$".
+
+ <b>o</b> Outside the &lt;&lt; context, lines beginning with "#" are ignored, as
+ are empty lines, and lines consisting of whitespace only.
+
+ Examples of all templates can be found in the file <b>bounce.cf.default</b> in
+ the Postfix configuration directory.
+
+<b>TEMPLATE HEADER FORMAT</b>
+ The first portion of a bounce template consists of optional template
+ headers. Some become message headers in the delivery status notifica-
+ tion; some control the formatting of that notification. Headers not
+ specified in a template will be left at their default value.
+
+ The following headers are supported:
+
+ <b>Charset:</b>
+ The MIME character set of the template message text. See the
+ "TEMPLATE MESSAGE TEXT FORMAT" description below.
+
+ <b>From:</b> The sender address in the message header of the delivery status
+ notification.
+
+ <b>Subject:</b>
+ The subject in the message header of the delivery status notifi-
+ cation that is returned to the sender.
+
+ <b>Postmaster-Subject:</b>
+ The subject that will be used in Postmaster copies of undeliver-
+ able or delayed mail notifications. These copies are sent under
+ control of the <a href="postconf.5.html#notify_classes">notify_classes</a> configuration parameter.
+
+ The usage and specification of template message headers is subject to
+ the following restrictions:
+
+ <b>o</b> Template message header names can be specified in upper case,
+ lower case or mixed case. Postfix always produces bounce message
+ header labels of the form "<b>From:</b>" and "<b>Subject:</b>".
+
+ <b>o</b> Template message headers must not span multiple lines.
+
+ <b>o</b> Template message headers do not support $parameter expansions.
+
+ <b>o</b> Template message headers must contain ASCII characters only, and
+ must not contain ASCII null characters.
+
+<b>TEMPLATE MESSAGE TEXT FORMAT</b>
+ The second portion of a bounce template consists of message text. As
+ the above example shows, template message text may contain <a href="postconf.5.html">main.cf</a>
+ $parameters. Besides the parameters that are defined in <a href="postconf.5.html">main.cf</a>, the
+ following parameters are treated specially depending on the suffix that
+ is appended to their name.
+
+ <b>delay_warning_time_</b><i>suffix</i>
+ Expands into the value of the <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b> parameter,
+ expressed in the time unit specified by <i>suffix</i>, which is one of
+ <b>seconds</b>, <b>minutes</b>, <b>hours, days</b>, or <b>weeks</b>.
+
+ <b>maximal_queue_lifetime_</b><i>suffix</i>
+ Expands into the value of the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> parameter,
+ expressed in the time unit specified by <i>suffix</i>. See above under
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b> for possible <i>suffix</i> values.
+
+ <b><a href="postconf.5.html#mydomain">mydomain</a></b>
+ Expands into the value of the <b><a href="postconf.5.html#mydomain">mydomain</a></b> parameter. With "smt-
+ putf8_enable = yes", this replaces ACE labels (xn--mumble) with
+ their UTF-8 equivalent.
+
+ This feature is available in Postfix 3.0.
+
+ <b><a href="postconf.5.html#myhostname">myhostname</a></b>
+ Expands into the value of the <b><a href="postconf.5.html#myhostname">myhostname</a></b> parameter. With "smt-
+ putf8_enable = yes", this replaces ACE labels (xn--mumble) with
+ their UTF-8 equivalent.
+
+ This feature is available in Postfix 3.0.
+
+ The usage and specification of template message text is subject to the
+ following restrictions:
+
+ <b>o</b> The template message text is not sent in Postmaster copies of
+ delivery status notifications.
+
+ <b>o</b> If the template message text contains non-ASCII characters,
+ Postfix requires that the <b>Charset:</b> template header is updated.
+ Specify an appropriate superset of US-ASCII. A superset is
+ needed because Postfix appends ASCII text after the message tem-
+ plate when it sends a delivery status notification.
+
+<b>SEE ALSO</b>
+ <a href="bounce.8.html">bounce(8)</a>, Postfix delivery status notifications
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The Postfix bounce template format was originally developed by Nicolas
+ Riendeau.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ BOUNCE(5)
+</pre> </body> </html>
diff --git a/html/bounce.8.html b/html/bounce.8.html
new file mode 100644
index 0000000..ba2ced9
--- /dev/null
+++ b/html/bounce.8.html
@@ -0,0 +1,198 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - bounce(8) </title>
+</head> <body> <pre>
+BOUNCE(8) BOUNCE(8)
+
+<b>NAME</b>
+ bounce - Postfix delivery status reports
+
+<b>SYNOPSIS</b>
+ <b>bounce</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the
+ per-message log file be deleted when the requested operation fails.
+ This is used by clients that cannot retry transactions by themselves,
+ and that depend on retry logic in their own client.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
+
+ <b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce message templates.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
+ Enable non-delivery, success, and delay notifications that link
+ to the original message by including a References: and
+ In-Reply-To: header with the original Message-ID value.
+
+ Available in Postfix 3.7 and later:
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+<b>FILES</b>
+ /var/spool/postfix/bounce/* non-delivery records
+ /var/spool/postfix/defer/* non-delivery records
+ /var/spool/postfix/trace/* delivery status records
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce message template format
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ BOUNCE(8)
+</pre> </body> </html>
diff --git a/html/canonical.5.html b/html/canonical.5.html
new file mode 100644
index 0000000..68b6532
--- /dev/null
+++ b/html/canonical.5.html
@@ -0,0 +1,285 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - canonical(5) </title>
+</head> <body> <pre>
+CANONICAL(5) CANONICAL(5)
+
+<b>NAME</b>
+ canonical - Postfix canonical table format
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/canonical</b>
+
+ <b>postmap -q "</b><i>string</i><b>" /etc/postfix/canonical</b>
+
+ <b>postmap -q - /etc/postfix/canonical</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The optional <a href="canonical.5.html"><b>canonical</b>(5)</a> table specifies an address mapping for local
+ and non-local addresses. The mapping is used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon,
+ before mail is stored into the queue. The address mapping is recur-
+ sive.
+
+ Normally, the <a href="canonical.5.html"><b>canonical</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/canonical</b>" to rebuild an
+ indexed file after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those cases, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+ By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message header
+ addresses (i.e. addresses that appear inside messages) and message
+ envelope addresses (for example, the addresses that are used in SMTP
+ protocol commands). This is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
+ parameter.
+
+ NOTE: Postfix versions 2.2 and later rewrite message headers from
+ remote SMTP clients only if the client matches the <a href="postconf.5.html#local_header_rewrite_clients">local_header_re</a>-
+ <a href="postconf.5.html#local_header_rewrite_clients">write_clients</a> parameter, or if the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> config-
+ uration parameter specifies a non-empty value. To get the behavior
+ before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+ <a href="DATABASE_README.html#types">static</a>:all".
+
+ Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace login names
+ by <i>Firstname.Lastname</i>, or to clean up addresses produced by legacy mail
+ systems.
+
+ The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>virtual alias</i> sup-
+ port or with local aliasing. To change the destination but not the
+ headers, use the <a href="virtual.5.html"><b>virtual</b>(5)</a> or <a href="aliases.5.html"><b>aliases</b>(5)</a> map instead.
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <i>pattern address</i>
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>address</i>.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, each <i>user</i>@<i>domain</i> query produces a
+ sequence of query patterns as described below.
+
+ Each query pattern is sent to each specified lookup table before trying
+ the next query pattern, until a match is found.
+
+ <i>user</i>@<i>domain address</i>
+ Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the highest prece-
+ dence.
+
+ This is useful to clean up addresses produced by legacy mail
+ systems. It can also be used to produce <i>Firstname.Lastname</i>
+ style addresses, but see below for a simpler solution.
+
+ <i>user address</i>
+ Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
+ when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is listed in
+ $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+
+ This form is useful for replacing login names by <i>Firstname.Last-</i>
+ <i>name</i>.
+
+ @<i>domain address</i>
+ Replace other addresses in <i>domain</i> by <i>address</i>. This form has the
+ lowest precedence.
+
+ Note: @<i>domain</i> is a wild-card. When this form is applied to
+ recipient addresses, the Postfix SMTP server accepts mail for
+ any recipient in <i>domain</i>, regardless of whether that recipient
+ exists. This may turn your mail system into a backscatter
+ source: Postfix first accepts mail for non-existent recipients
+ and then tries to return that mail as "undeliverable" to the
+ often forged sender address.
+
+ To avoid backscatter with mail for a wild-card domain, replace
+ the wild-card mapping with explicit 1:1 mappings, or add a
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction for that domain:
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a>
+ <a href="DATABASE_README.html#types">inline</a>:{example.com=<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>}
+ <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> = 550
+
+ In the above example, Postfix may contact a remote server if the
+ recipient is rewritten to a remote address.
+
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>.
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
+
+<b>ADDRESS EXTENSION</b>
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
+
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
+
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Results are the same as with indexed file lookups.
+
+<b>BUGS</b>
+ The table format does not understand quoting conventions.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
+
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient, header_sender,</b>
+ <b>header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
+
+ <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for message headers and
+ envelopes.
+
+ <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
+
+ <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ sender addresses.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ Other parameters of interest:
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
+
+ <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
+ Rewrite message header addresses in mail from these clients and
+ update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
+ $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
+ clients at all, or rewrite message headers and update incomplete
+ addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
+ <a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
+
+ <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender, header_recipient)</b>
+ What addresses are subject to address masquerading.
+
+ <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a> (empty)</b>
+ Optional list of domains whose subdomain structure will be
+ stripped off in email addresses.
+
+ <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
+ Optional list of user names that are not subjected to address
+ masquerading, even when their addresses match $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ <a href="postconf.5.html#masquerade_domains">ade_domains</a>.
+
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+<b>SEE ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="virtual.5.html">virtual(5)</a>, virtual aliasing
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ CANONICAL(5)
+</pre> </body> </html>
diff --git a/html/cidr_table.5.html b/html/cidr_table.5.html
new file mode 100644
index 0000000..24c458e
--- /dev/null
+++ b/html/cidr_table.5.html
@@ -0,0 +1,167 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - cidr_table(5) </title>
+</head> <body> <pre>
+CIDR_TABLE(5) CIDR_TABLE(5)
+
+<b>NAME</b>
+ cidr_table - format of Postfix CIDR tables
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional lookup tables. These tables are
+ usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec-
+ ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
+ input is compared against a list of patterns. When a match is found,
+ the corresponding result is returned and the search is terminated.
+
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
+
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
+
+<b>TABLE FORMAT</b>
+ The general form of a Postfix CIDR table is:
+
+ <i>pattern result</i>
+ When a search string matches the specified <i>pattern</i>, use the cor-
+ responding <i>result</i> value. The <i>pattern</i> must be in <i>network/prefix</i>
+ or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).
+
+ <b>!</b><i>pattern result</i>
+ When a search string does not match the specified <i>pattern</i>, use
+ the specified <i>result</i> value. The <i>pattern</i> must be in <i>network/pre-</i>
+ <i>fix</i> or <i>network</i><b>_</b><i>address</i> form (see ADDRESS PATTERN SYNTAX below).
+
+ This feature is available in Postfix 3.2 and later.
+
+ <b>if</b> <i>pattern</i>
+
+ <b>endif</b> When a search string matches the specified <i>pattern</i>, match that
+ search string against the patterns between <b>if</b> and <b>endif</b>. The
+ <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form (see
+ ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.
+
+ Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 3.2 and later.
+
+ <b>if !</b><i>pattern</i>
+
+ <b>endif</b> When a search string does not match the specified <i>pattern</i>, match
+ that search string against the patterns between <b>if</b> and <b>endif</b>.
+ The <i>pattern</i> must be in <i>network/prefix</i> or <i>network</i><b>_</b><i>address</i> form
+ (see ADDRESS PATTERN SYNTAX below). The <b>if</b>..<b>endif</b> can nest.
+
+ Note: do not prepend whitespace to text between <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 3.2 and later.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+<b>ADDRESS PATTERN SYNTAX</b>
+ Postfix CIDR tables are pattern-based. A pattern is either a <i>net-</i>
+ <i>work</i><b>_</b><i>address</i> which requires an exact match, or a <i>network</i><b>_</b><i>address/pre-</i>
+ <i>fix</i><b>_</b><i>length</i> where the <i>prefix</i><b>_</b><i>length</i> part specifies the length of the
+ <i>network</i><b>_</b><i>address</i> prefix that must be matched (the other bits in the <i>net-</i>
+ <i>work</i><b>_</b><i>address</i> part must be zero).
+
+ An IPv4 network address is a sequence of four decimal octets separated
+ by ".", and an IPv6 network address is a sequence of three to eight
+ hexadecimal octet pairs separated by ":" or "::", where the latter is
+ short-hand for a sequence of one or more all-zero octet pairs. The pat-
+ tern 0.0.0.0/0 matches every IPv4 address, and ::/0 matches every IPv6
+ address. IPv6 support is available in Postfix 2.2 and later.
+
+ Before comparisons are made, lookup keys and table entries are con-
+ verted from string to binary. Therefore, IPv6 patterns will be matched
+ regardless of leading zeros (a leading zero in an IPv4 address octet
+ indicates octal notation).
+
+ Note: address information may be enclosed inside "[]" but this form is
+ not required.
+
+<b>INLINE SPECIFICATION</b>
+ The contents of a table may be specified in the table name (Postfix 3.7
+ and later). The basic syntax is:
+
+ <a href="postconf.5.html">main.cf</a>:
+ <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b>
+
+ <a href="master.5.html">master.cf</a>:
+ <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="cidr_table.5.html">cidr</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b>
+
+ Postfix ignores whitespace after '{' and before '}', and writes each
+ <i>rule</i> as one text line to an in-memory file:
+
+ in-memory file:
+ rule-1
+ rule-2
+ ..
+
+ Postfix parses the result as if it is a file in /etc/postfix.
+
+ Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to
+ do <i>$name</i> expansion as it evaluates a parameter value.
+
+<b>EXAMPLE SMTPD ACCESS MAP</b>
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = ... <a href="cidr_table.5.html">cidr</a>:/etc/postfix/client.cidr ...
+
+ /etc/postfix/client.<a href="cidr_table.5.html">cidr</a>:
+ # Rule order matters. Put more specific allowlist entries
+ # before more general denylist entries.
+ 192.168.1.1 OK
+ 192.168.0.0/16 REJECT
+ 2001:db8::1 OK
+ 2001:db8::/32 REJECT
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
+ <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>HISTORY</b>
+ CIDR table support was introduced with Postfix version 2.1.
+
+<b>AUTHOR(S)</b>
+ The CIDR table lookup code was originally written by:
+ Jozsef Kadlecsik
+ KFKI Research Institute for Particle and Nuclear Physics
+ POB. 49
+ 1525 Budapest, Hungary
+
+ Adopted and adapted by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ CIDR_TABLE(5)
+</pre> </body> </html>
diff --git a/html/cleanup.8.html b/html/cleanup.8.html
new file mode 100644
index 0000000..6e662f6
--- /dev/null
+++ b/html/cleanup.8.html
@@ -0,0 +1,559 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - cleanup(8) </title>
+</head> <body> <pre>
+CLEANUP(8) CLEANUP(8)
+
+<b>NAME</b>
+ cleanup - canonicalize and enqueue Postfix message
+
+<b>SYNOPSIS</b>
+ <b>cleanup</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon processes inbound mail, inserts it into the
+ <b>incoming</b> mail queue, and informs the queue manager of its arrival.
+
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon performs the following transformations:
+
+ <b>o</b> Insert missing message headers: (<b>Resent-</b>) <b>From:</b>, <b>To:</b>, <b>Mes-</b>
+ <b>sage-Id:</b>, and <b>Date:</b>.
+ This is enabled with the <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b> and
+ <b><a href="postconf.5.html#always_add_missing_headers">always_add_missing_headers</a></b> parameter settings.
+
+ <b>o</b> Transform envelope and header addresses to the standard
+ <i>user@fully-qualified-domain</i> form that is expected by other Post-
+ fix programs. This task depends on the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> dae-
+ mon.
+ The header transformation is enabled with the <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_re</a>-</b>
+ <b><a href="postconf.5.html#local_header_rewrite_clients">write_clients</a></b> parameter setting.
+
+ <b>o</b> Eliminate duplicate envelope recipient addresses.
+ This is enabled with the <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> parameter set-
+ ting.
+
+ <b>o</b> Remove message headers: <b>Bcc</b>, <b>Content-Length</b>, <b>Resent-Bcc</b>,
+ <b>Return-Path</b>.
+ This is enabled with the <a href="postconf.5.html#message_drop_headers">message_drop_headers</a> parameter setting.
+
+ <b>o</b> Optionally, rewrite all envelope and header addresses according
+ to the mappings specified in the <a href="canonical.5.html"><b>canonical</b>(5)</a> lookup tables.
+ The header transformation is enabled with the <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_re</a>-</b>
+ <b><a href="postconf.5.html#local_header_rewrite_clients">write_clients</a></b> parameter setting.
+
+ <b>o</b> Optionally, masquerade envelope sender addresses and message
+ header addresses (i.e. strip host or domain information below
+ all domains listed in the <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b> parameter, except
+ for user names listed in <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>). By default,
+ address masquerading does not affect envelope recipients.
+ The header transformation is enabled with the <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_re</a>-</b>
+ <b><a href="postconf.5.html#local_header_rewrite_clients">write_clients</a></b> parameter setting.
+
+ <b>o</b> Optionally, expand envelope recipients according to information
+ found in the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> lookup tables.
+
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon performs sanity checks on the content of each
+ message. When it finds a problem, by default it returns a diagnostic
+ status to the cleanup service client, and leaves it up to the client to
+ deal with the problem. Alternatively, the client can request the
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon to bounce the message back to the sender in case of
+ trouble.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
+ <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ Table-driven rewriting rules make it hard to express <b>if then else</b> and
+ other logical relationships.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="cleanup.8.html"><b>cleanup</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> (see 'postconf -d' output)</b>
+ Message header that the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server inserts when a
+ message contains no To: or Cc: message header.
+
+ Available in Postfix version 2.1 only:
+
+ <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
+ Report mail delivery errors to the address specified with the
+ non-standard Errors-To: message header, instead of the envelope
+ sender address (this feature is removed with Postfix version
+ 2.2, is turned off by default with Postfix version 2.1, and is
+ always turned on with older Postfix versions).
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#always_add_missing_headers">always_add_missing_headers</a> (no)</b>
+ Always add (Resent-) From:, To:, Date: or Message-ID: headers
+ when not present.
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
+ Enable long, non-repeating, queue IDs (queue file names).
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#message_drop_headers">message_drop_headers</a> (bcc, content-length, resent-bcc, return-path)</b>
+ Names of message headers that the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will remove
+ after applying <a href="header_checks.5.html"><b>header_checks</b>(5)</a> and before invoking Milter
+ applications.
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+<b>BUILT-IN CONTENT FILTERING CONTROLS</b>
+ Postfix built-in content filtering is meant to stop a flood of worms or
+ viruses. It is not a general content filter.
+
+ <b><a href="postconf.5.html#body_checks">body_checks</a> (empty)</b>
+ Optional lookup tables for content inspection as specified in
+ the <a href="header_checks.5.html"><b>body_checks</b>(5)</a> manual page.
+
+ <b><a href="postconf.5.html#header_checks">header_checks</a> (empty)</b>
+ Optional lookup tables for content inspection of primary
+ non-MIME message headers, as specified in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a>
+ manual page.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a> (51200)</b>
+ How much text in a message body segment (or attachment, if you
+ prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection.
+
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
+ Optional lookup tables for content inspection of MIME related
+ message headers, as described in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual
+ page.
+
+ <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
+ Optional lookup tables for content inspection of non-MIME mes-
+ sage headers in attached messages, as described in the
+ <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
+ The set of characters that Postfix will reject in message con-
+ tent.
+
+ <b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
+ The set of characters that Postfix will remove from message con-
+ tent.
+
+ Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24, and
+ later:
+
+ <b><a href="postconf.5.html#cleanup_replace_stray_cr_lf">cleanup_replace_stray_cr_lf</a> (yes)</b>
+ Replace each stray &lt;CR&gt; or &lt;LF&gt; character in message content
+ with a space character, to prevent outbound SMTP smuggling, and
+ to make the evaluation of Postfix-added DKIM or other signatures
+ independent from how a remote mail server handles such charac-
+ ters.
+
+<b>BEFORE QUEUE MILTER CONTROLS</b>
+ As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
+ filter) protocol. When mail is not received via the <a href="smtpd.8.html">smtpd(8)</a> server,
+ the <a href="cleanup.8.html">cleanup(8)</a> server will simulate SMTP events to the extent that this
+ is possible. For details see the <a href="MILTER_README.html">MILTER_README</a> document.
+
+ <b><a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> (empty)</b>
+ A list of Milter (mail filter) applications for new mail that
+ does not arrive via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
+
+ <b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
+ The mail filter protocol version and optional protocol exten-
+ sions for communication with a Milter application; prior to
+ Postfix 2.6 the default protocol is 2.
+
+ <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
+ The default action when a Milter (mail filter) response is
+ unavailable (for example, bad Postfix configuration or Milter
+ failure).
+
+ <b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The {daemon_name} macro value for Milter (mail filter) applica-
+ tions.
+
+ <b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
+ The {v} macro value for Milter (mail filter) applications.
+
+ <b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
+ The time limit for connecting to a Milter (mail filter) applica-
+ tion, and for negotiating protocol options.
+
+ <b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
+ The time limit for sending an SMTP command to a Milter (mail
+ filter) application, and for receiving the response.
+
+ <b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
+ The time limit for sending message content to a Milter (mail
+ filter) application, and for receiving the response.
+
+ <b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after completion of an SMTP connection.
+
+ <b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP HELO or EHLO command.
+
+ <b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP MAIL FROM command.
+
+ <b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP RCPT TO command.
+
+ <b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to version 4 or higher Milter (mail
+ filter) applications after the SMTP DATA command.
+
+ <b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to version 3 or higher Milter (mail
+ filter) applications after an unknown SMTP command.
+
+ <b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the message end-of-data.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the end of the message header.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a> (empty)</b>
+ Optional lookup tables for content inspection of message headers
+ that are produced by Milter applications.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#milter_macro_defaults">milter_macro_defaults</a> (empty)</b>
+ Optional list of <i>name=value</i> pairs that specify default values
+ for arbitrary macros that Postfix may send to Milter applica-
+ tions.
+
+<b>MIME PROCESSING CONTROLS</b>
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a> (no)</b>
+ Turn off MIME processing while receiving mail.
+
+ <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
+ The maximal length of MIME multipart boundary strings.
+
+ <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
+ The maximal recursion level that the MIME processor will handle.
+
+ <b><a href="postconf.5.html#strict_8bitmime">strict_8bitmime</a> (no)</b>
+ Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>.
+
+ <b><a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> (no)</b>
+ Reject mail with 8-bit text in message headers.
+
+ <b><a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a> (no)</b>
+ Reject 8-bit message body text without 8-bit MIME content encod-
+ ing information.
+
+ <b><a href="postconf.5.html#strict_mime_encoding_domain">strict_mime_encoding_domain</a> (no)</b>
+ Reject mail with invalid Content-Transfer-Encoding: information
+ for the message/* or multipart/* MIME content types.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#detect_8bit_encoding_header">detect_8bit_encoding_header</a> (yes)</b>
+ Automatically detect 8BITMIME body content by looking at Con-
+ tent-Transfer-Encoding: message headers; historically, this
+ behavior was hard-coded to be "always on".
+
+<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
+ Postfix can automatically add BCC (blind carbon copy) when mail enters
+ the mail system:
+
+ <b><a href="postconf.5.html#always_bcc">always_bcc</a> (empty)</b>
+ Optional address that receives a "blind carbon copy" of each
+ message that is received by the Postfix mail system.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> (empty)</b>
+ Optional BCC (blind carbon-copy) address lookup tables, indexed
+ by sender address.
+
+ <b><a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> (empty)</b>
+ Optional BCC (blind carbon-copy) address lookup tables, indexed
+ by recipient address.
+
+<b>ADDRESS TRANSFORMATION CONTROLS</b>
+ Address rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. The
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven address mapping.
+
+ <b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
+ The recipient of mail addressed to the null address.
+
+ <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for message headers and
+ envelopes.
+
+ <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
+
+ <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ sender addresses.
+
+ <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender, header_recipient)</b>
+ What addresses are subject to address masquerading.
+
+ <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a> (empty)</b>
+ Optional list of domains whose subdomain structure will be
+ stripped off in email addresses.
+
+ <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
+ Optional list of user names that are not subjected to address
+ masquerading, even when their addresses match $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ <a href="postconf.5.html#masquerade_domains">ade_domains</a>.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ Available before Postfix version 2.0:
+
+ <b><a href="postconf.5.html#virtual_maps">virtual_maps</a> (empty)</b>
+ Optional lookup tables with a) names of domains for which all
+ addresses are aliased to addresses in other local or remote
+ domains, and b) addresses that are aliased to addresses in other
+ local or remote domains.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote address.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient, header_sender,</b>
+ <b>header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
+
+ <b><a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> (envelope_recipient, header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address
+ mapping.
+
+ <b><a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> (envelope_sender, header_sender)</b>
+ What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address map-
+ ping.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
+
+ <b><a href="postconf.5.html#header_size_limit">header_size_limit</a> (102400)</b>
+ The maximal amount of memory in bytes for storing a message
+ header.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
+
+ <b><a href="postconf.5.html#in_flow_delay">in_flow_delay</a> (1s)</b>
+ Time to pause before accepting a new message, when the message
+ arrival rate exceeds the message delivery rate.
+
+ <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
+ The maximal size in bytes of a message, including envelope
+ information.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#header_address_token_limit">header_address_token_limit</a> (10240)</b>
+ The maximal number of address tokens are allowed in an address
+ message header.
+
+ <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
+ The maximal length of MIME multipart boundary strings.
+
+ <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
+ The maximal recursion level that the MIME processor will handle.
+
+ <b><a href="postconf.5.html#queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> (100)</b>
+ The maximal number of (name=value) attributes that may be stored
+ in a Postfix queue file.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> (1000)</b>
+ The maximal number of addresses that virtual alias expansion
+ produces from each original recipient.
+
+ <b><a href="postconf.5.html#virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> (1000)</b>
+ The maximal nesting depth of virtual alias expansion.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#virtual_alias_address_length_limit">virtual_alias_address_length_limit</a> (1000)</b>
+ The maximal length of an email address after virtual alias
+ expansion.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
+ The internet hostname of this mail system.
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
+ aliasing or with canonical mapping).
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>FILES</b>
+ /etc/postfix/canonical*, canonical mapping table
+ /etc/postfix/virtual*, virtual mapping table
+
+<b>SEE ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address rewriting
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
+ <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection
+ <a href="canonical.5.html">canonical(5)</a>, canonical address lookup table format
+ <a href="virtual.5.html">virtual(5)</a>, virtual alias lookup table format
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation
+ <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ CLEANUP(8)
+</pre> </body> </html>
diff --git a/html/defer.8.html b/html/defer.8.html
new file mode 100644
index 0000000..ba2ced9
--- /dev/null
+++ b/html/defer.8.html
@@ -0,0 +1,198 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - bounce(8) </title>
+</head> <body> <pre>
+BOUNCE(8) BOUNCE(8)
+
+<b>NAME</b>
+ bounce - Postfix delivery status reports
+
+<b>SYNOPSIS</b>
+ <b>bounce</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the
+ per-message log file be deleted when the requested operation fails.
+ This is used by clients that cannot retry transactions by themselves,
+ and that depend on retry logic in their own client.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
+
+ <b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce message templates.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
+ Enable non-delivery, success, and delay notifications that link
+ to the original message by including a References: and
+ In-Reply-To: header with the original Message-ID value.
+
+ Available in Postfix 3.7 and later:
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+<b>FILES</b>
+ /var/spool/postfix/bounce/* non-delivery records
+ /var/spool/postfix/defer/* non-delivery records
+ /var/spool/postfix/trace/* delivery status records
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce message template format
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ BOUNCE(8)
+</pre> </body> </html>
diff --git a/html/discard.8.html b/html/discard.8.html
new file mode 100644
index 0000000..8ab442c
--- /dev/null
+++ b/html/discard.8.html
@@ -0,0 +1,134 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - discard(8) </title>
+</head> <body> <pre>
+DISCARD(8) DISCARD(8)
+
+<b>NAME</b>
+ discard - Postfix discard mail delivery agent
+
+<b>SYNOPSIS</b>
+ <b>discard</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent processes delivery requests from
+ the queue manager. Each request specifies a queue file, a sender
+ address, a next-hop destination that is treated as the reason for dis-
+ carding the mail, and recipient information. The reason may be pre-
+ fixed with an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
+ be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all recipients in the
+ delivery request, logs the "next-hop" destination as the reason for
+ discarding the mail, updates the queue file, and either marks recipi-
+ ents as finished or informs the queue manager that delivery should be
+ tried again at a later time.
+
+ Delivery status reports are sent to the <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+<b>SECURITY</b>
+ The <a href="discard.8.html"><b>discard</b>(8)</a> mailer is not security-sensitive. It does not talk to
+ the network, and can be run chrooted at fixed low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="discard.8.html"><b>discard</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="error.8.html">error(8)</a>, Postfix error delivery agent
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.2.
+
+<b>AUTHOR(S)</b>
+ Victor Duchovni
+ Morgan Stanley
+
+ Based on code by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ DISCARD(8)
+</pre> </body> </html>
diff --git a/html/dnsblog.8.html b/html/dnsblog.8.html
new file mode 100644
index 0000000..250b046
--- /dev/null
+++ b/html/dnsblog.8.html
@@ -0,0 +1,104 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - dnsblog(8) </title>
+</head> <body> <pre>
+DNSBLOG(8) DNSBLOG(8)
+
+<b>NAME</b>
+ dnsblog - Postfix DNS allow/denylist logger
+
+<b>SYNOPSIS</b>
+ <b>dnsblog</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server implements an ad-hoc DNS allow/denylist lookup
+ service. This may eventually be replaced by an UDP client that is built
+ directly into the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+
+<b>PROTOCOL</b>
+ With each connection, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server receives a DNS
+ allow/denylist domain name, an IP address, and an ID. If the IP
+ address is listed under the DNS allow/denylist, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server
+ logs the match and replies with the query arguments plus an address
+ list with the resulting IP addresses, separated by whitespace, and the
+ reply TTL. Otherwise it replies with the query arguments plus an empty
+ address list and the reply TTL; the reply TTL is -1 if there is no
+ reply, or a negative reply that contains no SOA record. Finally, the
+ <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server closes the connection.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
+ Optional list of DNS allow/denylist domains, filters and weight
+ factors.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.8.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ DNSBLOG(8)
+</pre> </body> </html>
diff --git a/html/error.8.html b/html/error.8.html
new file mode 100644
index 0000000..c82bc69
--- /dev/null
+++ b/html/error.8.html
@@ -0,0 +1,140 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - error(8) </title>
+</head> <body> <pre>
+ERROR(8) ERROR(8)
+
+<b>NAME</b>
+ error - Postfix error/retry mail delivery agent
+
+<b>SYNOPSIS</b>
+ <b>error</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="error.8.html"><b>error</b>(8)</a> delivery agent processes delivery requests from
+ the queue manager. Each request specifies a queue file, a sender
+ address, the reason for non-delivery (specified as the next-hop desti-
+ nation), and recipient information. The reason may be prefixed with an
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code; if none is specified a default 4.0.0
+ or 5.0.0 code is used instead. This program expects to be run from the
+ <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or <b>retry</b>, the server
+ bounces or defers all recipients in the delivery request using the
+ "next-hop" information as the reason for non-delivery. The <b>retry</b> ser-
+ vice name is supported as of Postfix 2.4.
+
+ Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a>
+ daemon as appropriate.
+
+<b>SECURITY</b>
+ The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not talk to the
+ network, and can be run chrooted at fixed low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ ERROR(8)
+</pre> </body> </html>
diff --git a/html/flush.8.html b/html/flush.8.html
new file mode 100644
index 0000000..1509796
--- /dev/null
+++ b/html/flush.8.html
@@ -0,0 +1,180 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - flush(8) </title>
+</head> <body> <pre>
+FLUSH(8) FLUSH(8)
+
+<b>NAME</b>
+ flush - Postfix fast flush server
+
+<b>SYNOPSIS</b>
+ <b>flush</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="flush.8.html"><b>flush</b>(8)</a> server maintains a record of deferred mail by destination.
+ This information is used to improve the performance of the SMTP <b>ETRN</b>
+ request, and of its command-line equivalent, "<b>sendmail -qR</b>" or
+ "<b>postqueue -f</b>". This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a>
+ process manager.
+
+ The record is implemented as a per-destination logfile with as contents
+ the queue IDs of deferred mail. A logfile is append-only, and is trun-
+ cated when delivery is requested for the corresponding destination. A
+ destination is the part on the right-hand side of the right-most <b>@</b> in
+ an email address.
+
+ Per-destination logfiles of deferred mail are maintained only for eli-
+ gible destinations. The list of eligible destinations is specified with
+ the <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a></b> configuration parameter, which defaults to
+ <b>$<a href="postconf.5.html#relay_domains">relay_domains</a></b>.
+
+ This server implements the following requests:
+
+ <b>add</b> <i>sitename queueid</i>
+ Inform the <a href="flush.8.html"><b>flush</b>(8)</a> server that the message with the specified
+ queue ID is queued for the specified destination.
+
+ <b>send_site</b> <i>sitename</i>
+ Request delivery of mail that is queued for the specified desti-
+ nation.
+
+ <b>send_file</b> <i>queueid</i>
+ Request delivery of the specified deferred message.
+
+ <b>refresh</b>
+ Refresh non-empty per-destination logfiles that were not read in
+ <b>$<a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a></b> hours, by simulating send requests (see
+ above) for the corresponding destinations.
+
+ Delete empty per-destination logfiles that were not updated in
+ <b>$<a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a></b> days.
+
+ This request completes in the background.
+
+ <b>purge</b> Do a <b>refresh</b> for all per-destination logfiles.
+
+<b>SECURITY</b>
+ The <a href="flush.8.html"><b>flush</b>(8)</a> server is not security-sensitive. It does not talk to the
+ network, and it does not talk to local users. The fast flush server
+ can run chrooted at fixed low privilege.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ Fast flush logfiles are truncated only after a "send" request, not when
+ mail is actually delivered, and therefore can accumulate outdated or
+ redundant data. In order to maintain sanity, "refresh" must be executed
+ periodically. This can be automated with a suitable wakeup timer set-
+ ting in the <a href="master.5.html"><b>master.cf</b></a> configuration file.
+
+ Upon receipt of a request to deliver mail for an eligible destination,
+ the <a href="flush.8.html"><b>flush</b>(8)</a> server requests delivery of all messages that are listed
+ in that destination's logfile, regardless of the recipients of those
+ messages. This is not an issue for mail that is sent to a <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>
+ destination because such mail typically only has recipients in one
+ domain.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="flush.8.html"><b>flush</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
+
+ <b><a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a> (12h)</b>
+ The time after which a non-empty but unread per-destination
+ "fast flush" logfile needs to be refreshed.
+
+ <b><a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a> (7d)</b>
+ The time after which an empty per-destination "fast flush" log-
+ file is deleted.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
+ explicit ".example.com" pattern.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>FILES</b>
+ /var/spool/postfix/flush, "fast flush" logfiles.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 1.0.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ FLUSH(8)
+</pre> </body> </html>
diff --git a/html/generic.5.html b/html/generic.5.html
new file mode 100644
index 0000000..813d47e
--- /dev/null
+++ b/html/generic.5.html
@@ -0,0 +1,236 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - generic(5) </title>
+</head> <body> <pre>
+GENERIC(5) GENERIC(5)
+
+<b>NAME</b>
+ generic - Postfix generic table format
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/generic</b>
+
+ <b>postmap -q "</b><i>string</i><b>" /etc/postfix/generic</b>
+
+ <b>postmap -q - /etc/postfix/generic</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The optional <a href="generic.5.html"><b>generic</b>(5)</a> table specifies an address mapping that applies
+ when mail is delivered. This is the opposite of <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping,
+ which applies when mail is received.
+
+ Typically, one would use the <a href="generic.5.html"><b>generic</b>(5)</a> table on a system that does not
+ have a valid Internet domain name and that uses something like <i>localdo-</i>
+ <i>main.local</i> instead. The <a href="generic.5.html"><b>generic</b>(5)</a> table is then used by the <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ client to transform local mail addresses into valid Internet mail
+ addresses when mail has to be sent across the Internet. See the EXAM-
+ PLE section at the end of this document.
+
+ The <a href="generic.5.html"><b>generic</b>(5)</a> mapping affects both message header addresses (i.e.
+ addresses that appear inside messages) and message envelope addresses
+ (for example, the addresses that are used in SMTP protocol commands).
+
+ Normally, the <a href="generic.5.html"><b>generic</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b>
+ or <b>db</b> format, is used for fast searching by the mail system. Execute
+ the command "<b>postmap /etc/postfix/generic</b>" to rebuild an indexed file
+ after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those cases, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <i>pattern result</i>
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>result</i>.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, each <i>user</i>@<i>domain</i> query produces a
+ sequence of query patterns as described below.
+
+ Each query pattern is sent to each specified lookup table before trying
+ the next query pattern, until a match is found.
+
+ <i>user</i>@<i>domain address</i>
+ Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the highest prece-
+ dence.
+
+ <i>user address</i>
+ Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
+ when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is listed in
+ $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+
+ @<i>domain address</i>
+ Replace other addresses in <i>domain</i> by <i>address</i>. This form has the
+ lowest precedence.
+
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>.
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
+
+<b>ADDRESS EXTENSION</b>
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
+
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is
+ available in Postfix 2.5 and later.
+
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Results are the same as with indexed file lookups.
+
+<b>EXAMPLE</b>
+ The following shows a generic mapping with an indexed file. When mail
+ is sent to a remote host via SMTP, this replaces <i>his@localdomain.local</i>
+ by his ISP mail address, replaces <i>her@localdomain.local</i> by her ISP mail
+ address, and replaces other local addresses by his ISP account, with an
+ address extension of <i>+local</i> (this example assumes that the ISP supports
+ "+" style address extensions).
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic
+
+ /etc/postfix/generic:
+ his@localdomain.local hisaccount@hisisp.example
+ her@localdomain.local heraccount@herisp.example
+ @localdomain.local hisaccount+local@hisisp.example
+
+ Execute the command "<b>postmap /etc/postfix/generic</b>" whenever the table
+ is changed. Instead of <b>hash</b>, some systems use <b>dbm</b> database files. To
+ find out what tables your system supports use the command "<b>postconf</b>
+ <b>-m</b>".
+
+<b>BUGS</b>
+ The table format does not understand quoting conventions.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
+
+ <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
+ the Internet.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ Other parameters of interest:
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
+
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="smtp.8.html">smtp(8)</a>, Postfix SMTP client
+
+<b>README FILES</b>
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a>, configuration examples
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ A genericstable feature appears in the Sendmail MTA.
+
+ This feature is available in Postfix 2.2 and later.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ GENERIC(5)
+</pre> </body> </html>
diff --git a/html/header_checks.5.html b/html/header_checks.5.html
new file mode 100644
index 0000000..6bb114a
--- /dev/null
+++ b/html/header_checks.5.html
@@ -0,0 +1,490 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - header_checks(5) </title>
+</head> <body> <pre>
+HEADER_CHECKS(5) HEADER_CHECKS(5)
+
+<b>NAME</b>
+ <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection
+
+<b>SYNOPSIS</b>
+ <b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b>
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mime_header_checks</b>
+ <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b>
+ <b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b>
+
+ <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b>
+
+ <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_header_checks</b>
+ <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_mime_header_checks</b>
+ <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_nested_header_checks</b>
+ <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_body_checks</b>
+
+ <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ This document describes access control on the content of message head-
+ ers and message body lines; it is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a>
+ server before mail is queued. See <a href="access.5.html"><b>access</b>(5)</a> for access control on
+ remote SMTP client information.
+
+ Each message header or message body line is compared against a list of
+ patterns. When a match is found the corresponding action is executed,
+ and the matching process is repeated for the next message header or
+ message body line.
+
+ Note: message headers are examined one logical header at a time, even
+ when a message header spans multiple lines. Body lines are always exam-
+ ined one line at a time.
+
+ For examples, see the EXAMPLES section at the end of this manual page.
+
+ Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood of mail from
+ worms or viruses; they do not decode attachments, and they do not unzip
+ archives. See the documents referenced below in the README FILES sec-
+ tion if you need more sophisticated content analysis.
+
+<b>FILTERS WHILE RECEIVING MAIL</b>
+ Postfix implements the following four built-in content inspection
+ classes while receiving mail:
+
+ <b><a href="postconf.5.html#header_checks">header_checks</a></b> (default: empty)
+ These are applied to initial message headers (except for the
+ headers that are processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
+
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
+ These are applied to MIME related message headers only.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
+ These are applied to message headers of attached email messages
+ (except for the headers that are processed with
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b><a href="postconf.5.html#body_checks">body_checks</a></b>
+ These are applied to all other content, including multi-part
+ message boundaries.
+
+ With Postfix versions before 2.0, all content after the initial
+ message headers is treated as body content.
+
+<b>FILTERS AFTER RECEIVING MAIL</b>
+ Postfix supports a subset of the built-in content inspection classes
+ after the message is received:
+
+ <b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> (default: empty)
+ These are applied to headers that are added with Milter applica-
+ tions.
+
+ This feature is available in Postfix 2.7 and later.
+
+<b>FILTERS WHILE DELIVERING MAIL</b>
+ Postfix supports all four content inspection classes while delivering
+ mail via SMTP.
+
+ <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a></b> (default: empty)
+
+ <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a></b> (default: empty)
+
+ <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a></b> (default: empty)
+
+ <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a></b> (default: empty)
+ These features are available in Postfix 2.5 and later.
+
+<b>COMPATIBILITY</b>
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. By default, <a href="regexp_table.5.html">regexp</a>: and
+ <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
+
+<b>TABLE FORMAT</b>
+ This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules are specified
+ in the form of Postfix regular expression lookup tables. Usually the
+ best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres-
+ sion) tables. The <b>regexp</b> (POSIX regular expressions) tables are usually
+ slower, but more widely available. Use the command "<b>postconf -m</b>" to
+ find out what lookup table types your Postfix system supports.
+
+ The general format of Postfix regular expression tables is given below.
+ For a discussion of specific pattern or flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>
+ or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respectively.
+
+ <b>/</b><i>pattern</i><b>/</b><i>flags action</i>
+ When /<i>pattern</i>/ matches the input string, execute the correspond-
+ ing <i>action</i>. See below for a list of possible actions.
+
+ <b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
+ When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor-
+ responding <i>action</i>.
+
+ <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string matches /<i>pattern</i>/, then match that input
+ string against the patterns between <b>if</b> and <b>endif</b>. The <b>if</b>..<b>endif</b>
+ can nest.
+
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
+
+ <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string does not match /<i>pattern</i>/, then match that
+ input string against the patterns between <b>if</b> and <b>endif</b>. The
+ <b>if</b>..<b>endif</b> can nest.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A pattern/action line starts with non-whitespace text. A line
+ that starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ For each line of message input, the patterns are applied in the order
+ as specified in the table. When a pattern is found that matches the
+ input line, the corresponding action is executed and then the next
+ input line is inspected.
+
+<b>TEXT SUBSTITUTION</b>
+ Substitution of substrings from the matched expression into the <i>action</i>
+ string is possible using the conventional Perl syntax (<b>$1</b>, <b>$2</b>, etc.).
+ The macros in the result string may need to be written as <b>${n}</b> or <b>$(n)</b>
+ if they aren't followed by whitespace.
+
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
+
+<b>ACTIONS</b>
+ Action names are case insensitive. They are shown in upper case for
+ consistency with other Postfix documentation.
+
+ <b>BCC</b> <i>user@domain</i>
+ Add the specified address as a BCC recipient, and inspect the
+ next input line. The address must have a local part and domain
+ part. The number of BCC addresses that can be added is limited
+ only by the amount of available storage space.
+
+ Note 1: the BCC address is added as if it was specified with
+ NOTIFY=NONE. The sender will not be notified when the BCC
+ address is undeliverable, as long as all down-stream software
+ implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+
+ Note 2: this ignores duplicate addresses (with the same delivery
+ status notification options).
+
+ This feature is available in Postfix 3.0 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>DISCARD</b> <i>optional text...</i>
+ Claim successful delivery and silently discard the message. Do
+ not inspect the remainder of the input message. Log the
+ optional text if specified, otherwise log a generic message.
+
+ Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec-
+ tion of the current message and affects all recipients. To dis-
+ card only one recipient without discarding the entire message,
+ use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser-
+ vice.
+
+ This feature is available in Postfix 2.0 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>DUNNO</b> Pretend that the input line did not match any pattern, and
+ inspect the next input line. This action can be used to shorten
+ the table search.
+
+ For backwards compatibility reasons, Postfix also accepts <b>OK</b> but
+ it is (and always has been) treated as <b>DUNNO</b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>FILTER</b> <i>transport:destination</i>
+ Override the <a href="postconf.5.html#content_filter">content_filter</a> parameter setting, and inspect the
+ next input line. After the message is queued, send the entire
+ message through the specified external content filter. The
+ <i>transport</i> name specifies the first field of a mail delivery
+ agent definition in <a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>desti-</i>
+ <i>nation</i> is described in the manual page of the corresponding
+ delivery agent. More information about external content filters
+ is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
+
+ Note 1: do not use $<i>number</i> regular expression substitutions for
+ <i>transport</i> or <i>destination</i> unless you know that the information
+ has a trusted origin.
+
+ Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In the case
+ that multiple <b>FILTER</b> actions fire, only the last one is exe-
+ cuted.
+
+ Note 3: the purpose of the FILTER command is to override message
+ routing. To override the recipient's <i>transport</i> but not the
+ next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post-
+ fix 2.7 and later), or specify a <i>transport:destination</i> that
+ delivers through a different Postfix instance (Postfix 2.6 and
+ earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b>
+ <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b>
+ <b>_transport_maps</a></b> features.
+
+ This feature is available in Postfix 2.0 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>HOLD</b> <i>optional text...</i>
+ Arrange for the message to be placed on the <b>hold</b> queue, and
+ inspect the next input line. The message remains on <b>hold</b> until
+ someone either deletes it or releases it for delivery. Log the
+ optional text if specified, otherwise log a generic message.
+
+ Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a>
+ command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ command.
+
+ Note: use "<b>postsuper -r</b>" to release mail that was kept on hold
+ for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for
+ mail that will not expire within a few delivery attempts.
+
+ Note: this action affects all recipients of the message.
+
+ This feature is available in Postfix 2.0 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>IGNORE</b> Delete the current line from the input, and inspect the next
+ input line. See <b>STRIP</b> for an alternative that logs the action.
+
+ <b>INFO</b> <i>optional text...</i>
+ Log an "info:" record with the <i>optional text...</i> (or log a
+ generic text), and inspect the next input line. This action is
+ useful for routine logging or for debugging.
+
+ This feature is available in Postfix 2.8 and later.
+
+ <b>PASS</b> <i>optional text...</i>
+ Log a "pass:" record with the <i>optional text...</i> (or log a generic
+ text), and turn off header, body, and Milter inspection for the
+ remainder of this message.
+
+ Note: this feature relies on trust in information that is easy
+ to forge.
+
+ This feature is available in Postfix 3.2 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>PREPEND</b> <i>text...</i>
+ Prepend one line with the specified text, and inspect the next
+ input line.
+
+ Notes:
+
+ <b>o</b> The prepended text is output on a separate line, immedi-
+ ately before the input that triggered the <b>PREPEND</b> action.
+
+ <b>o</b> The prepended text is not considered part of the input
+ stream: it is not subject to header/body checks or
+ address rewriting, and it does not affect the way that
+ Postfix adds missing message headers.
+
+ <b>o</b> When prepending text before a message header line, the
+ prepended text must begin with a valid message header
+ label.
+
+ <b>o</b> This action cannot be used to prepend multi-line text.
+
+ This feature is available in Postfix 2.1 and later.
+
+ This feature is not supported with <a href="postconf.5.html#milter_header_checks">milter_header_checks</a>.
+
+ <b>REDIRECT</b> <i>user@domain</i>
+ Write a message redirection request to the queue file, and
+ inspect the next input line. After the message is queued, it
+ will be sent to the specified address instead of the intended
+ recipient(s).
+
+ Note: this action overrides the <b>FILTER</b> action, and affects all
+ recipients of the message. If multiple <b>REDIRECT</b> actions fire,
+ only the last one is executed.
+
+ This feature is available in Postfix 2.1 and later.
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>REPLACE</b> <i>text...</i>
+ Replace the current line with the specified text, and inspect
+ the next input line.
+
+ This feature is available in Postfix 2.2 and later. The descrip-
+ tion below applies to Postfix 2.2.2 and later.
+
+ Notes:
+
+ <b>o</b> When replacing a message header line, the replacement
+ text must begin with a valid header label.
+
+ <b>o</b> The replaced text remains part of the input stream.
+ Unlike the result from the <b>PREPEND</b> action, a replaced
+ message header may be subject to address rewriting and
+ may affect the way that Postfix adds missing message
+ headers.
+
+ <b>REJECT</b> <i>optional text...</i>
+ Reject the entire message. Do not inspect the remainder of the
+ input message. Reply with <i>optional text...</i> when the optional
+ text is specified, otherwise reply with a generic error message.
+
+ Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec-
+ tion of the current message and affects all recipients.
+
+ Postfix version 2.3 and later support enhanced status codes.
+ When no code is specified at the beginning of <i>optional text...</i>,
+ Postfix inserts a default enhanced status code of "5.7.1".
+
+ This feature is not supported with smtp header/body checks.
+
+ <b>STRIP</b> <i>optional text...</i>
+ Log a "strip:" record with the <i>optional text...</i> (or log a
+ generic text), delete the input line from the input, and inspect
+ the next input line. See <b>IGNORE</b> for a silent alternative.
+
+ This feature is available in Postfix 3.2 and later.
+
+ <b>WARN</b> <i>optional text...</i>
+ Log a "warning:" record with the <i>optional text...</i> (or log a
+ generic text), and inspect the next input line. This action is
+ useful for debugging and for testing a pattern before applying
+ more drastic actions.
+
+<b>BUGS</b>
+ Empty lines never match, because some map types mis-behave when given a
+ zero-length search string. This limitation may be removed for regular
+ expression tables in a future release.
+
+ Many people overlook the main limitations of header and <a href="postconf.5.html#body_checks">body_checks</a>
+ rules.
+
+ <b>o</b> These rules operate on one logical message header or one body
+ line at a time. A decision made for one line is not carried over
+ to the next line.
+
+ <b>o</b> If text in the message body is encoded (<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules
+ need to be specified for the encoded form.
+
+ <b>o</b> Likewise, when message headers are encoded (<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the
+ rules need to be specified for the encoded form.
+
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from
+ inspection. Examples of such message headers are <b>From:</b>, <b>To:</b>, <b>Mes-</b>
+ <b>sage-ID:</b>, <b>Date:</b>.
+
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be examined
+ before they are deleted. Examples are: <b>Bcc:</b>, <b>Content-Length:</b>,
+ <b>Return-Path:</b>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ <b><a href="postconf.5.html#body_checks">body_checks</a></b>
+ Lookup tables with content filter rules for message body lines.
+ These filters see one physical line at a time, in chunks of at
+ most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> bytes.
+
+ <b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
+ The amount of content per message body segment (attachment) that
+ is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> filtering.
+
+ <b><a href="postconf.5.html#header_checks">header_checks</a></b>
+
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
+
+ <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
+ Lookup tables with content filter rules for message header
+ lines: respectively, these are applied to the initial message
+ headers (not including MIME headers), to the MIME headers any-
+ where in the message, and to the initial headers of attached
+ messages.
+
+ Note: these filters see one logical message header at a time,
+ even when a message header spans multiple lines. Message headers
+ that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun-
+ cated.
+
+ <b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
+ While receiving mail, give no special treatment to MIME related
+ message headers; all text after the initial message headers is
+ considered to be part of the message body. This means that
+ <b><a href="postconf.5.html#header_checks">header_checks</a></b> is applied to all the initial message headers, and
+ that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the message.
+
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will process a
+ multi-line message header one line at a time.
+
+<b>EXAMPLES</b>
+ Header pattern to block attachments with bad file name extensions. For
+ convenience, the PCRE /x flag is specified, so that there is no need to
+ collapse the pattern into a single line of text. The purpose of the
+ [[:xdigit:]] sub-expressions is to recognize Windows CLSID strings.
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre
+
+ /etc/postfix/header_checks.<a href="pcre_table.5.html">pcre</a>:
+ /^Content-(Disposition|Type).*name\s*=\s*"?([^;]*(\.|=2E)(
+ ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe|
+ hlp|ht[at]|
+ inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws|
+ \{[[:xdigit:]]{8}(?:-[[:xdigit:]]{4}){3}-[[:xdigit:]]{12}\}|
+ ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf|
+ vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
+ REJECT Attachment name "$2" may not end with ".$4"
+
+ Body pattern to stop a specific HTML browser vulnerability exploit.
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
+
+ /etc/postfix/body_checks:
+ /^&lt;iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0&gt;$/
+ REJECT IFRAME vulnerability exploit
+
+<b>SEE ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue Postfix message
+ <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE lookup tables
+ <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables
+ <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management
+ <a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor
+ <a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
+ <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection overview
+ <a href="BUILTIN_FILTER_README.html">BUILTIN_FILTER_README</a>, Postfix built-in content inspection
+ <a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ HEADER_CHECKS(5)
+</pre> </body> </html>
diff --git a/html/index.html b/html/index.html
new file mode 100644
index 0000000..68edc59
--- /dev/null
+++ b/html/index.html
@@ -0,0 +1,222 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Documentation</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" alt=""> Postfix Documentation </h1>
+
+<hr>
+
+<table border="0">
+
+<tr> <td width="30%" align="left" valign="top">
+
+<p><strong>General configuration </strong></p>
+
+<ul>
+
+<li> <a href="BASIC_CONFIGURATION_README.html"> Basic configuration
+</a>
+
+<li> <a href="SOHO_README.html"> Small/home office hints and tips </a>
+
+<li> <a href="STANDARD_CONFIGURATION_README.html"> Standard
+configuration examples </a>
+
+<li> <a href="ADDRESS_REWRITING_README.html"> Address rewriting
+ </a>
+
+<li> <a href="VIRTUAL_README.html"> Virtual domain hosting </a>
+
+<li> <a href="SASL_README.html"> SASL Authentication </a>
+
+<li> <a href="TLS_README.html"> TLS Encryption and authentication </a>
+
+<li> <a href="FORWARD_SECRECY_README.html"> TLS Forward Secrecy </a>
+
+<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
+
+<li> <a href="SMTPUTF8_README.html"> SMTPUTF8 Support </a>
+
+<li> <a href="MAILLOG_README.html"> Postfix logging to file or stdout </a>
+
+<li> <a href="COMPATIBILITY_README.html"> Backwards-Compatibility Safety Net</a>
+
+<li> <a href="INSTALL.html"> Installation from source code </a>
+
+</ul>
+
+<p><strong>Problem solving </strong></p>
+
+<ul>
+
+<li> <a href="QSHAPE_README.html"> Bottleneck analysis </a>
+
+<li> <a href="STRESS_README.html"> Stress-dependent configuration </a>
+
+<li> <a href="TUNING_README.html"> Performance tuning </a>
+
+<li> <a href="DEBUG_README.html"> Debugging strategies </a>
+
+</ul>
+
+<p><strong>Content inspection </strong></p>
+
+<ul>
+
+<li> <a href="CONTENT_INSPECTION_README.html"> Content inspection
+overview </a>
+
+<li> <a href="BACKSCATTER_README.html"> Stopping backscatter mail
+</a>
+
+<li> <a href="BUILTIN_FILTER_README.html"> Built-in content inspection </a>
+
+</ul>
+
+</td>
+
+<td width="30%" align="left" valign="top">
+
+<ul>
+
+<li> <a href="FILTER_README.html"> After-queue content filter </a>
+
+<li> <a href="SMTPD_PROXY_README.html"> Before-queue content
+filter </a>
+
+<li> <a href="MILTER_README.html"> Before-queue Milter applications
+</a>
+
+</ul>
+
+<p><strong>SMTP Relay and access control </strong></p>
+
+<ul>
+
+<li> <a href="SMTPD_ACCESS_README.html"> Relay/access control
+overview </a>
+
+<li> <a href="SMTPD_POLICY_README.html"> Access policy delegation
+</a>
+
+<li> <a href="ADDRESS_VERIFICATION_README.html"> Address verification
+ </a>
+
+<li> <a href="RESTRICTION_CLASS_README.html">
+Per-client/user/etc. access </a>
+
+<li> <a href="POSTSCREEN_README.html"> SMTP connection triage </a>
+
+<li> <a href="ETRN_README.html"> ETRN Support </a>
+
+<li> <a href="UUCP_README.html"> LAN connected via UUCP </a>
+
+</ul>
+
+<p><strong> Lookup tables (databases) </strong></p>
+
+<ul>
+
+<li> <a href="DATABASE_README.html"> Lookup table overview </a>
+
+<li> <a href="DB_README.html"> Berkeley DB Howto </a>
+
+<li> <a href="CDB_README.html"> CDB Howto </a>
+
+<li> <a href="LDAP_README.html"> LDAP Howto </a>
+
+<li> <a href="LMDB_README.html"> LMDB Howto </a>
+
+<li> <a href="MEMCACHE_README.html"> Memcache Howto </a>
+
+<li> <a href="MYSQL_README.html"> MySQL Howto </a>
+
+<li> <a href="PCRE_README.html"> PCRE Howto </a>
+
+<li> <a href="PGSQL_README.html"> PostgreSQL Howto </a>
+
+<li> <a href="SQLITE_README.html"> SQLite Howto </a>
+
+</ul>
+
+<p><strong> Mailing list support </strong></p>
+
+<ul>
+
+<li> <a href="VERP_README.html"> VERP Support </a>
+
+</ul>
+
+</td>
+
+<td width="30%" align="left" valign="top">
+
+<p><strong> Specific environments </strong></p>
+
+<ul>
+
+<li> <a href="LINUX_README.html"> Linux issues </a>
+
+<li> <a href="NFS_README.html"> NFS issues </a>
+
+</ul>
+
+<p><strong> Other mail delivery agents </strong></p>
+
+<ul>
+
+<li> <a href="MAILDROP_README.html"> Maildrop </a>
+
+</ul>
+
+<p><strong> Other topics </strong></p>
+
+<ul>
+
+<li> <a href="OVERVIEW.html"> Architecture overview </a>
+
+<li> <a href="postconf.5.html"> All main.cf parameters </a>
+
+<li> <a href="postfix-manuals.html"> All Postfix manual pages </a>
+
+<li> <a href="LOCAL_RECIPIENT_README.html"> Rejecting Unknown Local
+Recipients </a>
+
+<li> <a href="ADDRESS_CLASS_README.html"> Address Classes </a>
+
+<li> <a href="CONNECTION_CACHE_README.html"> Connection cache howto </a>
+
+<li> <a href="DSN_README.html"> Postfix DSN support </a>
+
+<li> <a href="BDAT_README.html"> Postfix BDAT (CHUNKING) support </a>
+
+<li> <a href="PACKAGE_README.html"> Guidelines for Package Builders
+</a>
+
+<li> <a href="SCHEDULER_README.html"> Queue Scheduler </a>
+
+<li> <a href="XCLIENT_README.html"> XCLIENT Command </a>
+
+<li> <a href="XFORWARD_README.html"> XFORWARD Command </a>
+
+</ul>
+
+</td>
+
+</table>
+
+</body>
+
+</html>
diff --git a/html/ldap_table.5.html b/html/ldap_table.5.html
new file mode 100644
index 0000000..69edb10
--- /dev/null
+++ b/html/ldap_table.5.html
@@ -0,0 +1,678 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - ldap_table(5) </title>
+</head> <body> <pre>
+LDAP_TABLE(5) LDAP_TABLE(5)
+
+<b>NAME</b>
+ ldap_table - Postfix LDAP client configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="ldap_table.5.html">ldap</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="ldap_table.5.html">ldap</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as LDAP databases.
+
+ In order to use LDAP lookups, define an LDAP source as a lookup table
+ in <a href="postconf.5.html">main.cf</a>, for example:
+
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
+
+ The file /etc/postfix/ldap-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below. An
+ example is given at the end of this manual.
+
+ This configuration method is available with Postfix version 2.1 and
+ later. See the section "OBSOLETE MAIN.CF PARAMETERS" below for older
+ Postfix versions.
+
+ For details about LDAP SSL and STARTTLS, see the section on SSL and
+ STARTTLS below.
+
+<b>LIST MEMBERSHIP</b>
+ When using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With LDAP databases it is not uncommon to return the key itself.
+
+ For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestination</a>:
+
+ query_filter = domain=*
+ result_attribute = domain
+
+ Do this instead:
+
+ query_filter = domain=%s
+ result_attribute = domain
+
+<b>GENERAL LDAP PARAMETERS</b>
+ In the text below, default values are given in parentheses. Note:
+ don't use quotes in these variables; at least, not until the Postfix
+ configuration routines understand how to deal with quoted strings.
+
+ <b>server_host (default: localhost)</b>
+ The name of the host running the LDAP server, e.g.
+
+ server_host = ldap.example.com
+
+ Depending on the LDAP client library you're using, it should be
+ possible to specify multiple servers here, with the library try-
+ ing them in order should the first one fail. It should also be
+ possible to give each server in the list a different port (over-
+ riding <b>server_port</b> below), by naming them like
+
+ server_host = ldap.example.com:1444
+
+ With OpenLDAP, a (list of) LDAP URLs can be used to specify both
+ the hostname(s) and the port(s):
+
+ server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
+ <a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
+
+ All LDAP URLs accepted by the OpenLDAP library are supported,
+ including connections over UNIX domain sockets, and LDAP SSL
+ (the last one provided that OpenLDAP was compiled with support
+ for SSL):
+
+ server_host = <a href="ldap_table.5.html">ldapi</a>://%2Fsome%2Fpath
+ <a href="ldap_table.5.html">ldaps</a>://ldap.example.com:636
+
+ <b>server_port (default: 389)</b>
+ The port the LDAP server listens on, e.g.
+
+ server_port = 778
+
+ <b>timeout (default: 10 seconds)</b>
+ The number of seconds a search can take before timing out, e.g.
+
+ timeout = 5
+
+ <b>search_base (No default; you must configure this)</b>
+ The <a href="https://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search, e.g.
+
+ search_base = dc=your, dc=com
+
+ With Postfix 2.2 and later this parameter supports the following
+ '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the input key. <a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a> quoting is
+ used to make sure that the input key does not add unex-
+ pected metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the search is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted domain part of
+ the address. Otherwise, the search is suppressed and
+ returns no results.
+
+ <b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-case equivalents
+ of the above expansions behave identically to their
+ lower-case counter-parts. With the <b>result_format</b> parame-
+ ter (previously called <b>result_filter</b> see the OTHER OBSO-
+ LETE FEATURES section and below), they expand to the cor-
+ responding components of input key rather than the result
+ value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the search is sup-
+ pressed and returns no results.
+
+ <b>query_filter (default: mailacceptinggeneralid=%s)</b>
+ The <a href="https://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory, where <b>%s</b> is a
+ substitute for the address Postfix is trying to resolve, e.g.
+
+ query_filter = (&amp;(mail=%s)(paid_up=true))
+
+ This parameter supports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later).
+
+ <b>%s</b> This is replaced by the input key. <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> quoting is
+ used to make sure that the input key does not add unex-
+ pected metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the search is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted domain part of
+ the address. Otherwise, the search is suppressed and
+ returns no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query_filter</b> parameter identically to their
+ lower-case counter-parts. With the <b>result_format</b> parame-
+ ter (previously called <b>result_filter</b> see the OTHER OBSO-
+ LETE FEATURES section and below), they expand to the cor-
+ responding components of input key rather than the result
+ value.
+
+ The above %S, %U and %D expansions are available with
+ Postfix 2.2 and later.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the search is sup-
+ pressed and returns no results.
+
+ The above %1, ..., %9 expansions are available with Post-
+ fix 2.2 and later.
+
+ The "domain" parameter described below limits the input keys to
+ addresses in matching domains. When the "domain" parameter is
+ non-empty, LDAP queries for unqualified addresses or addresses
+ in non-matching domains are suppressed and return no results.
+
+ NOTE: DO NOT put quotes around the <b>query_filter</b> parameter.
+
+ <b>result_format (default: %s</b>)
+ Called <b>result_filter</b> in Postfix releases prior to 2.2. Format
+ template applied to result attributes. Most commonly used to
+ append (or prepend) text to the result. This parameter supports
+ the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later).
+
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
+
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
+ skipped.
+
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
+
+ <b>%[SUD1-9]</b>
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query_fil-</b>
+ <b>ter</b>, and in fact because the input key is known in
+ advance, lookups whose key does not contain all the
+ information specified in the result template are sup-
+ pressed and return no results.
+
+ The above %S, %U, %D and %1, ..., %9 expansions are
+ available with Postfix 2.2 and later.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and size_limit
+ parameters explained below allow one to restrict the number of
+ values in the result, which is especially useful for maps that
+ should return a single value.
+
+ The default value <b>%s</b> specifies that each attribute value should
+ be used as is.
+
+ This parameter was called <b>result_filter</b> in Postfix releases
+ prior to 2.2. If no "result_format" is specified, the value of
+ "result_filter" will be used instead before resorting to the
+ default value. This provides compatibility with old configura-
+ tion files.
+
+ NOTE: DO NOT put quotes around the result format!
+
+ <b>domain (default: no domain list)</b>
+ This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys with
+ a *non-empty* localpart and a matching domain are eligible for
+ lookup: 'user' lookups, bare domain lookups and "@domain"
+ lookups are not performed. This can significantly reduce the
+ query load on the LDAP server.
+
+ domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
+
+ It is best not to use LDAP to store the domains eligible for
+ LDAP lookups.
+
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases.
+
+ This feature is available in Postfix 1.0 and later.
+
+ <b>result_attribute (default: maildrop)</b>
+ The attribute(s) Postfix will read from any directory entries
+ returned by the lookup, to be resolved to an email address.
+
+ result_attribute = mailbox, maildrop
+
+ Don't rely on the default value ("maildrop"). Set the
+ result_attribute explicitly in all ldap table configuration
+ files. This is particularly relevant when no result_attribute is
+ applicable, e.g. cases in which leaf_result_attribute and/or
+ terminal_result_attribute are used instead. The default value is
+ harmless if "maildrop" is also listed as a leaf or terminal
+ result attribute, but it is best to not leave this to chance.
+
+ <b>special_result_attribute (default: empty)</b>
+ The attribute(s) of directory entries that can contain DNs or
+ <a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recursive search is performed to
+ retrieve the entry referenced by the DN, or the entries matched
+ by the URL query.
+
+ special_result_attribute = memberdn
+
+ DN recursion retrieves the same result_attributes as the main
+ query, including the special attributes for further recursion.
+
+ URL processing retrieves only those attributes that are included
+ in both the URL definition and as result attributes (ordinary,
+ special, leaf or terminal) in the Postfix table definition. If
+ the URL lists any of the table's special result attributes,
+ these are retrieved and used recursively. A URL that does not
+ specify any attribute selection, is equivalent (<a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a
+ URL that selects all attributes, in which case the selected
+ attributes will be the full set of result attributes in the
+ Postfix table.
+
+ If an LDAP URL attribute-descriptor or the corresponding Postfix
+ LDAP table result attribute (but not both) uses <a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a>
+ sub-type options ("attr;option"), the attribute requested from
+ the LDAP server will include the sub-type option. In all other
+ cases, the URL attribute and the table attribute must match
+ exactly. Attributes with options in both the URL and the Postfix
+ table are requested only when the options are identical. LDAP
+ attribute-descriptor options are very rarely used, most LDAP
+ users will not need to concern themselves with this level of
+ nuanced detail.
+
+ <b>terminal_result_attribute (default: empty)</b>
+ When one or more terminal result attributes are found in an LDAP
+ entry, all other result attributes are ignored and only the ter-
+ minal result attributes are returned. This is useful for dele-
+ gating expansion of group members to a particular host, by using
+ an optional "maildrop" attribute on selected groups to route the
+ group to a specific host, where the group is expanded, possibly
+ via mailing-list manager or other special processing.
+
+ result_attribute =
+ terminal_result_attribute = maildrop
+
+ When using terminal and/or leaf result attributes, the
+ result_attribute is best set to an empty value when it is not
+ used, or else explicitly set to the desired value, even if it is
+ the default value "maildrop".
+
+ This feature is available with Postfix 2.4 or later.
+
+ <b>leaf_result_attribute (default: empty)</b>
+ When one or more special result attributes are found in a
+ non-terminal (see above) LDAP entry, leaf result attributes are
+ excluded from the expansion of that entry. This is useful when
+ expanding groups and the desired mail address attribute(s) of
+ the member objects obtained via DN or URI recursion are also
+ present in the group object. To only return the attribute values
+ from the leaf objects and not the containing group, add the
+ attribute to the leaf_result_attribute list, and not the
+ result_attribute list, which is always expanded. Note, the
+ default value of "result_attribute" is not empty, you may want
+ to set it explicitly empty when using "leaf_result_attribute" to
+ expand the group to a list of member DN addresses. If groups
+ have both member DN references AND attributes that hold multiple
+ string valued rfc822 addresses, then the string attributes go in
+ "result_attribute". The attributes that represent the email
+ addresses of objects referenced via a DN (or LDAP URI) go in
+ "leaf_result_attribute".
+
+ result_attribute = memberaddr
+ special_result_attribute = memberdn
+ terminal_result_attribute = maildrop
+ leaf_result_attribute = mail
+
+ When using terminal and/or leaf result attributes, the
+ result_attribute is best set to an empty value when it is not
+ used, or else explicitly set to the desired value, even if it is
+ the default value "maildrop".
+
+ This feature is available with Postfix 2.4 or later.
+
+ <b>scope (default: sub)</b>
+ The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These translate into
+ LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL.
+
+ <b>bind (default: yes)</b>
+ Whether or how to bind to the LDAP server. Newer LDAP implemen-
+ tations don't require clients to bind, which saves time. Exam-
+ ple:
+
+ # Don't bind
+ bind = no
+ # Use SIMPLE bind
+ bind = yes
+ # Use SASL bind
+ bind = sasl
+
+ Postfix versions prior to 2.8 only support "bind = no" which
+ means don't bind, and "bind = yes" which means do a SIMPLE bind.
+ Postfix 2.8 and later also supports "bind = SASL" when compiled
+ with LDAP SASL support as described in <a href="LDAP_README.html">LDAP_README</a>, it also adds
+ the synonyms "bind = none" and "bind = simple" for "bind = no"
+ and "bind = yes" respectively. See the SASL section below for
+ additional parameters available with "bind = sasl".
+
+ If you do need to bind, you might consider configuring Postfix
+ to connect to the local machine on a port that's an SSL tunnel
+ to your LDAP server. If your LDAP server doesn't natively sup-
+ port SSL, put a tunnel (wrapper, proxy, whatever you want to
+ call it) on that system too. This should prevent the password
+ from traversing the network in the clear.
+
+ <b>bind_dn (default: empty)</b>
+ If you do have to bind, do it with this distinguished name.
+ Example:
+
+ bind_dn = uid=postfix, dc=your, dc=com
+ With "bind = sasl" (see above) the DN may be optional for some
+ SASL mechanisms, don't specify a DN if not needed.
+
+ <b>bind_pw (default: empty)</b>
+ The password for the distinguished name above. If you have to
+ use this, you probably want to make the map configuration file
+ readable only by the Postfix user. When using the obsolete
+ <a href="ldap_table.5.html">ldap</a>:ldapsource syntax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is
+ not possible to securely store the bind password. This is
+ because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow local
+ accounts to submit mail via the sendmail command. Example:
+
+ bind_pw = postfixpw
+ With "bind = sasl" (see above) the password may be optional for
+ some SASL mechanisms, don't specify a password if not needed.
+
+ <b>cache (IGNORED with a warning)</b>
+
+ <b>cache_expiry (IGNORED with a warning)</b>
+
+ <b>cache_size (IGNORED with a warning)</b>
+ The above parameters are NO LONGER SUPPORTED by Postfix. Cache
+ support has been dropped from OpenLDAP as of release 2.1.13.
+
+ <b>recursion_limit (default: 1000)</b>
+ A limit on the nesting depth of DN and URL special result
+ attribute evaluation. The limit must be a non-zero positive num-
+ ber.
+
+ <b>expansion_limit (default: 0)</b>
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
+
+ <b>size_limit (default: $expansion_limit)</b>
+ A limit on the number of LDAP entries returned by any single
+ LDAP search performed as part of the lookup. A setting of 0 dis-
+ ables the limit. Expansion of DN and URL references involves
+ nested LDAP queries, each of which is separately subjected to
+ this limit.
+
+ Note: even a single LDAP entry can generate multiple lookup
+ results, via multiple result attributes and/or multi-valued
+ result attributes. This limit caps the per search resource uti-
+ lization on the LDAP server, not the final multiplicity of the
+ lookup result. It is analogous to the "-z" option of
+ "ldapsearch".
+
+ <b>dereference (default: 0)</b>
+ When to dereference LDAP aliases. (Note that this has nothing do
+ with Postfix aliases.) The permitted values are those legal for
+ the OpenLDAP/UM LDAP implementations:
+
+ 0 never
+
+ 1 when searching
+
+ 2 when locating the base object for the search
+
+ 3 always
+
+ See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for
+ more information. And if you're using an LDAP package that has
+ other possible values, please bring it to the attention of the
+ postfix-users@postfix.org mailing list.
+
+ <b>chase_referrals (default: 0)</b>
+ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3
+ support).
+
+ <b>version (default: 2)</b>
+ Specifies the LDAP protocol version to use.
+
+ <b>debuglevel (default: 0)</b>
+ What level to set for debugging in the OpenLDAP libraries.
+
+<b>LDAP SASL PARAMETERS</b>
+ If you're using the OpenLDAP libraries compiled with SASL support,
+ Postfix 2.8 and later built with LDAP SASL support as described in
+ <a href="LDAP_README.html">LDAP_README</a> can authenticate to LDAP servers via SASL.
+
+ This enables authentication to the LDAP server via mechanisms other
+ than a simple password. The added flexibility has a cost: it is no
+ longer practical to set an explicit timeout on the duration of an LDAP
+ bind operation. Under adverse conditions, whether a SASL bind times
+ out, or if it does, the duration of the timeout is determined by the
+ LDAP and SASL libraries.
+
+ It is best to use tables that use SASL binds via <a href="proxymap.8.html">proxymap(8)</a>, this way
+ the requesting process can time-out the proxymap request. This also
+ lets you tailer the process environment by overriding the <a href="proxymap.8.html">proxymap(8)</a>
+ <a href="postconf.5.html#import_environment">import_environment</a> setting in <a href="master.5.html">master.cf</a>(5). Special environment set-
+ tings may be needed to configure GSSAPI credential caches or other SASL
+ mechanism specific options. The GSSAPI credentials used for LDAP
+ lookups may need to be different than say those used for the Postfix
+ SMTP client to authenticate to remote servers.
+
+ Using SASL mechanisms requires LDAP protocol version 3, the default
+ protocol version is 2 for backwards compatibility. You must set "ver-
+ sion = 3" in addition to "bind = sasl".
+
+ The following parameters are relevant to using LDAP with SASL
+
+ <b>sasl_mechs (default: empty)</b>
+ Space separated list of SASL mechanism(s) to try.
+
+ <b>sasl_realm (default: empty)</b>
+ SASL Realm to use, if applicable.
+
+ <b>sasl_authz_id (default: empty)</b>
+ The SASL authorization identity to assert, if applicable.
+
+ <b>sasl_minssf (default: 0)</b>
+ The minimum required sasl security factor required to establish
+ a connection.
+
+<b>LDAP SSL AND STARTTLS PARAMETERS</b>
+ If you're using the OpenLDAP libraries compiled with SSL support, Post-
+ fix can connect to LDAP SSL servers and can issue the STARTTLS command.
+
+ LDAP SSL service can be requested by using a LDAP SSL URL in the
+ server_host parameter:
+
+ server_host = <a href="ldap_table.5.html">ldaps</a>://ldap.example.com:636
+
+ STARTTLS can be turned on with the start_tls parameter:
+
+ start_tls = yes
+
+ Both forms require LDAP protocol version 3, which has to be set explic-
+ itly with:
+
+ version = 3
+
+ If any of the Postfix programs querying the map is configured in <a href="master.5.html">mas-
+ ter.cf</a> to run chrooted, all the certificates and keys involved have to
+ be copied to the chroot jail. Of course, the private keys should only
+ be readable by the user "postfix".
+
+ The following parameters are relevant to LDAP SSL and STARTTLS:
+
+ <b>start_tls (default: no)</b>
+ Whether or not to issue STARTTLS upon connection to the server.
+ Don't set this with LDAP SSL (the SSL session is setup automati-
+ cally when the TCP connection is opened).
+
+ <b>tls_ca_cert_dir (No default; set either this or tls_ca_cert_file)</b>
+ Directory containing X509 Certification Authority certificates
+ in PEM format which are to be recognized by the client in
+ SSL/TLS connections. The files each contain one CA certificate.
+ The files are looked up by the CA subject name hash value, which
+ must hence be available. If more than one CA certificate with
+ the same name hash value exist, the extension must be different
+ (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in
+ the ordering of the extension number, regardless of other prop-
+ erties of the certificates. Use the c_rehash utility (from the
+ OpenSSL distribution) to create the necessary links.
+
+ <b>tls_ca_cert_file (No default; set either this or tls_ca_cert_dir)</b>
+ File containing the X509 Certification Authority certificates in
+ PEM format which are to be recognized by the client in SSL/TLS
+ connections. This setting takes precedence over tls_ca_cert_dir.
+
+ <b>tls_cert (No default; you must set this)</b>
+ File containing client's X509 certificate to be used by the
+ client in SSL/ TLS connections.
+
+ <b>tls_key (No default; you must set this)</b>
+ File containing the private key corresponding to the above
+ tls_cert.
+
+ <b>tls_require_cert (default: no)</b>
+ Whether or not to request server's X509 certificate and check
+ its validity when establishing SSL/TLS connections. The sup-
+ ported values are <b>no</b> and <b>yes</b>.
+
+ With <b>no</b>, the server certificate trust chain is not checked, but
+ with OpenLDAP prior to 2.1.13, the name in the server certifi-
+ cate must still match the LDAP server name. With OpenLDAP 2.0.0
+ to 2.0.11 the server name is not necessarily what you specified,
+ rather it is determined (by reverse lookup) from the IP address
+ of the LDAP server connection. With OpenLDAP prior to 2.0.13,
+ subjectAlternativeName extensions in the LDAP server certificate
+ are ignored: the server name must match the subject CommonName.
+ The <b>no</b> setting corresponds to the <b>never</b> value of <b>TLS_REQCERT</b> in
+ LDAP client configuration files.
+
+ Don't use TLS with OpenLDAP 2.0.x (and especially with x &lt;= 11)
+ if you can avoid it.
+
+ With <b>yes</b>, the server certificate must be issued by a trusted CA,
+ and not be expired. The LDAP server name must match one of the
+ name(s) found in the certificate (see above for OpenLDAP library
+ version dependent behavior). The <b>yes</b> setting corresponds to the
+ <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client configuration files.
+
+ The "try" and "allow" values of <b>TLS_REQCERT</b> have no equivalents
+ here. They are not available with OpenLDAP 2.0, and in any case
+ have questionable security properties. Either you want TLS veri-
+ fied LDAP connections, or you don't.
+
+ The <b>yes</b> value only works correctly with Postfix 2.5 and later,
+ or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP
+ releases don't work together with this setting. Support for LDAP
+ over TLS was added to Postfix based on the OpenLDAP 2.0 API.
+
+ <b>tls_random_file (No default)</b>
+ Path of a file to obtain random bits from when /dev/[u]random is
+ not available, to be used by the client in SSL/TLS connections.
+
+ <b>tls_cipher_suite (No default)</b>
+ Cipher suite to use in SSL/TLS negotiations.
+
+<b>EXAMPLE</b>
+ Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a> aliases.
+ Assume that in <a href="postconf.5.html">main.cf</a>, you have:
+
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases,
+ <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
+
+ and in <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf you have:
+
+ server_host = ldap.example.com
+ search_base = dc=example, dc=com
+
+ Upon receiving mail for a local address "ldapuser" that isn't found in
+ the /etc/aliases database, Postfix will search the LDAP server listen-
+ ing at port 389 on ldap.example.com. It will bind anonymously, search
+ for any directory entries whose mailacceptinggeneralid attribute is
+ "ldapuser", read the "maildrop" attributes of those found, and build a
+ list of their maildrops, which will be treated as <a href="https://tools.ietf.org/html/rfc822">RFC822</a> addresses to
+ which the message will be delivered.
+
+<b>OBSOLETE MAIN.CF PARAMETERS</b>
+ For backwards compatibility with Postfix version 2.0 and earlier, LDAP
+ parameters can also be defined in <a href="postconf.5.html">main.cf</a>. Specify as LDAP source a
+ name that doesn't begin with a slash or a dot. The LDAP parameters
+ will then be accessible as the name you've given the source in its def-
+ inition, an underscore, and the name of the parameter. For example, if
+ the map is specified as "<a href="ldap_table.5.html">ldap</a>:<i>ldapsource</i>", the "server_host" parameter
+ below would be defined in <a href="postconf.5.html">main.cf</a> as "<i>ldapsource</i>_server_host".
+
+ Note: with this form, the passwords for the LDAP sources are written in
+ <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this form will
+ be removed in a future Postfix version.
+
+<b>OTHER OBSOLETE FEATURES</b>
+ <b>result_filter (No default)</b>
+ For backwards compatibility with the pre 2.2 LDAP clients,
+ <b>result_filter</b> can for now be used instead of <b>result_format</b>, when
+ the latter parameter is not also set. The new name better
+ reflects the function of the parameter. This compatibility
+ interface may be removed in a future release.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
+ <a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Stevenson, LaM-
+ ont Jones, Liviu Daia, Manuel Guesdon, Mike Mattice, Prabhat K Singh,
+ Sami Haahtinen, Samuel Tardieu, Victor Duchovni, and many others.
+
+ LDAP_TABLE(5)
+</pre> </body> </html>
diff --git a/html/lmdb_table.5.html b/html/lmdb_table.5.html
new file mode 100644
index 0000000..ab73d5a
--- /dev/null
+++ b/html/lmdb_table.5.html
@@ -0,0 +1,112 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - lmdb_table(5) </title>
+</head> <body> <pre>
+LMDB_TABLE(5) LMDB_TABLE(5)
+
+<b>NAME</b>
+ lmdb_table - Postfix LMDB adapter
+
+<b>SYNOPSIS</b>
+ <b>postmap <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -i <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+ <b>postmap -d "</b><i>key</i><b>" <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -d - <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+ <b>postmap -q "</b><i>key</i><b>" <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -q - <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix LMDB adapter provides access to a persistent, mem-
+ ory-mapped, key-value store. The database size is limited only by the
+ size of the memory address space (typically 31 or 47 bits on 32-bit or
+ 64-bit CPUs, respectively) and by the available file system space.
+
+<b>REQUESTS</b>
+ The LMDB adapter supports all Postfix lookup table operations. This
+ makes LMDB suitable for Postfix address rewriting, routing, access
+ policies, caches, or any information that can be stored under a fixed
+ lookup key.
+
+ When a transaction fails due to a full database, Postfix resizes the
+ database and retries the transaction.
+
+ Postfix table lookups may generate partial search keys such as domain
+ names without one or more subdomains, network addresses without one or
+ more least-significant octets, or email addresses without the local-
+ part, address extension or domain portion. This behavior is also found
+ with, for example, <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">hash</a>:, or <a href="ldap_table.5.html">ldap</a>: tables.
+
+ Changes to an LMDB database do not trigger an automatic daemon restart,
+ and do not require a daemon restart with "<b>postfix reload</b>".
+
+<b>RELIABILITY</b>
+ LMDB's copy-on-write architecture provides safe updates, at the cost of
+ using more space than some other flat-file databases. Read operations
+ are memory-mapped for speed. Write operations are not memory-mapped to
+ avoid silent corruption due to stray pointer bugs.
+
+ Multiple processes can safely update an LMDB database without serializ-
+ ing requests through the <a href="proxymap.8.html">proxymap(8)</a> service. This makes LMDB suitable
+ as a shared cache for <a href="verify.8.html">verify(8)</a> or <a href="postscreen.8.html">postscreen(8)</a> services.
+
+<b>SYNCHRONIZATION</b>
+ The Postfix LMDB adapter does not use LMDB's built-in locking scheme,
+ because that would require world-writable lockfiles and would violate
+ the Postfix security model. Instead, Postfix uses fcntl(2) locks with
+ whole-file granularity. Programs that use LMDB's built-in locking pro-
+ tocol will corrupt a Postfix LMDB database or will read garbage.
+
+ Every Postfix LMDB database read or write transaction must be protected
+ from start to end with a shared or exclusive fcntl(2) lock. A writer
+ may atomically downgrade an exclusive lock to a shared lock, but it
+ must hold an exclusive lock while opening another write transaction.
+
+ Note that fcntl(2) locks do not protect transactions within the same
+ process against each other. If a program cannot avoid making simulta-
+ neous database requests, then it must protect its transactions with
+ in-process locks, in addition to the per-process fcntl(2) locks.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Short-lived programs automatically pick up changes to <a href="postconf.5.html">main.cf</a>. With
+ long-running daemon programs, Use the command "<b>postfix reload</b>" after a
+ configuration change.
+
+ <b><a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (16777216)</b>
+ The initial OpenLDAP LMDB database size limit in bytes.
+
+<b>SEE ALSO</b>
+ <a href="postconf.1.html">postconf(1)</a>, Postfix supported lookup tables
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="LMDB_README.html">LMDB_README</a>, Postfix OpenLDAP LMDB howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ LMDB support was introduced with Postfix version 2.11.
+
+<b>AUTHOR(S)</b>
+ Howard Chu
+ Symas Corporation
+
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ LMDB_TABLE(5)
+</pre> </body> </html>
diff --git a/html/lmtp.8.html b/html/lmtp.8.html
new file mode 100644
index 0000000..1144ee8
--- /dev/null
+++ b/html/lmtp.8.html
@@ -0,0 +1,1123 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - smtp(8) </title>
+</head> <body> <pre>
+SMTP(8) SMTP(8)
+
+<b>NAME</b>
+ smtp - Postfix SMTP+LMTP client
+
+<b>SYNOPSIS</b>
+ <b>smtp</b> [generic Postfix daemon options] [flags=DORX]
+
+<b>DESCRIPTION</b>
+ The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
+ protocols. It processes message delivery requests from the queue man-
+ ager. Each request specifies a queue file, a sender address, a domain
+ or host to deliver to, and recipient information. This program expects
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The SMTP+LMTP client updates the queue file and marks recipients as
+ finished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+ The SMTP+LMTP client looks up a list of mail exchanger addresses for
+ the destination host, sorts the list by preference, and connects to
+ each listed address until it finds a server that responds.
+
+ When a server is not reachable, or when mail delivery fails due to a
+ recoverable error condition, the SMTP+LMTP client will try to deliver
+ the mail to an alternate host.
+
+ After a successful mail transaction, a connection may be saved to the
+ <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
+ SMTP+LMTP client for a subsequent transaction.
+
+ By default, connection caching is enabled temporarily for destinations
+ that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching
+ can be enabled permanently for specific destinations.
+
+<b>SMTP DESTINATION SYNTAX</b>
+ The Postfix SMTP+LMTP client supports multiple destinations separated
+ by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
+ the following form:
+
+ <i>domainname</i>
+
+ <i>domainname</i>:<i>port</i>
+ Look up the mail exchangers for the specified domain, and con-
+ nect to the specified port (default: <b>smtp</b>).
+
+ [<i>hostname</i>]
+
+ [<i>hostname</i>]:<i>port</i>
+ Look up the address(es) of the specified host, and connect to
+ the specified port (default: <b>smtp</b>).
+
+ [<i>address</i>]
+
+ [<i>address</i>]:<i>port</i>
+ Connect to the host at the specified address, and connect to the
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
+ ted as [<b>ipv6</b>:<i>address</i>].
+
+<b>LMTP DESTINATION SYNTAX</b>
+ The Postfix SMTP+LMTP client supports multiple destinations separated
+ by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
+ the following form:
+
+ <b>unix</b>:<i>pathname</i>
+ Connect to the local UNIX-domain server that is bound to the
+ specified <i>pathname</i>. If the process runs chrooted, an absolute
+ pathname is interpreted relative to the Postfix queue directory.
+
+ <b>inet</b>:<i>hostname</i>
+
+ <b>inet</b>:<i>hostname</i>:<i>port</i>
+
+ <b>inet</b>:[<i>address</i>]
+
+ <b>inet</b>:[<i>address</i>]:<i>port</i>
+ Connect to the specified TCP port on the specified local or
+ remote host. If no port is specified, connect to the port
+ defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
+ the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
+ will be used. An IPv6 address must be formatted as
+ [<b>ipv6</b>:<i>address</i>].
+
+<b>SINGLE-RECIPIENT DELIVERY</b>
+ By default, the Postfix SMTP+LMTP client delivers mail to multiple
+ recipients per delivery request. This is undesirable when prepending a
+ <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from
+ sending multiple recipients per delivery request, specify
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
+
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service.
+
+<b>COMMAND ATTRIBUTE SYNTAX</b>
+ <b>flags=DORX</b> (optional)
+ Optional message processing flags.
+
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ SINGLE-RECIPIENT DELIVERY above for details).
+
+ The <b>D</b> flag also enforces loop detection: if a message
+ already contains a <b>Delivered-To:</b> header with the same
+ recipient address, then the message is returned as unde-
+ liverable. The address comparison is case insensitive.
+
+ This feature is available as of Postfix 3.5.
+
+ <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
+ the recipient address as given to Postfix. Note: for this
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
+
+ This feature is available as of Postfix 3.5.
+
+ <b>R</b> Prepend a "<b>Return-Path:</b> &lt;<i>sender</i>&gt;" message header with the
+ envelope sender address.
+
+ This feature is available as of Postfix 3.5.
+
+ <b>X</b> Indicates that the delivery is final. This flag affects
+ the status reported in "success" DSN (delivery status
+ notification) messages, and changes it from "relayed"
+ into "delivered".
+
+ This feature is available as of Postfix 3.5.
+
+<b>SECURITY</b>
+ The SMTP+LMTP client is moderately security-sensitive. It
+ talks to SMTP or LMTP servers and to DNS servers on the
+ network. The SMTP+LMTP client can be run chrooted at fixed
+ low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
+ <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc2782">RFC 2782</a> (SRV resource records)
+ <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+ <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, and of other trouble.
+
+<b>BUGS</b>
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ LMTP connection) is not supported before Postfix 3.4.
+
+ SMTP and LMTP connection reuse assumes that SASL credentials are valid
+ for all destinations that map onto the same IP address and TCP port.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Before Postfix version 2.3, the LMTP client is a separate program that
+ implements only a subset of the functionality available with SMTP:
+ there is no support for TLS, and connections are cached in-process,
+ making it ineffective when the client is used for multiple domains.
+
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
+ eter for the equivalent LMTP feature. This document describes only
+ those LMTP-related parameters that aren't simply "mirror" parameters.
+
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b>
+ Ignore DNS MX lookups that produce no response.
+
+ <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b>
+ Always send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b>
+ Never send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b>
+ Defer mail delivery when no MX record resolves to an IP address.
+
+ <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b>
+ The maximal length of message header and body lines that Postfix
+ will send via SMTP.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
+ How long the Postfix SMTP client pauses before sending
+ ".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
+ "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
+ How long a message must be queued before the Postfix SMTP client
+ turns on the PIX firewall "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug workaround for
+ delivery through firewalls with "smtp fixup" mode turned on.
+
+ <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
+ A list that specifies zero or more workarounds for CISCO PIX
+ firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server address, with
+ per-destination workarounds for CISCO PIX firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+
+ <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
+ A mechanism to transform replies from remote SMTP servers one
+ line at a time.
+
+ <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
+ Skip remote SMTP servers that greet with a 5XX status code.
+
+ <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
+ Do not wait for the response to the SMTP QUIT command.
+
+ Available in Postfix version 2.0 and earlier:
+
+ <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
+ Skip SMTP servers that greet with a 4XX status code (go away,
+ try again later).
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
+ the Internet.
+
+ Available in Postfix version 2.2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
+ certificate verification.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
+ A case insensitive list of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
+
+ Available in Postfix version 2.4.4 and later:
+
+ <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
+ cid's password.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
+
+ <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
+
+ <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
+ Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
+ An optional workaround for routers that break TCP window scal-
+ ing.
+
+ Available in Postfix version 2.8 and later:
+
+ <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
+ DNS Resolver options for the Postfix SMTP client.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
+ sage).
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
+ Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b>
+ Level of DNS support in the Postfix SMTP client.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ delivery status code or explanatory text of successful or unsuc-
+ cessful deliveries.
+
+ <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b>
+ Optional filter for Postfix SMTP client DNS lookup results.
+
+ Available in Postfix version 3.3 and later:
+
+ <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
+ When a remote destination resolves to a combination of IPv4 and
+ IPv6 addresses, ensure that the Postfix SMTP client can try both
+ address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
+ The DNS query type (default: "ns") and DNS query name (default:
+ ".") that Postfix may use to determine whether DNSSEC validation
+ is available.
+
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b>sion=587)</b>
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
+ base.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
+ receiving a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
+ Enables discovery for the specified service(s) using DNS SRV
+ records.
+
+ <b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
+ When SRV record lookup fails, fall back to MX or IP address
+ lookup as if SRV record lookup was not enabled.
+
+ <b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
+ enabled.
+
+<b>MIME PROCESSING CONTROLS</b>
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
+ Disable the conversion of 8BITMIME format to 7BIT format.
+
+ <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
+ The maximal length of MIME multipart boundary strings.
+
+ <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
+ The maximal recursion level that the MIME processor will handle.
+
+<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
+ Send the non-standard XFORWARD command when the Postfix SMTP
+ server EHLO response announces XFORWARD support.
+
+<b>SASL AUTHENTICATION CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
+ Enable SASL authentication in the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
+ domain.
+
+ <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
+ Postfix SMTP client SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL client implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
+ server's list of offered SASL mechanisms.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
+ Enable sender-dependent authentication in the Postfix SMTP
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
+ ferent senders will use the appropriate credentials.
+
+ <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
+ Implementation-specific information that the Postfix SMTP client
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
+ The SASL plug-in type that the Postfix SMTP client should use
+ for authentication.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
+ password.
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ is removed.
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
+ mail as undeliverable.
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
+ Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
+
+<b>STARTTLS SUPPORT CONTROLS</b>
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
+
+ <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
+ The default SMTP TLS security level for the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions.
+
+ <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
+ Time limit for Postfix SMTP client write and read operations
+ during TLS startup and shutdown handshake procedures.
+
+ <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
+ tificates.
+
+ <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
+ Directory with PEM format Certification Authority certificates
+ that the Postfix SMTP client uses to verify a remote SMTP server
+ certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
+ File with the Postfix SMTP client RSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
+ List of ciphers or cipher types to exclude from the Postfix SMTP
+ client cipher list at all TLS security levels.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
+ els.
+
+ <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
+ File with the Postfix SMTP client DSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
+ File with the Postfix SMTP client DSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
+ File with the Postfix SMTP client RSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP client logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
+ Log the hostname of a remote SMTP server that offers STARTTLS,
+ when TLS is not already enabled for that server.
+
+ <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client TLS security
+ policy by next-hop destination; when a non-empty value is speci-
+ fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols that the Postfix SMTP client will use with manda-
+ tory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
+ The verification depth for remote SMTP server certificates.
+
+ <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "secure" TLS security level.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
+
+ <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "verify" TLS security level.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "high" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "medium" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
+
+ Available in in Postfix version 2.3..3.7:
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "low" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "export" or higher grade ciphers.
+
+ Available in Postfix version 2.4 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
+ server certificate.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
+
+ <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
+ The message digest algorithm used to construct remote SMTP
+ server certificate fingerprints.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols that the Postfix SMTP client will use with oppor-
+ tunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with opportunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
+ File with the Postfix SMTP client ECDSA private key in PEM for-
+ mat.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ TLS session.
+
+ Available in Postfix version 2.8 and later:
+
+ <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
+ List or bit-mask of OpenSSL bug work-arounds to disable.
+
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
+ Zero or more PEM-format files with trust-anchor certificates
+ and/or public keys.
+
+ <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
+ Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
+
+ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
+ Request that the Postfix SMTP client connects using the SUBMIS-
+ SIONS/SMTPS protocol instead of using the STARTTLS command.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
+ was found via an "insecure" MX lookup.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
+ The prioritized list of elliptic curves supported by the Postfix
+ SMTP client and server.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
+ Try to make multiple deliveries per TLS-encrypted connection.
+
+ <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
+ Optional name to send to the remote SMTP server in the TLS
+ Server Name Indication (SNI) extension.
+
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shut-
+ ting down a TLS session, until Postfix times out.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
+ The prioritized list of finite-field Diffie-Hellman ephemeral
+ (FFDHE) key exchange groups supported by the Postfix SMTP client
+ and server.
+
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+
+ <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
+ Optional configuration file with baseline OpenSSL settings.
+
+ <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
+ The application name passed by Postfix to OpenSSL library ini-
+ tialization functions.
+
+<b>OBSOLETE STARTTLS CONTROLS</b>
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
+
+ <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
+ Opportunistic mode: use TLS when a remote SMTP server announces
+ STARTTLS support, otherwise send the mail in the clear.
+
+ <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
+ Enforcement mode: require that remote SMTP servers use TLS
+ encryption, and never send mail in the clear.
+
+ <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
+ server certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
+ name.
+
+ <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
+ cipher list.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
+ The Postfix SMTP client time limit for completing a TCP connec-
+ tion, or zero (use the operating system built-in time limit).
+
+ <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
+ response.
+
+ <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
+ The Postfix LMTP client time limit for sending the LHLO command,
+ and for receiving the initial remote LMTP server response.
+
+ <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the XFORWARD com-
+ mand, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the MAIL FROM
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
+ The Postfix SMTP client time limit for sending the SMTP DATA
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
+ The Postfix SMTP client time limit for sending the SMTP message
+ content.
+
+ <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
+ The Postfix SMTP client time limit for sending the SMTP ".", and
+ for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the QUIT command,
+ and for receiving the remote SMTP server response.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
+ (no limit).
+
+ <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
+ <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
+
+ <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
+ The Postfix SMTP client time limit for sending the RSET command,
+ and for receiving the remote SMTP server response.
+
+ Available in Postfix version 2.2 and earlier:
+
+ <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
+ Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ seconds.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
+ Permanently enable SMTP connection caching for the specified
+ destinations.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
+ Temporarily enable SMTP connection caching while a destination
+ has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
+ The amount of time during which Postfix will use an SMTP connec-
+ tion repeatedly.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
+ When SMTP connection caching is enabled, the amount of time that
+ an unused SMTP client socket is kept open before it is closed.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
+ Time limit for connection cache connect, send or receive opera-
+ tions.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
+ sage).
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
+ (no limit).
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
+ Try to make multiple deliveries per TLS-encrypted connection.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
+ receiving a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
+
+ Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+ <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
+ Where the Postfix SMTP client should deliver mail when it
+ detects a "mail loops back to myself" error condition.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
+ Disable DNS lookups in the Postfix SMTP and LMTP clients.
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The local network interface addresses that this mail system
+ receives mail on.
+
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
+ ery status notifications instead of "relayed".
+
+ <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
+ The default TCP port that the Postfix LMTP client connects to.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
+ tion unit.
+
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
+ The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
+ client will try first, when a destination has IPv6 and IPv4
+ addresses with equal MX preference.
+
+ <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv4 connection.
+
+ <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv6 connection.
+
+ <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the SMTP HELO or EHLO command.
+
+ <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the LMTP LHLO command.
+
+ <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
+ What mechanisms the Postfix SMTP client uses to look up a host's
+ IP address.
+
+ <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
+ Randomize the order of equal-preference MX host addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available with Postfix 2.2 and earlier:
+
+ <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
+
+ Available with Postfix 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
+ non-permanent error.
+
+ Available with Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
+ In the context of email address verification, the SMTP protocol
+ stage that determines whether an email address is deliverable.
+
+ Available with Postfix 3.1 and later:
+
+ <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b>
+ Optional list of relay hosts for LMTP destinations that can't be
+ found or that are unreachable.
+
+ Available with Postfix 3.2 and later:
+
+ <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
+ The default TCP port that the Postfix SMTP client connects to.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
+ Defer delivery when the Postfix SMTP client cannot apply the
+ <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
+
+<b>SEE ALSO</b>
+ <a href="generic.5.html">generic(5)</a>, output address rewriting
+ <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
+ <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="scache.8.html">scache(8)</a>, connection cache server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
+ <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ Command pipelining in cooperation with:
+ Jon Ribbens
+ Oaktree Internet Solutions Ltd.,
+ Internet House,
+ Canal Basin,
+ Coventry,
+ CV1 4LY, United Kingdom.
+
+ SASL support originally by:
+ Till Franke
+ SuSE Rhein/Main AG
+ 65760 Eschborn, Germany
+
+ TLS support originally by:
+ Lutz Jaenicke
+ BTU Cottbus
+ Allgemeine Elektrotechnik
+ Universitaetsplatz 3-4
+ D-03044 Cottbus, Germany
+
+ Revised TLS and SMTP connection cache support by:
+ Victor Duchovni
+ Morgan Stanley
+
+ SMTP(8)
+</pre> </body> </html>
diff --git a/html/local.8.html b/html/local.8.html
new file mode 100644
index 0000000..fce3d04
--- /dev/null
+++ b/html/local.8.html
@@ -0,0 +1,630 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - local(8) </title>
+</head> <body> <pre>
+LOCAL(8) LOCAL(8)
+
+<b>NAME</b>
+ local - Postfix local mail delivery
+
+<b>SYNOPSIS</b>
+ <b>local</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon processes delivery requests from the Postfix queue
+ manager to deliver mail to local recipients. Each delivery request
+ specifies a queue file, a sender address, a domain or host to deliver
+ to, and one or more recipients. This program expects to be run from
+ the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon updates queue files and marks recipients as fin-
+ ished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+<b>CASE FOLDING</b>
+ All delivery decisions are made using the bare recipient name (i.e. the
+ address localpart), folded to lower case. See also under ADDRESS
+ EXTENSION below for a few exceptions.
+
+<b>SYSTEM-WIDE AND USER-LEVEL ALIASING</b>
+ The system administrator can set up one or more system-wide <b>send-</b>
+ <b>mail</b>-style alias databases. Users can have <b>sendmail</b>-style ~/.<b>forward</b>
+ files. Mail for <i>name</i> is delivered to the alias <i>name</i>, to destinations
+ in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the user <i>name</i>, or it is sent
+ back as undeliverable.
+
+ The system administrator can specify a comma/space separated list of
+ ~/.<b>forward</b> like files through the <b><a href="postconf.5.html#forward_path">forward_path</a></b> configuration parameter.
+ Upon delivery, the local delivery agent tries each pathname in the list
+ until a file is found.
+
+ Delivery via ~/.<b>forward</b> files is done with the privileges of the recip-
+ ient. Thus, ~/.<b>forward</b> like files must be readable by the recipient,
+ and their parent directory needs to have "execute" permission for the
+ recipient.
+
+ The <b><a href="postconf.5.html#forward_path">forward_path</a></b> parameter is subject to interpolation of <b>$user</b> (recip-
+ ient username), <b>$home</b> (recipient home directory), <b>$shell</b> (recipient
+ shell), <b>$recipient</b> (complete recipient address), <b>$extension</b> (recipient
+ address extension), <b>$domain</b> (recipient domain), <b>$local</b> (entire recipi-
+ ent address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b> The forms
+ <i>${name?value}</i> and <i>${name?{value}}</i> (Postfix 3.0 and later) expand condi-
+ tionally to <i>value</i> when <i>$name</i> is defined, and the forms <i>${name:value}</i>
+ <i>${name:{value}}</i> (Postfix 3.0 and later) expand conditionally to <i>value</i>
+ when <i>$name</i> is not defined. The form <i>${name?{value1}:{value2}}</i> (Postfix
+ 3.0 and later) expands conditionally to <i>value1</i> when <i>$name</i> is defined,
+ or <i>value2</i> otherwise. Characters that may have special meaning to the
+ shell or file system are replaced with underscores. The list of accept-
+ able characters is specified with the <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a></b> configu-
+ ration parameter.
+
+ An alias or ~/.<b>forward</b> file may list any combination of external com-
+ mands, destination file names, <b>:include:</b> directives, or mail addresses.
+ See <a href="aliases.5.html"><b>aliases</b>(5)</a> for a precise description. Each line in a user's .<b>for-</b>
+ <b>ward</b> file has the same syntax as the right-hand part of an alias.
+
+ When an address is found in its own alias expansion, delivery is made
+ to the user instead. When a user is listed in the user's own ~/.<b>forward</b>
+ file, delivery is made to the user's mailbox instead. An empty ~/.<b>for-</b>
+ <b>ward</b> file means do not forward mail.
+
+ In order to prevent the mail system from using up unreasonable amounts
+ of memory, input records read from <b>:include:</b> or from ~/.<b>forward</b> files
+ are broken up into chunks of length <b><a href="postconf.5.html#line_length_limit">line_length_limit</a></b>.
+
+ While expanding aliases, ~/.<b>forward</b> files, and so on, the program
+ attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con-
+ figuration parameter limits the number of remembered recipients.
+
+<b>MAIL FORWARDING</b>
+ For the sake of reliability, forwarded mail is re-submitted as a new
+ message, so that each recipient has a separate on-file delivery status
+ record.
+
+ In order to stop mail forwarding loops early, the software adds an
+ optional <b>Delivered-To:</b> header with the final envelope recipient
+ address. If mail arrives for a recipient that is already listed in a
+ <b>Delivered-To:</b> header, the message is bounced.
+
+<b>MAILBOX DELIVERY</b>
+ The default per-user mailbox is a file in the UNIX mail spool directory
+ (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>); the location can be specified
+ with the <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a></b> configuration parameter. Specify a name
+ ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ Alternatively, the per-user mailbox can be a file in the user's home
+ directory with a name specified via the <b><a href="postconf.5.html#home_mailbox">home_mailbox</a></b> configuration
+ parameter. Specify a relative path name. Specify a name ending in <b>/</b> for
+ <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ Mailbox delivery can be delegated to an external command specified with
+ the <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a></b> and <b><a href="postconf.5.html#mailbox_command">mailbox_command</a></b> configuration parameters.
+ The command executes with the privileges of the recipient user (excep-
+ tions: secondary groups are not enabled; in case of delivery as root,
+ the command executes with the privileges of <b><a href="postconf.5.html#default_privs">default_privs</a></b>).
+
+ Mailbox delivery can be delegated to alternative message transports
+ specified in the <a href="master.5.html"><b>master.cf</b></a> file. The <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a></b> and <b><a href="postconf.5.html#mailbox_transport">mail</a>-</b>
+ <b><a href="postconf.5.html#mailbox_transport">box_transport</a></b> configuration parameters specify an optional message
+ transport that is to be used for all local recipients, regardless of
+ whether they are found in the UNIX passwd database. The <b><a href="postconf.5.html#fallback_transport_maps">fall</a>-</b>
+ <b><a href="postconf.5.html#fallback_transport_maps">back_transport_maps</a></b> and <b><a href="postconf.5.html#fallback_transport">fallback_transport</a></b> parameters specify an
+ optional message transport for recipients that are not found in the
+ <a href="aliases.5.html">aliases(5)</a> or UNIX passwd database.
+
+ In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
+ prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
+ envelope recipient address, prepends a <b>Return-Path:</b> header with the
+ envelope sender address, prepends a &gt; character to lines beginning with
+ "<b>From</b> ", and appends an empty line. The mailbox is locked for exclu-
+ sive access while delivery is in progress. In case of problems, an
+ attempt is made to truncate the mailbox to its original length.
+
+ In the case of <b>maildir</b> delivery, the local daemon prepends an optional
+ <b>Delivered-To:</b> header with the final envelope recipient address,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, and prepends a <b>Return-Path:</b> header with the envelope sender
+ address.
+
+<b>EXTERNAL COMMAND DELIVERY</b>
+ The <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> configuration parameter restricts delivery
+ to external commands. The default setting (<b>alias, forward</b>) forbids com-
+ mand destinations in <b>:include:</b> files.
+
+ Optionally, the process working directory is changed to the path speci-
+ fied with <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> (Postfix 2.2 and later). Failure
+ to change directory causes mail to be deferred.
+
+ The <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> parameter value is subject to interpo-
+ lation of <b>$user</b> (recipient username), <b>$home</b> (recipient home directory),
+ <b>$shell</b> (recipient shell), <b>$recipient</b> (complete recipient address),
+ <b>$extension</b> (recipient address extension), <b>$domain</b> (recipient domain),
+ <b>$local</b> (entire recipient address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b>
+ The forms <i>${name?value}</i> and <i>${name?{value}}</i> (Postfix 3.0 and later)
+ expand conditionally to <i>value</i> when <i>$name</i> is defined, and the forms
+ <i>${name:value}</i> and <i>${name:{value}}</i> (Postfix 3.0 and later) expand condi-
+ tionally to <i>value</i> when <i>$name</i> is not defined. The form
+ <i>${name?{value1}:{value2}}</i> (Postfix 3.0 and later) expands conditionally
+ to <i>value1</i> when <i>$name</i> is defined, or <i>value2</i> otherwise. Characters that
+ may have special meaning to the shell or file system are replaced with
+ underscores. The list of acceptable characters is specified with the
+ <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a></b> configuration parameter.
+
+ The command is executed directly where possible. Assistance by the
+ shell (<b>/bin/sh</b> on UNIX systems) is used only when the command contains
+ shell magic characters, or when the command invokes a shell built-in
+ command.
+
+ A limited amount of command output (standard output and standard error)
+ is captured for inclusion with non-delivery status reports. A command
+ is forcibly terminated if it does not complete within <b>com-</b>
+ <b>mand_time_limit</b> seconds. Command exit status codes are expected to
+ follow the conventions defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means
+ normal successful completion.
+
+ Postfix version 2.3 and later support <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-style enhanced status
+ codes. If a command terminates with a non-zero exit status, and the
+ command output begins with an enhanced status code, this status code
+ takes precedence over the non-zero exit status.
+
+ A limited amount of message context is exported via environment vari-
+ ables. Characters that may have special meaning to the shell are
+ replaced with underscores. The list of acceptable characters is speci-
+ fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
+
+ <b>SHELL</b> The recipient user's login shell.
+
+ <b>HOME</b> The recipient user's home directory.
+
+ <b>USER</b> The bare recipient name.
+
+ <b>EXTENSION</b>
+ The optional recipient address extension.
+
+ <b>DOMAIN</b> The recipient address domain part.
+
+ <b>LOGNAME</b>
+ The bare recipient name.
+
+ <b>LOCAL</b> The entire recipient address localpart (text to the left of the
+ rightmost @ character).
+
+ <b>ORIGINAL_RECIPIENT</b>
+ The entire recipient address, before any address rewriting or
+ aliasing (Postfix 2.5 and later).
+
+ <b>RECIPIENT</b>
+ The entire recipient address.
+
+ <b>SENDER</b> The entire sender address.
+
+ Additional remote client information is made available via the follow-
+ ing environment variables:
+
+ <b>CLIENT_ADDRESS</b>
+ Remote client network address. Available as of Postfix 2.2.
+
+ <b>CLIENT_HELO</b>
+ Remote client EHLO command parameter. Available as of Postfix
+ 2.2.
+
+ <b>CLIENT_HOSTNAME</b>
+ Remote client hostname. Available as of Postfix 2.2.
+
+ <b>CLIENT_PROTOCOL</b>
+ Remote client protocol. Available as of Postfix 2.2.
+
+ <b>SASL_METHOD</b>
+ SASL authentication method specified in the remote client AUTH
+ command. Available as of Postfix 2.2.
+
+ <b>SASL_SENDER</b>
+ SASL sender address specified in the remote client MAIL FROM
+ command. Available as of Postfix 2.2.
+
+ <b>SASL_USERNAME</b>
+ SASL username specified in the remote client AUTH command.
+ Available as of Postfix 2.2.
+
+ The <b>PATH</b> environment variable is always reset to a system-dependent
+ default path, and environment variables whose names are blessed by the
+ <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration parameter are exported unchanged.
+
+ The current working directory is the mail queue directory.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
+ to each message, prepends an <b>X-Original-To:</b> header with the recipient
+ address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
+ with the final recipient envelope address, prepends a <b>Return-Path:</b>
+ header with the sender envelope address, and appends no empty line.
+
+<b>EXTERNAL FILE DELIVERY</b>
+ The delivery format depends on the destination filename syntax. The
+ default is to use UNIX-style mailbox format. Specify a name ending in
+ <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
+ external files. The default setting (<b>alias, forward</b>) forbids file des-
+ tinations in <b>:include:</b> files.
+
+ In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
+ prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
+ recipient envelope address, prepends a &gt; character to lines beginning
+ with "<b>From</b> ", and appends an empty line. The envelope sender address
+ is available in the <b>Return-Path:</b> header. When the destination is a
+ regular file, it is locked for exclusive access while delivery is in
+ progress. In case of problems, an attempt is made to truncate a regular
+ file to its original length.
+
+ In the case of <b>maildir</b> delivery, the local daemon prepends an optional
+ <b>Delivered-To:</b> header with the final envelope recipient address, and
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix. The envelope sender address is available in the
+ <b>Return-Path:</b> header.
+
+<b>ADDRESS EXTENSION</b>
+ The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
+ to separate address extensions from local recipient names.
+
+ For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
+ delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
+ tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
+ owned by the user <i>name</i>, or it is sent back as undeliverable.
+
+<b>DELIVERY RIGHTS</b>
+ Deliveries to external files and external commands are made with the
+ rights of the receiving user on whose behalf the delivery is made. In
+ the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
+ rights of the <b>:include:</b> file or alias database. When those files are
+ owned by the superuser, delivery is made with the rights specified with
+ the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue afterwards.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>SECURITY</b>
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
+ private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
+ ent and deliver to recipient-specified files or commands. It is there-
+ fore security sensitive.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
+ directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
+ terminate with a fatal error.
+
+<b>BUGS</b>
+ For security reasons, the message delivery status of external commands
+ or of external files is never checkpointed to file. As a result, the
+ program may occasionally deliver more than once to a command or exter-
+ nal file. Better safe than sorry.
+
+ Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
+ The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
+ <b>ered-To:</b> message header.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#biff">biff</a> (yes)</b>
+ Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
+
+ <b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
+ When delivering to an alias "<i>aliasname</i>" that has an
+ "owner-<i>aliasname</i>" companion alias, set the envelope sender
+ address to the expansion of the "owner-<i>aliasname</i>" alias.
+
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
+
+ <b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
+ Obsolete SUN mailtool compatibility feature.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
+ Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
+ address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
+ of a delivery attempt; do not update the Delivered-To: address
+ while expanding aliases or .forward files.
+
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
+
+ <b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a> (no)</b>
+ Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
+ attribute, when delivering mail to a child alias that does not
+ have its own owner alias.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
+ Optional filter for the <a href="local.8.html"><b>local</b>(8)</a> delivery agent to change the
+ status code or explanatory text of successful or unsuccessful
+ deliveries.
+
+<b>DELIVERY METHOD CONTROLS</b>
+ The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
+ aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+ <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
+ <a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
+
+ <b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
+ The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a> delivery.
+
+ <b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
+ file with user-specified delivery methods.
+
+ <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
+ Optional lookup tables with per-recipient message delivery
+ transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
+ the recipients are found in the UNIX passwd database.
+
+ <b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent should use for mailbox delivery to all local recipients,
+ whether or not they are found in the UNIX passwd database.
+
+ <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
+ Optional lookup tables with per-recipient external commands to
+ use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
+
+ <b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
+ Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
+ should use for mailbox delivery.
+
+ <b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
+ Optional pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
+ user's home directory.
+
+ <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
+ The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes are kept.
+
+ <b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
+ Optional lookup tables with per-recipient message delivery
+ transports for recipients that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent could
+ not find in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
+
+ <b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
+ or UNIX password database.
+
+ <b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
+ Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
+ external commands.
+
+<b>MAILBOX LOCKING CONTROLS</b>
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
+
+ <b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
+ delivery.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#command_time_limit">command_time_limit</a> (1000s)</b>
+ Time limit for delivery to external commands.
+
+ <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
+
+ <b><a href="postconf.5.html#mailbox_size_limit">mailbox_size_limit</a> (51200000)</b>
+ The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
+ file, or zero (no limit).
+
+ Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
+
+ <b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
+ The maximal number of parallel deliveries via the local mail
+ delivery transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
+ deliveries to the same local domain (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> &gt; 1").
+
+ <b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
+ The maximal number of recipients per message delivery via the
+ local mail delivery transport.
+
+<b>SECURITY CONTROLS</b>
+ <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
+
+ <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
+
+ <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
+ <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
+
+ <b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
+ The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
+ delivery to an external file or command.
+
+ <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d' output)</b>
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
+
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
+ Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to non-Postfix com-
+ mands.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
+ The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
+ ery agent prepends a Delivered-To: message header with the
+ address that the mail was delivered to.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+ <b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
+ Require that a <a href="local.8.html"><b>local</b>(8)</a> recipient's home directory exists before
+ mail delivery is attempted.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 3.3 and later:
+
+ <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
+ aliasing or with canonical mapping).
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>FILES</b>
+ The following are examples; details differ between systems.
+ $HOME/.forward, per-user aliasing
+ /etc/aliases, system-wide alias database
+ /var/spool/mail, system mailboxes
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="newaliases.1.html">newaliases(1)</a>, create/update alias database
+ <a href="postalias.1.html">postalias(1)</a>, create/update alias database
+ <a href="aliases.5.html">aliases(5)</a>, format of alias database
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
+ Bernstein.
+
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ LOCAL(8)
+</pre> </body> </html>
diff --git a/html/mailq.1.html b/html/mailq.1.html
new file mode 100644
index 0000000..bebc17b
--- /dev/null
+++ b/html/mailq.1.html
@@ -0,0 +1,523 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - sendmail(1) </title>
+</head> <body> <pre>
+SENDMAIL(1) SENDMAIL(1)
+
+<b>NAME</b>
+ sendmail - Postfix to Sendmail compatibility interface
+
+<b>SYNOPSIS</b>
+ <b>sendmail</b> [<i>option ...</i>] [<i>recipient ...</i>]
+
+ <b>mailq</b>
+ <b>sendmail -bp</b>
+
+ <b>newaliases</b>
+ <b>sendmail -I</b>
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
+
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
+
+ Specific command aliases are provided for other common modes of opera-
+ tion:
+
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
+
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
+
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
+
+ <b>#</b> The message is forced to expire. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ options <b>-e</b> or <b>-f</b>.
+
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ <b>newaliases</b>
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ The following options are recognized:
+
+ <b>-Am</b> (ignored)
+
+ <b>-Ac</b> (ignored)
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
+
+ <b>-B</b> <i>body</i><b>_</b><i>type</i>
+ The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
+
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
+
+ <b>-bh</b> (ignored)
+
+ <b>-bH</b> (ignored)
+ Postfix has no persistent host status database.
+
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
+
+ <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
+
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
+
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
+
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
+
+ This feature is available in Postfix version 2.1 and later.
+
+ <b>-C</b> <i>config</i><b>_</b><i>file</i>
+
+ <b>-C</b> <i>config</i><b>_</b><i>dir</i>
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
+
+ With Postfix version 3.2 and later, a non-default directory must
+ be authorized in the default <a href="postconf.5.html"><b>main.cf</b></a> file, through the alter-
+ nate_config_directories or <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parame-
+ ters.
+
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
+
+ <b>-F</b> <i>full</i><b>_</b><i>name</i>
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
+
+ <b>-f</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
+
+ This option is ignored before Postfix version 2.3.
+
+ <b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
+
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-L</b> <i>label</i> (ignored)
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
+
+ <b>-m</b> (ignored)
+ Backwards compatibility.
+
+ <b>-N</b> <i>dsn</i> (default: 'delay, failure')
+ Delivery status notification control. Specify either a
+ comma-separated list with one or more of <b>failure</b> (send notifica-
+ tion when delivery fails), <b>delay</b> (send notification when deliv-
+ ery is delayed), or <b>success</b> (send notification when the message
+ is delivered); or specify <b>never</b> (don't send any notifications at
+ all).
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-n</b> (ignored)
+ Backwards compatibility.
+
+ <b>-oA</b><i>alias</i><b>_</b><i>database</i>
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+
+ <b>-O</b> <i>option=value</i> (ignored)
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-o7</b> (ignored)
+
+ <b>-o8</b> (ignored)
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
+
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-om</b> (ignored)
+ The sender is never eliminated from alias etc. expansions.
+
+ <b>-o</b> <i>x value</i> (ignored)
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-r</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-R</b> <i>return</i>
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
+
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
+
+ This option is ignored before Postfix version 2.10.
+
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
+
+ <b>-q</b><i>interval</i> (ignored)
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
+
+ <b>-qI</b><i>queueid</i>
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
+
+ <b>-qR</b><i>site</i>
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
+
+ <b>-qS</b><i>site</i>
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
+
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
+
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
+
+ <b>-U</b> (ignored)
+ Initial user submission.
+
+ <b>-V</b> <i>envid</i>
+ Specify the envelope ID for notification by servers that support
+ DSN.
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
+
+ By default, the personalized envelope sender address is
+ <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> charac-
+ ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+ ration parameter.
+
+ <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
+
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
+
+ <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
+
+<b>SECURITY</b>
+ By design, this program is not set-user (or group) id. It is prepared
+ to handle message content from untrusted, possibly remote, users.
+
+ However, like most Postfix programs, this program does not enforce a
+ security policy on its command-line arguments. Instead, it relies on
+ the UNIX system to enforce access policies based on the effective user
+ and group IDs of the process. Concretely, this means that running Post-
+ fix commands as root (from sudo or equivalent) on behalf of a non-root
+ user is likely to create privilege escalation opportunities.
+
+ If an application runs any Postfix programs on behalf of users that do
+ not have normal shell access to Postfix commands, then that application
+ MUST restrict user-specified command-line arguments to avoid privilege
+ escalation.
+
+ <b>o</b> Filter all command-line arguments, for example arguments that
+ contain a pathname or that specify a database access method.
+ These pathname checks must reject user-controlled symlinks or
+ hardlinks to sensitive files, and must not be vulnerable to TOC-
+ TOU race attacks.
+
+ <b>o</b> Disable command options processing for all command arguments
+ that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
+
+ <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
+
+ Here, the "<b>--</b>" disables command option processing for all
+ <i>user-arguments</i> that follow.
+
+ Without the "<b>--</b>", a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying an email address that
+ starts with "<b>-</b>".
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b> (value does not matter)
+ Enable verbose logging for debugging purposes.
+
+ <b>MAIL_DEBUG</b> (value does not matter)
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
+
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ Available with Postfix 2.9 and later:
+
+ <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
+ Controls how the Postfix sendmail command converts email message
+ line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ system.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+<b>ACCESS CONTROLS</b>
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to flush the queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to view the queue.
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
+
+<b>FAST FLUSH CONTROLS</b>
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
+
+<b>VERP CONTROLS</b>
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Postfix 3.2 and later:
+
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ MAIL_CONFIG environment parameter.
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+ /etc/postfix, configuration files
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, mail pickup daemon
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="postsuper.1.html">postsuper(1)</a>, queue maintenance
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, mail system control
+ <a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SENDMAIL(1)
+</pre> </body> </html>
diff --git a/html/makedefs.1.html b/html/makedefs.1.html
new file mode 100644
index 0000000..7202a8d
--- /dev/null
+++ b/html/makedefs.1.html
@@ -0,0 +1,219 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - makedefs(1) </title>
+</head> <body> <pre>
+MAKEDEFS(1) MAKEDEFS(1)
+
+<b>NAME</b>
+ makedefs - Postfix makefile configuration utility
+
+<b>SYNOPSIS</b>
+ <b>make makefiles</b> <i>name=value...</i>
+
+<b>DESCRIPTION</b>
+ The <b>makedefs</b> command identifies the compilation environment, and emits
+ macro definitions on the standard output stream that can be prepended
+ to template Makefiles. These macros implement an internal interface
+ and are subject to change without notice.
+
+<b>NAME=VALUE OVERRIDES</b>
+ Default settings can be overruled by specifying them as environment
+ variables (or as name=value pairs on the "make" command line). Use
+ quotes if variables contain whitespace or shell meta characters.
+
+ The command "<b>make makefiles name=value...</b>" will replace the string
+ <b>MAIL_VERSION</b> at the end of a value with the Postfix version
+ (<i>major.minor.patchlevel</i> for a stable release, <i>major.minor-date</i> for a
+ development release). Do not try to specify something like <b>$<a href="postconf.5.html#mail_version">mail_ver</a>-</b>
+ <b><a href="postconf.5.html#mail_version">sion</a></b>: that produces inconsistent results with different implementations
+ of the make(1) command.
+
+ <b>AUXLIBS=</b><i>object</i><b>_</b><i>library...</i>
+ Specifies one or more non-default object libraries. Postfix 3.0
+ and later specify some of their database library dependencies
+ with <a href="CDB_README.html">AUXLIBS_CDB</a>, <a href="LDAP_README.html">AUXLIBS_LDAP</a>, <a href="LMDB_README.html">AUXLIBS_LMDB</a>, <a href="MYSQL_README.html">AUXLIBS_MYSQL</a>,
+ <a href="PCRE_README.html">AUXLIBS_PCRE</a>, <a href="PGSQL_README.html">AUXLIBS_PGSQL</a>, AUXLIBS_SDBM, and <a href="SQLITE_README.html">AUXLIBS_SQLITE</a>,
+ respectively.
+
+ <b>CC=</b><i>compiler</i><b>_</b><i>command</i>
+ Specifies a non-default compiler. On many systems, the default
+ is <b>gcc</b>.
+
+ <b>CCARGS=</b><i>compiler</i><b>_</b><i>arguments</i>
+ Specifies non-default compiler arguments, for example, a
+ non-default <i>include</i> directory. The following directives are
+ special:
+
+ <b>-DNO_DB</b>
+ Do not build with Berkeley DB support.
+
+ <b>-DNO_DEVPOLL</b>
+ Do not build with Solaris /dev/poll support. By default,
+ /dev/poll support is compiled in on platforms that are
+ known to support it.
+
+ <b>-DNO_DNSSEC</b>
+ Do not build with DNSSEC support, even if the resolver
+ library appears to support it.
+
+ <b>-DNO_EPOLL</b>
+ Do not build with Linux EPOLL support. By default, EPOLL
+ support is compiled in on platforms that are known to
+ support it.
+
+ <b>-DNO_EAI</b>
+ Do not build with EAI (SMTPUTF8) support. By default, EAI
+ support is compiled in when the "pkg-config" command is
+ found, or the deprecated "icu-config" command.
+
+ <b>-DNO_INLINE</b>
+ Do not require support for C99 "inline" functions.
+ Instead, implement argument typechecks for
+ non-(printf/scanf)-like functions with ternary operators
+ and unreachable code.
+
+ <b>-DNO_IPV6</b>
+ Do not build with IPv6 support. By default, IPv6 support
+ is compiled in on platforms that are known to have IPv6
+ support.
+
+ Note: this directive is for debugging and testing only.
+ It is not guaranteed to work on all platforms. If you
+ don't want IPv6 support, set "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" in
+ <a href="postconf.5.html">main.cf</a>.
+
+ <b>-DNO_IP_CYRUS_SASL_AUTH</b>
+ Don't pass remote SMTP client and Postfix SMTP server IP
+ address and port information to the Cyrus SASL library.
+ This is compatible with Postfix &lt; 3.2.
+
+ <b>-DNO_KQUEUE</b>
+ Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE
+ support. By default, KQUEUE support is compiled in on
+ platforms that are known to support it.
+
+ <b>-DNO_NIS</b>
+ Do not build with NIS or NISPLUS support. Support for NIS
+ is unavailable on some recent Linux distributions.
+
+ <b>-DNO_NISPLUS</b>
+ Do not build with NISPLUS support. Support for NISPLUS is
+ unavailable on some recent Solaris distributions.
+
+ <b>-DNO_PCRE</b>
+ Do not build with PCRE support. By default, PCRE support
+ is compiled in when the <b>pcre2-config</b> or <b>pcre-config</b> util-
+ ity are installed.
+
+ <b>-DNO_POSIX_GETPW_R</b>
+ Disable support for POSIX getpwnam_r/getpwuid_r.
+
+ <b>-DNO_RES_NCALLS</b>
+ Do not build with the threadsafe resolver(5) API
+ (res_ninit() etc.).
+
+ <b>-DNO_SIGSETJMP</b>
+ Use setjmp()/longjmp() instead of sigsetjmp()/sig-
+ longjmp(). By default, Postfix uses sigsetjmp()/sig-
+ longjmp() when they appear to work.
+
+ <b>-DNO_SNPRINTF</b>
+ Use sprintf() instead of snprintf(). By default, Postfix
+ uses snprintf() except on ancient systems.
+
+ <b>DEBUG=</b><i>debug</i><b>_</b><i>level</i>
+ Specifies a non-default debugging level. The default is <b>-g</b>.
+ Specify <b>DEBUG=</b> to turn off debugging.
+
+ <b>OPT=</b><i>optimization</i><b>_</b><i>level</i>
+ Specifies a non-default optimization level. The default is <b>-O</b>.
+ Specify <b>OPT=</b> to turn off optimization.
+
+ <b>POSTFIX_INSTALL_OPTS=</b><i>-option...</i>
+ Specifies options for the postfix-install command, separated by
+ whitespace. Currently, the only supported option is
+ <b>-keep-build-mtime</b>.
+
+ <b>SHLIB_CFLAGS=</b><i>flags</i>
+ Override the compiler flags (typically, "-fPIC") for Postfix
+ dynamically-linked libraries and database plugins.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>SHLIB_RPATH=</b><i>rpath</i>
+ Override the runpath (typically, "'-Wl,-rpath,${SHLIB_DIR}'")
+ for Postfix dynamically-linked libraries.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>SHLIB_SUFFIX=</b><i>suffix</i>
+ Override the filename suffix (typically, ".so") for Postfix
+ dynamically-linked libraries and database plugins.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>shared=yes</b>
+
+ <b>shared=no</b>
+ Enable (disable) Postfix builds with dynamically-linked
+ libraries typically named $<a href="postconf.5.html#shlib_directory">shlib_directory</a>/libpostfix-*.so.*.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>dynamicmaps=yes</b>
+
+ <b>dynamicmaps=no</b>
+ Enable (disable) Postfix builds with the configuration file
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/dynamicmaps.cf and dynamically-loadable database
+ plugins typically named postfix-*.so.*. The setting "dynam-
+ icmaps=yes" implicitly enables Postfix dynamically-linked
+ libraries.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>pie=yes</b>
+
+ <b>pie=no</b> Enable (disable) Postfix builds with position-independent exe-
+ cutables, on platforms where this is supported.
+
+ This feature was introduced with Postfix 3.0.
+
+ <i>installation</i><b>_</b><i>parameter</i><b>=</b><i>value</i>...
+ Override the compiled-in default value of the specified instal-
+ lation parameter(s). The following parameters are supported in
+ this context:
+
+ <a href="postconf.5.html#command_directory">command_directory</a> <a href="postconf.5.html#config_directory">config_directory</a> <a href="postconf.5.html#daemon_directory">daemon_directory</a> <a href="postconf.5.html#data_directory">data_direc</a>-
+ <a href="postconf.5.html#data_directory">tory</a> <a href="postconf.5.html#default_database_type">default_database_type</a> <a href="postconf.5.html#html_directory">html_directory</a> <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>
+ <a href="postconf.5.html#mailq_path">mailq_path</a> <a href="postconf.5.html#manpage_directory">manpage_directory</a> <a href="postconf.5.html#meta_directory">meta_directory</a> <a href="postconf.5.html#newaliases_path">newaliases_path</a>
+ <a href="postconf.5.html#queue_directory">queue_directory</a> <a href="postconf.5.html#readme_directory">readme_directory</a> <a href="postconf.5.html#sendmail_path">sendmail_path</a> <a href="postconf.5.html#shlib_directory">shlib_directory</a>
+ <a href="postconf.5.html#openssl_path">openssl_path</a>
+
+ See the <a href="postconf.5.html">postconf(5)</a> manpage for a description of these parame-
+ ters.
+
+ This feature was introduced with Postfix 3.0.
+
+ <b>WARN=</b><i>warning</i><b>_</b><i>flags</i>
+ Specifies non-default gcc compiler warning options for use when
+ "make" is invoked in a source subdirectory only.
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ MAKEDEFS(1)
+</pre> </body> </html>
diff --git a/html/master.5.html b/html/master.5.html
new file mode 100644
index 0000000..04a0c42
--- /dev/null
+++ b/html/master.5.html
@@ -0,0 +1,262 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - master(5) </title>
+</head> <body> <pre>
+MASTER(5) MASTER(5)
+
+<b>NAME</b>
+ master - Postfix master process configuration file format
+
+<b>DESCRIPTION</b>
+ The Postfix mail system is implemented by small number of (mostly)
+ client commands that are invoked by users, and by a larger number of
+ services that run in the background.
+
+ Postfix services are implemented by daemon processes. These run in the
+ background, started on-demand by the <a href="master.8.html"><b>master</b>(8)</a> process. The <a href="master.5.html">master.cf</a>
+ configuration file defines how a client program connects to a service,
+ and what daemon program runs when a service is requested. Most daemon
+ processes are short-lived and terminate voluntarily after serving
+ <b><a href="postconf.5.html#max_use">max_use</a></b> clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b> or more units of
+ time.
+
+ All daemons specified here must speak a Postfix-internal protocol. In
+ order to execute non-Postfix software use the <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a> or
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> services, or execute the software with <b>inetd</b>(8) or equivalent.
+
+ After changing <a href="master.5.html">master.cf</a> you must execute "<b>postfix reload</b>" to reload
+ the configuration.
+
+<b>SYNTAX</b>
+ The general format of the <a href="master.5.html">master.cf</a> file is as follows:
+
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ <b>o</b> Each logical line defines a single Postfix service. Each ser-
+ vice is identified by its name and type as described below.
+ When multiple lines specify the same service name and type, only
+ the last one is remembered. Otherwise, the order of <a href="master.5.html">master.cf</a>
+ service definitions does not matter.
+
+ Each logical line consists of eight fields separated by whitespace.
+ These are described below in the order as they appear in the <a href="master.5.html">master.cf</a>
+ file.
+
+ Where applicable a field of "-" requests that the built-in default
+ value be used. For boolean fields specify "y" or "n" to override the
+ default value.
+
+ <b>Service name</b>
+ The service name syntax depends on the service type as described
+ next.
+
+ <b>Service type</b>
+ Specify one of the following service types:
+
+ <b>inet</b> The service listens on a TCP/IP socket and is accessible
+ via the network.
+
+ The service name is specified as <i>host:port</i>, denoting the
+ host and port on which new connections should be
+ accepted. The host part (and colon) may be omitted.
+ Either host or port may be given in symbolic form (see
+ <b>hosts</b>(5) or <b>services</b>(5)) or in numeric form (IP address
+ or port number). Host information may be enclosed inside
+ "[]"; this form is necessary only with IPv6 addresses.
+
+ Examples: a service named <b>127.0.0.1:smtp</b> or <b>::1:smtp</b>
+ receives mail via the loopback interface only; and a ser-
+ vice named <b>10025</b> accepts connections on TCP port 10025
+ via all interfaces configured with the <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
+ parameter.
+
+ Note: with Postfix version 2.2 and later specify
+ "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only</b>" in <a href="postconf.5.html">main.cf</a>, instead of
+ hard-coding loopback IP address information in <a href="master.5.html">master.cf</a>
+ or in <a href="postconf.5.html">main.cf</a>.
+
+ <b>unix</b> The service listens on a UNIX-domain stream socket and is
+ accessible for local clients only.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ On Solaris 8 and earlier systems the <b>unix</b> type is imple-
+ mented with streams sockets.
+
+ <b>unix-dgram</b>
+ The service listens on a UNIX-domain datagram socket and
+ is accessible for local clients only.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ <b>fifo</b> (obsolete)
+ The service listens on a FIFO (named pipe) and is acces-
+ sible for local clients only.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ <b>pass</b> The service listens on a UNIX-domain stream socket, and
+ is accessible to local clients only. It receives one open
+ connection (file descriptor passing) per connection
+ request.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ On Solaris 8 and earlier systems the <b>pass</b> type is imple-
+ mented with streams sockets.
+
+ This feature is available as of Postfix version 2.5.
+
+ <b>Private (default: y)</b>
+ Whether a service is internal to Postfix (pathname starts with
+ <b>private/</b>), or exposed through Postfix command-line tools (path-
+ name starts with <b>public/</b>). Internet (type <b>inet</b>) services can't
+ be private.
+
+ <b>Unprivileged (default: y)</b>
+ Whether the service runs with root privileges or as the owner of
+ the Postfix system (the owner name is controlled by the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> configuration variable in the <a href="postconf.5.html">main.cf</a> file).
+
+ The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons require
+ privileges.
+
+ <b>Chroot (default: Postfix</b> &gt;<b>= 3.0: n, Postfix</b> &lt; <b>3.0: y)</b>
+ Whether or not the service runs chrooted to the mail queue
+ directory (pathname is controlled by the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> config-
+ uration variable in the <a href="postconf.5.html">main.cf</a> file).
+
+ Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>,
+ and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons. Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run
+ chrooted, doing so defeats most of the purpose of having that
+ service in the first place.
+
+ The files in the examples/chroot-setup subdirectory of the Post-
+ fix source show how to set up a Postfix chroot environment on a
+ variety of systems. See also <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> for
+ issues related to running daemons chrooted.
+
+ <b>Wake up time (default: 0)</b>
+ Automatically wake up the named service after the specified num-
+ ber of seconds. The wake up is implemented by connecting to the
+ service and sending a wake up request. A ? at the end of the
+ wake-up time field requests that no wake up events be sent
+ before the first time a service is used. Specify 0 for no auto-
+ matic wake up.
+
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require a wake up
+ timer.
+
+ <b>Process limit (default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
+ The maximum number of processes that may execute this service
+ simultaneously. Specify 0 for no process count limit.
+
+ NOTE: Some Postfix services must be configured as a sin-
+ gle-process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and some services
+ must be configured with no process limit (for example,
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a>). These limits must not be changed.
+
+ <b>Command name + arguments</b>
+ The command to be executed. Characters that are special to the
+ shell such as "&gt;" or "|" have no special meaning here, and
+ quotes cannot be used to protect arguments containing white-
+ space. To protect whitespace, use "{" and "}" as described
+ below.
+
+ The command name is relative to the Postfix daemon directory
+ (pathname is controlled by the <b><a href="postconf.5.html#daemon_directory">daemon_directory</a></b> configuration
+ variable).
+
+ The command argument syntax for specific commands is specified
+ in the respective daemon manual page.
+
+ The following command-line options have the same effect for all
+ daemon programs:
+
+ <b>-D</b> Run the daemon under control by the command specified
+ with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> variable in the <a href="postconf.5.html">main.cf</a> config-
+ uration file. See <a href="DEBUG_README.html">DEBUG_README</a> for hints and tips.
+
+ <b>-o {</b> <i>name</i> = <i>value</i> <b>}</b> (long form, Postfix &gt;= 3.0)
+
+ <b>-o</b> <i>name</i>=<i>value</i> (short form)
+ Override the named <a href="postconf.5.html">main.cf</a> configuration parameter. The
+ parameter value can refer to other parameters as <i>$name</i>
+ etc., just like in <a href="postconf.5.html">main.cf</a>. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
+
+ NOTE 1: With the "long form" shown above, whitespace
+ after "{", around "=", and before "}" is ignored, and
+ whitespace within the parameter value is preserved.
+
+ NOTE 2: with the "short form" shown above, do not specify
+ whitespace around the "=" or in parameter values. To
+ specify a parameter value that contains whitespace, use
+ the long form described above, or use commas instead of
+ spaces, or specify the value in <a href="postconf.5.html">main.cf</a>. Example:
+
+ /etc/postfix/<a href="master.5.html">master.cf</a>:
+ submission inet .... smtpd
+ -o smtpd_xxx_yyy=$submission_xxx_yyy
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>
+ submission_xxx_yyy = text with whitespace...
+
+ NOTE 3: Over-zealous use of parameter overrides makes the
+ Postfix configuration hard to understand and maintain.
+ At a certain point, it might be easier to configure mul-
+ tiple instances of Postfix, instead of configuring multi-
+ ple personalities via <a href="master.5.html">master.cf</a>.
+
+ <b>-v</b> Increase the verbose logging level. Specify multiple <b>-v</b>
+ options to make a Postfix daemon process increasingly
+ verbose.
+
+ Other command-line arguments
+ Specify "{" and "}" around command arguments that contain
+ whitespace (Postfix 3.0 and later). Whitespace after "{"
+ and before "}" is ignored.
+
+<b>SEE ALSO</b>
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>, basic configuration
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Initial version by
+ Magnus Baeck
+ Lund Institute of Technology
+ Sweden
+
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ MASTER(5)
+</pre> </body> </html>
diff --git a/html/master.8.html b/html/master.8.html
new file mode 100644
index 0000000..cacc801
--- /dev/null
+++ b/html/master.8.html
@@ -0,0 +1,227 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - master(8) </title>
+</head> <body> <pre>
+MASTER(8) MASTER(8)
+
+<b>NAME</b>
+ master - Postfix master process
+
+<b>SYNOPSIS</b>
+ <b>master</b> [<b>-Dditvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
+
+<b>DESCRIPTION</b>
+ The <a href="master.8.html"><b>master</b>(8)</a> daemon is the resident process that runs Postfix daemons
+ on demand: daemons to send or receive messages via the network, daemons
+ to deliver mail locally, etc. These daemons are created on demand up
+ to a configurable maximum number per service.
+
+ Postfix daemons terminate voluntarily, either after being idle for a
+ configurable amount of time, or after having serviced a configurable
+ number of requests. Exceptions to this rule are the resident queue man-
+ ager, address verification server, and the TLS session cache and
+ pseudo-random number server.
+
+ The behavior of the <a href="master.8.html"><b>master</b>(8)</a> daemon is controlled by the <a href="master.5.html"><b>master.cf</b></a>
+ configuration file, as described in <a href="master.5.html"><b>master</b>(5)</a>.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files in the named
+ directory instead of the default configuration directory. This
+ also overrides the configuration files for other Postfix daemon
+ processes.
+
+ <b>-D</b> After initialization, run a debugger on the master process. The
+ debugging command is specified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> in the
+ <a href="postconf.5.html"><b>main.cf</b></a> global configuration file.
+
+ <b>-d</b> Do not redirect stdin, stdout or stderr to /dev/null, and do not
+ discard the controlling terminal. This must be used for debug-
+ ging only.
+
+ <b>-e</b> <i>exit</i><b>_</b><i>time</i>
+ Terminate the master process after <i>exit</i><b>_</b><i>time</i> seconds. Child pro-
+ cesses terminate at their convenience.
+
+ <b>-i</b> Enable <b>init</b> mode: do not become a session or process group
+ leader; and similar to <b>-s</b>, do not redirect stdout to /dev/null,
+ so that "<a href="postconf.5.html#maillog_file">maillog_file</a> = /dev/stdout" works. This mode is
+ allowed only if the process ID equals 1.
+
+ This feature is available in Postfix 3.3 and later.
+
+ <b>-s</b> Do not redirect stdout to /dev/null, so that "<a href="postconf.5.html#maillog_file">maillog_file</a> =
+ /dev/stdout" works.
+
+ This feature is available in Postfix 3.4 and later.
+
+ <b>-t</b> Test mode. Return a zero exit status when the <b>master.pid</b> lock
+ file does not exist or when that file is not locked. This is
+ evidence that the <a href="master.8.html"><b>master</b>(8)</a> daemon is not running.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. This option is
+ passed on to child processes. Multiple <b>-v</b> options make the soft-
+ ware increasingly verbose.
+
+ <b>-w</b> Wait in a dummy foreground process, while the real master daemon
+ initializes in a background process. The dummy foreground
+ process returns a zero exit status only if the master daemon
+ initialization is successful, and if it completes in a reason-
+ able amount of time.
+
+ This feature is available in Postfix 2.10 and later.
+
+ Signals:
+
+ <b>SIGHUP</b> Upon receipt of a <b>HUP</b> signal (e.g., after "<b>postfix reload</b>"), the
+ master process re-reads its configuration files. If a service
+ has been removed from the <a href="master.5.html"><b>master.cf</b></a> file, its running processes
+ are terminated immediately. Otherwise, running processes are
+ allowed to terminate as soon as is convenient, so that changes
+ in configuration settings affect only new service requests.
+
+ <b>SIGTERM</b>
+ Upon receipt of a <b>TERM</b> signal (e.g., after "<b>postfix abort</b>"), the
+ master process passes the signal on to its child processes and
+ terminates. This is useful for an emergency shutdown. Normally
+ one would terminate only the master ("<b>postfix stop</b>") and allow
+ running processes to finish what they are doing.
+
+<b>DIAGNOSTICS</b>
+ Problems are reported to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. The exit status is
+ non-zero in case of problems, including problems while initializing as
+ a master daemon process in the background.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_DEBUG</b>
+ After initialization, start a debugger as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
+ ration file.
+
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Unlike most Postfix daemon processes, the <a href="master.8.html"><b>master</b>(8)</a> server does not
+ automatically pick up changes to <a href="postconf.5.html"><b>main.cf</b></a>. Changes to <a href="master.5.html"><b>master.cf</b></a> are
+ never picked up automatically. Use the "<b>postfix reload</b>" command after
+ a configuration change.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#default_process_limit">default_process_limit</a> (100)</b>
+ The default maximal number of Postfix child processes that pro-
+ vide a given service.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#service_throttle_time">service_throttle_time</a> (60s)</b>
+ How long the Postfix <a href="master.8.html"><b>master</b>(8)</a> waits before forking a server
+ that appears to be malfunctioning.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#master_service_disable">master_service_disable</a> (empty)</b>
+ Selectively disable <a href="master.8.html"><b>master</b>(8)</a> listener ports by service type or
+ by service name and type.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
+
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b>sion=587)</b>
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
+ base.
+
+<b>FILES</b>
+ To expand the directory names below into their actual values, use the
+ command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" etc.
+
+ $<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, global configuration file.
+ $<a href="postconf.5.html#config_directory">config_directory</a>/<a href="master.5.html">master.cf</a>, master server configuration file.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/pid/master.pid, master lock file.
+ $<a href="postconf.5.html#data_directory">data_directory</a>/master.lock, master lock file.
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="verify.8.html">verify(8)</a>, address verification
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> configuration file syntax
+ <a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration file syntax
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ MASTER(8)
+</pre> </body> </html>
diff --git a/html/memcache_table.5.html b/html/memcache_table.5.html
new file mode 100644
index 0000000..73c013f
--- /dev/null
+++ b/html/memcache_table.5.html
@@ -0,0 +1,224 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - memcache_table(5) </title>
+</head> <body> <pre>
+MEMCACHE_TABLE(5) MEMCACHE_TABLE(5)
+
+<b>NAME</b>
+ memcache_table - Postfix memcache client configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="memcache_table.5.html">memcache</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="memcache_table.5.html">memcache</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as memcache instances.
+ To use memcache lookups, define a memcache source as a lookup table in
+ <a href="postconf.5.html">main.cf</a>, for example:
+
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/memcache-aliases.cf
+
+ The file /etc/postfix/memcache-aliases.cf has the same format as the
+ Postfix <a href="postconf.5.html">main.cf</a> file, and specifies the parameters described below.
+
+ The Postfix memcache client supports the lookup, update, delete and
+ sequence (first/next) operations. The sequence operation requires a
+ backup database that supports the operation.
+
+<b>MEMCACHE MAIN PARAMETERS</b>
+ <b>memcache (default: inet:localhost:11211)</b>
+ The memcache server (note: singular) that Postfix will try to
+ connect to. For a TCP server specify "inet:" followed by a
+ hostname or address, ":", and a port name or number. Specify an
+ IPv6 address inside "[]". For a UNIX-domain server specify
+ "unix:" followed by the socket pathname. Examples:
+
+ memcache = inet:memcache.example.com:11211
+ memcache = inet:127.0.0.1:11211
+ memcache = inet:[fc00:8d00:189::3]:11211
+ memcache = unix:/path/to/socket
+
+ NOTE: to access a UNIX-domain socket with the <a href="proxymap.8.html">proxymap(8)</a>
+ server, the socket must be accessible by the unprivileged post-
+ fix user.
+
+ <b>backup (default: undefined)</b>
+ An optional Postfix database that provides persistent backup for
+ the memcache database. The Postfix memcache client will update
+ the memcache database whenever it looks up or changes informa-
+ tion in the persistent database. Specify a Postfix "<a href="DATABASE_README.html">type:table</a>"
+ database. Examples:
+
+ # Non-shared postscreen cache.
+ backup = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>
+
+ # Shared postscreen cache for processes on the same host.
+ backup = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>
+
+ Access to remote proxymap servers is under development.
+
+ NOTE 1: When sharing a persistent <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a>
+ cache, disable automatic cache cleanup (set
+ *_cache_cleanup_interval = 0) except with one Postfix instance
+ that will be responsible for cache cleanup.
+
+ NOTE 2: When multiple tables share the same memcache database,
+ each table should use the <b>key_format</b> feature (see below) to
+ prepend its own unique string to the lookup key. Otherwise,
+ automatic <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache cleanup may not work.
+
+ NOTE 3: When the backup database is accessed with "<a href="proxymap.8.html">proxy</a>:"
+ lookups, the full backup database name (including the "<a href="proxymap.8.html">proxy</a>:"
+ prefix) must be specified in the proxymap server's
+ <a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> or <a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> setting (depending on
+ whether the access is read-only or read-write).
+
+ <b>flags (default: 0)</b>
+ Optional flags that should be stored along with a memcache
+ update. The flags are ignored when looking up information.
+
+ <b>ttl (default: 3600)</b>
+ The expiration time in seconds of memcache updates.
+
+ NOTE 1: When using a memcache table as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>ver-</b></a>
+ <a href="verify.8.html"><b>ify</b>(8)</a> cache without persistent backup, specify a zero
+ *_cache_cleanup_interval value with all Postfix instances that
+ use the memcache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
+ value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the memcache table's
+ <b>ttl</b> value.
+
+ NOTE 2: According to memcache protocol documentation, a value
+ greater than 30 days (2592000 seconds) specifies absolute UNIX
+ time. Smaller values are relative to the time of the update.
+
+<b>MEMCACHE KEY PARAMETERS</b>
+ <b>key_format (default: %s)</b>
+ Format of the lookup and update keys that the Postfix memcache
+ client sends to the memcache server. By default, these are the
+ same as the lookup and update keys that the memcache client
+ receives from Postfix applications.
+
+ NOTE 1: The <b>key_format</b> feature is not used for <b>backup</b> database
+ requests.
+
+ NOTE 2: When multiple tables share the same memcache database,
+ each table should prepend its own unique string to the lookup
+ key. Otherwise, automatic <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache
+ cleanup may not work.
+
+ Examples:
+
+ key_format = aliases:%s
+ key_format = verify:%s
+ key_format = postscreen:%s
+
+ The <b>key_format</b> parameter supports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the memcache client input key.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, a lookup is silently
+ suppressed and returns no results (an update is skipped
+ with a warning).
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the domain part of the address. Other-
+ wise, a lookup is silently suppressed and returns no
+ results (an update is skipped with a warning).
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>key_format</b> parameter identically to their
+ lower-case counter-parts.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, a lookup is
+ silently suppressed and returns no results (an update is
+ skipped with a warning).
+
+ <b>domain (default: no domain list)</b>
+ This feature can significantly reduce database server load.
+ Specify a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys
+ with a *non-empty* localpart and a matching domain are eligible
+ for lookup or update: bare 'user' lookups, bare domain lookups
+ and "@domain" lookups are silently skipped (updates are skipped
+ with a warning). Example:
+
+ domain = example.com, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
+
+<b>MEMCACHE ERROR CONTROLS</b>
+ <b>data_size_limit (default: 10240)</b>
+ The maximal memcache reply data length in bytes.
+
+ <b>line_size_limit (default: 1024)</b>
+ The maximal memcache reply line length in bytes.
+
+ <b>max_try (default: 2)</b>
+ The number of times to try a memcache command before giving up.
+ The memcache client does not retry a command when the memcache
+ server accepts no connection.
+
+ <b>retry_pause (default: 1)</b>
+ The time in seconds before retrying a failed memcache command.
+
+ <b>timeout (default: 2)</b>
+ The time limit for sending a memcache command and for receiving
+ a memcache reply.
+
+<b>BUGS</b>
+ The Postfix memcache client cannot be used for security-sensitive
+ tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain "<i>|command</i> and "<i>/file/name</i>"
+ destinations), or <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b>, <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mail</a>-</b>
+ <b><a href="postconf.5.html#virtual_mailbox_maps">box_maps</a></b> (these specify UNIX process privileges or "<i>/file/name</i>" desti-
+ nations). In a typical deployment a memcache database is writable by
+ any process that can talk to the memcache server; in contrast, secu-
+ rity-sensitive tables must never be writable by the unprivileged Post-
+ fix user.
+
+ The Postfix memcache client requires additional configuration when used
+ as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For details see the <b>backup</b> and
+ <b>ttl</b> parameter discussions in the MEMCACHE MAIN PARAMETERS section
+ above.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="MEMCACHE_README.html">MEMCACHE_README</a>, Postfix memcache client guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ Memcache support was introduced with Postfix version 2.9.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ MEMCACHE_TABLE(5)
+</pre> </body> </html>
diff --git a/html/mysql_table.5.html b/html/mysql_table.5.html
new file mode 100644
index 0000000..4971e57
--- /dev/null
+++ b/html/mysql_table.5.html
@@ -0,0 +1,382 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - mysql_table(5) </title>
+</head> <body> <pre>
+MYSQL_TABLE(5) MYSQL_TABLE(5)
+
+<b>NAME</b>
+ mysql_table - Postfix MySQL client configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="mysql_table.5.html">mysql</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="mysql_table.5.html">mysql</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as MySQL databases. In
+ order to use MySQL lookups, define a MySQL source as a lookup table in
+ <a href="postconf.5.html">main.cf</a>, for example:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/postfix/mysql-aliases.cf
+
+ The file /etc/postfix/mysql-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
+
+<b>LIST MEMBERSHIP</b>
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
+
+<b>MYSQL PARAMETERS</b>
+ <b>hosts</b> The hosts that Postfix will try to connect to and query from.
+ Specify <i>unix:</i> for UNIX domain sockets, <i>inet:</i> for TCP connections
+ (default). Examples:
+ hosts = inet:host1.some.domain inet:host2.some.domain:port
+ hosts = host1.some.domain host2.some.domain:port
+ hosts = unix:/file/name
+
+ The hosts are tried in random order, with all connections over
+ UNIX domain sockets being tried before those over TCP. The con-
+ nections are automatically closed after being idle for about 1
+ minute, and are re-opened as necessary. Postfix versions 2.0 and
+ earlier do not randomize the host order.
+
+ NOTE: if you specify localhost as a hostname (even if you prefix
+ it with <i>inet:</i>), MySQL will connect to the default UNIX domain
+ socket. In order to instruct MySQL to connect to localhost over
+ TCP you have to specify
+ hosts = 127.0.0.1
+
+ <b>user</b>
+
+ <b>password</b>
+ The user name and password to log into the mysql server. Exam-
+ ple:
+ user = someone
+ password = some_password
+
+ <b>dbname</b> The database name on the servers. Example:
+ dbname = customer_database
+
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+
+ By default, every query must return a result set (instead of
+ storing its results in a table); with "<b>require_result_set = no</b>"
+ (Postfix 3.2 and later), the absence of a result set is treated
+ as "not found".
+
+ This parameter supports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is
+ non-empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ This parameter is available with Postfix 2.2. In prior releases
+ the SQL query was built from the separate parameters:
+ <b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>. The
+ mapping from the old parameters to the equivalent query is:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The '%s' in the <b>WHERE</b> clause expands to the escaped search
+ string. With Postfix 2.2 these legacy parameters are used if
+ the <b>query</b> parameter is not specified.
+
+ NOTE: DO NOT put quotes around the query parameter.
+
+ <b>result_format (default: %s</b>)
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
+
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
+ skipped.
+
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
+
+ <b>%[SUD1-9]</b>
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT put quotes around the result format!
+
+ <b>domain (default: no domain list)</b>
+ This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys with
+ a *non-empty* localpart and a matching domain are eligible for
+ lookup: 'user' lookups, bare domain lookups and "@domain"
+ lookups are not performed. This can significantly reduce the
+ query load on the MySQL server.
+ domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
+
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
+
+ <b>expansion_limit (default: 0)</b>
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
+
+ <b>option_file</b>
+ Read options from the given file instead of the default my.cnf
+ location. This reads options from the <b>[client]</b> option group,
+ optionally followed by options from the group given with
+ <b>option_group</b>.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>option_group (default: Postfix</b> &gt;<b>=3.2: client,</b> &lt;<b>= 3.1: empty)</b>
+ Read options from the given group of the mysql options file,
+ after reading options from the <b>[client]</b> group.
+
+ Postfix 3.2 and later read <b>[client]</b> option group settings by
+ default. To disable this specify no <b>option_file</b> and specify
+ "<b>option_group =</b>" (i.e. an empty value).
+
+ Postfix 3.1 and earlier don't read <b>[client]</b> option group set-
+ tings unless a non-empty <b>option_file</b> or <b>option_group</b> value are
+ specified. To enable this, specify, for example, "<b>option_group =</b>
+ <b>client</b>".
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>require_result_set (default: yes)</b>
+ If "<b>yes</b>", require that every query returns a result set. If
+ "<b>no</b>", treat the absence of a result set as "not found".
+
+ This parameter is available with Postfix 3.2 and later.
+
+ <b>tls_cert_file</b>
+ File containing client's X509 certificate.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>tls_key_file</b>
+ File containing the private key corresponding to <b>tls_cert_file</b>.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>tls_CAfile</b>
+ File containing certificates for all of the X509 Certification
+ Authorities the client will recognize. Takes precedence over
+ <b>tls_CApath</b>.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>tls_CApath</b>
+ Directory containing X509 Certification Authority certificates
+ in separate individual files.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>tls_ciphers</b>
+ The list of permissible ciphers for SSL encryption.
+
+ This parameter is available with Postfix 2.11 and later.
+
+ <b>tls_verify_cert (default: no)</b>
+ Verify that the server's name matches the common name in the
+ certificate.
+
+ This parameter is available with Postfix 2.11 and later.
+
+<b>USING MYSQL STORED PROCEDURES</b>
+ Postfix 3.2 and later support calling a stored procedure instead of
+ using a SELECT statement in the query, e.g.
+
+ <b>query</b> = CALL lookup('%s')
+
+ The previously described '%' expansions can be used in the parameter(s)
+ to the stored procedure.
+
+ By default, every stored procedure call must return a result set, i.e.
+ every code path must execute a SELECT statement that returns a result
+ set (instead of storing its results in a table). With
+ "<b>require_result_set = no</b>", the absence of a result set is treated as
+ "not found".
+
+ A stored procedure must not return multiple result sets. That is,
+ there must be no code path that executes multiple SELECT statements
+ that return a result (instead of storing their results in a table).
+
+ The following is an example of a stored procedure returning a single
+ result set:
+
+ CREATE [DEFINER=`user`@`host`] PROCEDURE
+ `lookup`(IN `param` VARCHAR(255))
+ READS SQL DATA
+ SQL SECURITY INVOKER
+ BEGIN
+ select goto from alias where address=param;
+ END
+
+<b>OBSOLETE MAIN.CF PARAMETERS</b>
+ For compatibility with other Postfix lookup tables, MySQL parameters
+ can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as MySQL
+ source a name that doesn't begin with a slash or a dot. The MySQL
+ parameters will then be accessible as the name you've given the source
+ in its definition, an underscore, and the name of the parameter. For
+ example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>", the parameter
+ "hosts" would be defined in <a href="postconf.5.html">main.cf</a> as "<i>mysqlname</i>_hosts".
+
+ Note: with this form, the passwords for the MySQL sources are written
+ in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this form
+ will be removed in a future Postfix version.
+
+<b>OBSOLETE QUERY INTERFACE</b>
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface described
+ above. If the <b>query</b> parameter is defined, the legacy parameters
+ described here ignored. Please migrate to the new interface as the
+ legacy interface may be removed in a future release.
+
+ The following parameters can be used to fill in a SELECT template
+ statement of the form:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The specifier %s is replaced by the search string, and is escaped so if
+ it contains single quotes or other odd characters, it will not cause a
+ parse error, or worse, a security problem.
+
+ <b>select_field</b>
+ The SQL "select" parameter. Example:
+ <b>select_field</b> = forw_addr
+
+ <b>table</b> The SQL "select .. from" table name. Example:
+ <b>table</b> = mxaliases
+
+ <b>where_field</b>
+ The SQL "select .. where" parameter. Example:
+ <b>where_field</b> = alias
+
+ <b>additional_conditions</b>
+ Additional conditions to the SQL query. Example:
+ <b>additional_conditions</b> = AND status = 'paid'
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
+ <a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
+ <a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="MYSQL_README.html">MYSQL_README</a>, Postfix MYSQL client guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ MySQL support was introduced with Postfix version 1.0.
+
+<b>AUTHOR(S)</b>
+ Original implementation by:
+ Scott Cotton, Joshua Marcus
+ IC Group, Inc.
+
+ Further enhancements by:
+ Liviu Daia
+ Institute of Mathematics of the Romanian Academy
+ P.O. BOX 1-764
+ RO-014700 Bucharest, ROMANIA
+
+ Stored-procedure support by John Fawcett.
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ MYSQL_TABLE(5)
+</pre> </body> </html>
diff --git a/html/newaliases.1.html b/html/newaliases.1.html
new file mode 100644
index 0000000..bebc17b
--- /dev/null
+++ b/html/newaliases.1.html
@@ -0,0 +1,523 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - sendmail(1) </title>
+</head> <body> <pre>
+SENDMAIL(1) SENDMAIL(1)
+
+<b>NAME</b>
+ sendmail - Postfix to Sendmail compatibility interface
+
+<b>SYNOPSIS</b>
+ <b>sendmail</b> [<i>option ...</i>] [<i>recipient ...</i>]
+
+ <b>mailq</b>
+ <b>sendmail -bp</b>
+
+ <b>newaliases</b>
+ <b>sendmail -I</b>
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
+
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
+
+ Specific command aliases are provided for other common modes of opera-
+ tion:
+
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
+
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
+
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
+
+ <b>#</b> The message is forced to expire. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ options <b>-e</b> or <b>-f</b>.
+
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ <b>newaliases</b>
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ The following options are recognized:
+
+ <b>-Am</b> (ignored)
+
+ <b>-Ac</b> (ignored)
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
+
+ <b>-B</b> <i>body</i><b>_</b><i>type</i>
+ The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
+
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
+
+ <b>-bh</b> (ignored)
+
+ <b>-bH</b> (ignored)
+ Postfix has no persistent host status database.
+
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
+
+ <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
+
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
+
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
+
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
+
+ This feature is available in Postfix version 2.1 and later.
+
+ <b>-C</b> <i>config</i><b>_</b><i>file</i>
+
+ <b>-C</b> <i>config</i><b>_</b><i>dir</i>
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
+
+ With Postfix version 3.2 and later, a non-default directory must
+ be authorized in the default <a href="postconf.5.html"><b>main.cf</b></a> file, through the alter-
+ nate_config_directories or <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parame-
+ ters.
+
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
+
+ <b>-F</b> <i>full</i><b>_</b><i>name</i>
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
+
+ <b>-f</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
+
+ This option is ignored before Postfix version 2.3.
+
+ <b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
+
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-L</b> <i>label</i> (ignored)
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
+
+ <b>-m</b> (ignored)
+ Backwards compatibility.
+
+ <b>-N</b> <i>dsn</i> (default: 'delay, failure')
+ Delivery status notification control. Specify either a
+ comma-separated list with one or more of <b>failure</b> (send notifica-
+ tion when delivery fails), <b>delay</b> (send notification when deliv-
+ ery is delayed), or <b>success</b> (send notification when the message
+ is delivered); or specify <b>never</b> (don't send any notifications at
+ all).
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-n</b> (ignored)
+ Backwards compatibility.
+
+ <b>-oA</b><i>alias</i><b>_</b><i>database</i>
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+
+ <b>-O</b> <i>option=value</i> (ignored)
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-o7</b> (ignored)
+
+ <b>-o8</b> (ignored)
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
+
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-om</b> (ignored)
+ The sender is never eliminated from alias etc. expansions.
+
+ <b>-o</b> <i>x value</i> (ignored)
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-r</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-R</b> <i>return</i>
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
+
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
+
+ This option is ignored before Postfix version 2.10.
+
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
+
+ <b>-q</b><i>interval</i> (ignored)
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
+
+ <b>-qI</b><i>queueid</i>
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
+
+ <b>-qR</b><i>site</i>
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
+
+ <b>-qS</b><i>site</i>
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
+
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
+
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
+
+ <b>-U</b> (ignored)
+ Initial user submission.
+
+ <b>-V</b> <i>envid</i>
+ Specify the envelope ID for notification by servers that support
+ DSN.
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
+
+ By default, the personalized envelope sender address is
+ <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> charac-
+ ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+ ration parameter.
+
+ <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
+
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
+
+ <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
+
+<b>SECURITY</b>
+ By design, this program is not set-user (or group) id. It is prepared
+ to handle message content from untrusted, possibly remote, users.
+
+ However, like most Postfix programs, this program does not enforce a
+ security policy on its command-line arguments. Instead, it relies on
+ the UNIX system to enforce access policies based on the effective user
+ and group IDs of the process. Concretely, this means that running Post-
+ fix commands as root (from sudo or equivalent) on behalf of a non-root
+ user is likely to create privilege escalation opportunities.
+
+ If an application runs any Postfix programs on behalf of users that do
+ not have normal shell access to Postfix commands, then that application
+ MUST restrict user-specified command-line arguments to avoid privilege
+ escalation.
+
+ <b>o</b> Filter all command-line arguments, for example arguments that
+ contain a pathname or that specify a database access method.
+ These pathname checks must reject user-controlled symlinks or
+ hardlinks to sensitive files, and must not be vulnerable to TOC-
+ TOU race attacks.
+
+ <b>o</b> Disable command options processing for all command arguments
+ that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
+
+ <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
+
+ Here, the "<b>--</b>" disables command option processing for all
+ <i>user-arguments</i> that follow.
+
+ Without the "<b>--</b>", a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying an email address that
+ starts with "<b>-</b>".
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b> (value does not matter)
+ Enable verbose logging for debugging purposes.
+
+ <b>MAIL_DEBUG</b> (value does not matter)
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
+
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ Available with Postfix 2.9 and later:
+
+ <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
+ Controls how the Postfix sendmail command converts email message
+ line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ system.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+<b>ACCESS CONTROLS</b>
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to flush the queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to view the queue.
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
+
+<b>FAST FLUSH CONTROLS</b>
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
+
+<b>VERP CONTROLS</b>
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Postfix 3.2 and later:
+
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ MAIL_CONFIG environment parameter.
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+ /etc/postfix, configuration files
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, mail pickup daemon
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="postsuper.1.html">postsuper(1)</a>, queue maintenance
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, mail system control
+ <a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SENDMAIL(1)
+</pre> </body> </html>
diff --git a/html/nisplus_table.5.html b/html/nisplus_table.5.html
new file mode 100644
index 0000000..2928b6c
--- /dev/null
+++ b/html/nisplus_table.5.html
@@ -0,0 +1,88 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - nisplus_table(5) </title>
+</head> <body> <pre>
+NISPLUS_TABLE(5) NISPLUS_TABLE(5)
+
+<b>NAME</b>
+ nisplus_table - Postfix NIS+ client
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" "<a href="nisplus_table.5.html">nisplus</a>:[</b><i>name</i><b>=%s];</b><i>name.name.</i><b>"</b>
+
+ <b>postmap -q - "<a href="nisplus_table.5.html">nisplus</a>:[</b><i>name</i><b>=%s];</b><i>name.name.</i><b>"</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional lookup tables. These tables are
+ usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec-
+ ified as NIS+ databases.
+
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
+
+ To test Postfix NIS+ lookup tables, use the "<b>postmap -q</b>" command as
+ described in the SYNOPSIS above.
+
+<b>QUERY SYNTAX</b>
+ Most of the NIS+ query is specified via the NIS+ map name. The general
+ format of a Postfix NIS+ map name is as follows:
+
+ <b><a href="nisplus_table.5.html">nisplus</a>:[</b><i>name</i><b>=%s];</b><i>name.name.name</i><b>.:</b><i>column</i>
+
+ Postfix NIS+ map names differ from what one normally would use with
+ commands such as <b>niscat</b>:
+
+ <b>o</b> With each NIS+ table lookup, "<b>%s</b>" is replaced by a version of
+ the lookup string. There can be only one "<b>%s</b>" instance in a
+ Postfix NIS+ map name.
+
+ <b>o</b> Postfix NIS+ map names use "<b>;</b>" instead of "<b>,</b>", because the lat-
+ ter character is special in the Postfix <a href="postconf.5.html">main.cf</a> file. Postfix
+ replaces "<b>;</b>" characters in the map name by "<b>,</b>" before making
+ NIS+ queries.
+
+ <b>o</b> The ":<i>column</i>" part in the NIS+ map name is not part of the
+ actual NIS+ query. Instead, it specifies the number of the table
+ column that provides the lookup result. When no ":<i>column</i>" is
+ specified the first column (1) is used.
+
+<b>EXAMPLE</b>
+ A NIS+ aliases map might be queried as follows:
+
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/mail/aliases,
+ <a href="nisplus_table.5.html">nisplus</a>:[alias=%s];mail_aliases.org_dir.$<a href="postconf.5.html#mydomain">mydomain</a>.:1
+
+ This queries the local aliases file before the NIS+ file.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Geoff Gibbs
+ UK-HGMP-RC
+ Hinxton
+ Cambridge
+ CB10 1SB, UK
+
+ Adopted and adapted by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ NISPLUS_TABLE(5)
+</pre> </body> </html>
diff --git a/html/oqmgr.8.html b/html/oqmgr.8.html
new file mode 100644
index 0000000..e24fbce
--- /dev/null
+++ b/html/oqmgr.8.html
@@ -0,0 +1,425 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - oqmgr(8) </title>
+</head> <body> <pre>
+OQMGR(8) OQMGR(8)
+
+<b>NAME</b>
+ oqmgr - old Postfix queue manager
+
+<b>SYNOPSIS</b>
+ <b>oqmgr</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon awaits the arrival of incoming mail and arranges
+ for its delivery via Postfix delivery processes. The actual mail rout-
+ ing strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
+ carded. This stops potential loops caused by undeliverable bounce
+ notifications.
+
+<b>MAIL QUEUES</b>
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon maintains the following queues:
+
+ <b>incoming</b>
+ Inbound mail from the network, or mail picked up by the local
+ <a href="pickup.8.html"><b>pickup</b>(8)</a> agent from the <b>maildrop</b> directory.
+
+ <b>active</b> Messages that the queue manager has opened for delivery. Only a
+ limited number of messages is allowed to enter the <b>active</b> queue
+ (leaky bucket strategy, for a fixed delivery rate).
+
+ <b>deferred</b>
+ Mail that could not be delivered upon the first attempt. The
+ queue manager implements exponential backoff by doubling the
+ time between delivery attempts.
+
+ <b>corrupt</b>
+ Unreadable or damaged queue files are moved here for inspection.
+
+ <b>hold</b> Messages that are kept "on hold" are kept here until someone
+ sets them free.
+
+<b>DELIVERY STATUS REPORTS</b>
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon keeps an eye on per-message delivery status reports
+ in the following directories. Each status report file has the same name
+ as the corresponding message file:
+
+ <b>bounce</b> Per-recipient status information about why mail is bounced.
+ These files are maintained by the <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
+
+ <b>defer</b> Per-recipient status information about why mail is delayed.
+ These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
+
+ <b>trace</b> Per-recipient status information as requested with the Postfix
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
+ tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
+
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a>
+ or <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery reports.
+
+<b>STRATEGIES</b>
+ The queue manager implements a variety of strategies for either opening
+ queue files (input) or for message delivery (output).
+
+ <b>leaky bucket</b>
+ This strategy limits the number of messages in the <b>active</b> queue
+ and prevents the queue manager from running out of memory under
+ heavy load.
+
+ <b>fairness</b>
+ When the <b>active</b> queue has room, the queue manager takes one mes-
+ sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
+ This prevents a large mail backlog from blocking the delivery of
+ new mail.
+
+ <b>slow start</b>
+ This strategy eliminates "thundering herd" problems by slowly
+ adjusting the number of parallel deliveries to the same destina-
+ tion.
+
+ <b>round robin</b>
+ The queue manager sorts delivery requests by destination.
+ Round-robin selection prevents one destination from dominating
+ deliveries to other destinations.
+
+ <b>exponential backoff</b>
+ Mail that cannot be delivered upon the first attempt is
+ deferred. The time interval between delivery attempts is dou-
+ bled after each attempt.
+
+ <b>destination status cache</b>
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
+ tions.
+
+<b>TRIGGERS</b>
+ On an idle system, the queue manager waits for the arrival of trigger
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
+ sage. Depending on the message received, the queue manager performs
+ one of the following actions (the message is followed by the symbolic
+ constant used internally by the software):
+
+ <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
+ Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
+
+ <b>I (QMGR_REQ_SCAN_INCOMING)</b>
+ Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
+
+ <b>A (QMGR_REQ_SCAN_ALL)</b>
+ Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request affects the
+ next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
+
+ <b>F (QMGR_REQ_FLUSH_DEAD)</b>
+ Purge all information about dead transports and destinations.
+
+ <b>W (TRIGGER_REQ_WAKEUP)</b>
+ Wakeup call, This is used by the master server to instantiate
+ servers that should not go away forever. The action is to start
+ an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan.
+
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon reads an entire buffer worth of triggers. Multiple
+ identical trigger requests are collapsed into one, and trigger requests
+ are sorted so that <b>A</b> and <b>F</b> precede <b>D</b> and <b>I</b>. Thus, in order to force a
+ <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> run, one would request <b>A F D</b>; in order to notify the
+ queue manager of the arrival of new mail one would request <b>I</b>.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
+
+<b>SECURITY</b>
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads single-charac-
+ ter messages from untrusted local users, and thus may be susceptible to
+ denial of service attacks. The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon does not talk to the
+ outside world, and it can be run at fixed low privilege in a chrooted
+ environment.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to the <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>
+ daemon. Corrupted message files are saved to the <b>corrupt</b> queue for
+ further inspection.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>BUGS</b>
+ A single queue manager process has to compete for disk access with mul-
+ tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
+ mail can negatively impact outbound delivery rates.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> is a
+ persistent process. Use the command "<b>postfix reload</b>" after a configura-
+ tion change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
+
+<b>COMPATIBILITY CONTROLS</b>
+ Available before Postfix version 2.5:
+
+ <b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
+ Allow a sender or recipient address to have `-' as the first
+ character.
+
+ Available with Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
+ When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+ next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+ that value is empty, use the domain in the recipient address.
+
+<b><a href="QSHAPE_README.html#active_queue">ACTIVE QUEUE</a> CONTROLS</b>
+ <b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
+ The minimal delay between warnings that a specific destination
+ is clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> (20000)</b>
+ The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
+ The maximal number of recipients held in memory by the Postfix
+ queue manager, and the maximal size of the short-term, in-memory
+ "dead" destination status cache.
+
+<b>DELIVERY CONCURRENCY CONTROLS</b>
+ <b><a href="postconf.5.html#qmgr_fudge_factor">qmgr_fudge_factor</a> (100)</b>
+ Obsolete feature: the percentage of delivery resources that a
+ busy mail system will use up for delivery of a large mailing
+ list message.
+
+ <b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
+ The initial per-destination concurrency level for parallel
+ delivery to the same destination.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
+ The default maximal number of parallel deliveries to the same
+ destination.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_con</a>-
+ <a href="postconf.5.html#initial_destination_concurrency">currency</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
+ of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
+ How many pseudo-cohorts must suffer connection or handshake
+ failure before a specific destination is considered unavailable
+ (and further delivery is suspended).
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">currency_failed_cohort_limit</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
+ The per-destination amount of delivery concurrency negative
+ feedback, after a delivery completes with a connection or hand-
+ shake failure.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_negative_feedback">currency_negative_feedback</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
+ The per-destination amount of delivery concurrency positive
+ feedback, after a delivery completes without connection or hand-
+ shake failure.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_positive_feedback">currency_positive_feedback</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
+ Make the queue manager's feedback algorithm verbose for perfor-
+ mance analysis purposes.
+
+<b>RECIPIENT SCHEDULING CONTROLS</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
+ The default maximal number of recipients per message delivery.
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+<b>OTHER RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
+ The minimal time between attempts to deliver a deferred message;
+ prior to Postfix 2.4 the default value was 1000s.
+
+ <b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
+ The maximal time between attempts to deliver a deferred message.
+
+ <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
+ Consider a message as undeliverable, when delivery fails with a
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
+
+ <b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
+ The time between attempts by the Postfix queue manager to con-
+ tact a malfunctioning message delivery transport.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
+ Consider a bounce message as undeliverable, when delivery fails
+ with a temporary error, and the time in the queue has reached
+ the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
+ The default amount of delay that is inserted between individual
+ message deliveries to the same destination and over the same
+ message delivery transport.
+
+ <b><a href="postconf.5.html#transport_destination_rate_delay">transport_destination_rate_delay</a> ($<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-
+ <a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a> parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ ter.cf</a> name of the message delivery transport.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a> (0s)</b>
+ The default amount of delay that is inserted between individual
+ message deliveries over the same message delivery transport,
+ regardless of destination.
+
+ <b><a href="postconf.5.html#transport_transport_rate_delay">transport_transport_rate_delay</a> ($<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_trans</a>-
+ <a href="postconf.5.html#default_transport_rate_delay">port_rate_delay</a> parameter value, where the initial <i>transport</i> in
+ the parameter name is the <a href="master.5.html">master.cf</a> name of the message delivery
+ transport.
+
+<b>SAFETY CONTROLS</b>
+ <b><a href="postconf.5.html#qmgr_daemon_timeout">qmgr_daemon_timeout</a> (1000s)</b>
+ How much time a Postfix queue manager process may take to handle
+ a request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
+ The time limit for the queue manager to send or receive informa-
+ tion over an internal communication channel.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#address_verify_pending_request_limit">address_verify_pending_request_limit</a> (see 'postconf -d' output)</b>
+ A safety limit that prevents address verification requests from
+ overwhelming the Postfix queue.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
+ The names of message delivery transports that should not deliver
+ mail unless someone issues "<b>sendmail -q</b>" or equivalent.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a> (no)</b>
+ After sending a "your message is delayed" notification, inform
+ the sender when the delay clears up.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>FILES</b>
+ /var/spool/postfix/incoming, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
+ /var/spool/postfix/active, <a href="QSHAPE_README.html#active_queue">active queue</a>
+ /var/spool/postfix/deferred, <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
+ /var/spool/postfix/bounce, non-delivery status
+ /var/spool/postfix/defer, non-delivery status
+ /var/spool/postfix/trace, delivery status
+
+<b>SEE ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ OQMGR(8)
+</pre> </body> </html>
diff --git a/html/pcre_table.5.html b/html/pcre_table.5.html
new file mode 100644
index 0000000..0216e3e
--- /dev/null
+++ b/html/pcre_table.5.html
@@ -0,0 +1,250 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - pcre_table(5) </title>
+</head> <body> <pre>
+PCRE_TABLE(5) PCRE_TABLE(5)
+
+<b>NAME</b>
+ pcre_table - format of Postfix PCRE tables
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+ <b>postmap -hmq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+ <b>postmap -bmq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting,
+ mail routing, or access control. These tables are usually in <b>dbm</b> or <b>db</b>
+ format.
+
+ Alternatively, lookup tables can be specified in Perl Compatible Regu-
+ lar Expression form. In this case, each input is compared against a
+ list of patterns. When a match is found, the corresponding result is
+ returned and the search is terminated.
+
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
+
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above. Use "<b>postmap -hmq -</b> &lt;<i>file</i>" for <a href="header_checks.5.html">header_checks(5)</a> pat-
+ terns, and "<b>postmap -bmq -</b> &lt;<i>file</i>" for <a href="header_checks.5.html">body_checks(5)</a> (Postfix 2.6 and
+ later).
+
+ This driver can be built with the pcre2 library (Postfix 3.7 and
+ later), or with the legacy pcre library (all Postfix versions).
+
+<b>COMPATIBILITY</b>
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. Patterns are case insensi-
+ tive by default.
+
+<b>TABLE FORMAT</b>
+ The general form of a PCRE table is:
+
+ <b>/</b><i>pattern</i><b>/</b><i>flags result</i>
+ When <i>pattern</i> matches the input string, use the corresponding
+ <i>result</i> value.
+
+ <b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
+ When <i>pattern</i> does <b>not</b> match the input string, use the corre-
+ sponding <i>result</i> value.
+
+ <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string matches /<i>pattern</i>/, then match that input
+ string against the patterns between <b>if</b> and <b>endif</b>. The <b>if</b>..<b>endif</b>
+ can nest.
+
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string does not match /<i>pattern</i>/, then match that
+ input string against the patterns between <b>if</b> and <b>endif</b>. The
+ <b>if</b>..<b>endif</b> can nest.
+
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ Each pattern is a perl-like regular expression. The expression delim-
+ iter can be any non-alphanumeric character, except whitespace or char-
+ acters that have special meaning (traditionally the forward slash is
+ used). The regular expression can contain whitespace.
+
+ By default, matching is case-insensitive, and newlines are not treated
+ as special characters. The behavior is controlled by flags, which are
+ toggled by appending one or more of the following characters after the
+ pattern:
+
+ <b>i</b> (default: on)
+ Toggles the case sensitivity flag. By default, matching is case
+ insensitive.
+
+ <b>m</b> (default: off)
+ Toggles the pcre MULTILINE flag. When this flag is on, the <b>^</b> and
+ <b>$</b> metacharacters match immediately after and immediately before
+ a newline character, respectively, in addition to matching at
+ the start and end of the subject string.
+
+ <b>s</b> (default: on)
+ Toggles the pcre DOTALL flag. When this flag is on, the <b>.</b>
+ metacharacter matches the newline character. With Postfix ver-
+ sions prior to 2.0, the flag is off by default, which is incon-
+ venient for multi-line message header matching.
+
+ <b>x</b> (default: off)
+ Toggles the pcre extended flag. When this flag is on, whitespace
+ characters in the pattern (other than in a character class) are
+ ignored. To include a whitespace character as part of the pat-
+ tern, escape it with backslash.
+
+ Note: do not use <b>#</b><i>comment</i> after patterns.
+
+ <b>A</b> (default: off)
+ Toggles the pcre ANCHORED flag. When this flag is on, the pat-
+ tern is forced to be "anchored", that is, it is constrained to
+ match only at the start of the string which is being searched
+ (the "subject string"). This effect can also be achieved by
+ appropriate constructs in the pattern itself.
+
+ <b>E</b> (default: off)
+ Toggles the pcre DOLLAR_ENDONLY flag. When this flag is on, a <b>$</b>
+ metacharacter in the pattern matches only at the end of the sub-
+ ject string. Without this flag, a dollar also matches immedi-
+ ately before the final character if it is a newline character
+ (but not before any other newline characters). This flag is
+ ignored if the pcre MULTILINE flag is set.
+
+ <b>U</b> (default: off)
+ Toggles the pcre UNGREEDY flag. When this flag is on, the pat-
+ tern matching engine inverts the "greediness" of the quantifiers
+ so that they are not greedy by default, but become greedy if
+ followed by "?". This flag can also set by a (?U) modifier
+ within the pattern.
+
+ <b>X</b> (default: off)
+ Toggles the pcre EXTRA flag. When this flag is on, any back-
+ slash in a pattern that is followed by a letter that has no spe-
+ cial meaning causes an error, thus reserving these combinations
+ for future expansion.
+
+ This feature is not supported with PCRE2.
+
+<b>SEARCH ORDER</b>
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the input string.
+
+ Each pattern is applied to the entire input string. Depending on the
+ application, that string is an entire client hostname, an entire client
+ IP address, or an entire mail address. Thus, no parent domain or par-
+ ent network search is done, and <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+<b>TEXT SUBSTITUTION</b>
+ Substitution of substrings (text that matches patterns inside "()")
+ from the matched expression into the result string is requested with
+ $1, $2, etc.; specify $$ to produce a $ character as output. The
+ macros in the result string may need to be written as ${n} or $(n) if
+ they aren't followed by whitespace. This feature does not support
+ pcre2 substring names.
+
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
+
+<b>INLINE SPECIFICATION</b>
+ The contents of a table may be specified in the table name (Postfix 3.7
+ and later). The basic syntax is:
+
+ <a href="postconf.5.html">main.cf</a>:
+ <i>parameter</i> <b>= .. <a href="pcre_table.5.html">pcre</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b>
+
+ <a href="master.5.html">master.cf</a>:
+ <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="pcre_table.5.html">pcre</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b>
+
+ Postfix ignores whitespace after '{' and before '}', and writes each
+ <i>rule</i> as one text line to an in-memory file:
+
+ in-memory file:
+ rule-1
+ rule-2
+ ..
+
+ Postfix parses the result as if it is a file in /etc/postfix.
+
+ Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to
+ do <i>$name</i> expansion as it evaluates a parameter value.
+
+<b>EXAMPLE SMTPD ACCESS MAP</b>
+ # Protect your outgoing majordomo exploders
+ /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead
+
+ # Bounce friend@whatever, except when whatever is our domain (you would
+ # be better just bouncing all friend@ mail - this is just an example).
+ /^(friend@(?!my\.domain$).*)$/ 550 Stick this in your pipe $1
+
+ # A multi-line entry. The text is sent as one line.
+ #
+ /^noddy@my\.domain$/
+ 550 This user is a funny one. You really don't want to send mail to
+ them as it only makes their head spin.
+
+<b>EXAMPLE HEADER FILTER MAP</b>
+ /^Subject: make money fast/ REJECT
+ /^To: friend@public\.com/ REJECT
+
+<b>EXAMPLE BODY FILTER MAP</b>
+ # First skip over base 64 encoded text to save CPU cycles.
+ # Requires PCRE version 3.
+ ~^[[:alnum:]+/]{60,}$~ OK
+
+ # Put your own body patterns here.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="regexp_table.5.html">regexp_table(5)</a>, format of POSIX regular expression tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>AUTHOR(S)</b>
+ The PCRE table lookup code was originally written by:
+ Andrew McNamara
+ andrewm@connect.com.au
+ connect.com.au Pty. Ltd.
+ Level 3, 213 Miller St
+ North Sydney, NSW, Australia
+
+ Adopted and adapted by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ PCRE_TABLE(5)
+</pre> </body> </html>
diff --git a/html/pgsql_table.5.html b/html/pgsql_table.5.html
new file mode 100644
index 0000000..964bd6d
--- /dev/null
+++ b/html/pgsql_table.5.html
@@ -0,0 +1,302 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - pgsql_table(5) </title>
+</head> <body> <pre>
+PGSQL_TABLE(5) PGSQL_TABLE(5)
+
+<b>NAME</b>
+ pgsql_table - Postfix PostgreSQL client configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="pgsql_table.5.html">pgsql</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="pgsql_table.5.html">pgsql</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as PostgreSQL databases.
+ In order to use PostgreSQL lookups, define a PostgreSQL source as a
+ lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="pgsql_table.5.html">pgsql</a>:/etc/postfix/pgsql-aliases.cf
+
+ The file /etc/postfix/pgsql-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
+
+<b>LIST MEMBERSHIP</b>
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
+
+<b>PGSQL PARAMETERS</b>
+ <b>hosts</b> The hosts that Postfix will try to connect to and query from.
+ Besides a <b>postgresql://</b> connection URI, this setting supports
+ the historical forms <b>unix:/</b><i>pathname</i> for UNIX-domain sockets and
+ <b>inet:</b><i>host:port</i> for TCP connections, where the <b>unix:</b> and <b>inet:</b>
+ prefixes are accepted and ignored for backwards compatibility.
+ Examples:
+ hosts = postgresql://username@example.com/tablename?sslmode=require
+ hosts = inet:host1.some.domain inet:host2.some.domain:port
+ hosts = host1.some.domain host2.some.domain:port
+ hosts = unix:/file/name
+
+ The hosts are tried in random order. The connections are auto-
+ matically closed after being idle for about 1 minute, and are
+ re-opened as necessary.
+
+ <b>user</b>
+
+ <b>password</b>
+ The user name and password to log into the pgsql server. Exam-
+ ple:
+ user = someone
+ password = some_password
+
+ <b>dbname</b> The database name on the servers. Example:
+ dbname = customer_database
+
+ <b>encoding</b>
+ The encoding used by the database client. The default setting
+ is:
+ encoding = UTF8
+ Historically, the database client was hard coded to use LATIN1
+ in an attempt to disable multibyte character support.
+
+ This feature is available in Postfix 3.8 and later.
+
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+
+ This parameter supports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later)
+
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ The above %S, %U and %D expansions are available with
+ Postfix 2.2 and later
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The above %1, ... %9 expansions are available with Post-
+ fix 2.2 and later
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is
+ non-empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ The precedence of this parameter has changed with Postfix 2.2,
+ in prior releases the precedence was, from highest to lowest,
+ <b>select_function</b>, <b>query</b>, <b>select_field</b>, ...
+
+ With Postfix 2.2 the <b>query</b> parameter has highest precedence, see
+ OBSOLETE QUERY INTERFACES below.
+
+ NOTE: DO NOT put quotes around the <b>query</b> parameter.
+
+ <b>result_format (default: %s</b>)
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
+
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
+ skipped.
+
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
+
+ <b>%[SUD1-9]</b>
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT put quotes around the result format!
+
+ <b>domain (default: no domain list)</b>
+ This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys with
+ a *non-empty* localpart and a matching domain are eligible for
+ lookup: 'user' lookups, bare domain lookups and "@domain"
+ lookups are not performed. This can significantly reduce the
+ query load on the PostgreSQL server.
+ domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
+
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
+
+ <b>expansion_limit (default: 0)</b>
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
+
+<b>OBSOLETE MAIN.CF PARAMETERS</b>
+ For compatibility with other Postfix lookup tables, PostgreSQL parame-
+ ters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as
+ PostgreSQL source a name that doesn't begin with a slash or a dot. The
+ PostgreSQL parameters will then be accessible as the name you've given
+ the source in its definition, an underscore, and the name of the param-
+ eter. For example, if the map is specified as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the
+ parameter "hosts" would be defined in <a href="postconf.5.html">main.cf</a> as "<i>pgsqlname</i>_hosts".
+
+ Note: with this form, the passwords for the PostgreSQL sources are
+ written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this
+ form will be removed in a future Postfix version.
+
+<b>OBSOLETE QUERY INTERFACES</b>
+ This section describes query interfaces that are deprecated as of Post-
+ fix 2.2. Please migrate to the new <b>query</b> interface as the old inter-
+ faces are slated to be phased out.
+
+ <b>select_function</b>
+ This parameter specifies a database function name. Example:
+ select_function = my_lookup_user_alias
+
+ This is equivalent to:
+ query = SELECT my_lookup_user_alias('%s')
+
+ This parameter overrides the legacy table-related fields
+ (described below). With Postfix versions prior to 2.2, it also
+ overrides the <b>query</b> parameter. Starting with Postfix 2.2, the
+ <b>query</b> parameter has highest precedence, and the <b>select_function</b>
+ parameter is deprecated.
+
+ The following parameters (with lower precedence than the <b>select_func-</b>
+ <b>tion</b> interface described above) can be used to build the SQL select
+ statement as follows:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The specifier %s is replaced with each lookup by the lookup key and is
+ escaped so if it contains single quotes or other odd characters, it
+ will not cause a parse error, or worse, a security problem.
+
+ Starting with Postfix 2.2, this interface is obsoleted by the more gen-
+ eral <b>query</b> interface described above. If higher precedence the <b>query</b> or
+ <b>select_function</b> parameters described above are defined, the parameters
+ described here are ignored.
+
+ <b>select_field</b>
+ The SQL "select" parameter. Example:
+ <b>select_field</b> = forw_addr
+
+ <b>table</b> The SQL "select .. from" table name. Example:
+ <b>table</b> = mxaliases
+
+ <b>where_field</b>
+ The SQL "select .. where" parameter. Example:
+ <b>where_field</b> = alias
+
+ <b>additional_conditions</b>
+ Additional conditions to the SQL query. Example:
+ <b>additional_conditions</b> = AND status = 'paid'
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
+ <a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
+ <a href="sqlite_table.5.html">sqlite_table(5)</a>, SQLite lookup tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ PgSQL support was introduced with Postfix version 2.1.
+
+<b>AUTHOR(S)</b>
+ Based on the MySQL client by:
+ Scott Cotton, Joshua Marcus
+ IC Group, Inc.
+
+ Ported to PostgreSQL by:
+ Aaron Sethman
+
+ Further enhanced by:
+ Liviu Daia
+ Institute of Mathematics of the Romanian Academy
+ P.O. BOX 1-764
+ RO-014700 Bucharest, ROMANIA
+
+ PGSQL_TABLE(5)
+</pre> </body> </html>
diff --git a/html/pickup.8.html b/html/pickup.8.html
new file mode 100644
index 0000000..b032e7f
--- /dev/null
+++ b/html/pickup.8.html
@@ -0,0 +1,132 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - pickup(8) </title>
+</head> <body> <pre>
+PICKUP(8) PICKUP(8)
+
+<b>NAME</b>
+ pickup - Postfix local mail pickup
+
+<b>SYNOPSIS</b>
+ <b>pickup</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon waits for hints that new mail has been dropped
+ into the <b>maildrop</b> directory, and feeds it into the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
+ Ill-formatted files are deleted without notifying the originator. This
+ program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+<b>STANDARDS</b>
+ None. The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon does not interact with the outside world.
+
+<b>SECURITY</b>
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is moderately security sensitive. It runs with
+ fixed low privilege and can run in a chrooted environment. However,
+ the program reads files from potentially hostile users. The <a href="pickup.8.html"><b>pickup</b>(8)</a>
+ daemon opens no files for writing, is careful about what files it opens
+ for reading, and does not actually touch any data that is sent to its
+ public service endpoint.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon copies mail from file to the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
+ It could avoid message copying overhead by sending a file descriptor
+ instead of file data, but then the already complex <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon
+ would have to deal with unfiltered user data.
+
+<b>CONFIGURATION PARAMETERS</b>
+ As the <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is a relatively long-running process, up to an
+ hour may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change takes effect. Use the command
+ "<b>postfix reload</b>" command to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>CONTENT INSPECTION CONTROLS</b>
+ <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
+
+ <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>SEE ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
+ <a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible interface
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting agent
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ PICKUP(8)
+</pre> </body> </html>
diff --git a/html/pipe.8.html b/html/pipe.8.html
new file mode 100644
index 0000000..a0e4678
--- /dev/null
+++ b/html/pipe.8.html
@@ -0,0 +1,506 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - pipe(8) </title>
+</head> <body> <pre>
+PIPE(8) PIPE(8)
+
+<b>NAME</b>
+ pipe - Postfix delivery to external command
+
+<b>SYNOPSIS</b>
+ <b>pipe</b> [generic Postfix daemon options] command_attributes...
+
+<b>DESCRIPTION</b>
+ The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon processes requests from the Postfix queue manager to
+ deliver messages to external commands. This program expects to be run
+ from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Message attributes such as sender address, recipient address and
+ next-hop host name can be specified as command-line macros that are
+ expanded before the external command is executed.
+
+ The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon updates queue files and marks recipients as fin-
+ ished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+<b>SINGLE-RECIPIENT DELIVERY</b>
+ Some destinations cannot handle more than one recipient per delivery
+ request. Examples are pagers or fax machines. In addition,
+ multi-recipient delivery is undesirable when prepending a <b>Delivered-to:</b>
+ or <b>X-Original-To:</b> message header.
+
+ To prevent Postfix from sending multiple recipients per delivery
+ request, specify
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
+
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for the pipe-based delivery
+ transport.
+
+<b>COMMAND ATTRIBUTE SYNTAX</b>
+ The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
+ end of a service definition. The syntax is as follows:
+
+ <b>chroot=</b><i>pathname</i> (optional)
+ Change the process root directory and working directory to the
+ named directory. This happens before switching to the privileges
+ specified with the <b>user</b> attribute, and before executing the
+ optional <b>directory=</b><i>pathname</i> directive. Delivery is deferred in
+ case of failure.
+
+ This feature is available as of Postfix 2.3.
+
+ <b>directory=</b><i>pathname</i> (optional)
+ Change to the named directory before executing the external com-
+ mand. The directory must be accessible for the user specified
+ with the <b>user</b> attribute (see below). The default working direc-
+ tory is <b>$<a href="postconf.5.html#queue_directory">queue_directory</a></b>. Delivery is deferred in case of fail-
+ ure.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>eol=</b><i>string</i> (optional, default: <b>\n</b>)
+ The output record delimiter. Typically one would use either <b>\r\n</b>
+ or <b>\n</b>. The usual C-style backslash escape sequences are recog-
+ nized: <b>\a \b \f \n \r \t \v \</b><i>ddd</i> (up to three octal digits) and
+ <b>\\</b>.
+
+ <b>flags=BDFORXhqu.</b>&gt; (optional)
+ Optional message processing flags. By default, a message is
+ copied unchanged.
+
+ <b>B</b> Append a blank line at the end of each message. This is
+ required by some mail user agents that recognize "<b>From</b> "
+ lines only when preceded by a blank line.
+
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ SINGLE-RECIPIENT DELIVERY above for details).
+
+ The <b>D</b> flag also enforces loop detection (Postfix 2.5 and
+ later): if a message already contains a <b>Delivered-To:</b>
+ header with the same recipient address, then the message
+ is returned as undeliverable. The address comparison is
+ case insensitive.
+
+ This feature is available as of Postfix 2.0.
+
+ <b>F</b> Prepend a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to the
+ message content. This is expected by, for example, <b>UUCP</b>
+ software.
+
+ <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
+ the recipient address as given to Postfix. Note: for this
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
+
+ This feature is available as of Postfix 2.0.
+
+ <b>R</b> Prepend a <b>Return-Path:</b> message header with the envelope
+ sender address.
+
+ <b>X</b> Indicate that the external command performs final deliv-
+ ery. This flag affects the status reported in "success"
+ DSN (delivery status notification) messages, and changes
+ it from "relayed" into "delivered".
+
+ This feature is available as of Postfix 2.5.
+
+ <b>h</b> Fold the command-line <b>$original_recipient</b> and <b>$recipient</b>
+ address domain part (text to the right of the right-most
+ <b>@</b> character) to lower case; fold the entire command-line
+ <b>$domain</b> and <b>$nexthop</b> host or domain information to lower
+ case. This is recommended for delivery via <b>UUCP</b>.
+
+ <b>q</b> Quote white space and other special characters in the
+ command-line <b>$sender</b>, <b>$original_recipient</b> and <b>$recipient</b>
+ address localparts (text to the left of the right-most <b>@</b>
+ character), according to an 8-bit transparent version of
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended for delivery via <b>UUCP</b> or
+ <b>BSMTP</b>.
+
+ The result is compatible with the address parsing of com-
+ mand-line recipients by the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> mail sub-
+ mission command.
+
+ The <b>q</b> flag affects only entire addresses, not the partial
+ address information from the <b>$user</b>, <b>$extension</b> or <b>$mail-</b>
+ <b>box</b> command-line macros.
+
+ <b>u</b> Fold the command-line <b>$original_recipient</b> and <b>$recipient</b>
+ address localpart (text to the left of the right-most <b>@</b>
+ character) to lower case. This is recommended for deliv-
+ ery via <b>UUCP</b>.
+
+ <b>.</b> Prepend "<b>.</b>" to lines starting with "<b>.</b>". This is needed
+ by, for example, <b>BSMTP</b> software.
+
+ &gt; Prepend "&gt;" to lines starting with "<b>From</b> ". This is
+ expected by, for example, <b>UUCP</b> software.
+
+ <b>null_sender</b>=<i>replacement</i> (default: MAILER-DAEMON)
+ Replace the null sender address (typically used for delivery
+ status notifications) with the specified text when expanding the
+ <b>$sender</b> command-line macro, and when generating a From_ or
+ Return-Path: message header.
+
+ If the null sender replacement text is a non-empty string then
+ it is affected by the <b>q</b> flag for address quoting in command-line
+ arguments.
+
+ The null sender replacement text may be empty; this form is rec-
+ ommended for content filters that feed mail back into Postfix.
+ The empty sender address is not affected by the <b>q</b> flag for
+ address quoting in command-line arguments.
+
+ Caution: a null sender address is easily mis-parsed by naive
+ software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon executes a com-
+ mand such as:
+
+ <i>Wrong</i>: command -f$sender -- $recipient
+
+ the command will mis-parse the -f option value when the sender
+ address is a null string. For correct parsing, specify <b>$sender</b>
+ as an argument by itself:
+
+ <i>Right</i>: command -f $sender -- $recipient
+ NOTE: DO NOT put quotes around the command, $sender, or $recipi-
+ ent.
+
+ This feature is available as of Postfix 2.3.
+
+ <b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional)
+ Don't deliver messages that exceed this size limit (in bytes);
+ return them to the sender instead.
+
+ <b>user</b>=<i>username</i> (required)
+
+ <b>user</b>=<i>username</i>:<i>groupname</i>
+ Execute the external command with the user ID and group ID of
+ the specified <i>username</i>. The software refuses to execute com-
+ mands with root privileges, or with the privileges of the mail
+ system owner. If <i>groupname</i> is specified, the corresponding group
+ ID is used instead of the group ID of <i>username</i>.
+
+ <b>argv</b>=<i>command</i>... (required)
+ The command to be executed. This must be specified as the last
+ command attribute. The command is executed directly, i.e. with-
+ out interpretation of shell meta characters by a shell command
+ interpreter.
+
+ Specify "{" and "}" around command arguments that contain white-
+ space (Postfix 3.0 and later). Whitespace after the opening "{"
+ and before the closing "}" is ignored.
+
+ In the command argument vector, the following macros are recog-
+ nized and replaced with corresponding information from the Post-
+ fix queue manager delivery request.
+
+ In addition to the form ${<i>name</i>}, the forms $<i>name</i> and the depre-
+ cated form $(<i>name</i>) are also recognized. Specify <b>$$</b> where a sin-
+ gle <b>$</b> is wanted.
+
+ <b>${client_address}</b>
+ This macro expands to the remote client network address.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${client_helo}</b>
+ This macro expands to the remote client HELO command
+ parameter.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${client_hostname}</b>
+ This macro expands to the remote client hostname.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${client_port}</b>
+ This macro expands to the remote client TCP port number.
+
+ This feature is available as of Postfix 2.5.
+
+ <b>${client_protocol}</b>
+ This macro expands to the remote client protocol.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${domain}</b>
+ This macro expands to the domain portion of the recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the domain is <i>domain</i>.
+
+ This information is modified by the <b>h</b> flag for case fold-
+ ing.
+
+ This feature is available as of Postfix 2.5.
+
+ <b>${extension}</b>
+ This macro expands to the extension part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the extension is <i>foo</i>.
+
+ A command-line argument that contains <b>${extension}</b>
+ expands into as many command-line arguments as there are
+ recipients.
+
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
+
+ <b>${mailbox}</b>
+ This macro expands to the complete local part of a recip-
+ ient address. For example, with an address
+ <i>user+foo@domain</i> the mailbox is <i>user+foo</i>.
+
+ A command-line argument that contains <b>${mailbox}</b> expands
+ to as many command-line arguments as there are recipi-
+ ents.
+
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
+
+ <b>${nexthop}</b>
+ This macro expands to the next-hop hostname.
+
+ This information is modified by the <b>h</b> flag for case fold-
+ ing.
+
+ <b>${original_recipient}</b>
+ This macro expands to the complete recipient address
+ before any address rewriting or aliasing.
+
+ A command-line argument that contains <b>${original_recipi-</b>
+ <b>ent}</b> expands to as many command-line arguments as there
+ are recipients.
+
+ This information is modified by the <b>hqu</b> flags for quoting
+ and case folding.
+
+ This feature is available as of Postfix 2.5.
+
+ <b>${queue_id}</b>
+ This macro expands to the queue id.
+
+ This feature is available as of Postfix 2.11.
+
+ <b>${recipient}</b>
+ This macro expands to the complete recipient address.
+
+ A command-line argument that contains <b>${recipient}</b>
+ expands to as many command-line arguments as there are
+ recipients.
+
+ This information is modified by the <b>hqu</b> flags for quoting
+ and case folding.
+
+ <b>${sasl_method}</b>
+ This macro expands to the name of the SASL authentication
+ mechanism in the AUTH command when the Postfix SMTP
+ server received the message.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${sasl_sender}</b>
+ This macro expands to the SASL sender name (i.e. the
+ original submitter as per <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
+ mand when the Postfix SMTP server received the message.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${sasl_username}</b>
+ This macro expands to the SASL user name in the AUTH com-
+ mand when the Postfix SMTP server received the message.
+
+ This feature is available as of Postfix 2.2.
+
+ <b>${sender}</b>
+ This macro expands to the envelope sender address. By
+ default, the null sender address expands to MAILER-DAE-
+ MON; this can be changed with the <b>null_sender</b> attribute,
+ as described above.
+
+ This information is modified by the <b>q</b> flag for quoting.
+
+ <b>${size}</b>
+ This macro expands to Postfix's idea of the message size,
+ which is an approximation of the size of the message as
+ delivered.
+
+ <b>${user}</b>
+ This macro expands to the username part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the username part is <i>user</i>.
+
+ A command-line argument that contains <b>${user}</b> expands
+ into as many command-line arguments as there are recipi-
+ ents.
+
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+
+<b>DIAGNOSTICS</b>
+ Command exit status codes are expected to follow the conventions
+ defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means normal successful comple-
+ tion.
+
+ In the case of a non-zero exit status, a limited amount of command out-
+ put is logged, and reported in a delivery status notification. When
+ the output begins with a 4.X.X or 5.X.X enhanced status code, the sta-
+ tus code takes precedence over the non-zero exit status (Postfix ver-
+ sion 2.3 and later).
+
+ After successful delivery (zero exit status) a limited amount of com-
+ mand output is logged, and reported in "success" delivery status noti-
+ fications (Postfix 3.0 and later). This command output is not examined
+ for the presence of an enhanced status code.
+
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
+
+<b>SECURITY</b>
+ This program needs a dual personality 1) to access the private Postfix
+ queue and IPC mechanisms, and 2) to execute external commands as the
+ specified user. It is therefore security sensitive.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a> processes run
+ for only a limited amount of time. Use the command "<b>postfix reload</b>" to
+ speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
+
+ <b><a href="postconf.5.html#transport_time_limit">transport_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parame-
+ ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
+ delivery transport.
+
+ Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#pipe_delivery_status_filter">pipe_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
+ Optional filter for the <a href="pipe.8.html"><b>pipe</b>(8)</a> delivery agent to change the
+ delivery status code or explanatory text of successful or unsuc-
+ cessful deliveries.
+
+ Available in Postfix version 3.3 and later:
+
+ <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
+ aliasing or with canonical mapping).
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ PIPE(8)
+</pre> </body> </html>
diff --git a/html/postalias.1.html b/html/postalias.1.html
new file mode 100644
index 0000000..7b61802
--- /dev/null
+++ b/html/postalias.1.html
@@ -0,0 +1,253 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postalias(1) </title>
+</head> <body> <pre>
+POSTALIAS(1) POSTALIAS(1)
+
+<b>NAME</b>
+ postalias - Postfix alias database maintenance
+
+<b>SYNOPSIS</b>
+ <b>postalias</b> [<b>-Nfinoprsuvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
+ [<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
+
+<b>DESCRIPTION</b>
+ The <a href="postalias.1.html"><b>postalias</b>(1)</a> command creates or queries one or more Postfix alias
+ databases, or updates an existing one. The input and output file for-
+ mats are expected to be compatible with Sendmail version 8, and are
+ expected to be suitable for use as NIS alias maps.
+
+ If the result files do not exist they will be created with the same
+ group and other read permissions as their source file.
+
+ While a database update is in progress, signal delivery is postponed,
+ and an exclusive, advisory, lock is placed on the entire database, in
+ order to avoid surprises in spectator processes.
+
+ The format of Postfix alias input files is described in <a href="aliases.5.html"><b>aliases</b>(5)</a>.
+
+ By default the lookup key is mapped to lowercase to make the lookups
+ case insensitive; as of Postfix 2.3 this case folding happens only with
+ tables whose lookup keys are fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or
+ <a href="DATABASE_README.html#types">hash</a>:. With earlier versions, the lookup key is folded even with tables
+ where a lookup field can match both upper and lower case text, such as
+ <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in loss of information with $<i>number</i>
+ substitutions.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one entry per map.
+ The exit status is zero when the requested information was
+ found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream. The exit status is zero when at
+ least one of the requested keys was found.
+
+ <b>-f</b> Do not fold the lookup key to lower case while creating or
+ querying a table.
+
+ With Postfix version 2.3 and later, this option has no effect
+ for regular expression tables. There, case folding is controlled
+ by appending a flag to a pattern.
+
+ <b>-i</b> Incremental mode. Read entries from standard input and do not
+ truncate an existing database. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> creates
+ a new database from the entries in <i>file</i><b>_</b><i>name</i>.
+
+ <b>-N</b> Include the terminating null character that terminates lookup
+ keys and values. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> does whatever is the
+ default for the host operating system.
+
+ <b>-n</b> Don't include the terminating null character that terminates
+ lookup keys and values. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> does whatever
+ is the default for the host operating system.
+
+ <b>-o</b> Do not release root privileges when processing a non-root input
+ file. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> drops root privileges and runs as
+ the source file owner instead.
+
+ <b>-p</b> Do not inherit the file access permissions from the input file
+ when creating a new file. Instead, create a new file with
+ default access permissions (mode 0644).
+
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the first value
+ found to the standard output stream. The exit status is zero
+ when the requested information was found.
+
+ Note: this performs a single query with the key as specified,
+ and does not make iterative queries with substrings of the key
+ as described in the <a href="aliases.5.html">aliases(5)</a> manual page.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream and writes one line of <i>key: value</i>
+ output for each key that was found. The exit status is zero when
+ at least one of the requested keys was found.
+
+ <b>-r</b> When updating a table, do not complain about attempts to update
+ existing entries, and make those updates anyway.
+
+ <b>-s</b> Retrieve all database elements, and write one line of <i>key: value</i>
+ output for each element. The elements are printed in database
+ order, which is not necessarily the same as the original input
+ order. This feature is available in Postfix version 2.2 and
+ later, and is not available for all database types.
+
+ <b>-u</b> Disable UTF-8 support. UTF-8 support is enabled by default when
+ "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes". It requires that keys and values are
+ valid UTF-8 strings.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+ <b>-w</b> When updating a table, do not complain about attempts to update
+ existing entries, and ignore those attempts.
+
+ Arguments:
+
+ <i>file</i><b>_</b><i>type</i>
+ The database type. To find out what types are supported, use the
+ "<b>postconf -m</b>" command.
+
+ The <a href="postalias.1.html"><b>postalias</b>(1)</a> command can query any supported file type, but
+ it can create only the following file types:
+
+ <b>btree</b> The output is a btree file, named <i>file</i><b>_</b><i>name</i><b>.db</b>. This is
+ available on systems with support for <b>db</b> databases.
+
+ <b>cdb</b> The output is one file named <i>file</i><b>_</b><i>name</i><b>.cdb</b>. This is
+ available on systems with support for <b>cdb</b> databases.
+
+ <b>dbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>dbm</b> databases.
+
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging only. This table exists to
+ simplify Postfix error tests.
+
+ <b>hash</b> The output is a hashed file, named <i>file</i><b>_</b><i>name</i><b>.db</b>. This is
+ available on systems with support for <b>db</b> databases.
+
+ <b>lmdb</b> The output is a btree-based file, named <i>file</i><b>_</b><i>name</i><b>.lmdb</b>.
+ <b>lmdb</b> supports concurrent writes and reads from different
+ processes, unlike other supported file-based tables.
+ This is available on systems with support for <b>lmdb</b> data-
+ bases.
+
+ <b>sdbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>sdbm</b> databases.
+
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses the database
+ type specified via the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. The default value for this parameter depends on the
+ host environment.
+
+ <i>file</i><b>_</b><i>name</i>
+ The name of the alias database source file when creating a data-
+ base.
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. No output means that no problems were detected. Duplicate
+ entries are skipped and are flagged with a warning.
+
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> terminates with zero exit status in case of success
+ (including successful "<b>postalias -q</b>" lookup) and terminates with
+ non-zero exit status in case of failure.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b>
+ Enable verbose logging for debugging purposes.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> (16777216)</b>
+ The per-table I/O buffer size for programs that create Berkeley
+ DB hash or btree tables.
+
+ <b><a href="postconf.5.html#berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> (131072)</b>
+ The per-table I/O buffer size for programs that read Berkeley DB
+ hash or btree tables.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 2.11 and later:
+
+ <b><a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (16777216)</b>
+ The initial OpenLDAP LMDB database size limit in bytes.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+
+<b>SEE ALSO</b>
+ <a href="aliases.5.html">aliases(5)</a>, format of alias database input file.
+ <a href="local.8.html">local(8)</a>, Postfix local delivery agent.
+ <a href="postconf.1.html">postconf(1)</a>, supported database types
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postmap.1.html">postmap(1)</a>, create/update/query lookup tables
+ <a href="newaliases.1.html">newaliases(1)</a>, Sendmail compatibility interface.
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTALIAS(1)
+</pre> </body> </html>
diff --git a/html/postcat.1.html b/html/postcat.1.html
new file mode 100644
index 0000000..4c61c52
--- /dev/null
+++ b/html/postcat.1.html
@@ -0,0 +1,116 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postcat(1) </title>
+</head> <body> <pre>
+POSTCAT(1) POSTCAT(1)
+
+<b>NAME</b>
+ postcat - show Postfix queue file contents
+
+<b>SYNOPSIS</b>
+ <b>postcat</b> [<b>-bdehnoqv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
+
+<b>DESCRIPTION</b>
+ The <a href="postcat.1.html"><b>postcat</b>(1)</a> command prints the contents of the named <i>files</i> in
+ human-readable form. The files are expected to be in Postfix queue file
+ format. If no <i>files</i> are specified on the command line, the program
+ reads from standard input.
+
+ By default, <a href="postcat.1.html"><b>postcat</b>(1)</a> shows the envelope and message content, as if
+ the options <b>-beh</b> were specified. To view message content only, specify
+ <b>-bh</b> (Postfix 2.7 and later).
+
+ Options:
+
+ <b>-b</b> Show body content. The <b>-b</b> option starts producing output at the
+ first non-header line, and stops when the end of the message is
+ reached.
+
+ This feature is available in Postfix 2.7 and later.
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
+
+ <b>-d</b> Print the decimal type of each record.
+
+ <b>-e</b> Show message envelope content.
+
+ This feature is available in Postfix 2.7 and later.
+
+ <b>-h</b> Show message header content. The <b>-h</b> option produces output from
+ the beginning of the message up to, but not including, the first
+ non-header line.
+
+ This feature is available in Postfix 2.7 and later.
+
+ <b>-o</b> Print the queue file offset of each record.
+
+ <b>-q</b> Search the Postfix queue for the named <i>files</i> instead of taking
+ the names literally.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>-r</b> Print records in file order, don't follow pointer records.
+
+ This feature is available in Postfix 3.7 and later.
+
+ <b>-s</b> <i>offset</i>
+ Skip to the specified queue file offset.
+
+ This feature is available in Postfix 3.7 and later.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>DIAGNOSTICS</b>
+ Problems are reported to the standard error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+<b>FILES</b>
+ /var/spool/postfix, Postfix queue directory
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, Postfix configuration
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTCAT(1)
+</pre> </body> </html>
diff --git a/html/postconf.1.html b/html/postconf.1.html
new file mode 100644
index 0000000..4269a5e
--- /dev/null
+++ b/html/postconf.1.html
@@ -0,0 +1,567 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postconf(1) </title>
+</head> <body> <pre>
+POSTCONF(1) POSTCONF(1)
+
+<b>NAME</b>
+ postconf - Postfix configuration utility
+
+<b>SYNOPSIS</b>
+ <b>Managing <a href="postconf.5.html">main.cf</a>:</b>
+
+ <b>postconf</b> [<b>-dfhHnopvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-C</b> <i>class,...</i>] [<i>parameter ...</i>]
+
+ <b>postconf</b> [<b>-epv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter</i><b>=</b><i>value ...</i>
+
+ <b>postconf -#</b> [<b>-pv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter ...</i>
+
+ <b>postconf -X</b> [<b>-pv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter ...</i>
+
+ <b>Managing <a href="master.5.html">master.cf</a> service entries:</b>
+
+ <b>postconf -M</b> [<b>-fovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>] <i>...</i>]
+
+ <b>postconf -M</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>=</b><i>value ...</i>
+
+ <b>postconf -M#</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
+
+ <b>postconf -MX</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
+
+ <b>Managing <a href="master.5.html">master.cf</a> service fields:</b>
+
+ <b>postconf -F</b> [<b>-fhHovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>field</i>]] <i>...</i>]
+
+ <b>postconf -F</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>field</i><b>=</b><i>value ...</i>
+
+ <b>Managing <a href="master.5.html">master.cf</a> service parameters:</b>
+
+ <b>postconf -P</b> [<b>-fhHovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>parameter</i>]] <i>...</i>]
+
+ <b>postconf -P</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter</i><b>=</b><i>value ...</i>
+
+ <b>postconf -PX</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter ...</i>
+
+ <b>Managing bounce message templates:</b>
+
+ <b>postconf -b</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
+
+ <b>postconf -t</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
+
+ <b>Managing TLS features:</b>
+
+ <b>postconf -T</b> <i>mode</i> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
+
+ <b>Managing other configuration:</b>
+
+ <b>postconf -a</b>|<b>-A</b>|<b>-l</b>|<b>-m</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
+
+<b>DESCRIPTION</b>
+ By default, the <a href="postconf.1.html"><b>postconf</b>(1)</a> command displays the values of <a href="postconf.5.html"><b>main.cf</b></a> con-
+ figuration parameters, and warns about possible mis-typed parameter
+ names (Postfix 2.9 and later). The command can also change <a href="postconf.5.html"><b>main.cf</b></a>
+ configuration parameter values, or display other configuration informa-
+ tion about the Postfix mail system.
+
+ Options:
+
+ <b>-a</b> List the available SASL plug-in types for the Postfix SMTP
+ server. The plug-in type is selected with the <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>
+ configuration parameter by specifying one of the names listed
+ below.
+
+ <b>cyrus</b> This server plug-in is available when Postfix is built
+ with Cyrus SASL support.
+
+ <b>dovecot</b>
+ This server plug-in uses the Dovecot authentication
+ server, and is available when Postfix is built with any
+ form of SASL support.
+
+ This feature is available with Postfix 2.3 and later.
+
+ <b>-A</b> List the available SASL plug-in types for the Postfix SMTP
+ client. The plug-in type is selected with the <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or
+ <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> configuration parameters by specifying one of the
+ names listed below.
+
+ <b>cyrus</b> This client plug-in is available when Postfix is built
+ with Cyrus SASL support.
+
+ This feature is available with Postfix 2.3 and later.
+
+ <b>-b</b> [<i>template</i><b>_</b><i>file</i>]
+ Display the message text that appears at the beginning of deliv-
+ ery status notification (DSN) messages, expanding $<b>name</b> expres-
+ sions with actual values as described in <a href="bounce.5.html"><b>bounce</b>(5)</a>.
+
+ To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
+ a template file name at the end of the "<b>postconf -b</b>" command
+ line. Specify an empty file name to display built-in templates
+ (in shell language: "").
+
+ This feature is available with Postfix 2.3 and later.
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
+
+ <b>-C</b> <i>class,...</i>
+ When displaying <a href="postconf.5.html"><b>main.cf</b></a> parameters, select only parameters from
+ the specified class(es):
+
+ <b>builtin</b>
+ Parameters with built-in names.
+
+ <b>service</b>
+ Parameters with service-defined names (the first field of
+ a <a href="master.5.html"><b>master.cf</b></a> entry plus a Postfix-defined suffix).
+
+ <b>user</b> Parameters with user-defined names.
+
+ <b>all</b> All the above classes.
+
+ The default is as if "<b>-C all</b>" is specified.
+
+ This feature is available with Postfix 2.9 and later.
+
+ <b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set-
+ tings. Specify <b>-df</b> to fold long lines for human readability
+ (Postfix 2.9 and later).
+
+ <b>-e</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and update parameter set-
+ tings with the "<i>name=value</i>" pairs on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
+ line.
+
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
+ or more service entries with new values as specified with "<i>ser-</i>
+ <i>vice/type=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ With <b>-F</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
+ or more service fields with new values as specified with "<i>ser-</i>
+ <i>vice/type/field=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Cur-
+ rently, the "command" field contains the command name and com-
+ mand arguments. This may change in the near future, so that the
+ "command" field contains only the command name, and a new "argu-
+ ments" pseudofield contains the command arguments.
+
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and add or
+ update one or more service parameter settings (-o parame-
+ ter=value settings) with new values as specified with "<i>ser-</i>
+ <i>vice/type/parameter=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters and
+ whitespace on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ The <b>-e</b> option is no longer needed with Postfix version 2.8 and
+ later, as it is assumed whenever a value is specified (empty or
+ non-empty).
+
+ <b>-f</b> Fold long lines when printing <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> configuration
+ file entries, for human readability.
+
+ This feature is available with Postfix 2.9 and later.
+
+ <b>-F</b> Show <a href="master.5.html"><b>master.cf</b></a> per-entry field settings (by default all services
+ and all fields), formatted as "<i>service/type/field=value</i>", one
+ per line. Specify <b>-Ff</b> to fold long lines.
+
+ Specify one or more "<i>service/type/field</i>" instances on the <a href="postconf.1.html"><b>post-</b></a>
+ <a href="postconf.1.html"><b>conf</b>(1)</a> command line to limit the output to fields of interest.
+ Trailing parameter name or service type fields that are omitted
+ will be handled as "*" wildcard fields.
+
+ This feature is available with Postfix 2.11 and later.
+
+ <b>-h</b> Show parameter or attribute values without the "<i>name</i> = " label
+ that normally precedes the value.
+
+ <b>-H</b> Show parameter or attribute names without the " = <i>value</i>" that
+ normally follows the name.
+
+ This feature is available with Postfix 3.1 and later.
+
+ <b>-l</b> List the names of all supported mailbox locking methods. Post-
+ fix supports the following methods:
+
+ <b>flock</b> A kernel-based advisory locking method for local files
+ only. This locking method is available on systems with a
+ BSD compatible library.
+
+ <b>fcntl</b> A kernel-based advisory locking method for local and
+ remote files.
+
+ <b>dotlock</b>
+ An application-level locking method. An application locks
+ a file named <i>filename</i> by creating a file named <i>file-</i>
+ <i>name</i><b>.lock</b>. The application is expected to remove its own
+ lock file, as well as stale lock files that were left
+ behind after abnormal program termination.
+
+ <b>-m</b> List the names of all supported lookup table types. In Postfix
+ configuration files, lookup tables are specified as <i>type</i><b>:</b><i>name</i>,
+ where <i>type</i> is one of the types listed below. The table <i>name</i> syn-
+ tax depends on the lookup table type as described in the <a href="DATABASE_README.html">DATA</a>-
+ <a href="DATABASE_README.html">BASE_README</a> document.
+
+ <b>btree</b> A sorted, balanced tree structure. Available on systems
+ with support for Berkeley DB databases.
+
+ <b>cdb</b> A read-optimized structure with no support for incremen-
+ tal updates. Available on systems with support for CDB
+ databases.
+
+ This feature is available with Postfix 2.2 and later.
+
+ <b>cidr</b> A table that associates values with Classless
+ Inter-Domain Routing (CIDR) patterns. This is described
+ in <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.2 and later.
+
+ <b>dbm</b> An indexed file type based on hashing. Available on sys-
+ tems with support for DBM databases.
+
+ <b>environ</b>
+ The UNIX process environment array. The lookup key is the
+ environment variable name; the table name is ignored.
+ Originally implemented for testing, someone may find this
+ useful someday.
+
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging. This table exists to sim-
+ plify Postfix error tests.
+
+ This feature is available with Postfix 2.9 and later.
+
+ <b>hash</b> An indexed file type based on hashing. Available on sys-
+ tems with support for Berkeley DB databases.
+
+ <b>inline</b> (read-only)
+ A non-shared, in-memory lookup table. Example: "<b><a href="DATABASE_README.html#types">inline</a>:{</b>
+ <i>key</i><b>=</b><i>value</i><b>, {</b> <i>key</i> <b>=</b> <i>text with whitespace or comma</i> <b>}}</b>".
+ Key-value pairs are separated by whitespace or comma;
+ with a key-value pair inside "<b>{}</b>", whitespace is ignored
+ after the opening "<b>{</b>", around the "<b>=</b>" between key and
+ value, and before the closing "<b>}</b>". Inline tables elimi-
+ nate the need to create a database file for just a few
+ fixed elements. See also the <i><a href="DATABASE_README.html#types">static</a>:</i> map type.
+
+ This feature is available with Postfix 3.0 and later.
+
+ <b>internal</b>
+ A non-shared, in-memory hash table. Its content are lost
+ when a process terminates.
+
+ <b>lmdb</b> OpenLDAP LMDB database (a memory-mapped, persistent
+ file). Available on systems with support for LMDB data-
+ bases. This is described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.11 and later.
+
+ <b>ldap</b> (read-only)
+ LDAP database client. This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
+
+ <b>memcache</b>
+ Memcache database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
+ <a href="memcache_table.5.html"><b>cache_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.9 and later.
+
+ <b>mysql</b> (read-only)
+ MySQL database client. Available on systems with support
+ for MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
+ <a href="mysql_table.5.html"><b>ble</b>(5)</a>.
+
+ <b>pcre</b> (read-only)
+ A lookup table based on Perl Compatible Regular Expres-
+ sions. The file format is described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ <b>pgsql</b> (read-only)
+ PostgreSQL database client. This is described in
+ <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.1 and later.
+
+ <b>pipemap</b> (read-only)
+ A lookup table that constructs a pipeline of tables.
+ Example: "<b><a href="DATABASE_README.html#types">pipemap</a>:{</b><i>type</i><b>_</b><i>1:name</i><b>_</b><i>1, ..., type</i><b>_</b><i>n:name</i><b>_</b><i>n</i><b>}</b>".
+ Each "<a href="DATABASE_README.html#types">pipemap</a>:" query is given to the first table. Each
+ lookup result becomes the query for the next table in the
+ pipeline, and the last table produces the final result.
+ When any table lookup produces no result, the pipeline
+ produces no result. The first and last characters of the
+ "<a href="DATABASE_README.html#types">pipemap</a>:" table name must be "<b>{</b>" and "<b>}</b>". Within these,
+ individual maps are separated with comma or whitespace.
+
+ This feature is available with Postfix 3.0 and later.
+
+ <b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access to Postfix
+ databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
+
+ This feature is available with Postfix 2.0 and later.
+
+ <b>randmap</b> (read-only)
+ An in-memory table that performs random selection. Exam-
+ ple: "<b><a href="DATABASE_README.html#types">randmap</a>:{</b><i>result</i><b>_</b><i>1, ..., result</i><b>_</b><i>n</i><b>}</b>". Each table
+ query returns a random choice from the specified results.
+ The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table
+ name must be "<b>{</b>" and "<b>}</b>". Within these, individual
+ results are separated with comma or whitespace. To give a
+ specific result more weight, specify it multiple times.
+
+ This feature is available with Postfix 3.0 and later.
+
+ <b>regexp</b> (read-only)
+ A lookup table based on regular expressions. The file
+ format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
+
+ <b>sdbm</b> An indexed file type based on hashing. Available on sys-
+ tems with support for SDBM databases.
+
+ This feature is available with Postfix 2.2 and later.
+
+ <b>socketmap</b> (read-only)
+ Sendmail-style socketmap client. The table name is
+ <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
+ <i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
+ <a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.10 and later.
+
+ <b>sqlite</b> (read-only)
+ SQLite database. This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
+
+ This feature is available with Postfix 2.8 and later.
+
+ <b>static</b> (read-only)
+ A table that always returns its name as lookup result.
+ For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
+ <b>bar</b> as lookup result. Specify "<b><a href="DATABASE_README.html#types">static</a>:{</b> <i>text with white-</i>
+ <i>space</i> <b>}</b>" when the result contains whitespace; this form
+ ignores whitespace after the opening "<b>{</b>" and before the
+ closing "<b>}</b>". See also the <i><a href="DATABASE_README.html#types">inline</a>:</i> map.
+
+ The form "<b><a href="DATABASE_README.html#types">static</a>:{</b><i>text</i><b>}</b> is available with Postfix 3.0 and
+ later.
+
+ <b>tcp</b> (read-only)
+ TCP/IP client. The protocol is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
+
+ <b>texthash</b> (read-only)
+ Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
+ don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
+ use the file, and that it does not detect changes after
+ the file is read.
+
+ This feature is available with Postfix 2.8 and later.
+
+ <b>unionmap</b> (read-only)
+ A table that sends each query to multiple lookup tables
+ and that concatenates all found results, separated by
+ comma. The table name syntax is the same as for <b>pipemap</b>.
+
+ This feature is available with Postfix 3.0 and later.
+
+ <b>unix</b> (read-only)
+ A limited view of the UNIX authentication database. The
+ following tables are implemented:
+
+ <b>unix:passwd.byname</b>
+ The table is the UNIX password database. The key
+ is a login name. The result is a password file
+ entry in <b>passwd</b>(5) format.
+
+ <b>unix:group.byname</b>
+ The table is the UNIX group database. The key is a
+ group name. The result is a group file entry in
+ <b>group</b>(5) format.
+
+ Other table types may exist depending on how Postfix was built.
+
+ <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
+ Specify <b>-Mf</b> to fold long lines for human readability.
+
+ Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
+ <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
+ field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
+ <b>unix</b>, <b>fifo</b>, or <b>pass</b>).
+
+ If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
+ the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
+ "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
+ "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
+ listens on the network. Trailing service type fields that are
+ omitted will be handled as "*" wildcard fields.
+
+ This feature is available with Postfix 2.9 and later. The syntax
+ was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
+ support was added with Postfix 2.11.
+
+ <b>-n</b> Show only configuration parameters that have explicit <i>name=value</i>
+ settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
+ readability (Postfix 2.9 and later). To show settings that dif-
+ fer from built-in defaults only, use the following bash syntax:
+ LANG=C comm -23 &lt;(postconf -n) &lt;(postconf -d)
+ Replace "-23" with "-12" to show settings that duplicate
+ built-in defaults.
+
+ <b>-o</b> <i>name=value</i>
+ Override <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This lets you see the
+ effect changing a parameter would have when it is used in other
+ configuration parameters, e.g.:
+ postconf -x -o stress=yes
+
+ This feature is available with Postfix 2.10 and later.
+
+ <b>-p</b> Show <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This is the default.
+
+ This feature is available with Postfix 2.11 and later.
+
+ <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
+ vices and all parameters), formatted as "<i>service/type/parame-</i>
+ <i>ter=value</i>", one per line. Specify <b>-Pf</b> to fold long lines.
+
+ Specify one or more "<i>service/type/parameter</i>" instances on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
+ interest. Trailing parameter name or service type fields that
+ are omitted will be handled as "*" wildcard fields.
+
+ This feature is available with Postfix 2.11 and later.
+
+ <b>-t</b> [<i>template</i><b>_</b><i>file</i>]
+ Display the templates for text that appears at the beginning of
+ delivery status notification (DSN) messages, without expanding
+ $<b>name</b> expressions.
+
+ To override the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter setting, specify
+ a template file name at the end of the "<b>postconf -t</b>" command
+ line. Specify an empty file name to display built-in templates
+ (in shell language: "").
+
+ This feature is available with Postfix 2.3 and later.
+
+ <b>-T</b> <i>mode</i>
+ If Postfix is compiled without TLS support, the <b>-T</b> option pro-
+ duces no output. Otherwise, if an invalid <i>mode</i> is specified,
+ the <b>-T</b> option reports an error and exits with a non-zero status
+ code. The valid modes are:
+
+ <b>compile-version</b>
+ Output the OpenSSL version that Postfix was compiled with
+ (i.e. the OpenSSL version in a header file). The output
+ format is the same as with the command "<b>openssl version</b>".
+
+ <b>run-version</b>
+ Output the OpenSSL version that Postfix is linked with at
+ runtime (i.e. the OpenSSL version in a shared library).
+
+ <b>public-key-algorithms</b>
+ Output the lower-case names of the supported public-key
+ algorithms, one per-line.
+
+ This feature is available with Postfix 3.1 and later.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+ <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
+ expansion is recursive.
+
+ This feature is available with Postfix 2.10 and later.
+
+ <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
+ named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param-
+ eter names, not "<i>name=value</i>" pairs.
+
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service entries as specified with "<i>service/type</i>" on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service parameter settings (-o parameter=value settings)
+ as specified with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
+ command line.
+
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ tion.
+
+ This feature is available with Postfix 2.10 and later. Support
+ for -M and -P was added with Postfix 2.11.
+
+ <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
+ ters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, so that those param-
+ eters revert to their default values. Specify a list of parame-
+ ter names, not "<i>name=value</i>" pairs.
+
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
+ one or more service entries as specified with "<i>service/type</i>" on
+ the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ tion.
+
+ This feature is available with Postfix 2.6 and later. Support
+ for -M was added with Postfix 2.11.
+
+<b>DIAGNOSTICS</b>
+ Problems are reported to the standard error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce message templates.
+
+<b>FILES</b>
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
+ /etc/postfix/<a href="master.5.html">master.cf</a>, Postfix master daemon configuration
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce template file format
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> configuration file syntax
+ <a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration file syntax
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTCONF(1)
+</pre> </body> </html>
diff --git a/html/postconf.5.html b/html/postconf.5.html
new file mode 100644
index 0000000..dbb8cc8
--- /dev/null
+++ b/html/postconf.5.html
@@ -0,0 +1,22214 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Configuration Parameters </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" alt="">Postfix Configuration Parameters </h1>
+
+<hr>
+
+<h2> Postfix main.cf file format </h2>
+
+<p> The Postfix main.cf configuration file specifies a very small
+subset of all the parameters that control the operation of the
+Postfix mail system. Parameters not explicitly specified are left
+at their default values. </p>
+
+<p> The general format of the main.cf file is as follows: </p>
+
+<ul>
+
+<li> <p> Each logical line is in the form "parameter = value".
+Whitespace around the "=" is ignored, as is whitespace at the end
+of a logical line. </p>
+
+<li> <p> Empty lines and whitespace-only lines are ignored, as are
+lines whose first non-whitespace character is a `#'. </p>
+
+<li> <p> A logical line starts with non-whitespace text. A line
+that starts with whitespace continues a logical line. </p>
+
+<li> <p> A parameter value may refer to other parameters. </p>
+
+<ul>
+
+<li> <p> The expressions "$name" and "${name}" are recursively
+replaced with the value of the named parameter. The parameter name
+must contain only characters from the set [a-zA-Z0-9_].
+An undefined parameter value is replaced with the empty value. </p>
+
+<li> <p> The expressions "${name?value}" and "${name?{value}}" are
+replaced with "value" when "$name" is non-empty. The parameter name
+must contain only characters from the set [a-zA-Z0-9_]. These forms are
+supported with Postfix versions &ge; 2.2 and &ge; 3.0, respectively.
+</p>
+
+<li> <p> The expressions "${name:value}" and "${name:{value}}" are
+replaced with "value" when "$name" is empty. The parameter name must
+contain only characters from the set [a-zA-Z0-9_]. These forms are
+supported with Postfix versions &ge; 2.2 and &ge; 3.0, respectively.
+</p>
+
+<li> <p> The expression "${name?{value1}:{value2}}" is replaced
+with "value1" when "$name" is non-empty, and with "value2" when
+"$name" is empty. The "{}" is required for "value1", optional for
+"value2". The parameter name must contain only characters from the
+set [a-zA-Z0-9_]. This form is supported with Postfix versions
+&ge; 3.0. </p>
+
+<li> <p> The first item inside "${...}" may be a relational expression
+of the form: "{value3} == {value4}". Besides the "==" (equality)
+operator Postfix supports "!=" (inequality), "&lt;", "&le;", "&ge;",
+and "&gt;". The comparison is numerical when both operands are all
+digits, otherwise the comparison is lexicographical. These forms
+are supported with Postfix versions &ge; 3.0. </p>
+
+<li> <p> Each "value" is subject to recursive named parameter and
+relational expression evaluation, except where noted. </p>
+
+<li> <p> Whitespace before or after each "{value}" is ignored. </p>
+
+<li> <p> Specify "$$" to produce a single "$" character. </p>
+
+<li> <p> The legacy form "$(...)" is equivalent to the preferred
+form "${...}". </p>
+
+</ul>
+
+<li> <p> When the same parameter is defined multiple times, only
+the last instance is remembered. </p>
+
+<li> <p> Otherwise, the order of main.cf parameter definitions does
+not matter. </p>
+
+</ul>
+
+<p> The remainder of this document is a description of all Postfix
+configuration parameters. Default values are shown after the
+parameter name in parentheses, and can be looked up with the
+"<b>postconf -d</b>" command. </p>
+
+<p> Note: this is not an invitation to make changes to Postfix
+configuration parameters. Unnecessary changes are likely to impair
+the operation of the mail system. </p>
+
+<dl>
+<DT><b><a name="2bounce_notice_recipient">2bounce_notice_recipient</a>
+(default: postmaster)</b></DT><DD>
+
+<p> The recipient of undeliverable mail that cannot be returned to
+the sender. This feature is enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a>
+parameter. </p>
+
+
+</DD>
+
+<DT><b><a name="access_map_defer_code">access_map_defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code for
+an <a href="access.5.html">access(5)</a> map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>"
+or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>". Prior to Postfix 2.6, the response
+is hard-coded as "450".
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="access_map_reject_code">access_map_reject_code</a>
+(default: 554)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code for
+an <a href="access.5.html">access(5)</a> map "reject" action.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a>
+(default: 12h)</b></DT><DD>
+
+<p> The amount of time between <a href="verify.8.html">verify(8)</a> address verification
+database cleanup runs. This feature requires that the database
+supports the "delete" and "sequence" operators. Specify a zero
+interval to disable database cleanup. </p>
+
+<p> After each database cleanup run, the <a href="verify.8.html">verify(8)</a> daemon logs the
+number of entries that were retained and dropped. A cleanup run is
+logged as "partial" when the daemon terminates early after "<b>postfix
+reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a>
+seconds. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours). </p>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_default_transport">address_verify_default_transport</a>
+(default: $<a href="postconf.5.html#default_transport">default_transport</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_local_transport">address_verify_local_transport</a>
+(default: $<a href="postconf.5.html#local_transport">local_transport</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_map">address_verify_map</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Lookup table for persistent address verification status
+storage. The table is maintained by the <a href="verify.8.html">verify(8)</a> service, and
+is opened before the process releases privileges.
+</p>
+
+<p>
+The lookup table is persistent by default (Postfix 2.7 and later).
+Specify an empty table name to keep the information in volatile
+memory which is lost after "<b>postfix reload</b>" or "<b>postfix
+stop</b>". This is the default with Postfix version 2.6 and earlier.
+</p>
+
+<p>
+Specify a location in a file system that will not fill up. If the
+database becomes corrupted, the world comes to an end. To recover,
+delete (NOT: truncate) the file and do "<b>postfix reload</b>".
+</p>
+
+<p> Postfix daemon processes do not use root privileges when opening
+this file (Postfix 2.5 and later). The file must therefore be
+stored under a Postfix-owned directory such as the <a href="postconf.5.html#data_directory">data_directory</a>.
+As a migration aid, an attempt to open the file under a non-Postfix
+directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
+warning is logged. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">hash</a>:/var/lib/postfix/verify
+<a href="postconf.5.html#address_verify_map">address_verify_map</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/verify
+</pre>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_negative_cache">address_verify_negative_cache</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Enable caching of failed address verification probe results. When
+this feature is enabled, the cache may pollute quickly with garbage.
+When this feature is disabled, Postfix will generate an address
+probe for every lookup.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_negative_expire_time">address_verify_negative_expire_time</a>
+(default: 3d)</b></DT><DD>
+
+<p>
+The time after which a failed probe expires from the address
+verification cache.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_negative_refresh_time">address_verify_negative_refresh_time</a>
+(default: 3h)</b></DT><DD>
+
+<p>
+The time after which a failed address verification probe needs to
+be refreshed.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_pending_request_limit">address_verify_pending_request_limit</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> A safety limit that prevents address verification requests from
+overwhelming the Postfix queue. By default, the number of pending
+requests is limited to 1/4 of the <a href="QSHAPE_README.html#active_queue">active queue</a> maximum size
+(<a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a>). The queue manager enforces the limit
+by tempfailing requests that exceed the limit. This affects only
+unknown addresses and inactive addresses that have expired, because
+the <a href="verify.8.html">verify(8)</a> daemon automatically refreshes an active address
+before it expires. </p>
+
+<p> This feature is available in Postfix 3.1 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_poll_count">address_verify_poll_count</a>
+(default: normal: 3, overload: 1)</b></DT><DD>
+
+<p>
+How many times to query the <a href="verify.8.html">verify(8)</a> service for the completion
+of an address verification request in progress.
+</p>
+
+<p> By default, the Postfix SMTP server polls the <a href="verify.8.html">verify(8)</a> service
+up to three times under non-overload conditions, and only once when
+under overload. With Postfix version 2.5 and earlier, the SMTP
+server always polls the <a href="verify.8.html">verify(8)</a> service up to three times by
+default. </p>
+
+<p>
+Specify 1 to implement a crude form of greylisting, that is, always
+defer the first delivery request for a new address.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+# Postfix &le; 2.6 default
+<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 3
+# Poor man's greylisting
+<a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> = 1
+</pre>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_poll_delay">address_verify_poll_delay</a>
+(default: 3s)</b></DT><DD>
+
+<p>
+The delay between queries for the completion of an address
+verification request in progress.
+</p>
+
+<p>
+The default polling delay is 3 seconds.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_positive_expire_time">address_verify_positive_expire_time</a>
+(default: 31d)</b></DT><DD>
+
+<p>
+The time after which a successful probe expires from the address
+verification cache.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_positive_refresh_time">address_verify_positive_refresh_time</a>
+(default: 7d)</b></DT><DD>
+
+<p>
+The time after which a successful address verification probe needs
+to be refreshed. The address verification status is not updated
+when the probe fails (optimistic caching).
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_relay_transport">address_verify_relay_transport</a>
+(default: $<a href="postconf.5.html#relay_transport">relay_transport</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_relayhost">address_verify_relayhost</a>
+(default: $<a href="postconf.5.html#relayhost">relayhost</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification
+probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_sender">address_verify_sender</a>
+(default: $<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b></DT><DD>
+
+<p> The sender address to use in address verification probes; prior
+to Postfix 2.5 the default was "postmaster". To
+avoid problems with address probes that are sent in response to
+address probes, the Postfix SMTP server excludes the probe sender
+address from all SMTPD access blocks. </p>
+
+<p>
+Specify an empty value (<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> =) or &lt;&gt; if you want
+to use the null sender address. Beware, some sites reject mail from
+&lt;&gt;, even though RFCs require that such addresses be accepted.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = &lt;&gt;
+<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> = postmaster@<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a>
+(default: $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b></DT><DD>
+
+<p> Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+setting for address verification probes. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a>
+(default: $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_sender_ttl">address_verify_sender_ttl</a>
+(default: 0s)</b></DT><DD>
+
+<p> The time between changes in the time-dependent portion of address
+verification probe sender addresses. The time-dependent portion is
+appended to the localpart of the address specified with the
+<a href="postconf.5.html#address_verify_sender">address_verify_sender</a> parameter. This feature is ignored when the
+probe sender addresses is the null sender, i.e. the <a href="postconf.5.html#address_verify_sender">address_verify_sender</a>
+value is empty or &lt;&gt;. </p>
+
+<p> Historically, the probe sender address was fixed. This has
+caused such addresses to end up on spammer mailing lists, and has
+resulted in wasted network and processing resources. </p>
+
+<p> To enable time-dependent probe sender addresses, specify a
+non-zero time value. Specify a value of at least several hours,
+to avoid problems with senders that use greylisting. Avoid nice
+TTL values, to make the result less predictable. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_service_name">address_verify_service_name</a>
+(default: verify)</b></DT><DD>
+
+<p>
+The name of the <a href="verify.8.html">verify(8)</a> address verification service. This service
+maintains the status of sender and/or recipient address verification
+probes, and generates probes on request by other Postfix processes.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_transport_maps">address_verify_transport_maps</a>
+(default: $<a href="postconf.5.html#transport_maps">transport_maps</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address verification
+probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="address_verify_virtual_transport">address_verify_virtual_transport</a>
+(default: $<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b></DT><DD>
+
+<p>
+Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
+verification probes.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="alias_database">alias_database</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The alias databases for <a href="local.8.html">local(8)</a> delivery that are updated with
+"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+</p>
+
+<p>
+This is a separate configuration parameter because not all the
+tables specified with $<a href="postconf.5.html#alias_maps">alias_maps</a> have to be local files.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases
+<a href="postconf.5.html#alias_database">alias_database</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/mail/aliases
+</pre>
+
+
+</DD>
+
+<DT><b><a name="alias_maps">alias_maps</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The alias databases that are used for <a href="local.8.html">local(8)</a> delivery. See
+<a href="aliases.5.html">aliases(5)</a> for syntax details.
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+</p>
+
+<p>
+The default list is system dependent. On systems with NIS, the
+default is to search the local alias database, then the NIS alias
+database.
+</p>
+
+<p>
+If you change the alias database, run "<b>postalias /etc/aliases</b>"
+(or wherever your system stores the mail alias file), or simply
+run "<b>newaliases</b>" to build the necessary DBM or DB file.
+</p>
+
+<p>
+The <a href="local.8.html">local(8)</a> delivery agent disallows regular expression substitution
+of $1 etc. in <a href="postconf.5.html#alias_maps">alias_maps</a>, because that would open a security hole.
+</p>
+
+<p>
+The <a href="local.8.html">local(8)</a> delivery agent will silently ignore requests to use
+the <a href="proxymap.8.html">proxymap(8)</a> server within <a href="postconf.5.html#alias_maps">alias_maps</a>. Instead it will open the
+table directly. Before Postfix version 2.2, the <a href="local.8.html">local(8)</a> delivery
+agent will terminate with a fatal error.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases, nis:mail.aliases
+<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases
+</pre>
+
+
+</DD>
+
+<DT><b><a name="allow_mail_to_commands">allow_mail_to_commands</a>
+(default: alias, forward)</b></DT><DD>
+
+<p>
+Restrict <a href="local.8.html">local(8)</a> mail delivery to external commands. The default
+is to disallow delivery to "|command" in :include: files (see
+<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology).
+</p>
+
+<p>
+Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
+in order to allow commands in <a href="aliases.5.html">aliases(5)</a>, .forward files or in
+:include: files, respectively.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> = alias,forward,include
+</pre>
+
+
+</DD>
+
+<DT><b><a name="allow_mail_to_files">allow_mail_to_files</a>
+(default: alias, forward)</b></DT><DD>
+
+<p>
+Restrict <a href="local.8.html">local(8)</a> mail delivery to external files. The default is
+to disallow "/file/name" destinations in :include: files (see
+<a href="aliases.5.html">aliases(5)</a> for the text that defines this terminology).
+</p>
+
+<p>
+Specify zero or more of: <b>alias</b>, <b>forward</b> or <b>include</b>,
+in order to allow "/file/name" destinations in <a href="aliases.5.html">aliases(5)</a>, .forward
+files and in :include: files, respectively.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> = alias,forward,include
+</pre>
+
+
+</DD>
+
+<DT><b><a name="allow_min_user">allow_min_user</a>
+(default: no)</b></DT><DD>
+
+<p>
+Allow a sender or recipient address to have `-' as the first
+character. By
+default, this is not allowed, to avoid accidents with software that
+passes email addresses via the command line. Such software
+would not be able to distinguish a malicious address from a
+bona fide command-line option. Although this can be prevented by
+inserting a "--" option terminator into the command line, this is
+difficult to enforce consistently and globally. </p>
+
+<p> As of Postfix version 2.5, this feature is implemented by
+<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>. With earlier versions this feature was implemented
+by <a href="qmgr.8.html">qmgr(8)</a> and was limited to recipient addresses only. </p>
+
+
+</DD>
+
+<DT><b><a name="allow_percent_hack">allow_percent_hack</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Enable the rewriting of the form "user%domain" to "user@domain".
+This is enabled by default.
+</p>
+
+<p> Note: as of Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> = no
+</pre>
+
+
+</DD>
+
+<DT><b><a name="allow_srv_lookup_fallback">allow_srv_lookup_fallback</a>
+(default: no)</b></DT><DD>
+
+<p> When SRV record lookup fails or no SRV record exists, fall back
+to MX or IP address lookup as if SRV record lookup was not enabled. <p>
+
+<p> This feature is available in Postfix 3.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="allow_untrusted_routing">allow_untrusted_routing</a>
+(default: no)</b></DT><DD>
+
+<p>
+Forward mail with sender-specified routing (user[@%!]remote[@%!]site)
+from untrusted clients to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+</p>
+
+<p>
+By default, this feature is turned off. This closes a nasty open
+relay loophole where a backup MX host can be tricked into forwarding
+junk mail to a primary MX host which then spams it out to the world.
+</p>
+
+<p>
+This parameter also controls if non-local addresses with sender-specified
+routing can match Postfix access tables. By default, such addresses
+cannot match Postfix access tables, because the address is ambiguous.
+</p>
+
+
+</DD>
+
+<DT><b><a name="alternate_config_directories">alternate_config_directories</a>
+(default: empty)</b></DT><DD>
+
+<p>
+A list of non-default Postfix configuration directories that may
+be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in the
+case of <a href="sendmail.1.html">sendmail(1)</a>, with the "-C" option), or via the MAIL_CONFIG
+environment parameter.
+</p>
+
+<p>
+This list must be specified in the default Postfix <a href="postconf.5.html">main.cf</a> file,
+and will be used by set-gid Postfix commands such as <a href="postqueue.1.html">postqueue(1)</a>
+and <a href="postdrop.1.html">postdrop(1)</a>.
+</p>
+
+<p>
+Specify absolute pathnames, separated by comma or space. Note: $name
+expansion is not supported.
+</p>
+
+
+</DD>
+
+<DT><b><a name="always_add_missing_headers">always_add_missing_headers</a>
+(default: no)</b></DT><DD>
+
+<p> Always add (Resent-) From:, To:, Date: or Message-ID: headers
+when not present. Postfix 2.6 and later add these headers only
+when clients match the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter
+setting. Earlier Postfix versions always add these headers; this
+may break DKIM signatures that cover non-existent headers.
+The <a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> parameter setting determines
+whether a To: header will be added. </p>
+
+
+</DD>
+
+<DT><b><a name="always_bcc">always_bcc</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional address that receives a "blind carbon copy" of each message
+that is received by the Postfix mail system.
+</p>
+
+<p>
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
+</p>
+
+<p> Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself. </p>
+
+
+</DD>
+
+<DT><b><a name="anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s)</b></DT><DD>
+
+<p>
+The time unit over which client connection rates and other rates
+are calculated.
+</p>
+
+<p>
+This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available
+in Postfix version 2.2 and later.
+</p>
+
+<p>
+The default interval is relatively short. Because of the high
+frequency of updates, the <a href="anvil.8.html">anvil(8)</a> server uses volatile memory
+only. Thus, information is lost whenever the process terminates.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="anvil_status_update_time">anvil_status_update_time</a>
+(default: 600s)</b></DT><DD>
+
+<p>
+How frequently the <a href="anvil.8.html">anvil(8)</a> connection and rate limiting server
+logs peak usage information.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="append_at_myorigin">append_at_myorigin</a>
+(default: yes)</b></DT><DD>
+
+<p>
+With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail
+addresses without domain information. With remotely submitted mail,
+append the string "@$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>" instead.
+</p>
+
+<p>
+Note 1: this feature is enabled by default and must not be turned off.
+Postfix does not support domain-less addresses.
+</p>
+
+<p> Note 2: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+
+</DD>
+
+<DT><b><a name="append_dot_mydomain">append_dot_mydomain</a>
+(default: Postfix &ge; 3.0: no, Postfix &lt; 3.0: yes)</b></DT><DD>
+
+<p>
+With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
+addresses that have no ".domain" information. With remotely submitted
+mail, append the string ".$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a>"
+instead.
+</p>
+
+<p>
+Note 1: When disabled (Postfix 3.0 and later), users will not be
+able to send mail to "user@partialdomainname" but will have to
+specify full domain names instead.
+</p>
+
+<p> Note 2: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+
+</DD>
+
+<DT><b><a name="application_event_drain_time">application_event_drain_time</a>
+(default: 100s)</b></DT><DD>
+
+<p>
+How long the <a href="postkick.1.html">postkick(1)</a> command waits for a request to enter the
+Postfix daemon process input buffer before giving up.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="authorized_flush_users">authorized_flush_users</a>
+(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
+
+<p>
+List of users who are authorized to flush the queue.
+</p>
+
+<p>
+By default, all users are allowed to flush the queue. Access is
+always granted if the invoking user is the super-user or the
+$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked
+up in the system password file, and access is granted only if the
+corresponding login name is on the access list. The username
+"unknown" is used for processes whose real UID is not found in the
+password file. </p>
+
+<p>
+Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later. </p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="authorized_mailq_users">authorized_mailq_users</a>
+(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
+
+<p>
+List of users who are authorized to view the queue.
+</p>
+
+<p>
+By default, all users are allowed to view the queue. Access is
+always granted if the invoking user is the super-user or the
+$<a href="postconf.5.html#mail_owner">mail_owner</a> user. Otherwise, the real UID of the process is looked
+up in the system password file, and access is granted only if the
+corresponding login name is on the access list. The username
+"unknown" is used for processes whose real UID is not found in the
+password file. </p>
+
+<p>
+Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a user name from the list. The form "!/file/name" is
+supported only in Postfix version 2.4 and later. </p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="authorized_submit_users">authorized_submit_users</a>
+(default: <a href="DATABASE_README.html#types">static</a>:anyone)</b></DT><DD>
+
+<p>
+List of users who are authorized to submit mail with the <a href="sendmail.1.html">sendmail(1)</a>
+command (and with the privileged <a href="postdrop.1.html">postdrop(1)</a> helper command).
+</p>
+
+<p>
+By default, all users are allowed to submit mail. Otherwise, the
+real UID of the process is looked up in the system password file,
+and access is granted only if the corresponding login name is on
+the access list. The username "unknown" is used for processes
+whose real UID is not found in the password file. To deny mail
+submission access to all users specify an empty list. </p>
+
+<p>
+Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
+separated by commas and/or whitespace. The list is matched left to right,
+and the search stops on the first match. A "/file/name" pattern is
+replaced by its contents;
+a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup key
+(the lookup result is ignored). Continue long lines by starting the
+next line with whitespace. Specify "!pattern" to exclude a user
+name from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> = !www, <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="authorized_verp_clients">authorized_verp_clients</a>
+(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
+
+<p> What remote SMTP clients are allowed to specify the XVERP command.
+This command requests that mail be delivered one recipient at a
+time with a per recipient return address. </p>
+
+<p> By default, only trusted clients are allowed to specify XVERP.
+</p>
+
+<p> This parameter was introduced with Postfix version 1.1. Postfix
+version 2.1 renamed this parameter to <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a>
+and changed the default to none. </p>
+
+<p> Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
+pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files
+specified with "/file/name". IP version 6 addresses contain the
+":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+
+</DD>
+
+<DT><b><a name="backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Produce additional <a href="bounce.8.html">bounce(8)</a> logfile records that can be read by
+Postfix versions before 2.0. The current and more extensible "name =
+value" format is needed in order to implement more sophisticated
+functionality.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a>
+(default: 16777216)</b></DT><DD>
+
+<p>
+The per-table I/O buffer size for programs that create Berkeley DB
+hash or btree tables. Specify a byte count.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a>
+(default: 131072)</b></DT><DD>
+
+<p>
+The per-table I/O buffer size for programs that read Berkeley DB
+hash or btree tables. Specify a byte count.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="best_mx_transport">best_mx_transport</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Where the Postfix SMTP client should deliver mail when it detects
+a "mail loops back to myself" error condition. This happens when
+the local MTA is the best SMTP mail exchanger for a destination
+not listed in $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
+$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. By default,
+the Postfix SMTP client returns such mail as undeliverable.
+</p>
+
+<p>
+Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail
+from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You
+can specify
+any message delivery "transport" or "transport:nexthop" that is
+defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page
+for the syntax and meaning of "transport" or "transport:nexthop".
+</p>
+
+<p>
+However, this feature is expensive because it ties up a Postfix
+SMTP client process while the <a href="local.8.html">local(8)</a> delivery agent is doing its
+work. It is more efficient (for Postfix) to list all <a href="VIRTUAL_README.html#canonical">hosted domains</a>
+in a table or database.
+</p>
+
+
+</DD>
+
+<DT><b><a name="biff">biff</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service. This service sends
+"new mail" notifications to users who have requested new mail
+notification with the UNIX command "<a href="postconf.5.html#biff">biff</a> y".
+</p>
+
+<p>
+For compatibility reasons this feature is on by default. On systems
+with lots of interactive users, the <a href="postconf.5.html#biff">biff</a> service can be a performance
+drain. Specify "<a href="postconf.5.html#biff">biff</a> = no" in <a href="postconf.5.html">main.cf</a> to disable.
+</p>
+
+
+</DD>
+
+<DT><b><a name="body_checks">body_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables for content inspection as specified in
+the <a href="header_checks.5.html">body_checks(5)</a> manual page. </p>
+
+<p> Note: with Postfix versions before 2.0, these rules inspect
+all content after the primary message headers. </p>
+
+
+</DD>
+
+<DT><b><a name="body_checks_size_limit">body_checks_size_limit</a>
+(default: 51200)</b></DT><DD>
+
+<p>
+How much text in a message body segment (or attachment, if you
+prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection.
+The amount of text is limited to avoid scanning huge attachments.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="bounce_notice_recipient">bounce_notice_recipient</a>
+(default: postmaster)</b></DT><DD>
+
+<p>
+The recipient of postmaster notifications with the message headers
+of mail that Postfix did not deliver and of SMTP conversation
+transcripts of mail that Postfix did not receive. This feature is
+enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter. </p>
+
+
+</DD>
+
+<DT><b><a name="bounce_queue_lifetime">bounce_queue_lifetime</a>
+(default: 5d)</b></DT><DD>
+
+<p>
+Consider a bounce message as undeliverable, when delivery fails
+with a temporary error, and the time in the queue has reached the
+<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit. By default, this limit is the same
+as for regular mail.
+</p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p>
+Specify 0 when mail delivery should be tried only once.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="bounce_service_name">bounce_service_name</a>
+(default: bounce)</b></DT><DD>
+
+<p>
+The name of the <a href="bounce.8.html">bounce(8)</a> service. This service maintains a record
+of failed delivery attempts and generates non-delivery notifications.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="bounce_size_limit">bounce_size_limit</a>
+(default: 50000)</b></DT><DD>
+
+<p> The maximal amount of original message text that is sent in a
+non-delivery notification. Specify a byte count. A message is
+returned as either message/rfc822 (the complete original) or as
+text/rfc822-headers (the headers only). With Postfix version 2.4
+and earlier, a message is always returned as message/rfc822 and is
+truncated when it exceeds the size limit.
+</p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> If you increase this limit, then you should increase the
+<a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> value proportionally. </p>
+
+<li> <p> Be careful when making changes. Excessively large values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds a local or remote MTA's message size limit.
+</p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="bounce_template_file">bounce_template_file</a>
+(default: empty)</b></DT><DD>
+
+<p> Pathname of a configuration file with bounce message templates.
+These override the built-in templates of delivery status notification
+(DSN) messages for undeliverable mail, delayed mail, successful
+delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page
+describes how to edit and test template files. </p>
+
+<p> Template message body text may contain $name references to
+Postfix configuration parameters. The result of $name expansion can
+be previewed with "<b>postconf -b <i>file_name</i></b>" before the file
+is placed into the Postfix configuration directory. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="broken_sasl_auth_clients">broken_sasl_auth_clients</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable interoperability with remote SMTP clients that implement an obsolete
+version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
+are MicroSoft Outlook Express version 4 and MicroSoft Exchange
+version 5.0.
+</p>
+
+<p>
+Specify "<a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> = yes" to have Postfix advertise
+AUTH support in a non-standard way.
+</p>
+
+
+</DD>
+
+<DT><b><a name="canonical_classes">canonical_classes</a>
+(default: envelope_sender, envelope_recipient, header_sender, header_recipient)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
+By default, <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping is applied to envelope
+sender and recipient addresses, and to header sender and header
+recipient addresses. </p>
+
+<p> Specify one or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="canonical_maps">canonical_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional address mapping lookup tables for message headers and
+envelopes. The mapping is applied to both sender and recipient
+addresses, in both envelopes and in headers, as controlled
+with the <a href="postconf.5.html#canonical_classes">canonical_classes</a> parameter. This is typically used
+to clean up dirty addresses from legacy mail systems, or to replace
+login names by Firstname.Lastname. The table format and lookups
+are documented in <a href="canonical.5.html">canonical(5)</a>. For an overview of Postfix address
+manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+</p>
+
+<p>
+If you use this feature, run "<b>postmap /etc/postfix/canonical</b>" to
+build the necessary DBM or DB file after every change. The changes
+will become visible after a minute or so. Use "<b>postfix reload</b>"
+to eliminate the delay.
+</p>
+
+<p> Note: with Postfix version 2.2, message header address mapping
+happens only when message header address rewriting is enabled: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/canonical
+<a href="postconf.5.html#canonical_maps">canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/canonical
+</pre>
+
+
+</DD>
+
+<DT><b><a name="cleanup_replace_stray_cr_lf">cleanup_replace_stray_cr_lf</a>
+(default: yes)</b></DT><DD>
+
+<p> Replace each stray &lt;CR&gt; or &lt;LF&gt; character in message
+content with a space character, to prevent outbound SMTP smuggling,
+and to make the evaluation of Postfix-added DKIM or other signatures
+independent from how a remote mail server handles such characters.
+</p>
+
+<p> SMTP does not allow such characters unless they are part of a
+&lt;CR&gt;&lt;LF&gt; sequence, and different mail systems handle
+such stray characters in an implementation-dependent manner. Stray
+&lt;CR&gt; or &lt;LF&gt; characters could be used for outbound
+SMTP smuggling, where an attacker uses a Postfix server to send
+message content with a non-standard End-of-DATA sequence that
+triggers inbound SMTP smuggling at a remote SMTP server.</p>
+
+<p> The replacement happens before all other content management,
+and before Postfix may add a DKIM etc. signature; if the signature
+were created first, the replacement could invalidate the signature.
+</p>
+
+<p> In addition to preventing SMTP smuggling, replacing stray
+&lt;CR&gt; or &lt;LF&gt; characters ensures that the result of
+signature validation by later mail system will not depend on how
+that mail system handles those stray characters in an
+implementation-dependent manner. </p>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
+3.6.14, and 3.5.24. </p>
+
+
+</DD>
+
+<DT><b><a name="cleanup_service_name">cleanup_service_name</a>
+(default: cleanup)</b></DT><DD>
+
+<p>
+The name of the <a href="cleanup.8.html">cleanup(8)</a> service. This service rewrites addresses
+into the standard form, and performs <a href="canonical.5.html">canonical(5)</a> address mapping
+and <a href="virtual.5.html">virtual(5)</a> aliasing.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="command_directory">command_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The location of all postfix administrative commands.
+</p>
+
+
+</DD>
+
+<DT><b><a name="command_execution_directory">command_execution_directory</a>
+(default: empty)</b></DT><DD>
+
+<p> The <a href="local.8.html">local(8)</a> delivery agent working directory for delivery to
+external commands. Failure to change directory causes the delivery
+to be deferred. </p>
+
+<p> The <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> value is not subject to Postfix
+configuration parameter $name expansion. Instead, the following
+$name expansions are done on <a href="postconf.5.html#command_execution_directory">command_execution_directory</a> before the
+directory is used. Expansion happens in the context
+of the delivery request. The result of $name expansion is filtered
+with the character set that is specified with the
+<a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> parameter. </p>
+
+<dl>
+
+<dt><b>$user</b></dt>
+
+<dd>The recipient's username. </dd>
+
+<dt><b>$shell</b></dt>
+
+<dd>The recipient's login shell pathname. </dd>
+
+<dt><b>$home</b></dt>
+
+<dd>The recipient's home directory. </dd>
+
+<dt><b>$recipient</b></dt>
+
+<dd>The full recipient address. </dd>
+
+<dt><b>$extension</b></dt>
+
+<dd>The optional recipient address extension. </dd>
+
+<dt><b>$domain</b></dt>
+
+<dd>The recipient domain. </dd>
+
+<dt><b>$local</b></dt>
+
+<dd>The entire recipient localpart. </dd>
+
+<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
+
+<dd>The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the system-wide recipient
+address extension delimiter (Postfix 2.10 and earlier). </dd>
+
+<dt><b>${name?value}</b></dt>
+
+<dt><b>${name?{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
+
+<dt><b>${name:value}</b></dt>
+
+<dt><b>${name:{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
+
+<dt><b>${name?{value1}:{value2}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty,
+<i>value2</i> otherwise. </dd>
+
+</dl>
+
+<p>
+Instead of $name you can also specify ${name} or $(name).
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="command_expansion_filter">command_expansion_filter</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in
+$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
+Characters outside the
+allowed set are replaced by underscores.
+</p>
+
+
+</DD>
+
+<DT><b><a name="command_time_limit">command_time_limit</a>
+(default: 1000s)</b></DT><DD>
+
+<p>
+Time limit for delivery to external commands. This limit is used
+by the <a href="local.8.html">local(8)</a> delivery agent, and is the default time limit for
+delivery by the <a href="pipe.8.html">pipe(8)</a> delivery agent.
+</p>
+
+<p>
+Note: if you set this time limit to a large value you must update the
+global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter as well.
+</p>
+
+
+</DD>
+
+<DT><b><a name="compatibility_level">compatibility_level</a>
+(default: 0)</b></DT><DD>
+
+<p> A safety net that causes Postfix to run with backwards-compatible
+default settings after an upgrade to a newer Postfix version. </p>
+
+<p> With backwards compatibility turned on (the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#compatibility_level">compatibility_level</a>
+value is less than the Postfix built-in value), Postfix looks for
+settings that are left at their implicit default value, and logs a
+message when a backwards-compatible default setting is required.
+</p>
+
+<blockquote>
+<pre>
+using backwards-compatible default setting <i>name=value</i>
+ to [accept a specific client request]
+
+using backwards-compatible default setting <i>name=value</i>
+ to [enable specific Postfix behavior]
+</pre>
+</blockquote>
+
+<p> See <a href="COMPATIBILITY_README.html">COMPATIBILITY_README</a> for specific message details. If such
+a message is logged in the context of a legitimate request, the
+system administrator should make the backwards-compatible setting
+permanent in <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a>, for example: </p>
+
+<blockquote>
+<pre>
+# <b>postconf</b> <i>name=value</i>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<p> When no more backwards-compatible settings need to be made
+permanent, the administrator should turn off backwards compatibility
+by updating the <a href="postconf.5.html#compatibility_level">compatibility_level</a> setting in <a href="postconf.5.html">main.cf</a>:</p>
+
+<blockquote>
+<pre>
+# <b>postconf <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i></b>
+# <b>postfix reload</b>
+</pre>
+</blockquote>
+
+<p> For <i>N</i> specify the number that is logged in your <a href="postfix.1.html">postfix(1)</a>
+warning message: </p>
+
+<blockquote>
+<pre>
+warning: To disable backwards compatibility use "postconf
+ <a href="postconf.5.html#compatibility_level">compatibility_level</a>=<i>N</i>" and "postfix reload"
+</pre>
+</blockquote>
+
+<p> Starting with Postfix version 3.6, the compatibility level in
+the above warning message is the Postfix version that introduced
+the last incompatible change. The level is formatted as
+<i>major.minor.patch</i>, where <i>patch</i> is usually omitted and
+defaults to zero. Earlier compatibility levels are 0, 1 and 2. </p>
+
+<p> NOTE: this also introduces support for the "&lt;level",
+"&lt;=level", and other operators to compare compatibility levels.
+With the standard operators "&lt;", "&lt;=", etc., compatibility
+level "3.10" would be smaller than "3.9" which is undesirable. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="config_directory">config_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>
+configuration files. This can be overruled via the following
+mechanisms: </p>
+
+<ul>
+
+<li> <p> The MAIL_CONFIG environment variable (daemon processes
+and commands). </p>
+
+<li> <p> The "-c" command-line option (commands only). </p>
+
+</ul>
+
+<p> With Postfix commands that run with set-gid privileges, a
+<a href="postconf.5.html#config_directory">config_directory</a> override either requires root privileges, or it
+requires that the directory is listed with the <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a>
+parameter in the default <a href="postconf.5.html">main.cf</a> file. </p>
+
+
+</DD>
+
+<DT><b><a name="confirm_delay_cleared">confirm_delay_cleared</a>
+(default: no)</b></DT><DD>
+
+<p> After sending a "your message is delayed" notification, inform
+the sender when the delay clears up. This can result in a sudden
+burst of notifications at the end of a prolonged network outage,
+and is therefore disabled by default. </p>
+
+<p> See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="connection_cache_protocol_timeout">connection_cache_protocol_timeout</a>
+(default: 5s)</b></DT><DD>
+
+<p> Time limit for connection cache connect, send or receive
+operations. The time limit is enforced in the client. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="connection_cache_service_name">connection_cache_service_name</a>
+(default: scache)</b></DT><DD>
+
+<p> The name of the <a href="scache.8.html">scache(8)</a> connection cache service. This service
+maintains a limited pool of cached sessions. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="connection_cache_status_update_time">connection_cache_status_update_time</a>
+(default: 600s)</b></DT><DD>
+
+<p> How frequently the <a href="scache.8.html">scache(8)</a> server logs usage statistics with
+connection cache hit and miss rates for logical destinations and for
+physical endpoints. </p>
+
+
+</DD>
+
+<DT><b><a name="connection_cache_ttl_limit">connection_cache_ttl_limit</a>
+(default: 2s)</b></DT><DD>
+
+<p> The maximal time-to-live value that the <a href="scache.8.html">scache(8)</a> connection
+cache server
+allows. Requests that specify a larger TTL will be stored with the
+maximum allowed TTL. The purpose of this additional control is to
+protect the infrastructure against careless people. The cache TTL
+is already bounded by $<a href="postconf.5.html#max_idle">max_idle</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="content_filter">content_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> After the message is queued, send the entire message to the
+specified <i>transport:destination</i>. The <i>transport</i> name
+specifies the first field of a mail delivery agent definition in
+<a href="master.5.html">master.cf</a>; the syntax of the next-hop <i>destination</i> is described
+in the manual page of the corresponding delivery agent. More
+information about external content filters is in the Postfix
+<a href="FILTER_README.html">FILTER_README</a> file. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> This setting has lower precedence than a FILTER action
+that is specified in an <a href="access.5.html">access(5)</a>, <a href="header_checks.5.html">header_checks(5)</a> or <a href="header_checks.5.html">body_checks(5)</a>
+table. </p>
+
+<li> <p> The meaning of an empty next-hop filter <i>destination</i>
+is version dependent. Postfix 2.7 and later will use the recipient
+domain; earlier versions will use $<a href="postconf.5.html#myhostname">myhostname</a>. Specify
+"<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility with Postfix
+2.6 or earlier, or specify a <a href="postconf.5.html#content_filter">content_filter</a> value with an explicit
+next-hop <i>destination</i>. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="cyrus_sasl_config_path">cyrus_sasl_config_path</a>
+(default: empty)</b></DT><DD>
+
+<p> Search path for Cyrus SASL application configuration files,
+currently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
+Specify zero or more directories separated by a colon character,
+or an empty value to use Cyrus SASL's built-in search path. </p>
+
+<p> This feature is available in Postfix 2.5 and later when compiled
+with Cyrus SASL 2.1.22 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="daemon_directory">daemon_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The directory with Postfix support programs and daemon programs.
+These should not be invoked directly by humans. The directory must
+be owned by root.
+</p>
+
+
+</DD>
+
+<DT><b><a name="daemon_table_open_error_is_fatal">daemon_table_open_error_is_fatal</a>
+(default: no)</b></DT><DD>
+
+<p> How a Postfix daemon process handles errors while opening lookup
+tables: gradual degradation or immediate termination. </p>
+
+<dl>
+
+<dt> <b> no </b> (default) </dt> <dd> <p> Gradual degradation: a
+daemon process logs a message of type "error" and continues execution
+with reduced functionality. Features that do not depend on the
+unavailable table will work normally, while features that depend
+on the table will result in a type "warning" message. <br> When
+the <a href="postconf.5.html#notify_classes">notify_classes</a> parameter value contains the "data" class, the
+Postfix SMTP server and client will report transcripts of sessions
+with an error because a table is unavailable. </p> </dd>
+
+<dt> <b> yes </b> (historical behavior) </dt> <dd> <p> Immediate
+termination: a daemon process logs a type "fatal" message and
+terminates immediately. This option reduces the number of possible
+code paths through Postfix, and may therefore be slightly more
+secure than the default. </p> </dd>
+
+</dl>
+
+<p> For the sake of sanity, the number of type "error" messages is
+limited to 13 over the lifetime of a daemon process. </p>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="daemon_timeout">daemon_timeout</a>
+(default: 18000s)</b></DT><DD>
+
+<p> How much time a Postfix daemon process may take to handle a
+request before it is terminated by a built-in watchdog timer. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="data_directory">data_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The directory with Postfix-writable data files (for example:
+caches, pseudo-random numbers). This directory must be owned by
+the <a href="postconf.5.html#mail_owner">mail_owner</a> account, and must not be shared with non-Postfix
+software. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="debug_peer_level">debug_peer_level</a>
+(default: 2)</b></DT><DD>
+
+<p> The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="debug_peer_list">debug_peer_list</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+</p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
+
+<p> Specify domain names, network/netmask patterns, "/file/name"
+patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result
+from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. </p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+parameter value. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = 127.0.0.1
+<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> = example.com
+</pre>
+
+
+</DD>
+
+<DT><b><a name="debugger_command">debugger_command</a>
+(default: empty)</b></DT><DD>
+
+<p>
+The external command to execute when a Postfix daemon program is
+invoked with the -D option.
+</p>
+
+<p>
+Use "command .. &amp; sleep 5" so that the debugger can attach before
+the process marches on. If you use an X-based debugger, be sure to
+set up your XAUTHORITY environment variable before starting Postfix.
+</p>
+
+<p>
+Note: the command is subject to $name expansion, before it is
+passed to the default command interpreter. Specify "$$" to
+produce a single "$" character.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#debugger_command">debugger_command</a> =
+ PATH=/usr/bin:/usr/X11R6/bin
+ ddd $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/$<a href="postconf.5.html#process_name">process_name</a> $<a href="postconf.5.html#process_id">process_id</a> &amp; sleep 5
+</pre>
+
+
+</DD>
+
+<DT><b><a name="default_database_type">default_database_type</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The default database type for use in <a href="newaliases.1.html">newaliases(1)</a>, <a href="postalias.1.html">postalias(1)</a>
+and <a href="postmap.1.html">postmap(1)</a> commands. On many UNIX systems the default type is
+either <b>dbm</b> or <b>hash</b>. The default setting is frozen
+when the Postfix system is built.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#default_database_type">default_database_type</a> = hash
+<a href="postconf.5.html#default_database_type">default_database_type</a> = dbm
+</pre>
+
+
+</DD>
+
+<DT><b><a name="default_delivery_slot_cost">default_delivery_slot_cost</a>
+(default: 5)</b></DT><DD>
+
+<p>
+How often the Postfix queue manager's scheduler is allowed to
+preempt delivery of one message with another.
+</p>
+
+<p>
+Each transport maintains a so-called "available delivery slot counter"
+for each message. One message can be preempted by another one when
+the other message can be delivered using no more delivery slots
+(i.e., invocations of delivery agents) than the current message
+counter has accumulated (or will eventually accumulate - see about
+slot loans below). This parameter controls how often the counter is
+incremented - it happens after each <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
+recipients have been delivered.
+</p>
+
+<p>
+The cost of 0 is used to disable the preempting scheduling completely.
+The minimum value the scheduling algorithm can use is 2 - use it
+if you want to maximize the message throughput rate. Although there
+is no maximum, it doesn't make much sense to use values above say
+50.
+</p>
+
+<p>
+The only reason why the value of 2 is not the default is the way
+this parameter affects the delivery of mailing-list mail. In the
+worst case, delivery can take somewhere between (cost+1/cost)
+and (cost/cost-1) times more than if the preemptive scheduler was
+disabled. The default value of 5 turns out to provide reasonable
+message response times while making sure the mailing-list deliveries
+are not extended by more than 20-25 percent even in the worst case.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 0
+<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> = 2
+</pre>
+
+
+</DD>
+
+<DT><b><a name="default_delivery_slot_discount">default_delivery_slot_discount</a>
+(default: 50)</b></DT><DD>
+
+<p>
+The default value for transport-specific _delivery_slot_discount
+settings.
+</p>
+
+<p>
+This parameter speeds up the moment when a message preemption can
+happen. Instead of waiting until the full amount of delivery slots
+required is available, the preemption can happen when
+<a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> percent of the required amount
+plus <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> still remains to be accumulated.
+Note that the full amount will still have to be accumulated before
+another preemption can take place later.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_delivery_slot_loan">default_delivery_slot_loan</a>
+(default: 3)</b></DT><DD>
+
+<p>
+The default value for transport-specific _delivery_slot_loan
+settings.
+</p>
+
+<p>
+This parameter speeds up the moment when a message preemption can
+happen. Instead of waiting until the full amount of delivery slots
+required is available, the preemption can happen when
+<a href="postconf.5.html#transport_delivery_slot_discount">transport_delivery_slot_discount</a> percent of the required amount
+plus <a href="postconf.5.html#transport_delivery_slot_loan">transport_delivery_slot_loan</a> still remains to be accumulated.
+Note that the full amount will still have to be accumulated before
+another preemption can take place later.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_delivery_status_filter">default_delivery_status_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional filter to replace the delivery status code or explanatory
+text of successful or unsuccessful deliveries. This does not allow
+the replacement of a successful status code (2.X.X) with an
+unsuccessful status code (4.X.X or 5.X.X) or vice versa. </p>
+
+<p> Note: the (smtp|lmtp)_delivery_status_filter is applied only
+once per recipient: when delivery is successful, when delivery is
+rejected with 5XX, or when there are no more alternate MX or A
+destinations. Use <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> or <a href="postconf.5.html#lmtp_reply_filter">lmtp_reply_filter</a> to inspect
+responses for all delivery attempts. </p>
+
+<p> The following parameters can be used to implement a filter for
+specific delivery agents: <a href="postconf.5.html#lmtp_delivery_status_filter">lmtp_delivery_status_filter</a>,
+<a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a>, <a href="postconf.5.html#pipe_delivery_status_filter">pipe_delivery_status_filter</a>,
+<a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> or <a href="postconf.5.html#virtual_delivery_status_filter">virtual_delivery_status_filter</a>. These
+parameters support the same filter syntax as described here. </p>
+
+<p> Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup table names, separated
+by comma or whitespace. For each successful or unsuccessful delivery
+to a recipient, the tables are queried in the specified order with
+one line of text that is structured as follows: </p>
+
+<blockquote>
+enhanced-status-code SPACE explanatory-text
+</blockquote>
+
+<p> The first table match wins. The lookup result must have the
+same structure as the query, a successful status code (2.X.X) must
+be replaced with a successful status code, an unsuccessful status
+code (4.X.X or 5.X.X) must be replaced with an unsuccessful status
+code, and the explanatory text field must be non-empty. Other results
+will result in a warning. </p>
+
+<p> Example 1: convert specific soft TLS errors into hard errors,
+by overriding the first number in the enhanced status code. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_dsn_filter
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/smtp_dsn_filter:
+ /^4(\.\d+\.\d+ TLS is required, but host \S+ refused to start TLS: .+)/
+ 5$1
+ /^4(\.\d+\.\d+ TLS is required, but was not offered by host .+)/
+ 5$1
+ # Do not change the following into hard bounces. They may
+ # result from a local configuration problem.
+ # 4.\d+.\d+ TLS is required, but our TLS engine is unavailable
+ # 4.\d+.\d+ TLS is required, but unavailable
+ # 4.\d+.\d+ Cannot start TLS: handshake failure
+</pre>
+</blockquote>
+
+<p> Example 2: censor the per-recipient delivery status text so
+that it does not reveal the destination command or filename
+when a remote sender requests confirmation of successful delivery.
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/local_dsn_filter
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/local_dsn_filter:
+ /^(2\S+ delivered to file).+/ $1
+ /^(2\S+ delivered to command).+/ $1
+</pre>
+</blockquote>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> This feature will NOT override the <a href="postconf.5.html#soft_bounce">soft_bounce</a> safety net. </p>
+
+<li> <p> This feature will change the enhanced status code and text
+that is logged to the maillog file, and that is reported to the
+sender in delivery confirmation or non-delivery notifications.
+</p>
+
+</ul>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>
+(default: 1)</b></DT><DD>
+
+<p> How many pseudo-cohorts must suffer connection or handshake
+failure before a specific destination is considered unavailable
+(and further delivery is suspended). Specify zero to disable this
+feature. A destination's pseudo-cohort failure count is reset each
+time a delivery completes without connection or handshake failure
+for that specific destination. </p>
+
+<p> A pseudo-cohort is the number of deliveries equal to a destination's
+delivery concurrency. </p>
+
+<p> Use <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> to specify
+a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport. </p>
+
+<p> This feature is available in Postfix 2.5. The default setting
+is compatible with earlier Postfix versions. </p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_concurrency_limit">default_destination_concurrency_limit</a>
+(default: 20)</b></DT><DD>
+
+<p>
+The default maximal number of parallel deliveries to the same
+destination. This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>,
+<a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents.
+With a per-destination recipient limit &gt; 1, a destination is a domain,
+otherwise it is a recipient.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>
+(default: 1)</b></DT><DD>
+
+<p> The per-destination amount of delivery concurrency negative
+feedback, after a delivery completes with a connection or handshake
+failure. Feedback values are in the range 0..1 inclusive. With
+negative feedback, concurrency is decremented at the beginning of
+a sequence of length 1/feedback. This is unlike positive feedback,
+where concurrency is incremented at the end of a sequence of length
+1/feedback. </p>
+
+<p> As of Postfix version 2.5, negative feedback cannot reduce
+delivery concurrency to zero. Instead, a destination is marked
+dead (further delivery suspended) after the failed pseudo-cohort
+count reaches $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>
+(or $<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>).
+To make the scheduler completely immune to connection or handshake
+failures, specify a zero feedback value and a zero failed pseudo-cohort
+limit. </p>
+
+<p> Specify one of the following forms: </p>
+
+<dl>
+
+<dt> <b><i>number</i> </b> </dt>
+
+<dt> <b><i>number</i> / <i>number</i> </b> </dt>
+
+<dd> Constant feedback. The value must be in the range 0..1 inclusive.
+The default setting of "1" is compatible with Postfix versions
+before 2.5, where a destination's delivery concurrency is throttled
+down to zero (and further delivery suspended) after a single failed
+pseudo-cohort. </dd>
+
+<dt> <b><i>number</i> / concurrency </b> </dt>
+
+<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
+The <i>number</i> must be in the range 0..1 inclusive. With
+<i>number</i> equal to "1", a destination's delivery concurrency
+is decremented by 1 after each failed pseudo-cohort. </dd>
+
+</dl>
+
+<p> A pseudo-cohort is the number of deliveries equal to a destination's
+delivery concurrency. </p>
+
+<p> Use <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
+to specify a transport-specific override, where <i>transport</i>
+is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport. </p>
+
+<p> This feature is available in Postfix 2.5. The default setting
+is compatible with earlier Postfix versions. </p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>
+(default: 1)</b></DT><DD>
+
+<p> The per-destination amount of delivery concurrency positive
+feedback, after a delivery completes without connection or handshake
+failure. Feedback values are in the range 0..1 inclusive. The
+concurrency increases until it reaches the per-destination maximal
+concurrency limit. With positive feedback, concurrency is incremented
+at the end of a sequence with length 1/feedback. This is unlike
+negative feedback, where concurrency is decremented at the start
+of a sequence of length 1/feedback. </p>
+
+<p> Specify one of the following forms: </p>
+
+<dl>
+
+<dt> <b><i>number</i> </b> </dt>
+
+<dt> <b><i>number</i> / <i>number</i> </b> </dt>
+
+<dd> Constant feedback. The value must be in the range 0..1
+inclusive. The default setting of "1" is compatible with Postfix
+versions before 2.5, where a destination's delivery concurrency
+doubles after each successful pseudo-cohort. </dd>
+
+<dt> <b><i>number</i> / concurrency </b> </dt>
+
+<dd> Variable feedback of "<i>number</i> / (delivery concurrency)".
+The <i>number</i> must be in the range 0..1 inclusive. With
+<i>number</i> equal to "1", a destination's delivery concurrency
+is incremented by 1 after each successful pseudo-cohort. </dd>
+
+</dl>
+
+<p> A pseudo-cohort is the number of deliveries equal to a destination's
+delivery concurrency. </p>
+
+<p> Use <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a>
+to specify a transport-specific override, where <i>transport</i>
+is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_rate_delay">default_destination_rate_delay</a>
+(default: 0s)</b></DT><DD>
+
+<p> The default amount of delay that is inserted between individual
+message deliveries to the same destination and over the same message
+delivery transport. Specify a non-zero value to rate-limit those
+message deliveries to at most one per $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>.
+</p>
+
+<p> The resulting behavior depends on the value of the corresponding
+per-destination recipient limit.
+
+</p>
+
+<ul>
+
+<li> <p> With a corresponding per-destination recipient limit &gt;
+1, the rate delay specifies the time between deliveries to the
+<i>same domain</i>. Different domains are delivered in parallel,
+subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p>
+
+<li> <p> With a corresponding per-destination recipient limit equal
+to 1, the rate delay specifies the time between deliveries to the
+<i>same recipient</i>. Different recipients are delivered in
+parallel, subject to the process limits specified in <a href="master.5.html">master.cf</a>.
+</p>
+
+</ul>
+
+<p> To enable the delay, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit). </p>
+
+<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds). </p>
+
+<p> NOTE: the delay is enforced by the queue manager. The delay
+timer state does not survive "<b>postfix reload</b>" or "<b>postfix
+stop</b>".
+</p>
+
+<p> Use <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+<p> NOTE: with a non-zero _destination_rate_delay, specify a
+<a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> of 10
+or more to prevent Postfix from deferring all mail for the same
+destination after only one connection or handshake error. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_destination_recipient_limit">default_destination_recipient_limit</a>
+(default: 50)</b></DT><DD>
+
+<p>
+The default maximal number of recipients per message delivery.
+This is the default limit for delivery via the <a href="lmtp.8.html">lmtp(8)</a>, <a href="pipe.8.html">pipe(8)</a>,
+<a href="smtp.8.html">smtp(8)</a> and <a href="virtual.8.html">virtual(8)</a> delivery agents.
+</p>
+
+<p> Setting this parameter to a value of 1 affects email deliveries
+as follows:</p>
+
+<ul>
+
+<li> <p> It changes the meaning of the corresponding per-destination
+concurrency limit, from concurrency of deliveries to the <i>same
+domain</i> into concurrency of deliveries to the <i>same recipient</i>.
+Different recipients are delivered in parallel, subject to the
+process limits specified in <a href="master.5.html">master.cf</a>. </p>
+
+<li> <p> It changes the meaning of the corresponding per-destination
+rate delay, from the delay between deliveries to the <i>same
+domain</i> into the delay between deliveries to the <i>same
+recipient</i>. Again, different recipients are delivered in parallel,
+subject to the process limits specified in <a href="master.5.html">master.cf</a>. </p>
+
+<li> <p> It changes the meaning of other corresponding per-destination
+settings in a similar manner, from settings for delivery to the
+<i>same domain</i> into settings for delivery to the <i>same
+recipient</i>.
+
+</ul>
+
+<p> Use <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_extra_recipient_limit">default_extra_recipient_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p>
+The default value for the extra per-transport limit imposed on the
+number of in-memory recipients. This extra recipient space is
+reserved for the cases when the Postfix queue manager's scheduler
+preempts one message with another and suddenly needs some extra
+recipient slots for the chosen message in order to avoid performance
+degradation.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_filter_nexthop">default_filter_nexthop</a>
+(default: empty)</b></DT><DD>
+
+<p> When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+that value is empty, use the domain in the recipient address.
+Specify "<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> = $<a href="postconf.5.html#myhostname">myhostname</a>" for compatibility
+with Postfix version 2.6 and earlier, or specify an explicit next-hop
+destination with each <a href="postconf.5.html#content_filter">content_filter</a> value or FILTER action. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_minimum_delivery_slots">default_minimum_delivery_slots</a>
+(default: 3)</b></DT><DD>
+
+<p>
+How many recipients a message must have in order to invoke the
+Postfix queue manager's scheduling algorithm at all. Messages
+which would never accumulate at least this many delivery slots
+(subject to slot cost parameter as well) are never preempted.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_privs">default_privs</a>
+(default: nobody)</b></DT><DD>
+
+<p>
+The default rights used by the <a href="local.8.html">local(8)</a> delivery agent for delivery
+to an external file or command. These rights are used when delivery
+is requested from an <a href="aliases.5.html">aliases(5)</a> file that is owned by <b>root</b>, or
+when delivery is done on behalf of <b>root</b>. <b>DO NOT SPECIFY A
+PRIVILEGED USER OR THE POSTFIX OWNER</b>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_process_limit">default_process_limit</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The default maximal number of Postfix child processes that provide
+a given service. This limit can be overruled for specific services
+in the <a href="master.5.html">master.cf</a> file.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_rbl_reply">default_rbl_reply</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The default Postfix SMTP server response template for a request that is
+rejected by an RBL-based restriction. This template can be overruled
+by specific entries in the optional <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> lookup table.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+<p>
+The template does not support Postfix configuration parameter $name
+substitution. Instead, it supports exactly one level of $name
+substitution for the following attributes:
+</p>
+
+<dl>
+
+<dt><b>$client</b></dt>
+
+<dd>The client hostname and IP address, formatted as name[address]. </dd>
+
+<dt><b>$client_address</b></dt>
+
+<dd>The client IP address. </dd>
+
+<dt><b>$client_name</b></dt>
+
+<dd>The client hostname or "unknown". See <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>
+for more details. </dd>
+
+<dt><b>$reverse_client_name</b></dt>
+
+<dd>The client hostname from address-&gt;name lookup, or "unknown".
+See <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a> for more details. </dd>
+
+<dt><b>$helo_name</b></dt>
+
+<dd>The hostname given in HELO or EHLO command or empty string. </dd>
+
+<dt><b>$rbl_class</b></dt>
+
+<dd>The denylisted entity type: Client host, Helo command, Sender
+address, or Recipient address. </dd>
+
+<dt><b>$rbl_code</b></dt>
+
+<dd>The numerical SMTP response code, as specified with the
+<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical
+SMTP response code is required, and must appear at the start of the
+reply. With Postfix version 2.3 and later this information may be followed
+by an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd>
+
+<dt><b>$rbl_domain</b></dt>
+
+<dd>The RBL domain where $rbl_what is denylisted. </dd>
+
+<dt><b>$rbl_reason</b></dt>
+
+<dd>The reason why $rbl_what is denylisted, or an empty string. </dd>
+
+<dt><b>$rbl_what</b></dt>
+
+<dd>The entity that is denylisted (an IP address, a hostname, a domain
+name, or an email address whose domain was denylisted). </dd>
+
+<dt><b>$recipient</b></dt>
+
+<dd>The recipient address or &lt;&gt; in case of the null address. </dd>
+
+<dt><b>$recipient_domain</b></dt>
+
+<dd>The recipient domain or empty string. </dd>
+
+<dt><b>$recipient_name</b></dt>
+
+<dd>The recipient address localpart or &lt;&gt; in case of null address. </dd>
+
+<dt><b>$sender</b></dt>
+
+<dd>The sender address or &lt;&gt; in case of the null address. </dd>
+
+<dt><b>$sender_domain</b></dt>
+
+<dd>The sender domain or empty string. </dd>
+
+<dt><b>$sender_name</b></dt>
+
+<dd>The sender address localpart or &lt;&gt; in case of the null address. </dd>
+
+<dt><b>${name?value}</b></dt>
+
+<dt><b>${name?{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
+
+<dt><b>${name:value}</b></dt>
+
+<dt><b>${name:{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
+
+<dt><b>${name?{value1}:{value2}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty,
+<i>value2</i> otherwise. </dd>
+
+</dl>
+
+<p>
+Instead of $name you can also specify ${name} or $(name).
+</p>
+
+<p> Note: when an enhanced status code is specified in an RBL reply
+template, it is subject to modification. The following transformations
+are needed when the same RBL reply template is used for client,
+helo, sender, or recipient access restrictions. </p>
+
+<ul>
+
+<li> <p> When rejecting a sender address, the Postfix SMTP server
+will transform a recipient DSN status (e.g., 4.1.1-4.1.6) into the
+corresponding sender DSN status, and vice versa. </p>
+
+<li> <p> When rejecting non-address information (such as the HELO
+command argument or the client hostname/address), the Postfix SMTP
+server will transform a sender or recipient DSN status into a generic
+non-address DSN status (e.g., 4.0.0). </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="default_recipient_limit">default_recipient_limit</a>
+(default: 20000)</b></DT><DD>
+
+<p>
+The default per-transport upper limit on the number of in-memory
+recipients. These limits take priority over the global
+<a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> after the message has been assigned
+to the respective transports. See also <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>
+and <a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+
+</DD>
+
+<DT><b><a name="default_recipient_refill_delay">default_recipient_refill_delay</a>
+(default: 5s)</b></DT><DD>
+
+<p>
+The default per-transport maximum delay between refilling recipients.
+When not all message recipients fit into memory at once, keep loading
+more of them at least once every this many seconds. This is used to
+make sure the recipients are refilled in a timely manner even when
+$<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> is too high for too slow deliveries.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_recipient_refill_limit">default_recipient_refill_limit</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The default per-transport limit on the number of recipients refilled at
+once. When not all message recipients fit into memory at once, keep
+loading more of them in batches of at least this many at a time. See also
+$<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>, which may result in recipient batches
+lower than this when this limit is too high for too slow deliveries.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> to specify a
+transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport.
+</p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_transport">default_transport</a>
+(default: smtp)</b></DT><DD>
+
+<p>
+The default mail delivery transport and next-hop destination for
+destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>. This information can be overruled with the
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter and with the
+<a href="transport.5.html">transport(5)</a> table. </p>
+
+<p>
+In order of decreasing precedence, the nexthop destination is taken
+from $<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, $<a href="postconf.5.html#default_transport">default_transport</a>,
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient
+domain.
+</p>
+
+<p>
+Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
+is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
+The <i>:nexthop</i> destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent. In the case of
+SMTP or LMTP, specify one or more destinations separated by comma or
+whitespace (with Postfix 3.5 and later).
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#default_transport">default_transport</a> = uucp:relayhostname
+</pre>
+
+
+</DD>
+
+<DT><b><a name="default_transport_rate_delay">default_transport_rate_delay</a>
+(default: 0s)</b></DT><DD>
+
+<p> The default amount of delay that is inserted between individual
+message deliveries over the same message delivery transport,
+regardless of destination. Specify a non-zero value to rate-limit
+those message deliveries to at most one per $<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>.
+</p>
+
+<p>Use <a href="postconf.5.html#transport_transport_rate_delay"><i>transport</i>_transport_rate_delay</a> to specify a
+transport-specific override, where the initial <i>transport</i> is
+the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p>
+
+<p> Example: throttle outbound SMTP mail to at most 3 deliveries
+per minute. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ smtp_transport_rate_delay = 20s
+</pre>
+
+<p> To enable the delay, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit). </p>
+
+<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds). </p>
+
+<p> NOTE: the delay is enforced by the queue manager. </p>
+
+<p> This feature is available in Postfix 3.1 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="default_verp_delimiters">default_verp_delimiters</a>
+(default: +=)</b></DT><DD>
+
+<p> The two default VERP delimiter characters. These are used when
+no explicit delimiters are specified with the SMTP XVERP command
+or with the "<b>sendmail -XV</b>" command-line option (Postfix 2.2
+and earlier: <b>-V</b>). Specify characters that are allowed by the
+<a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> setting.
+</p>
+
+<p>
+This feature is available in Postfix 1.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="defer_code">defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "defer" restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="defer_service_name">defer_service_name</a>
+(default: defer)</b></DT><DD>
+
+<p>
+The name of the defer service. This service is implemented by the
+<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record
+of failed delivery attempts and generates non-delivery notifications.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="defer_transports">defer_transports</a>
+(default: empty)</b></DT><DD>
+
+<p>
+The names of message delivery transports that should not deliver mail
+unless someone issues "<b>sendmail -q</b>" or equivalent. Specify zero
+or more mail delivery transport names that appear in the
+first field of <a href="master.5.html">master.cf</a>.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#defer_transports">defer_transports</a> = smtp
+</pre>
+
+
+</DD>
+
+<DT><b><a name="delay_logging_resolution_limit">delay_logging_resolution_limit</a>
+(default: 2)</b></DT><DD>
+
+<p> The maximal number of digits after the decimal point when logging
+sub-second delay values. Specify a number in the range 0..6. </p>
+
+<p> Large delay values are rounded off to an integral number of seconds;
+delay values below the <a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> are logged
+as "0", and delay values under 100s are logged with at most two-digit
+precision. </p>
+
+<p> The format of the "delays=a/b/c/d" logging is as follows: </p>
+
+<ul>
+
+<li> a = time from message arrival to last <a href="QSHAPE_README.html#active_queue">active queue</a> entry
+
+<li> b = time from last <a href="QSHAPE_README.html#active_queue">active queue</a> entry to connection setup
+
+<li> c = time in connection setup, including DNS, EHLO and STARTTLS
+
+<li> d = time in message transmission
+
+</ul>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="delay_notice_recipient">delay_notice_recipient</a>
+(default: postmaster)</b></DT><DD>
+
+<p>
+The recipient of postmaster notifications with the message headers
+of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time
+units. </p>
+
+<p>
+See also: <a href="postconf.5.html#delay_warning_time">delay_warning_time</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="delay_warning_time">delay_warning_time</a>
+(default: 0h)</b></DT><DD>
+
+<p>
+The time after which the sender receives a copy of the message
+headers of mail that is still queued. The <a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a>
+parameter controls sender notification when the delay clears up.
+</p>
+
+<p>
+To enable this feature, specify a non-zero time value (an integral
+value plus an optional one-letter suffix that specifies the time
+unit).
+</p>
+
+<p>
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours).
+</p>
+
+<p>
+See also: <a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a>, <a href="postconf.5.html#notify_classes">notify_classes</a>, <a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="deliver_lock_attempts">deliver_lock_attempts</a>
+(default: 20)</b></DT><DD>
+
+<p>
+The maximal number of attempts to acquire an exclusive lock on a
+mailbox file or <a href="bounce.8.html">bounce(8)</a> logfile.
+</p>
+
+
+</DD>
+
+<DT><b><a name="deliver_lock_delay">deliver_lock_delay</a>
+(default: 1s)</b></DT><DD>
+
+<p>
+The time between attempts to acquire an exclusive lock on a mailbox
+file or <a href="bounce.8.html">bounce(8)</a> logfile.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a>
+(default: no)</b></DT><DD>
+
+<p> Make the queue manager's feedback algorithm verbose for performance
+analysis purposes. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="detect_8bit_encoding_header">detect_8bit_encoding_header</a>
+(default: yes)</b></DT><DD>
+
+<p> Automatically detect 8BITMIME body content by looking at
+Content-Transfer-Encoding: message headers; historically, this
+behavior was hard-coded to be "always on". </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="disable_dns_lookups">disable_dns_lookups</a>
+(default: no)</b></DT><DD>
+
+<p>
+Disable DNS lookups in the Postfix SMTP and LMTP clients. When
+disabled, hosts are looked up with the getaddrinfo() system
+library routine which normally also looks in /etc/hosts. As of
+Postfix 2.11, this parameter is deprecated; use <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
+instead.
+</p>
+
+<p>
+DNS lookups are enabled by default.
+</p>
+
+
+</DD>
+
+<DT><b><a name="disable_mime_input_processing">disable_mime_input_processing</a>
+(default: no)</b></DT><DD>
+
+<p>
+Turn off MIME processing while receiving mail. This means that no
+special treatment is given to Content-Type: message headers, and
+that all text after the initial message headers is considered to
+be part of the message body.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+<p>
+Mime input processing is enabled by default, and is needed in order
+to recognize MIME headers in message content.
+</p>
+
+
+</DD>
+
+<DT><b><a name="disable_mime_output_conversion">disable_mime_output_conversion</a>
+(default: no)</b></DT><DD>
+
+<p>
+Disable the conversion of 8BITMIME format to 7BIT format. Mime
+output conversion is needed when the destination does not advertise
+8BITMIME support.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="disable_verp_bounces">disable_verp_bounces</a>
+(default: no)</b></DT><DD>
+
+<p>
+Disable sending one bounce report per recipient.
+</p>
+
+<p>
+The default, one per recipient, is what ezmlm needs.
+</p>
+
+<p>
+This feature is available in Postfix 1.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="disable_vrfy_command">disable_vrfy_command</a>
+(default: no)</b></DT><DD>
+
+<p>
+Disable the SMTP VRFY command. This stops some techniques used to
+harvest email addresses.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> = no
+</pre>
+
+
+</DD>
+
+<DT><b><a name="dns_ncache_ttl_fix_enable">dns_ncache_ttl_fix_enable</a>
+(default: no)</b></DT><DD>
+
+<p> Enable a workaround for future libc incompatibility. The Postfix
+implementation of <a href="https://tools.ietf.org/html/rfc2308">RFC 2308</a> negative reply caching relies on the
+promise that res_query() and res_search() invoke res_send(), which
+returns the server response in an application buffer even if the
+requested record does not exist. If this promise is broken, specify
+"yes" to enable a workaround for DNS reputation lookups. </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="dnsblog_reply_delay">dnsblog_reply_delay</a>
+(default: 0s)</b></DT><DD>
+
+<p> A debugging aid to artificially delay DNS responses. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a>
+(default: dnsblog)</b></DT><DD>
+
+<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
+service performs DNS allow/denylist lookups. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="dnssec_probe">dnssec_probe</a>
+(default: ns:.)</b></DT><DD>
+
+<p> The DNS query type (default: "ns") and DNS query name (default:
+".") that Postfix may use to determine whether DNSSEC validation
+is available.
+</p>
+
+<p> Background: DNSSEC validation is needed for Postfix DANE support;
+this ensures that Postfix receives TLSA records with secure TLS
+server certificate info. When DNSSEC validation is unavailable,
+mail deliveries using <i>opportunistic</i> DANE will not be protected
+by server certificate info in TLSA records, and mail deliveries
+using <i>mandatory</i> DANE will not be made at all. </p>
+
+<p> By default, a Postfix process will send a DNSSEC probe after
+1) the process made a DNS query that requested DNSSEC validation,
+2) the process did not receive a DNSSEC validated response to this
+query or to an earlier query, and 3) the process did not already
+send a DNSSEC probe. <p>
+
+<p> When the DNSSEC probe has no response, or when the response is
+not DNSSEC validated, Postfix logs a warning that DNSSEC validation
+may be unavailable. </p>
+
+<p> Example: </p>
+
+<pre>
+warning: DNSSEC validation may be unavailable
+warning: reason: <a href="postconf.5.html#dnssec_probe">dnssec_probe</a> 'ns:.' received a response that is not DNSSEC validated
+warning: reason: <a href="postconf.5.html#dnssec_probe">dnssec_probe</a> 'ns:.' received no response: Server failure
+</pre>
+
+<p> Possible reasons why DNSSEC validation may be unavailable: </p>
+
+<ul>
+
+<li> The local /etc/resolv.conf file specifies a DNS resolver that
+does not validate DNSSEC signatures (that's
+$<a href="postconf.5.html#queue_directory">queue_directory</a>/etc/resolv.conf when a Postfix daemon runs in a
+chroot jail).
+
+<li> The local system library does not pass on the "DNSSEC validated"
+bit to Postfix, or Postfix does not know how to ask the library to
+do that.
+
+</ul>
+
+<p> By default, the DNSSEC probe asks for the DNS root zone NS
+records, because resolvers should always have that information
+cached. If Postfix runs on a network where the DNS root zone is not
+reachable, specify a different probe, or specify an empty <a href="postconf.5.html#dnssec_probe">dnssec_probe</a>
+value to disable the feature. </p>
+
+<p> This feature is available in Postfix 3.6 and later. It was backported
+to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. </p>
+
+
+</DD>
+
+<DT><b><a name="dont_remove">dont_remove</a>
+(default: 0)</b></DT><DD>
+
+<p>
+Don't remove queue files and save them to the "saved" mail queue.
+This is a debugging aid. To inspect the envelope information and
+content of a Postfix queue file, use the <a href="postcat.1.html">postcat(1)</a> command.
+</p>
+
+
+</DD>
+
+<DT><b><a name="double_bounce_sender">double_bounce_sender</a>
+(default: double-bounce)</b></DT><DD>
+
+<p> The sender address of postmaster notifications that are generated
+by the mail system. All mail to this address is silently discarded,
+in order to terminate mail bounce loops. </p>
+
+
+</DD>
+
+<DT><b><a name="duplicate_filter_limit">duplicate_filter_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p> The maximal number of addresses remembered by the address
+duplicate filter for <a href="aliases.5.html">aliases(5)</a> or <a href="virtual.5.html">virtual(5)</a> alias expansion, or
+for <a href="showq.8.html">showq(8)</a> queue displays. </p>
+
+
+</DD>
+
+<DT><b><a name="empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a>
+(default: &lt;&gt;)</b></DT><DD>
+
+<p> The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that
+will be used instead of the null sender address. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a>
+(default: &lt;&gt;)</b></DT><DD>
+
+<p>
+The lookup key to be used in <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> tables, instead
+of the null sender address.
+</p>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="empty_address_recipient">empty_address_recipient</a>
+(default: MAILER-DAEMON)</b></DT><DD>
+
+<p>
+The recipient of mail addressed to the null address. Postfix does
+not accept such addresses in SMTP commands, but they may still be
+created locally as the result of configuration or software error.
+</p>
+
+
+</DD>
+
+<DT><b><a name="empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a>
+(default: &lt;&gt;)</b></DT><DD>
+
+<p> The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be
+used instead of the null sender address. </p>
+
+<p> This feature is available in Postfix 2.5 and later. With
+earlier versions, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> lookups were
+skipped for the null sender address. </p>
+
+
+</DD>
+
+<DT><b><a name="enable_errors_to">enable_errors_to</a>
+(default: no)</b></DT><DD>
+
+<p> Report mail delivery errors to the address specified with the
+non-standard Errors-To: message header, instead of the envelope
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
+with older Postfix versions). </p>
+
+
+</DD>
+
+<DT><b><a name="enable_idna2003_compatibility">enable_idna2003_compatibility</a>
+(default: no)</b></DT><DD>
+
+<p> Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
+when converting UTF-8 domain names to/from the ASCII form that is
+used for DNS lookups. Specify "yes" for compatibility with Postfix
+&le; 3.1 (not recommended). This affects the conversion of domain
+names that contain for example the German sz and the Greek zeta.
+See <a href="http://unicode.org/cldr/utility/idna.jsp">http://unicode.org/cldr/utility/idna.jsp</a> for more examples.
+</p>
+
+<p> This feature is available in Postfix 3.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="enable_long_queue_ids">enable_long_queue_ids</a>
+(default: no)</b></DT><DD>
+
+<p> Enable long, non-repeating, queue IDs (queue file names). The
+benefit of non-repeating names is simpler logfile analysis and
+easier queue migration (there is no need to run "postsuper" to
+change queue file names that don't match their message file inode
+number). </p>
+
+<p> Note: see below for how to convert long queue file names to
+Postfix &le; 2.8. </p>
+
+<p> Changing the parameter value to "yes" has the following effects:
+</p>
+
+<ul>
+
+<li> <p> Existing queue file names are not affected. </p>
+
+<li> <p> New queue files are created with names such as 3Pt2mN2VXxznjll.
+These are encoded in a 52-character alphabet that contains digits
+(0-9), upper-case letters (B-Z) and lower-case letters (b-z). For
+safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet.
+The name format is: 6 or more characters for the time in seconds,
+4 characters for the time in microseconds, the 'z'; the remainder
+is the file inode number encoded in the first 51 characters of the
+52-character alphabet. </p>
+
+<li> <p> New messages have a Message-ID header with
+<i>queueID</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>. </p>
+
+<li> <p> The mailq (postqueue -p) output has a wider Queue ID column.
+The number of whitespace-separated fields is not changed. <p>
+
+<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters
+of the queue file creation time in microseconds, after conversion
+into hexadecimal representation. This produces the same queue hashing
+behavior as if the queue file name was created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>
+= no". </p>
+
+</ul>
+
+<p> Changing the parameter value to "no" has the following effects:
+</p>
+
+<ul>
+
+<li> <p> Existing long queue file names are renamed to the short
+form (while running "postfix reload" or "postsuper"). </p>
+
+<li> <p> New queue files are created with names such as C3CD21F3E90
+from a hexadecimal alphabet that contains digits (0-9) and upper-case
+letters (A-F). The name format is: 5 characters for the time in
+microseconds; the remainder is the file inode number. </p>
+
+<li> <p> New messages have a Message-ID header with
+<i>YYYYMMDDHHMMSS.queueid</i>@<i><a href="postconf.5.html#myhostname">myhostname</a></i>, where
+<i>YYYYMMDDHHMMSS</i> are the year, month, day, hour, minute and
+second.
+
+<li> <p> The mailq (postqueue -p) output has the same format as
+with Postfix &le; 2.8. <p>
+
+<li> <p> The <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> algorithm uses the first characters
+of the queue file name, with the hexadecimal representation of the
+file creation time in microseconds. </p>
+
+</ul>
+
+<p> Before migration to Postfix &le; 2.8, the following commands
+are required to convert long queue file names into short names: </p>
+
+<pre>
+# postfix stop
+# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no
+# postsuper
+</pre>
+
+<p> Repeat the postsuper command until it reports no more queue file
+name changes. </p>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="enable_original_recipient">enable_original_recipient</a>
+(default: yes)</b></DT><DD>
+
+<p> Enable support for the original recipient address after an
+address is rewritten to a different address (for example with
+aliasing or with canonical mapping). </p>
+
+<p> The original recipient address is used as follows: </p>
+
+<dl>
+
+<dt> Final delivery </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> =
+yes", the original recipient address is stored in the <b>X-Original-To</b>
+message header. This header may be used to distinguish between
+different recipients that share the same mailbox. </dd>
+
+<dt> Recipient deduplication </dt> <dd> With "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
+= yes", the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate recipient elimination
+based on the content of (original recipient, maybe-rewritten
+recipient) pairs. Otherwise, the <a href="cleanup.8.html">cleanup(8)</a> daemon performs duplicate
+recipient elimination based only on the maybe-rewritten recipient
+address. </dd>
+
+</dl>
+
+<p> Note: with Postfix &le; 3.2 the "setting <a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a>
+= <b>no</b>" breaks address verification for addresses that are
+aliased or otherwise rewritten (Postfix is unable to store the
+address verification result under the original probe destination
+address; instead, it can store the result only under the rewritten
+address). </p>
+
+<p> This feature is available in Postfix 2.1 and later. Postfix
+version 2.0 behaves as if this parameter is always set to <b>yes</b>.
+Postfix versions before 2.0 have no support for the original recipient
+address. </p>
+
+
+</DD>
+
+<DT><b><a name="enable_threaded_bounces">enable_threaded_bounces</a>
+(default: no)</b></DT><DD>
+
+<p> Enable non-delivery, success, and delay notifications that link
+to the original message by including a References: and In-Reply-To:
+header with the original Message-ID value. There are advantages and
+disadvantages to consider. </p>
+
+<dl>
+
+<dt> <b> advantage </b> </dt> <dd> This allows mail readers to present
+a delivery status notification in the same email thread as the original
+message. </dd>
+
+<dt> <b> disadvantage </b> </dt> <dd> This makes it easy for users to
+mistakenly delete the whole email thread (all related messages),
+instead of deleting only the non-delivery notification. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="error_notice_recipient">error_notice_recipient</a>
+(default: postmaster)</b></DT><DD>
+
+<p> The recipient of postmaster notifications about mail delivery
+problems that are caused by policy, resource, software or protocol
+errors. These notifications are enabled with the <a href="postconf.5.html#notify_classes">notify_classes</a>
+parameter. </p>
+
+
+</DD>
+
+<DT><b><a name="error_service_name">error_service_name</a>
+(default: error)</b></DT><DD>
+
+<p>
+The name of the <a href="error.8.html">error(8)</a> pseudo delivery agent. This service always
+returns mail as undeliverable.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="execution_directory_expansion_filter">execution_directory_expansion_filter</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows
+in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>. Characters
+outside the allowed set are replaced by underscores. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="expand_owner_alias">expand_owner_alias</a>
+(default: no)</b></DT><DD>
+
+<p>
+When delivering to an alias "<i>aliasname</i>" that has an
+"owner-<i>aliasname</i>" companion alias, set the envelope sender
+address to the expansion of the "owner-<i>aliasname</i>" alias.
+Normally, Postfix sets the envelope sender address to the name of
+the "owner-<i>aliasname</i>" alias.
+</p>
+
+
+</DD>
+
+<DT><b><a name="export_environment">export_environment</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The list of environment variables that a Postfix process will export
+to non-Postfix processes. The TZ variable is needed for sane
+time keeping on System-V-ish systems.
+</p>
+
+<p>
+Specify a list of names and/or name=value pairs, separated by
+whitespace or comma. Specify "{ name=value }" to protect whitespace
+or comma in parameter values (whitespace after the opening "{" and
+before the closing "}"
+is ignored). The form name=value is supported with Postfix version
+2.1 and later; the use of {} is supported with Postfix 3.0 and
+later. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#export_environment">export_environment</a> = TZ PATH=/bin:/usr/bin
+</pre>
+
+
+</DD>
+
+<DT><b><a name="extract_recipient_limit">extract_recipient_limit</a>
+(default: 10240)</b></DT><DD>
+
+<p>
+The maximal number of recipient addresses that Postfix will extract
+from message headers when mail is submitted with "<b>sendmail -t</b>".
+</p>
+
+<p>
+This feature was removed in Postfix version 2.1.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fallback_relay">fallback_relay</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional list of relay hosts for SMTP destinations that can't be
+found or that are unreachable. With Postfix 2.3 this parameter
+is renamed to <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a>. </p>
+
+<p>
+By default, mail is returned to the sender when a destination is
+not found, and delivery is deferred when a destination is unreachable.
+</p>
+
+<p> The fallback relays must be SMTP destinations. Specify a domain,
+host, host:port, [host]:port, [address] or [address]:port; the form
+[host] turns off MX lookups. If you specify multiple SMTP
+destinations, Postfix will try them in the specified order. </p>
+
+<p> Note: before Postfix 2.2, do not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
+when relaying mail
+for a backup or primary MX domain. Mail would loop between the
+Postfix MX host and the <a href="postconf.5.html#fallback_relay">fallback_relay</a> host when the final destination
+is unavailable. </p>
+
+<ul>
+
+<li> In <a href="postconf.5.html">main.cf</a> specify "<a href="postconf.5.html#relay_transport">relay_transport</a> = relay",
+
+<li> In <a href="master.5.html">master.cf</a> specify "-o <a href="postconf.5.html#fallback_relay">fallback_relay</a> =" (i.e., empty) at
+the end of the <tt>relay</tt> entry.
+
+<li> In transport maps, specify "relay:<i>nexthop...</i>"
+as the right-hand side for backup or primary MX domain entries.
+
+</ul>
+
+<p> Postfix version 2.2 and later will not use the <a href="postconf.5.html#fallback_relay">fallback_relay</a> feature
+for destinations that it is MX host for.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fallback_transport">fallback_transport</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery
+agent should use for names that are not found in the <a href="aliases.5.html">aliases(5)</a>
+or UNIX password database.
+</p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="fallback_transport_maps">fallback_transport_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with per-recipient message delivery
+transports for recipients that the <a href="local.8.html">local(8)</a> delivery agent could
+not find in the <a href="aliases.5.html">aliases(5)</a> or UNIX password database. </p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="fast_flush_domains">fast_flush_domains</a>
+(default: $<a href="postconf.5.html#relay_domains">relay_domains</a>)</b></DT><DD>
+
+<p>
+Optional list of destinations that are eligible for per-destination
+logfiles with mail that is queued to those destinations.
+</p>
+
+<p>
+By default, Postfix maintains "fast flush" logfiles only for
+destinations that the Postfix SMTP server is willing to relay to
+(i.e. the default is: "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>"; see
+the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter in the <a href="postconf.5.html">postconf(5)</a> manual).
+</p>
+
+<p> Specify a list of hosts or domains, "/file/name" patterns or
+"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace. A
+"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
+lookup table is matched when the domain or its parent domain appears
+as lookup key. </p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+parameter value. </p>
+
+<p>
+Specify "<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =" (i.e., empty) to disable the feature
+altogether.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fast_flush_purge_time">fast_flush_purge_time</a>
+(default: 7d)</b></DT><DD>
+
+<p>
+The time after which an empty per-destination "fast flush" logfile
+is deleted.
+</p>
+
+<p>
+You can specify the time as a number, or as a number followed by
+a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
+d=days, w=weeks. The default time unit is days.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fast_flush_refresh_time">fast_flush_refresh_time</a>
+(default: 12h)</b></DT><DD>
+
+<p>
+The time after which a non-empty but unread per-destination "fast
+flush" logfile needs to be refreshed. The contents of a logfile
+are refreshed by requesting delivery of all messages listed in the
+logfile.
+</p>
+
+<p>
+You can specify the time as a number, or as a number followed by
+a letter that indicates the time unit: s=seconds, m=minutes, h=hours,
+d=days, w=weeks. The default time unit is hours.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fault_injection_code">fault_injection_code</a>
+(default: 0)</b></DT><DD>
+
+<p>
+Force specific internal tests to fail, to test the handling of
+errors that are difficult to reproduce otherwise.
+</p>
+
+
+</DD>
+
+<DT><b><a name="flush_service_name">flush_service_name</a>
+(default: flush)</b></DT><DD>
+
+<p>
+The name of the <a href="flush.8.html">flush(8)</a> service. This service maintains per-destination
+logfiles with the queue file names of mail that is queued for those
+destinations.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="fork_attempts">fork_attempts</a>
+(default: 5)</b></DT><DD>
+
+<p> The maximal number of attempts to fork() a child process. </p>
+
+
+</DD>
+
+<DT><b><a name="fork_delay">fork_delay</a>
+(default: 1s)</b></DT><DD>
+
+<p> The delay between attempts to fork() a child process. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="forward_expansion_filter">forward_expansion_filter</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Restrict the characters that the <a href="local.8.html">local(8)</a> delivery agent allows in
+$name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>. Characters outside the
+allowed set are replaced by underscores.
+</p>
+
+
+</DD>
+
+<DT><b><a name="forward_path">forward_path</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The <a href="local.8.html">local(8)</a> delivery agent search list for finding a .forward
+file with user-specified delivery methods. The first file that is
+found is used. </p>
+
+<p> The <a href="postconf.5.html#forward_path">forward_path</a> value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done on <a href="postconf.5.html#forward_path">forward_path</a> before the search actually happens.
+The result of $name expansion is
+filtered with the character set that is specified with the
+<a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> parameter. </p>
+
+<dl>
+
+<dt><b>$user</b></dt>
+
+<dd>The recipient's username. </dd>
+
+<dt><b>$shell</b></dt>
+
+<dd>The recipient's login shell pathname. </dd>
+
+<dt><b>$home</b></dt>
+
+<dd>The recipient's home directory. </dd>
+
+<dt><b>$recipient</b></dt>
+
+<dd>The full recipient address. </dd>
+
+<dt><b>$extension</b></dt>
+
+<dd>The optional recipient address extension. </dd>
+
+<dt><b>$domain</b></dt>
+
+<dd>The recipient domain. </dd>
+
+<dt><b>$local</b></dt>
+
+<dd>The entire recipient localpart. </dd>
+
+<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
+
+<dd>The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the 'first' delimiter specified
+with the system-wide recipient address extension delimiter (Postfix
+3.5.22, 3.5.12, 3.7.8, 3.8.3 and later). Historically, this was
+always the system-wide recipient
+address extension delimiter (Postfix 2.10 and earlier). </dd>
+
+<dt><b>${name?value}</b></dt>
+
+<dt><b>${name?{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
+
+<dt><b>${name:value}</b></dt>
+
+<dt><b>${name:{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
+
+<dt><b>${name?{value1}:{value2}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty,
+<i>value2</i> otherwise. </dd>
+
+</dl>
+
+<p>
+Instead of $name you can also specify ${name} or $(name).
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#forward_path">forward_path</a> = /var/forward/$user
+<a href="postconf.5.html#forward_path">forward_path</a> =
+ /var/forward/$user/.forward$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>$extension,
+ /var/forward/$user/.forward
+</pre>
+
+
+</DD>
+
+<DT><b><a name="frozen_delivered_to">frozen_delivered_to</a>
+(default: yes)</b></DT><DD>
+
+<p> Update the <a href="local.8.html">local(8)</a> delivery agent's idea of the Delivered-To:
+address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of
+a delivery attempt; do not update the Delivered-To: address while
+expanding aliases or .forward files. </p>
+
+<p> This feature is available in Postfix 2.3 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". The old setting can be expensive with deeply nested aliases
+or .forward files. When an alias or .forward file changes the
+Delivered-To: address, it ties up one queue file and one cleanup
+process instance while mail is being forwarded. </p>
+
+
+</DD>
+
+<DT><b><a name="hash_queue_depth">hash_queue_depth</a>
+(default: 1)</b></DT><DD>
+
+<p>
+The number of subdirectory levels for queue directories listed with
+the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter. Queue hashing is implemented by
+creating one or more levels of directories with one-character names.
+Originally, these directory names were equal to the first characters
+of the queue file name, with the hexadecimal representation of the
+file creation time in microseconds. </p>
+
+<p> With long queue file names, queue hashing produces the same
+results as with short names. The file creation time in microseconds
+is converted into hexadecimal form before the result is used for
+queue hashing. The base 16 encoding gives finer control over the
+number of subdirectories than is possible with the base 52 encoding
+of long queue file names. </p>
+
+<p>
+After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter,
+execute the command "<b>postfix reload</b>".
+</p>
+
+
+</DD>
+
+<DT><b><a name="hash_queue_names">hash_queue_names</a>
+(default: deferred, defer)</b></DT><DD>
+
+<p>
+The names of queue directories that are split across multiple
+subdirectory levels.
+</p>
+
+<p> Before Postfix version 2.2, the default list of hashed queues
+was significantly larger. Claims about improvements in file system
+technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>
+is no longer needed. Fewer hashed directories speed up the time
+needed to restart Postfix. </p>
+
+<p>
+After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter,
+execute the command "<b>postfix reload</b>".
+</p>
+
+
+</DD>
+
+<DT><b><a name="header_address_token_limit">header_address_token_limit</a>
+(default: 10240)</b></DT><DD>
+
+<p>
+The maximal number of address tokens are allowed in an address
+message header. Information that exceeds the limit is discarded.
+The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a> server.
+</p>
+
+
+</DD>
+
+<DT><b><a name="header_checks">header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables for content inspection of primary non-MIME
+message headers, as specified in the <a href="header_checks.5.html">header_checks(5)</a> manual page.
+</p>
+
+
+</DD>
+
+<DT><b><a name="header_from_format">header_from_format</a>
+(default: standard)</b></DT><DD>
+
+<p> The format of the Postfix-generated <b>From:</b> header. This
+setting affects the appearance of 'full name' information when a
+local program such as /bin/mail submits a message without a From:
+header through the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. </p>
+
+<p> Specify one of the following: </p>
+
+<dl>
+
+<dt><b>standard</b> (default)</dt> <dd> Produce a header formatted
+as "<b>From:</b> <i>name</i><b> &lt;</b><i>address</i><b>&gt;</b>".
+This is the default as of Postfix 3.3.</dd>
+
+<dt><b>obsolete</b></dt> <dd>Produce a header formatted as "<b>From:</b>
+<i>address</i> <b>(</b><i>name</i><b>)</b>". This is the behavior
+prior to Postfix 3.3. </dd>
+
+</dl>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Postfix generates the format "<b>From:</b> <i>address</i>"
+when <i>name</i> information is unavailable or the envelope sender
+address is empty. This is the same behavior as prior to Postfix
+3.3. </p>
+
+<li> <p> In the <b>standard</b> form, the <i>name</i> will be quoted
+if it contains <b>specials</b> as defined in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>, or the "!%"
+address operators. </p>
+
+<li> <p> The Postfix <a href="sendmail.1.html">sendmail(1)</a> command gets <i>name</i> information
+from the <b>-F</b> command-line option, from the <b>NAME</b>
+environment variable, or from the UNIX password file. </p>
+
+</ul>
+
+<p> This feature is available in Postfix 3.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="header_size_limit">header_size_limit</a>
+(default: 102400)</b></DT><DD>
+
+<p>
+The maximal amount of memory in bytes for storing a message header.
+If a header is larger, the excess is discarded. The limit is
+enforced by the <a href="cleanup.8.html">cleanup(8)</a> server.
+</p>
+
+
+</DD>
+
+<DT><b><a name="helpful_warnings">helpful_warnings</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Log warnings about problematic configuration settings, and provide
+helpful suggestions.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="home_mailbox">home_mailbox</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional pathname of a mailbox file relative to a <a href="local.8.html">local(8)</a> user's
+home directory.
+</p>
+
+<p>
+Specify a pathname ending in "/" for qmail-style delivery.
+</p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Mailbox
+<a href="postconf.5.html#home_mailbox">home_mailbox</a> = Maildir/
+</pre>
+
+
+</DD>
+
+<DT><b><a name="hopcount_limit">hopcount_limit</a>
+(default: 50)</b></DT><DD>
+
+<p>
+The maximal number of Received: message headers that is allowed
+in the primary message headers. A message that exceeds the limit
+is bounced, in order to stop a mailer loop.
+</p>
+
+
+</DD>
+
+<DT><b><a name="html_directory">html_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The location of Postfix HTML files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+</p>
+
+
+</DD>
+
+<DT><b><a name="ignore_mx_lookup_error">ignore_mx_lookup_error</a>
+(default: no)</b></DT><DD>
+
+<p> Ignore DNS MX lookups that produce no response. By default,
+the Postfix SMTP client defers delivery and tries again after some
+delay. This behavior is required by the SMTP standard. </p>
+
+<p>
+Specify "<a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> = yes" to force a DNS A record
+lookup instead. This violates the SMTP standard and can result in
+mis-delivery of mail.
+</p>
+
+
+</DD>
+
+<DT><b><a name="ignore_srv_lookup_error">ignore_srv_lookup_error</a>
+(default: no)</b></DT><DD>
+
+<p> When SRV record lookup fails, fall back to MX or IP address
+lookup as if SRV record lookup was not enabled. </p>
+
+<p> This feature is available in Postfix 3.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="import_environment">import_environment</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The list of environment variables that a privileged Postfix
+process will import from a non-Postfix parent process, or name=value
+environment overrides. Unprivileged utilities will enforce the
+name=value overrides, but otherwise will not change their process
+environment. Examples of relevant environment variables: </p>
+
+<dl>
+
+<dt><b>TZ</b></dt>
+
+<dd>May be needed for sane time keeping on most System-V-ish systems.
+</dd>
+
+<dt><b>DISPLAY</b></dt>
+
+<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
+
+<dt><b>XAUTHORITY</b></dt>
+
+<dd>Needed for debugging Postfix daemons with an X-windows debugger. </dd>
+
+<dt><b>MAIL_CONFIG</b></dt>
+
+<dd>Needed to make "<b>postfix -c</b>" work. </dd>
+
+<dt><b>POSTLOG_SERVICE</b></dt>
+
+<dd>Needed to make "<b><a href="postconf.5.html#maillog_file">maillog_file</a></b>" work during daemon
+process initialization. </dd>
+
+<dt><b>POSTLOG_HOSTNAME</b></dt>
+
+<dd>Needed to make "<b><a href="postconf.5.html#maillog_file">maillog_file</a></b>" work during daemon
+process initialization. </dd>
+
+</dl>
+
+<p> Specify a list of names and/or name=value pairs, separated by
+whitespace or comma. Specify "{ name=value }" to protect whitespace
+or comma in environment variable values (whitespace after the opening "{" and
+before the closing "}"
+is ignored). The form name=value is supported with Postfix version
+2.1 and later; the use of {} is supported with Postfix 3.0 and
+later. </p>
+
+
+</DD>
+
+<DT><b><a name="in_flow_delay">in_flow_delay</a>
+(default: 1s)</b></DT><DD>
+
+<p> Time to pause before accepting a new message, when the message
+arrival rate exceeds the message delivery rate. This feature is
+turned on by default (it's disabled on SCO UNIX due to an SCO bug).
+</p>
+
+<p>
+With the default 100 Postfix SMTP server process limit, "<a href="postconf.5.html#in_flow_delay">in_flow_delay</a>
+= 1s" limits the mail inflow to 100 messages per second above the
+number of messages delivered per second.
+</p>
+
+<p>
+Specify 0 to disable the feature. Valid delays are 0..10.
+</p>
+
+
+</DD>
+
+<DT><b><a name="inet_interfaces">inet_interfaces</a>
+(default: all)</b></DT><DD>
+
+<p> The local network interface addresses that this mail system receives
+mail on. Specify "all" to receive mail on all network
+interfaces (default), and "loopback-only" to receive mail
+on loopback network interfaces only (Postfix version 2.2 and later). The
+parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
+</p>
+
+<p>
+Note 1: you need to stop and start Postfix when this parameter changes.
+</p>
+
+<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
+but this form is not required here. </p>
+
+<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address
+that is not a loopback address, the Postfix SMTP client will use
+this address as the IP source address for outbound mail. Support
+for IPv6 is available in Postfix version 2.2 and later. </p>
+
+<p>
+On a multi-homed firewall with separate Postfix instances listening on the
+"inside" and "outside" interfaces, this can prevent each instance from
+being able to reach remote SMTP servers on the "other side" of the
+firewall. Setting
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for
+IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem
+for IPv6. </p>
+
+<p>
+A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+at the default value and instead use explicit IP addresses in
+the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix
+SMTP client's
+loop detection, by ensuring that each side of the firewall knows that the
+other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
+single IPv4 and/or IPV6 address is primarily useful with virtual
+hosting of domains on
+secondary IP addresses, when each IP address serves a different domain
+(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p>
+
+<p>
+See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that
+are forwarded to Postfix by way of a proxy or address translator.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT)
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later)
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later)
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1
+</pre>
+
+
+</DD>
+
+<DT><b><a name="inet_protocols">inet_protocols</a>
+(default: see 'postconf -d output')</b></DT><DD>
+
+<p> The Internet protocols Postfix will attempt to use when making
+or accepting connections. Specify one or more of "ipv4"
+or "ipv6", separated by whitespace or commas. The form
+"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
+on whether the operating system implements IPv6. </p>
+
+<p> With Postfix 2.8 and earlier the default is "ipv4". For backwards
+compatibility with these releases, the Postfix 2.9 and later upgrade
+procedure appends an explicit "<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4" setting to
+<a href="postconf.5.html">main.cf</a> when no explicit setting is present. This compatibility
+workaround will be phased out as IPv6 deployment becomes more common.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p> Note: you MUST stop and start Postfix after changing this
+parameter. </p>
+
+<p> On systems that pre-date IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>), an
+IPv6 server will also accept IPv4 connections, even when IPv4 is
+turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with
+IPV6_V6ONLY support, Postfix will use separate server sockets for
+IPv6 and IPv4, and each will accept only connections for the
+corresponding protocol. </p>
+
+<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
+Postfix will look up DNS type A records, and will convert
+IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
+IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
+IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
+
+<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
+Postfix will do DNS type AAAA record lookups. </p>
+
+<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
+client will choose the protocol as specified with the
+<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> parameter. Postfix versions before 2.8
+attempt to connect via IPv6 before attempting to use IPv4. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (DEFAULT)
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6
+<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6
+</pre>
+
+
+</DD>
+
+<DT><b><a name="info_log_address_format">info_log_address_format</a>
+(default: external)</b></DT><DD>
+
+<p> The email address form that will be used in non-debug logging
+(info, warning, etc.). As of Postfix 3.5 when an address localpart
+contains spaces or other special characters, the localpart will be
+quoted, for example: </p>
+
+<blockquote>
+<pre>
+ from=&lt;"name with spaces"@example.com&gt;
+</pre>
+</blockquote>
+
+<p> Older Postfix versions would log the internal (unquoted) form: </p>
+
+<blockquote>
+<pre>
+ from=&lt;name with spaces@example.com&gt;
+</pre>
+</blockquote>
+
+<p> The external and internal forms are identical for the vast
+majority of email addresses that contain no spaces or other special
+characters in the localpart. </p>
+
+<p> The logging in external form is consistent with the address
+form that Postfix 3.2 and later prefer for most table lookups. This
+is therefore the more useful form for non-debug logging. </p>
+
+<p> Specify "<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> = internal</b>" for backwards
+compatibility. </p>
+
+<p> Postfix uses the unquoted form internally, because an attacker
+can specify an email address in different forms by playing games
+with quotes and backslashes. An attacker should not be able to use
+such games to circumvent Postfix access policies. </p>
+
+<p> This feature is available in Postfix 3.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="initial_destination_concurrency">initial_destination_concurrency</a>
+(default: 5)</b></DT><DD>
+
+<p>
+The initial per-destination concurrency level for parallel delivery
+to the same destination.
+With per-destination recipient limit &gt; 1, a destination is a domain,
+otherwise it is a recipient.
+</p>
+
+<p> Use <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> to specify
+a transport-specific override, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+name of the message delivery transport (Postfix 2.5 and later). </p>
+
+<p>
+Warning: with concurrency of 1, one bad message can be enough to
+block all mail to a site.
+</p>
+
+
+</DD>
+
+<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a>
+(default: empty)</b></DT><DD>
+
+<p> What categories of Postfix-generated mail are subject to
+before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a>
+and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated
+by whitespace or comma. </p>
+
+<dl>
+
+<dt><b>bounce</b></dt> <dd> Inspect the content of delivery
+status notifications. </dd>
+
+<dt><b>notify</b></dt> <dd> Inspect the content of postmaster
+notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd>
+
+</dl>
+
+<p> NOTE: It's generally not safe to enable content inspection of
+Postfix-generated email messages. The user is warned. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a>
+(default: 501)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when the client
+HELO or EHLO command parameter is rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
+restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="ipc_idle">ipc_idle</a>
+(default: version dependent)</b></DT><DD>
+
+<p>
+The time after which a client closes an idle internal communication
+channel. The purpose is to allow Postfix daemon processes to
+terminate voluntarily after they become idle. This is used, for
+example, by the Postfix address resolving and rewriting clients.
+</p>
+
+<p> With Postfix 2.4 the default value was reduced from 100s to 5s. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="ipc_timeout">ipc_timeout</a>
+(default: 3600s)</b></DT><DD>
+
+<p>
+The time limit for sending or receiving information over an internal
+communication channel. The purpose is to break out of deadlock
+situations. If the time limit is exceeded the software aborts with a
+fatal error.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="ipc_ttl">ipc_ttl</a>
+(default: 1000s)</b></DT><DD>
+
+<p>
+The time after which a client closes an active internal communication
+channel. The purpose is to allow Postfix daemon processes to
+terminate voluntarily
+after reaching their client limit. This is used, for example, by
+the Postfix address resolving and rewriting clients.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="known_tcp_ports">known_tcp_ports</a>
+(default: lmtp=24, smtp=25, smtps=submissions=465, submission=587)</b></DT><DD>
+
+<p> Optional setting that avoids lookups in the services(5) database.
+This feature was implemented to address inconsistencies in the name
+of the port "465" service. The ABNF is:
+</p>
+
+<blockquote>
+<p>
+<a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> = empty | name-to-port *("," name-to-port) <br>
+name-to-port = 1*(service-name "=') port-number
+</p>
+</blockquote>
+
+<p> The comma is required. Whitespace is optional but it cannot appear
+inside a service name or port number. </p>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="line_length_limit">line_length_limit</a>
+(default: 2048)</b></DT><DD>
+
+<p> Upon input, long lines are chopped up into pieces of at most
+this length; upon delivery, long lines are reconstructed. </p>
+
+
+</DD>
+
+<DT><b><a name="lmdb_map_size">lmdb_map_size</a>
+(default: 16777216)</b></DT><DD>
+
+<p>
+The initial OpenLDAP LMDB database size limit in bytes. Each time
+a database becomes full, its size limit is doubled.
+</p>
+
+<p>
+This feature is available in Postfix 2.11 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a>
+(default: ipv6)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_address_verify_target">lmtp_address_verify_target</a>
+(default: rcpt)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a>
+(default: no)</b></DT><DD>
+
+<p> When a remote LMTP server announces no DSN support, assume that
+the
+server performs final delivery, and send "delivered" delivery status
+notifications instead of "relayed". The default setting is backwards
+compatible to avoid the infinitesimal possibility of breaking
+existing LMTP-based content filters. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_balance_inet_protocols">lmtp_balance_inet_protocols</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_bind_address">lmtp_bind_address</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_bind_address6">lmtp_bind_address6</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_bind_address_enforce">lmtp_bind_address_enforce</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_body_checks">lmtp_body_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_cache_connection">lmtp_cache_connection</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+seconds. When the LMTP client receives a request for the same
+connection the connection is reused.
+</p>
+
+<p> This parameter is available in Postfix version 2.2 and earlier.
+With Postfix version 2.3 and later, see <a href="postconf.5.html#lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>,
+<a href="postconf.5.html#lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>, or <a href="postconf.5.html#lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>.
+</p>
+
+<p>
+The effectiveness of cached connections will be determined by the
+number of remote LMTP servers in use, and the concurrency limit specified
+for the Postfix LMTP client. Cached connections are closed under any of
+the following conditions:
+</p>
+
+<ul>
+
+<li> The Postfix LMTP client idle time limit is reached. This limit is
+specified with the Postfix <a href="postconf.5.html#max_idle">max_idle</a> configuration parameter.
+
+<li> A delivery request specifies a different destination than the
+one currently cached.
+
+<li> The per-process limit on the number of delivery requests is
+reached. This limit is specified with the Postfix <a href="postconf.5.html#max_use">max_use</a>
+configuration parameter.
+
+<li> Upon the onset of another delivery request, the remote LMTP server
+associated with the current session does not respond to the RSET
+command.
+
+</ul>
+
+<p>
+Most of these limitations have been with the Postfix
+connection cache that is shared among multiple LMTP client
+programs.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_cname_overrides_servername">lmtp_cname_overrides_servername</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connect_timeout">lmtp_connect_timeout</a>
+(default: 0s)</b></DT><DD>
+
+<p> The Postfix LMTP client time limit for completing a TCP connection, or
+zero (use the operating system built-in time limit). When no
+connection can be made within the deadline, the LMTP client tries
+the next address on the mail exchanger list. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#lmtp_connect_timeout">lmtp_connect_timeout</a> = 30s
+</pre>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connection_cache_destinations">lmtp_connection_cache_destinations</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connection_cache_on_demand">lmtp_connection_cache_on_demand</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connection_cache_time_limit">lmtp_connection_cache_time_limit</a>
+(default: 2s)</b></DT><DD>
+
+<p> The LMTP-specific version of the
+<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> configuration parameter.
+See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connection_reuse_count_limit">lmtp_connection_reuse_count_limit</a>
+(default: 0)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_connection_reuse_time_limit">lmtp_connection_reuse_time_limit</a>
+(default: 300s)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_data_done_timeout">lmtp_data_done_timeout</a>
+(default: 600s)</b></DT><DD>
+
+<p> The Postfix LMTP client time limit for sending the LMTP ".",
+and for receiving the remote LMTP server response. When no response
+is received within the deadline, a warning is logged that the mail
+may be delivered multiple times. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_data_init_timeout">lmtp_data_init_timeout</a>
+(default: 120s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the LMTP DATA command,
+and
+for receiving the remote LMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a>
+(default: 180s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the LMTP message
+content.
+When the connection stalls for more than $<a href="postconf.5.html#lmtp_data_xfer_timeout">lmtp_data_xfer_timeout</a>
+the LMTP client terminates the transfer.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_defer_if_no_mx_address_found">lmtp_defer_if_no_mx_address_found</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_delivery_status_filter">lmtp_delivery_status_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
+
+<p> The maximal number of parallel deliveries to the same destination
+via the lmtp message delivery transport. This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_destination_recipient_limit">lmtp_destination_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
+
+<p> The maximal number of recipients per message for the lmtp
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Setting this parameter to a value of 1 changes the meaning of
+<a href="postconf.5.html#lmtp_destination_concurrency_limit">lmtp_destination_concurrency_limit</a> from concurrency per domain into
+concurrency per recipient. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote LMTP server address, with
+case insensitive lists of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server. See <a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> for
+details. The table is not indexed by hostname for consistency with
+<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a>
+(default: empty)</b></DT><DD>
+
+<p> A case insensitive list of LHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+response
+from a remote LMTP server. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the <a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> feature to
+discard LHLO keywords selectively. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="lmtp_dns_reply_filter">lmtp_dns_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional filter for Postfix LMTP client DNS lookup results.
+See <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> for details including an example. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_dns_resolver_options">lmtp_dns_resolver_options</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_dns_support_level">lmtp_dns_support_level</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_fallback_relay">lmtp_fallback_relay</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional list of relay hosts for LMTP destinations that can't be
+found or that are unreachable. In <a href="postconf.5.html">main.cf</a> elements are separated by
+whitespace or commas. </p>
+
+<p> By default, mail is returned to the sender when a destination is not
+found, and delivery is deferred when a destination is unreachable. </p>
+
+<p> The fallback relays must be TCP destinations, specified without
+a leading "inet:" prefix. Specify a host or host:port. Since MX
+lookups do not apply with LMTP, there is no need to use the "[host]" or
+"[host]:port" forms. If you specify multiple LMTP destinations, Postfix
+will try them in the specified order. </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_generic_maps">lmtp_generic_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_header_checks">lmtp_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_host_lookup">lmtp_host_lookup</a>
+(default: dns)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_lhlo_name">lmtp_lhlo_name</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p>
+The hostname to send in the LMTP LHLO command.
+</p>
+
+<p>
+The default value is the machine hostname. Specify a hostname or
+[ip.add.re.ss] or [ip:v6:add:re::ss].
+</p>
+
+<p>
+This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all LMTP
+clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific
+client, for example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ mylmtp ... lmtp -o <a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a>=foo.bar.com
+</pre>
+</blockquote>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_lhlo_timeout">lmtp_lhlo_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p> The Postfix LMTP client time limit for sending the LHLO command,
+and for receiving the initial remote LMTP server response. </p>
+
+<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
+(weeks). The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_line_length_limit">lmtp_line_length_limit</a>
+(default: 998)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_mail_timeout">lmtp_mail_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the MAIL FROM command,
+and for receiving the remote LMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_mime_header_checks">lmtp_mime_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_min_data_rate">lmtp_min_data_rate</a>
+(default: 500)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_mx_address_limit">lmtp_mx_address_limit</a>
+(default: 5)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_mx_session_limit">lmtp_mx_session_limit</a>
+(default: 2)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_nested_header_checks">lmtp_nested_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_per_record_deadline">lmtp_per_record_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_per_request_deadline">lmtp_per_request_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_pix_workaround_delay_time">lmtp_pix_workaround_delay_time</a>
+(default: 10s)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_pix_workaround_maps">lmtp_pix_workaround_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_pix_workaround_threshold_time">lmtp_pix_workaround_threshold_time</a>
+(default: 500s)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_pix_workarounds">lmtp_pix_workarounds</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the smtp_pix_workaround
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_quit_timeout">lmtp_quit_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the QUIT command,
+and for receiving the remote LMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_quote_rfc821_envelope">lmtp_quote_rfc821_envelope</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_randomize_addresses">lmtp_randomize_addresses</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_rcpt_timeout">lmtp_rcpt_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the RCPT TO command,
+and for receiving the remote LMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_reply_filter">lmtp_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_rset_timeout">lmtp_rset_timeout</a>
+(default: 20s)</b></DT><DD>
+
+<p> The Postfix LMTP client time limit for sending the RSET command,
+and for receiving the remote LMTP server response. The LMTP client
+sends RSET in
+order to finish a recipient address probe, or to verify that a
+cached connection is still alive. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_auth_cache_name">lmtp_sasl_auth_cache_name</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_auth_cache_time">lmtp_sasl_auth_cache_time</a>
+(default: 90d)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_auth_enable">lmtp_sasl_auth_enable</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable SASL authentication in the Postfix LMTP client.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_auth_soft_bounce">lmtp_sasl_auth_soft_bounce</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_password_maps">lmtp_sasl_password_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional Postfix LMTP client lookup tables with one username:password entry
+per host or domain. If a remote host or domain has no username:password
+entry, then the Postfix LMTP client will not attempt to authenticate
+to the remote host.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_path">lmtp_sasl_path</a>
+(default: empty)</b></DT><DD>
+
+<p> Implementation-specific information that is passed through to
+the SASL plug-in implementation that is selected with
+<b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. Typically this specifies the name of a
+configuration file or rendezvous point. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_security_options">lmtp_sasl_security_options</a>
+(default: noplaintext, noanonymous)</b></DT><DD>
+
+<p> SASL security options; as of Postfix 2.3 the list of available
+features depends on the SASL client implementation that is selected
+with <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b>. </p>
+
+<p> The following security features are defined for the <b>cyrus</b>
+client SASL implementation: </p>
+
+<dl>
+
+<dt><b>noplaintext</b></dt>
+
+<dd>Disallow authentication methods that use plaintext passwords. </dd>
+
+<dt><b>noactive</b></dt>
+
+<dd>Disallow authentication methods that are vulnerable to non-dictionary
+active attacks. </dd>
+
+<dt><b>nodictionary</b></dt>
+
+<dd>Disallow authentication methods that are vulnerable to passive
+dictionary attacks. </dd>
+
+<dt><b>noanonymous</b></dt>
+
+<dd>Disallow anonymous logins. </dd>
+
+</dl>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a> = noplaintext
+</pre>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>
+(default: $<a href="postconf.5.html#lmtp_sasl_security_options">lmtp_sasl_security_options</a>)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_tls_verified_security_options">lmtp_sasl_tls_verified_security_options</a>
+(default: $<a href="postconf.5.html#lmtp_sasl_tls_security_options">lmtp_sasl_tls_security_options</a>)</b></DT><DD>
+
+<p> The LMTP-specific version of the
+<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> configuration parameter.
+See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sasl_type">lmtp_sasl_type</a>
+(default: cyrus)</b></DT><DD>
+
+<p> The SASL plug-in type that the Postfix LMTP client should use
+for authentication. The available types are listed with the
+"<b>postconf -A</b>" command. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_send_dummy_mail_auth">lmtp_send_dummy_mail_auth</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_send_xforward_command">lmtp_send_xforward_command</a>
+(default: no)</b></DT><DD>
+
+<p>
+Send an XFORWARD command to the remote LMTP server when the LMTP LHLO
+server response announces XFORWARD support. This allows an <a href="lmtp.8.html">lmtp(8)</a>
+delivery agent, used for content filter message injection, to
+forward the name, address, protocol and HELO name of the original
+client to the content filter and downstream LMTP server.
+Before you change the value to yes, it is best to make sure that
+your content filter supports this command.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_sender_dependent_authentication">lmtp_sender_dependent_authentication</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_skip_5xx_greeting">lmtp_skip_5xx_greeting</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_skip_quit_response">lmtp_skip_quit_response</a>
+(default: no)</b></DT><DD>
+
+<p>
+Wait for the response to the LMTP QUIT command.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_starttls_timeout">lmtp_starttls_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tcp_port">lmtp_tcp_port</a>
+(default: 24)</b></DT><DD>
+
+<p>
+The default TCP port that the Postfix LMTP client connects to.
+Specify a symbolic name (see services(5)) or a numeric port.
+</p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_CAfile">lmtp_tls_CAfile</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_CApath">lmtp_tls_CApath</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_block_early_mail_reply">lmtp_tls_block_early_mail_reply</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_cert_file">lmtp_tls_cert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_chain_files">lmtp_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_connection_reuse">lmtp_tls_connection_reuse</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_dkey_file">lmtp_tls_dkey_file</a>
+(default: $<a href="postconf.5.html#lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_eccert_file">lmtp_tls_eccert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_eckey_file">lmtp_tls_eckey_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_enforce_peername">lmtp_tls_enforce_peername</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_exclude_ciphers">lmtp_tls_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_fingerprint_cert_match">lmtp_tls_fingerprint_cert_match</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_fingerprint_digest">lmtp_tls_fingerprint_digest</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_force_insecure_host_tlsa_lookup">lmtp_tls_force_insecure_host_tlsa_lookup</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_key_file">lmtp_tls_key_file</a>
+(default: $<a href="postconf.5.html#lmtp_tls_cert_file">lmtp_tls_cert_file</a>)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_loglevel">lmtp_tls_loglevel</a>
+(default: 0)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_mandatory_exclude_ciphers">lmtp_tls_mandatory_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_mandatory_protocols">lmtp_tls_mandatory_protocols</a>
+(default: see postconf -d output)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_note_starttls_offer">lmtp_tls_note_starttls_offer</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_per_site">lmtp_tls_per_site</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_policy_maps">lmtp_tls_policy_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a>
+(default: see postconf -d output)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a>
+(default: 9)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_secure_cert_match">lmtp_tls_secure_cert_match</a>
+(default: nexthop)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_security_level">lmtp_tls_security_level</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_servername">lmtp_tls_servername</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a>
+(default: 3600s)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_trust_anchor_file">lmtp_tls_trust_anchor_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_verify_cert_match">lmtp_tls_verify_cert_match</a>
+(default: hostname)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_tls_wrappermode">lmtp_tls_wrappermode</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_use_tls">lmtp_use_tls</a>
+(default: no)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="lmtp_xforward_timeout">lmtp_xforward_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix LMTP client time limit for sending the XFORWARD command,
+and for receiving the remote LMTP server response.
+</p>
+
+<p>
+In case of problems the client does NOT try the next address on
+the mail exchanger list.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="local_command_shell">local_command_shell</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix commands.
+By default, non-Postfix commands are executed directly; commands
+are given to the default shell (typically, /bin/sh) only when they
+contain shell meta characters or shell built-in commands.
+</p>
+
+<p> "sendmail's restricted shell" (smrsh) is what most people will
+use in order to restrict what programs can be run from e.g. .forward
+files (smrsh is part of the Sendmail distribution). </p>
+
+<p> Note: when a shell program is specified, it is invoked even
+when the command contains no shell built-in commands or meta
+characters. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c
+<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c
+</pre>
+
+
+</DD>
+
+<DT><b><a name="local_delivery_status_filter">local_delivery_status_filter</a>
+(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD>
+
+<p> Optional filter for the <a href="local.8.html">local(8)</a> delivery agent to change the
+status code or explanatory text of successful or unsuccessful
+deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="local_destination_concurrency_limit">local_destination_concurrency_limit</a>
+(default: 2)</b></DT><DD>
+
+<p> The maximal number of parallel deliveries via the local mail
+delivery transport to the same recipient (when
+"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or the maximal number of
+parallel deliveries to the same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when
+"<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> &gt; 1"). This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> A low limit of 2 is recommended, just in case someone has an
+expensive shell command in a .forward file or in an alias (e.g.,
+a mailing list manager). You don't want to run lots of those at
+the same time. </p>
+
+
+</DD>
+
+<DT><b><a name="local_destination_recipient_limit">local_destination_recipient_limit</a>
+(default: 1)</b></DT><DD>
+
+<p> The maximal number of recipients per message delivery via the
+local mail delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Setting this parameter to a value &gt; 1 changes the meaning of
+<a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> from concurrency per recipient
+into concurrency per domain. </p>
+
+
+</DD>
+
+<DT><b><a name="local_header_rewrite_clients">local_header_rewrite_clients</a>
+(default: <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b></DT><DD>
+
+<p> Rewrite or add message headers in mail from these clients,
+updating incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
+$<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers. </p>
+
+<p> See the <a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> and <a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> parameters
+for details of how domain names are appended to incomplete addresses.
+</p>
+
+<p> See <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> to optionally rewrite or add
+message headers in mail from other clients. </p>
+
+<p> Specify a list of zero or more of the following: </p>
+
+<dl>
+
+<dt><b><a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+client IP address matches $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. This is enabled by
+default. </dd>
+
+<dt><b><a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a></b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+client IP address matches any network or network address listed in
+$<a href="postconf.5.html#mynetworks">mynetworks</a>. This setting will not prevent remote mail header
+address rewriting when mail from a remote client is forwarded by
+a neighboring system. </dd>
+
+<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+client is successfully authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
+protocol. </dd>
+
+<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+remote SMTP client TLS certificate fingerprint or public key fingerprint
+(Postfix 2.9 and later) is listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>.
+The fingerprint digest algorithm is configurable via the
+<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
+Postfix version 2.5). </dd>
+
+<dd> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. The best-practice
+algorithm is now <b>sha256</b>. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe. </dd>
+
+<dt><b><a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a> </b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+remote SMTP client TLS certificate is successfully verified, regardless of
+whether it is listed on the server, and regardless of the certifying
+authority. </dd>
+
+<dt><b><a name="check_address_map">check_address_map</a> <i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
+
+<dt><b><i><a href="DATABASE_README.html">type:table</a></i> </b></dt>
+
+<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
+client IP address matches the specified lookup table.
+The lookup result is ignored, and no subnet lookup is done. This
+is suitable for, e.g., pop-before-smtp lookup tables. </dd>
+
+</dl>
+
+<p> Examples: </p>
+
+<p> The Postfix &lt; 2.2 backwards compatible setting: always rewrite
+message headers, and always append my own domain to incomplete
+header addresses. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+</blockquote>
+
+<p> The purist (and default) setting: rewrite headers only in mail
+from Postfix sendmail and in SMTP mail from this machine. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>
+</pre>
+</blockquote>
+
+<p> The intermediate setting: rewrite header addresses and append
+$<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> information only with mail from Postfix
+sendmail, from local clients, or from authorized SMTP clients. </p>
+
+<p> Note: this setting will not prevent remote mail header address
+rewriting when mail from a remote client is forwarded by a neighboring
+system. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+ <a href="postconf.5.html#check_address_map">check_address_map</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/pop-before-smtp
+</pre>
+</blockquote>
+
+
+</DD>
+
+<DT><b><a name="local_login_sender_maps">local_login_sender_maps</a>
+(default: <a href="DATABASE_README.html#types">static</a>:*)</b></DT><DD>
+
+<p> A list of lookup tables that are searched by the UNIX login name,
+and that return a list of allowed envelope sender patterns separated
+by space or comma. These sender patterns are enforced by the Postfix
+<a href="postdrop.1.html">postdrop(1)</a> command. The default is backwards-compatible:
+every user may specify any sender envelope address. </p>
+
+<p> When no UNIX login name is available, the <a href="postdrop.1.html">postdrop(1)</a> command will
+prepend "<b>uid:</b>" to the numerical UID and use that instead. </p>
+
+<p> This feature ignores address extensions in the user-specified
+envelope sender address. </p>
+
+<p> The following sender patterns are special; these cannot be used
+as part of a longer pattern. </p>
+
+<dl compact>
+
+<dt> <b> * </b> <dd> This pattern allows any envelope sender address.
+</dd>
+
+<dt> <b> &lt;&gt; </b> </dt> <dd> This pattern allows the empty
+envelope sender address. See the
+<a href="postconf.5.html#empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> configuration
+parameter. </dd>
+
+<dt> <b> @</b><i>domain</i> </dt> <dd> This pattern allows an
+envelope sender address when the '<b>@</b>' and <i>domain</i> part
+match. </dd>
+
+</dl>
+
+<p> Examples: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Allow root and postfix full control, anyone else can only
+ # send mail as themselves. Use "uid:" followed by the numerical
+ # UID when the UID has no entry in the UNIX password file.
+ <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> =
+ <a href="DATABASE_README.html#types">inline</a>:{ { root = * }, { postfix = * } },
+ <a href="pcre_table.5.html">pcre</a>:/etc/postfix/login_senders
+</pre>
+
+<pre>
+/etc/postfix/login_senders:
+ # Allow both the bare username and the user@domain forms.
+ /(.+)/ $1 $1@example.com
+</pre>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="local_recipient_maps">local_recipient_maps</a>
+(default: <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b></DT><DD>
+
+<p> Lookup tables with all names or addresses of local recipients:
+a recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>,
+$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. Specify @domain as a
+wild-card for domains that do not have a valid recipient list.
+Technically, tables listed with $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> are used as
+lists: Postfix needs to know only if a lookup string is found or
+not, but it does not use the result from table lookup. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+If this parameter is non-empty (the default), then the Postfix SMTP
+server will reject mail for unknown local users.
+</p>
+
+<p>
+To turn off local recipient checking in the Postfix SMTP server,
+specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty).
+</p>
+
+<p>
+The default setting assumes that you use the default Postfix local
+delivery agent for local delivery. You need to update the
+<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting if:
+</p>
+
+<ul>
+
+<li>You redefine the local delivery agent in <a href="master.5.html">master.cf</a>.
+
+<li>You redefine the "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>.
+
+<li>You use the "<a href="postconf.5.html#luser_relay">luser_relay</a>", "<a href="postconf.5.html#mailbox_transport">mailbox_transport</a>", or "<a href="postconf.5.html#fallback_transport">fallback_transport</a>"
+feature of the Postfix <a href="local.8.html">local(8)</a> delivery agent.
+
+</ul>
+
+<p>
+Details are described in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file.
+</p>
+
+<p>
+Beware: if the Postfix SMTP server runs chrooted, you need to access
+the passwd file via the <a href="proxymap.8.html">proxymap(8)</a> service, in order to overcome
+chroot access restrictions. The alternative, maintaining a copy of
+the system password file in the chroot jail is not practical.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+</pre>
+
+
+</DD>
+
+<DT><b><a name="local_transport">local_transport</a>
+(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p> The default mail delivery transport and next-hop destination
+for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for
+[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
+
+<p>
+By default, local mail is delivered to the transport called "local",
+which is just the name of a service that is defined the <a href="master.5.html">master.cf</a> file.
+</p>
+
+<p>
+Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
+is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
+The <i>:nexthop</i> destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+</p>
+
+<p>
+Beware: if you override the default local delivery agent then you
+need to review the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> document, otherwise the
+SMTP server may reject mail for local recipients.
+</p>
+
+
+</DD>
+
+<DT><b><a name="luser_relay">luser_relay</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional catch-all destination for unknown <a href="local.8.html">local(8)</a> recipients.
+By default, mail for unknown recipients in domains that match
+$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> is returned
+as undeliverable.
+</p>
+
+<p>
+The <a href="postconf.5.html#luser_relay">luser_relay</a> value is not subject to Postfix configuration
+parameter $name expansion. Instead, the following $name expansions
+are done:
+</p>
+
+<dl>
+
+<dt><b>$domain</b></dt>
+
+<dd>The recipient domain. </dd>
+
+<dt><b>$extension</b></dt>
+
+<dd>The recipient address extension. </dd>
+
+<dt><b>$home</b></dt>
+
+<dd>The recipient's home directory. </dd>
+
+<dt><b>$local</b></dt>
+
+<dd>The entire recipient address localpart. </dd>
+
+<dt><b>$recipient</b></dt>
+
+<dd>The full recipient address. </dd>
+
+<dt><b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b></dt>
+
+<dd>The address extension delimiter that was found in the recipient
+address (Postfix 2.11 and later), or the system-wide recipient
+address extension delimiter (Postfix 2.10 and earlier). </dd>
+
+<dt><b>$shell</b></dt>
+
+<dd>The recipient's login shell. </dd>
+
+<dt><b>$user</b></dt>
+
+<dd>The recipient username. </dd>
+
+<dt><b>${name?value}</b></dt>
+
+<dt><b>${name?{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is non-empty. </dd>
+
+<dt><b>${name:value}</b></dt>
+
+<dt><b>${name:{value}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value</i> when <i>$name</i> is empty. </dd>
+
+<dt><b>${name?{value1}:{value2}}</b> (Postfix &ge; 3.0)</dt>
+
+<dd>Expands to <i>value1</i> when <i>$name</i> is non-empty,
+<i>value2</i> otherwise. </dd>
+
+</dl>
+
+<p>
+Instead of $name you can also specify ${name} or $(name).
+</p>
+
+<p>
+Note: <a href="postconf.5.html#luser_relay">luser_relay</a> works only for the Postfix <a href="local.8.html">local(8)</a> delivery agent.
+</p>
+
+<p>
+Note: if you use this feature for accounts not in the UNIX password
+file, then you must specify "<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =" (i.e. empty)
+in the <a href="postconf.5.html">main.cf</a> file, otherwise the Postfix SMTP server will reject mail
+for non-UNIX accounts with "User unknown in local recipient table".
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#luser_relay">luser_relay</a> = $user@other.host
+<a href="postconf.5.html#luser_relay">luser_relay</a> = $local@other.host
+<a href="postconf.5.html#luser_relay">luser_relay</a> = admin+$local
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mail_name">mail_name</a>
+(default: Postfix)</b></DT><DD>
+
+<p>
+The mail system name that is displayed in Received: headers, in
+the SMTP greeting banner, and in bounced mail.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mail_owner">mail_owner</a>
+(default: postfix)</b></DT><DD>
+
+<p>
+The UNIX system account that owns the Postfix queue and most Postfix
+daemon processes. Specify the name of an unprivileged user account
+that does not share a user or group ID with other accounts, and that
+owns no other files
+or processes on the system. In particular, don't specify nobody
+or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
+</p>
+
+<p>
+When this parameter value is changed you need to re-run "<b>postfix
+set-permissions</b>" (with Postfix version 2.0 and earlier:
+"<b>/etc/postfix/post-install set-permissions</b>".
+</p>
+
+
+</DD>
+
+<DT><b><a name="mail_release_date">mail_release_date</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The Postfix release date, in "YYYYMMDD" format.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mail_spool_directory">mail_spool_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The directory where <a href="local.8.html">local(8)</a> UNIX-style mailboxes are kept. The
+default setting depends on the system type. Specify a name ending
+in / for maildir-style delivery.
+</p>
+
+<p>
+Note: maildir delivery is done with the privileges of the recipient.
+If you use the <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> setting for maildir style
+delivery, then you must create the top-level maildir directory in
+advance. Postfix will not create it.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/mail
+<a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> = /var/spool/mail
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mail_version">mail_version</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The version of the mail system. Stable releases are named
+<i>major</i>.<i>minor</i>.<i>patchlevel</i>. Experimental releases
+also include the release date. The version string can be used in,
+for example, the SMTP greeting banner.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mailbox_command">mailbox_command</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional external command that the <a href="local.8.html">local(8)</a> delivery agent should
+use for mailbox delivery. The command is run with the user ID and
+the primary group ID privileges of the recipient. Exception:
+command delivery for root executes with $<a href="postconf.5.html#default_privs">default_privs</a> privileges.
+This is not a problem, because 1) mail for root should always be
+aliased to a real user and 2) don't log in as root, use "su" instead.
+</p>
+
+<p>
+The following environment variables are exported to the command:
+</p>
+
+<dl>
+
+<dt><b>CLIENT_ADDRESS</b></dt>
+
+<dd>Remote client network address. Available in Postfix version 2.2 and
+later. </dd>
+
+<dt><b>CLIENT_HELO</b></dt>
+
+<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
+and later.</dd>
+
+<dt><b>CLIENT_HOSTNAME</b></dt>
+
+<dd>Remote client hostname. Available in Postfix version 2.2 and later.
+</dd>
+
+<dt><b>CLIENT_PROTOCOL</b></dt>
+
+<dd>Remote client protocol. Available in Postfix version 2.2 and later.
+</dd>
+
+<dt><b>DOMAIN</b></dt>
+
+<dd>The domain part of the recipient address. </dd>
+
+<dt><b>EXTENSION</b></dt>
+
+<dd>The optional address extension. </dd>
+
+<dt><b>HOME</b></dt>
+
+<dd>The recipient home directory. </dd>
+
+<dt><b>LOCAL</b></dt>
+
+<dd>The recipient address localpart. </dd>
+
+<dt><b>LOGNAME</b></dt>
+
+<dd>The recipient's username. </dd>
+
+<dt><b>ORIGINAL_RECIPIENT</b></dt>
+
+<dd>The entire recipient address, before any address rewriting or
+aliasing. </dd>
+
+<dt><b>RECIPIENT</b></dt>
+
+<dd>The full recipient address. </dd>
+
+<dt><b>SASL_METHOD</b></dt>
+
+<dd>SASL authentication method specified in the remote client AUTH
+command. Available in Postfix version 2.2 and later. </dd>
+
+<dt><b>SASL_SENDER</b></dt>
+
+<dd>SASL sender address specified in the remote client MAIL FROM
+command. Available in Postfix version 2.2 and later. </dd>
+
+<dt><b>SASL_USER</b></dt>
+
+<dd>SASL username specified in the remote client AUTH command.
+Available in Postfix version 2.2 and later. </dd>
+
+<dt><b>SENDER</b></dt>
+
+<dd>The full sender address. </dd>
+
+<dt><b>SHELL</b></dt>
+
+<dd>The recipient's login shell. </dd>
+
+<dt><b>USER</b></dt>
+
+<dd>The recipient username. </dd>
+
+</dl>
+
+<p>
+Unlike other Postfix configuration parameters, the <a href="postconf.5.html#mailbox_command">mailbox_command</a>
+parameter is not subjected to $name substitutions. This is to make
+it easier to specify shell syntax (see example below).
+</p>
+
+<p>
+If you can, avoid shell meta characters because they will force
+Postfix to run an expensive shell process. If you're delivering
+via "procmail" then running a shell won't make a noticeable difference
+in the total cost.
+</p>
+
+<p>
+Note: if you use the <a href="postconf.5.html#mailbox_command">mailbox_command</a> feature to deliver mail
+system-wide, you must set up an alias that forwards mail for root
+to a real user.
+</p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail
+<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/procmail -a "$EXTENSION"
+<a href="postconf.5.html#mailbox_command">mailbox_command</a> = /some/where/maildrop -d "$USER"
+ -f "$SENDER" "$EXTENSION"
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mailbox_command_maps">mailbox_command_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables with per-recipient external commands to use
+for <a href="local.8.html">local(8)</a> mailbox delivery. Behavior is as with <a href="postconf.5.html#mailbox_command">mailbox_command</a>.
+</p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mailbox_delivery_lock">mailbox_delivery_lock</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+How to lock a UNIX-style <a href="local.8.html">local(8)</a> mailbox before attempting delivery.
+For a list of available file locking methods, use the "<b>postconf
+-l</b>" command.
+</p>
+
+<p>
+This setting is ignored with <b>maildir</b> style delivery,
+because such deliveries are safe without explicit locks.
+</p>
+
+<p>
+Note: The <b>dotlock</b> method requires that the recipient UID or
+GID has write access to the parent directory of the mailbox file.
+</p>
+
+<p>
+Note: the default setting of this parameter is system dependent.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mailbox_size_limit">mailbox_size_limit</a>
+(default: 51200000)</b></DT><DD>
+
+<p> The maximal size of any <a href="local.8.html">local(8)</a> individual mailbox or maildir
+file, or zero (no limit). In fact, this limits the size of any
+file that is written to upon local delivery, including files written
+by external commands that are executed by the <a href="local.8.html">local(8)</a> delivery
+agent. The value cannot exceed LONG_MAX (typically, a 32-bit or
+64-bit signed integer).
+</p>
+
+<p>
+This limit must not be smaller than the message size limit.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mailbox_transport">mailbox_transport</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional message delivery transport that the <a href="local.8.html">local(8)</a> delivery
+agent should use for mailbox delivery to all local recipients,
+whether or not they are found in the UNIX passwd database.
+</p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="mailbox_transport_maps">mailbox_transport_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with per-recipient message delivery
+transports to use for <a href="local.8.html">local(8)</a> mailbox delivery, whether or not the
+recipients are found in the UNIX passwd database. </p>
+
+<p> The precedence of <a href="local.8.html">local(8)</a> delivery features from high to low
+is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+<a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>,
+<a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a> and <a href="postconf.5.html#luser_relay">luser_relay</a>. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="maillog_file">maillog_file</a>
+(default: empty)</b></DT><DD>
+
+<p> The name of an optional logfile that is written by the Postfix
+<a href="postlogd.8.html">postlogd(8)</a> service. An empty value selects logging to syslogd(8).
+Specify "/dev/stdout" to select logging to standard output. Stdout
+logging requires that Postfix is started with "postfix start-fg".
+</p>
+
+<p> Note 1: The <a href="postconf.5.html#maillog_file">maillog_file</a> parameter value must contain a prefix
+that is specified with the <a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> parameter. </p>
+
+<p> Note 2: Some Postfix non-daemon programs may still log information
+to syslogd(8), before they have processed their configuration
+parameters and command-line options. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="maillog_file_compressor">maillog_file_compressor</a>
+(default: gzip)</b></DT><DD>
+
+<p> The program to run after rotating $<a href="postconf.5.html#maillog_file">maillog_file</a> with "postfix
+logrotate". The command is run with the rotated logfile name as its
+first argument. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="maillog_file_prefixes">maillog_file_prefixes</a>
+(default: /var, /dev/stdout)</b></DT><DD>
+
+<p> A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value. This is a
+safety feature to contain the damage from a single configuration
+mistake. Specify one or more prefix strings, separated by comma or
+whitespace. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="maillog_file_rotate_suffix">maillog_file_rotate_suffix</a>
+(default: %Y%m%d-%H%M%S)</b></DT><DD>
+
+<p> The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotating
+the file with "postfix logrotate". See strftime(3) for syntax. The
+default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently.
+</p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="mailq_path">mailq_path</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Sendmail compatibility feature that specifies where the Postfix
+<a href="mailq.1.html">mailq(1)</a> command is installed. This command can be used to
+list the Postfix mail queue.
+</p>
+
+
+</DD>
+
+<DT><b><a name="manpage_directory">manpage_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Where the Postfix manual pages are installed.
+</p>
+
+
+</DD>
+
+<DT><b><a name="maps_rbl_domains">maps_rbl_domains</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Obsolete feature: use the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> feature instead.
+</p>
+
+
+</DD>
+
+<DT><b><a name="maps_rbl_reject_code">maps_rbl_reject_code</a>
+(default: 554)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
+<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
+<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="masquerade_classes">masquerade_classes</a>
+(default: envelope_sender, header_sender, header_recipient)</b></DT><DD>
+
+<p>
+What addresses are subject to address masquerading.
+</p>
+
+<p>
+By default, address masquerading is limited to envelope sender
+addresses, and to header sender and header recipient addresses.
+This allows you to use address masquerading on a mail gateway while
+still being able to forward mail to users on individual machines.
+</p>
+
+<p>
+Specify zero or more of: envelope_sender, envelope_recipient,
+header_sender, header_recipient
+</p>
+
+
+</DD>
+
+<DT><b><a name="masquerade_domains">masquerade_domains</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional list of domains whose subdomain structure will be stripped
+off in email addresses.
+</p>
+
+<p>
+The list is processed left to right, and processing stops at the
+first match. Thus,
+</p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = foo.example.com example.com
+</pre>
+</blockquote>
+
+<p>
+strips "user@any.thing.foo.example.com" to "user@foo.example.com",
+but strips "user@any.thing.else.example.com" to "user@example.com".
+</p>
+
+<p>
+A domain name prefixed with ! means do not masquerade this domain
+or its subdomains. Thus,
+</p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = !foo.example.com example.com
+</pre>
+</blockquote>
+
+<p>
+does not change "user@any.thing.foo.example.com" or "user@foo.example.com",
+but strips "user@any.thing.else.example.com" to "user@example.com".
+</p>
+
+<p> Note: with Postfix version 2.2, message header address masquerading
+happens only when message header address rewriting is enabled: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#masquerade_domains">masquerade_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="masquerade_exceptions">masquerade_exceptions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional list of user names that are not subjected to address
+masquerading, even when their addresses match $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
+</p>
+
+<p>
+By default, address masquerading makes no exceptions.
+</p>
+
+<p>
+Specify a list of user names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns,
+separated by commas and/or whitespace. The list is matched left to
+right, and the search stops on the first match. A "/file/name"
+pattern is replaced
+by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name
+matches a lookup key (the lookup result is ignored). Continue long
+lines by starting the next line with whitespace. Specify "!pattern"
+to exclude a name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root, mailer-daemon
+<a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> = root
+</pre>
+
+
+</DD>
+
+<DT><b><a name="master_service_disable">master_service_disable</a>
+(default: empty)</b></DT><DD>
+
+<p> Selectively disable <a href="master.8.html">master(8)</a> listener ports by service type
+or by service name and type. Specify a list of service types
+("inet", "unix", "fifo", or "pass") or "name/type" tuples, where
+"name" is the first field of a <a href="master.5.html">master.cf</a> entry and "type" is a
+service type. As with other Postfix matchlists, a search stops at
+the first match. Specify "!pattern" to exclude a service from the
+list. By default, all <a href="master.8.html">master(8)</a> listener ports are enabled. </p>
+
+<p> Note: this feature does not support "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
+patterns, nor does it support wildcards such as "*" or "all". This
+is intentional. </p>
+
+<p> Examples: </p>
+
+<pre>
+# With Postfix 2.6..2.10 use '.' instead of '/'.
+# Turn on all <a href="master.8.html">master(8)</a> listener ports (the default).
+<a href="postconf.5.html#master_service_disable">master_service_disable</a> =
+# Turn off only the main SMTP listener port.
+<a href="postconf.5.html#master_service_disable">master_service_disable</a> = smtp/inet
+# Turn off all TCP/IP listener ports.
+<a href="postconf.5.html#master_service_disable">master_service_disable</a> = inet
+# Turn off all TCP/IP listener ports except "foo".
+<a href="postconf.5.html#master_service_disable">master_service_disable</a> = !foo/inet, inet
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="max_idle">max_idle</a>
+(default: 100s)</b></DT><DD>
+
+<p>
+The maximum amount of time that an idle Postfix daemon process waits
+for an incoming connection before terminating voluntarily. This
+parameter
+is ignored by the Postfix queue manager and by other long-lived
+Postfix daemon processes.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="max_use">max_use</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The maximal number of incoming connections that a Postfix daemon
+process will service before terminating voluntarily. This parameter
+is ignored by the Postfix queue
+manager and by other long-lived Postfix daemon processes.
+</p>
+
+
+</DD>
+
+<DT><b><a name="maximal_backoff_time">maximal_backoff_time</a>
+(default: 4000s)</b></DT><DD>
+
+<p>
+The maximal time between attempts to deliver a deferred message.
+</p>
+
+<p> This parameter should be set to a value greater than or equal
+to $<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="maximal_queue_lifetime">maximal_queue_lifetime</a>
+(default: 5d)</b></DT><DD>
+
+<p>
+Consider a message as undeliverable, when delivery fails with a
+temporary error, and the time in the queue has reached the
+<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit.
+</p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p>
+Specify 0 when mail delivery should be tried only once.
+</p>
+
+
+</DD>
+
+<DT><b><a name="message_drop_headers">message_drop_headers</a>
+(default: bcc, content-length, resent-bcc, return-path)</b></DT><DD>
+
+<p> Names of message headers that the <a href="cleanup.8.html">cleanup(8)</a> daemon will remove
+after applying <a href="header_checks.5.html">header_checks(5)</a> and before invoking Milter applications.
+The default setting is compatible with Postfix &lt; 3.0. </p>
+
+<p> Specify a list of header names, separated by comma or space.
+Names are matched in a case-insensitive manner. The list of supported
+header names is limited only by available memory. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="message_reject_characters">message_reject_characters</a>
+(default: empty)</b></DT><DD>
+
+<p> The set of characters that Postfix will reject in message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Note 1: this feature does not recognize text that requires MIME
+decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a>
+and <a href="postconf.5.html#body_checks">body_checks</a>. </p>
+
+<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a>
+= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="message_size_limit">message_size_limit</a>
+(default: 10240000)</b></DT><DD>
+
+<p>
+The maximal size in bytes of a message, including envelope information.
+The value cannot exceed LONG_MAX (typically, a 32-bit or 64-bit
+signed integer).
+</p>
+
+<p> Note: be careful when making changes. Excessively small values
+will result in the loss of non-delivery notifications, when a bounce
+message size exceeds the local or remote MTA's message size limit.
+</p>
+
+
+</DD>
+
+<DT><b><a name="message_strip_characters">message_strip_characters</a>
+(default: empty)</b></DT><DD>
+
+<p> The set of characters that Postfix will remove from message
+content. The usual C-like escape sequences are recognized: <tt>\a
+\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
+<tt>\\</tt>. </p>
+
+<p> Note 1: this feature does not recognize text that requires MIME
+decoding. It inspects raw message content, just like <a href="postconf.5.html#header_checks">header_checks</a>
+and <a href="postconf.5.html#body_checks">body_checks</a>. </p>
+
+<p> Note 2: this feature is disabled with "<a href="postconf.5.html#receive_override_options">receive_override_options</a>
+= <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>". </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="meta_directory">meta_directory</a>
+(default: see 'postconf -d' output)</b></DT><DD>
+
+<p> The location of non-executable files that are shared among
+multiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">master.cf</a>.proto.
+This directory should contain only Postfix-related files. Typically,
+the <a href="postconf.5.html#meta_directory">meta_directory</a> parameter has the same default as the <a href="postconf.5.html#config_directory">config_directory</a>
+parameter (/etc/postfix or /usr/local/etc/postfix). </p>
+
+<p> For backwards compatibility with Postfix versions 2.6..2.11,
+specify "<a href="postconf.5.html#meta_directory">meta_directory</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>" in <a href="postconf.5.html">main.cf</a> before
+installing or upgrading Postfix, or specify "<a href="postconf.5.html#meta_directory">meta_directory</a> =
+/path/name" on the "make makefiles", "make install" or "make upgrade"
+command line. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_command_timeout">milter_command_timeout</a>
+(default: 30s)</b></DT><DD>
+
+<p> The time limit for sending an SMTP command to a Milter (mail
+filter) application, and for receiving the response. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_connect_macros">milter_connect_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after completion of an SMTP connection. See <a href="MILTER_README.html">MILTER_README</a>
+for a list of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_connect_timeout">milter_connect_timeout</a>
+(default: 30s)</b></DT><DD>
+
+<p> The time limit for connecting to a Milter (mail filter)
+application, and for negotiating protocol options. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_content_timeout">milter_content_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p> The time limit for sending message content to a Milter (mail
+filter) application, and for receiving the response. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_data_macros">milter_data_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to version 4 or higher Milter (mail
+filter) applications after the SMTP DATA command. See <a href="MILTER_README.html">MILTER_README</a>
+for a list of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_default_action">milter_default_action</a>
+(default: tempfail)</b></DT><DD>
+
+<p> The default action when a Milter (mail filter) response is
+unavailable (for example, bad Postfix configuration or Milter
+failure). Specify one of the following: </p>
+
+<dl compact>
+
+<dt>accept</dt> <dd>Proceed as if the mail filter was not present.
+</dd>
+
+<dt>reject</dt> <dd>Reject all further commands in this session
+with a permanent status code.</dd>
+
+<dt>tempfail</dt> <dd>Reject all further commands in this session
+with a temporary status code. </dd>
+
+<dt>quarantine</dt> <dd>Like "accept", but freeze the message in
+the "<a href="QSHAPE_README.html#hold_queue">hold" queue</a>. Available with Postfix 2.6 and later. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_end_of_data_macros">milter_end_of_data_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after the message end-of-data. See <a href="MILTER_README.html">MILTER_README</a> for a list of
+available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_end_of_header_macros">milter_end_of_header_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after the end of the message header. See <a href="MILTER_README.html">MILTER_README</a> for a list
+of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_header_checks">milter_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables for content inspection of message headers
+that are produced by Milter applications. See the <a href="header_checks.5.html">header_checks(5)</a>
+manual page available actions. Currently, PREPEND is not implemented.
+</p>
+
+<p> The following example sends all mail that is marked as SPAM to
+a spam handling machine. Note that matches are case-insensitive
+by default. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>
+</pre>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html#milter_header_checks">milter_header_checks</a>:
+ /^X-SPAM-FLAG:\s+YES/ FILTER mysmtp:sanitizer.example.com:25
+</pre>
+
+<p> The <a href="postconf.5.html#milter_header_checks">milter_header_checks</a> mechanism could also be used for
+allowlisting. For example it could be used to skip heavy content
+inspection for DKIM-signed mail from known friendly domains. </p>
+
+<p> This feature is available in Postfix 2.7, and as an optional
+patch for Postfix 2.6. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_helo_macros">milter_helo_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after the SMTP HELO or EHLO command. See
+<a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their meanings.
+</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_macro_daemon_name">milter_macro_daemon_name</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p> The {daemon_name} macro value for Milter (mail filter) applications.
+See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their
+meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_macro_defaults">milter_macro_defaults</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional list of <i>name=value</i> pairs that specify default
+values for arbitrary macros that Postfix may send to Milter
+applications. These defaults are used when there is no corresponding
+information from the message delivery context. </p>
+
+<p> Specify <i>name=value</i> or <i>{name=value}</i> pairs separated
+by comma or whitespace. Enclose a pair in "{}" when a value contains
+comma or whitespace (this form ignores whitespace after the enclosing
+"{", around the "=", and before the enclosing "}"). </p>
+
+<p> This feature is available in Postfix 3.1 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_macro_v">milter_macro_v</a>
+(default: $<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b></DT><DD>
+
+<p> The {v} macro value for Milter (mail filter) applications.
+See <a href="MILTER_README.html">MILTER_README</a> for a list of available macro names and their
+meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_mail_macros">milter_mail_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after the SMTP MAIL FROM command. See <a href="MILTER_README.html">MILTER_README</a>
+for a list of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_protocol">milter_protocol</a>
+(default: 6)</b></DT><DD>
+
+<p> The mail filter protocol version and optional protocol extensions
+for communication with a Milter application; prior to Postfix 2.6
+the default protocol is 2. Postfix
+sends this version number during the initial protocol handshake.
+It should match the version number that is expected by the mail
+filter application (or by its Milter library). </p>
+
+<p>Protocol versions: </p>
+
+<dl compact>
+
+<dt>2</dt> <dd>Use Sendmail 8 mail filter protocol version 2 (default
+with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 ..
+2.5).</dd>
+
+<dt>3</dt> <dd>Use Sendmail 8 mail filter protocol version 3.</dd>
+
+<dt>4</dt> <dd>Use Sendmail 8 mail filter protocol version 4.</dd>
+
+<dt>6</dt> <dd>Use Sendmail 8 mail filter protocol version 6 (default
+with Sendmail version 8.14 and Postfix version 2.6).</dd>
+
+</dl>
+
+<p>Protocol extensions: </p>
+
+<dl compact>
+
+<dt>no_header_reply</dt> <dd> Specify this when the Milter application
+will not reply for each individual message header.</dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_rcpt_macros">milter_rcpt_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to Milter (mail filter) applications
+after the SMTP RCPT TO command. See <a href="MILTER_README.html">MILTER_README</a>
+for a list of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="milter_unknown_command_macros">milter_unknown_command_macros</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The macros that are sent to version 3 or higher Milter (mail
+filter) applications after an unknown SMTP command. See <a href="MILTER_README.html">MILTER_README</a>
+for a list of available macro names and their meanings. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a>
+(default: 2048)</b></DT><DD>
+
+<p>
+The maximal length of MIME multipart boundary strings. The MIME
+processor is unable to distinguish between boundary strings that
+do not differ in the first $<a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> characters.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mime_header_checks">mime_header_checks</a>
+(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD>
+
+<p>
+Optional lookup tables for content inspection of MIME related
+message headers, as described in the <a href="header_checks.5.html">header_checks(5)</a> manual page.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mime_nesting_limit">mime_nesting_limit</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The maximal recursion level that the MIME processor will handle.
+Postfix refuses mail that is nested deeper than the specified limit.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
+
+<p>
+This parameter also limits the time an unreachable destination is
+kept in the short-term, in-memory, destination status cache.
+</p>
+
+<p> This parameter should be set greater than or equal to
+$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="multi_instance_directories">multi_instance_directories</a>
+(default: empty)</b></DT><DD>
+
+<p> An optional list of non-default Postfix configuration directories;
+these directories belong to additional Postfix instances that share
+the Postfix executable files and documentation with the default
+Postfix instance, and that are started, stopped, etc., together
+with the default Postfix instance. Specify a list of pathnames
+separated by comma or whitespace. </p>
+
+<p> When $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is empty, the <a href="postfix.1.html">postfix(1)</a> command
+runs in single-instance mode and operates on a single Postfix
+instance only. Otherwise, the <a href="postfix.1.html">postfix(1)</a> command runs in multi-instance
+mode and invokes the multi-instance manager specified with the
+<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter. The multi-instance manager in
+turn executes <a href="postfix.1.html">postfix(1)</a> commands for the default instance and for
+all Postfix instances in $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>. </p>
+
+<p> Currently, this parameter setting is ignored except for the
+default <a href="postconf.5.html">main.cf</a> file. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="multi_instance_enable">multi_instance_enable</a>
+(default: no)</b></DT><DD>
+
+<p> Allow this Postfix instance to be started, stopped, etc., by a
+multi-instance manager. By default, new instances are created in
+a safe state that prevents them from being started inadvertently.
+This parameter is reserved for the multi-instance manager. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="multi_instance_group">multi_instance_group</a>
+(default: empty)</b></DT><DD>
+
+<p> The optional instance group name of this Postfix instance. A
+group identifies closely-related Postfix instances that the
+multi-instance manager can start, stop, etc., as a unit. This
+parameter is reserved for the multi-instance manager. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="multi_instance_name">multi_instance_name</a>
+(default: empty)</b></DT><DD>
+
+<p> The optional instance name of this Postfix instance. This name
+becomes also the default value for the <a href="postconf.5.html#syslog_name">syslog_name</a> parameter. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="multi_instance_wrapper">multi_instance_wrapper</a>
+(default: empty)</b></DT><DD>
+
+<p> The pathname of a multi-instance manager command that the
+<a href="postfix.1.html">postfix(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+parameter value is non-empty. The pathname may be followed by
+initial command arguments separated by whitespace; shell
+metacharacters such as quotes are not supported in this context.
+</p>
+
+<p> The <a href="postfix.1.html">postfix(1)</a> command invokes the manager command with the
+<a href="postfix.1.html">postfix(1)</a> non-option command arguments on the manager command line,
+and with all installation configuration parameters exported into
+the manager command process environment. The manager command in
+turn invokes the <a href="postfix.1.html">postfix(1)</a> command for individual Postfix instances
+as "postfix -c <i><a href="postconf.5.html#config_directory">config_directory</a></i> <i>command</i>". </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a>
+restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="mydestination">mydestination</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b></DT><DD>
+
+<p> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+mail delivery transport. By default this is the Postfix <a href="local.8.html">local(8)</a>
+delivery agent which looks up all recipients in /etc/passwd and
+/etc/aliases. The SMTP server validates recipient addresses with
+$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> and rejects non-existent recipients. See also
+the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file.
+</p>
+
+<p>
+The default <a href="postconf.5.html#mydestination">mydestination</a> value specifies names for the local
+machine only. On a mail domain gateway, you should also include
+$<a href="postconf.5.html#mydomain">mydomain</a>.
+</p>
+
+<p>
+The $<a href="postconf.5.html#local_transport">local_transport</a> delivery method is also selected for mail
+addressed to user@[the.net.work.address] of the mail system (the
+IP addresses specified with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> and <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>
+parameters).
+</p>
+
+<p>
+Warnings:
+</p>
+
+<ul>
+
+<li><p>Do not specify the names of virtual domains - those domains
+are specified elsewhere. See <a href="VIRTUAL_README.html">VIRTUAL_README</a> for more information. </p>
+
+<li><p>Do not specify the names of domains that this machine is
+backup MX host for. See <a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> for how to
+set up backup MX hosts. </p>
+
+<li><p>By default, the Postfix SMTP server rejects mail for recipients
+not listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter. See the
+<a href="postconf.5.html">postconf(5)</a> manual for a description of the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
+and <a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> parameters. </p>
+
+</ul>
+
+<p>
+Specify a list of host or domain names, "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
+patterns, separated by commas and/or whitespace. A "/file/name"
+pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
+is matched when a name matches a lookup key (the lookup result is
+ignored). Continue long lines by starting the next line with
+whitespace. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> $<a href="postconf.5.html#mydomain">mydomain</a>
+<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a> www.$<a href="postconf.5.html#mydomain">mydomain</a>, ftp.$<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mydomain">mydomain</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The internet domain name of this mail system. The default is to
+use $<a href="postconf.5.html#myhostname">myhostname</a> minus the first component, or "localdomain" (Postfix
+2.3 and later). $<a href="postconf.5.html#mydomain">mydomain</a> is used as
+a default value for many other configuration parameters.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#mydomain">mydomain</a> = domain.tld
+</pre>
+
+
+</DD>
+
+<DT><b><a name="myhostname">myhostname</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The internet hostname of this mail system. The default is to use
+the fully-qualified domain name (FQDN) from gethostname(), or to
+use the non-FQDN result from gethostname() and append ".$<a href="postconf.5.html#mydomain">mydomain</a>".
+$<a href="postconf.5.html#myhostname">myhostname</a> is used as a default value for many other configuration
+parameters. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#myhostname">myhostname</a> = host.example.com
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mynetworks">mynetworks</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The list of "trusted" remote SMTP clients that have more privileges than
+"strangers".
+</p>
+
+<p>
+In particular, "trusted" SMTP clients are allowed to relay mail
+through Postfix. See the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> parameter
+description in the <a href="postconf.5.html">postconf(5)</a> manual.
+</p>
+
+<p>
+You can specify the list of "trusted" network addresses by hand
+or you can let Postfix do it for you (which is the default).
+See the description of the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> parameter for more
+information.
+</p>
+
+<p>
+If you specify the <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand,
+Postfix ignores the <a href="postconf.5.html#mynetworks_style">mynetworks_style</a> setting.
+</p>
+
+<p> Specify a list of network addresses or network/netmask patterns,
+separated by commas and/or whitespace. Continue long lines by
+starting the next line with whitespace. </p>
+
+<p> The netmask specifies the number of bits in the network part
+of a host address. You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>"
+patterns. A "/file/name" pattern is replaced by its contents; a
+"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry matches a
+lookup string (the lookup result is ignored). </p>
+
+<p> The list is matched left to right, and the search stops on the
+first match. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only
+in Postfix version 2.4 and later. </p>
+
+<p> Note 1: Pattern matching of domain names is controlled by the
+presence or absence of "<a href="postconf.5.html#mynetworks">mynetworks</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+parameter value. </p>
+
+<p> Note 2: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with
+"/file/name". IP version 6 addresses contain the ":" character,
+and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p>
+
+<p> Note 3: CIDR ranges cannot be specified in hash tables. Use cidr
+tables if CIDR ranges are used. </p>
+
+<p> Examples: </p>
+
+<pre>
+<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28
+<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28
+<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64
+<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks
+<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/network_table
+<a href="postconf.5.html#mynetworks">mynetworks</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/network_table.cidr
+</pre>
+
+
+</DD>
+
+<DT><b><a name="mynetworks_style">mynetworks_style</a>
+(default: Postfix &ge; 3.0: host, Postfix &lt; 3.0: subnet)</b></DT><DD>
+
+<p>
+The method to generate the default value for the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter.
+This is the list of trusted networks for relay access control etc.
+</p>
+
+<ul>
+
+<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = host" when Postfix should
+"trust" only the local machine. </p>
+
+<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet" when Postfix
+should "trust" remote SMTP clients in the same IP subnetworks as the local
+machine. On Linux, this works correctly only with interfaces
+specified with the "ifconfig" or "ip" command. </p>
+
+<li><p>Specify "<a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class" when Postfix should
+"trust" remote SMTP clients in the same IP class A/B/C networks as the
+local machine. Caution: this may cause
+Postfix to "trust" your entire provider's network. Instead, specify
+an explicit <a href="postconf.5.html#mynetworks">mynetworks</a> list by hand, as described with the <a href="postconf.5.html#mynetworks">mynetworks</a>
+configuration parameter. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="myorigin">myorigin</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p>
+The domain name that locally-posted mail appears to come
+from, and that locally posted mail is delivered to. The default,
+$<a href="postconf.5.html#myhostname">myhostname</a>, is adequate for small sites. If you run a domain with
+multiple machines, you should (1) change this to $<a href="postconf.5.html#mydomain">mydomain</a> and (2)
+set up a domain-wide alias database that aliases each user to
+user@that.users.mailhost.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="nested_header_checks">nested_header_checks</a>
+(default: $<a href="postconf.5.html#header_checks">header_checks</a>)</b></DT><DD>
+
+<p>
+Optional lookup tables for content inspection of non-MIME message
+headers in attached messages, as described in the <a href="header_checks.5.html">header_checks(5)</a>
+manual page.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="newaliases_path">newaliases_path</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Sendmail compatibility feature that specifies the location of the
+<a href="newaliases.1.html">newaliases(1)</a> command. This command can be used to rebuild the
+<a href="local.8.html">local(8)</a> <a href="aliases.5.html">aliases(5)</a> database.
+</p>
+
+
+</DD>
+
+<DT><b><a name="non_fqdn_reject_code">non_fqdn_reject_code</a>
+(default: 504)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server reply code when a client request
+is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a>
+or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
+</p>
+
+
+</DD>
+
+<DT><b><a name="non_smtpd_milters">non_smtpd_milters</a>
+(default: empty)</b></DT><DD>
+
+<p> A list of Milter (mail filter) applications for new mail that
+does not arrive via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. This includes local
+submission via the <a href="sendmail.1.html">sendmail(1)</a> command line, new mail that arrives
+via the Postfix <a href="qmqpd.8.html">qmqpd(8)</a> server, and old mail that is re-injected
+into the queue with "postsuper -r". Specify space or comma as a
+separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="notify_classes">notify_classes</a>
+(default: resource, software)</b></DT><DD>
+
+<p>
+The list of error classes that are reported to the postmaster. These
+postmaster notifications do not replace user notifications. The
+default is to report only the most serious problems. The paranoid
+may wish to turn on the policy (UCE and mail relaying) and protocol
+error (broken mail software) reports.
+</p>
+
+<p> NOTE: postmaster notifications may contain confidential information
+such as SASL passwords or message content. It is the system
+administrator's responsibility to treat such information with care.
+</p>
+
+<p>
+The error classes are:
+</p>
+
+<dl>
+
+<dt><b>bounce</b> (also implies <b>2bounce</b>)</dt>
+
+<dd>Send the postmaster copies of the headers of bounced mail, and
+send transcripts of SMTP sessions when Postfix rejects mail. The
+notification is sent to the address specified with the
+<a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> configuration parameter (default: postmaster).
+</dd>
+
+<dt><b>2bounce</b></dt>
+
+<dd>Send undeliverable bounced mail to the postmaster. The notification
+is sent to the address specified with the <a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a>
+configuration parameter (default: postmaster). </dd>
+
+<dt><b>data</b></dt>
+
+<dd>Send the postmaster a transcript of the SMTP session with an
+error because a critical data file was unavailable. The notification
+is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a>
+configuration parameter (default: postmaster). <br> This feature
+is available in Postfix 2.9 and later. </dd>
+
+<dt><b>delay</b></dt>
+
+<dd>Send the postmaster copies of the headers of delayed mail (see
+<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>). The
+notification is sent to the address specified with the
+<a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> configuration parameter (default: postmaster).
+</dd>
+
+<dt><b>policy</b></dt>
+
+<dd>Send the postmaster a transcript of the SMTP session when a
+client request was rejected because of (UCE) policy. The notification
+is sent to the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a>
+configuration parameter (default: postmaster). </dd>
+
+<dt><b>protocol</b></dt>
+
+<dd>Send the postmaster a transcript of the SMTP session in case
+of client or server protocol errors. The notification is sent to
+the address specified with the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration
+parameter (default: postmaster). </dd>
+
+<dt><b>resource</b></dt>
+
+<dd>Inform the postmaster of mail not delivered due to resource
+problems. The notification is sent to the address specified with
+the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default:
+postmaster). </dd>
+
+<dt><b>software</b></dt>
+
+<dd>Inform the postmaster of mail not delivered due to software
+problems. The notification is sent to the address specified with
+the <a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> configuration parameter (default:
+postmaster). </dd>
+
+</dl>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#notify_classes">notify_classes</a> = bounce, delay, policy, protocol, resource, software
+<a href="postconf.5.html#notify_classes">notify_classes</a> = 2bounce, resource, software
+</pre>
+
+
+</DD>
+
+<DT><b><a name="openssl_path">openssl_path</a>
+(default: openssl)</b></DT><DD>
+
+<p>
+The location of the OpenSSL command line program openssl(1). This
+is used by the "<b><a href="postfix-tls.1.html">postfix tls</a></b>" command to create private keys,
+certificate signing requests, self-signed certificates, and to
+compute public key digests for DANE TLSA records. In multi-instance
+environments, this parameter is always determined from the configuration
+of the default Postfix instance.
+</p>
+
+<p> Example: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # NetBSD pkgsrc:
+ <a href="postconf.5.html#openssl_path">openssl_path</a> = /usr/pkg/bin/openssl
+ # Local build:
+ <a href="postconf.5.html#openssl_path">openssl_path</a> = /usr/local/bin/openssl
+</pre>
+</blockquote>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="owner_request_special">owner_request_special</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Enable special treatment for owner-<i>listname</i> entries in the
+<a href="aliases.5.html">aliases(5)</a> file, and don't split owner-<i>listname</i> and
+<i>listname</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>
+is set to "-". This feature is useful for mailing lists.
+</p>
+
+
+</DD>
+
+<DT><b><a name="parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+A list of Postfix features where the pattern "example.com" also
+matches subdomains of example.com,
+instead of requiring an explicit ".example.com" pattern. This is
+planned backwards compatibility: eventually, all Postfix features
+are expected to require explicit ".example.com" style patterns when
+you really want to match subdomains.
+</p>
+
+<p> The following Postfix feature names are supported. </p>
+
+<dl>
+
+<dt> Postfix version 1.0 and later</dt>
+
+<dd>
+<a href="postconf.5.html#debug_peer_list">debug_peer_list</a>,
+<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>,
+<a href="postconf.5.html#mynetworks">mynetworks</a>,
+<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>,
+<a href="postconf.5.html#relay_domains">relay_domains</a>,
+<a href="postconf.5.html#transport_maps">transport_maps</a>
+</dd>
+
+<dt> Postfix version 1.1 and later</dt>
+
+<dd>
+<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a>,
+<a href="SMTPD_ACCESS_README.html">smtpd_access_maps</a>,
+</dd>
+
+<dt> Postfix version 2.8 and later </dt>
+
+<dd>
+<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a>
+</dd>
+
+<dt> Postfix version 3.0 and later </dt>
+
+<dd>
+<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
+</dd>
+
+</dl>
+
+
+</DD>
+
+<DT><b><a name="permit_mx_backup_networks">permit_mx_backup_networks</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+only domains whose primary MX hosts match the listed networks.
+The parameter value syntax is the same as with the <a href="postconf.5.html#mynetworks">mynetworks</a>
+parameter; note, however, that the default value is empty. </p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>" in the
+<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </p>
+
+
+</DD>
+
+<DT><b><a name="pickup_service_name">pickup_service_name</a>
+(default: pickup)</b></DT><DD>
+
+<p>
+The name of the <a href="pickup.8.html">pickup(8)</a> service. This service picks up local mail
+submissions from the Postfix <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="pipe_delivery_status_filter">pipe_delivery_status_filter</a>
+(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD>
+
+<p> Optional filter for the <a href="pipe.8.html">pipe(8)</a> delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="plaintext_reject_code">plaintext_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a request
+is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
+</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postlog_service_name">postlog_service_name</a>
+(default: postlog)</b></DT><DD>
+
+<p> The name of the <a href="postlogd.8.html">postlogd(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+This service appends logfile records to the file specified
+with the <a href="postconf.5.html#maillog_file">maillog_file</a> parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postlogd_watchdog_timeout">postlogd_watchdog_timeout</a>
+(default: 10s)</b></DT><DD>
+
+<p> How much time a <a href="postlogd.8.html">postlogd(8)</a> process may take to process a request
+before it is terminated by a built-in watchdog timer. This is a
+safety mechanism that prevents <a href="postlogd.8.html">postlogd(8)</a> from becoming non-responsive
+due to a bug in Postfix itself or in system software. This limit
+cannot be set under 10s. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postmulti_control_commands">postmulti_control_commands</a>
+(default: reload flush)</b></DT><DD>
+
+<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager
+treats as "control" commands, that operate on running instances. For
+these commands, disabled instances are skipped. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postmulti_start_commands">postmulti_start_commands</a>
+(default: start)</b></DT><DD>
+
+<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats
+as "start" commands. For these commands, disabled instances are "checked"
+rather than "started", and failure to "start" a member instance of an
+instance group will abort the start-up of later instances. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postmulti_stop_commands">postmulti_stop_commands</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The <a href="postfix.1.html">postfix(1)</a> commands that the <a href="postmulti.1.html">postmulti(1)</a> instance manager treats
+as "stop" commands. For these commands, disabled instances are skipped,
+and enabled instances are processed in reverse order. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_access_list">postscreen_access_list</a>
+(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b></DT><DD>
+
+<p> Permanent allow/denylist for remote SMTP client IP addresses.
+<a href="postscreen.8.html">postscreen(8)</a> searches this list immediately after a remote SMTP
+client connects. Specify a comma- or whitespace-separated list of
+commands (in upper or lower case) or lookup tables. The search stops
+upon the first command that fires for the client IP address. </p>
+
+<dl>
+
+<dt> <b> <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> </b> </dt> <dd> Allowlist the client and
+terminate the search if the client IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+Do not subject the client to any before/after 220 greeting tests.
+Pass the connection immediately to a Postfix SMTP server process.
+<br> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a>" in the
+<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </dd>
+
+<dt> <b> <a href="DATABASE_README.html">type:table</a> </b> </dt> <dd> Query the specified lookup
+table. Each table lookup result is an access list, except that
+access lists inside a table cannot specify <a href="DATABASE_README.html">type:table</a> entries. <br>
+To discourage the use of hash, btree, etc. tables, there is no
+support for substring matching like <a href="smtpd.8.html">smtpd(8)</a>. Use CIDR tables
+instead. </dd>
+
+<dt> <b> permit </b> </dt> <dd> Allowlist the client and terminate
+the search. Do not subject the client to any before/after 220
+greeting tests. Pass the connection immediately to a Postfix SMTP
+server process. </dd>
+
+<dt> <b> reject </b> </dt> <dd> Denylist the client and terminate
+the search. Subject the client to the action configured with the
+<a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> configuration parameter. </dd>
+
+<dt> <b> dunno </b> </dt> <dd> All <a href="postscreen.8.html">postscreen(8)</a> access lists
+implicitly have this command at the end. <br> When <b> dunno </b>
+is executed inside a lookup table, return from the lookup table and
+evaluate the next command. <br> When <b> dunno </b> is executed
+outside a lookup table, terminate the search, and subject the client
+to the configured before/after 220 greeting tests. </dd>
+
+</dl>
+
+<p> Example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+ # Postfix &lt; 3.6 use <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a>.
+ <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> = enforce
+</pre>
+
+<pre>
+/etc/postfix/postscreen_access.<a href="cidr_table.5.html">cidr</a>:
+ # Rules are evaluated in the order as specified.
+ # Denylist 192.168.* except 192.168.0.1.
+ 192.168.0.1 dunno
+ 192.168.0.0/16 reject
+</pre>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a>
+(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD>
+
+<p> A list of local <a href="postscreen.8.html">postscreen(8)</a> server IP addresses where a
+non-allowlisted remote SMTP client can obtain <a href="postscreen.8.html">postscreen(8)</a>'s temporary
+allowlist status. This status is required before the client can
+talk to a Postfix SMTP server process. By default, a client can
+obtain <a href="postscreen.8.html">postscreen(8)</a>'s allowlist status on any local <a href="postscreen.8.html">postscreen(8)</a>
+server IP address. </p>
+
+<p> When <a href="postscreen.8.html">postscreen(8)</a> listens on both primary and backup MX
+addresses, the <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> parameter can be
+configured to give the temporary allowlist status only when a client
+connects to a primary MX address. Once a client is allowlisted it
+can talk to a Postfix SMTP server on any address. Thus, clients
+that connect only to backup MX addresses will never become allowlisted,
+and will never be allowed to talk to a Postfix SMTP server process.
+</p>
+
+<p> Specify a list of network addresses or network/netmask patterns,
+separated by commas and/or whitespace. The netmask specifies the
+number of bits in the network part of a host address. Continue long
+lines by starting the next line with whitespace. </p>
+
+<p> You can also specify "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A
+"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
+lookup table is matched when a table entry matches a lookup string
+(the lookup result is ignored). </p>
+
+<p> The list is matched left to right, and the search stops on the
+first match. Specify "!pattern" to exclude an address or network
+block from the list. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+[] in the <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> value, and in files
+specified with "/file/name". IP version 6 addresses contain the
+":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+<p> Example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Don't allowlist connections to the backup IP address.
+ # Postfix &lt; 3.6 use <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a>.
+ <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> = !168.100.189.8, <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+<p> Available as <a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> in Postfix 2.9 - 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_bare_newline_action">postscreen_bare_newline_action</a>
+(default: ignore)</b></DT><DD>
+
+<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends
+a bare newline character, that is, a newline not preceded by carriage
+return. Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Do <i>not</i> repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_bare_newline_enable">postscreen_bare_newline_enable</a>
+(default: no)</b></DT><DD>
+
+<p> Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a>
+server. These tests are expensive: a remote SMTP client must
+disconnect after
+it passes the test, before it can talk to a real Postfix SMTP server.
+</p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a>
+(default: 30d)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
+a successful "bare newline" SMTP protocol test. During this
+time, the client IP address is excluded from this test. The default
+is long because a remote SMTP client must disconnect after it passes
+the test,
+before it can talk to a real Postfix SMTP server. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_blacklist_action">postscreen_blacklist_action</a>
+(default: ignore)</b></DT><DD>
+
+<p> Renamed to <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> in Postfix 3.6. </p>
+
+<p> This feature is available in Postfix 2.8 - 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a>
+(default: 12h)</b></DT><DD>
+
+<p> The amount of time between <a href="postscreen.8.html">postscreen(8)</a> cache cleanup runs.
+Cache cleanup increases the load on the cache database and should
+therefore not be run frequently. This feature requires that the
+cache database supports the "delete" and "sequence" operators.
+Specify a zero interval to disable cache cleanup. </p>
+
+<p> After each cache cleanup run, the <a href="postscreen.8.html">postscreen(8)</a> daemon logs the
+number of entries that were retained and dropped. A cleanup run is
+logged as "partial" when the daemon terminates early after "<b>postfix
+reload</b>", "<b>postfix stop</b>", or no requests for $<a href="postconf.5.html#max_idle">max_idle</a>
+seconds. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a>
+(default: <a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD>
+
+<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p>
+
+<p> To share a <a href="postscreen.8.html">postscreen(8)</a> cache between multiple <a href="postscreen.8.html">postscreen(8)</a>
+instances, use "<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/path/to/file".
+This requires Postfix version 2.9 or later; earlier <a href="proxymap.8.html">proxymap(8)</a>
+implementations don't support cache cleanup. For an alternative
+approach see the <a href="memcache_table.5.html">memcache_table(5)</a> manpage. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_cache_retention_time">postscreen_cache_retention_time</a>
+(default: 7d)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will cache an expired
+temporary allowlist entry before it is removed. This prevents clients
+from being logged as "NEW" just because their cache entry expired
+an hour ago. It also prevents the cache from filling up with clients
+that passed some deep protocol test once and never came back. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a>
+(default: $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b></DT><DD>
+
+<p> How many simultaneous connections any remote SMTP client is
+allowed to have
+with the <a href="postscreen.8.html">postscreen(8)</a> daemon. By default, this limit is the same
+as with the Postfix SMTP server. Note that the triage process can
+take several seconds, with the time spent in <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
+delay, and with the time spent talking to the <a href="postscreen.8.html">postscreen(8)</a> built-in
+dummy SMTP protocol engine. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_command_count_limit">postscreen_command_count_limit</a>
+(default: 20)</b></DT><DD>
+
+<p> The limit on the total number of commands per SMTP session for
+<a href="postscreen.8.html">postscreen(8)</a>'s built-in SMTP protocol engine. This SMTP engine
+defers or rejects all attempts to deliver mail, therefore there is
+no need to enforce separate limits on the number of junk commands
+and error commands. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_command_filter">postscreen_command_filter</a>
+(default: $<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b></DT><DD>
+
+<p> A mechanism to transform commands from remote SMTP clients.
+See <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_command_time_limit">postscreen_command_time_limit</a>
+(default: normal: 300s, overload: 10s)</b></DT><DD>
+
+<p> The time limit to read an entire command line with <a href="postscreen.8.html">postscreen(8)</a>'s
+built-in SMTP protocol engine. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_denylist_action">postscreen_denylist_action</a>
+(default: ignore)</b></DT><DD>
+
+<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client is
+permanently denylisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
+Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default) </dt>
+
+<dd> Ignore this result. Allow other tests to complete. Repeat
+this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+<p> Available as <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> in Postfix 2.8 - 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a>
+(default: $<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b></DT><DD>
+
+<p> Disable the SMTP VRFY command in the <a href="postscreen.8.html">postscreen(8)</a> daemon. See
+<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> for details. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a>
+(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO response
+to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details.
+The table is not searched by hostname for robustness reasons. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a>
+(default: $<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b></DT><DD>
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the <a href="postscreen.8.html">postscreen(8)</a> server will not send in the EHLO
+response to a remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>
+for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_action">postscreen_dnsbl_action</a>
+(default: ignore)</b></DT><DD>
+
+<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client's combined
+DNSBL score is equal to or greater than a threshold (as defined
+with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
+parameters). Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a>
+(default: 0)</b></DT><DD>
+
+<p> Allow a remote SMTP client to skip "before" and "after 220
+greeting" protocol tests, based on its combined DNSBL score as
+defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter. </p>
+
+<p> Specify a negative value to enable this feature. When a client
+passes the <a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> without having
+failed other tests, all pending or disabled tests are flagged as
+completed with a time-to-live value equal to <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>.
+When a test was already completed, its time-to-live value is updated
+if it was less than <a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>. </p>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+<p> Available as <a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> in Postfix 2.11
+- 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a>
+(default: ${<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>?{$<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>}:{1}}h)</b></DT><DD>
+
+<p> The maximum amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the
+result from a successful DNS-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a shorter TTL value, that value will be used unless
+it would be smaller than <a href="postconf.5.html#postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours). </p>
+
+<p> This feature is available in Postfix 3.1. The default setting
+is backwards-compatible with older Postfix versions. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a>
+(default: 60s)</b></DT><DD>
+
+<p> The minimum amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the
+result from a successful DNS-based reputation test before a
+client IP address is required to pass that test again. If the DNS
+reply specifies a larger TTL value, that value will be used unless
+it would be larger than <a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 3.1. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a>
+(default: empty)</b></DT><DD>
+
+<p> A mapping from an actual DNSBL domain name which includes a secret
+password, to the DNSBL domain name that postscreen will reply with
+when it rejects mail. When no mapping is found, the actual DNSBL
+domain will be used. </p>
+
+<p> For maximal stability it is best to use a file that is read
+into memory such as <a href="pcre_table.5.html">pcre</a>:, <a href="regexp_table.5.html">regexp</a>: or <a href="DATABASE_README.html#types">texthash</a>: (<a href="DATABASE_README.html#types">texthash</a>: is similar
+to <a href="DATABASE_README.html#types">hash</a>:, except a) there is no need to run <a href="postmap.1.html">postmap(1)</a> before the
+file can be used, and b) <a href="DATABASE_README.html#types">texthash</a>: does not detect changes after
+the file is read). </p>
+
+<p> Example: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> = <a href="DATABASE_README.html#types">texthash</a>:/etc/postfix/dnsbl_reply
+</pre>
+
+<pre>
+/etc/postfix/dnsbl_reply:
+ secret.zen.spamhaus.org zen.spamhaus.org
+</pre>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>
+(default: empty)</b></DT><DD>
+
+<p>Optional list of patterns with DNS allow/denylist domains, filters
+and weight
+factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will
+query these domains with the reversed IP addresses of remote SMTP
+clients,
+and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with
+each non-error reply as described below. </p>
+
+<p> Caution: when postscreen rejects mail, its SMTP response contains
+the DNSBL
+domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide
+"password" information in DNSBL domain names. </p>
+
+<p> When a client's score is equal to or greater than the threshold
+specified with <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>, <a href="postscreen.8.html">postscreen(8)</a> can drop
+the connection with the remote SMTP client. </p>
+
+<p> Specify a list of domain=filter*weight patterns, separated by
+comma or whitespace. </p>
+
+<ul>
+
+<li> <p> When a pattern specifies no "=filter", <a href="postscreen.8.html">postscreen(8)</a> will
+use any non-error DNSBL query result. Otherwise, <a href="postscreen.8.html">postscreen(8)</a>
+will use only DNSBL
+query results that match the filter. The filter has the form d.d.d.d,
+where each d is a number, or a pattern inside [] that contains one
+or more ";"-separated numbers or number..number ranges. </p>
+
+<li> <p> When a pattern specifies no "*weight", the weight of the
+pattern is 1. Otherwise, the weight must be an integral number.
+Specify a negative number for allowlisting. </p>
+
+<li> <p> When a pattern matches one or more DNSBL query results,
+<a href="postscreen.8.html">postscreen(8)</a> adds that pattern's weight once to the remote SMTP
+client's DNSBL score. </p>
+
+</ul>
+
+<p> Examples: </p>
+
+<p> To use example.com as a high-confidence blocklist, and to
+block mail with example.net and example.org only when both agree:
+</p>
+
+<pre>
+<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> = 2
+<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com*2, example.net, example.org
+</pre>
+
+<p> To filter only DNSBL replies containing 127.0.0.4: </p>
+
+<pre>
+<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> = example.com=127.0.0.4
+</pre>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a>
+(default: 1)</b></DT><DD>
+
+<p> The inclusive lower bound for blocking a remote SMTP client, based on
+its combined DNSBL score as defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>
+parameter. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_timeout">postscreen_dnsbl_timeout</a>
+(default: 10s)</b></DT><DD>
+
+<p> The time limit for DNSBL or DNSWL lookups. This is separate from
+the timeouts in the <a href="dnsblog.8.html">dnsblog(8)</a> daemon which are defined by system
+resolver(3) routines. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 3.0. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>
+(default: 1h)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
+a successful DNS-based reputation test before a client
+IP address is required to pass that test again. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is h (hours). </p>
+
+<p> This feature is available in Postfix 2.8-3.0. It was
+replaced by <a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a> in Postfix 3.1. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a>
+(default: 0)</b></DT><DD>
+
+<p> Renamed to <a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> in Postfix 3.6. </p>
+
+<p> This feature is available in Postfix 2.11 - 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_enforce_tls">postscreen_enforce_tls</a>
+(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD>
+
+<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption. See smtpd_postscreen_enforce_tls
+for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later.
+Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_expansion_filter">postscreen_expansion_filter</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> List of characters that are permitted in <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a>
+attribute expansions. See <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> for further
+details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+(default: $<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b></DT><DD>
+
+<p> List of commands that the <a href="postscreen.8.html">postscreen(8)</a> server considers in
+violation of the SMTP protocol. See <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> for
+syntax, and <a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> for possible actions.
+</p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_greet_action">postscreen_greet_action</a>
+(default: ignore)</b></DT><DD>
+
+<p>The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client speaks
+before its turn within the time specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a>
+parameter. Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> (default) </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Repeat this test the next time the client connects.
+This option is useful for testing and collecting statistics
+without blocking mail. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<p> In either case, <a href="postscreen.8.html">postscreen(8)</a> will not allowlist the remote SMTP client
+IP address. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_greet_banner">postscreen_greet_banner</a>
+(default: $<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b></DT><DD>
+
+<p> The <i>text</i> in the optional "220-<i>text</i>..." server
+response that
+<a href="postscreen.8.html">postscreen(8)</a> sends ahead of the real Postfix SMTP server's "220
+text..." response, in an attempt to confuse bad SMTP clients so
+that they speak before their turn (pre-greet). Specify an empty
+value to disable this feature. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_greet_ttl">postscreen_greet_ttl</a>
+(default: 1d)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
+a successful PREGREET test. During this time, the client IP address
+is excluded from this test. The default is relatively short, because
+a good client can immediately talk to a real Postfix SMTP server. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_greet_wait">postscreen_greet_wait</a>
+(default: normal: 6s, overload: 2s)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will wait for an SMTP
+client to send a command before its turn, and for DNS blocklist
+lookup results to arrive (default: up to 2 seconds under stress,
+up to 6 seconds otherwise). <p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_helo_required">postscreen_helo_required</a>
+(default: $<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b></DT><DD>
+
+<p> Require that a remote SMTP client sends HELO or EHLO before
+commencing a MAIL transaction. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a>
+(default: drop)</b></DT><DD>
+
+<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client sends
+non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a>
+parameter. Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Do <i>not</i> repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. This action is the
+same as with the Postfix SMTP server's <a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+feature. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a>
+(default: no)</b></DT><DD>
+
+<p> Enable "non-SMTP command" tests in the <a href="postscreen.8.html">postscreen(8)</a> server. These
+tests are expensive: a client must disconnect after it passes the
+test, before it can talk to a real Postfix SMTP server. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a>
+(default: 30d)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
+a successful "non_smtp_command" SMTP protocol test. During this
+time, the client IP address is excluded from this test. The default
+is long because a client must disconnect after it passes the test,
+before it can talk to a real Postfix SMTP server. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_pipelining_action">postscreen_pipelining_action</a>
+(default: enforce)</b></DT><DD>
+
+<p> The action that <a href="postscreen.8.html">postscreen(8)</a> takes when a remote SMTP client
+sends
+multiple commands instead of sending one command and waiting for
+the server to respond. Specify one of the following: </p>
+
+<dl>
+
+<dt> <b>ignore</b> </dt>
+
+<dd> Ignore the failure of this test. Allow other tests to complete.
+Do <i>not</i> repeat this test before the result from some
+other test expires.
+This option is useful for testing and collecting statistics
+without blocking mail permanently. </dd>
+
+<dt> <b>enforce</b> </dt>
+
+<dd> Allow other tests to complete. Reject attempts to deliver mail
+with a 550 SMTP reply, and log the helo/sender/recipient information.
+Repeat this test the next time the client connects. </dd>
+
+<dt> <b>drop</b> </dt>
+
+<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
+this test the next time the client connects. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_pipelining_enable">postscreen_pipelining_enable</a>
+(default: no)</b></DT><DD>
+
+<p> Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html">postscreen(8)</a>
+server. These tests are expensive: a good client must disconnect
+after it passes the test, before it can talk to a real Postfix SMTP
+server. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_pipelining_ttl">postscreen_pipelining_ttl</a>
+(default: 30d)</b></DT><DD>
+
+<p> The amount of time that <a href="postscreen.8.html">postscreen(8)</a> will use the result from
+a successful "pipelining" SMTP protocol test. During this time, the
+client IP address is excluded from this test. The default is
+long because a good client must disconnect after it passes the test,
+before it can talk to a real Postfix SMTP server. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_post_queue_limit">postscreen_post_queue_limit</a>
+(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD>
+
+<p> The number of clients that can be waiting for service from a
+real Postfix SMTP server process. When this queue is full, all
+clients will
+receive a 421 response. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_pre_queue_limit">postscreen_pre_queue_limit</a>
+(default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b></DT><DD>
+
+<p> The number of non-allowlisted clients that can be waiting for
+a decision whether they will receive service from a real Postfix
+SMTP server
+process. When this queue is full, all non-allowlisted clients will
+receive a 421 response. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_reject_footer">postscreen_reject_footer</a>
+(default: $<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b></DT><DD>
+
+<p> Optional information that is appended after a 4XX or 5XX
+<a href="postscreen.8.html">postscreen(8)</a> server
+response. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_reject_footer_maps">postscreen_reject_footer_maps</a>
+(default: $<a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>)</b></DT><DD>
+
+<p> Optional lookup table for information that is appended after a 4XX
+or 5XX <a href="postscreen.8.html">postscreen(8)</a> server response. See <a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> for
+further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_tls_security_level">postscreen_tls_security_level</a>
+(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD>
+
+<p> The SMTP TLS security level for the <a href="postscreen.8.html">postscreen(8)</a> server; when
+a non-empty value is specified, this overrides the obsolete parameters
+<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>. See <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>
+for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a>
+(default: empty)</b></DT><DD>
+
+<p> The name of the proxy protocol used by an optional before-postscreen
+proxy agent. When a proxy agent is used, this protocol conveys local
+and remote address and port information. Specify
+"<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> = haproxy" to enable the haproxy
+protocol; version 2 is supported with Postfix 3.5 and later. <p>
+
+<p> This feature is available in Postfix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a>
+(default: 5s)</b></DT><DD>
+
+<p> The time limit for the proxy protocol specified with the
+<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter. </p>
+
+<p> This feature is available in Postfix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_use_tls">postscreen_use_tls</a>
+(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD>
+
+<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption. </p>
+
+<p> This feature is available in Postfix 2.8 and later.
+Preferably, use <a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_watchdog_timeout">postscreen_watchdog_timeout</a>
+(default: 10s)</b></DT><DD>
+
+<p> How much time a <a href="postscreen.8.html">postscreen(8)</a> process may take to respond to
+a remote SMTP client command or to perform a cache operation before it
+is terminated by a built-in watchdog timer. This is a safety
+mechanism that prevents <a href="postscreen.8.html">postscreen(8)</a> from becoming non-responsive
+due to a bug in Postfix itself or in system software. To avoid
+false alarms and unnecessary cache corruption this limit cannot be
+set under 10s. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a>
+(default: <a href="DATABASE_README.html#types">static</a>:all)</b></DT><DD>
+
+<p> Renamed to <a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> in Postfix 3.6. </p>
+
+<p> This feature is available in Postfix 2.9 - 3.5. </p>
+
+
+</DD>
+
+<DT><b><a name="prepend_delivered_header">prepend_delivered_header</a>
+(default: command, file, forward)</b></DT><DD>
+
+<p> The message delivery contexts where the Postfix <a href="local.8.html">local(8)</a> delivery
+agent prepends a Delivered-To: message header with the address
+that the mail was delivered to. This information is used for mail
+delivery loop detection. </p>
+
+<p>
+By default, the Postfix local delivery agent prepends a Delivered-To:
+header when forwarding mail and when delivering to file (mailbox)
+and command. Turning off the Delivered-To: header when forwarding
+mail is not recommended.
+</p>
+
+<p>
+Specify zero or more of <b>forward</b>, <b>file</b>, or <b>command</b>.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> = forward
+</pre>
+
+
+</DD>
+
+<DT><b><a name="process_id">process_id</a>
+(read-only)</b></DT><DD>
+
+<p>
+The process ID of a Postfix command or daemon process.
+</p>
+
+
+</DD>
+
+<DT><b><a name="process_id_directory">process_id_directory</a>
+(default: pid)</b></DT><DD>
+
+<p>
+The location of Postfix PID files relative to $<a href="postconf.5.html#queue_directory">queue_directory</a>.
+This is a read-only parameter.
+</p>
+
+
+</DD>
+
+<DT><b><a name="process_name">process_name</a>
+(read-only)</b></DT><DD>
+
+<p>
+The process name of a Postfix command or daemon process.
+</p>
+
+
+</DD>
+
+<DT><b><a name="propagate_unmatched_extensions">propagate_unmatched_extensions</a>
+(default: canonical, virtual)</b></DT><DD>
+
+<p>
+What address lookup tables copy an address extension from the lookup
+key to the lookup result.
+</p>
+
+<p>
+For example, with a <a href="virtual.5.html">virtual(5)</a> mapping of "<i>joe@example.com =&gt;
+joe.user@example.net</i>", the address "<i>joe+foo@example.com</i>"
+would rewrite to "<i>joe.user+foo@example.net</i>".
+</p>
+
+<p>
+Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>,
+<b>forward</b>, <b>include</b> or <b>generic</b>. These cause
+address extension
+propagation with <a href="canonical.5.html">canonical(5)</a>, <a href="virtual.5.html">virtual(5)</a>, and <a href="aliases.5.html">aliases(5)</a> maps,
+with <a href="local.8.html">local(8)</a> .forward and :include: file lookups, and with <a href="smtp.8.html">smtp(8)</a>
+generic maps, respectively. </p>
+
+<p>
+Note: enabling this feature for types other than <b>canonical</b>
+and <b>virtual</b> is likely to cause problems when mail is forwarded
+to other sites, especially with mail that is sent to a mailing list
+exploder address.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual, alias,
+ forward, include
+<a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> = canonical, virtual
+</pre>
+
+
+</DD>
+
+<DT><b><a name="proxy_interfaces">proxy_interfaces</a>
+(default: empty)</b></DT><DD>
+
+<p>
+The remote network interface addresses that this mail system receives mail
+on by way of a proxy or network address translation unit.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+<p> You must specify your "outside" proxy/NAT addresses when your
+system is a backup MX host for other domains, otherwise mail delivery
+loops will happen when the primary MX host is down. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4
+</pre>
+
+
+</DD>
+
+<DT><b><a name="proxy_read_maps">proxy_read_maps</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to
+access for the read-only service.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma.
+Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="proxy_write_maps">proxy_write_maps</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The lookup tables that the <a href="proxymap.8.html">proxymap(8)</a> server is allowed to
+access for the read-write service. Postfix-owned local database
+files should be stored under the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>.
+Table references that don't begin with <a href="proxymap.8.html">proxy</a>: are ignored. </p>
+
+<p>
+This feature is available in Postfix 2.5 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="proxymap_service_name">proxymap_service_name</a>
+(default: proxymap)</b></DT><DD>
+
+<p> The name of the proxymap read-only table lookup service. This
+service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="proxywrite_service_name">proxywrite_service_name</a>
+(default: proxywrite)</b></DT><DD>
+
+<p> The name of the proxywrite read-write table lookup service.
+This service is normally implemented by the <a href="proxymap.8.html">proxymap(8)</a> daemon.
+</p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_clog_warn_time">qmgr_clog_warn_time</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The minimal delay between warnings that a specific destination is
+clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>. Specify 0 to disable.
+</p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is enabled with the <a href="postconf.5.html#helpful_warnings">helpful_warnings</a> parameter.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_daemon_timeout">qmgr_daemon_timeout</a>
+(default: 1000s)</b></DT><DD>
+
+<p> How much time a Postfix queue manager process may take to handle
+a request before it is terminated by a built-in watchdog timer.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_fudge_factor">qmgr_fudge_factor</a>
+(default: 100)</b></DT><DD>
+
+<p>
+Obsolete feature: the percentage of delivery resources that a busy
+mail system will use up for delivery of a large mailing list
+message.
+</p>
+
+<p>
+This feature exists only in the <a href="qmgr.8.html">oqmgr(8)</a> old queue manager. The
+current queue manager solves the problem in a better way.
+</p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_ipc_timeout">qmgr_ipc_timeout</a>
+(default: 60s)</b></DT><DD>
+
+<p> The time limit for the queue manager to send or receive information
+over an internal communication channel. The purpose is to break
+out of deadlock situations. If the time limit is exceeded the
+software either retries or aborts the operation. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_message_active_limit">qmgr_message_active_limit</a>
+(default: 20000)</b></DT><DD>
+
+<p>
+The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_message_recipient_limit">qmgr_message_recipient_limit</a>
+(default: 20000)</b></DT><DD>
+
+<p> The maximal number of recipients held in memory by the Postfix
+queue manager, and the maximal size of the short-term,
+in-memory "dead" destination status cache. </p>
+
+
+</DD>
+
+<DT><b><a name="qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a>
+(default: 10)</b></DT><DD>
+
+<p>
+The minimal number of in-memory recipients for any message. This
+takes priority over any other in-memory recipient limits (i.e.,
+the global <a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> and the per transport
+_recipient_limit) if necessary. The minimum value allowed for this
+parameter is 1.
+</p>
+
+
+</DD>
+
+<DT><b><a name="qmqpd_authorized_clients">qmqpd_authorized_clients</a>
+(default: empty)</b></DT><DD>
+
+<p>
+What remote QMQP clients are allowed to connect to the Postfix QMQP
+server port.
+</p>
+
+<p>
+By default, no client is allowed to use the service. This is
+because the QMQP server will relay mail to any destination.
+</p>
+
+<p>
+Specify a list of client patterns. A list pattern specifies a host
+name, a domain name, an internet address, or a network/mask pattern,
+where the mask specifies the number of bits in the network part.
+When a pattern specifies a file name, its contents are substituted
+for the file name; when a pattern is a "<a href="DATABASE_README.html">type:table</a>" table specification,
+table lookup is used instead. </p>
+
+<p>
+Patterns are separated by whitespace and/or commas. In order to
+reverse the result, precede a pattern with an
+exclamation point (!). The form "!/file/name" is supported only
+in Postfix version 2.4 and later.
+</p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a>" in the
+<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> = !192.168.0.1, 192.168.0.0/24
+</pre>
+
+
+</DD>
+
+<DT><b><a name="qmqpd_client_port_logging">qmqpd_client_port_logging</a>
+(default: no)</b></DT><DD>
+
+<p> Enable logging of the remote QMQP client port in addition to
+the hostname and IP address. The logging format is "host[address]:port".
+</p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="qmqpd_error_delay">qmqpd_error_delay</a>
+(default: 1s)</b></DT><DD>
+
+<p>
+How long the Postfix QMQP server will pause before sending a negative
+reply to the remote QMQP client. The purpose is to slow down confused
+or malicious clients.
+</p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="qmqpd_timeout">qmqpd_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The time limit for sending or receiving information over the network.
+If a read or write operation blocks for more than $<a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a>
+seconds the Postfix QMQP server gives up and disconnects.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="queue_directory">queue_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The location of the Postfix top-level queue directory. This is the
+root directory of Postfix daemon processes that run chrooted.
+</p>
+
+
+</DD>
+
+<DT><b><a name="queue_file_attribute_count_limit">queue_file_attribute_count_limit</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The maximal number of (name=value) attributes that may be stored
+in a Postfix queue file. The limit is enforced by the <a href="cleanup.8.html">cleanup(8)</a>
+server.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="queue_minfree">queue_minfree</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The minimal amount of free space in bytes in the queue file system
+that is needed to receive mail. This is currently used by the
+Postfix SMTP server to decide if it will accept any mail at all.
+</p>
+
+<p>
+By default, the Postfix SMTP server rejects MAIL FROM commands when
+the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>
+(Postfix version 2.1 and later).
+To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a>
+value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>.
+</p>
+
+<p>
+With Postfix versions 2.0 and earlier, a <a href="postconf.5.html#queue_minfree">queue_minfree</a> value of
+zero means there is no minimum required amount of free space.
+</p>
+
+
+</DD>
+
+<DT><b><a name="queue_run_delay">queue_run_delay</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
+
+<p> This parameter should be set less than or equal to
+$<a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="queue_service_name">queue_service_name</a>
+(default: qmgr)</b></DT><DD>
+
+<p>
+The name of the <a href="qmgr.8.html">qmgr(8)</a> service. This service manages the Postfix
+queue and schedules delivery requests.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="rbl_reply_maps">rbl_reply_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables with RBL response templates. The tables are
+indexed by the RBL domain name. By default, Postfix uses the default
+template as specified with the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> configuration
+parameter. See there for a discussion of the syntax of RBL reply
+templates.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="readme_directory">readme_directory</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+The location of Postfix README files that describe how to build,
+configure or operate a specific Postfix subsystem or feature.
+</p>
+
+
+</DD>
+
+<DT><b><a name="receive_override_options">receive_override_options</a>
+(default: empty)</b></DT><DD>
+
+<p> Enable or disable recipient validation, built-in content
+filtering, or address mapping. Typically, these are specified in
+<a href="master.5.html">master.cf</a> as command-line arguments for the <a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a> or
+<a href="pickup.8.html">pickup(8)</a> daemons. </p>
+
+<p> Specify zero or more of the following options. The options
+override <a href="postconf.5.html">main.cf</a> settings and are either implemented by <a href="smtpd.8.html">smtpd(8)</a>,
+<a href="qmqpd.8.html">qmqpd(8)</a>, or <a href="pickup.8.html">pickup(8)</a> themselves, or they are forwarded to the
+cleanup server. </p>
+
+<dl>
+
+<dt><b><a name="no_unknown_recipient_checks">no_unknown_recipient_checks</a></b></dt>
+
+<dd>Do not try to reject unknown recipients (SMTP server only).
+This is typically specified AFTER an external content filter.
+</dd>
+
+<dt><b><a name="no_address_mappings">no_address_mappings</a></b></dt>
+
+<dd>Disable canonical address mapping, virtual alias map expansion,
+address masquerading, and automatic BCC (blind carbon-copy)
+recipients. This is typically specified BEFORE an external content
+filter. </dd>
+
+<dt><b><a name="no_header_body_checks">no_header_body_checks</a></b></dt>
+
+<dd>Disable header/body_checks. This is typically specified AFTER
+an external content filter. </dd>
+
+<dt><b><a name="no_milters">no_milters</a></b></dt>
+
+<dd>Disable Milter (mail filter) applications. This is typically
+specified AFTER an external content filter. </dd>
+
+</dl>
+
+<p>
+Note: when the "BEFORE content filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a>
+setting is specified in the <a href="postconf.5.html">main.cf</a> file, specify the "AFTER content
+filter" <a href="postconf.5.html#receive_override_options">receive_override_options</a> setting in <a href="master.5.html">master.cf</a> (and vice
+versa).
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#receive_override_options">receive_override_options</a> =
+ <a href="postconf.5.html#no_unknown_recipient_checks">no_unknown_recipient_checks</a>, <a href="postconf.5.html#no_header_body_checks">no_header_body_checks</a>
+<a href="postconf.5.html#receive_override_options">receive_override_options</a> = <a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
+</pre>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="recipient_bcc_maps">recipient_bcc_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional BCC (blind carbon-copy) address lookup tables, indexed by
+envelope recipient address. The BCC address (multiple results are not
+supported) is added when mail enters from outside of Postfix.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+The table search order is as follows:
+</p>
+
+<ul>
+
+<li> Look up the "user+extension@domain.tld" address including the
+optional address extension.
+
+<li> Look up the "user@domain.tld" address without the optional
+address extension.
+
+<li> Look up the "user+extension" address local part when the
+recipient domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+<li> Look up the "user" address local part when the recipient domain
+equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+<li> Look up the "@domain.tld" part.
+
+</ul>
+
+<p>
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will unconditionally
+be notified when the BCC address is undeliverable.
+</p>
+
+<p> Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_bcc
+</pre>
+
+<p>
+After a change, run "<b>postmap /etc/postfix/recipient_bcc</b>".
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="recipient_canonical_classes">recipient_canonical_classes</a>
+(default: envelope_recipient, header_recipient)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address
+mapping. By default, <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address mapping is
+applied to envelope recipient addresses, and to header recipient
+addresses. </p>
+
+<p> Specify one or more of: envelope_recipient, header_recipient
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="recipient_canonical_maps">recipient_canonical_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional address mapping lookup tables for envelope and header
+recipient addresses.
+The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>.
+</p>
+
+<p>
+Note: $<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/recipient_canonical
+</pre>
+
+
+</DD>
+
+<DT><b><a name="recipient_delimiter">recipient_delimiter</a>
+(default: empty)</b></DT><DD>
+
+<p> The set of characters that can separate an email address
+localpart, user name, or a .forward file name from its extension.
+For example, with "<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +", the software tries
+user+foo@example.com before trying user@example.com, user+foo before
+trying user, and .forward+foo before trying .forward. </p>
+
+<p> More formally, an email address localpart or user name is
+separated from its extension by the first character that matches
+the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> set. The delimiter character and extension
+may then be used to generate an extended .forward file name. This
+implementation recognizes one delimiter character and one extension
+per email address localpart or email address. With Postfix 2.10 and
+earlier, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> specifies a single character. </p>
+
+<p> See <a href="canonical.5.html">canonical(5)</a>, <a href="local.8.html">local(8)</a>, <a href="relocated.5.html">relocated(5)</a> and <a href="virtual.5.html">virtual(5)</a> for the
+effects of <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> on lookups in aliases, canonical,
+virtual, and relocated maps, and see the <a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a>
+parameter for propagating an extension from one email address to
+another. </p>
+
+<p> When used in <a href="postconf.5.html#command_execution_directory">command_execution_directory</a>, <a href="postconf.5.html#forward_path">forward_path</a>, or
+<a href="postconf.5.html#luser_relay">luser_relay</a>, ${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>} is replaced with the actual
+recipient delimiter that was found in the recipient email address
+(Postfix 2.11 and later), or it is replaced with the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> parameter value (Postfix 2.10 and earlier).
+</p>
+
+<p> The <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is not applied to the mailer-daemon
+address, the postmaster address, or the double-bounce address. With
+the default "<a href="postconf.5.html#owner_request_special">owner_request_special</a> = yes" setting, the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>
+is also not applied to addresses with the special "owner-" prefix
+or the special "-request" suffix. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+# Handle Postfix-style extensions.
+<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +
+</pre>
+
+<pre>
+# Handle both Postfix and qmail extensions (Postfix 2.11 and later).
+<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +-
+</pre>
+
+<pre>
+# Use .forward for mail without address extension, and for mail with
+# an unrecognized address extension.
+<a href="postconf.5.html#forward_path">forward_path</a> = $home/.forward${<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>}${extension},
+ $home/.forward
+</pre>
+
+
+</DD>
+
+<DT><b><a name="reject_code">reject_code</a>
+(default: 554)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a remote SMTP
+client request is rejected by the "reject" restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="reject_tempfail_action">reject_tempfail_action</a>
+(default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b></DT><DD>
+
+<p> The Postfix SMTP server's action when a reject-type restriction
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted. </p>
+
+<p> For finer control, see: <a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>,
+<a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>, <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a>,
+and <a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="relay_clientcerts">relay_clientcerts</a>
+(default: empty)</b></DT><DD>
+
+<p> List of tables with remote SMTP client-certificate fingerprints or
+public key fingerprints (Postfix 2.9 and later) for which the Postfix
+SMTP server will allow access with the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+feature. The fingerprint digest algorithm is configurable via the
+<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
+Postfix version 2.5). </p>
+
+<p> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. The best-practice
+algorithm is now <b>sha256</b>. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe. </p>
+
+<p> Postfix lookup tables are in the form of (key, value) pairs.
+Since we only need the key, the value can be chosen freely, e.g.
+the name of the user or host:
+D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_clientcerts
+</pre>
+
+<p>For more fine-grained control, use <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> to select
+an appropriate <a href="access.5.html">access(5)</a> policy for each client.
+See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p>
+
+<p>This feature is available with Postfix version 2.2.</p>
+
+
+</DD>
+
+<DT><b><a name="relay_destination_concurrency_limit">relay_destination_concurrency_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
+
+<p> The maximal number of parallel deliveries to the same destination
+via the relay message delivery transport. This limit is enforced
+by the queue manager. The message delivery transport name is the
+first field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> This feature is available in Postfix 2.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="relay_destination_recipient_limit">relay_destination_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
+
+<p> The maximal number of recipients per message for the relay
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Setting this parameter to a value of 1 changes the meaning of
+<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain
+into concurrency per recipient. </p>
+
+<p> This feature is available in Postfix 2.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="relay_domains">relay_domains</a>
+(default: Postfix &ge; 3.0: empty, Postfix &lt; 3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b></DT><DD>
+
+<p> What destination domains (and subdomains thereof) this system
+will relay mail to. For details about how
+the <a href="postconf.5.html#relay_domains">relay_domains</a> value is used, see the description of the
+<a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> and <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> SMTP recipient
+restrictions. </p>
+
+<p> Domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a> are delivered with the
+$<a href="postconf.5.html#relay_transport">relay_transport</a> mail delivery transport. The SMTP server validates
+recipient addresses with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> and rejects non-existent
+recipients. See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the
+<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
+
+<p> Note: Postfix will not automatically forward mail for domains
+that list this system as their primary or backup MX host. See the
+<a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> restriction in the <a href="postconf.5.html">postconf(5)</a> manual page. </p>
+
+<p> Specify a list of host or domain names, "/file/name" patterns
+or "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace. A
+"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
+lookup table is matched when a (parent) domain appears as lookup
+key. Specify "!pattern" to exclude a domain from the list. The form
+"!/file/name" is supported only in Postfix version 2.4 and later.
+</p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#relay_domains">relay_domains</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+parameter value. </p>
+
+
+</DD>
+
+<DT><b><a name="relay_domains_reject_code">relay_domains_reject_code</a>
+(default: 554)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a client
+request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="relay_recipient_maps">relay_recipient_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with all valid addresses in the domains
+that match $<a href="postconf.5.html#relay_domains">relay_domains</a>. Specify @domain as a wild-card for
+domains that have no valid recipient list, and become a source of
+backscatter mail: Postfix accepts spam for non-existent recipients
+and then floods innocent people with undeliverable mail. Technically,
+tables
+listed with $<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> are used as lists: Postfix needs
+to know only if a lookup string is found or not, but it does not
+use the result from the table lookup. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+If this parameter is non-empty, then the Postfix SMTP server will reject
+mail to unknown relay users. This feature is off by default.
+</p>
+
+<p>
+See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
+file.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relay_recipients
+</pre>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="relay_transport">relay_transport</a>
+(default: relay)</b></DT><DD>
+
+<p>
+The default mail delivery transport and next-hop destination for
+remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of
+decreasing precedence, the nexthop destination is taken from
+$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or
+from the recipient domain. This information can be overruled with
+the <a href="transport.5.html">transport(5)</a> table.
+</p>
+
+<p>
+Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
+is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
+The <i>:nexthop</i> destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+</p>
+
+<p>
+See also the <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a> address class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>
+file.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="relayhost">relayhost</a>
+(default: empty)</b></DT><DD>
+
+<p>
+The next-hop destination(s) for non-local mail; overrides non-local
+domains in recipient addresses. This information is overruled with
+<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,
+<a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+and with the <a href="transport.5.html">transport(5)</a> table.
+</p>
+
+<p>
+On an intranet, specify the organizational domain name. If your
+internal DNS uses no MX records, specify the name of the intranet
+gateway host instead.
+</p>
+
+<p>
+In the case of SMTP or LMTP delivery, specify one or more destinations
+in the form of a domain name, hostname, hostname:port, [hostname]:port,
+[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
+The form [hostname] turns off MX lookups. Multiple destinations are
+supported in Postfix 3.5 and later.
+</p>
+
+<p>
+If you're connected via UUCP, see the <a href="UUCP_README.html">UUCP_README</a> file for useful
+information.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+<a href="postconf.5.html#relayhost">relayhost</a> = [gateway.example.com]
+<a href="postconf.5.html#relayhost">relayhost</a> = mail1.example:587, mail2.example:587
+<a href="postconf.5.html#relayhost">relayhost</a> = [an.ip.add.ress]
+</pre>
+
+
+</DD>
+
+<DT><b><a name="relocated_maps">relocated_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables with new contact information for users or
+domains that no longer exist. The table format and lookups are
+documented in <a href="relocated.5.html">relocated(5)</a>.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+If you use this feature, run "<b>postmap /etc/postfix/relocated</b>" to
+build the necessary DBM or DB file after change, then "<b>postfix
+reload</b>" to make the changes visible.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/relocated
+<a href="postconf.5.html#relocated_maps">relocated_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/relocated
+</pre>
+
+
+</DD>
+
+<DT><b><a name="remote_header_rewrite_domain">remote_header_rewrite_domain</a>
+(default: empty)</b></DT><DD>
+
+<p> Rewrite or add message headers in mail from remote clients if
+the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter value is non-empty,
+updating incomplete addresses with the domain specified in the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter, and adding missing headers.
+</p>
+
+<p> The
+<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter controls what clients Postfix
+considers local. </p>
+
+<p> Examples: </p>
+
+<p> The safe setting: append "domain.invalid" to incomplete header
+addresses from remote SMTP clients, so that those addresses cannot
+be confused with local addresses. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> = domain.invalid
+</pre>
+</blockquote>
+
+<p> The default, purist, setting: don't rewrite headers from remote
+clients at all. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> =
+</pre>
+</blockquote>
+
+
+</DD>
+
+<DT><b><a name="require_home_directory">require_home_directory</a>
+(default: no)</b></DT><DD>
+
+<p>
+Require that a <a href="local.8.html">local(8)</a> recipient's home directory exists
+before mail delivery is attempted. By default this test is disabled.
+It can be useful for environments that import home directories to
+the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
+</p>
+
+
+</DD>
+
+<DT><b><a name="reset_owner_alias">reset_owner_alias</a>
+(default: no)</b></DT><DD>
+
+<p> Reset the <a href="local.8.html">local(8)</a> delivery agent's idea of the owner-alias
+attribute, when delivering mail to a child alias that does not have
+its own owner alias. </p>
+
+<p> This feature is available in Postfix 2.8 and later. With older
+Postfix releases, the behavior is as if this parameter is set to
+"yes". </p>
+
+<p> As documented in <a href="aliases.5.html">aliases(5)</a>, when an alias <i>name</i> has a
+companion alias named owner-<i>name</i>, this will replace the
+envelope sender address, so that delivery errors will be
+reported to the owner alias instead of the sender. This configuration
+is recommended for mailing lists. <p>
+
+<p> A less known property of the owner alias is that it also forces
+the <a href="local.8.html">local(8)</a> delivery agent to write local and remote addresses
+from alias expansion to a new queue file, instead of attempting to
+deliver mail to local addresses as soon as they come out of alias
+expansion. </p>
+
+<p> Writing local addresses from alias expansion to a new queue
+file allows for robust handling of temporary delivery errors: errors
+with one local member have no effect on deliveries to other members
+of the list. On the other hand, delivery to local addresses as
+soon as they come out of alias expansion is fragile: a temporary
+error with one local address from alias expansion will cause the
+entire alias to be expanded repeatedly until the error goes away,
+or until the message expires in the queue. In that case, a problem
+with one list member results in multiple message deliveries to other
+list members. </p>
+
+<p> The default behavior of Postfix 2.8 and later is to keep the
+owner-alias attribute of the parent alias, when delivering mail to
+a child alias that does not have its own owner alias. Then, local
+addresses from that child alias will be written to a new queue file,
+and a temporary error with one local address will not affect delivery
+to other mailing list members. </p>
+
+<p> Unfortunately, older Postfix releases reset the owner-alias
+attribute when delivering mail to a child alias that does not have
+its own owner alias. To be precise, this resets only the decision
+to create a new queue file, not the decision to override the envelope
+sender address. The <a href="local.8.html">local(8)</a> delivery agent then attempts to
+deliver local addresses as soon as they come out of child alias
+expansion. If delivery to any address from child alias expansion
+fails with a temporary error condition, the entire mailing list may
+be expanded repeatedly until the mail expires in the queue, resulting
+in multiple deliveries of the same message to mailing list members.
+</p>
+
+
+</DD>
+
+<DT><b><a name="resolve_dequoted_address">resolve_dequoted_address</a>
+(default: yes)</b></DT><DD>
+
+<p> Resolve a recipient address safely instead of correctly, by
+looking inside quotes. </p>
+
+<p> By default, the Postfix address resolver does not quote the
+address localpart as per <a href="https://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or !
+operators remain visible. This behavior is safe but it is also
+technically incorrect. </p>
+
+<p> If you specify "<a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> = no", then
+the Postfix
+resolver will not know about additional @ etc. operators in the
+address localpart. This opens opportunities for obscure mail relay
+attacks with user@domain@domain addresses when Postfix provides
+backup MX service for Sendmail systems. </p>
+
+
+</DD>
+
+<DT><b><a name="resolve_null_domain">resolve_null_domain</a>
+(default: no)</b></DT><DD>
+
+<p> Resolve an address that ends in the "@" null domain as if the
+local hostname were specified, instead of rejecting the address as
+invalid. </p>
+
+<p> This feature is available in Postfix 2.1 and later.
+Earlier versions always resolve the null domain as the local
+hostname. </p>
+
+<p> The Postfix SMTP server uses this feature to reject mail from
+or to addresses that end in the "@" null domain, and from addresses
+that rewrite into a form that ends in the "@" null domain. </p>
+
+
+</DD>
+
+<DT><b><a name="resolve_numeric_domain">resolve_numeric_domain</a>
+(default: no)</b></DT><DD>
+
+<p> Resolve "user@ipaddress" as "user@[ipaddress]", instead of
+rejecting the address as invalid. </p>
+
+<p> This feature is available in Postfix 2.3 and later.
+
+
+</DD>
+
+<DT><b><a name="respectful_logging">respectful_logging</a>
+(default: see 'postconf -d' output)</b></DT><DD>
+
+<p> Avoid logging that implies white is better than black. Instead
+use 'allowlist', 'denylist', and variations of those words. </p>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="rewrite_service_name">rewrite_service_name</a>
+(default: rewrite)</b></DT><DD>
+
+<p>
+The name of the address rewriting service. This service rewrites
+addresses to standard form and resolves them to a (delivery method,
+next-hop host, recipient) triple.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="sample_directory">sample_directory</a>
+(default: /etc/postfix)</b></DT><DD>
+
+<p>
+The name of the directory with example Postfix configuration files.
+Starting with Postfix 2.1, these files have been replaced with the
+<a href="postconf.5.html">postconf(5)</a> manual page.
+</p>
+
+
+</DD>
+
+<DT><b><a name="send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a>
+(default: no)</b></DT><DD>
+
+<p> When authenticating to a remote SMTP or LMTP server with the
+default setting "no", send no SASL authoriZation ID (authzid); send
+only the SASL authentiCation ID (authcid) plus the authcid's password.
+</p>
+
+<p> The non-default setting "yes" enables the behavior of older
+Postfix versions. These always send a SASL authzid that is equal
+to the SASL authcid, but this causes interoperability problems
+with some SMTP servers. </p>
+
+<p> This feature is available in Postfix 2.4.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="sender_based_routing">sender_based_routing</a>
+(default: no)</b></DT><DD>
+
+<p>
+This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+in Postfix version 2.3.
+</p>
+
+
+</DD>
+
+<DT><b><a name="sender_bcc_maps">sender_bcc_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional BCC (blind carbon-copy) address lookup tables, indexed
+by envelope sender address. The BCC address (multiple results are not
+supported) is added when mail enters from outside of Postfix. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+The table search order is as follows:
+</p>
+
+<ul>
+
+<li> Look up the "user+extension@domain.tld" address including the
+optional address extension.
+
+<li> Look up the "user@domain.tld" address without the optional
+address extension.
+
+<li> Look up the "user+extension" address local part when the
+sender domain equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+<li> Look up the "user" address local part when the sender domain
+equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+<li> Look up the "@domain.tld" part.
+
+</ul>
+
+<p>
+Note: with Postfix 2.3 and later the BCC address is added as if it
+was specified with NOTIFY=NONE. The sender will not be notified
+when the BCC address is undeliverable, as long as all down-stream
+software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
+</p>
+
+<p>
+Note: with Postfix 2.2 and earlier the sender will be notified
+when the BCC address is undeliverable.
+</p>
+
+<p> Note: automatic BCC recipients are produced only for new mail.
+To avoid mailer loops, automatic BCC recipients are not generated
+after Postfix forwards mail internally, or after Postfix generates
+mail itself. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_bcc
+</pre>
+
+<p>
+After a change, run "<b>postmap /etc/postfix/sender_bcc</b>".
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="sender_canonical_classes">sender_canonical_classes</a>
+(default: envelope_sender, header_sender)</b></DT><DD>
+
+<p> What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address
+mapping. By default, <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address mapping is
+applied to envelope sender addresses, and to header sender addresses.
+</p>
+
+<p> Specify one or more of: envelope_sender, header_sender </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="sender_canonical_maps">sender_canonical_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional address mapping lookup tables for envelope and header
+sender addresses.
+The table format and lookups are documented in <a href="canonical.5.html">canonical(5)</a>.
+</p>
+
+<p>
+Example: you want to rewrite the SENDER address "user@ugly.example"
+to "user@pretty.example", while still being able to send mail to
+the RECIPIENT address "user@ugly.example".
+</p>
+
+<p>
+Note: $<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> is processed before $<a href="postconf.5.html#canonical_maps">canonical_maps</a>.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/sender_canonical
+</pre>
+
+
+</DD>
+
+<DT><b><a name="sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a>
+parameter setting. The tables are searched by the envelope sender
+address and @domain. A lookup result of DUNNO terminates the search
+without overriding the global <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
+This information is overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> Note: this overrides <a href="postconf.5.html#default_transport">default_transport</a>, not <a href="postconf.5.html#transport_maps">transport_maps</a>, and
+therefore the expected syntax is that of <a href="postconf.5.html#default_transport">default_transport</a>, not the
+syntax of <a href="postconf.5.html#transport_maps">transport_maps</a>. Specifically, this does not support the
+<a href="postconf.5.html#transport_maps">transport_maps</a> syntax for null transport, null nexthop, or null
+email addresses. </p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p> This feature is available in Postfix 2.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
+setting. The tables are searched by the envelope sender address and
+@domain. A lookup result of DUNNO terminates the search without
+overriding the global <a href="postconf.5.html#relayhost">relayhost</a> parameter setting (Postfix 2.6 and
+later). This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
+<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a> and with
+the <a href="transport.5.html">transport(5)</a> table. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> For safety reasons, this feature does not allow $number
+substitutions in regular expression maps. </p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="sendmail_fix_line_endings">sendmail_fix_line_endings</a>
+(default: always)</b></DT><DD>
+
+<p> Controls how the Postfix sendmail command converts email message
+line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
+</p>
+
+<dl>
+
+<dt> <b>always</b> </dt> <dd> Always convert message lines ending
+in &lt;CR&gt;&lt;LF&gt;. This setting is the default with Postfix
+2.9 and later. </dd>
+
+<dt> <b>strict</b> </dt> <dd> Convert message lines ending in
+&lt;CR&gt;&lt;LF&gt; only if the first input line ends in
+&lt;CR&gt;&lt;LF&gt;. This setting is backwards-compatible with
+Postfix 2.8 and earlier. </dd>
+
+<dt> <b>never</b> </dt> <dd> Never convert message lines ending in
+&lt;CR&gt;&lt;LF&gt;. This setting exists for completeness only.
+</dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="sendmail_path">sendmail_path</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+A Sendmail compatibility feature that specifies the location of
+the Postfix <a href="sendmail.1.html">sendmail(1)</a> command. This command can be used to
+submit mail into the Postfix queue.
+</p>
+
+
+</DD>
+
+<DT><b><a name="service_name">service_name</a>
+(read-only)</b></DT><DD>
+
+<p> The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. This
+can be used to distinguish the logging from different services that
+use the same program name. </p>
+
+<p> Example <a href="master.5.html">master.cf</a> entries: </p>
+
+<pre>
+# Distinguish inbound MTA logging from submission and smtps logging.
+smtp inet n - n - - smtpd
+submission inet n - n - - smtpd
+ -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a>
+smtps inet n - n - - smtpd
+ -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a>
+</pre>
+
+<pre>
+# Distinguish outbound MTA logging from inbound relay logging.
+smtp unix - - n - - smtp
+relay unix - - n - - smtp
+ -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/$<a href="postconf.5.html#service_name">service_name</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="service_throttle_time">service_throttle_time</a>
+(default: 60s)</b></DT><DD>
+
+<p>
+How long the Postfix <a href="master.8.html">master(8)</a> waits before forking a server that
+appears to be malfunctioning.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="setgid_group">setgid_group</a>
+(default: postdrop)</b></DT><DD>
+
+<p>
+The group ownership of set-gid Postfix commands and of group-writable
+Postfix directories. When this parameter value is changed you need
+to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
+earlier: "<b>/etc/postfix/post-install set-permissions</b>".
+</p>
+
+
+</DD>
+
+<DT><b><a name="shlib_directory">shlib_directory</a>
+(default: see 'postconf -d' output)</b></DT><DD>
+
+<p> The location of Postfix dynamically-linked libraries
+(libpostfix-*.so), and the default location of Postfix database
+plugins (postfix-*.so) that have a relative pathname in the
+dynamicmaps.cf file. The <a href="postconf.5.html#shlib_directory">shlib_directory</a> parameter defaults to
+"no" when Postfix dynamically-linked libraries and database plugins
+are disabled at compile time, otherwise it typically defaults to
+/usr/lib/postfix or /usr/local/lib/postfix. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> The directory specified with <a href="postconf.5.html#shlib_directory">shlib_directory</a> should contain
+only Postfix-related files. Postfix dynamically-linked libraries
+and database plugins should not be installed in a "public" system
+directory such as /usr/lib or /usr/local/lib. Linking Postfix
+dynamically-linked library files or database plugins into non-Postfix
+programs is not supported. Postfix dynamically-linked libraries
+and database plugins implement a Postfix-internal API that changes
+without maintaining compatibility. </p>
+
+<li> <p> You can change the <a href="postconf.5.html#shlib_directory">shlib_directory</a> value after Postfix is
+built. However, you may have to run ldconfig or equivalent to prevent
+Postfix programs from failing because the libpostfix-*.so files are
+not found. No ldconfig command is needed if you keep the libpostfix-*.so
+files in the compiled-in default $<a href="postconf.5.html#shlib_directory">shlib_directory</a> location. </p>
+
+</ul>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="show_user_unknown_table_name">show_user_unknown_table_name</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Display the name of the recipient table in the "User unknown"
+responses. The extra detail makes troubleshooting easier but also
+reveals information that is nobody else's business.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="showq_service_name">showq_service_name</a>
+(default: showq)</b></DT><DD>
+
+<p>
+The name of the <a href="showq.8.html">showq(8)</a> service. This service produces mail queue
+status reports.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_address_preference">smtp_address_preference</a>
+(default: any)</b></DT><DD>
+
+<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference. This feature has no effect
+unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. </p>
+
+<p> Postfix SMTP client address preference has evolved. With Postfix
+2.8 the default is "ipv6"; earlier implementations are hard-coded
+to prefer IPv6 over IPv4. </p>
+
+<p> Notes for mail delivery between sites that have both IPv4 and
+IPv6 connectivity: </p>
+
+<ul>
+
+<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = ipv6" is unsafe.
+It can fail to deliver mail when there is an outage that affects
+IPv6, while the destination is still reachable over IPv4. </p>
+
+<li> <p> The setting "<a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> = any" is safe. With
+this, mail will eventually be delivered even if there is an outage
+that affects IPv6 or IPv4, as long as it does not affect both. </p>
+
+</ul>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_address_verify_target">smtp_address_verify_target</a>
+(default: rcpt)</b></DT><DD>
+
+<p> In the context of email address verification, the SMTP protocol
+stage that determines whether an email address is deliverable.
+Specify one of "rcpt" or "data". The latter is needed with remote
+SMTP servers that reject recipients after the DATA command. Use
+<a href="postconf.5.html#transport_maps">transport_maps</a> to apply this feature selectively: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/transport:
+ smtp-domain-that-verifies-after-data smtp-data-target:
+ lmtp-domain-that-verifies-after-data lmtp-data-target:
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp-data-target unix - - n - - smtp
+ -o <a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a>=data
+ lmtp-data-target unix - - n - - lmtp
+ -o <a href="postconf.5.html#lmtp_address_verify_target">lmtp_address_verify_target</a>=data
+</pre>
+</blockquote>
+
+<p> Unselective use of the "data" target does no harm, but will
+result in unnecessary "lost connection after DATA" events at remote
+SMTP/LMTP servers. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Always send EHLO at the start of an SMTP session.
+</p>
+
+<p>
+With "<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> = no", the Postfix SMTP client sends
+EHLO only when
+the word "ESMTP" appears in the server greeting banner (example:
+220 spike.porcupine.org ESMTP Postfix).
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_balance_inet_protocols">smtp_balance_inet_protocols</a>
+(default: yes)</b></DT><DD>
+
+<p> When a remote destination resolves to a combination of IPv4 and
+IPv6 addresses, ensure that the Postfix SMTP client can try both
+address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. </p>
+
+<p> This avoids an interoperability problem when a destination resolves
+to primarily IPv6 addresses, the smtp_address_limit feature eliminates
+most or all IPv4 addresses, and the destination is not reachable over
+IPv6. </p>
+
+<p> This feature is available in Postfix 3.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_bind_address">smtp_bind_address</a>
+(default: empty)</b></DT><DD>
+
+<p>
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
+</p>
+
+<p>
+This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or
+it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client,
+for example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44
+</pre>
+</blockquote>
+
+<p> See <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> for how Postfix should handle
+errors (Postfix 3.7 and later). </p>
+
+<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4
+address, and that address is a non-loopback address, it is
+automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual
+IP hosting, but can be a problem on multi-homed firewalls. See the
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
+
+<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
+but this form is not required here. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a>
+(default: empty)</b></DT><DD>
+
+<p>
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p>
+This can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP clients, or
+it can be specified in the <a href="master.5.html">master.cf</a> file for a specific client,
+for example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8
+</pre>
+</blockquote>
+
+<p> See <a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> for how Postfix should handle
+errors (Postfix 3.7 and later). </p>
+
+<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6
+address, and that address is a non-loopback address, it is
+automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual
+IP hosting, but can be a problem on multi-homed firewalls. See the
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
+
+<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
+but this form is not recommended here. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_bind_address_enforce">smtp_bind_address_enforce</a>
+(default: no)</b></DT><DD>
+
+<p> Defer delivery when the Postfix SMTP client cannot apply the
+<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting. By default, the
+Postfix SMTP client will continue delivery after logging a warning.
+</p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_body_checks">smtp_body_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Restricted <a href="header_checks.5.html">body_checks(5)</a> tables for the Postfix SMTP client.
+These tables are searched while mail is being delivered. Actions
+that change the delivery time or destination are not available.
+</p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>
+(default: version dependent)</b></DT><DD>
+
+<p> When the remote SMTP servername is a DNS CNAME, replace the
+servername with the result from CNAME expansion for the purpose of
+logging, SASL password lookup, TLS
+policy decisions, or TLS certificate verification. The value "no"
+hardens Postfix <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> hostname-based policies against
+false hostname information in DNS CNAME records, and makes SASL
+password file lookups more predictable. This is the default setting
+as of Postfix 2.3. </p>
+
+<p> When DNS CNAME records are validated with secure DNS lookups
+(<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> = dnssec), they are always allowed to
+override the above servername (Postfix 2.11 and later). </p>
+
+<p> This feature is available in Postfix 2.2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connect_timeout">smtp_connect_timeout</a>
+(default: 30s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for completing a TCP connection, or
+zero (use the operating system built-in time limit).
+</p>
+
+<p>
+When no connection can be made within the deadline, the Postfix
+SMTP client
+tries the next address on the mail exchanger list. Specify 0 to
+disable the time limit (i.e. use whatever timeout is implemented by
+the operating system).
+</p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connection_cache_destinations">smtp_connection_cache_destinations</a>
+(default: empty)</b></DT><DD>
+
+<p> Permanently enable SMTP connection caching for the specified
+destinations. With SMTP connection caching, a connection is not
+closed immediately after completion of a mail transaction. Instead,
+the connection is kept open for up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a>
+seconds. This allows connections to be reused for other deliveries,
+and can improve mail delivery performance. </p>
+
+<p> Specify a comma or white space separated list of destinations
+or pseudo-destinations: </p>
+
+<ul>
+
+<li> if mail is sent without a <a href="postconf.5.html#relayhost">relay host</a>: a domain name (the
+right-hand side of an email address, without the [] around a numeric
+IP address),
+
+<li> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
+[] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
+transport map,
+
+<li> if mail is sent via a UNIX-domain socket: a pathname (without
+the unix: prefix),
+
+<li> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
+defined above,
+
+<li> a "<a href="DATABASE_README.html">type:table</a>" with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names on
+the left-hand side. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>"
+lookups is ignored.
+
+</ul>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a>
+(default: yes)</b></DT><DD>
+
+<p> Temporarily enable SMTP connection caching while a destination
+has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. With SMTP connection
+caching, a connection is not closed immediately after completion
+of a mail transaction. Instead, the connection is kept open for
+up to $<a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> seconds. This allows
+connections to be reused for other deliveries, and can improve mail
+delivery performance. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a>
+(default: 2s)</b></DT><DD>
+
+<p> When SMTP connection caching is enabled, the amount of time that
+an unused SMTP client socket is kept open before it is closed. Do
+not specify larger values without permission from the remote sites.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a>
+(default: 0)</b></DT><DD>
+
+<p> When SMTP connection caching is enabled, the number of times
+that an SMTP session may be reused before it is closed, or zero (no
+limit). With a reuse count limit of N, a connection is used up to
+N+1 times. </p>
+
+<p> NOTE: This feature is unsafe. When a high-volume destination
+has multiple inbound MTAs, then the slowest inbound MTA will attract
+the most connections to that destination. This limitation does not
+exist with the <a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> feature. </p>
+
+<p> This feature is available in Postfix 2.11. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a>
+(default: 300s)</b></DT><DD>
+
+<p> The amount of time during which Postfix will use an SMTP
+connection repeatedly. The timer starts when the connection is
+initiated (i.e. it includes the connect, greeting and helo latency,
+in addition to the latencies of subsequent mail delivery transactions).
+</p>
+
+<p> This feature addresses a performance stability problem with
+remote SMTP servers. This problem is not specific to Postfix: it
+can happen when any MTA sends large amounts of SMTP email to a site
+that has multiple MX hosts. </p>
+
+<p> The problem starts when one of a set of MX hosts becomes slower
+than the rest. Even though SMTP clients connect to fast and slow
+MX hosts with equal probability, the slow MX host ends up with more
+simultaneous inbound connections than the faster MX hosts, because
+the slow MX host needs more time to serve each client request. </p>
+
+<p> The slow MX host becomes a connection attractor. If one MX
+host becomes N times slower than the rest, it dominates mail delivery
+latency unless there are more than N fast MX hosts to counter the
+effect. And if the number of MX hosts is smaller than N, the mail
+delivery latency becomes effectively that of the slowest MX host
+divided by the total number of MX hosts. </p>
+
+<p> The solution uses connection caching in a way that differs from
+Postfix version 2.2. By limiting the amount of time during which a connection
+can be used repeatedly (instead of limiting the number of deliveries
+over that connection), Postfix not only restores fairness in the
+distribution of simultaneous connections across a set of MX hosts,
+it also favors deliveries over connections that perform well, which
+is exactly what we want. </p>
+
+<p> The default reuse time limit, 300s, is comparable to the various
+smtp transaction timeouts which are fair estimates of maximum excess
+latency for a slow delivery. Note that hosts may accept thousands
+of messages over a single connection within the default connection
+reuse time limit. This number is much larger than the default Postfix
+version 2.2 limit of 10 messages per cached connection. It may prove necessary
+to lower the limit to avoid interoperability issues with MTAs that
+exhibit bugs when many messages are delivered via a single connection.
+A lower reuse time limit risks losing the benefit of connection
+reuse when the average connection and mail delivery latency exceeds
+the reuse time limit. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_data_done_timeout">smtp_data_done_timeout</a>
+(default: 600s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the SMTP ".", and
+for receiving the remote SMTP server response.
+</p>
+
+<p>
+When no response is received within the deadline, a warning is
+logged that the mail may be delivered multiple times.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_data_init_timeout">smtp_data_init_timeout</a>
+(default: 120s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the SMTP DATA command,
+and for receiving the remote SMTP server response.
+</p>
+
+<p>
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
+(default: 180s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the SMTP message content.
+When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
+seconds the Postfix SMTP client terminates the transfer.
+</p>
+
+<p>
+Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds).
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a>
+(default: no)</b></DT><DD>
+
+<p>
+Defer mail delivery when no MX record resolves to an IP address.
+</p>
+
+<p>
+The default (no) is to return the mail as undeliverable. With older
+Postfix versions the default was to keep trying to deliver the mail
+until someone fixed the MX record or until the mail was too old.
+</p>
+
+<p>
+Note: the Postfix SMTP client always ignores MX records with equal
+or worse preference
+than the local MTA itself.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_delivery_status_filter">smtp_delivery_status_filter</a>
+(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD>
+
+<p> Optional filter for the <a href="smtp.8.html">smtp(8)</a> delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p>
+
+<p> NOTE: This feature modifies Postfix SMTP client error or non-error
+messages that may or may not be derived from remote SMTP server
+responses. In contrast, the <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> feature modifies
+remote SMTP server responses only. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
+
+<p> The maximal number of parallel deliveries to the same destination
+via the smtp message delivery transport. This limit is enforced by
+the queue manager. The message delivery transport name is the first
+field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_destination_recipient_limit">smtp_destination_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
+
+<p> The maximal number of recipients per message for the smtp
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Setting this parameter to a value of 1 changes the meaning of
+<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> from concurrency per domain
+into concurrency per recipient. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP server address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
+remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The
+table is not indexed by hostname for consistency with
+<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a>
+(default: empty)</b></DT><DD>
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the <a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> feature to
+discard EHLO keywords selectively. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="smtp_dns_reply_filter">smtp_dns_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional filter for Postfix SMTP client DNS lookup results.
+Specify zero or more lookup tables. The lookup tables are searched
+in the given order for a match with the DNS lookup result, converted
+to the following form: </p>
+
+<pre>
+ <i>name ttl class type preference value</i>
+</pre>
+
+<p> The <i>class</i> field is always "IN", the <i>preference</i>
+field exists only for MX records, the names of hosts, domains, etc.
+end in ".", and those names are in ASCII form (xn--mumble form in
+the case of UTF8 names). </p>
+
+<p> When a match is found, the table lookup result specifies an
+action. By default, the table query and the action name are
+case-insensitive. Currently, only the <b>IGNORE</b> action is
+implemented. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Postfix DNS reply filters have no effect on implicit DNS
+lookups through nsswitch.conf or equivalent mechanisms. </p>
+
+<li> <p> The Postfix SMTP/LMTP client uses <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a>
+and <a href="postconf.5.html#lmtp_dns_reply_filter">lmtp_dns_reply_filter</a> only to discover a remote SMTP or LMTP
+service (record types MX, A, AAAA, and TLSA). These lookups are
+also made to implement the features <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and
+<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. </p>
+
+<li> <p> The Postfix SMTP/LMTP client defers mail delivery when
+a filter removes all lookup results from a successful query. </p>
+
+<li> <p> Postfix SMTP server uses <a href="postconf.5.html#smtpd_dns_reply_filter">smtpd_dns_reply_filter</a> only to
+look up MX, A, AAAA, and TXT records to implement the features
+<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>, <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>,
+<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>, reject_rbl_*, and reject_rhsbl_*.
+</p>
+
+<li> <p> The Postfix SMTP server logs a warning or defers mail
+delivery when a filter removes all lookup results from a successful
+query. </p>
+
+</ul>
+
+<p> Example: ignore Google AAAA records in Postfix SMTP client DNS
+lookups, because Google sometimes hard-rejects mail from IPv6 clients
+with valid PTR etc. records. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/smtp_dns_reply_filter
+</pre>
+
+<pre>
+/etc/postfix/smtp_dns_reply_filter:
+ # /domain ttl IN AAAA address/ action, all case-insensitive.
+ # Note: the domain name ends in ".".
+ /^\S+\.google\.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE
+</pre>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_dns_resolver_options">smtp_dns_resolver_options</a>
+(default: empty)</b></DT><DD>
+
+<p> DNS Resolver options for the Postfix SMTP client. Specify zero
+or more of the following options, separated by comma or whitespace.
+Option names are case-sensitive. Some options refer to domain names
+that are specified in the file /etc/resolv.conf or equivalent. </p>
+
+<dl>
+
+<dt><b>res_defnames</b></dt>
+
+<dd> Append the current domain name to single-component names (those
+that do not contain a "." character). This can produce incorrect
+results, and is the hard-coded behavior prior to Postfix 2.8. </dd>
+
+<dt><b>res_dnsrch</b></dt>
+
+<dd> Search for host names in the current domain and in parent
+domains. This can produce incorrect results and is therefore not
+recommended. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_dns_support_level">smtp_dns_support_level</a>
+(default: empty)</b></DT><DD>
+
+<p> Level of DNS support in the Postfix SMTP client. With
+"<a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>" left at its empty default value, the legacy
+"<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a>" parameter controls whether DNS is enabled in
+the Postfix SMTP client, otherwise the legacy parameter is ignored.
+</p>
+
+<p> Specify one of the following: </p>
+
+<dl>
+
+<dt><b>disabled</b></dt>
+
+<dd>Disable DNS lookups. No MX lookups are performed and hostname
+to address lookups are unconditionally "native". This setting is
+not appropriate for hosts that deliver mail to the public Internet.
+Some obsolete how-to documents recommend disabling DNS lookups in
+some configurations with content_filters. This is no longer required
+and strongly discouraged. </dd>
+
+<dt><b>enabled</b></dt>
+
+<dd>Enable DNS lookups. Nexthop destination domains not enclosed
+in "[]" will be subject to MX lookups. If "dns" and "native" are
+included in the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter value, DNS will be
+queried first to resolve MX-host A records, followed by "native"
+lookups if no answer is found in DNS. </dd>
+
+<dt><b>dnssec</b></dt>
+
+<dd>Enable <a href="https://tools.ietf.org/html/rfc4033">DNSSEC</a>
+lookups. The "dnssec" setting differs from the "enabled" setting
+above in the following ways: <ul> <li>Any MX lookups will set
+RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC-validated
+responses. If the MX response is DNSSEC-validated the corresponding
+hostnames are considered validated. <li> The address lookups of
+validated hostnames are also validated, (provided of course
+"<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" includes "dns", see below). <li>Temporary
+failures in DNSSEC-enabled hostname-to-address resolution block any
+"native" lookups. Additional "native" lookups only happen when
+DNSSEC lookups hard-fail (NODATA or NXDOMAIN). </ul> </dd>
+
+</dl>
+
+<p> The Postfix SMTP client considers non-MX "[nexthop]" and
+"[nexthop]:port" destinations equivalent to statically-validated
+MX records of the form "nexthop. IN MX 0 nexthop." Therefore,
+with "dnssec" support turned on, validated hostname-to-address
+lookups apply to the nexthop domain of any "[nexthop]" or
+"[nexthop]:port" destination. This is also true for LMTP "inet:host"
+and "inet:host:port" destinations, as LMTP hostnames are never
+subject to MX lookups. </p>
+
+<p>The "dnssec" setting is recommended only if you plan to use the
+<a href="TLS_README.html#client_tls_dane">dane</a> or <a
+href="TLS_README.html#client_tls_dane">dane-only</a> TLS security
+level, otherwise enabling DNSSEC support in Postfix offers no
+additional security. Postfix DNSSEC support relies on an upstream
+recursive nameserver that validates DNSSEC signatures. Such a DNS
+server will always filter out forged DNS responses, even when Postfix
+itself is not configured to use DNSSEC. </p>
+
+<p> When using Postfix DANE support the "<a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>" parameter
+should include "dns", as <a
+href="https://tools.ietf.org/html/rfc7672">DANE</a> is not applicable
+to hosts resolved via "native" lookups. </p>
+
+<p> As mentioned above, Postfix is not a validating <a
+href="https://tools.ietf.org/html/rfc4035#section-4.9">stub
+resolver</a>; it relies on the system's configured DNSSEC-validating
+<a href="https://tools.ietf.org/html/rfc4035#section-3.2">recursive
+nameserver</a> to perform all DNSSEC validation. Since this
+nameserver's DNSSEC-validated responses will be fully trusted, it
+is strongly recommended that the MTA host have a local DNSSEC-validating
+recursive caching nameserver listening on a loopback address, and
+be configured to use only this nameserver for all lookups. Otherwise,
+Postfix may remain subject to man-in-the-middle attacks that forge
+responses from the recursive nameserver</p>
+
+<p>DNSSEC support requires a version of Postfix compiled against a
+reasonably-modern DNS resolver(3) library that implements the
+RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a>
+(default: no)</b></DT><DD>
+
+<p> Enforcement mode: require that remote SMTP servers use TLS
+encryption, and never send mail in the clear. This also requires
+that the remote SMTP server hostname matches the information in
+the remote server certificate, and that the remote SMTP server
+certificate was issued by a CA that is trusted by the Postfix SMTP
+client. If the certificate doesn't verify or the hostname doesn't
+match, delivery is deferred and mail stays in the queue. </p>
+
+<p> The server hostname is matched against all names provided as
+dNSNames in the SubjectAlternativeName. If no dNSNames are specified,
+the CommonName is checked. The behavior may be changed with the
+<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p>
+
+<p> This option is useful only if you are definitely sure that you
+will only connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that
+provide valid server certificates. Typical use is for clients that
+send all their email to a dedicated mailhub. </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_fallback_relay">smtp_fallback_relay</a>
+(default: $<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b></DT><DD>
+
+<p> Optional list of relay destinations that will be used when an
+SMTP destination is not found, or when delivery fails due to a
+non-permanent error. With Postfix 2.2 and earlier this parameter
+is called <a href="postconf.5.html#fallback_relay">fallback_relay</a>. </p>
+
+<p> By default, <a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> is empty, mail is returned to
+the sender when a destination is not found, and delivery is deferred
+after it fails due to a non-permanent error. </p>
+
+<p> With bulk email deliveries, it can be beneficial to run the
+fallback relay MTA on the same host, so that it can reuse the sender
+IP address. This speeds up deliveries that are delayed by IP-based
+reputation systems (greylist, etc.). </p>
+
+<p> The fallback relays must be SMTP destinations. Specify a domain,
+host, host:port, [host]:port, [address] or [address]:port; the form
+[host] turns off MX lookups. If you specify multiple SMTP
+destinations, Postfix will try them in the specified order. </p>
+
+<p> To prevent mailer loops between MX hosts and fall-back hosts,
+Postfix version 2.2 and later will not use the fallback relays for
+destinations that it is MX host for (assuming DNS lookup is turned on).
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_generic_maps">smtp_generic_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables that perform address rewriting in the
+Postfix SMTP client, typically to transform a locally valid address into
+a globally valid address when sending mail across the Internet.
+This is needed when the local machine does not have its own Internet
+domain name, but uses something like <i>localdomain.local</i>
+instead. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> The table format and lookups are documented in <a href="generic.5.html">generic(5)</a>;
+examples are shown in the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> and
+<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a> documents. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_header_checks">smtp_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Restricted <a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP client.
+These tables are searched while mail is being delivered. Actions
+that change the delivery time or destination are not available.
+</p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_helo_name">smtp_helo_name</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p>
+The hostname to send in the SMTP HELO or EHLO command.
+</p>
+
+<p>
+The default value is the machine hostname. Specify a hostname or
+[ip.add.re.ss].
+</p>
+
+<p>
+This information can be specified in the <a href="postconf.5.html">main.cf</a> file for all SMTP
+clients, or it can be specified in the <a href="master.5.html">master.cf</a> file for a specific
+client, for example:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ mysmtp ... smtp -o <a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>=foo.bar.com
+</pre>
+</blockquote>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_helo_timeout">smtp_helo_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the HELO or EHLO command,
+and for receiving the initial remote SMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_host_lookup">smtp_host_lookup</a>
+(default: dns)</b></DT><DD>
+
+<p>
+What mechanisms the Postfix SMTP client uses to look up a host's
+IP address. This parameter is ignored when DNS lookups are disabled
+(see: <a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> and <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a>). The "dns"
+mechanism is always tried before "native" if both are listed.
+</p>
+
+<p>
+Specify one of the following:
+</p>
+
+<dl>
+
+<dt><b>dns</b></dt>
+
+<dd>Hosts can be found in the DNS (preferred). </dd>
+
+<dt><b>native</b></dt>
+
+<dd>Use the native naming service only (nsswitch.conf, or equivalent
+mechanism). </dd>
+
+<dt><b>dns, native</b></dt>
+
+<dd>Use the native service for hosts not found in the DNS. </dd>
+
+</dl>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_line_length_limit">smtp_line_length_limit</a>
+(default: 998)</b></DT><DD>
+
+<p>
+The maximal length of message header and body lines that Postfix
+will send via SMTP. This limit does not include the &lt;CR&gt;&lt;LF&gt;
+at the end of each line. Longer lines are broken by inserting
+"&lt;CR&gt;&lt;LF&gt;&lt;SPACE&gt;", to minimize the damage to MIME
+formatted mail. Specify zero to disable this limit.
+</p>
+
+<p>
+The Postfix limit of 998 characters not including &lt;CR&gt;&lt;LF&gt;
+is consistent with the SMTP limit of 1000 characters including
+&lt;CR&gt;&lt;LF&gt;. The Postfix limit was 990 with Postfix 2.8
+and earlier.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_mail_timeout">smtp_mail_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the MAIL FROM command,
+and for receiving the remote SMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_mime_header_checks">smtp_mime_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Restricted mime_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP
+client. These tables are searched while mail is being delivered.
+Actions that change the delivery time or destination are not
+available. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_min_data_rate">smtp_min_data_rate</a>
+(default: 500)</b></DT><DD>
+
+<p> The minimum plaintext data transfer rate in bytes/second for
+DATA requests, when deadlines are enabled with <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
+After a write operation transfers N plaintext message bytes (possibly
+after TLS encryption), and after the DATA request deadline is
+decremented by the elapsed time of that write operation, the DATA
+request deadline is incremented by N/smtp_min_data_rate seconds.
+However, the deadline will never be incremented beyond the time
+limit specified with <a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_mx_address_limit">smtp_mx_address_limit</a>
+(default: 5)</b></DT><DD>
+
+<p>
+The maximal number of MX (mail exchanger) IP addresses that can
+result from Postfix SMTP client mail exchanger lookups, or zero (no
+limit). Prior to
+Postfix version 2.3, this limit was disabled by default.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_mx_session_limit">smtp_mx_session_limit</a>
+(default: 2)</b></DT><DD>
+
+<p> The maximal number of SMTP sessions per delivery request before
+the Postfix SMTP client
+gives up or delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
+limit). This restriction ignores sessions that fail to complete the
+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p>
+
+<p> This feature is available in Postfix 2.1 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_nested_header_checks">smtp_nested_header_checks</a>
+(default: empty)</b></DT><DD>
+
+<p> Restricted nested_<a href="header_checks.5.html">header_checks(5)</a> tables for the Postfix SMTP
+client. These tables are searched while mail is being delivered.
+Actions that change the delivery time or destination are not
+available. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_never_send_ehlo">smtp_never_send_ehlo</a>
+(default: no)</b></DT><DD>
+
+<p> Never send EHLO at the start of an SMTP session. See also the
+<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_per_record_deadline">smtp_per_record_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> Change the behavior of the smtp_*_timeout time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message). This
+limits the impact from hostile peers that trickle data one byte at
+a time. </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline. </p>
+
+<p> This feature is available in Postfix 2.9-3.6. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". Postfix 3.7 and later use <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_per_request_deadline">smtp_per_request_deadline</a>
+(default: no)</b></DT><DD>
+
+<p> Change the behavior of the smtp_*_timeout time limits, from a
+time limit per plaintext or TLS read or write call, to a combined
+time limit for sending a complete SMTP request and for receiving a
+complete SMTP response. The deadline limits only the time spent
+waiting for plaintext or TLS read or write calls, not time spent
+elsewhere. The per-request deadline limits the impact from hostile
+peers that trickle data one byte at a time. </p>
+
+<p> See <a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> for how the per-request deadline is
+managed during the DATA phase. </p>
+
+<p> Note: when per-request deadlines are enabled, a short time limit
+may cause problems with TLS over very slow network connections. The
+reason is that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be
+transferred within the per-request deadline. </p>
+
+<p> This feature is available in Postfix 3.7 and later. A weaker
+feature, called <a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a>, is available with Postfix
+2.9-3.6. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
+(default: 10s)</b></DT><DD>
+
+<p>
+How long the Postfix SMTP client pauses before sending
+".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
+"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
+</p>
+
+<p>
+Choosing too short a time makes this workaround ineffective when
+sending large messages over slow network connections.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_pix_workaround_maps">smtp_pix_workaround_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP server address, with
+per-destination workarounds for CISCO PIX firewall bugs. The table
+is not indexed by hostname for consistency with
+<a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a>. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a>
+(default: 500s)</b></DT><DD>
+
+<p> How long a message must be queued before the Postfix SMTP client
+turns on the PIX firewall "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;"
+bug workaround for delivery through firewalls with "smtp fixup"
+mode turned on. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+By default, the workaround is turned off for mail that is queued
+for less than 500 seconds. In other words, the workaround is normally
+turned off for the first delivery attempt.
+</p>
+
+<p>
+Specify 0 to enable the PIX firewall
+"&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug workaround upon the
+first delivery attempt.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_pix_workarounds">smtp_pix_workarounds</a>
+(default: disable_esmtp, delay_dotcrlf)</b></DT><DD>
+
+<p> A list that specifies zero or more workarounds for CISCO PIX
+firewall bugs. These workarounds are implemented by the Postfix
+SMTP client. Workaround names are separated by comma or space, and
+are case insensitive. This parameter setting can be overruled with
+per-destination <a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> settings. </p>
+
+<dl>
+
+<dt><b>delay_dotcrlf</b><dd> Insert a delay before sending
+".&lt;CR&gt;&lt;LF&gt;" after the end of the message content. The
+delay is subject to the <a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> and
+<a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> parameter settings. </dd>
+
+<dt><b>disable_esmtp</b><dd> Disable all extended SMTP commands:
+send HELO instead of EHLO. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.4 and later. The default
+settings are backwards compatible with earlier Postfix versions.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_quit_timeout">smtp_quit_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the QUIT command,
+and for receiving the remote SMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
+as required
+by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
+that ends in ".".
+</p>
+
+<p>
+The default is to comply with <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
+a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
+</p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ broken-smtp . . . smtp -o <a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a>=no
+</pre>
+</blockquote>
+
+<p>
+and route mail for the destination in question to the "broken-smtp"
+message delivery with a <a href="transport.5.html">transport(5)</a> table.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_randomize_addresses">smtp_randomize_addresses</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Randomize the order of equal-preference MX host addresses. This
+is a performance feature of the Postfix SMTP client.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_rcpt_timeout">smtp_rcpt_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the SMTP RCPT TO
+command, and for receiving the remote SMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_reply_filter">smtp_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> A mechanism to transform replies from remote SMTP servers one
+line at a time. This is a last-resort tool to work around server
+replies that break interoperability with the Postfix SMTP client.
+Other uses involve fault injection to test Postfix's handling of
+invalid responses. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> In the case of a multi-line reply, the Postfix SMTP client
+uses the final reply line's numerical SMTP reply code and enhanced
+status code. </p>
+
+<li> <p> The numerical SMTP reply code (XYZ) takes precedence over
+the enhanced status code (X.Y.Z). When the enhanced status code
+initial digit differs from the SMTP reply code initial digit, or
+when no enhanced status code is present, the Postfix SMTP client
+uses a generic enhanced status code (X.0.0) instead. </p>
+
+</ul>
+
+<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
+string is a single SMTP reply line as received from the remote SMTP
+server, except that the trailing &lt;CR&gt;&lt;LF&gt; are removed.
+When the lookup succeeds, the result replaces the single SMTP reply
+line. </p>
+
+<p> Examples: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/reply_filter
+</pre>
+
+<pre>
+/etc/postfix/reply_filter:
+ # Transform garbage into "250-filler..." so that it looks like
+ # one line from a multi-line reply. It does not matter what we
+ # substitute here as long it has the right syntax. The Postfix
+ # SMTP client will use the final line's numerical SMTP reply
+ # code and enhanced status code.
+ !/^([2-5][0-9][0-9]($|[- ]))/ 250-filler for garbage
+</pre>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_rset_timeout">smtp_rset_timeout</a>
+(default: 20s)</b></DT><DD>
+
+<p> The Postfix SMTP client time limit for sending the RSET command,
+and for receiving the remote SMTP server response. The SMTP client
+sends RSET in
+order to finish a recipient address probe, or to verify that a
+cached session is still usable. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.1 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+(default: empty)</b></DT><DD>
+
+<p> An optional table to prevent repeated SASL authentication
+failures with the same remote SMTP server hostname, username and
+password. Each table (key, value) pair contains a server name, a
+username and password, and the full server response. This information
+is stored when a remote SMTP server rejects an authentication attempt
+with a 535 reply code. As long as the <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a>
+information does not change, and as long as the <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
+information does not expire (see <a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>) the
+Postfix SMTP client avoids SASL authentication attempts with the
+same server, username and password, and instead bounces or defers
+mail as controlled with the <a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> configuration
+parameter. </p>
+
+<p> Use a per-destination delivery concurrency of 1 (for example,
+"<a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> = 1",
+"<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> = 1", etc.), otherwise multiple
+delivery agents may experience a login failure at the same time.
+</p>
+
+<p> The table must be accessed via the proxywrite service, i.e. the
+map name must start with "<a href="proxymap.8.html">proxy</a>:". The table should be stored under
+the directory specified with the <a href="postconf.5.html#data_directory">data_directory</a> parameter. </p>
+
+<p> This feature uses cryptographic hashing to protect plain-text
+passwords, and requires that Postfix is compiled with TLS support.
+</p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/sasl_auth_cache
+</pre>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a>
+(default: 90d)</b></DT><DD>
+
+<p> The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+is removed. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is d (days). </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_auth_enable">smtp_sasl_auth_enable</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable SASL authentication in the Postfix SMTP client. By default,
+the Postfix SMTP client uses no authentication.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> = yes
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a>
+(default: yes)</b></DT><DD>
+
+<p> When a remote SMTP server rejects a SASL authentication request
+with a 535 reply code, defer mail delivery instead of returning
+mail as undeliverable. The latter behavior was hard-coded prior to
+Postfix version 2.5. </p>
+
+<p> Note: the setting "yes" overrides the global <a href="postconf.5.html#soft_bounce">soft_bounce</a>
+parameter, but the setting "no" does not. </p>
+
+<p> Example: </p>
+
+<pre>
+# Default as of Postfix 2.5
+<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = yes
+# The old hard-coded default
+<a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> = no
+</pre>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
+(default: empty)</b></DT><DD>
+
+<p>
+If non-empty, a Postfix SMTP client filter for the remote SMTP
+server's list of offered SASL mechanisms. Different client and
+server implementations may support different mechanism lists; by
+default, the Postfix SMTP client will use the intersection of the
+two. <a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> specifies an optional third mechanism
+list to intersect with. </p>
+
+<p> Specify mechanism names, "/file/name" patterns or "<a href="DATABASE_README.html">type:table</a>"
+lookup tables. The right-hand side result from "<a href="DATABASE_README.html">type:table</a>" lookups
+is ignored. Specify "!pattern" to exclude a mechanism name from the
+list. The form "!/file/name" is supported only in Postfix version
+2.4 and later. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = plain, login
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = /etc/postfix/smtp_mechs
+<a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> = !gssapi, !login, <a href="DATABASE_README.html#types">static</a>:rest
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_password_maps">smtp_sasl_password_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional Postfix SMTP client lookup tables with one username:password
+entry per sender, remote hostname or next-hop domain. Per-sender
+lookup is done only when sender-dependent authentication is enabled.
+If no username:password entry is found, then the Postfix SMTP client
+will not attempt to authenticate to the remote host.
+</p>
+
+<p>
+The Postfix SMTP client opens the lookup table before going to
+chroot jail, so you can leave the password file in /etc/postfix.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_path">smtp_sasl_path</a>
+(default: empty)</b></DT><DD>
+
+<p> Implementation-specific information that the Postfix SMTP client
+passes through to
+the SASL plug-in implementation that is selected with
+<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. Typically this specifies the name of a
+configuration file or rendezvous point. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_security_options">smtp_sasl_security_options</a>
+(default: noplaintext, noanonymous)</b></DT><DD>
+
+<p> Postfix SMTP client SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL client implementation that is selected
+with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. </p>
+
+<p> The following security features are defined for the <b>cyrus</b>
+client SASL implementation: </p>
+
+<p>
+Specify zero or more of the following:
+</p>
+
+<dl>
+
+<dt><b>noplaintext</b></dt>
+
+<dd>Disallow methods that use plaintext passwords. </dd>
+
+<dt><b>noactive</b></dt>
+
+<dd>Disallow methods subject to active (non-dictionary) attack.
+</dd>
+
+<dt><b>nodictionary</b></dt>
+
+<dd>Disallow methods subject to passive (dictionary) attack. </dd>
+
+<dt><b>noanonymous</b></dt>
+
+<dd>Disallow methods that allow anonymous authentication. </dd>
+
+<dt><b>mutual_auth</b></dt>
+
+<dd>Only allow methods that provide mutual authentication (not
+available with SASL version 1). </dd>
+
+</dl>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> = noplaintext
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>
+(default: $<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b></DT><DD>
+
+<p> The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a>
+(default: $<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b></DT><DD>
+
+<p> The SASL authentication security options that the Postfix SMTP
+client uses for TLS encrypted SMTP sessions with a verified server
+certificate. </p>
+
+<p> When mail is sent to the public MX host for the recipient's
+domain, server certificates are by default optional, and delivery
+proceeds even if certificate verification fails. For delivery via
+a submission service that requires SASL authentication, it may be
+appropriate to send plaintext passwords only when the connection
+to the server is strongly encrypted <b>and</b> the server identity
+is verified. </p>
+
+<p> The <a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> parameter makes it
+possible to only enable plaintext mechanisms when a secure connection
+to the server is available. Submission servers subject to this
+policy must either have verifiable certificates or offer suitable
+non-plaintext SASL mechanisms. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sasl_type">smtp_sasl_type</a>
+(default: cyrus)</b></DT><DD>
+
+<p> The SASL plug-in type that the Postfix SMTP client should use
+for authentication. The available types are listed with the
+"<b>postconf -A</b>" command. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
+(default: no)</b></DT><DD>
+
+<p> Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL
+FROM command in SASL-authenticated SMTP sessions. The default is
+not to send this, to avoid problems with broken remote SMTP servers.
+Before Postfix 2.9 the behavior is as if "<a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a>
+= yes".
+
+<p> This feature is available in Postfix 2.9 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_send_xforward_command">smtp_send_xforward_command</a>
+(default: no)</b></DT><DD>
+
+<p>
+Send the non-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
+</p>
+
+<p>
+This allows a Postfix SMTP delivery agent, used for injecting mail
+into
+a content filter, to forward the name, address, protocol and HELO
+name of the original client to the content filter and downstream
+queuing SMTP server. This can produce more useful logging than
+localhost[127.0.0.1] etc.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable sender-dependent authentication in the Postfix SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials. </p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Skip SMTP servers that greet with a 4XX status code (go away, try
+again later).
+</p>
+
+<p>
+By default, the Postfix SMTP client moves on the next mail exchanger.
+Specify
+"<a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> = no" if Postfix should defer delivery
+immediately.
+</p>
+
+<p> This feature is available in Postfix 2.0 and earlier.
+Later Postfix versions always skip remote SMTP servers that greet
+with a
+4XX status code. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Skip remote SMTP servers that greet with a 5XX status code.
+</p>
+
+<p> By default, the Postfix SMTP client moves on the next mail
+exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should
+bounce the mail immediately. Caution: the latter behavior appears
+to contradict <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_skip_quit_response">smtp_skip_quit_response</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Do not wait for the response to the SMTP QUIT command.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_starttls_timeout">smtp_starttls_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p> Time limit for Postfix SMTP client write and read operations
+during TLS startup and shutdown handshake procedures. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tcp_port">smtp_tcp_port</a>
+(default: smtp)</b></DT><DD>
+
+<p>
+The default TCP port that the Postfix SMTP client connects to.
+Specify a symbolic name (see services(5)) or a numeric port.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_CAfile">smtp_tls_CAfile</a>
+(default: empty)</b></DT><DD>
+
+<p> A file containing CA certificates of root CAs trusted to sign
+either remote SMTP server certificates or intermediate CA certificates.
+These are loaded into memory before the <a href="smtp.8.html">smtp(8)</a> client enters the
+chroot jail. If the number of trusted roots is large, consider using
+<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> instead, but note that the latter directory must be
+present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This
+file may also be used to augment the client certificate trust chain,
+but it is best to include all the required certificates directly in
+$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (or, Postfix &ge; 3.4 $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>). </p>
+
+<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use
+ONLY the system-supplied default Certification Authority certificates.
+</p>
+
+<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
+appending the system-supplied default CAs and trusting third-party
+certificates. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/CAcert.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_CApath">smtp_tls_CApath</a>
+(default: empty)</b></DT><DD>
+
+<p> Directory with PEM format Certification Authority certificates
+that the Postfix SMTP client uses to verify a remote SMTP server
+certificate. Don't forget to create the necessary "hash" links
+with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs".
+</p>
+
+<p> To use this option in chroot mode, this directory (or a copy)
+must be inside the chroot jail. </p>
+
+<p> Specify "<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /path/to/system_CA_directory" to
+use ONLY the system-supplied default Certification Authority certificates.
+</p>
+
+<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
+appending the system-supplied default CAs and trusting third-party
+certificates. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> = /etc/postfix/certs
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
+(default: no)</b></DT><DD>
+
+<p> Try to detect a mail hijacking attack based on a TLS protocol
+vulnerability (CVE-2009-3555), where an attacker prepends malicious
+HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
+The attack would succeed with non-Postfix SMTP servers that reply
+to the malicious HELO, MAIL, RCPT, DATA commands after negotiating
+the Postfix SMTP client TLS session. </p>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP client RSA certificate in PEM format.
+This file may also contain the Postfix SMTP client private RSA key, and
+these may be the same as the Postfix SMTP server RSA certificate and key
+file. With Postfix &ge; 3.4 the preferred way to configure client keys
+and certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
+
+<p> Do not configure client certificates unless you <b>must</b> present
+client TLS certificates to one or more servers. Client certificates are
+not usually needed, and can cause problems in configurations that work
+well without them. The recommended setting is to let the defaults stand: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> =
+<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> =
+<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> =
+<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> =
+# Obsolete DSA parameters
+<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> =
+<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> =
+# Postfix &ge; 3.4 interface
+<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+</pre>
+</blockquote>
+
+<p> The best way to use the default settings is to comment out the above
+parameters in <a href="postconf.5.html">main.cf</a> if present. </p>
+
+<p> To enable remote SMTP servers to verify the Postfix SMTP client
+certificate, the issuing CA certificates must be made available to the
+server. You should include the required certificates in the client
+certificate file, the client certificate first, then the issuing
+CA(s) (bottom-up order). </p>
+
+<p> Example: the certificate for "client.example.com" was issued by
+"intermediate CA" which itself has a certificate issued by "root CA".
+As the "root" super-user create the client.pem file with: </p>
+
+<blockquote>
+<pre>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem &gt; chain.pem </b>
+</pre>
+</blockquote>
+
+<p> If you also want to verify remote SMTP server certificates issued by
+these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in
+which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>,
+<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (obsolete) or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
+
+<p> A certificate supplied here must be usable as an SSL client certificate
+and hence pass the "openssl verify -purpose sslclient ..." test. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/chain.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_chain_files">smtp_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms&mdash;which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448&mdash;it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or a configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a>
+(default: empty)</b></DT><DD>
+
+<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
+cipher list. As this feature applies to all TLS security levels, it is easy
+to create interoperability problems by choosing a non-default cipher
+list. Do not use a non-default TLS cipher list on hosts that deliver email
+to the public Internet: you will be unable to send email to servers that
+only support the ciphers you exclude. Using a restricted cipher list
+may be more appropriate for an internal MTA, where one can exert some
+control over the TLS software and settings of the peer servers. </p>
+
+<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
+
+<p> This feature is available in Postfix version 2.2. It is not used with
+Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of
+the selected cipher grade. The default value is "medium" for
+Postfix releases after the middle of 2015, "export" for older
+releases. </p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
+details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
+ciphers on a per-destination basis. </p>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_connection_reuse">smtp_tls_connection_reuse</a>
+(default: no)</b></DT><DD>
+
+<p> Try to make multiple deliveries per TLS-encrypted connection.
+This uses the <a href="tlsproxy.8.html">tlsproxy(8)</a> service to encrypt an SMTP connection,
+uses the <a href="scache.8.html">scache(8)</a> service to save that connection, and relies on
+hints from the <a href="qmgr.8.html">qmgr(8)</a> daemon. </p>
+
+<p> See "<a href="TLS_README.html#client_tls_reuse">Client-side
+TLS connection reuse</a>" for background details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The TLS policy for MX hosts with "secure" TLSA records when the
+nexthop destination security level is <b>dane</b>, but the MX
+record was found via an "insecure" MX lookup. The choices are:
+</p>
+
+<dl>
+<dt><b>may</b></dt>
+<dd> The TLSA records will be ignored and TLS will be optional. If
+the MX host does not appear to support STARTTLS, or the STARTTLS
+handshake fails, mail may be sent in the clear. </dd>
+<dt><b>encrypt</b></dt>
+<dd> The TLSA records will signal a requirement to use TLS. While
+TLS encryption will be required, authentication will not be performed.
+</dd>
+<dt><b>dane</b></dt>
+<dd>The TLSA records will be used just as with "secure" MX records.
+TLS encryption will be required, and, if at least one of the TLSA
+records is "usable", authentication will be required. When
+authentication succeeds, it will be logged only as "Trusted", not
+"Verified", because the MX host name could have been forged. </dd>
+</dl>
+
+<p> The default setting for Postfix &ge; 3.6 is "dane" with
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = dane", otherwise "may". This behavior
+was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21.
+With earlier Postfix versions the default setting was always "dane".
+</p>
+
+<p> Though with "insecure" MX records an active attacker can
+compromise SMTP transport security by returning forged MX records,
+such attacks are "tamper-evident" since any forged MX hostnames
+will be recorded in the mail logs. Attackers who place a high value
+on staying hidden may be deterred from forging MX records. </p>
+
+<p>
+This feature is available in Postfix 3.1 and later. The <b>may</b>
+policy is backwards-compatible with earlier Postfix versions.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP client DSA certificate in PEM format.
+This file may also contain the Postfix SMTP client private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
+
+<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
+</p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> = /etc/postfix/client-dsa.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_dkey_file">smtp_tls_dkey_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP client DSA private key in PEM format.
+This file may be combined with the Postfix SMTP client DSA certificate
+file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. The DSA algorithm is obsolete
+and should not be used. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_eccert_file">smtp_tls_eccert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP client ECDSA certificate in PEM format.
+This file may also contain the Postfix SMTP client ECDSA private key.
+With Postfix &ge; 3.4 the preferred way to configure client keys and
+certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
+
+<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
+</p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> = /etc/postfix/ecdsa-ccert.pem
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_eckey_file">smtp_tls_eckey_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP client ECDSA private key in PEM format.
+This file may be combined with the Postfix SMTP client ECDSA certificate
+file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. With Postfix &ge; 3.4 the
+preferred way to configure client keys and certificates is via the
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+(default: yes)</b></DT><DD>
+
+<p> With mandatory TLS encryption, require that the remote SMTP
+server hostname matches the information in the remote SMTP server
+certificate. As of <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking
+for MTA clients are not specified. </p>
+
+<p> This option can be set to "no" to disable strict peer name
+checking. This setting has no effect on sessions that are controlled
+via the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table. </p>
+
+<p> Disabling the hostname verification can make sense in a closed
+environment where special CAs are created. If not used carefully,
+this option opens the danger of a "man-in-the-middle" attack (the
+CommonName of this attacker will be logged). </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels. This is not an OpenSSL cipherlist, it is
+a simple list separated by whitespace and/or commas. The elements are a
+single cipher, or one or more "+" separated cipher properties, in which
+case only ciphers matching <b>all</b> the properties are excluded. </p>
+
+<p> Examples (some of these will cause problems): </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = MD5, DES
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = DES+MD5
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = kEDH+aRSA
+</pre>
+</blockquote>
+
+<p> The first setting disables anonymous ciphers. The next setting
+disables ciphers that use the MD5 digest algorithm or the (single) DES
+encryption algorithm. The next setting disables ciphers that use MD5 and
+DES together. The next setting disables the two ciphers "AES256-SHA"
+and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
+key exchange with RSA authentication. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a>
+(default: empty)</b></DT><DD>
+
+<p> List of acceptable remote SMTP server certificate fingerprints for
+the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> =
+fingerprint). At this security level, Certification Authorities are not
+used, and certificate expiration times are ignored. Instead, server
+certificates are verified directly via their certificate fingerprint
+or public key fingerprint (Postfix 2.9 and later). The fingerprint
+is a message digest of the server certificate (or public key). The
+digest algorithm is selected via the <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b>
+parameter. </p>
+
+<p> The colons between each pair of nibbles in the fingerprint value
+are optional (Postfix &ge; 3.6). These were required in earlier
+Postfix releases. </p>
+
+<p> When an <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a></b> table entry specifies the
+"fingerprint" security level, any "match" attributes in that entry specify
+the list of valid fingerprints for the corresponding destination. Multiple
+fingerprints can be combined with a "|" delimiter in a single match
+attribute, or multiple match attributes can be employed. </p>
+
+<p> Example: Certificate fingerprint verification with internal mailhub.
+Two matching fingerprints are listed. The <a href="postconf.5.html#relayhost">relayhost</a> may be multiple
+physical hosts behind a load-balancer, each with its own private/public
+key and self-signed certificate. Alternatively, a single <a href="postconf.5.html#relayhost">relayhost</a> may
+be in the process of switching from one set of private/public keys to
+another, and both keys are trusted just prior to the transition. </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
+<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
+ cd:fc:d8:db:f8:c4:82:96:6c:...:28:71:e8:f5:8d:a5:0d:9b:d4:a6
+ dd:5c:ef:f5:c3:bc:64:25:36:...:99:36:06:ce:40:ef:de:2e:ad:a4
+</pre>
+</blockquote>
+
+<p> Example: Certificate fingerprint verification with selected destinations.
+As in the example above, we show two matching fingerprints: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/tls_policy:
+ example.com fingerprint
+ match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76
+ match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The message digest algorithm used to construct remote SMTP server
+certificate fingerprints. At the "fingerprint" TLS security level
+(<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint), the server certificate is
+verified by directly matching its certificate fingerprint or its public
+key fingerprint (Postfix 2.9 and later). The fingerprint is the
+message digest of the server certificate (or its public key)
+using the selected
+algorithm. With a digest algorithm resistant to "second pre-image"
+attacks, it is not feasible to create a new public key and a matching
+certificate (or public/private key-pair) that has the same fingerprint. </p>
+
+<p> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. </p>
+
+<p> The best-practice algorithm is now <b>sha256</b>. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image" attacks
+against the older algorithms, their use in this context, though not
+recommended, is still likely safe. </p>
+
+<p> While additional digest algorithms are often available with OpenSSL's
+libcrypto, only those used by libssl in SSL cipher suites are available to
+Postfix. You'll likely find support for md5, sha1, sha256 and sha512. </p>
+
+<p> To find the fingerprint of a specific certificate file, with a
+specific digest algorithm, run:
+</p>
+
+<blockquote>
+<pre>
+$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
+</pre>
+</blockquote>
+
+<p> The text to the right of the "=" sign is the desired fingerprint.
+For example: </p>
+
+<blockquote>
+<pre>
+$ openssl x509 -noout -fingerprint -sha256 -in cert.pem
+SHA256 Fingerprint=D4:6A:AB:19:24:...:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
+</pre>
+</blockquote>
+
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> The actual command to transform the key to DER format depends on the
+version of OpenSSL used. As of OpenSSL 1.0.0, the "pkey" command supports
+all key types. </p>
+<blockquote>
+<pre>
+# OpenSSL &ge; 1.0 with SHA-256 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey |
+ openssl pkey -pubin -outform DER |
+ openssl dgst -sha256 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:...:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and the public key fingerprint when the TLS loglevel is 2 or
+higher. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a>
+(default: no)</b></DT><DD>
+
+<p> Lookup the associated DANE TLSA RRset even when a hostname is
+not an alias and its address records lie in an unsigned zone. This
+is unlikely to ever yield DNSSEC validated results, since child
+zones of unsigned zones are also unsigned in the absence of DLV or
+locally configured non-root trust-anchors. We anticipate that such
+mechanisms will not be used for just the "_tcp" subdomain of a host.
+Suppressing the TLSA RRset lookup reduces latency and avoids potential
+interoperability problems with nameservers for unsigned zones that
+are not prepared to handle the new TLSA RRset. </p>
+
+<p> This feature is available in Postfix 2.11. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_key_file">smtp_tls_key_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP client RSA private key in PEM format.
+This file may be combined with the Postfix SMTP client RSA certificate
+file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. With Postfix &ge; 3.4 the
+preferred way to configure client keys and certificates is via the
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> = $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_loglevel">smtp_tls_loglevel</a>
+(default: 0)</b></DT><DD>
+
+<p> Enable additional Postfix SMTP client logging of TLS activity.
+Each logging level also includes the information that is logged at
+a lower logging level. </p>
+
+<dl compact>
+
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
+&mdash; no logging of remote SMTP server certificate trust-chain
+verification errors if server certificate verification is not required.
+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors. </dd>
+
+<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
+
+<dt> </dt> <dd> 3 Also log the hexadecimal and ASCII dump of the
+TLS negotiation process. </dd>
+
+<dt> </dt> <dd> 4 Also log the hexadecimal and ASCII dump of complete
+transmission after STARTTLS. </dd>
+
+</dl>
+
+<p> Do not use "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 2" or higher except in case of
+problems. Use of loglevel 4 is strongly discouraged. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption. The default value "medium" is suitable
+for most destinations with which you may want to enforce TLS, and
+is beyond the reach of today's cryptanalytic methods. See
+<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers
+on a per-destination basis. </p>
+
+<p> The following cipher grades are supported: </p>
+
+<dl>
+<dt><b>high</b></dt>
+<dd> Enable only "HIGH" grade OpenSSL ciphers. This setting may
+be appropriate when all mandatory TLS destinations (e.g. when all
+mail is routed to a suitably capable <a href="postconf.5.html#relayhost">relayhost</a>) support at least one
+"HIGH" grade cipher. The underlying cipherlist is specified via the
+<a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration parameter, which you are strongly
+encouraged not to change. </dd>
+
+<dt><b>medium</b></dt>
+<dd> Enable "MEDIUM" grade or better OpenSSL ciphers.
+The underlying cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a>
+configuration parameter, which you are strongly encouraged not to change.
+</dd>
+
+<dt><b>null</b></dt>
+<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare case
+that all servers are prepared to use NULL ciphers (not normally enabled
+in TLS servers). A plausible use-case is an LMTP server listening on a
+UNIX-domain socket that is configured to support "NULL" ciphers. The
+underlying cipherlist is specified via the <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
+configuration parameter, which you are strongly encouraged not to
+change. </dd>
+
+<dt><b>low</b></dt>
+<dd> Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix
+&ge; 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "LOW" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used. </dd>
+
+<dt><b>export</b></dt>
+<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix
+&ge; 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "EXPORT" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used. </dd>
+
+</dl>
+
+<p> The underlying cipherlists for grades other than "null" include
+anonymous ciphers, but these are automatically filtered out if the
+Postfix SMTP client is configured to verify server certificates.
+You are very unlikely to need to take any steps to exclude anonymous
+ciphers, they are excluded automatically as necessary. If you must
+exclude anonymous ciphers at the "may" or "encrypt" security levels,
+when the Postfix SMTP client does not need or use peer certificates, set
+"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only when
+TLS is enforced, set "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL". </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP client cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
+(see there for syntax details). </p>
+
+<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> TLS protocols that the Postfix SMTP client will use with mandatory
+TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace,
+commas or colons. In the policy table "protocols" attribute (see
+<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty value
+means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set a lowest acceptable TLS protocol version
+and/or a highest acceptable TLS protocol version. To set the lower
+bound include an element of the form: "&gt;=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "&lt;=<i>version</i>". There must be no whitespace between
+the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix &ge; 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=0305
+# Allow only TLS 1.2 and up:
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2,
+!SSLv3". Listing the protocols to include, rather than the protocols to
+exclude, is supported, but not recommended. The exclusion syntax more
+accurately matches the underlying OpenSSL interface. </p>
+
+<p> When using the exclusion syntax, take care to ensure that the range
+of protocols supported by the Postfix SMTP client is contiguous. When
+a protocol version is enabled, disabling any higher version implicitly
+disables all versions above that higher version. Thus, for example: </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
+</pre>
+</blockquote>
+
+<p> also disables any protocol versions higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> While the vast majority of SMTP servers with DANE TLSA records now
+support at least TLS 1.2, a few still only support TLS 1.0. If you use
+"dane" or "dane-only" it is best not to disable TLSv1, except perhaps
+via the policy table for destinations which you are sure will support
+"TLSv1.2". </p>
+
+<p> See the documentation of the <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> parameter and
+<a href="TLS_README.html">TLS_README</a> for more information about security levels. </p>
+
+<p> Example: </p>
+<pre>
+# Preferred syntax with Postfix &ge; 3.6:
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=TLSv1.3
+# Legacy syntax:
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a>
+(default: no)</b></DT><DD>
+
+<p> Log the hostname of a remote SMTP server that offers STARTTLS,
+when TLS is not already enabled for that server. </p>
+
+<p> The logfile record looks like: </p>
+
+<pre>
+postfix/smtp[pid]: Host offered STARTTLS: [name.of.host]
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_per_site">smtp_tls_per_site</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix SMTP client TLS usage
+policy by next-hop destination and by remote SMTP server hostname.
+When both lookups succeed, the more specific per-site policy (NONE,
+MUST, etc.) overrides the less specific one (MAY), and the more secure
+per-site policy (MUST, etc.) overrides the less secure one (NONE).
+With Postfix 2.3 and later <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> is strongly discouraged:
+use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p>
+
+<p> Use of the bare hostname as the per-site table lookup key is
+discouraged. Always use the full destination nexthop (enclosed in
+[] with a possible ":port" suffix). A recipient domain or MX-enabled
+transport next-hop with no port suffix may look like a bare hostname,
+but is still a suitable <i>destination</i>. </p>
+
+<p> Specify a next-hop destination or server hostname on the left-hand
+side; no wildcards are allowed. The next-hop destination is either
+the recipient domain, or the destination specified with a <a href="transport.5.html">transport(5)</a>
+table, the <a href="postconf.5.html#relayhost">relayhost</a> parameter, or the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter.
+On the right hand side specify one of the following keywords: </p>
+
+<dl>
+
+<dt> NONE </dt> <dd> Don't use TLS at all. This overrides a less
+specific <b>MAY</b> lookup result from the alternate host or next-hop
+lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>,
+and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
+
+<dt> MAY </dt> <dd> Try to use TLS if the server announces support,
+otherwise use an unencrypted connection. This has less precedence
+than a more specific result (including <b>NONE</b>) from the alternate
+host or next-hop lookup key, and has less precedence than the more
+specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+= yes". </dd>
+
+<dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not
+require that the remote SMTP server hostname matches the information
+in the remote SMTP server certificate, or that the server certificate
+was issued by a trusted CA. This overrides a less secure <b>NONE</b>
+or a less specific <b>MAY</b> lookup result from the alternate host
+or next-hop lookup key, and overrides the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
+<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> settings. </dd>
+
+<dt> MUST </dt> <dd> Require TLS encryption, require that the remote
+SMTP server hostname matches the information in the remote SMTP
+server certificate, and require that the remote SMTP server certificate
+was issued by a trusted CA. This overrides a less secure <b>NONE</b>
+or <b>MUST_NOPEERMATCH</b> or a less specific <b>MAY</b> lookup
+result from the alternate host or next-hop lookup key, and overrides
+the global <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
+settings. </dd>
+
+</dl>
+
+<p> The above keywords correspond to the "none", "may", "encrypt" and
+"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter
+introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
+of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers (see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>
+and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p>
+
+<p> As long as no secure DNS lookup mechanism is available, false
+hostnames in MX or CNAME responses can change the server hostname
+that Postfix uses for TLS policy lookup and server certificate
+verification. Even with a perfect match between the server hostname and
+the server certificate, there is no guarantee that Postfix is connected
+to the right server. See <a href="TLS_README.html">TLS_README</a> (Closing a DNS loophole with obsolete
+per-site TLS policies) for a possible work-around. </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix SMTP client TLS security
+policy by next-hop destination; when a non-empty value is specified,
+this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. See
+<a href="TLS_README.html">TLS_README</a> for a more detailed discussion of TLS security levels.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> The TLS policy table is indexed by the full next-hop destination,
+which is either the recipient domain, or the verbatim next-hop
+specified in the transport table, $<a href="postconf.5.html#local_transport">local_transport</a>, $<a href="postconf.5.html#virtual_transport">virtual_transport</a>,
+$<a href="postconf.5.html#relay_transport">relay_transport</a> or $<a href="postconf.5.html#default_transport">default_transport</a>. This includes any enclosing
+square brackets and any non-default destination server port suffix. The
+LMTP socket type prefix (inet: or unix:) is not included in the lookup
+key. </p>
+
+<p> Only the next-hop domain, or $<a href="postconf.5.html#myhostname">myhostname</a> with LMTP over UNIX-domain
+sockets, is used as the nexthop name for certificate verification. The
+port and any enclosing square brackets are used in the table lookup key,
+but are not used for server name verification. </p>
+
+<p> When the lookup key is a domain name without enclosing square brackets
+or any <i>:port</i> suffix (typically the recipient domain), and the full
+domain is not found in the table, just as with the <a href="transport.5.html">transport(5)</a> table,
+the parent domain starting with a leading "." is matched recursively. This
+allows one to specify a security policy for a recipient domain and all
+its sub-domains. </p>
+
+<p> The lookup result is a security level, followed by an optional list
+of whitespace and/or comma separated name=value attributes that override
+related <a href="postconf.5.html">main.cf</a> settings. The TLS security levels in order of increasing
+security are: </p>
+
+<dl>
+
+<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
+<dd>No TLS. No additional attributes are supported at this level. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
+<dd>Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+interoperability. The optional "ciphers", "exclude", and "protocols"
+attributes (available for opportunistic TLS with Postfix &ge; 2.6)
+and "connection_reuse" attribute (Postfix &ge; 3.4) override the
+"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>", "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>",
+and
+"<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a>" configuration parameters. In the policy table,
+multiple ciphers, protocols or excluded ciphers must be separated by colons,
+as attribute values may not contain whitespace or commas. When opportunistic
+TLS handshakes fail, Postfix retries the connection with TLS disabled.
+This allows mail delivery to sites with non-interoperable TLS
+implementations.</dd>
+
+<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
+<dd>Mandatory TLS encryption. At this level
+and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute
+overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, the
+optional "exclude" attribute (Postfix &ge; 2.6) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter, and the optional
+"connection_reuse" attribute (Postfix &ge; 3.4) overrides the
+<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. In the policy table,
+multiple ciphers, protocols or excluded ciphers must be separated by colons,
+as attribute values may not contain whitespace or commas. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
+<dd>Opportunistic DANE TLS. The TLS policy for the destination is
+obtained via TLSA records in DNSSEC. If no TLSA records are found,
+the effective security level used is <a
+href="TLS_README.html#client_tls_may">may</a>. If TLSA records are
+found, but none are usable, the effective security level is <a
+href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable
+TLSA records are obtained for the remote SMTP server, the
+server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
+TLS authentication and DNSSEC support is available with Postfix
+2.11 and later. The optional "connection_reuse" attribute (Postfix
+&ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter.
+When the effective security level used is <a
+href="TLS_README.html#client_tls_may">may</a>, the optional "ciphers",
+"exclude", and "protocols" attributes (Postfix &ge; 2.6) override the
+"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>"
+configuration parameters.
+When the effective security level used is <a
+href="TLS_README.html#client_tls_encrypt">encrypt</a>, the optional "ciphers",
+"exclude", and "protocols" attributes (Postfix &ge; 2.6) override the
+"<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and
+"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" configuration parameters.
+</dd>
+
+<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
+<dd>Mandatory DANE TLS. The TLS policy for the destination is
+obtained via TLSA records in DNSSEC. If no TLSA records are found,
+or none are usable, no connection is made to the server. When
+usable TLSA records are obtained for the remote SMTP server, the
+server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS
+authentication and DNSSEC support is available with Postfix 2.11
+and later. The optional "ciphers", "exclude", and "protocols" attributes
+(Postfix &ge; 2.6) override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>",
+"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>"
+configuration parameters. The optional "connection_reuse" attribute
+(Postfix &ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter.
+</dd>
+
+<dt><b><a href="TLS_README.html#client_tls_fprint">fingerprint</a></b></dt>
+<dd>Certificate fingerprint
+verification. Available with Postfix 2.5 and later. At this security
+level, there are no trusted Certification Authorities. The certificate
+trust chain, expiration date, ... are not checked. Instead,
+the optional "match" attribute, or else the <a href="postconf.5.html">main.cf</a>
+<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b> parameter, lists the certificate
+fingerprints or the public key fingerprint (Postfix 2.9 and later)
+of the valid server certificate. The digest
+algorithm used to calculate the fingerprint is selected by the
+<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Multiple fingerprints can
+be combined with a "|" delimiter in a single match attribute, or multiple
+match attributes can be employed. The ":" character is not used as a
+delimiter as it occurs between each pair of fingerprint (hexadecimal)
+digits. The optional "ciphers", "exclude", and "protocols" attributes
+(Postfix &ge; 2.6) override the "<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>",
+"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and "<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>"
+configuration parameters. The optional "connection_reuse" attribute
+(Postfix &ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a>
+parameter. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
+<dd>Mandatory TLS verification. At this security
+level, DNS MX lookups are trusted to be secure enough, and the name
+verified in the server certificate is usually obtained indirectly via
+unauthenticated DNS MX lookups. The optional "match" attribute overrides
+the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. In the policy table,
+multiple match patterns and strategies must be separated by colons.
+In practice explicit control over matching is more common with the
+"secure" policy, described below. The optional "ciphers", "exclude",
+and "protocols" attributes (Postfix &ge; 2.6) override the
+"<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and
+"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" configuration parameters. The optional
+"connection_reuse" attribute (Postfix &ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
+<dd>Secure-channel TLS. At this security level, DNS
+MX lookups, though potentially used to determine the candidate next-hop
+gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS
+peername verification. Instead, the default name verified in the server
+certificate is obtained directly from the next-hop, or is explicitly
+specified via the optional "match" attribute which overrides the
+<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In the policy table,
+multiple match patterns and strategies must be separated by colons.
+The match attribute is most useful when multiple domains are supported by
+a common server: the policy entries for additional domains specify matching
+rules for the primary domain certificate. While transport table overrides
+that route the secondary domains to the primary nexthop also allow secure
+verification, they risk delivery to the wrong destination when domains
+change hands or are re-assigned to new gateways. With the "match"
+attribute approach, routing is not perturbed, and mail is deferred if
+verification of a new MX host fails. The optional "ciphers", "exclude",
+and "protocols" attributes (Postfix &ge; 2.6) override the
+"<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>", "<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>", and
+"<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>" configuration parameters. The optional
+"connection_reuse" attribute (Postfix &ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter. </dd>
+
+</dl>
+
+<p>
+Example:
+</p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/tls_policy
+ # Postfix 2.5 and later.
+ #
+ # The default digest is sha256 with Postfix &ge; 3.6 and
+ # compatibility level &ge; 3.
+ #
+ <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> = sha256
+</pre>
+
+<pre>
+/etc/postfix/tls_policy:
+ example.edu none
+ example.mil may
+ example.gov encrypt protocols=TLSv1
+ example.com verify ciphers=high
+ example.net secure
+ .example.net secure match=.example.net:example.net
+ [mail.example.org]:587 secure match=nexthop
+ # Postfix 2.5 and later
+ [thumb.example.org] fingerprint
+ match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f
+ match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76
+</pre>
+
+<p> <b>Note:</b> The "hostname" strategy if listed in a non-default
+setting of <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> or in the "match" attribute
+in the policy table can render the "secure" level vulnerable to
+DNS forgery. Do not use the "hostname" strategy for secure-channel
+configurations in environments where DNS security is not assured. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a>
+(default: see postconf -d output)</b></DT><DD>
+
+<p> TLS protocols that the Postfix SMTP client will use with
+opportunistic TLS encryption. In <a href="postconf.5.html">main.cf</a> the values are separated by
+whitespace, commas or colons. In the policy table "protocols" attribute
+(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An empty
+value means allow all protocols. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: "&gt;=<i>version</i>" where
+<i>version</i> is either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "&lt;=<i>version</i>". There must be no whitespace between
+the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix &ge; 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1, &lt;=0305
+# Allow only TLS 1.0 and up:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=0x0301
+</pre>
+</blockquote>
+
+<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
+
+<p> When using the exclusion syntax, take care to ensure that the range of
+protocols advertised by an SSL/TLS client is contiguous. When a protocol
+version is enabled, disabling any higher version implicitly disables all
+versions above that higher version. Thus, for example:
+</p>
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3, !TLSv1.1
+</pre>
+</blockquote>
+<p> also disables any protocols version higher than TLSv1.1 leaving
+only "TLSv1" enabled. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> Example: </p>
+<pre>
+# Preferred syntax with Postfix &ge; 3.6:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1, &lt;=TLSv1.3
+# Legacy syntax:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
+(default: 9)</b></DT><DD>
+
+<p> The verification depth for remote SMTP server certificates. A depth
+of 1 is sufficient if the issuing CA is listed in a local CA file. </p>
+
+<p> The default verification depth is 9 (the OpenSSL default) for
+compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
+the default value was 5, but the limit was not actually enforced. If
+you have set this to a lower non-default value, certificates with longer
+trust chains may now fail to verify. Certificate chains with 1 or 2
+CAs are common, deeper chains are more rare and any number between 5
+and 9 should suffice in practice. You can choose a lower number if,
+for example, you trust certificates directly signed by an issuing CA
+but not any CAs it delegates to. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
+(default: nexthop, dot-nexthop)</b></DT><DD>
+
+<p> How the Postfix SMTP client verifies the server certificate
+peername for the "secure" TLS security level. In a "secure" TLS policy table
+($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute
+overrides this <a href="postconf.5.html">main.cf</a> setting. </p>
+
+<p> This parameter specifies one or more patterns or strategies separated
+by commas, whitespace or colons. In the policy table the only valid
+separator is the colon character. </p>
+
+<p> For a description of the pattern and strategy syntax see the
+<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter. The "hostname" strategy should
+be avoided in this context, as in the absence of a secure global DNS, using
+the results of MX lookups in certificate verification is not immune to active
+(man-in-the-middle) attacks on DNS. </p>
+
+<p>
+Sample <a href="postconf.5.html">main.cf</a> setting:
+</p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop
+</pre>
+</blockquote>
+
+<p>
+Sample policy table override:
+</p>
+
+<blockquote>
+<pre>
+example.net secure match=example.com:.example.com
+.example.net secure match=example.com:.example.com
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a>
+(default: empty)</b></DT><DD>
+
+<p> The default SMTP TLS security level for the Postfix SMTP client.
+When a non-empty value is specified, this overrides the obsolete
+parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>;
+when no value is specified for <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> or the obsolete
+parameters, the default SMTP TLS security level is
+<a href="TLS_README.html#client_tls_none">none</a>. </p>
+
+<p> Specify one of the following security levels: </p>
+
+<dl>
+
+<dt><b><a href="TLS_README.html#client_tls_none">none</a></b></dt>
+<dd> No TLS. TLS will not be used unless enabled for specific
+destinations via <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt>
+<dd> Opportunistic TLS. Use TLS if this is supported by the remote
+SMTP server, otherwise use plaintext. Since
+sending in the clear is acceptable, demanding stronger than default TLS
+security merely reduces interoperability.
+The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix &ge; 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS. With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
+When TLS handshakes fail, the connection is retried with TLS disabled.
+This allows mail delivery to sites with non-interoperable TLS
+implementations. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt>
+<dd>Mandatory TLS encryption. Since a minimum
+level of security is intended, it is reasonable to be specific about
+sufficiently secure protocol versions and ciphers. At this security level
+and higher, the <a href="postconf.5.html">main.cf</a> parameters <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> and
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> specify the TLS protocols and minimum
+cipher grade which the administrator considers secure enough for
+mandatory encrypted sessions. This security level is not an appropriate
+default for systems delivering mail to the Internet. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt>
+<dd>Opportunistic DANE TLS. At this security level, the TLS policy
+for the destination is obtained via DNSSEC. For TLSA policy to be
+in effect, the destination domain's containing DNS zone must be
+signed and the Postfix SMTP client's operating system must be
+configured to send its DNS queries to a recursive DNS nameserver
+that is able to validate the signed records. Each MX host's DNS
+zone should also be signed, and should publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>)
+records that specify how that MX host's TLS certificate is to be
+verified. TLSA records do not preempt the normal SMTP MX host
+selection algorithm, if some MX hosts support TLSA and others do
+not, TLS security will vary from delivery to delivery. It is up
+to the domain owner to configure their MX hosts and their DNS
+sensibly. To configure the Postfix SMTP client for DNSSEC lookups
+see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> <a href="postconf.5.html">main.cf</a>
+parameter. When DNSSEC-validated TLSA records are not found the
+effective tls security level is "may". When TLSA records are found,
+but are all unusable the effective security level is "encrypt". For
+purposes of protocol and cipher selection, the "dane" security level
+is treated like a "mandatory" TLS security level, and weak ciphers
+and protocols are disabled. Since DANE authenticates server
+certificates the "aNULL" cipher-suites are transparently excluded
+at this level, no need to configure this manually. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
+TLS authentication is available with Postfix 2.11 and later. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
+<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE
+TLSA authentication is required. There is no fallback to "may" or
+"encrypt" when TLSA records are missing or unusable. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>
+(DANE) TLS authentication is available with Postfix 2.11 and later.
+</dd>
+
+<dt><b><a href="TLS_README.html#client_tls_fprint">fingerprint</a></b></dt>
+<dd>Certificate fingerprint verification.
+At this security level, there are no trusted Certification Authorities.
+The certificate trust chain, expiration date, etc., are
+not checked. Instead, the <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a></b>
+parameter lists the certificate fingerprint or public key fingerprint
+(Postfix 2.9 and later) of the valid server certificate. The digest
+algorithm used to calculate the fingerprint is selected by the
+<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b> parameter. Available with Postfix
+2.5 and later. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt>
+<dd>Mandatory TLS verification. At this security
+level, DNS MX lookups are trusted to be secure enough, and the name
+verified in the server certificate is usually obtained indirectly
+via unauthenticated DNS MX lookups. The <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
+parameter controls how the server name is verified. In practice explicit
+control over matching is more common at the "secure" level, described
+below. This security level is not an appropriate default for systems
+delivering mail to the Internet. </dd>
+
+<dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt>
+<dd>Secure-channel TLS. At this security level,
+DNS MX lookups, though potentially used to determine the candidate
+next-hop gateway IP addresses, are <b>not</b> trusted to be secure enough
+for TLS peername verification. Instead, the default name verified in
+the server certificate is obtained from the next-hop domain as specified
+in the <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> configuration parameter. The default
+matching rule is that a server certificate matches when its name is equal
+to or is a sub-domain of the nexthop domain. This security level is not
+an appropriate default for systems delivering mail to the Internet. </dd>
+
+</dl>
+
+<p>
+Examples:
+</p>
+
+<pre>
+# No TLS. Formerly: <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>=no and <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>=no.
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none
+</pre>
+
+<pre>
+# Opportunistic TLS.
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade).
+<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = medium
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = &gt;=TLSv1
+# Legacy (Postfix &lt; 3.6) syntax:
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3
+</pre>
+
+<pre>
+# Mandatory (high-grade) TLS encryption.
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
+</pre>
+
+<pre>
+# Authenticated TLS 1.2 or better matching the nexthop domain or a
+# subdomain.
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
+<a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> = nexthop, dot-nexthop
+</pre>
+
+<pre>
+# Certificate fingerprint verification (Postfix &ge; 2.5).
+# The CA-less "fingerprint" security level only scales to a limited
+# number of destinations. As a global default rather than a per-site
+# setting, this is practical only when mail for all recipients is sent
+# to a central mail hub.
+<a href="postconf.5.html#relayhost">relayhost</a> = [mailhub.example.com]
+<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = fingerprint
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = &gt;=TLSv1.2
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> = high
+<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> =
+ 3D:95:34:51:...:40:99:C0:C1
+ EC:3B:2D:B0:...:A3:9D:72:F6
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_servername">smtp_tls_servername</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension. The SNI extension is always on when
+DANE is used to authenticate the server, and in that case the SNI name
+sent is the one required by <a href="https://tools.ietf.org/html/rfc7672">RFC7672</a> and this parameter is ignored. </p>
+
+<p> Some SMTP servers use the received SNI name to select an appropriate
+certificate chain to present to the client. While this may improve
+interoperability with such servers, it may reduce interoperability with
+other servers that choose to abort the connection when they don't have a
+certificate chain configured for the requested name. Such servers
+should select a default certificate chain and continue the handshake,
+but some may not. Therefore, absent DANE, no SNI name is sent by
+default. </p>
+
+<p> The SNI name must be either a valid DNS hostname, or else one of the
+special values <b>hostname</b> or <b>nexthop</b>, which select either the
+remote hostname or the nexthop domain respectively. DNS names for SNI must be
+in A-label (punycode) form. Invalid DNS names log a configuration error
+warning and mail delivery is deferred. </p>
+
+<p> Except when using a <a href="postconf.5.html#relayhost">relayhost</a> to forward all email, the only
+sensible non-empty <a href="postconf.5.html">main.cf</a> setting for this parameter is
+<b>hostname</b>. Other non-empty values are only practical on a
+per-destination basis via the <b>servername</b> attribute of the Postfix
+TLS <a href="TLS_README.html#client_tls_policy">policy table</a>. When
+in doubt, leave this parameter empty, and configure per-destination SNI
+as needed. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+(default: empty)</b></DT><DD>
+
+<p> Name of the file containing the optional Postfix SMTP client
+TLS session cache. Specify a database type that supports enumeration,
+such as <b>btree</b> or <b>sdbm</b>; there is no need to support
+concurrent access. The file is created if it does not exist. The <a href="smtp.8.html">smtp(8)</a>
+daemon does not use this parameter directly, rather the cache is
+implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that
+per-smtp-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not effective.
+Note that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon:
+$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to
+be stored separately. It is not at this time possible to store multiple
+caches in a single database. </p>
+
+<p> Note: <b>dbm</b> databases are not suitable. TLS
+session objects are too large. </p>
+
+<p> As of version 2.5, Postfix no longer uses root privileges when
+opening this file. The file should now be stored under the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
+under a non-Postfix directory is redirected to the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtp_scache
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
+(default: 3600s)</b></DT><DD>
+
+<p> The expiration time of Postfix SMTP client TLS session cache
+information. A cache cleanup is performed periodically
+every $<a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> seconds. As with
+$<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>, this parameter is implemented in the
+<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtp-instance <a href="master.5.html">master.cf</a> overrides
+are not possible. </p>
+
+<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
+&le; 0, session caching is disabled. If set to a positive value
+less than 2 minutes, the minimum value of 2 minutes is used instead. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a>
+(default: empty)</b></DT><DD>
+
+<p> Zero or more PEM-format files with trust-anchor certificates
+and/or public keys. If the parameter is not empty the root CAs in
+CAfile and CApath are no longer trusted. Rather, the Postfix SMTP
+client will only trust certificate-chains signed by one of the
+trust-anchors contained in the chosen files. The specified
+trust-anchor certificates and public keys are not subject to
+expiration, and need not be (self-signed) root CAs. They may, if
+desired, be intermediate certificates. Therefore, these certificates
+also may be found "in the middle" of the trust chain presented by
+the remote SMTP server, and any untrusted issuing parent certificates
+will be ignored. Specify a list of pathnames separated by comma
+or whitespace. </p>
+
+<p> Whether specified in <a href="postconf.5.html">main.cf</a>, or on a per-destination basis,
+the trust-anchor PEM file must be accessible to the Postfix SMTP
+client in the chroot jail if applicable. The trust-anchor file
+should contain only certificates and public keys, no private key
+material, and must be readable by the non-privileged $<a href="postconf.5.html#mail_owner">mail_owner</a>
+user. This allows destinations to be bound to a set of specific
+CAs or public keys without trusting the same CAs for all destinations.
+</p>
+
+<p> The <a href="postconf.5.html">main.cf</a> parameter supports single-purpose Postfix installations
+that send mail to a fixed set of SMTP peers. At most sites, if
+trust-anchor files are used at all, they will be specified on a
+per-destination basis via the "tafile" attribute of the "verify"
+and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p>
+
+<p> The underlying mechanism is in support of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE TLSA),
+which defines mechanisms for an SMTP client MTA to securely determine
+server TLS certificates via DNS. </p>
+
+<p> If you want your trust anchors to be public keys, with OpenSSL
+you can extract a single PEM public key from a PEM X.509 file
+containing a single certificate, as follows: </p>
+
+<blockquote>
+<pre>
+$ openssl x509 -in cert.pem -out ta-key.pem -noout -pubkey
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a>
+(default: hostname)</b></DT><DD>
+
+<p> How the Postfix SMTP client verifies the server certificate
+peername for the
+"verify" TLS security level. In a "verify" TLS policy table
+($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) entry the optional "match" attribute
+overrides this <a href="postconf.5.html">main.cf</a> setting. </p>
+
+<p> This parameter specifies one or more patterns or strategies separated
+by commas, whitespace or colons. In the policy table the only valid
+separator is the colon character. </p>
+
+<p> Patterns specify domain names, or domain name suffixes: </p>
+
+<dl>
+
+<dt><i>example.com</i></dt> <dd> Match the <i>example.com</i> domain,
+i.e. one of the names in the server certificate must be <i>example.com</i>.
+Upper and lower case distinctions are ignored. </dd>
+
+<dt><i>.example.com</i></dt>
+<dd> Match subdomains of the <i>example.com</i> domain, i.e. match
+a name in the server certificate that consists of a non-zero number of
+labels followed by a <i>.example.com</i> suffix. Case distinctions are
+ignored.</dd>
+
+</dl>
+
+<p> Strategies specify a transformation from the next-hop domain
+to the expected name in the server certificate: </p>
+
+<dl>
+
+<dt>nexthop</dt>
+<dd> Match against the next-hop domain, which is either the recipient
+domain, or the transport next-hop configured for the domain stripped of
+any optional socket type prefix, enclosing square brackets and trailing
+port. When MX lookups are not suppressed, this is the original nexthop
+domain prior to the MX lookup, not the result of the MX lookup. For
+LMTP delivery via UNIX-domain sockets, the verified next-hop name is
+$<a href="postconf.5.html#myhostname">myhostname</a>. This strategy is suitable for use with the "secure"
+policy. Case is ignored.</dd>
+
+<dt>dot-nexthop</dt>
+<dd> As above, but match server certificate names that are subdomains
+of the next-hop domain. Case is ignored.</dd>
+
+<dt>hostname</dt> <dd> Match against the hostname of the server, often
+obtained via an unauthenticated DNS MX lookup. For LMTP delivery via
+UNIX-domain sockets, the verified name is $<a href="postconf.5.html#myhostname">myhostname</a>. This matches
+the verification strategy of the "MUST" keyword in the obsolete
+<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, and is suitable for use with the "verify"
+security level. When the next-hop name is enclosed in square brackets
+to suppress MX lookups, the "hostname" strategy is the same as the
+"nexthop" strategy. Case is ignored.</dd>
+
+</dl>
+
+<p>
+Sample <a href="postconf.5.html">main.cf</a> setting:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> = hostname, nexthop, dot-nexthop
+</pre>
+
+<p>
+Sample policy table override:
+</p>
+
+<pre>
+example.com verify match=hostname:nexthop
+.example.com verify match=example.com:.example.com:hostname
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_tls_wrappermode">smtp_tls_wrappermode</a>
+(default: no)</b></DT><DD>
+
+<p> Request that the Postfix SMTP client connects using the
+SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. </p>
+
+<p> This mode requires "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt" or
+stronger. </p>
+
+<p> Example: deliver all remote mail via a provider's server
+"mail.example.com". </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Client-side SMTPS requires "encrypt" or stronger.
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt
+ <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes
+ # The [] suppress MX lookups.
+ <a href="postconf.5.html#relayhost">relayhost</a> = [mail.example.com]:465
+</pre>
+
+<p> More examples are in <a href="TLS_README.html">TLS_README</a>, including examples for older
+Postfix versions. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_use_tls">smtp_use_tls</a>
+(default: no)</b></DT><DD>
+
+<p> Opportunistic mode: use TLS when a remote SMTP server announces
+STARTTLS support, otherwise send the mail in the clear. Beware:
+some SMTP servers offer STARTTLS even if it is not configured. With
+Postfix &lt; 2.3, if the TLS handshake fails, and no other server is
+available, delivery is deferred and mail stays in the queue. If this
+is a concern for you, use the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> feature instead. </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtp_xforward_timeout">smtp_xforward_timeout</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The Postfix SMTP client time limit for sending the XFORWARD command,
+and for receiving the remote SMTP server response.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a>
+(default: $<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b></DT><DD>
+
+<p> What remote SMTP clients are allowed to specify the XVERP command.
+This command requests that mail be delivered one recipient at a
+time with a per recipient return address. </p>
+
+<p> By default, no clients are allowed to specify XVERP. </p>
+
+<p> This parameter was renamed with Postfix version 2.1. The default value
+is backwards compatible with Postfix version 2.0. </p>
+
+<p> Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
+pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>
+(default: empty)</b></DT><DD>
+
+<p>
+What remote SMTP clients are allowed to use the XCLIENT feature. This
+command overrides remote SMTP client information that is used for access
+control. Typical use is for SMTP-based content filters, fetchmail-like
+programs, or SMTP server access rule testing. See the <a href="XCLIENT_README.html">XCLIENT_README</a>
+document for details.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+<p>
+By default, no clients are allowed to specify XCLIENT.
+</p>
+
+<p>
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
+pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a>
+(default: empty)</b></DT><DD>
+
+<p>
+What remote SMTP clients are allowed to use the XFORWARD feature. This
+command forwards information that is used to improve logging after
+SMTP-based content filters. See the <a href="XFORWARD_README.html">XFORWARD_README</a> document for
+details.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+<p>
+By default, no clients are allowed to specify XFORWARD.
+</p>
+
+<p>
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify hostnames or
+.domain names (the initial dot causes the domain to match any name
+below it), "/file/name" or "<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name"
+pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table
+is matched when a table entry matches a lookup string (the lookup
+result is ignored). Continue long lines by starting the next line
+with whitespace. Specify "!pattern" to exclude an address or network
+block from the list. The form "!/file/name" is supported only in
+Postfix version 2.4 and later. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_banner">smtpd_banner</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b></DT><DD>
+
+<p>
+The text that follows the 220 status code in the SMTP greeting
+banner. Some people like to see the mail version advertised. By
+default, Postfix shows no version.
+</p>
+
+<p>
+You MUST specify $<a href="postconf.5.html#myhostname">myhostname</a> at the start of the text. This is
+required by the SMTP protocol.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_banner">smtpd_banner</a> = $<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a> ($<a href="postconf.5.html#mail_version">mail_version</a>)
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands. The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, there is no limit on the number of AUTH commands that a
+client may send.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>
+(default: 50)</b></DT><DD>
+
+<p>
+How many simultaneous connections any client is allowed to
+make to this service. By default, the limit is set to half
+the default process limit value.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of connection attempts any client is allowed to
+make to this service per time unit. The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, a client can make as many connections per time unit as
+Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> = 1000
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
+(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
+
+<p>
+Clients that are excluded from smtpd_client_*_count/rate_limit
+restrictions. See the <a href="postconf.5.html#mynetworks">mynetworks</a> parameter
+description for the parameter value syntax.
+</p>
+
+<p>
+By default, clients in trusted networks are excluded. Specify a
+list of network blocks, hostnames or .domain names (the initial
+dot causes the domain to match any name below it).
+</p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and
+in files specified with "/file/name". IP version 6 addresses
+contain the ":" character, and would otherwise be confused with a
+"<a href="DATABASE_README.html">type:table</a>" pattern. </p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>" in the
+<a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> parameter value (Postfix 3.0 and
+later). </p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_ipv4_prefix_length">smtpd_client_ipv4_prefix_length</a>
+(default: 32)</b></DT><DD>
+
+<p> Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv4 network blocks with the specified network prefix. Aggregation
+uses fewer <a href="anvil.8.html">anvil(8)</a> resources to maintain counters. By default,
+aggregation is disabled for IPv4. </p>
+
+<p> This feature is available in Postfix 3.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_ipv6_prefix_length">smtpd_client_ipv6_prefix_length</a>
+(default: 84)</b></DT><DD>
+
+<p> Aggregate smtpd_client_*_count and smtpd_client_*_rate statistics
+by IPv6 network blocks with the specified network prefix. Aggregation
+uses fewer the <a href="anvil.8.html">anvil(8)</a> resources to maintain counters. By default,
+aggregation is enabled for IPv6. </p>
+
+<p> This feature is available in Postfix 3.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of message delivery requests that any client is
+allowed to make to this service per time unit, regardless of whether
+or not Postfix actually accepts those messages. The time unit is
+specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, a client can send as many message delivery requests
+per time unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> = 1000
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of new (i.e., uncached) TLS sessions that a
+remote SMTP client is allowed to negotiate with this service per
+time unit. The time unit is specified with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+configuration parameter.
+</p>
+
+<p>
+By default, a remote SMTP client can negotiate as many new TLS
+sessions per time unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0. Otherwise, specify
+a limit that is at least the per-client concurrent session limit,
+or else legitimate client sessions may be rejected.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> = 100
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_port_logging">smtpd_client_port_logging</a>
+(default: no)</b></DT><DD>
+
+<p> Enable logging of the remote SMTP client port in addition to
+the hostname and IP address. The logging format is "host[address]:port".
+</p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of recipient addresses that any client is allowed
+to send to this service per time unit, regardless of whether or not
+Postfix actually accepts those recipients. The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, a client can send as many recipient addresses per time
+unit as Postfix can accept.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> = 1000
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_client_restrictions">smtpd_client_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client connection request.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p>
+The default is to allow all connection requests.
+</p>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are specific to client hostname or
+client network address information.
+</p>
+
+<dl>
+
+<dt><b><a name="check_ccert_access">check_ccert_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd> By default use the remote SMTP client certificate fingerprint
+or the public key
+fingerprint (Postfix 2.9 and later) as the lookup key for the specified
+<a href="access.5.html">access(5)</a> database; with Postfix version 2.2, also require that the
+remote SMTP client certificate is verified successfully.
+The fingerprint digest algorithm is configurable via the
+<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
+Postfix version 2.5). This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>
+= yes" and is available with Postfix version
+2.2 and later. </dd>
+
+<dd> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. The best-practice
+algorithm is now <b>sha256</b>. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe. </dd>
+
+<dd> Alternatively, <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> accepts an explicit search
+order (Postfix 3.5 and later). The default search order as described
+above corresponds with: </dd>
+
+<dd> <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> { <a href="DATABASE_README.html">type:table</a>, { search_order = cert_fingerprint,
+pubkey_fingerprint } } </dd>
+
+<dd> The commas are optional. </dd>
+
+<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access database for the client hostname,
+parent domains, client IP address, or networks obtained by stripping
+least significant octets. See the <a href="access.5.html">access(5)</a> manual page for details. </dd>
+
+<dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the
+client hostname, and execute the corresponding action. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from denylists. This feature is available
+in Postfix 3.0 and later. </dd>
+
+<dt><b><a name="check_client_mx_access">check_client_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
+client hostname, and execute the corresponding action. If no MX
+record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note: a result
+of "OK" is not allowed for safety reasons. Instead, use DUNNO in order
+to exclude specific hosts from denylists. This feature is available
+in Postfix 2.7 and later. </dd>
+
+<dt><b><a name="check_client_ns_access">check_client_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for
+the client hostname, and execute the corresponding action. Note: a
+result of "OK" is not allowed for safety reasons. Instead, use DUNNO
+in order to exclude specific hosts from denylists. This feature is
+available in Postfix 2.7 and later. </dd>
+
+<dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access database for the unverified reverse
+client hostname, parent domains, client IP address, or networks
+obtained by stripping least significant octets. See the <a href="access.5.html">access(5)</a>
+manual page for details. Note: a result of "OK" is not allowed for
+safety reasons. Instead, use DUNNO in order to exclude specific
+hosts from denylists. This feature is available in Postfix 2.6
+and later.</dd>
+
+<dt><b><a name="check_reverse_client_hostname_a_access">check_reverse_client_hostname_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for the
+unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 3.0 and later. </dd>
+
+<dt><b><a name="check_reverse_client_hostname_mx_access">check_reverse_client_hostname_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for the
+unverified reverse client hostname, and execute the corresponding
+action. If no MX record is found, look up A or AAAA records, just
+like the Postfix SMTP client would.
+Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 2.7 and later. </dd>
+
+<dt><b><a name="check_reverse_client_hostname_ns_access">check_reverse_client_hostname_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers for
+the unverified reverse client hostname, and execute the corresponding
+action. Note: a result of "OK" is not allowed for safety reasons.
+Instead, use DUNNO in order to exclude specific hosts from denylists.
+This feature is available in Postfix 2.7 and later. </dd>
+
+<dt><b><a name="check_sasl_access">check_sasl_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd> Use the remote SMTP client SASL user name as the lookup key for
+the specified <a href="access.5.html">access(5)</a> database. The lookup key has the form
+"username@domainname" when the <a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> parameter
+value is non-empty. Unlike the <a href="postconf.5.html#check_client_access">check_client_access</a> feature,
+<a href="postconf.5.html#check_sasl_access">check_sasl_access</a> does not perform matches of parent domains or IP
+subnet ranges. This feature is available with Postfix version 2.11
+and later. </dd>
+
+<dt><b><a name="permit_inet_interfaces">permit_inet_interfaces</a></b></dt>
+
+<dd>Permit the request when the client IP address matches
+$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>. </dd>
+
+<dt><b><a name="permit_mynetworks">permit_mynetworks</a></b></dt>
+
+<dd>Permit the request when the client IP address matches any
+network or network address listed in $<a href="postconf.5.html#mynetworks">mynetworks</a>. </dd>
+
+<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
+
+<dd> Permit the request when the client is successfully
+authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
+
+<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
+
+<dd> Permit the request when the remote SMTP client certificate is
+verified successfully. This option must be used only if a special
+CA issues the certificates and only this CA is listed as a trusted
+CA. Otherwise, clients with a third-party certificate would also
+be allowed to relay. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" when the
+trusted CA is specified with <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> or <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>,
+to prevent Postfix from appending the system-supplied default CAs.
+This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes" and is available
+with Postfix version 2.2 and later.</dd>
+
+<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
+
+<dd>Permit the request when the remote SMTP client certificate
+fingerprint or public key fingerprint (Postfix 2.9 and later) is
+listed in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>.
+The fingerprint digest algorithm is configurable via the
+<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> parameter (hard-coded as md5 prior to
+Postfix version 2.5). This feature requires "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>
+= yes" and is available with Postfix version 2.2 and later.</dd>
+
+<dd> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. The best-practice
+algorithm is now <b>sha256</b>. Recent advances in hash function
+cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image"
+attacks against the older algorithms, their use in this context, though
+not recommended, is still likely safe. </dd>
+
+<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the reversed client network address is
+listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
+(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
+or a pattern inside "[]" that contains one or more ";"-separated
+numbers or number..number ranges (Postfix version 2.8 and later).
+If no "<i>=d.d.d.d</i>" is specified, reject the request when the
+reversed client network address is listed with any A record under
+<i>rbl_domain</i>. <br>
+The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for
+rejected requests (default: 554), the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter
+specifies the default server reply, and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter
+specifies tables with server replies indexed by <i>rbl_domain</i>.
+This feature is available in Postfix 2.0 and later. </dd>
+
+<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Accept the request when the reversed client network address is
+listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>.
+Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
+one or more ";"-separated numbers or number..number ranges.
+If no "<i>=d.d.d.d</i>" is specified, accept the request when the
+reversed client network address is listed with any A record under
+<i>dnswl_domain</i>. <br> For safety, <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a> is silently
+ignored when it would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The
+result is DEFER_IF_REJECT when allowlist lookup fails. This feature
+is available in Postfix 2.8 and later. </dd>
+
+<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the client hostname is listed with the
+A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
+2.1 and later only). Each "<i>d</i>" is a number, or a pattern
+inside "[]" that contains one or more ";"-separated numbers or
+number..number ranges (Postfix version 2.8 and later). If no
+"<i>=d.d.d.d</i>" is specified, reject the request when the client
+hostname is listed with
+any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>
+description above for additional RBL related configuration parameters.
+This feature is available in Postfix 2.0 and later; with Postfix
+version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually
+produce better results. </dd>
+
+<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Accept the request when the client hostname is listed with the
+A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>"
+is a number, or a pattern inside "[]" that contains one or more
+";"-separated numbers or number..number ranges. If no
+"<i>=d.d.d.d</i>" is specified, accept the request when the client
+hostname is listed with any A record under <i>rhswl_domain</i>.
+<br> Caution: client name allowlisting is fragile, since the client
+name lookup can fail due to temporary outages. Client name
+allowlisting should be used only to reduce false positives in e.g.
+DNS-based blocklists, and not for making access rule exceptions.
+<br> For safety, <a href="postconf.5.html#permit_rhswl_client">permit_rhswl_client</a> is silently ignored when it
+would override <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>. The result is DEFER_IF_REJECT
+when allowlist lookup fails. This feature is available in Postfix
+2.8 and later. </dd>
+
+<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the unverified reverse client hostname
+is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
+Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
+one or more ";"-separated numbers or number..number ranges.
+If no "<i>=d.d.d.d</i>" is specified, reject the request when the
+unverified reverse client hostname is listed with any A record under
+<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for
+additional RBL related configuration parameters. This feature is
+available in Postfix 2.8 and later. </dd>
+
+<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_client)</dt>
+
+<dd>Reject the request when 1) the client IP address-&gt;name mapping
+fails, or 2) the name-&gt;address mapping fails, or 3) the name-&gt;address
+mapping does not match the client IP address. <br> This is a
+stronger restriction than the <a href="postconf.5.html#reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a>
+feature, which triggers only under condition 1) above. <br> The
+<a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response code
+for rejected requests (default: 450). The reply is always 450 in
+case the address-&gt;name or name-&gt;address lookup failed due to
+a temporary problem. </dd>
+
+<dt><b><a name="reject_unknown_reverse_client_hostname">reject_unknown_reverse_client_hostname</a></b></dt>
+
+<dd>Reject the request when the client IP address has no address-&gt;name
+mapping. <br> This is a weaker restriction than the
+<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> feature, which requires not only
+that the address-&gt;name and name-&gt;address mappings exist, but
+also that the two mappings reproduce the client IP address. <br>
+The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response
+code for rejected requests (default: 450). The reply is always 450
+in case the address-&gt;name lookup failed due to a temporary
+problem. <br> This feature is available in Postfix 2.3 and
+later. </dd>
+
+</dl>
+
+<p>
+In addition, you can use any of the following <a name="generic">
+generic</a> restrictions. These restrictions are applicable in
+any SMTP command context.
+</p>
+
+<dl>
+
+<dt><b><a name="check_policy_service">check_policy_service <i>servername</i></a></b></dt>
+
+<dd>Query the specified policy server. See the <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>
+document for details. This feature is available in Postfix 2.1
+and later. </dd>
+
+<dt><b><a name="defer">defer</a></b></dt>
+
+<dd>Defer the request. The client is told to try again later. This
+restriction is useful at the end of a restriction list, to make
+the default policy explicit. <br> The <a href="postconf.5.html#defer_code">defer_code</a> parameter specifies
+the SMTP server reply code (default: 450).</dd>
+
+<dt><b><a name="defer_if_permit">defer_if_permit</a></b></dt>
+
+<dd>Defer the request if some later restriction would result in an
+explicit or implicit PERMIT action. This is useful when a denylisting
+feature fails due to a temporary problem. This feature is available
+in Postfix version 2.1 and later. </dd>
+
+<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>
+
+<dd>Defer the request if some later restriction would result in a
+REJECT action. This is useful when an allowlisting feature fails
+due to a temporary problem. This feature is available in Postfix
+version 2.1 and later. </dd>
+
+<dt><b><a name="permit">permit</a></b></dt>
+
+<dd>Permit the request. This restriction is useful at the end of
+a restriction list, to make the default policy explicit.</dd>
+
+<dt><b><a name="reject_multi_recipient_bounce">reject_multi_recipient_bounce</a></b></dt>
+
+<dd>Reject the request when the envelope sender is the null address,
+and the message has multiple envelope recipients. This usage has
+rare but legitimate applications: under certain conditions,
+multi-recipient mail that was posted with the DSN option NOTIFY=NEVER
+may be forwarded with the null sender address.
+<br> Note: this restriction can only work reliably
+when used in <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> or
+<a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>, because the total number of
+recipients is not known at an earlier stage of the SMTP conversation.
+Use at the RCPT stage will only reject the second etc. recipient.
+<br>
+The <a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> parameter specifies the
+response code for rejected requests (default: 550). This feature
+is available in Postfix 2.1 and later. </dd>
+
+<dt><b><a name="reject_plaintext_session">reject_plaintext_session</a></b></dt>
+
+<dd>Reject the request when the connection is not encrypted. This
+restriction should not be used before the client has had a chance
+to negotiate encryption with the AUTH or STARTTLS commands.
+<br>
+The <a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> parameter specifies the response
+code for rejected requests (default: 450). This feature is available
+in Postfix 2.3 and later. </dd>
+
+<dt><b><a name="reject_unauth_pipelining">reject_unauth_pipelining</a></b></dt>
+
+<dd>Reject the request when the client sends SMTP commands ahead
+of time where it is not allowed, or when the client sends SMTP
+commands ahead of time without knowing that Postfix actually supports
+ESMTP command pipelining. This stops mail from bulk mail software
+that improperly uses ESMTP command pipelining in order to speed up
+deliveries.
+<br> With Postfix 2.6 and later, the SMTP server sets a per-session
+flag whenever it detects illegal pipelining, including pipelined
+HELO or EHLO commands. The <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> feature simply
+tests whether the flag was set at any point in time during the
+session.
+<br> With older Postfix versions, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a> checks
+the current status of the input read queue, and its usage is not
+recommended in contexts other than <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a>. </dd>
+
+<dt><b><a name="reject">reject</a></b></dt>
+
+<dd>Reject the request. This restriction is useful at the end of
+a restriction list, to make the default policy explicit. The
+<a href="postconf.5.html#reject_code">reject_code</a> configuration parameter specifies the response code for
+rejected requests (default: 554).</dd>
+
+<dt><b><a name="sleep">sleep <i>seconds</i></a></b></dt>
+
+<dd>Pause for the specified number of seconds and proceed with
+the next restriction in the list, if any. This may stop zombie
+mail when used as:
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
+ sleep 1, <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
+ <a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = no
+</pre>
+This feature is available in Postfix 2.3. </dd>
+
+<dt><b><a name="warn_if_reject">warn_if_reject</a></b></dt>
+
+<dd> A safety net for testing. When "<a href="postconf.5.html#warn_if_reject">warn_if_reject</a>" is placed
+before a reject-type restriction, access table query, or
+<a href="postconf.5.html#check_policy_service">check_policy_service</a> query, this logs a "reject_warning" message
+instead of rejecting a request (when a reject-type restriction fails
+due to a temporary error, this logs a "reject_warning" message for
+any implicit "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" actions that would normally prevent
+mail from being accepted by some later access restriction). This
+feature has no effect on <a href="postconf.5.html#defer_if_reject">defer_if_reject</a> restrictions. </dd>
+
+</dl>
+
+<p>
+Other restrictions that are valid in this context:
+</p>
+
+<ul>
+
+<li> SMTP command specific restrictions that are described under
+the <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>, <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameters. When helo, sender or
+recipient restrictions are listed under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>,
+they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that
+$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> is evaluated at the time of the RCPT TO
+command.
+
+</ul>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_command_filter">smtpd_command_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> A mechanism to transform commands from remote SMTP clients.
+This is a last-resort tool to work around client commands that break
+interoperability with the Postfix SMTP server. Other uses involve
+fault injection to test Postfix's handling of invalid commands.
+</p>
+
+<p> Specify the name of a "<a href="DATABASE_README.html">type:table</a>" lookup table. The search
+string is the SMTP command as received from the remote SMTP client,
+except that initial whitespace and the trailing &lt;CR&gt;&lt;LF&gt;
+are removed. The result value is executed by the Postfix SMTP
+server. </p>
+
+<p> There is no need to use <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> for the following
+cases: </p>
+
+<ul>
+
+<li> <p> Use "<a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> = yes" to accept
+"<i>user@ipaddress</i>". </p>
+
+<li> <p> Postfix already accepts the correct form
+"<i>user@[ipaddress]</i>". Use <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> or <a href="postconf.5.html#canonical_maps">canonical_maps</a>
+to translate these into domain names if necessary. </p>
+
+<li> <p> Use "<a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> = no" to accept "RCPT TO:&lt;<i>User
+Name &lt;user@example.com&gt;&gt;</i>". Postfix will ignore the "<i>User
+Name</i>" part and deliver to the <i>&lt;user@example.com&gt;</i> address.
+</p>
+
+</ul>
+
+<p> Examples of problems that can be solved with the <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>
+feature: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/command_filter
+</pre>
+
+<pre>
+/etc/postfix/command_filter:
+ # Work around clients that send malformed HELO commands.
+ /^HELO\s*$/ HELO domain.invalid
+</pre>
+
+<pre>
+ # Work around clients that send empty lines.
+ /^\s*$/ NOOP
+</pre>
+
+<pre>
+ # Work around clients that send RCPT TO:&lt;'user@domain'&gt;.
+ # WARNING: do not lose the parameters that follow the address.
+ /^(RCPT\s+TO:\s*&lt;)'([^[:space:]]+)'(&gt;.*)/ $1$2$3
+</pre>
+
+<pre>
+ # Append XVERP to MAIL FROM commands to request VERP-style delivery.
+ # See <a href="VERP_README.html">VERP_README</a> for more information on how to use Postfix VERP.
+ /^(MAIL\s+FROM:\s*&lt;listname@example\.com&gt;.*)/ $1 XVERP
+</pre>
+
+<pre>
+ # Bounce-never mail sink. Use <a href="postconf.5.html#notify_classes">notify_classes</a>=bounce,resource,software
+ # to send bounced mail to the postmaster (with message body removed).
+ /^(RCPT\s+TO:\s*&lt;.*&gt;.*)\s+NOTIFY=\S+(.*)/ $1 NOTIFY=NEVER$2
+ /^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER
+</pre>
+
+<p> This feature is available in Postfix 2.7. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_data_restrictions">smtpd_data_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional access restrictions that the Postfix SMTP server applies
+in the context of the SMTP DATA command.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are valid in this context:
+</p>
+
+<ul>
+
+<li><a href="#generic">Generic</a> restrictions that can be used
+in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li>SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>,
+<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+
+<li>However, no recipient information is available in the case of
+multi-recipient mail. Acting on only one recipient would be misleading,
+because any decision will affect all recipients equally. Acting on
+all recipients would require a possibly very large amount of memory,
+and would also be misleading for the reasons mentioned before.
+
+</ul>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>
+<a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> = <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a>
+(default: yes)</b></DT><DD>
+
+<p> Postpone the start of an SMTP mail transaction until a valid
+RCPT TO command is received. Specify "no" to create a mail transaction
+as soon as the Postfix SMTP server receives a valid MAIL FROM
+command. </p>
+
+<p> With sites that reject lots of mail, the default setting reduces
+the use of
+disk, CPU and memory resources. The downside is that rejected
+recipients are logged with NOQUEUE instead of a mail transaction
+ID. This complicates the logfile analysis of multi-recipient mail.
+</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_delay_reject">smtpd_delay_reject</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Wait until the RCPT TO command before evaluating
+$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
+$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command before
+evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
+</p>
+
+<p>
+This feature is turned on by default because some clients apparently
+mis-behave when the Postfix SMTP server rejects commands before
+RCPT TO.
+</p>
+
+<p>
+The default setting has one major benefit: it allows Postfix to log
+recipient address information when rejecting a client name/address
+or sender address, so that it is possible to find out whose mail
+is being rejected.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the remote SMTP client address, with
+case insensitive lists of EHLO keywords (pipelining, starttls, auth,
+etc.) that the Postfix SMTP server will not send in the EHLO response
+to a
+remote SMTP client. See <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> for details.
+The tables are not searched by hostname for robustness reasons. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>
+(default: empty)</b></DT><DD>
+
+<p> A case insensitive list of EHLO keywords (pipelining, starttls,
+auth, etc.) that the Postfix SMTP server will not send in the EHLO
+response
+to a remote SMTP client. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> Specify the <b>silent-discard</b> pseudo keyword to prevent
+this action from being logged. </p>
+
+<li> <p> Use the <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> feature
+to discard EHLO keywords selectively. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="smtpd_dns_reply_filter">smtpd_dns_reply_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional filter for Postfix SMTP server DNS lookup results.
+See <a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> for details including an example.
+</p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional access restrictions that the Postfix SMTP server
+applies in the context of the SMTP END-OF-DATA command.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a>
+(default: no)</b></DT><DD>
+
+<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+and require that clients use TLS encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a>
+this MUST NOT be applied in case of a publicly-referenced SMTP
+server. This option is therefore off by default. </p>
+
+<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
+
+<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
+STARTTLS due to insufficient privileges to access the server private
+key. This is intended behavior. </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a>
+(default: 1s)</b></DT><DD>
+
+<p>With Postfix version 2.1 and later: the SMTP server response delay after
+a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and
+fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail.
+</p>
+
+<p>With Postfix version 2.0 and earlier: the SMTP server delay
+before sending a reject (4xx or 5xx) response, when the client has
+made fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering
+mail. When the client has made $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> or more errors,
+delay all responses with the larger of (number of errors) seconds
+or $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_etrn_restrictions">smtpd_etrn_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client ETRN command.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p>
+The Postfix ETRN implementation accepts only destinations that are
+eligible for the Postfix "fast flush" service. See the <a href="ETRN_README.html">ETRN_README</a>
+file for details.
+</p>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are specific to the domain name information
+received with the ETRN command.
+</p>
+
+<dl>
+
+<dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified access database for the ETRN domain name
+or its parent domains. See the <a href="access.5.html">access(5)</a> manual page for details.
+</dd>
+
+</dl>
+
+<p>
+Other restrictions that are valid in this context:
+</p>
+
+<ul>
+
+<li><a href="#generic">Generic</a> restrictions that can be used
+in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li>SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
+
+</ul>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_expansion_filter">smtpd_expansion_filter</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+What characters are allowed in $name expansions of RBL reply
+templates. Characters not in the allowed set are replaced by "_".
+Use C like escapes to specify special characters such as whitespace.
+</p>
+
+<p>
+The <a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> value is not subject to Postfix configuration
+parameter $name expansion.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
+(default: Postfix &lt; 3.9: no)</b></DT><DD>
+
+<p> Reject or restrict input lines from an SMTP client that end in
+&lt;LF&gt; instead of the standard &lt;CR&gt;&lt;LF&gt;. Such line
+endings are commonly allowed with UNIX-based SMTP servers, but they
+violate <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>, and allowing such line endings can make a server
+vulnerable to <a href="https://www.postfix.org/smtp-smuggling.html">
+SMTP smuggling</a>. </p>
+
+<p> Specify one of the following values (case does not matter): </p>
+
+<dl compact>
+
+<dt> <b>normalize</b></dt> <dd> Require the standard
+End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
+Otherwise, allow command or message content lines ending in the
+non-standard &lt;LF&gt;, and process them as if the client sent the
+standard &lt;CR&gt;&lt;LF&gt;. <br> <br> This maintains compatibility
+with many legitimate SMTP client applications that send a mix of
+standard and non-standard line endings, but will fail to receive
+email from client implementations that do not terminate DATA content
+with the standard End-of-DATA sequence
+&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. <br> <br> Such clients
+can be excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>. </dd>
+
+<dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd>
+
+<dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA
+sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Reject a command
+or message content when a line contains bare &lt;LF&gt;, log a "bare
+&lt;LF&gt; received" error, and reply with the SMTP status code in
+$<a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>. <br> <br> This will reject
+email from SMTP clients that send any non-standard line endings
+such as web applications, netcat, or load balancer health checks.
+<br> <br> This will also reject email from services that use BDAT
+to send MIME text containing a bare newline (<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> Section 3
+requires canonical MIME format for text message types, defined in
+<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> Sections 2.7 and 2.8). <br> <br> Such clients can be
+excluded with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> (or, in the case
+of BDAT violations, BDAT can be selectively disabled with
+<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>, or globally disabled with
+<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>). </dd>
+
+<dt> <b>no</b> (default)</dt> <dd> Do not require the standard
+End-of-DATA
+sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;. Always process
+a bare &lt;LF&gt; as if the client sent &lt;CR&gt;&lt;LF&gt;. This
+option is fully backwards compatible, but is not recommended for
+an Internet-facing SMTP server, because it is vulnerable to <a
+href="https://www.postfix.org/smtp-smuggling.html"> SMTP smuggling</a>.
+</dd>
+
+</dl>
+
+<p> Recommended settings: </p>
+
+<blockquote>
+<pre>
+# Require the standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
+# Otherwise, allow bare &lt;LF&gt; and process it as if the client sent
+# &lt;CR&gt;&lt;LF&gt;.
+#
+# This maintains compatibility with many legitimate SMTP client
+# applications that send a mix of standard and non-standard line
+# endings, but will fail to receive email from client implementations
+# that do not terminate DATA content with the standard End-of-DATA
+# sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
+#
+# Such clients can be allowlisted with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
+# The example below allowlists SMTP clients in trusted networks.
+#
+<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = normalize
+<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+</pre>
+</blockquote>
+
+<p> Alternative: </p>
+
+<blockquote>
+<pre>
+# Reject input lines that contain &lt;LF&gt; and log a "bare &lt;LF&gt; received"
+# error. Require that input lines end in &lt;CR&gt;&lt;LF&gt;, and require the
+# standard End-of-DATA sequence &lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;.
+#
+# This will reject email from SMTP clients that send any non-standard
+# line endings such as web applications, netcat, or load balancer
+# health checks.
+#
+# This will also reject email from services that use BDAT to send
+# MIME text containing a bare newline (<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> Section 3 requires
+# canonical MIME format for text message types, defined in <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>
+# Sections 2.7 and 2.8).
+#
+# Such clients can be allowlisted with <a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>.
+# The example below allowlists SMTP clients in trusted networks.
+#
+<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject
+<a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+#
+# Alternatively, in the case of BDAT violations, BDAT can be selectively
+# disabled with <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>, or globally
+# disabled with <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>.
+#
+# <a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> = <a href="cidr_table.5.html">cidr</a>:/path/to/file
+# /path/to/file:
+# 10.0.0.0/24 chunking, silent-discard
+# <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking, silent-discard
+</pre>
+</blockquote>
+
+<p> This feature with settings <b>yes</b> and <b>no</b> is available
+in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the
+settings <b>reject</b>, and <b>normalize</b> are available with
+Postfix &ge; 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a>
+(default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)</b></DT><DD>
+
+<p> Exclude the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
+enforcement. This setting uses the same syntax and parent-domain
+matching behavior as <a href="postconf.5.html#mynetworks">mynetworks</a>. </p>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.4, 3.7.9,
+3.6.13, and 3.5.23. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when rejecting a
+request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject".
+Specify a 5XX status code (521 to disconnect).
+</p>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.5, 3.7.10,
+3.6.14, and 3.5.24. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a>
+(default: Postfix &ge; 3.9: yes)</b></DT><DD>
+
+<p> Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321)
+command pipelining constraints. The server replies with "554 5.5.0
+Error: SMTP protocol synchronization" and logs the unexpected remote
+SMTP client input. Specify "<a href="postconf.5.html#smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> = yes"
+to enable. This feature is enabled by default with Postfix &ge;
+3.9. </p>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_forbidden_commands">smtpd_forbidden_commands</a>
+(default: CONNECT GET POST <a href="regexp_table.5.html">regexp</a>:{{/^[^A-Z]/ Bogus}})</b></DT><DD>
+
+<p>
+List of commands that cause the Postfix SMTP server to immediately
+terminate the session with a 221 code. This can be used to disconnect
+clients that obviously attempt to abuse the system. In addition to the
+commands listed in this parameter, commands that follow the "Label:"
+format of message headers will also cause a disconnect. With Postfix
+versions 3.6 and earlier, the default value is "CONNECT GET POST".
+</p>
+
+<p>
+This feature is available in Postfix 2.2 and later.
+</p>
+
+<p>
+Support for inline regular expressions was added in Postfix version
+3.7. See <a href="regexp_table.5.html">regexp_table(5)</a> for a description of the syntax and features.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_hard_error_limit">smtpd_hard_error_limit</a>
+(default: normal: 20, overload: 1)</b></DT><DD>
+
+<p>
+The maximal number of errors a remote SMTP client is allowed to
+make without delivering mail. The Postfix SMTP server disconnects
+when the limit is reached. Normally the default limit is 20, but
+it changes under overload to just 1. With Postfix 2.5 and earlier,
+the SMTP server always allows up to 20 errors by default.
+Valid values are greater than zero.
+
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_helo_required">smtpd_helo_required</a>
+(default: no)</b></DT><DD>
+
+<p>
+Require that a remote SMTP client introduces itself with the HELO
+or EHLO command before sending the MAIL command or other commands
+that require EHLO negotiation.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_helo_restrictions">smtpd_helo_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client HELO command.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p>
+The default is to permit everything.
+</p>
+
+<p> Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> by not sending HELO or EHLO).
+</p>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are specific to the hostname information
+received with the HELO or EHLO command.
+</p>
+
+<dl>
+
+<dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the HELO or EHLO
+hostname or parent domains, and execute the corresponding action.
+Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_access">check_helo_access</a> by not sending HELO or EHLO). </dd>
+
+<dt><b><a name="check_helo_a_access">check_helo_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip check_helo_a_access by not sending HELO or EHLO). This
+feature is available in Postfix 3.0 and later.
+</dd>
+
+<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
+the HELO or EHLO hostname, and execute the corresponding action.
+If no MX record is found, look up A or AAAA records, just like the
+Postfix SMTP client would.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_mx_access">check_helo_mx_access</a> by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
+</dd>
+
+<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
+for the HELO or EHLO hostname, and execute the corresponding action.
+Note 1: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. Note
+2: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this
+restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can
+simply skip <a href="postconf.5.html#check_helo_ns_access">check_helo_ns_access</a> by not sending HELO or EHLO). This
+feature is available in Postfix 2.1 and later.
+</dd>
+
+<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_invalid_hostname)</dt>
+
+<dd>Reject the request when the HELO or EHLO hostname is malformed.
+Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce
+this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply
+skip <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> by not sending HELO or EHLO).
+<br> The <a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> specifies the response code
+for rejected requests (default: 501).</dd>
+
+<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_non_fqdn_hostname)</dt>
+
+<dd>Reject the request when the HELO or EHLO hostname is not in
+fully-qualified domain or address literal form, as required by the
+RFC. Note: specify
+"<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully enforce this restriction
+(without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a client can simply skip
+<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a> by not sending HELO or EHLO). <br>
+The <a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
+rejected requests (default: 504).</dd>
+
+<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the HELO or EHLO hostname is
+listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
+(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
+or a pattern inside "[]" that contains one or more ";"-separated
+numbers or number..number ranges (Postfix version 2.8 and later).
+If no "<i>=d.d.d.d</i>" is
+specified, reject the request when the HELO or EHLO hostname is
+listed with any A record under <i>rbl_domain</i>. See the
+<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description for additional RBL related configuration
+parameters. Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
+enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
+client can simply skip <a href="postconf.5.html#reject_rhsbl_helo">reject_rhsbl_helo</a> by not sending HELO or
+EHLO). This feature is available in Postfix 2.0
+and later. </dd>
+
+<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix &lt; 2.3: reject_unknown_hostname)</dt>
+
+<dd>Reject the request when the HELO or EHLO hostname has no DNS A
+or MX record. <br> The reply is specified with the
+<a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> parameter (default: 450) or
+<a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>).
+See the respective parameter descriptions for details. <br>
+Note: specify "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes" to fully
+enforce this restriction (without "<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> = yes", a
+client can simply skip <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> by not sending
+HELO or EHLO). </dd>
+
+</dl>
+
+<p>
+Other restrictions that are valid in this context:
+</p>
+
+<ul>
+
+<li> <a href="#generic">Generic</a> restrictions that can be used
+in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li> Client hostname or network address specific restrictions
+described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li> SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When
+sender or recipient restrictions are listed under <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>,
+they have effect only with "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that
+$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> is evaluated at the time of the RCPT TO
+command.
+
+</ul>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
+<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The maximal number of lines in the Postfix SMTP server command history
+before it is flushed upon receipt of EHLO, RSET, or end of DATA.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_junk_command_limit">smtpd_junk_command_limit</a>
+(default: normal: 100, overload: 1)</b></DT><DD>
+
+<p>
+The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
+SMTP client can send before the Postfix SMTP server starts to
+increment the error counter with each junk command. The junk
+command count is reset after mail is delivered. See also the
+<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> and <a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> configuration
+parameters. Normally the default limit is 100, but it changes under
+overload to just 1. With Postfix 2.5 and earlier, the SMTP server
+always allows up to 100 junk commands by default. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a>
+(default: empty)</b></DT><DD>
+
+<p> Enable logging of the named "permit" actions in SMTP server
+access lists (by default, the SMTP server logs "reject" actions but
+not "permit" actions). This feature does not affect conditional
+actions such as "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>". </p>
+
+<p> Specify a list of "permit" action names, "/file/name" or
+"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. The
+list is matched left to right, and the search stops on the first
+match. A "/file/name" pattern is replaced by its contents; a
+"<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a name matches a lookup
+key (the lookup result is ignored). Continue long lines by starting
+the next line with whitespace. Specify "!pattern" to exclude a name
+from the list. </p>
+
+<p> Examples: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Log all "permit" actions.
+ <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="DATABASE_README.html#types">static</a>:all
+</pre>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Log "<a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>" only.
+ <a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> = <a href="postconf.5.html#permit_dnswl_client">permit_dnswl_client</a>
+</pre>
+
+<p> This feature is available in Postfix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_milter_maps">smtpd_milter_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables with Milter settings per remote SMTP client IP
+address. The lookup result overrides the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> setting,
+and has the same syntax. </p>
+
+<p> Note: lookup tables cannot return empty responses. Specify a
+lookup result of DISABLE (case does not matter) to indicate that
+Milter support should be disabled. </p>
+
+<p> Example to disable Milters for local clients: </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> = <a href="cidr_table.5.html">cidr</a>:/etc/postfix/smtpd_milter_map
+ <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = inet:host:port, { inet:host:port, ... }, ...
+</pre>
+
+<pre>
+/etc/postfix/smtpd_milter_map:
+ # Disable Milters for local clients.
+ 127.0.0.0/8 DISABLE
+ 192.168.0.0/16 DISABLE
+ ::/64 DISABLE
+ 2001:db8::/32 DISABLE
+</pre>
+
+<p> This feature is available in Postfix 3.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_milters">smtpd_milters</a>
+(default: empty)</b></DT><DD>
+
+<p> A list of Milter (mail filter) applications for new mail that
+arrives via the Postfix <a href="smtpd.8.html">smtpd(8)</a> server. Specify space or comma as
+separator. See the <a href="MILTER_README.html">MILTER_README</a> document for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_min_data_rate">smtpd_min_data_rate</a>
+(default: 500)</b></DT><DD>
+
+<p> The minimum plaintext data transfer rate in bytes/second for
+DATA and BDAT requests, when deadlines are enabled with
+<a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>. After a read operation transfers N
+plaintext message bytes (possibly after TLS decryption), and after
+the DATA or BDAT request deadline is decremented by the elapsed
+time of that read operation, the DATA or BDAT request deadline is
+incremented by N/smtpd_min_data_rate seconds. However, the deadline
+will never be incremented beyond the time limit specified with
+<a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a>. </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_noop_commands">smtpd_noop_commands</a>
+(default: empty)</b></DT><DD>
+
+<p>
+List of commands that the Postfix SMTP server replies to with "250
+Ok", without doing any syntax checks and without changing state.
+This list overrides any commands built into the Postfix SMTP server.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a>
+(default: &lt;&gt;)</b></DT><DD>
+
+<p>
+The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables instead of the
+null sender address.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a>
+(default: yes)</b></DT><DD>
+
+<p> Attempt to look up the remote SMTP client hostname, and verify that
+the name matches the client IP address. A client name is set to
+"unknown" when it cannot be looked up or verified, or when name
+lookup is disabled. Turning off name lookup reduces delays due to
+DNS lookup and increases the maximal inbound delivery rate. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_per_record_deadline">smtpd_per_record_deadline</a>
+(default: normal: no, overload: yes)</b></DT><DD>
+
+<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a>
+time limits, from a
+time limit per read or write system call, to a time limit to send
+or receive a complete record (an SMTP command line, SMTP response
+line, SMTP message content line, or TLS protocol message). This
+limits the impact from hostile peers that trickle data one byte at
+a time. </p>
+
+<p> Note: when per-record deadlines are enabled, a short timeout
+may cause problems with TLS over very slow network connections.
+The reasons are that a TLS protocol message can be up to 16 kbytes
+long (with TLSv1), and that an entire TLS protocol message must be
+sent or received within the per-record deadline. </p>
+
+<p> This feature is available in Postfix 2.9-3.6. With older
+Postfix releases, the behavior is as if this parameter is set to
+"no". Postfix 3.7 and later use <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_per_request_deadline">smtpd_per_request_deadline</a>
+(default: normal: no, overload: yes)</b></DT><DD>
+
+<p> Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a>
+time limits, from a time limit per plaintext or TLS read or write
+call, to a combined time limit for receiving a complete SMTP request
+and for sending a complete SMTP response. The deadline limits only
+the time spent waiting for plaintext or TLS read or write calls,
+not time spent elsewhere. The per-request deadline limits the impact
+from hostile peers that trickle data one byte at a time. </p>
+
+<p> See <a href="postconf.5.html#smtpd_min_data_rate">smtpd_min_data_rate</a> for how the per-request deadline is
+managed during the DATA and BDAT phase. </p>
+
+<p> Note: when per-request deadlines are enabled, a short time limit
+may cause problems with TLS over very slow network connections. The
+reason is that a TLS protocol message can be up to 16 kbytes long
+(with TLSv1), and that an entire TLS protocol message must be
+transferred within the per-request deadline. </p>
+
+<p> This feature is available in Postfix 3.7 and later. A weaker
+feature, called <a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a>, is available with Postfix
+2.9-3.6. With older Postfix releases, the behavior is as if this
+parameter is set to "no". </p>
+
+<p> This feature is available in Postfix 3.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_default_action">smtpd_policy_service_default_action</a>
+(default: 451 4.3.5 Server configuration problem)</b></DT><DD>
+
+<p> The default action when an SMTPD policy service request fails.
+Specify "DUNNO" to behave as if the failed SMTPD policy service
+request was not sent, and to continue processing other access
+restrictions, if any. </p>
+
+<p> Limitations: </p>
+
+<ul>
+
+<li> <p> This parameter may specify any value that would be a valid
+SMTPD policy server response (or <a href="access.5.html">access(5)</a> map lookup result). An
+<a href="access.5.html">access(5)</a> map or policy server in this parameter value may need to
+be declared in advance with a restriction_class setting. </p>
+
+<li> <p> If the specified action invokes another <a href="postconf.5.html#check_policy_service">check_policy_service</a>
+request, that request will have the built-in default action. </p>
+
+</ul>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a>
+(default: 300s)</b></DT><DD>
+
+<p>
+The time after which an idle SMTPD policy service connection is
+closed.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a>
+(default: 1000s)</b></DT><DD>
+
+<p>
+The time after which an active SMTPD policy service connection is
+closed.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional information that the Postfix SMTP server specifies in
+the "policy_context" attribute of a policy service request (originally,
+to share the same service endpoint among multiple <a href="postconf.5.html#check_policy_service">check_policy_service</a>
+clients). </p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of requests per SMTPD policy service connection,
+or zero (no limit). Once a connection reaches this limit, the
+connection is closed and the next request will be sent over a new
+connection. This is a workaround to avoid error-recovery delays
+with policy servers that cannot maintain a persistent connection.
+</p>
+
+<p>
+This feature is available in Postfix 3.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a>
+(default: 1s)</b></DT><DD>
+
+<p> The delay between attempts to resend a failed SMTPD policy
+service request. Specify a value greater than zero. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_timeout">smtpd_policy_service_timeout</a>
+(default: 100s)</b></DT><DD>
+
+<p>
+The time limit for connecting to, writing to, or receiving from a
+delegated SMTPD policy server.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a>
+(default: 2)</b></DT><DD>
+
+<p> The maximal number of attempts to send an SMTPD policy service
+request before giving up. Specify a value greater than zero. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_proxy_ehlo">smtpd_proxy_ehlo</a>
+(default: $<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
+
+<p>
+How the Postfix SMTP server announces itself to the proxy filter.
+By default, the Postfix hostname is used.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_proxy_filter">smtpd_proxy_filter</a>
+(default: empty)</b></DT><DD>
+
+<p> The hostname and TCP port of the mail filtering proxy server.
+The proxy receives all mail from the Postfix SMTP server, and is
+supposed to give the result to another Postfix SMTP server process.
+</p>
+
+<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
+"unix:pathname" for a UNIX-domain endpoint. The host can be specified
+as an IP address or as a symbolic name; no MX lookups are done.
+When no "host" or "host:" is specified, the local machine is
+assumed. Pathname interpretation is relative to the Postfix queue
+directory. </p>
+
+<p> This feature is available in Postfix 2.1 and later. </p>
+
+<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
+and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_proxy_options">smtpd_proxy_options</a>
+(default: empty)</b></DT><DD>
+
+<p>
+List of options that control how the Postfix SMTP server
+communicates with a before-queue content filter. Specify zero or
+more of the following, separated by comma or whitespace. </p>
+
+<dl>
+
+<dt><b>speed_adjust</b></dt>
+
+<dd> <p> Do not connect to a before-queue content filter until an entire
+message has been received. This reduces the number of simultaneous
+before-queue content filter processes. </p>
+
+<p> NOTE 1: A filter must not <i>selectively</i> reject recipients
+of a multi-recipient message. Rejecting all recipients is OK, as
+is accepting all recipients. </p>
+
+<p> NOTE 2: This feature increases the minimum amount of free queue
+space by $<a href="postconf.5.html#message_size_limit">message_size_limit</a>. The extra space is needed to save the
+message to a temporary file. </p> </dd>
+
+</dl>
+
+<p>
+This feature is available in Postfix 2.7 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_proxy_timeout">smtpd_proxy_timeout</a>
+(default: 100s)</b></DT><DD>
+
+<p>
+The time limit for connecting to a proxy filter and for sending or
+receiving information. When a connection fails the client gets a
+generic error message while more detailed information is logged to
+the maillog file.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_recipient_limit">smtpd_recipient_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p>
+The maximal number of recipients that the Postfix SMTP server
+accepts per message delivery request.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p> The number of recipients that a remote SMTP client can send in
+excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before
+the Postfix SMTP server increments the per-session error count
+for each excess recipient. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client RCPT TO command, after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p> With Postfix versions before 2.10, the rules for relay permission
+and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>,
+resulting in error-prone configuration. As of Postfix 2.10, relay
+permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>,
+so that a permissive spam blocking policy under
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive
+mail relay policy. </p>
+
+<p> For backwards compatibility, sites that migrate from Postfix
+versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty
+value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p>
+
+<p>
+IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify
+at least one of the following restrictions. Otherwise Postfix will
+refuse to receive mail:
+</p>
+
+<blockquote>
+<pre>
+reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>
+</pre>
+</blockquote>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are specific to the recipient address
+that is received with the RCPT TO command.
+</p>
+
+<dl>
+
+<dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the resolved RCPT
+TO address, domain, parent domains, or localpart@, and execute the
+corresponding action. </dd>
+
+<dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the RCPT TO domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 3.0 and later. </dd>
+
+<dt><b><a name="check_recipient_mx_access">check_recipient_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
+the RCPT TO domain, and execute the corresponding action. If no
+MX record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later. </dd>
+
+<dt><b><a name="check_recipient_ns_access">check_recipient_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
+for the RCPT TO domain, and execute the corresponding action.
+Note: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later. </dd>
+
+<dt><b><a name="permit_auth_destination">permit_auth_destination</a></b></dt>
+
+<dd>Permit the request when one of the following is true:
+
+<ul>
+
+<li> Postfix is a mail forwarder: the resolved RCPT TO domain matches
+$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and the address contains no
+sender-specified routing (user@elsewhere@domain),
+
+<li> Postfix is the final destination: the resolved RCPT TO domain
+matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
+$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and the address
+contains no sender-specified routing (user@elsewhere@domain).
+
+</ul></dd>
+
+<dt><b><a name="permit_mx_backup">permit_mx_backup</a></b></dt>
+
+<dd>Permit the request when the local mail system is a backup MX for
+the RCPT TO domain, or when the domain is an authorized destination
+(see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a> for definition).
+
+<ul>
+
+<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> does not accept addresses that have
+sender-specified routing information (example: user@elsewhere@domain).
+
+<li> Safety: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> can be vulnerable to mis-use when
+access is not restricted with <a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a>.
+
+<li> Safety: as of Postfix version 2.3, <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> no longer
+accepts the address when the local mail system is a primary MX for
+the recipient domain. Exception: <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> accepts the address
+when it specifies an authorized destination (see <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
+for definition).
+
+<li> Limitation: mail may be rejected in case of a temporary DNS
+lookup problem with Postfix prior to version 2.0.
+
+</ul></dd>
+
+<dt><b><a name="reject_non_fqdn_recipient">reject_non_fqdn_recipient</a></b></dt>
+
+<dd>Reject the request when the RCPT TO address specifies a
+domain that is not in
+fully-qualified domain form, as required by the RFC. <br> The
+<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
+rejected requests (default: 504). </dd>
+
+<dt><b><a name="reject_rhsbl_recipient">reject_rhsbl_recipient <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the RCPT TO domain is listed with the
+A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
+2.1 and later only). Each "<i>d</i>" is a number, or a pattern
+inside "[]" that contains one or more ";"-separated numbers or
+number..number ranges (Postfix version 2.8 and later). If no
+"<i>=d.d.d.d</i>" is specified, reject
+the request when the RCPT TO domain is listed with
+any A record under <i>rbl_domain</i>. <br> The <a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a>
+parameter specifies the response code for rejected requests (default:
+554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server
+reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server
+replies indexed by <i>rbl_domain</i>. This feature is available
+in Postfix version 2.0 and later.</dd>
+
+<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>
+
+<dd>Reject the request unless one of the following is true:
+
+<ul>
+
+<li> Postfix is a mail forwarder: the resolved RCPT TO domain matches
+$<a href="postconf.5.html#relay_domains">relay_domains</a> or a subdomain thereof, and contains no sender-specified
+routing (user@elsewhere@domain),
+
+<li> Postfix is the final destination: the resolved RCPT TO domain
+matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
+$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and contains
+no sender-specified routing (user@elsewhere@domain).
+
+</ul>The <a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> parameter specifies the response
+code for rejected requests (default: 554). </dd>
+
+<dt><b><a name="defer_unauth_destination">defer_unauth_destination</a></b></dt>
+
+<dd> Reject the same requests as <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>, with a
+non-permanent error code. This feature is available in Postfix
+2.10 and later.</dd>
+
+<dt><b><a name="reject_unknown_recipient_domain">reject_unknown_recipient_domain</a></b></dt>
+
+<dd>Reject the request when Postfix is not final destination for
+the recipient domain, and the RCPT TO domain has 1) no DNS MX and
+no DNS A
+record or 2) a malformed MX record such as a record with
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
+reply is specified with the <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter
+(default: 450), <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> (default:
+<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>), or 556 (nullmx, Postfix 3.0 and
+later). See the respective parameter descriptions for details.
+</dd>
+
+<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>
+
+<dd> Reject the request when the RCPT TO address is not listed in
+the list of valid recipients for its domain class. See the
+<a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> parameter description for details.
+This feature is available in Postfix 2.1 and later.</dd>
+
+<dt><b><a name="reject_unverified_recipient">reject_unverified_recipient</a></b></dt>
+
+<dd>Reject the request when mail to the RCPT TO address is known
+to bounce, or when the recipient address destination is not reachable.
+Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server;
+see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
+<a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> parameter specifies the numerical
+response code when an address is known to bounce (default: 450,
+change it to 550 when you are confident that it is safe to do so).
+<br>The <a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> parameter specifies the
+numerical response code when an address probe failed due to a
+temporary problem (default: 450). <br> The
+<a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> parameter specifies the action
+after address probe failure due to a temporary problem (default:
+<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for aliased addresses
+with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix &le; 3.2). <br>
+This feature is available in Postfix 2.1 and later. </dd>
+
+</dl>
+
+<p>
+Other restrictions that are valid in this context:
+</p>
+
+<ul>
+
+<li><a href="#generic">Generic</a> restrictions that can be used
+in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li>SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
+<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>.
+
+</ul>
+
+<p>
+Example:
+</p>
+
+<pre>
+# The Postfix before 2.10 default mail relay policy. Later Postfix
+# versions implement this preferably with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_reject_footer">smtpd_reject_footer</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional information that is appended after each Postfix SMTP
+server
+4XX or 5XX response. </p>
+
+<p> The following example uses "\c" at the start of the template
+(supported in Postfix 2.10 and later) to suppress the line break
+between the reply text and the footer text. With earlier Postfix
+versions, the footer text always begins on a new line, and the "\c"
+is output literally. </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> = \c. For assistance, call 800-555-0101.
+ Please provide the following information in your problem report:
+ time ($localtime), client ($client_address) and server
+ ($server_name).
+</pre>
+
+<p> Server response: </p>
+
+<pre>
+ 550-5.5.1 &lt;user@example&gt; Recipient address rejected: User
+ unknown. For assistance, call 800-555-0101. Please provide the
+ following information in your problem report: time (Jan 4 15:42:00),
+ client (192.168.1.248) and server (mail1.example.com).
+</pre>
+
+<p> Note: the above text is meant to make it easier to find the
+Postfix logfile records for a failed SMTP session. The text itself
+is not logged to the Postfix SMTP server's maillog file. </p>
+
+<p> Be sure to keep the text as short as possible. Long text may
+be truncated before it is logged to the remote SMTP client's maillog
+file, or before it is returned to the sender in a delivery status
+notification. </p>
+
+<p> The template text is not subject to Postfix configuration
+parameter $name expansion. Instead, this feature supports a limited
+number of $name attributes in the footer text. These attributes are
+replaced with their current value for the SMTP session. </p>
+
+<p> Note: specify $$name in footer text that is looked up from
+<a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>:-based <a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>, otherwise the
+Postfix server will not use the footer text and will log a warning
+instead. </p>
+
+<dl>
+
+<dt> <b>client_address</b> </dt> <dd> The Client IP address that
+is logged in the maillog file. </dd>
+
+<dt> <b>client_port</b> </dt> <dd> The client TCP port that is
+logged in the maillog file. </dd>
+
+<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd
+hh:mm:ss) that is logged in the maillog file. </dd>
+
+<dt> <b>server_name</b> </dt> <dd> The server's <a href="postconf.5.html#myhostname">myhostname</a> value.
+This attribute is made available for sites with multiple MTAs
+(perhaps behind a load-balancer), where the server name can help
+the server support team to quickly find the right log files. </dd>
+
+</dl>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> NOT SUPPORTED are other attributes such as sender, recipient,
+or <a href="postconf.5.html">main.cf</a> parameters. </p>
+
+<li> <p> For safety reasons, text that does not match
+$<a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> is censored. </p>
+
+</ul>
+
+<p> This feature supports the two-character sequence \n as a request
+for a line break in the footer text. Postfix automatically inserts
+after each line break the three-digit SMTP reply code (and optional
+enhanced status code) from the original Postfix reject message.
+</p>
+
+<p> To work around mail software that mis-handles multi-line replies,
+specify the two-character sequence \c at the start of the template.
+This suppresses the line break between the reply text and the footer
+text (Postfix 2.10 and later). </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Lookup tables, indexed by the complete Postfix SMTP server 4xx or
+5xx response, with reject footer templates. See <a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>
+for details. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Request that the Postfix SMTP server rejects mail for unknown
+recipient addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a>
+access restriction is specified. This prevents the Postfix queue
+from filling up with undeliverable MAILER-DAEMON messages.
+</p>
+
+<p> An address is considered "unknown" when 1) it does not match a
+<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
+valid for its address class. For a definition of class-based address
+validation, see <a href="ADDRESS_CLASS_README.html#classes">
+ADDRESS_CLASS_README</a>. </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a>
+(default: no)</b></DT><DD>
+
+<p> Request that the Postfix SMTP server rejects mail from unknown
+sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+access restriction is specified. This can slow down an explosion
+of forged mail from worms or viruses. </p>
+
+<p> An address is considered "unknown" when 1) it does not match a
+<a href="virtual.5.html">virtual(5)</a> alias or <a href="canonical.5.html">canonical(5)</a> mapping, and 2) the address is not
+valid for its address class. For a definition of class-based address
+validation, see <a href="ADDRESS_CLASS_README.html#classes">
+ADDRESS_CLASS_README</a>. </p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> Evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+Historically, <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> was evaluated after
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>, contradicting documented behavior. </p>
+
+<p> Background: the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> feature is primarily
+designed to enforce a mail relaying policy, while
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> is primarily designed to enforce spam
+blocking policy. Both are evaluated while replying to the RCPT TO
+command, and both support the same features. </p>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_relay_restrictions">smtpd_relay_restrictions</a>
+(default: <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b></DT><DD>
+
+<p> Access restrictions for mail relay control that the Postfix
+SMTP server applies in the context of the RCPT TO command, before
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p> With Postfix versions before 2.10, the rules for relay permission
+and spam blocking were combined under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>,
+resulting in error-prone configuration. As of Postfix 2.10, relay
+permission rules are preferably implemented with <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>,
+so that a permissive spam blocking policy under
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> will no longer result in a permissive
+mail relay policy. </p>
+
+<p> For backwards compatibility, sites that migrate from Postfix
+versions before 2.10 can set <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> to the empty
+value, and use <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> exactly as before. </p>
+
+<p>
+By default, the Postfix SMTP server accepts:
+</p>
+
+<ul>
+
+<li> Mail from clients whose IP address matches $<a href="postconf.5.html#mynetworks">mynetworks</a>, or:
+
+<li> Mail from clients who are SASL authenticated, or:
+
+<li> Mail to remote destinations that match $<a href="postconf.5.html#relay_domains">relay_domains</a>, except
+for addresses that contain sender-specified routing
+(user@elsewhere@domain), or:
+
+<li> Mail to local destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, or
+$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
+</ul>
+
+<p>
+IMPORTANT: Either the <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> or the
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> parameter must specify
+at least one of the following restrictions. Otherwise Postfix will
+refuse to receive mail:
+</p>
+
+<blockquote>
+<pre>
+reject, <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+defer, <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>
+</pre>
+</blockquote>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+The same restrictions are available as documented under
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+</p>
+
+<p> This feature is available in Postix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_restriction_classes">smtpd_restriction_classes</a>
+(default: empty)</b></DT><DD>
+
+<p>
+User-defined aliases for groups of access restrictions. The aliases
+can be specified in <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> etc., and on the
+right-hand side of a Postfix <a href="access.5.html">access(5)</a> table.
+</p>
+
+<p>
+One major application is for implementing per-recipient UCE control.
+See the <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a> document for other examples.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_application_name">smtpd_sasl_application_name</a>
+(default: smtpd)</b></DT><DD>
+
+<p>
+The application name that the Postfix SMTP server uses for SASL
+server initialization. This
+controls the name of the SASL configuration file. The default value
+is <b>smtpd</b>, corresponding to a SASL configuration file named
+<b>smtpd.conf</b>.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3
+it was renamed to <a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable SASL authentication in the Postfix SMTP server. By default,
+the Postfix SMTP server does not use authentication.
+</p>
+
+<p>
+If a remote SMTP client is authenticated, the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
+access restriction can be used to permit relay access, like this:
+</p>
+
+<blockquote>
+<pre>
+# With Postfix 2.10 and later, the mail relay policy is
+# preferably specified under <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ...
+</pre>
+
+<pre>
+# With Postfix before 2.10, the relay policy can be
+# specified only under <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, ...
+</pre>
+</blockquote>
+
+<p> To reject all SMTP connections from unauthenticated clients,
+specify "<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes" (which is the default) and use:
+</p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> = <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>, reject
+</pre>
+</blockquote>
+
+<p>
+See the <a href="SASL_README.html">SASL_README</a> file for SASL configuration and operation details.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a>
+(default: no)</b></DT><DD>
+
+<p> Report the SASL authenticated user name in the <a href="smtpd.8.html">smtpd(8)</a> Received
+message header. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a>
+(default: empty)</b></DT><DD>
+
+<p>
+What remote SMTP clients the Postfix SMTP server will not offer
+AUTH support to.
+</p>
+
+<p>
+Some clients (Netscape 4 at least) have a bug that causes them to
+require a login and password whenever AUTH is offered, whether it's
+necessary or not. To work around this, specify, for example,
+$<a href="postconf.5.html#mynetworks">mynetworks</a> to prevent Postfix from offering AUTH to local clients.
+</p>
+
+<p>
+Specify a list of network/netmask patterns, separated by commas
+and/or whitespace. The mask specifies the number of bits in the
+network part of a host address. You can also specify "/file/name" or
+"<a href="DATABASE_README.html">type:table</a>" patterns. A "/file/name" pattern is replaced by its
+contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matched when a table entry
+matches a lookup string (the lookup result is ignored). Continue
+long lines by starting the next line with whitespace. Specify
+"!pattern" to exclude an address or network block from the list.
+The form "!/file/name" is supported only in Postfix version 2.4 and
+later. </p>
+
+<p> Note: IP version 6 address information must be specified inside
+<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in
+files specified with "/file/name". IP version 6 addresses contain
+the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
+pattern. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> = $<a href="postconf.5.html#mynetworks">mynetworks</a>
+</pre>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_local_domain">smtpd_sasl_local_domain</a>
+(default: empty)</b></DT><DD>
+
+<p>
+The name of the Postfix SMTP server's local SASL authentication
+realm.
+</p>
+
+<p>
+By default, the local authentication realm name is the null string.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
+<a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a>
+(default: !external, <a href="DATABASE_README.html#types">static</a>:rest)</b></DT><DD>
+
+<p> If non-empty, a filter for the SASL mechanism names that the
+Postfix SMTP server will announce in the EHLO response. By default,
+the Postfix SMTP server will not announce the EXTERNAL mechanism,
+because Postfix support for that is not implemented. </p>
+
+<p> Specify mechanism names, "/file/name" patterns, or "<a href="DATABASE_README.html">type:table</a>"
+lookup tables, separated by comma or whitespace. The right-hand
+side result from "<a href="DATABASE_README.html">type:table</a>" lookups is ignored. Specify "!pattern"
+to exclude a mechanism name from the list. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = !external, !gssapi, <a href="DATABASE_README.html#types">static</a>:rest
+<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = login, plain
+<a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> = /etc/postfix/smtpd_mechs
+</pre>
+
+<p> This feature is available in Postfix 3.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_path">smtpd_sasl_path</a>
+(default: smtpd)</b></DT><DD>
+
+<p> Implementation-specific information that the Postfix SMTP server
+passes through to
+the SASL plug-in implementation that is selected with
+<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. Typically this specifies the name of a
+configuration file or rendezvous point. </p>
+
+<p> This feature is available in Postfix 2.3 and later. In earlier
+releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a></b>. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_response_limit">smtpd_sasl_response_limit</a>
+(default: 12288)</b></DT><DD>
+
+<p> The maximum length of a SASL client's response to a server challenge.
+When the client's "initial response" is longer than the normal limit for
+SMTP commands, the client must omit its initial response, and wait for an
+empty server challenge; it can then send what would have been its "initial
+response" as a response to the empty server challenge. <a href="https://tools.ietf.org/html/rfc4954">RFC4954</a> requires the
+server to accept client responses up to at least 12288 octets of
+base64-encoded text. The default value is therefore also the minimum value
+accepted for this parameter.</p>
+
+<p> This feature is available in Postfix 3.4 and later. Prior versions use
+"<a href="postconf.5.html#line_length_limit">line_length_limit</a>", which may need to be raised to accommodate larger client
+responses, as may be needed with GSSAPI authentication of Windows AD users
+who are members of many groups. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_security_options">smtpd_sasl_security_options</a>
+(default: noanonymous)</b></DT><DD>
+
+<p> Postfix SMTP server SASL security options; as of Postfix 2.3
+the list of available
+features depends on the SASL server implementation that is selected
+with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>. </p>
+
+<p> The following security features are defined for the <b>cyrus</b>
+server SASL implementation: </p>
+
+<p>
+Restrict what authentication mechanisms the Postfix SMTP server
+will offer to the client. The list of available authentication
+mechanisms is system dependent.
+</p>
+
+<p>
+Specify zero or more of the following:
+</p>
+
+<dl>
+
+<dt><b>noplaintext</b></dt>
+
+<dd>Disallow methods that use plaintext passwords. </dd>
+
+<dt><b>noactive</b></dt>
+
+<dd>Disallow methods subject to active (non-dictionary) attack. </dd>
+
+<dt><b>nodictionary</b></dt>
+
+<dd>Disallow methods subject to passive (dictionary) attack. </dd>
+
+<dt><b>noanonymous</b></dt>
+
+<dd>Disallow methods that allow anonymous authentication. </dd>
+
+<dt><b>forward_secrecy</b></dt>
+
+<dd>Only allow methods that support forward secrecy (Dovecot only).
+</dd>
+
+<dt><b>mutual_auth</b></dt>
+
+<dd>Only allow methods that provide mutual authentication (not available
+with Cyrus SASL version 1). </dd>
+
+</dl>
+
+<p>
+By default, the Postfix SMTP server accepts plaintext passwords but
+not anonymous logins.
+</p>
+
+<p>
+Warning: it appears that clients try authentication methods in the
+order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5)
+which means that if you disable plaintext passwords, clients will
+log in anonymously, even when they should be able to use CRAM-MD5.
+So, if you disable plaintext logins, disable anonymous logins too.
+Postfix treats anonymous login as no authentication.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> = noanonymous, noplaintext
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_service">smtpd_sasl_service</a>
+(default: smtp)</b></DT><DD>
+
+<p> The service name that is passed to the SASL plug-in that is
+selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>.
+</p>
+
+<p> This feature is available in Postfix 2.11 and later. Prior
+versions behave as if "<b>smtp</b>" is specified. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a>
+(default: $<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b></DT><DD>
+
+<p> The SASL authentication security options that the Postfix SMTP
+server uses for TLS encrypted SMTP sessions. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sasl_type">smtpd_sasl_type</a>
+(default: cyrus)</b></DT><DD>
+
+<p> The SASL plug-in type that the Postfix SMTP server should use
+for authentication. The available types are listed with the
+"<b>postconf -a</b>" command. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sender_login_maps">smtpd_sender_login_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup table with the SASL login names that own the sender
+(MAIL FROM) addresses.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found. With lookups from
+indexed files such as DB or DBM, or from networked tables such as
+NIS, LDAP or SQL, the following search operations are done with a
+sender address of <i>user@domain</i>: </p>
+
+<dl>
+
+<dt> 1) <i>user@domain</i> </dt>
+
+<dd>This table lookup is always done and has the highest precedence. </dd>
+
+<dt> 2) <i>user</i> </dt>
+
+<dd>This table lookup is done only when the <i>domain</i> part of the
+sender address matches $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
+or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. </dd>
+
+<dt> 3) <i>@domain</i> </dt>
+
+<dd>This table lookup is done last and has the lowest precedence. </dd>
+
+</dl>
+
+<p>
+In all cases the result of table lookup must be either "not found"
+or a list of SASL login names separated by comma and/or whitespace.
+</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_sender_restrictions">smtpd_sender_restrictions</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional restrictions that the Postfix SMTP server applies in the
+context of a client MAIL FROM command.
+See <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, section "Delayed evaluation of SMTP access
+restriction lists" for a discussion of evaluation context and time.
+</p>
+
+<p>
+The default is to permit everything.
+</p>
+
+<p>
+Specify a list of restrictions, separated by commas and/or whitespace.
+Continue long lines by starting the next line with whitespace.
+Restrictions are applied in the order as specified; the first
+restriction that matches wins.
+</p>
+
+<p>
+The following restrictions are specific to the sender address
+received with the MAIL FROM command.
+</p>
+
+<dl>
+
+<dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MAIL FROM
+address, domain, parent domains, or localpart@, and execute the
+corresponding action. </dd>
+
+<dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the IP addresses for
+the MAIL FROM domain, and execute the corresponding action. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 3.0 and later. </dd>
+
+<dt><b><a name="check_sender_mx_access">check_sender_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the MX hosts for
+the MAIL FROM domain, and execute the corresponding action. If no
+MX record is found, look up A or AAAA records, just like the Postfix
+SMTP client would. Note:
+a result of "OK" is not allowed for safety reasons. Instead, use
+DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later. </dd>
+
+<dt><b><a name="check_sender_ns_access">check_sender_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
+
+<dd>Search the specified <a href="access.5.html">access(5)</a> database for the DNS servers
+for the MAIL FROM domain, and execute the corresponding action.
+Note: a result of "OK" is not allowed for safety reasons. Instead,
+use DUNNO in order to exclude specific hosts from denylists. This
+feature is available in Postfix 2.1 and later. </dd>
+
+<dt><b><a name="reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a></b></dt>
+
+<dd> Reject the request when the client is authenticated with SASL,
+but either the MAIL FROM address is not listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
+or the SASL login name is not an owner for that address.
+<br>
+This prevents an authenticated client from using a MAIL FROM address
+that they do not explicitly own.
+<br>
+This feature is available in Postfix version 2.1 and later. </dd>
+
+<dt><b><a name="reject_known_sender_login_mismatch">reject_known_sender_login_mismatch</a></b></dt>
+
+<dd> When the client is authenticated with SASL, reject the request
+when the MAIL FROM address is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>,
+but the SASL login name is not an owner for that address.
+<br>
+When the client is not authenticated with SASL, reject the request
+when SASL is enabled, and the MAIL FROM address is listed in
+$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
+<br>
+This protects any MAIL FROM address that is listed in
+$<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, while still allowing a client to use any
+unlisted MAIL FROM address.
+<br>
+This feature is available in Postfix version 2.11 and later.</dd>
+
+<dt><b><a name="reject_non_fqdn_sender">reject_non_fqdn_sender</a></b></dt>
+
+<dd>Reject the request when the MAIL FROM address specifies a
+domain that is not in
+fully-qualified domain form as required by the RFC. <br> The
+<a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> parameter specifies the response code for
+rejected requests (default: 504). </dd>
+
+<dt><b><a name="reject_rhsbl_sender">reject_rhsbl_sender <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the MAIL FROM domain is listed with
+the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix
+version 2.1 and later only). Each "<i>d</i>" is a number, or a
+pattern inside "[]" that contains one or more ";"-separated numbers
+or number..number ranges (Postfix version 2.8 and later). If no
+"<i>=d.d.d.d</i>" is specified,
+reject the request when the MAIL FROM domain is
+listed with any A record under <i>rbl_domain</i>. <br> The
+<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> parameter specifies the response code for
+rejected requests (default: 554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter
+specifies the default server reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter
+specifies tables with server replies indexed by <i>rbl_domain</i>.
+This feature is available in Postfix 2.0 and later.</dd>
+
+<dt><b><a name="reject_sender_login_mismatch">reject_sender_login_mismatch</a></b></dt>
+
+<dd> As of Postfix 2.1, this is an alias for
+"<a href="postconf.5.html#reject_authenticated_sender_login_mismatch">reject_authenticated_sender_login_mismatch</a>,
+<a href="postconf.5.html#reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a>".</dd>
+
+<dt><b><a name="reject_unauthenticated_sender_login_mismatch">reject_unauthenticated_sender_login_mismatch</a></b></dt>
+
+<dd> Reject the request when SASL is enabled, the MAIL FROM address
+is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>, but the client is not
+authenticated with SASL.
+<br>
+With SASL enabled, this prevents an unauthenticated client from
+using any MAIL FROM address that is listed in $<a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a>.
+<br>
+This feature is available in Postfix version 2.1 and later.</dd>
+
+<dt><b><a name="reject_unknown_sender_domain">reject_unknown_sender_domain</a></b></dt>
+
+<dd>Reject the request when Postfix is not the final destination for
+the sender address, and the MAIL FROM domain has 1) no DNS MX and
+no DNS A
+record, or 2) a malformed MX record such as a record with
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
+reply is specified with the <a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter
+(default: 450), <a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> (default:
+<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>), or 550 (nullmx, Postfix 3.0 and
+later). See the respective parameter descriptions for details.
+</dd>
+
+<dt><b><a name="reject_unlisted_sender">reject_unlisted_sender</a></b></dt>
+
+<dd>Reject the request when the MAIL FROM address is not listed in
+the list of valid recipients for its domain class. See the
+<a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> parameter description for details.
+This feature is available in Postfix 2.1 and later.</dd>
+
+<dt><b><a name="reject_unverified_sender">reject_unverified_sender</a></b></dt>
+
+<dd>Reject the request when mail to the MAIL FROM address is known to
+bounce, or when the sender address destination is not reachable.
+Address verification information is managed by the <a href="verify.8.html">verify(8)</a> server;
+see the <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> file for details. <br> The
+<a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> parameter specifies the numerical
+response code when an address is known to bounce (default: 450,
+change into 550 when you are confident that it is safe to do so).
+<br>The <a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> specifies the numerical response
+code when an address probe failed due to a temporary problem
+(default: 450). <br> The <a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> parameter
+specifies the action after address probe failure due to a temporary
+problem (default: <a href="postconf.5.html#defer_if_permit">defer_if_permit</a>). <br> This feature breaks for
+aliased addresses with "<a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> = no" (Postfix
+&le; 3.2). <br> This feature is available in Postfix 2.1 and later.
+</dd>
+
+</dl>
+
+<p>
+Other restrictions that are valid in this context:
+</p>
+
+<ul>
+
+<li> <a href="#generic">Generic</a> restrictions that can be used
+in any SMTP command context, described under <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>.
+
+<li> SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
+
+<li> SMTP command specific restrictions described under
+<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>. When recipient restrictions are listed
+under <a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, they have effect only with
+"<a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> = yes", so that $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> is
+evaluated at the time of the RCPT TO command.
+
+</ul>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
+<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> = <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>,
+ <a href="postconf.5.html#check_sender_access">check_sender_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access
+</pre>
+
+
+</DD>
+
+<DT><b><a name="smtpd_service_name">smtpd_service_name</a>
+(default: smtpd)</b></DT><DD>
+
+<p> The internal service that <a href="postscreen.8.html">postscreen(8)</a> hands off allowed
+connections to. In a future version there may be different
+classes of SMTP service. </p>
+
+<p> This feature is available in Postfix 2.8. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+(default: 10)</b></DT><DD>
+
+<p>
+The number of errors a remote SMTP client is allowed to make without
+delivering mail before the Postfix SMTP server slows down all its
+responses.
+</p>
+
+<ul>
+
+<li><p>With Postfix version 2.1 and later, when the error count
+is &gt; $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server
+delays all responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p>
+
+<li><p>With Postfix versions 2.0 and earlier, when the error count
+is &gt; $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server delays all
+responses by the larger of (number of errors) seconds or
+$<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p>
+
+<li><p>With Postfix versions 2.0 and earlier, when the error count
+is &le; $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>, the Postfix SMTP server delays 4XX
+and 5XX responses by $<a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a>. </p>
+
+</ul>
+
+
+</DD>
+
+<DT><b><a name="smtpd_starttls_timeout">smtpd_starttls_timeout</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The time limit for Postfix SMTP server write and read operations
+during TLS startup and shutdown handshake procedures. The current
+default value is stress-dependent. Before Postfix version 2.8, it
+was fixed at 300s. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_timeout">smtpd_timeout</a>
+(default: normal: 300s, overload: 10s)</b></DT><DD>
+
+<p> When the Postfix SMTP server wants to send an SMTP server
+response, how long the Postfix SMTP server will wait for an underlying
+network write operation to complete; and when the Postfix SMTP
+server Postfix wants to receive an SMTP client request, how long
+the Postfix SMTP server will wait for an underlying network read
+operation to complete. See the <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> for how
+this time limit may be enforced (with Postfix 2.9-3.6 see
+<a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a>). </p>
+
+<p> Normally the default limit
+is 300s, but it changes under overload to just 10s. With Postfix
+2.5 and earlier, the SMTP server always uses a time limit of 300s
+by default.
+</p>
+
+<p>
+Note: if you set SMTP time limits to very large values you may have
+to update the global <a href="postconf.5.html#ipc_timeout">ipc_timeout</a> parameter.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_CAfile">smtpd_tls_CAfile</a>
+(default: empty)</b></DT><DD>
+
+<p> A file containing (PEM format) CA certificates of root CAs trusted
+to sign either remote SMTP client certificates or intermediate CA
+certificates. These are loaded into memory before the <a href="smtpd.8.html">smtpd(8)</a> server
+enters the chroot jail. If the number of trusted roots is large, consider
+using <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> instead, but note that the latter directory must
+be present in the chroot jail if the <a href="smtpd.8.html">smtpd(8)</a> server is chrooted. This
+file may also be used to augment the server certificate trust chain,
+but it is best to include all the required certificates directly in the
+server certificate file. </p>
+
+<p> Specify "<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /path/to/system_CA_file" to use ONLY
+the system-supplied default Certification Authority certificates.
+</p>
+
+<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
+appending the system-supplied default CAs and trusting third-party
+certificates. </p>
+
+<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are not
+requested, and <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> should remain empty. If you do make use
+of client certificates, the distinguished names (DNs) of the Certification
+Authorities listed in <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> are sent to the remote SMTP client
+in the client certificate request message. MUAs with multiple client
+certificates may use the list of preferred Certification Authorities
+to select the correct client certificate. You may want to put your
+"preferred" CA or CAs in this file, and install other trusted CAs in
+$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/CAcert.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_CApath">smtpd_tls_CApath</a>
+(default: empty)</b></DT><DD>
+
+<p> A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate CA
+certificates. Do not forget to create the necessary "hash" links with,
+for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use
+<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> in chroot mode, this directory (or a copy) must be
+inside the chroot jail. </p>
+
+<p> Specify "<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /path/to/system_CA_directory" to
+use ONLY the system-supplied default Certification Authority certificates.
+</p>
+
+<p> Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = no" to prevent Postfix from
+appending the system-supplied default CAs and trusting third-party
+certificates. </p>
+
+<p> By default (see <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>), client certificates are
+not requested, and <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> should remain empty. In contrast
+to <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, DNs of Certification Authorities installed
+in $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> are not included in the client certificate
+request message. MUAs with multiple client certificates may use the
+list of preferred Certification Authorities to select the correct
+client certificate. You may want to put your "preferred" CA or
+CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, and install the remaining trusted CAs in
+$<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> = /etc/postfix/certs
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>
+(default: yes)</b></DT><DD>
+
+<p> Force the Postfix SMTP server to issue a TLS session id, even
+when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
+is empty). This behavior is compatible with Postfix &lt; 2.3. </p>
+
+<p> With Postfix 2.3 and later the Postfix SMTP server can disable
+session id generation when TLS session caching is turned off. This
+keeps remote SMTP clients from caching sessions that almost certainly cannot
+be re-used. </p>
+
+<p> By default, the Postfix SMTP server always generates TLS session
+ids. This works around a known defect in mail client applications
+such as MS Outlook, and may also prevent interoperability issues
+with other MTAs. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> = no
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>
+(default: no)</b></DT><DD>
+
+<p> Ask a remote SMTP client for a client certificate. This
+information is needed for certificate based mail relaying with,
+for example, the <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> feature. </p>
+
+<p> Some clients such as Netscape will either complain if no
+certificate is available (for the list of CAs in $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)
+or will offer multiple client certificates to choose from. This
+may be annoying, so this option is "off" by default. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_auth_only">smtpd_tls_auth_only</a>
+(default: no)</b></DT><DD>
+
+<p> When TLS encryption is optional in the Postfix SMTP server, do
+not announce or accept SASL authentication over unencrypted
+connections. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>
+(default: 9)</b></DT><DD>
+
+<p> The verification depth for remote SMTP client certificates. A
+depth of 1 is sufficient if the issuing CA is listed in a local CA
+file. </p>
+
+<p> The default verification depth is 9 (the OpenSSL default) for
+compatibility with earlier Postfix behavior. Prior to Postfix 2.5,
+the default value was 5, but the limit was not actually enforced. If
+you have set this to a lower non-default value, certificates with longer
+trust chains may now fail to verify. Certificate chains with 1 or 2
+CAs are common, deeper chains are more rare and any number between 5
+and 9 should suffice in practice. You can choose a lower number if,
+for example, you trust certificates directly signed by an issuing CA
+but not any CAs it delegates to. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_cert_file">smtpd_tls_cert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP server RSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private RSA key.
+With Postfix &ge; 3.4 the preferred way to configure server keys and
+certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
+
+<p> Public Internet MX hosts without certificates signed by a "reputable"
+CA must generate, and be prepared to present to most clients, a
+self-signed or private-CA signed certificate. The client will not be
+able to authenticate the server, but unless it is running Postfix 2.3 or
+similar software, it will still insist on a server certificate. </p>
+
+<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are not optional in TLS 1.3. To run
+without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also
+"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not
+recommended. <p>
+
+<p> Both RSA and DSA certificates are supported. When both types
+are present, the cipher used determines which certificate will be
+presented to the client. For Netscape and OpenSSL clients without
+special cipher choices the RSA certificate is preferred. </p>
+
+<p> To enable a remote SMTP client to verify the Postfix SMTP server
+certificate, the issuing CA certificates must be made available to the
+client. You should include the required certificates in the server
+certificate file, the server certificate first, then the issuing
+CA(s) (bottom-up order). </p>
+
+<p> Example: the certificate for "server.example.com" was issued by
+"intermediate CA" which itself has a certificate of "root CA".
+Create the server.pem file with "cat server_cert.pem intermediate_CA.pem
+root_CA.pem &gt; server.pem". </p>
+
+<p> If you also want to verify client certificates issued by these
+CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which
+case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>,
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (obsolete) or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p>
+
+<p> A certificate supplied here must be usable as an SSL server certificate
+and hence pass the "openssl verify -purpose sslserver ..." test. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/server.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_chain_files">smtpd_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms&mdash;which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448&mdash;it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or a configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p> RSA is still the most widely supported algorithm. Presently (late
+2018), ECDSA support is common, but not yet universal, and Ed25519 and
+Ed448 support is mostly absent. Therefore, an RSA key should generally
+be configured, along with any additional keys for the other algorithms
+when desired. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a>
+(default: empty)</b></DT><DD>
+
+<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP server TLS
+cipher list. It is easy to create interoperability problems by choosing
+a non-default cipher list. Do not use a non-default TLS cipherlist for
+MX hosts on the public Internet. Clients that begin the TLS handshake,
+but are unable to agree on a common cipher, may not be able to send any
+email to the SMTP server. Using a restricted cipher list may be more
+appropriate for a dedicated MSA or an internal mailhub, where one can
+exert some control over the TLS software and settings of the connecting
+clients. </p>
+
+<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
+
+<p>This feature is available with Postfix version 2.2. It is not used with
+Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of
+the selected cipher grade. The default value is "medium" for Postfix
+releases after the middle of 2015, "export" for older releases.
+</p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
+details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP server DSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
+
+<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details.
+</p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> = /etc/postfix/server-dsa.pem
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with DH parameters that the Postfix SMTP server should
+use with non-export EDH ciphers. </p>
+
+<p> With Postfix &ge; 3.7, built with OpenSSL version is 3.0.0 or later, if the
+parameter value is either empty or "<b>auto</b>", then the DH parameter
+selection is delegated to the OpenSSL library, which selects appropriate
+parameters based on the TLS handshake. This choice is likely to be the most
+interoperable with SMTP clients using various TLS libraries, and custom local
+parameters are no longer recommended when using Postfix &ge; 3.7 built against
+OpenSSL 3.0.0. </p>
+
+<p> The best-practice choice of parameters uses a 2048-bit prime. This is fine,
+despite the historical "1024" in the parameter name. Do not be tempted to use
+much larger values, performance degrades quickly, and you may also cease to
+interoperate with some mainstream SMTP clients. As of Postfix 3.1, the
+compiled-in default prime is 2048-bits, and it is not strictly necessary,
+though perhaps somewhat beneficial to generate custom DH parameters. </p>
+
+<p> Instead of using the exact same parameter sets as distributed
+with other TLS packages, it is more secure to generate your own
+set of parameters with something like the following commands: </p>
+
+<blockquote>
+<pre>
+openssl dhparam -out /etc/postfix/dh2048.pem 2048
+openssl dhparam -out /etc/postfix/dh1024.pem 1024
+# As of Postfix 3.6, export-grade 512-bit DH parameters are no longer
+# supported or needed.
+openssl dhparam -out /etc/postfix/dh512.pem 512
+</pre>
+</blockquote>
+
+<p> It is safe to share the same DH parameters between multiple
+Postfix instances. If you prefer, you can generate separate
+parameters for each instance. </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = /etc/postfix/dh2048.pem
+</pre>
+
+<p>This feature is available in Postfix 2.2 and later.</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with DH parameters that the Postfix SMTP server should
+use with export-grade EDH ciphers. The default SMTP server cipher
+grade is "medium" with Postfix releases after the middle of 2015,
+and as a result export-grade cipher suites are by default not used.
+</p>
+
+<p> With Postfix &ge; 3.6 export-grade Diffie-Hellman key exchange
+is no longer supported, and this parameter is silently ignored. </p>
+
+<p> See also the discussion under the <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
+configuration parameter. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = /etc/postfix/dh_512.pem
+</pre>
+
+<p>This feature is available in Postfix 2.2 and later,
+but is ignored in Postfix 3.6 and later.</p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP server DSA private key in PEM format.
+This file may be combined with the Postfix SMTP server DSA certificate
+file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. The DSA algorithm is obsolete
+and should not be used. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>
+(default: empty)</b></DT><DD>
+
+<p> File with the Postfix SMTP server ECDSA certificate in PEM format.
+This file may also contain the Postfix SMTP server private ECDSA key.
+With Postfix &ge; 3.4 the preferred way to configure server keys and
+certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
+
+<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/ecdsa-scert.pem
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP server ECDSA private key in PEM format.
+This file may be combined with the Postfix SMTP server ECDSA certificate
+file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. With Postfix &ge; 3.4 the
+preferred way to configure server keys and certificates is via the
+"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when Postfix is
+compiled and linked with OpenSSL 1.0.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The Postfix SMTP server security grade for ephemeral elliptic-curve
+Diffie-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of
+this parameter is always ignored, and Postfix behaves as though the
+<b>auto</b> value (described below) was chosen.
+</p>
+
+<p> The available choices are: </p>
+
+<dl>
+
+<dt><b>auto</b></dt> <dd> Use the most preferred curve that is
+supported by both the client and the server. This setting requires
+Postfix &ge; 3.2 compiled and linked with OpenSSL &ge; 1.0.2. This
+is the default setting under the above conditions (and the only
+setting used with Postfix &ge; 3.6). </dd>
+
+<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
+exchange will be disabled. This is the default in Postfix versions
+2.6 and 2.7. </dd>
+
+<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128 bits of
+security at a reasonable computational cost. This is the default in
+Postfix versions 2.8&ndash;3.5. </dd>
+
+<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
+security at computational cost that is approximately twice as high
+as 128 bit strength ECC. </dd>
+
+</dl>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms
+where EC algorithms have not been disabled by the vendor. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> List of ciphers or cipher types to exclude from the SMTP server
+cipher list at all TLS security levels. Excluding valid ciphers
+can create interoperability problems. DO NOT exclude ciphers unless it
+is essential to do so. This is not an OpenSSL cipherlist; it is a simple
+list separated by whitespace and/or commas. The elements are a single
+cipher, or one or more "+" separated cipher properties, in which case
+only ciphers matching <b>all</b> the properties are excluded. </p>
+
+<p> Examples (some of these will cause problems): </p>
+
+<blockquote>
+<pre>
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = MD5, DES
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = DES+MD5
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = AES256-SHA, DES-CBC3-MD5
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = kEDH+aRSA
+</pre>
+</blockquote>
+
+<p> The first setting disables anonymous ciphers. The next setting
+disables ciphers that use the MD5 digest algorithm or the (single) DES
+encryption algorithm. The next setting disables ciphers that use MD5 and
+DES together. The next setting disables the two ciphers "AES256-SHA"
+and "DES-CBC3-MD5". The last setting disables ciphers that use "EDH"
+key exchange with RSA authentication. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The message digest algorithm to construct remote SMTP client-certificate
+fingerprints or public key fingerprints (Postfix 2.9 and later) for
+<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>. </p>
+
+<p> The default algorithm is <b>sha256</b> with Postfix &ge; 3.6
+and the <b><a href="postconf.5.html#compatibility_level">compatibility_level</a></b> set to 3.6 or higher. With Postfix
+&le; 3.5, the default algorithm is <b>md5</b>. </p>
+
+<p> The best-practice algorithm is now <b>sha256</b>. Recent advances in hash
+function cryptanalysis have led to md5 and sha1 being deprecated in favor of
+sha256. However, as long as there are no known "second pre-image" attacks
+against the older algorithms, their use in this context, though not
+recommended, is still likely safe. </p>
+
+<p> While additional digest algorithms are often available with OpenSSL's
+libcrypto, only those used by libssl in SSL cipher suites are available to
+Postfix. You'll likely find support for md5, sha1, sha256 and sha512. </p>
+
+<p> To find the fingerprint of a specific certificate file, with a
+specific digest algorithm, run: </p>
+
+<blockquote>
+<pre>
+$ openssl x509 -noout -fingerprint -<i>digest</i> -in <i>certfile</i>.pem
+</pre>
+</blockquote>
+
+<p> The text to the right of "=" sign is the desired fingerprint.
+For example: </p>
+
+<blockquote>
+<pre>
+$ openssl x509 -noout -fingerprint -sha256 -in cert.pem
+SHA256 Fingerprint=D4:6A:AB:19:24:...:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A
+</pre>
+</blockquote>
+
+<p> To extract the public key fingerprint from an X.509 certificate,
+you need to extract the public key from the certificate and compute
+the appropriate digest of its DER (ASN.1) encoding. With OpenSSL
+the "-pubkey" option of the "x509" command extracts the public
+key always in "PEM" format. We pipe the result to another OpenSSL
+command that converts the key to DER and then to the "dgst" command
+to compute the fingerprint. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+$ openssl x509 -in cert.pem -noout -pubkey |
+ openssl pkey -pubin -outform DER |
+ openssl dgst -sha256 -c
+(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58
+</pre>
+</blockquote>
+
+<p> The Postfix SMTP server and client log the peer (leaf) certificate
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
+higher. </p>
+
+<p> Example: client-certificate access table, with sha256 fingerprints: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> = sha256
+ <a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
+ <a href="postconf.5.html#check_ccert_access">check_ccert_access</a> <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/access,
+ reject
+</pre>
+<pre>
+/etc/postfix/access:
+ # Action folded to next line...
+ AF:88:7C:AD:51:95:6F:36:96:...:01:FB:2E:48:CD:AB:49:25:A2:3B
+ OK
+ 85:16:78:FD:73:6E:CE:70:E0:...:5F:0D:3C:C8:6D:C4:2C:24:59:E1
+ <a href="postconf.5.html#permit_auth_destination">permit_auth_destination</a>
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_key_file">smtpd_tls_key_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix SMTP server RSA private key in PEM format.
+This file may be combined with the Postfix SMTP server RSA certificate
+file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. With Postfix &ge; 3.4 the
+preferred way to configure server keys and certificates is via the
+"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
+
+<p> The private key must be accessible without a pass-phrase, i.e. it
+must not be encrypted. File permissions should grant read-only
+access to the system superuser account ("root"), and no access
+to anyone else. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_loglevel">smtpd_tls_loglevel</a>
+(default: 0)</b></DT><DD>
+
+<p> Enable additional Postfix SMTP server logging of TLS activity.
+Each logging level also includes the information that is logged at
+a lower logging level. </p>
+
+<dl compact>
+
+<dt> </dt> <dd> 0 Disable logging of TLS activity. </dd>
+
+<dt> </dt> <dd> 1 Log only a summary message on TLS handshake completion
+&mdash; no logging of client certificate trust-chain verification errors
+if client certificate verification is not required. With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors. </dd>
+
+<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd>
+
+<dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation
+process. </dd>
+
+<dt> </dt> <dd> 4 Also log hexadecimal and ASCII dump of complete
+transmission after STARTTLS. </dd>
+
+</dl>
+
+<p> Do not use "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 2" or higher except in case
+of problems. Use of loglevel 4 is strongly discouraged. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory TLS encryption. The default grade ("medium") is
+sufficiently strong that any benefit from globally restricting TLS
+sessions to a more stringent grade is likely negligible, especially
+given the fact that many implementations still do not offer any stronger
+("high" grade) ciphers, while those that do, will always use "high"
+grade ciphers. So insisting on "high" grade ciphers is generally
+counter-productive. Allowing "export" or "low" ciphers is typically
+not a good idea, as systems limited to just these are limited to
+obsolete browsers. No known SMTP clients fail to support at least
+one "medium" or "high" grade cipher. </p>
+
+<p> The following cipher grades are supported: </p>
+
+<dl>
+<dt><b>high</b></dt>
+<dd> Enable only "HIGH" grade OpenSSL ciphers. The
+underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a>
+configuration parameter, which you are strongly encouraged to
+not change. </dd>
+
+<dt><b>medium</b></dt>
+<dd> Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128-bit
+or longer symmetric bulk-encryption keys. This is the default minimum
+strength for mandatory TLS encryption. The underlying cipherlist is
+specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which
+you are strongly encouraged not to change. </dd>
+
+<dt><b>null</b></dt>
+<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare
+case that all clients are prepared to use NULL ciphers (not normally
+enabled in TLS clients). The underlying cipherlist is specified via the
+<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
+encouraged not to change. </dd>
+
+<dt><b>low</b></dt>
+<dd> Enable "LOW" grade or stronger OpenSSL ciphers. In Postfix
+&ge; 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "LOW" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used. </dd>
+
+<dt><b>export</b></dt>
+<dd> Enable "EXPORT" grade or stronger OpenSSL ciphers. In Postfix
+&ge; 3.8 this cipher grade is always identical to "medium". Recent
+versions of OpenSSL do not support any "EXPORT" grade ciphers. In
+earlier Postfix releases the underlying cipherlist was specified
+via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter, which you are
+strongly encouraged not to change. This obsolete cipher grade
+SHOULD NOT be used. </dd>
+
+</dl>
+
+<p> Cipher types listed in
+<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are
+excluded from the base definition of the selected cipher grade. See
+<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic
+TLS. </p>
+
+<p> The underlying cipherlists for grades other than "null" include
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for remote SMTP client certificates. You are very
+unlikely to need to take any steps to exclude anonymous ciphers, they
+are excluded automatically as required. If you must exclude anonymous
+ciphers even when Postfix does not need or use peer certificates, set
+"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers only
+when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
+(default: empty)</b></DT><DD>
+
+<p> Additional list of ciphers or cipher types to exclude from the
+Postfix SMTP server cipher list at mandatory TLS security levels.
+This list
+works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
+(see there for syntax details). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> TLS protocols accepted by the Postfix SMTP server with mandatory TLS
+encryption. If the list is empty, the server supports all available TLS
+protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: "&gt;=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "&lt;=<i>version</i>". There must be no whitespace between
+the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix &ge; 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=0305
+# Allow only TLS 1.2 and up:
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=0x0303
+</pre>
+</blockquote>
+
+<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> =
+!SSLv2, !SSLv3". Listing the protocols to include, rather than
+protocols to exclude, is supported, but not recommended. The exclusion
+form more accurately matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> Example: </p>
+
+<pre>
+# Preferred syntax with Postfix &ge; 3.6:
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = &gt;=TLSv1.2, &lt;=TLSv1.3
+# Legacy syntax:
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
+</pre>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
+(default: see postconf -d output)</b></DT><DD>
+
+<p> TLS protocols accepted by the Postfix SMTP server with opportunistic
+TLS encryption. If the list is empty, the server supports all available
+TLS protocol versions. A non-empty value is a list of protocol names to
+include or exclude, separated by whitespace, commas or colons. </p>
+
+<p> The valid protocol names (see SSL_get_version(3)) are "SSLv2",
+"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with
+Postfix 3.6, the default value is "&gt;=TLSv1", which sets TLS 1.0 as
+the lowest supported TLS protocol version (see below). Older releases
+use the "!" exclusion syntax, also described below. </p>
+
+<p> As of Postfix 3.6, the preferred way to limit the range of
+acceptable protocols is to set the lowest acceptable TLS protocol
+version and/or the highest acceptable TLS protocol version. To set the
+lower bound include an element of the form: "&gt;=<i>version</i>" where
+<i>version</i> is a either one of the TLS protocol names listed above,
+or a hexadecimal number corresponding to the desired TLS protocol
+version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper
+bound, use "&lt;=<i>version</i>". There must be no whitespace between
+the "&gt;=" or "&lt;=" symbols and the protocol name or number. </p>
+
+<p> Hexadecimal protocol numbers make it possible to specify protocol
+bounds for TLS versions that are known to OpenSSL, but might not be
+known to Postfix. They cannot be used with the legacy exclusion syntax.
+Leading "0" or "0x" prefixes are supported, but not required.
+Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to
+"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the
+upper or lower bound, and a warning will be logged. Hexadecimal
+versions should only be used when Postfix is linked with some future
+version of OpenSSL that supports TLS 1.4 or later, but Postfix does not
+yet support a symbolic name for that protocol version. </p>
+
+<p>Hexadecimal example (Postfix &ge; 3.6):</p>
+<blockquote>
+<pre>
+# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported
+# in some future version of OpenSSL (presently a warning is logged).
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=TLSv1, &lt;=0305
+# Allow only TLS 1.0 and up:
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=0x0301
+</pre>
+</blockquote>
+
+<p> With Postfix &lt; 3.6 there is no support for a minimum or maximum
+version, and the protocol range is configured via protocol exclusions.
+To require at least TLS 1.0, set "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3".
+Listing the protocols to include, rather than protocols to exclude, is
+supported, but not recommended. The exclusion form more accurately
+matches the underlying OpenSSL interface. </p>
+
+<p> Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling
+this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch
+releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2). </p>
+
+<p> Example: </p>
+<pre>
+# Preferred syntax with Postfix &ge; 3.6:
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = &gt;=TLSv1, &lt;=TLSv1.3
+# Legacy syntax:
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a>
+(default: no)</b></DT><DD>
+
+<p> Request that the Postfix SMTP server produces Received: message
+headers that include information about the protocol and cipher used,
+as well as the remote SMTP client CommonName and client certificate issuer
+CommonName. This is disabled by default, as the information may
+be modified in transit through other mail servers. Only information
+that was recorded by the final destination can be trusted. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>
+(default: no)</b></DT><DD>
+
+<p> With mandatory TLS encryption, require a trusted remote SMTP client
+certificate in order to allow TLS connections to proceed. This
+option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p>
+
+<p> When TLS encryption is optional, this setting is ignored with
+a warning written to the mail log. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a>
+(default: empty)</b></DT><DD>
+
+<p> The SMTP TLS security level for the Postfix SMTP server; when
+a non-empty value is specified, this overrides the obsolete parameters
+<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with
+"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p>
+
+<p> Specify one of the following security levels: </p>
+
+<dl>
+
+<dt><b>none</b></dt> <dd> TLS will not be used. </dd>
+
+<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
+to remote SMTP clients, but do not require that clients use TLS encryption.
+</dd>
+
+<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
+STARTTLS support to remote SMTP clients, and require that clients use TLS
+encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
+of a publicly-referenced SMTP server. Instead, this option should
+be used only on dedicated servers. </dd>
+
+</dl>
+
+<p> Note 1: the "fingerprint", "verify" and "secure" levels are not
+supported here.
+The Postfix SMTP server logs a warning and uses "encrypt" instead.
+To verify remote SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion
+of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
+features. </p>
+
+<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> =
+encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p>
+
+<p> Note 3: when invoked via "sendmail -bs", Postfix will never
+offer STARTTLS due to insufficient privileges to access the server
+private key. This is intended behavior.</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
+(default: empty)</b></DT><DD>
+
+<p> Name of the file containing the optional Postfix SMTP server
+TLS session cache. Specify a database type that supports enumeration,
+such as <b>btree</b> or <b>sdbm</b>; there is no need to support
+concurrent access. The file is created if it does not exist. The <a href="smtpd.8.html">smtpd(8)</a>
+daemon does not use this parameter directly, rather the cache is
+implemented indirectly in the <a href="tlsmgr.8.html">tlsmgr(8)</a> daemon. This means that
+per-smtpd-instance <a href="master.5.html">master.cf</a> overrides of this parameter are not
+effective. Note that each of the cache databases supported by <a href="tlsmgr.8.html">tlsmgr(8)</a>
+daemon: $<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, $<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+(and with Postfix 2.3 and later $<a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>), needs to be
+stored separately. It is not at this time possible to store multiple
+caches in a single database. </p>
+
+<p> Note: <b>dbm</b> databases are not suitable. TLS
+session objects are too large. </p>
+
+<p> As of version 2.5, Postfix no longer uses root privileges when
+opening this file. The file should now be stored under the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>. As a migration aid, an attempt to open the file
+under a non-Postfix directory is redirected to the Postfix-owned
+<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
+
+<p> As of Postfix 2.11 the preferred mechanism for session resumption
+is <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
+storage. Consequently, for Postfix &ge; 2.11 this parameter should
+generally be left empty. TLS session tickets require an OpenSSL
+library (at least version 0.9.8h) that provides full support for
+this TLS extension. See also <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p>
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> = <a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/smtpd_scache
+</pre>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>
+(default: 3600s)</b></DT><DD>
+
+<p> The expiration time of Postfix SMTP server TLS session cache
+information. A cache cleanup is performed periodically
+every $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> seconds. As with
+$<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>, this parameter is implemented in the
+<a href="tlsmgr.8.html">tlsmgr(8)</a> daemon and therefore per-smtpd-instance <a href="master.5.html">master.cf</a> overrides
+are not possible. </p>
+
+<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
+&le; 0, session caching is disabled, not just via the database, but
+also via <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
+storage. If set to a positive value less than 2 minutes, the minimum
+value of 2 minutes is used instead. TLS session tickets require
+an OpenSSL library (at least version 0.9.8h) that provides full
+support for this TLS extension. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later, and updated
+for TLS session ticket support in Postfix 2.11. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>
+(default: no)</b></DT><DD>
+
+<p> Run the Postfix SMTP server in TLS "wrapper" mode,
+instead of using the STARTTLS command. </p>
+
+<p> If you want to support this service, enable a special port in
+<a href="master.5.html">master.cf</a>, and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes" on the SMTP
+server's command line. Port 465 (submissions/smtps) is reserved for
+this purpose. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a>
+(default: empty)</b></DT><DD>
+
+<p> The name of the proxy protocol used by an optional before-smtpd
+proxy agent. When a proxy agent is used, this protocol conveys local
+and remote address and port information. Specify
+"<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> = haproxy" to enable the haproxy
+protocol; version 2 is supported with Postfix 3.5 and later. </p>
+
+<p> NOTE: To use the nginx proxy with <a href="smtpd.8.html">smtpd(8)</a>, enable the XCLIENT
+protocol with <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a>. This supports SASL
+authentication in the proxy agent (Postfix 2.9 and later). <p>
+
+<p> This feature is available in Postfix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a>
+(default: 5s)</b></DT><DD>
+
+<p> The time limit for the proxy protocol specified with the
+<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.10 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a>
+(default: no)</b></DT><DD>
+
+<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption. </p>
+
+<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
+STARTTLS due to insufficient privileges to access the server private
+key. This is intended behavior. </p>
+
+<p> This feature is available in Postfix 2.2 and later. With
+Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
+
+
+</DD>
+
+<DT><b><a name="smtputf8_autodetect_classes">smtputf8_autodetect_classes</a>
+(default: sendmail, verify)</b></DT><DD>
+
+<p> Detect that a message requires SMTPUTF8 support for the specified
+mail origin classes. This is a workaround to avoid chicken-and-egg
+problems during the initial SMTPUTF8 roll-out in environments with
+pre-existing mail flows that contain UTF8. Those mail flows should
+not break because Postfix suddenly refuses to deliver such mail
+to down-stream MTAs that don't announce SMTPUTF8 support. </p>
+
+<p> The problem is that Postfix cannot rely solely on the sender's
+declaration that a message requires SMTPUTF8 support, because UTF8
+may be introduced during local processing (for example, the client
+hostname in Postfix's Received: header, adding @$<a href="postconf.5.html#myorigin">myorigin</a> or
+.$<a href="postconf.5.html#mydomain">mydomain</a> to an incomplete address, address rewriting, alias
+expansion, automatic BCC recipients, local forwarding, and changes
+made by header checks or Milter applications). </p>
+
+<p> For now, the default is to enable "SMTPUTF8 required" autodetection
+only for Postfix sendmail command-line submissions and address
+verification probes. This may change once SMTPUTF8 support achieves
+world domination. However, sites that add UTF8 content via local
+processing (see above) should autodetect the need for SMTPUTF8
+support for all email.</p>
+
+<p> Specify one or more of the following: </p>
+
+<dl compact>
+
+<dt> <b> sendmail </b> </dt> <dd> Submission with the Postfix
+<a href="sendmail.1.html">sendmail(1)</a> command. </dd>
+
+<dt> <b> smtpd </b> </dt> <dd> Mail received with the <a href="smtpd.8.html">smtpd(8)</a>
+daemon. </dd>
+
+<dt> <b> qmqpd </b> </dt> <dd> Mail received with the <a href="qmqpd.8.html">qmqpd(8)</a>
+daemon. </dd>
+
+<dt> <b> forward </b> </dt> <dd> Local forwarding or aliasing. When
+a message is received with "SMTPUTF8 required", then the forwarded
+(aliased) message always has "SMTPUTF8 required". </dd>
+
+<dt> <b> bounce </b> </dt> <dd> Submission by the <a href="bounce.8.html">bounce(8)</a> daemon.
+When a message is received with "SMTPUTF8 required", then the
+delivery status notification always has "SMTPUTF8 required". </dd>
+
+<dt> <b> notify </b> </dt> <dd> Postmaster notification from the
+<a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a> daemon. </dd>
+
+<dt> <b> verify </b> </dt> <dd> Address verification probe from the
+<a href="verify.8.html">verify(8)</a> daemon. </dd>
+
+<dt> <b> all </b> </dt> <dd> Enable SMTPUTF8 autodetection for all
+mail. </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtputf8_enable">smtputf8_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> Enable preliminary SMTPUTF8 support for the protocols described
+in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>. This requires that Postfix is
+built to support these protocols. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="soft_bounce">soft_bounce</a>
+(default: no)</b></DT><DD>
+
+<p>
+Safety net to keep mail queued that would otherwise be returned to
+the sender. This parameter disables locally-generated bounces,
+changes the handling of negative responses from remote servers,
+content filters or plugins,
+and prevents the Postfix SMTP server from rejecting mail permanently
+by changing 5xx reply codes into 4xx. However, <a href="postconf.5.html#soft_bounce">soft_bounce</a> is no
+cure for address rewriting mistakes or mail routing mistakes.
+</p>
+
+<p>
+Note: "<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes" is in some cases implemented by modifying
+server responses. Therefore, the response that Postfix logs may
+differ from the response that Postfix actually sends or receives.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#soft_bounce">soft_bounce</a> = yes
+</pre>
+
+
+</DD>
+
+<DT><b><a name="stale_lock_time">stale_lock_time</a>
+(default: 500s)</b></DT><DD>
+
+<p>
+The time after which a stale exclusive mailbox lockfile is removed.
+This is used for delivery to file or mailbox.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="stress">stress</a>
+(default: empty)</b></DT><DD>
+
+<p> This feature is documented in the <a href="STRESS_README.html">STRESS_README</a> document. </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="strict_7bit_headers">strict_7bit_headers</a>
+(default: no)</b></DT><DD>
+
+<p>
+Reject mail with 8-bit text in message headers. This blocks mail
+from poorly written applications.
+</p>
+
+<p>
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="strict_8bitmime">strict_8bitmime</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>.
+</p>
+
+<p>
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="strict_8bitmime_body">strict_8bitmime_body</a>
+(default: no)</b></DT><DD>
+
+<p>
+Reject 8-bit message body text without 8-bit MIME content encoding
+information. This blocks mail from poorly written applications.
+</p>
+
+<p>
+Unfortunately, this also rejects majordomo approval requests when
+the included request contains valid 8-bit MIME mail, and it rejects
+bounces from mailers that do not MIME encapsulate 8-bit content
+(for example, bounces from qmail or from old versions of Postfix).
+</p>
+
+<p>
+This feature should not be enabled on a general purpose mail server,
+because it is likely to reject legitimate email.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="strict_mailbox_ownership">strict_mailbox_ownership</a>
+(default: yes)</b></DT><DD>
+
+<p> Defer delivery when a mailbox file is not owned by its recipient.
+The default setting is not backwards compatible. </p>
+
+<p> This feature is available in Postfix 2.5.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="strict_mime_encoding_domain">strict_mime_encoding_domain</a>
+(default: no)</b></DT><DD>
+
+<p>
+Reject mail with invalid Content-Transfer-Encoding: information
+for the message/* or multipart/* MIME content types. This blocks
+mail from poorly written software.
+</p>
+
+<p>
+This feature should not be enabled on a general purpose mail server,
+because it will reject mail after a single violation.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="strict_rfc821_envelopes">strict_rfc821_envelopes</a>
+(default: no)</b></DT><DD>
+
+<p>
+Require that addresses received in SMTP MAIL FROM and RCPT TO
+commands are enclosed with &lt;&gt;, and that those addresses do
+not contain <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail
+from poorly written software.
+</p>
+
+<p>
+By default, the Postfix SMTP server accepts <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL
+FROM and RCPT TO addresses.
+</p>
+
+
+</DD>
+
+<DT><b><a name="strict_smtputf8">strict_smtputf8</a>
+(default: no)</b></DT><DD>
+
+<p> Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix
+SMTP server accepts UTF8 sender or recipient addresses only when
+the client requests an SMTPUTF8 mail transaction. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="sun_mailtool_compatibility">sun_mailtool_compatibility</a>
+(default: no)</b></DT><DD>
+
+<p>
+Obsolete SUN mailtool compatibility feature. Instead, use
+"<a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> = dotlock".
+</p>
+
+
+</DD>
+
+<DT><b><a name="swap_bangpath">swap_bangpath</a>
+(default: yes)</b></DT><DD>
+
+<p>
+Enable the rewriting of "site!user" into "user@site". This is
+necessary if your machine is connected to UUCP networks. It is
+enabled by default.
+</p>
+
+<p> Note: with Postfix version 2.2, message header address rewriting
+happens only when one of the following conditions is true: </p>
+
+<ul>
+
+<li> The message is received with the Postfix <a href="sendmail.1.html">sendmail(1)</a> command,
+
+<li> The message is received from a network client that matches
+$<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a>,
+
+<li> The message is received from the network, and the
+<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter specifies a non-empty value.
+
+</ul>
+
+<p> To get the behavior before Postfix version 2.2, specify
+"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = <a href="DATABASE_README.html#types">static</a>:all". </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#swap_bangpath">swap_bangpath</a> = no
+</pre>
+
+
+</DD>
+
+<DT><b><a name="syslog_facility">syslog_facility</a>
+(default: mail)</b></DT><DD>
+
+<p>
+The syslog facility of Postfix logging. Specify a facility as
+defined in syslog.conf(5). The default facility is "mail".
+</p>
+
+<p>
+Warning: a non-default <a href="postconf.5.html#syslog_facility">syslog_facility</a> setting takes effect only
+after a Postfix process has completed initialization. Errors during
+process initialization will be logged with the default facility.
+Examples are errors while parsing the command line arguments, and
+errors while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file.
+</p>
+
+
+</DD>
+
+<DT><b><a name="syslog_name">syslog_name</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+A prefix that is prepended to the process name in syslog
+records, so that, for example, "smtpd" becomes "prefix/smtpd".
+</p>
+
+<p>
+Warning: a non-default <a href="postconf.5.html#syslog_name">syslog_name</a> setting takes effect only after
+a Postfix process has completed initialization. Errors during
+process initialization will be logged with the default name. Examples
+are errors while parsing the command line arguments, and errors
+while accessing the Postfix <a href="postconf.5.html">main.cf</a> configuration file.
+</p>
+
+
+</DD>
+
+<DT><b><a name="tcp_windowsize">tcp_windowsize</a>
+(default: 0)</b></DT><DD>
+
+<p> An optional workaround for routers that break TCP window scaling.
+Specify a value &gt; 0 and &lt; 65536 to enable this feature. With
+Postfix TCP servers (<a href="smtpd.8.html">smtpd(8)</a>, <a href="qmqpd.8.html">qmqpd(8)</a>), this feature is implemented
+by the Postfix <a href="master.8.html">master(8)</a> daemon. </p>
+
+<p> To change this parameter without stopping Postfix, you need to
+first terminate all Postfix TCP servers: </p>
+
+<blockquote>
+<pre>
+# postconf -e <a href="postconf.5.html#master_service_disable">master_service_disable</a>=inet
+# postfix reload
+</pre>
+</blockquote>
+
+<p> This immediately terminates all processes that accept network
+connections. Next, you enable Postfix TCP servers with the updated
+<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> setting: </p>
+
+<blockquote>
+<pre>
+# postconf -e <a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a>=65535 <a href="postconf.5.html#master_service_disable">master_service_disable</a>=
+# postfix reload
+</pre>
+</blockquote>
+
+<p> If you skip these steps with a running Postfix system, then the
+<a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> change will work only for Postfix TCP clients (<a href="smtp.8.html">smtp(8)</a>,
+<a href="lmtp.8.html">lmtp(8)</a>). </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_append_default_CA">tls_append_default_CA</a>
+(default: no)</b></DT><DD>
+
+<p> Append the system-supplied default Certification Authority
+certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
+The default is "no"; this prevents Postfix from trusting third-party
+certificates and giving them relay permission with
+<a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
+
+<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
+2.7.2 and later versions. Specify "<a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> = yes" for
+backwards compatibility, to avoid breaking certificate verification
+with sites that don't use <a href="postconf.5.html#permit_tls_all_clientcerts">permit_tls_all_clientcerts</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_config_file">tls_config_file</a>
+(default: default)</b></DT><DD>
+
+<p> Optional configuration file with baseline OpenSSL settings.
+OpenSSL loads any SSL settings found in the configuration file for
+the selected application name (see <a href="postconf.5.html#tls_config_name">tls_config_name</a>) or else the
+built-in application name "openssl_conf" when no application name is
+specified, or no corresponding configuration section is present.
+</p>
+
+<p> With OpenSSL releases 1.1.1 and 1.1.1a, applications (including
+Postfix) can neither specify an alternative configuration file, nor
+avoid loading the default configuration file. </p>
+
+<p> With OpenSSL 1.1.1b or later, this parameter may be set to one of:
+</p>
+
+<dl>
+
+<dt> <b>default</b> (default) </dt> <dd> Load the system-wide
+"openssl.cnf" configuration file. </dd>
+
+<dt> <b>none</b> (recommended, OpenSSL 1.1.1b or later only) </dt>
+<dd> This setting disables loading of the system-wide "openssl.cnf"
+file. </dd>
+
+<dt> <b><i>/absolute-path</i></b> (OpenSSL 1.1.1b or later only) </dt>
+<dd> Load the configuration file specified by <i>/absolute-path</i>.
+With this setting it is an error for the file to not contain any
+settings for the selected <a href="postconf.5.html#tls_config_name">tls_config_name</a>. There is no fallback to
+the default "openssl_conf" name. </dd>
+
+</dl>
+
+<p> Failures in processing of the built-in default configuration file,
+are silently ignored. Any errors in loading a non-default configuration
+file are detected by Postfix, and cause TLS support to be disabled.
+</p>
+
+<p> The OpenSSL configuration file format is not documented here,
+beyond giving two examples. <p>
+
+<p> Example: Default settings for all applications. </p>
+
+<blockquote>
+<pre>
+# The name 'openssl_conf' is the default application name
+# The section name to the right of the '=' sign is arbitrary,
+# any name will do, so long as it refers to the desired section.
+#
+# The name 'system_default' selects the settings applied internally
+# by the SSL library as part of SSL object creation. Applications
+# can then apply any additional settings of their choice.
+#
+# In this example, TLS versions prior to 1.2 are disabled by default.
+#
+openssl_conf = system_wide_settings
+[system_wide_settings]
+ssl_conf = ssl_library_settings
+[ssl_library_settings]
+system_default = initial_ssl_settings
+[initial_ssl_settings]
+MinProtocol = TLSv1.2
+</pre>
+</blockquote>
+
+<p> Example: Custom settings for an application named "postfix". </p>
+
+<blockquote>
+<pre>
+# The mapping from an application name to the corresponding configuration
+# section must appear near the top of the file, (in what is sometimes called
+# the "default section") prior to the start of any explicitly named
+# "[sections]". The named sections can appear in any order and don't nest.
+#
+postfix = postfix_settings
+[postfix_settings]
+ssl_conf = postfix_ssl_settings
+[postfix_ssl_settings]
+system_default = baseline_postfix_settings
+[baseline_postfix_settings]
+MinProtocol = TLSv1
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_config_name">tls_config_name</a>
+(default: empty)</b></DT><DD>
+
+<p> The application name passed by Postfix to OpenSSL library
+initialization functions. This name is used to select the desired
+configuration "section" in the OpenSSL configuration file specified
+via the <a href="postconf.5.html#tls_config_file">tls_config_file</a> parameter. When empty, or when the
+selected name is not present in the configuration file, the default
+application name ("openssl_conf") is used as a fallback. </p>
+
+<p> This feature is available in Postfix &ge; 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_daemon_random_bytes">tls_daemon_random_bytes</a>
+(default: 32)</b></DT><DD>
+
+<p> The number of pseudo-random bytes that an <a href="smtp.8.html">smtp(8)</a> or <a href="smtpd.8.html">smtpd(8)</a>
+process requests from the <a href="tlsmgr.8.html">tlsmgr(8)</a> server in order to seed its
+internal pseudo random number generator (PRNG). The default of 32
+bytes (equivalent to 256 bits) is sufficient to generate a 128bit
+(or 168bit) session key. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a>
+(default: on)</b></DT><DD>
+
+<p> Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+Do not change this setting from its default value. </p>
+
+<p> See Section 8 of <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> for correct key rotation procedures. </p>
+
+<p> This feature is available in Postfix 2.11 through 3.1. Postfix
+3.2 and later ignore this configuration parameter and behave as
+though it were set to "on". </p>
+
+
+</DD>
+
+<DT><b><a name="tls_dane_digests">tls_dane_digests</a>
+(default: sha512 sha256)</b></DT><DD>
+
+<p> DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) resource-record "matching
+type" digest algorithms in descending preference order. All the
+specified algorithms must be supported by the underlying OpenSSL
+library, otherwise the Postfix SMTP client will not support DANE
+TLSA security. </p>
+
+<p> Specify a list of digest names separated by commas and/or
+whitespace. Each digest name may be followed by an optional
+"=&lt;number&gt;" suffix. For example, "sha512" may instead be specified
+as "sha512=2" and "sha256" may instead be specified as "sha256=1".
+The optional number must match the <a
+href="https://www.iana.org/assignments/dane-parameters/dane-parameters.xhtml#matching-types"
+>IANA</a> assigned TLSA matching type number the algorithm in question.
+Postfix will check this constraint for the algorithms it knows about.
+Additional matching type algorithms registered with IANA can be added
+with explicit numbers provided they are supported by OpenSSL. </p>
+
+<p> Invalid list elements are logged with a warning and disable DANE
+support. TLSA RRs that specify digests not included in the list are
+ignored with a warning. </p>
+
+<p> Note: It is unwise to omit sha256 from the digest list. This
+digest algorithm is the only mandatory to implement digest algorithm
+in <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected to publish TLSA records
+with just sha256 digests. Unless one of the standard digests is
+seriously compromised and servers have had ample time to update their
+TLSA records you should not omit any standard digests, just arrange
+them in order from strongest to weakest. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+digests of trust-anchors with certificate usage "2". Do not change
+this setting from its default value. </p>
+
+<p> This feature is available in Postfix 2.11 through 3.1. It has
+been withdrawn in Postfix 3.2, as trust-anchor TLSA records are now
+widely used and have proved sufficiently reliable. Postfix 3.2 and
+later ignore this configuration parameter and behaves as though it
+were set to "yes". </p>
+
+
+</DD>
+
+<DT><b><a name="tls_disable_workarounds">tls_disable_workarounds</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p>
+
+<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS
+implementations. Applications, such as Postfix, that want to maximize
+interoperability ask the OpenSSL library to enable the full set of
+recommended work-arounds. </p>
+
+<p> From time to time, it is discovered that a work-around creates a
+security issue, and should no longer be used. If upgrading OpenSSL
+to a fixed version is not an option or an upgrade is not available
+in a timely manner, or in closed environments where no buggy clients
+or servers exist, it may be appropriate to disable some or all of the
+OpenSSL interoperability work-arounds. This parameter specifies which
+bug work-arounds to disable. </p>
+
+<p> If the value of the parameter is a hexadecimal long integer starting
+with "0x", the bug work-arounds corresponding to the bits specified in
+its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask
+(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more
+bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
+0xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should
+also be sufficient on 64-bit systems, until OpenSSL abandons support
+for 32-bit systems and starts using the high 32 bits of a 64-bit
+bug-workaround mask. </p>
+
+<p> Otherwise, the parameter is a white-space or comma separated list
+of specific named bug work-arounds chosen from the list below. It
+is possible that your OpenSSL version includes new bug work-arounds
+added after your Postfix source code was last updated, in that case
+you can only disable one of these via the hexadecimal syntax above. </p>
+
+<dl>
+
+<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
+OpenSSL 1.0.0.</dd>
+
+<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
+
+<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
+
+<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
+<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
+
+<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
+as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
+default with OpenSSL versions that may predate the fix. Fixed in
+OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
+
+<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
+
+<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
+SSL_CTX_set_options(3)</dd>
+
+<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
+
+<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
+This is disabled in OpenSSL 0.9.7 and later. Nobody should still
+be using 0.9.6! </dd>
+
+<dt><b>TLSEXT_PADDING</b></dt><dd>Postfix &ge; 3.4. See SSL_CTX_set_options(3).</dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server. These curves are used by the Postfix SMTP
+server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = auto". The selected curves must be
+implemented by OpenSSL and be standardized for use in TLS (<a href="https://tools.ietf.org/html/rfc8422">RFC 8422</a>).
+It is unwise to list only "bleeding-edge" curves supported by a small
+subset of clients. The default list is suitable for most users. </p>
+
+<p> Postfix skips curve names that are unknown to OpenSSL, or that
+are known but not yet implemented. This makes it possible to
+"anticipate" support for curves that should be used once they become
+available. In particular, in some OpenSSL versions, the new <a href="https://tools.ietf.org/html/rfc8031">RFC</a>
+<a href="https://tools.ietf.org/html/rfc8031">8031</a> curves "X25519" and "X448" may be known by name, but ECDH
+support for either or both may be missing. These curves may appear
+in the default value of this parameter, even though they'll only
+be usable with later versions of OpenSSL. </p>
+
+<p> See also the "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" parameter, which supports
+customizing the list of FFDHE groups enabled with TLS 1.3. That setting
+is introduced with Postfix 3.8, when built against OpenSSL 3.0 or later.
+</p>
+
+<p> This feature is available in Postfix 3.2 and later, when it is
+compiled and linked with OpenSSL 1.0.2 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_eecdh_strong_curve">tls_eecdh_strong_curve</a>
+(default: prime256v1)</b></DT><DD>
+
+<p> The elliptic curve used by the Postfix SMTP server for sensibly
+strong
+ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
+server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The phrase "sensibly
+strong" means approximately 128-bit security based on best known
+attacks. The selected curve must be implemented by OpenSSL (as
+reported by ecparam(1) with the "-list_curves" option) and be one
+of the curves listed in Section 5.1.1 of <a href="https://tools.ietf.org/html/rfc8422">RFC 8422</a>. You should not
+generally change this setting. Remote SMTP client implementations
+must support this curve for EECDH key exchange to take place. It
+is unwise to choose only "bleeding-edge" curves supported by only a
+small subset of clients. </p>
+
+<p> The default "strong" curve is rated in NSA <a
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to SECRET. </p>
+
+<p> Note: elliptic curve names are poorly standardized; different
+standards groups are assigning different names to the same underlying
+curves. The curve with the X9.62 name "prime256v1" is also known
+under the SECG name "secp256r1", but OpenSSL does not recognize the
+latter name. </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a>
+(default: secp384r1)</b></DT><DD>
+
+<p> The elliptic curve used by the Postfix SMTP server for maximally
+strong
+ephemeral ECDH key exchange. This curve is used by the Postfix SMTP
+server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = ultra". The phrase "maximally
+strong" means approximately 192-bit security based on best known attacks.
+This additional strength comes at a significant computational cost, most
+users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected
+curve must be implemented by OpenSSL (as reported by ecparam(1) with the
+"-list_curves" option) and be one of the curves listed in Section 5.1.1
+of <a href="https://tools.ietf.org/html/rfc8422">RFC 8422</a>. You should not generally change this setting. Remote SMTP
+client implementations must support this curve for EECDH key exchange
+to take place. It is unwise to choose only "bleeding-edge" curves
+supported by only a small subset of clients. </p>
+
+<p> This default "ultra" curve is rated in NSA <a
+href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
+B</a> for information classified up to TOP SECRET. </p>
+
+<p> If you want to take maximal advantage of ciphers that offer <a
+href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
+the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
+started</a> section of <a
+href="FORWARD_SECRECY_README.html">FORWARD_SECRECY_README</a>. The
+full document conveniently presents all information about Postfix
+"perfect" forward secrecy support in one place: what forward secrecy
+is, how to tweak settings, and what you can expect to see when
+Postfix uses ciphers with forward secrecy. </p>
+
+<p> This feature is available in Postfix 2.6 and later, when it is
+compiled and linked with OpenSSL 1.0.0 or later on platforms where
+EC algorithms have not been disabled by the vendor. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_export_cipherlist">tls_export_cipherlist</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The OpenSSL cipherlist for "export" or higher grade ciphers.
+Ignored as of Postfix 3.8. In earlier Postfix releases this
+defined the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>,
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, <a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and
+<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to
+change this setting. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> A workaround for implementations that hang Postfix while shutting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The prioritized list of finite-field Diffie-Hellman ephemeral
+(FFDHE) key exchange groups supported by the Postfix SMTP client and
+server. OpenSSL 3.0 adds support for FFDHE key agreement in TLS 1.3.
+In OpenSSL 1.1.1, TLS 1.3 was only supported with elliptic-curve based
+key agreement. The "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" parameter makes it possible
+to configure the list of FFDHE groups that the Postfix client or server
+will enable in OpenSSL 3.0 and up. This parameter has no effect when
+Postfix is built against earlier OpenSSL versions. </p>
+
+<p> The default list of FFDHE groups that Postfix enables in OpenSSL 3.0
+and up includes just the 2048 and 3072-bit groups. Stronger FFDHE
+groups perform poorly and EC groups are a much better choice for the
+same security level. Postfix ignores group names that are unknown to
+OpenSSL, or that are known but not yet implemented. The FFDHE groups
+are largely a backup, in case some peer does not support EC key
+exchange, or EC key exchange needs to be disabled for some pressing
+reason. </p>
+
+<p> Setting this parameter empty disables FFDHE support in TLS 1.3.
+Whether FFDHE key agreement is enabled in TLS 1.2 and earlier depends
+on whether any of the "kDHE" ciphers are included in the cipherlist.
+</p>
+
+<p> Conversely, setting "<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" empty disables TLS 1.3
+EC key agreement in OpenSSL 3.0 and later. Note that at least one of
+"<a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a>" and "<a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a>" must be non-empty,
+this is required by OpenSSL 3.0. If both are inadvertently set empty,
+Postfix will fall back to the compiled-in defaults. </p>
+
+<p> All the default groups and EC curves should sufficiently strong
+to make "pruning" the defaults unwise. At a minimum, "X25519" and
+"P-256" (a.k.a. "prime256v1") should be among the enabled EC curves,
+while "dhe2048" and "dhe3072" should be among the FFDHE groups. </p>
+
+<p> This feature is available in Postfix 3.8 and later, when it is
+compiled and linked with OpenSSL 3.0 or later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The OpenSSL cipherlist for "high" grade ciphers. This defines
+the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>,
+<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly
+encouraged not to change this setting. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a>
+(default: no)</b></DT><DD>
+
+<p> A temporary migration aid for sites that use certificate
+<i>public-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm. This parameter has no effect on the certificate
+fingerprint support that is available since Postfix 2.2. </p>
+
+<p> Specify "<a href="postconf.5.html#tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate public-key finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later. To compute the correct
+certificate public-key fingerprints, see <a href="TLS_README.html">TLS_README</a>. </p>
+
+<p> This feature is available in Postfix 2.9.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_low_cipherlist">tls_low_cipherlist</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The OpenSSL cipherlist for "low" or higher grade ciphers.
+Ignored as of Postfix 3.8. In earlier Postfix releases this
+defined the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>,
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>, <a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and
+<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to
+change this setting. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_medium_cipherlist">tls_medium_cipherlist</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The OpenSSL cipherlist for "medium" or higher grade ciphers. This
+defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>,
+<a href="postconf.5.html#lmtp_tls_ciphers">lmtp_tls_ciphers</a>, and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is the
+default cipherlist for mandatory TLS encryption in the TLS client
+(with anonymous ciphers disabled when verifying server certificates).
+This is the default cipherlist for opportunistic TLS with Postfix
+releases after the middle of 2015. You are strongly encouraged not
+to change this setting. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_null_cipherlist">tls_null_cipherlist</a>
+(default: eNULL:!aNULL)</b></DT><DD>
+
+<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption. This defines the meaning of the "null"
+setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
+<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged not to
+change this setting. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_preempt_cipherlist">tls_preempt_cipherlist</a>
+(default: no)</b></DT><DD>
+
+<p> With SSLv3 and later, use the Postfix SMTP server's cipher
+preference order instead of the remote client's cipher preference
+order. </p>
+
+<p> By default, the OpenSSL server selects the client's most preferred
+cipher that the server supports. With SSLv3 and later, the server may
+choose its own most preferred cipher that is supported (offered) by
+the client. Setting "<a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> = yes" enables server cipher
+preferences. </p>
+
+<p> While server cipher selection may in some cases lead to a more secure
+or performant cipher choice, there is some risk of interoperability
+issues. In the past, some SSL clients have listed lower priority ciphers
+that they did not implement correctly. If the server chooses a cipher
+that the client prefers less, it may select a cipher whose client
+implementation is flawed. Most notably Windows 2003 Microsoft
+Exchange servers have flawed implementations of DES-CBC3-SHA, which
+OpenSSL considers stronger than RC4-SHA. Enabling server cipher-suite
+selection may create interoperability issues with Windows 2003
+Microsoft Exchange clients. </p>
+
+<p> This feature is available in Postfix 2.8 and later, in combination
+with OpenSSL 0.9.7 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_random_bytes">tls_random_bytes</a>
+(default: 32)</b></DT><DD>
+
+<p> The number of bytes that <a href="tlsmgr.8.html">tlsmgr(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a>
+when (re)seeding the in-memory pseudo random number generator (PRNG)
+pool. The default of 32 bytes (256 bits) is good enough for 128bit
+symmetric keys. If using EGD or a device file, a maximum of 255
+bytes is read. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_random_exchange_name">tls_random_exchange_name</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> Name of the pseudo random number generator (PRNG) state file
+that is maintained by <a href="tlsmgr.8.html">tlsmgr(8)</a>. The file is created when it does
+not exist, and its length is fixed at 1024 bytes. </p>
+
+<p> As of version 2.5, Postfix no longer uses root privileges when
+opening this file, and the default file location was changed from
+${<a href="postconf.5.html#config_directory">config_directory</a>}/prng_exch to ${<a href="postconf.5.html#data_directory">data_directory</a>}/prng_exch. As
+a migration aid, an attempt to open the file under a non-Postfix
+directory is redirected to the Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
+warning is logged. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_random_prng_update_period">tls_random_prng_update_period</a>
+(default: 3600s)</b></DT><DD>
+
+<p> The time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to save the state of
+the pseudo random number generator (PRNG) to the file specified
+with $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_random_reseed_period">tls_random_reseed_period</a>
+(default: 3600s)</b></DT><DD>
+
+<p> The maximal time between attempts by <a href="tlsmgr.8.html">tlsmgr(8)</a> to re-seed the
+in-memory pseudo random number generator (PRNG) pool from external
+sources. The actual time between re-seeding attempts is calculated
+using the PRNG, and is between 0 and the time specified. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_random_source">tls_random_source</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p> The external entropy source for the in-memory <a href="tlsmgr.8.html">tlsmgr(8)</a> pseudo
+random number generator (PRNG) pool. Be sure to specify a non-blocking
+source. If this source is not a regular file, the entropy source
+type must be prepended: egd:/path/to/egd_socket for a source with
+EGD compatible socket interface, or dev:/path/to/device for a
+device file. </p>
+
+<p> Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom
+gives timeout errors. </p>
+
+<p> This feature is available in Postfix 2.2 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_server_sni_maps">tls_server_sni_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains. This parameter is implemented
+in the Postfix TLS library, and applies to both <a href="smtpd.8.html">smtpd(8)</a> and the SMTP
+server mode of <a href="tlsproxy.8.html">tlsproxy(8)</a>. </p>
+
+<p> When this parameter is non-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the specified tables. When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher. </p>
+
+<p> The lookup key is either the verbatim SNI domain name or an
+ancestor domain prefixed with a leading dot. For internationalized
+domains, the lookup key must be in IDNA 2008 A-label form (as
+required in the TLS SNI extension). </p>
+
+<p> The syntax of the lookup value is the same as with the
+<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> parameter (see there for additional details),
+but here scoped to just TLS connections in which the client sends
+a matching SNI domain name. </p>
+
+<p> Example: </p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ #
+ # The indexed SNI table must be created with "postmap -F"
+ #
+ indexed = ${<a href="postconf.5.html#default_database_type">default_database_type</a>}:${<a href="postconf.5.html#config_directory">config_directory</a>}/
+ <a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> = ${indexed}sni
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/sni:
+ #
+ # The example.com domain has both an RSA and ECDSA certificate
+ # chain. The chain files MUST start with the private key,
+ # with the certificate chain next, starting with the leaf
+ # (server) certificate, and then the issuer certificates.
+ #
+ example.com /etc/postfix/sni-chains/rsa2048.example.com.pem,
+ /etc/postfix/sni-chains/ecdsa-p256.example.com.pem
+ #
+ # The example.net domain has a wildcard certificate, and two
+ # additional DNS names. So its certificate chain is also used
+ # with any subdomain, plus the additional names.
+ #
+ example.net /etc/postfix/sni-chains/example.net.pem
+ .example.net /etc/postfix/sni-chains/example.net.pem
+ example.info /etc/postfix/sni-chains/example.net.pem
+ example.org /etc/postfix/sni-chains/example.net.pem
+</pre>
+</blockquote>
+
+<p> Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's <a href="ADDRESS_CLASS_README.html#default_domain_class">default domains</a>, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for. </p>
+
+<p> The mapping from an SNI domain name to a certificate chain is indirect. In
+the input source files for "cdb", "hash", "btree" or other tables that are
+converted to on-disk indexed files via <a href="postmap.1.html">postmap(1)</a>, the value specified for each
+key is a list of filenames. When <a href="postmap.1.html">postmap(1)</a> is used with the <b>-F</b> option,
+the generated table stores for each lookup key the base64-encoded contents of
+the associated files. When querying tables via <b>postmap -Fq</b>, the table
+value is decoded from base64, yielding the original file content, plus a new
+line. </p>
+
+<p> With "regexp", "pcre", "inline", "texthash", "static" and similar
+tables that are interpreted at run-time, and don't have a separate
+source format, the table value is again a list files, that are loaded
+into memory when the table is opened. </p>
+
+<p> With tables whose content is managed outside of Postfix, such
+as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a
+concatenation of the desired PEM keys and certificate chains, that
+is then further encoded to yield a single-line base64 string.
+Creation of such tables and secure storage (the value includes
+private key material) are outside the responsibility of Postfix. </p>
+
+<p> With "socketmap" and "tcp" the data will be transmitted in the clear, and
+there is no query access control, so these are generally unsuitable for storing
+SNI chains. With LDAP and SQL, you should restrict read access and use TLS to
+protect the sensitive data in transit. </p>
+
+<p> Typically there is only one private key and its chain of certificates
+starting with the "leaf" certificate corresponding to that key, and
+continuing with the appropriate intermediate issuer CA certificates,
+with each certificate ideally followed by its issuer. Servers
+that have keys and certificates for more than one algorithm (e.g.
+both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519)
+can use multiple chains concatenated together, with the key always
+listed before the corresponding certificates. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a>
+(default: Postfix &ge; 3.0: aes-256-cbc, Postfix &lt; 3.0: aes-128-cbc)</b></DT><DD>
+
+<p> Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets. This
+algorithm must use CBC mode, have a 128-bit block size, and must
+have a key length between 128 and 256 bits. The default is
+aes-256-cbc. Overriding the default to choose a different algorithm
+is discouraged. </p>
+
+<p> Setting this parameter empty disables session ticket support
+in the Postfix SMTP server. Another way to disable session ticket
+support is via the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_ssl_options">tls_ssl_options</a>
+(default: empty)</b></DT><DD>
+
+<p> List or bit-mask of OpenSSL options to enable. </p>
+
+<p> The OpenSSL toolkit provides a set of options that applications
+can enable to tune the OpenSSL behavior. Some of these work around
+bugs in other implementations and are on by default. You can use
+the <a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> parameter to selectively disable some
+or all of the bug work-arounds, making OpenSSL more strict at the
+cost of non-interoperability with SSL clients or servers that exhibit
+the bugs. </p>
+
+<p> Other options are off by default, and typically enable or disable
+features rather than bug work-arounds. These may be turned on (with
+care) via the <a href="postconf.5.html#tls_ssl_options">tls_ssl_options</a> parameter. The value is a white-space
+or comma separated list of named options chosen from the list below.
+The names are not case-sensitive, you can use lower-case if you
+prefer. The upper case values below match the corresponding macro
+name in the ssl.h header file with the SSL_OP_ prefix removed. It
+is possible that your OpenSSL version includes new options added
+after your Postfix source code was last updated, in that case you
+can only enable one of these via the hexadecimal syntax below. </p>
+
+<p> You should only enable features via the hexadecimal mask when
+the need to control the feature is critical (to deal with a new
+vulnerability or a serious interoperability problem). Postfix DOES
+NOT promise backwards compatible behavior with respect to the mask
+bits. A feature enabled via the mask in one release may be enabled
+by other means in a later release, and the mask bit will then be
+ignored. Therefore, use of the hexadecimal mask is only a temporary
+measure until a new Postfix or OpenSSL release provides a better
+solution. </p>
+
+<p> If the value of the parameter is a hexadecimal long integer
+starting with "0x", the options corresponding to the bits specified
+in its value are enabled (see openssl/ssl.h and SSL_CTX_set_options(3)).
+You can only enable options not already controlled by other Postfix
+settings. For example, you cannot disable protocols or enable
+server cipher preference. Do not attempt to enable all features by
+specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some
+bug work-arounds are also valid here, allowing them to be re-enabled
+if/when they're no longer enabled by default. The supported values
+include: </p>
+
+<dl>
+
+<dt><b>ENABLE_MIDDLEBOX_COMPAT</b></dt> <dd>Postfix &ge; 3.4. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_TICKET</b></dt> <dd>Enabled by default when needed in
+fully-patched Postfix &ge; 2.7. Not needed at all for Postfix &ge;
+2.11, unless for some reason you do not want to support TLS session
+resumption. Best not set explicitly. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_COMPRESSION</b></dt> <dd>Disable SSL compression even if
+supported by the OpenSSL library. Compression is CPU-intensive,
+and compression before encryption does not always improve security. </dd>
+
+<dt><b>NO_RENEGOTIATION</b></dt> <dd>Postfix &ge; 3.4. This can
+reduce opportunities for a potential CPU exhaustion attack. See
+SSL_CTX_set_options(3).</dd>
+
+<dt><b>NO_SESSION_RESUMPTION_ON_RENEGOTIATION</b></dt> <dd>Postfix
+&ge; 3.4. See SSL_CTX_set_options(3).</dd>
+
+<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix &ge; 3.4. See SSL_CTX_set_options(3).</dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a>
+(default: yes)</b></DT><DD>
+
+<p> Match multiple DNS labels with "*" in wildcard certificates.
+</p>
+
+<p> Some mail service providers prepend the customer domain name
+to a base domain for which they have a wildcard TLS certificate.
+For example, the MX records for example.com hosted by example.net
+may be: </p>
+
+<blockquote>
+<pre>
+example.com. IN MX 0 example.com.mx1.example.net.
+example.com. IN MX 0 example.com.mx2.example.net.
+</pre>
+</blockquote>
+
+<p> and the TLS certificate may be for "*.example.net". The "*"
+then corresponds with multiple labels in the mail server domain
+name. While multi-label wildcards are not widely supported, and
+are not blessed by any standard, there is little to be gained by
+disallowing their use in this context. </p>
+
+<p> Notes: <p>
+
+<ul>
+
+<li> <p> In a certificate name, the "*" is special only when it is
+used as the first label. </p>
+
+<li> <p> While Postfix (2.11 or later) can match "*" with multiple
+domain name labels, other implementations likely will not. </p>
+
+<li> <p> Earlier Postfix implementations behave as if
+"<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">tls_wildcard_matches_multiple_labels</a> = no". </p>
+
+</ul>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsmgr_service_name">tlsmgr_service_name</a>
+(default: tlsmgr)</b></DT><DD>
+
+<p> The name of the <a href="tlsmgr.8.html">tlsmgr(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
+service maintains TLS session caches and other information in support
+of TLS. </p>
+
+<p> This feature is available in Postfix 2.11 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_CAfile">tlsproxy_client_CAfile</a>
+(default: $<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>)</b></DT><DD>
+
+<p> A file containing CA certificates of root CAs trusted to sign
+either remote TLS server certificates or intermediate CA certificates.
+See <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_CApath">tlsproxy_client_CApath</a>
+(default: $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>)</b></DT><DD>
+
+<p> Directory with PEM format Certification Authority certificates
+that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client uses to verify a remote TLS
+server certificate. See <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_cert_file">tlsproxy_client_cert_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA certificate in PEM
+format. See <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>
+(default: $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>)</b></DT><DD>
+
+<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client keys and certificate
+chains in PEM format. See <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_dcert_file">tlsproxy_client_dcert_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA certificate in PEM
+format. See <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> for further details. DSA is obsolete and
+should not be used. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_dkey_file">tlsproxy_client_dkey_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA private key in PEM
+format. See <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> for further details. DSA is obsolete and
+should not be used. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_eccert_file">tlsproxy_client_eccert_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA certificate in PEM
+format. See <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_eckey_file">tlsproxy_client_eckey_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA private key in PEM
+format. See <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a>
+(default: $<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b></DT><DD>
+
+<p> Enforcement mode: require that SMTP servers use TLS encryption.
+See <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> for further details. Use
+<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_fingerprint_digest">tlsproxy_client_fingerprint_digest</a>
+(default: $<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>)</b></DT><DD>
+
+<p> The message digest algorithm used to construct remote TLS server
+certificate fingerprints. See <a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> for
+further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_key_file">tlsproxy_client_key_file</a>
+(default: $<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA private key in PEM
+format. See <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> for further details. The preferred way to
+configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_level">tlsproxy_client_level</a>
+(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD>
+
+<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
+client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> in Postfix 3.7. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_loglevel">tlsproxy_client_loglevel</a>
+(default: $<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b></DT><DD>
+
+<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client logging of TLS
+activity. See <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_loglevel_parameter">tlsproxy_client_loglevel_parameter</a>
+(default: <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b></DT><DD>
+
+<p> The name of the parameter that provides the <a href="postconf.5.html#tlsproxy_client_loglevel">tlsproxy_client_loglevel</a>
+value. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_per_site">tlsproxy_client_per_site</a>
+(default: $<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS
+usage policy by next-hop destination and by remote TLS server
+hostname. See <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_policy">tlsproxy_client_policy</a>
+(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS
+security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 3.4 - 3.6. It was
+renamed to <a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> in Postfix 3.7. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a>
+(default: $<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b></DT><DD>
+
+<p> Optional lookup tables with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client TLS
+security policy by next-hop destination. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_scert_verifydepth">tlsproxy_client_scert_verifydepth</a>
+(default: $<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>)</b></DT><DD>
+
+<p> The verification depth for remote TLS server certificates.
+See <a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_security_level">tlsproxy_client_security_level</a>
+(default: $<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b></DT><DD>
+
+<p> The default TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
+client. See <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.7 and later. It
+was previously called <a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_use_tls">tlsproxy_client_use_tls</a>
+(default: $<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>)</b></DT><DD>
+
+<p> Opportunistic mode: use TLS when a remote server announces TLS
+support. See <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> for further details. Use
+<a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> instead. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_enforce_tls">tlsproxy_enforce_tls</a>
+(default: $<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b></DT><DD>
+
+<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients, and
+require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> for
+further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a>
+(default: tlsproxy)</b></DT><DD>
+
+<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
+service performs plaintext &lt;=&gt; TLS ciphertext conversion. <p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a>
+(default: $<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b></DT><DD>
+
+<p> A file containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates. See <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_CApath">tlsproxy_tls_CApath</a>
+(default: $<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b></DT><DD>
+
+<p> A directory containing (PEM format) CA certificates of root CAs
+trusted to sign either remote SMTP client certificates or intermediate
+CA certificates. See <a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a>
+(default: $<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b></DT><DD>
+
+<p> Force the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server to issue a TLS session id,
+even when TLS session caching is turned off. See
+<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a>
+(default: $<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b></DT><DD>
+
+<p> Ask a remote SMTP client for a client certificate. See
+<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a>
+(default: $<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b></DT><DD>
+
+<p> The verification depth for remote SMTP client certificates. A
+depth of 1 is sufficient if the issuing CA is listed in a local CA
+file. See <a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM
+format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. With
+Postfix &ge; 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>
+(default: $<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b></DT><DD>
+
+<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server keys and certificate
+chains in PEM format. See <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a>
+(default: $<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+will use with opportunistic TLS encryption. See <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM
+format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+private DSA key. DSA is obsolete and should not be used. See
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b></DT><DD>
+
+<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+should use with non-export EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b></DT><DD>
+
+<p> File with DH parameters that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+should use with export-grade EDH ciphers. See <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>
+for further details. The default SMTP server cipher grade is
+"medium" with Postfix releases after the middle of 2015, and as a
+result export-grade cipher suites are by default not used. </p>
+
+<p> With Postfix &ge; 3.6 export-grade Diffie-Hellman key exchange
+is no longer supported, and this parameter is silently ignored. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. DSA is
+obsolete and should not be used. See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further
+details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in PEM
+format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further details. With
+Postfix &ge; 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in PEM
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. See
+<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. With Postfix &ge; 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a>
+(default: $<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b></DT><DD>
+
+<p> The Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server security grade for ephemeral
+elliptic-curve Diffie-Hellman (EECDH) key exchange. See
+<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a>
+(default: $<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b></DT><DD>
+
+<p> List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html">tlsproxy(8)</a>
+server cipher list at all TLS security levels. See
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a>
+(default: $<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b></DT><DD>
+
+<p> The message digest algorithm to construct remote SMTP
+client-certificate
+fingerprints. See <a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> for further details.
+</p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_key_file">tlsproxy_tls_key_file</a>
+(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD>
+
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. See
+<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. With Postfix &ge; 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a>
+(default: $<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b></DT><DD>
+
+<p> Enable additional Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server logging of TLS
+activity. Each logging level also includes the information that
+is logged at a lower logging level. See <a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> for
+further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a>
+(default: $<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+will use with mandatory TLS encryption. See <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
+for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a>
+(default: $<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>)</b></DT><DD>
+
+<p> Additional list of ciphers or cipher types to exclude from the
+<a href="tlsproxy.8.html">tlsproxy(8)</a> server cipher list at mandatory TLS security levels.
+See <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a>
+(default: $<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b></DT><DD>
+
+<p> The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+with mandatory TLS encryption. If the list is empty, the server
+supports all available SSL/TLS protocol versions. See
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_protocols">tlsproxy_tls_protocols</a>
+(default: $<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b></DT><DD>
+
+<p> List of TLS protocols that the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server will
+exclude or include with opportunistic TLS encryption. See
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a>
+(default: $<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b></DT><DD>
+
+<p> With mandatory TLS encryption, require a trusted remote SMTP
+client certificate in order to allow TLS connections to proceed.
+See <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_security_level">tlsproxy_tls_security_level</a>
+(default: $<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b></DT><DD>
+
+<p> The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server;
+when a non-empty value is specified, this overrides the obsolete
+parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. See
+<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> for further details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_tls_session_cache_timeout">tlsproxy_tls_session_cache_timeout</a>
+(default: $<a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>)</b></DT><DD>
+
+<p> Obsolete expiration time of Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server TLS session
+cache information. Since the cache is shared with <a href="smtpd.8.html">smtpd(8)</a> and managed
+by <a href="tlsmgr.8.html">tlsmgr(8)</a>, there is only one expiration time for the SMTP server cache
+shared by all three services, namely <a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a>. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_use_tls">tlsproxy_use_tls</a>
+(default: $<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b></DT><DD>
+
+<p> Opportunistic TLS: announce STARTTLS support to remote SMTP clients,
+but do not require that clients use TLS encryption. See <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>
+for further details. Use <a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> instead. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a>
+(default: 10s)</b></DT><DD>
+
+<p> How much time a <a href="tlsproxy.8.html">tlsproxy(8)</a> process may take to process local
+or remote I/O before it is terminated by a built-in watchdog timer.
+This is a safety mechanism that prevents <a href="tlsproxy.8.html">tlsproxy(8)</a> from becoming
+non-responsive due to a bug in Postfix itself or in system software.
+To avoid false alarms and unnecessary cache corruption this limit
+cannot be set under 10s. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> This feature is available in Postfix 2.8 and later </p>
+
+
+</DD>
+
+<DT><b><a name="trace_service_name">trace_service_name</a>
+(default: trace)</b></DT><DD>
+
+<p>
+The name of the trace service. This service is implemented by the
+<a href="bounce.8.html">bounce(8)</a> daemon and maintains a record
+of mail deliveries and produces a mail delivery report when verbose
+delivery is requested with "<b>sendmail -v</b>".
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="transport_delivery_slot_cost">transport_delivery_slot_cost</a>
+(default: $<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_delivery_slot_cost"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_delivery_slot_discount">transport_delivery_slot_discount</a>
+(default: $<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_delivery_slot_discount"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_delivery_slot_loan">transport_delivery_slot_loan</a>
+(default: $<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_delivery_slot_loan"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the
+<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> parameter value,
+where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
+transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_failed_cohort_limit"). </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_concurrency_limit">transport_destination_concurrency_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the
+<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> parameter value, where
+<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
+transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case: "_destination_concurrency_limit").
+</p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b></DT><DD>
+
+<p> A transport-specific override for the
+<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> parameter value,
+where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
+transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_negative_feedback"). </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b></DT><DD>
+
+<p> A transport-specific override for the
+<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> parameter value,
+where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
+transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case:
+"_destination_concurrency_positive_feedback"). </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_rate_delay">transport_destination_rate_delay</a>
+(default: $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_destination_rate_delay"). </p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_destination_recipient_limit">transport_destination_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the
+<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> parameter value, where
+<i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message delivery
+transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> parameters
+will not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_destination_recipient_limit"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_extra_recipient_limit">transport_extra_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_extra_recipient_limit"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_initial_destination_concurrency">transport_initial_destination_concurrency</a>
+(default: $<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a>
+parameters will not show up in "postconf" command output before
+Postfix version 2.9. This limitation applies to many parameters
+whose name is a combination of a <a href="master.5.html">master.cf</a> service name and a
+built-in suffix (in this case: "_initial_destination_concurrency").
+</p>
+
+<p> This feature is available in Postfix 2.5 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_maps">transport_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables with mappings from recipient address to
+(message delivery transport, next-hop destination). See <a href="transport.5.html">transport(5)</a>
+for details.
+</p>
+
+<p>
+Specify zero or more "<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found. If you use this
+feature with local files, run "<b>postmap /etc/postfix/transport</b>"
+after making a change. </p>
+
+<p> Pattern matching of domain names is controlled by the presence
+or absence of "<a href="postconf.5.html#transport_maps">transport_maps</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
+parameter value. </p>
+
+<p> For safety reasons, as of Postfix 2.3 this feature does not
+allow $number substitutions in regular expression maps. </p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/transport
+<a href="postconf.5.html#transport_maps">transport_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/transport
+</pre>
+
+
+</DD>
+
+<DT><b><a name="transport_minimum_delivery_slots">transport_minimum_delivery_slots</a>
+(default: $<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_minimum_delivery_slots"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_recipient_limit">transport_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: some <a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> parameters will not
+show up in "postconf" command output before Postfix version 2.9.
+This limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_recipient_limit"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_recipient_refill_delay">transport_recipient_refill_delay</a>
+(default: $<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_recipient_refill_delay"). </p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_recipient_refill_limit">transport_recipient_refill_limit</a>
+(default: $<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>
+parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+the message delivery transport. </p>
+
+<p> Note: <a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_recipient_refill_limit"). </p>
+
+<p> This feature is available in Postfix 2.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="transport_retry_time">transport_retry_time</a>
+(default: 60s)</b></DT><DD>
+
+<p>
+The time between attempts by the Postfix queue manager to contact
+a malfunctioning message delivery transport.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_time_limit">transport_time_limit</a>
+(default: $<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parameter
+value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
+delivery transport. </p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> Note: <a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> parameters will not show up
+in "postconf" command output before Postfix version 2.9. This
+limitation applies to many parameters whose name is a combination
+of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in this case:
+"_time_limit"). </p>
+
+
+</DD>
+
+<DT><b><a name="transport_transport_rate_delay">transport_transport_rate_delay</a>
+(default: $<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b></DT><DD>
+
+<p> A transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>
+parameter value, where the initial <i>transport</i> in the parameter
+name is the <a href="master.5.html">master.cf</a> name of the message delivery transport. </p>
+
+<p> Specify a non-negative time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+<p> Note: <a href="postconf.5.html#transport_transport_rate_delay"><i>transport</i>_transport_rate_delay</a> parameters will
+not show up in "postconf" command output before Postfix version
+2.9. This limitation applies to many parameters whose name is a
+combination of a <a href="master.5.html">master.cf</a> service name and a built-in suffix (in
+this case: "_transport_rate_delay"). </p>
+
+
+</DD>
+
+<DT><b><a name="trigger_timeout">trigger_timeout</a>
+(default: 10s)</b></DT><DD>
+
+<p>
+The time limit for sending a trigger to a Postfix daemon (for
+example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> daemon). This time limit prevents
+programs from getting stuck when the mail system is under heavy
+load.
+</p>
+
+<p> Specify a non-zero time value (an integral value plus an optional
+one-letter suffix that specifies the time unit). Time units: s
+(seconds), m (minutes), h (hours), d (days), w (weeks).
+The default time unit is s (seconds). </p>
+
+
+</DD>
+
+<DT><b><a name="undisclosed_recipients_header">undisclosed_recipients_header</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+Message header that the Postfix <a href="cleanup.8.html">cleanup(8)</a> server inserts when a
+message contains no To: or Cc: message header. With Postfix 2.8
+and later, the default value is empty. With Postfix 2.4-2.7,
+specify an empty value to disable this feature. </p>
+
+<p> Example: </p>
+
+<pre>
+# Default value before Postfix 2.8.
+# Note: the ":" and ";" are both required.
+<a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> = To: undisclosed-recipients:;
+</pre>
+
+
+</DD>
+
+<DT><b><a name="unknown_address_reject_code">unknown_address_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical response code when the Postfix SMTP server rejects a
+sender or recipient address because its domain is unknown. This
+is one of the possible replies from the restrictions
+<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> and <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_address_tempfail_action">unknown_address_tempfail_action</a>
+(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
+
+<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
+or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a temporary error
+condition. Specify "defer" to defer the remote SMTP client request
+immediately. With the default "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix
+SMTP server continues to look for opportunities to reject mail, and
+defers the client request only if it would otherwise be accepted.
+</p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unknown_client_reject_code">unknown_client_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a client
+without valid address &lt;=&gt; name mapping is rejected by the
+<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction. The SMTP server always replies
+with 450 when the mapping failed due to a temporary error condition.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a>
+(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
+
+<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unknown_hostname_reject_code">unknown_hostname_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when the hostname
+specified with the HELO or EHLO command is rejected by the
+<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a recipient
+address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
+lookup tables that does not match the recipient. A recipient
+address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> or $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>.
+</p>
+
+<p>
+The default setting is 550 (reject mail) but it is safer to initially
+use 450 (try again later) so you have time to find out if your
+<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> settings are OK.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> = 450
+</pre>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server reply code when a recipient
+address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies
+a list of lookup tables that does not match the recipient address.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The Postfix SMTP server reply code when a recipient address matches
+$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> specifies a list
+of lookup tables that does not match the recipient address.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a>
+(default: 550)</b></DT><DD>
+
+<p>
+The Postfix SMTP server reply code when a recipient address matches
+$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> specifies a list
+of lookup tables that does not match the recipient address.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unverified_recipient_defer_code">unverified_recipient_defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response when a recipient address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unverified_recipient_reject_code">unverified_recipient_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response when a recipient address
+is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unverified_recipient_reject_reason">unverified_recipient_reject_reason</a>
+(default: empty)</b></DT><DD>
+
+<p> The Postfix SMTP server's reply when rejecting mail with
+<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>. Do not include the numeric SMTP reply
+code or the enhanced status code. By default, the response includes
+actual address verification details.
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> = Recipient address lookup failed
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a>
+(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
+
+<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unverified_sender_defer_code">unverified_sender_defer_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a sender address
+probe fails due to a temporary error condition.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.6 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unverified_sender_reject_code">unverified_sender_reject_code</a>
+(default: 450)</b></DT><DD>
+
+<p>
+The numerical Postfix SMTP server response code when a recipient
+address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
+</p>
+
+<p>
+Unlike elsewhere in Postfix, you can specify 250 in order to
+accept the address anyway.
+</p>
+
+<p>
+Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="unverified_sender_reject_reason">unverified_sender_reject_reason</a>
+(default: empty)</b></DT><DD>
+
+<p> The Postfix SMTP server's reply when rejecting mail with
+<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>. Do not include the numeric SMTP reply
+code or the enhanced status code. By default, the response includes
+actual address verification details.
+
+<p> Example: </p>
+
+<pre>
+<a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> = Sender address lookup failed
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="unverified_sender_tempfail_action">unverified_sender_tempfail_action</a>
+(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
+
+<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+fails due to a temporary error condition. Specify "defer" to defer
+the remote SMTP client request immediately. With the default
+"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
+for opportunities to reject mail, and defers the client request
+only if it would otherwise be accepted. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="use_srv_lookup">use_srv_lookup</a>
+(default: empty)</b></DT><DD>
+
+<p> Enables discovery for the specified service(s) using DNS SRV
+records. For example, with "<a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission" and
+"<a href="postconf.5.html#relayhost">relayhost</a> = example.com:submission", the Postfix SMTP client will
+look up DNS SRV records for _submission._tcp.example.com, and will
+relay email through the hosts and ports that are specified with
+those records. See <a href="https://tools.ietf.org/html/rfc2782">RFC 2782</a> for details of the host selection
+process. </p>
+
+<p> Specify zero or more service names separated by comma and/or
+whitespace. Any name in the services(5) database may be specified,
+though in practice only submission, submissions, and smtp make
+sense. </p>
+
+<p> When SRV record lookup is enabled with <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a>, you can
+enclose a domain name in "[]" to force IP address lookup instead
+of SRV record lookup. </p>
+
+<p> Example 1: MUA-to-MTA submission using SRV record lookup for
+the "submission" service for domain "example.com". This uses the
+default SMTP delivery agent with STARTTLS, and looks up SRV records
+for "_submission._tcp.example.com". </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission
+ <a href="postconf.5.html#relayhost">relayhost</a> = example.com:submission
+ <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+ ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration...
+</pre>
+
+<p> Example 2: MUA-to-MTA submission using SRV record lookup for
+the "submissions" service for domain "example.org". This uses a
+dedicated SMTP delivery agent (smtp-wraptls) with tls_wrappermode
+turned on, and looks up SRV records for "_submissions._tcp.example.org".
+</p>
+
+<p> Note: specify the older name "smtps" instead of "submissions"
+when a provider has DNS SRV records like "_smtps._tcp.example.org"
+instead of "_submissions._tcp.example.org". </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submissions
+ <a href="postconf.5.html#default_transport">default_transport</a> = smtp-wraptls:example.org:submissions
+ ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration...
+</pre>
+
+<pre>
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ smtp-wraptls unix ... ... ... ... ... smtp
+ -o { <a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> = yes }
+ -o { <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt }
+</pre>
+
+<p> Example 3: Sender-dependent selection for a combination of
+MUA-to-MTA submission services. This combines examples 1 and 2 with
+examples of how to disable SRV and look up IP address records for
+"smtp-relay.example.net" and "smtp-relay.other.example". Again,
+specify the older name "smtps" instead of "submissions" when a
+provider has DNS SRV records like "_smtps._tcp.example.org" instead
+of "_submissions._tcp.example.org". </p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = submission, submissions
+ <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> = <a href="DATABASE_README.html#types">inline</a>:{
+ # Destinations that support SRV record lookup.
+ { user1@example.com = <a href="smtp.8.html">smtp</a>:example.com:submission }
+ { user2@example.org = smtp-wraptls:example.org:submissions }
+ # Use [destination] to force IP address lookups.
+ { user3@example.net = <a href="smtp.8.html">smtp</a>:[smtp-relay.example.net]:submission }
+ { user4@other.example =
+ smtp-wraptls:[smtp-relay.other.example]:submissions } }
+ ...see <a href="SASL_README.html">SASL_README</a> for sasl configuration...
+</pre>
+
+<p> Example 4: MTA-to-MTA traffic, using SRV record lookup for the
+SMTP service. This is useful for Postfix tests, and may be useful
+in environments where ports are dynamically assigned to servers.
+</p>
+
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> = smtp
+ # Fall back to MX record lookup when SRV records are unavailable.
+ #<a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> = yes
+ #<a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> = yes
+</pre>
+
+<p> This feature is available in Postfix 3.8 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="verp_delimiter_filter">verp_delimiter_filter</a>
+(default: -=+)</b></DT><DD>
+
+<p>
+The characters Postfix accepts as VERP delimiter characters on the
+Postfix <a href="sendmail.1.html">sendmail(1)</a> command line and in SMTP commands.
+</p>
+
+<p>
+This feature is available in Postfix 1.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_alias_address_length_limit">virtual_alias_address_length_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p>
+The maximal length of an email address after virtual alias expansion.
+This stops virtual aliasing loops that increase the address length
+exponentially.
+</p>
+
+<p>
+This feature is available in Postfix 3.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_alias_domains">virtual_alias_domains</a>
+(default: $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b></DT><DD>
+
+<p> Postfix is the final destination for the specified list of virtual
+alias domains, that is, domains for which all addresses are aliased
+to addresses in other local or remote domains. The SMTP server
+validates recipient addresses with $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> and rejects
+non-existent recipients. See also the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> class
+in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file </p>
+
+<p>
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+</p>
+
+<p>
+The default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> so that you can keep all
+information about <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a> in one place. If you have
+many users, it is better to separate information that changes more
+frequently (virtual address -&gt; local or remote address mapping)
+from information that changes less frequently (the list of virtual
+domain names).
+</p>
+
+<p> Specify a list of host or domain names, "/file/name" or
+"<a href="DATABASE_README.html">type:table</a>" patterns, separated by commas and/or whitespace. A
+"/file/name" pattern is replaced by its contents; a "<a href="DATABASE_README.html">type:table</a>"
+lookup table is matched when a table entry matches a host or domain name
+(the lookup result is ignored). Continue long lines by starting
+the next line with whitespace. Specify "!pattern" to exclude a host
+or domain name from the list. The form "!/file/name" is supported
+only in Postfix version 2.4 and later. </p>
+
+<p>
+See also the <a href="VIRTUAL_README.html">VIRTUAL_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents
+for further information.
+</p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> = virtual1.tld virtual2.tld
+</pre>
+
+
+</DD>
+
+<DT><b><a name="virtual_alias_expansion_limit">virtual_alias_expansion_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p>
+The maximal number of addresses that virtual alias expansion produces
+from each original recipient.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_alias_maps">virtual_alias_maps</a>
+(default: $<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b></DT><DD>
+
+<p>
+Optional lookup tables that alias specific mail addresses or domains
+to other local or remote addresses. The table format and lookups
+are documented in <a href="virtual.5.html">virtual(5)</a>. For an overview of Postfix address
+manipulations see the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+Note: these lookups are recursive.
+</p>
+
+<p>
+If you use this feature with indexed files, run "<b>postmap
+/etc/postfix/virtual</b>" after changing the file.
+</p>
+
+<p>
+Examples:
+</p>
+
+<pre>
+<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/postfix/virtual
+<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+</pre>
+
+
+</DD>
+
+<DT><b><a name="virtual_alias_recursion_limit">virtual_alias_recursion_limit</a>
+(default: 1000)</b></DT><DD>
+
+<p>
+The maximal nesting depth of virtual alias expansion. Currently
+the recursion limit is applied only to the left branch of the
+expansion graph, so the depth of the tree can in the worst case
+reach the sum of the expansion and recursion limits. This may
+change in the future.
+</p>
+
+<p>
+This feature is available in Postfix 2.1 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_delivery_status_filter">virtual_delivery_status_filter</a>
+(default: $<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b></DT><DD>
+
+<p> Optional filter for the <a href="virtual.8.html">virtual(8)</a> delivery agent to change the
+delivery status code or explanatory text of successful or unsuccessful
+deliveries. See <a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a> for details. </p>
+
+<p> This feature is available in Postfix 3.0 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a>
+(default: $<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a>)</b></DT><DD>
+
+<p> The maximal number of parallel deliveries to the same destination
+via the virtual message delivery transport. This limit is enforced
+by the queue manager. The message delivery transport name is the
+first field in the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_destination_recipient_limit">virtual_destination_recipient_limit</a>
+(default: $<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b></DT><DD>
+
+<p> The maximal number of recipients per message for the virtual
+message delivery transport. This limit is enforced by the queue
+manager. The message delivery transport name is the first field in
+the entry in the <a href="master.5.html">master.cf</a> file. </p>
+
+<p> Setting this parameter to a value of 1 changes the meaning of
+<a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> from concurrency per domain
+into concurrency per recipient. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_gid_maps">virtual_gid_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Lookup tables with the per-recipient group ID for <a href="virtual.8.html">virtual(8)</a> mailbox
+delivery.
+</p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+In a lookup table, specify a left-hand side of "@domain.tld" to
+match any user in the specified domain that does not have a specific
+"user@domain.tld" entry.
+</p>
+
+<p>
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+</p>
+
+<p>
+Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+</p>
+
+<p>
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_mailbox_base">virtual_mailbox_base</a>
+(default: empty)</b></DT><DD>
+
+<p>
+A prefix that the <a href="virtual.8.html">virtual(8)</a> delivery agent prepends to all pathname
+results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups. This is a safety
+measure to ensure that an out of control map doesn't litter the
+file system with mailboxes. While <a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> could be
+set to "/", this setting isn't recommended.
+</p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+<p>
+Example:
+</p>
+
+<pre>
+<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> = /var/mail
+</pre>
+
+
+</DD>
+
+<DT><b><a name="virtual_mailbox_domains">virtual_mailbox_domains</a>
+(default: $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b></DT><DD>
+
+<p> Postfix is the final destination for the specified list of domains;
+mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery transport.
+By default this is the Postfix <a href="virtual.8.html">virtual(8)</a> delivery agent. The SMTP
+server validates recipient addresses with $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+and rejects mail for non-existent recipients. See also the virtual
+mailbox domain class in the <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> file. </p>
+
+<p> This parameter expects the same syntax as the <a href="postconf.5.html#mydestination">mydestination</a>
+configuration parameter. </p>
+
+<p>
+This feature is available in Postfix 2.0 and later. The default
+value is backwards compatible with Postfix version 1.1.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_mailbox_limit">virtual_mailbox_limit</a>
+(default: 51200000)</b></DT><DD>
+
+<p>
+The maximal size in bytes of an individual <a href="virtual.8.html">virtual(8)</a> mailbox or
+maildir file, or zero (no limit). </p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_mailbox_lock">virtual_mailbox_lock</a>
+(default: see "postconf -d" output)</b></DT><DD>
+
+<p>
+How to lock a UNIX-style <a href="virtual.8.html">virtual(8)</a> mailbox before attempting
+delivery. For a list of available file locking methods, use the
+"<b>postconf -l</b>" command.
+</p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+<p>
+This setting is ignored with <b>maildir</b> style delivery, because
+such deliveries are safe without application-level locks.
+</p>
+
+<p>
+Note 1: the <b>dotlock</b> method requires that the recipient UID
+or GID has write access to the parent directory of the recipient's
+mailbox file.
+</p>
+
+<p>
+Note 2: the default setting of this parameter is system dependent.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_mailbox_maps">virtual_mailbox_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Optional lookup tables with all valid addresses in the domains that
+match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+</p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+In a lookup table, specify a left-hand side of "@domain.tld" to
+match any user in the specified domain that does not have a specific
+"user@domain.tld" entry.
+</p>
+
+<p>
+With the default "<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>",
+lookup tables also need entries with a left-hand side of "domain.tld"
+to satisfy virtual_mailbox_domain lookups (the right-hand side is
+required but will not be used).
+</p>
+
+<p> The remainder of this text is specific to the <a href="virtual.8.html">virtual(8)</a> delivery
+agent. It does not apply when mail is delivered with a different
+mail delivery program. </p>
+
+<p>
+The <a href="virtual.8.html">virtual(8)</a> delivery agent uses this table to look up the
+per-recipient mailbox or maildir pathname. If the lookup result
+ends in a slash ("/"), maildir-style delivery is carried out,
+otherwise the path is assumed to specify a UNIX-style mailbox file.
+Note that $<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> is unconditionally prepended to
+this path.
+</p>
+
+<p>
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+</p>
+
+<p>
+Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+</p>
+
+<p>
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_maps">virtual_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables with a) names of domains for which all
+addresses are aliased to addresses in other local or remote domains,
+and b) addresses that are aliased to addresses in other local or
+remote domains. Available before Postfix version 2.0. With Postfix
+version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
+and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_minimum_uid">virtual_minimum_uid</a>
+(default: 100)</b></DT><DD>
+
+<p>
+The minimum user ID value that the <a href="virtual.8.html">virtual(8)</a> delivery agent accepts
+as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup. Returned
+values less than this will be rejected, and the message will be
+deferred.
+</p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+
+</DD>
+
+<DT><b><a name="virtual_transport">virtual_transport</a>
+(default: virtual)</b></DT><DD>
+
+<p>
+The default mail delivery transport and next-hop destination for
+final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
+</p>
+
+<p>
+Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i>
+is the name of a mail delivery transport defined in <a href="master.5.html">master.cf</a>.
+The <i>:nexthop</i> destination is optional; its syntax is documented
+in the manual page of the corresponding delivery agent.
+</p>
+
+<p>
+This feature is available in Postfix 2.0 and later.
+</p>
+
+
+</DD>
+
+<DT><b><a name="virtual_uid_maps">virtual_uid_maps</a>
+(default: empty)</b></DT><DD>
+
+<p>
+Lookup tables with the per-recipient user ID that the <a href="virtual.8.html">virtual(8)</a>
+delivery agent uses while writing to the recipient's mailbox.
+</p>
+
+<p> This parameter is specific to the <a href="virtual.8.html">virtual(8)</a> delivery agent.
+It does not apply when mail is delivered with a different mail
+delivery program. </p>
+
+<p>
+Specify zero or more "type:name" lookup tables, separated by
+whitespace or comma. Tables will be searched in the specified order
+until a match is found.
+</p>
+
+<p>
+In a lookup table, specify a left-hand side of "@domain.tld"
+to match any user in the specified domain that does not have a
+specific "user@domain.tld" entry.
+</p>
+
+<p>
+When a recipient address has an optional address extension
+(user+foo@domain.tld), the <a href="virtual.8.html">virtual(8)</a> delivery agent looks up
+the full address first, and when the lookup fails, it looks up the
+unextended address (user@domain.tld).
+</p>
+
+<p>
+Note 1: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent disallows
+regular expression substitution of $1 etc. in regular expression
+lookup tables, because that would open a security hole.
+</p>
+
+<p>
+Note 2: for security reasons, the <a href="virtual.8.html">virtual(8)</a> delivery agent will
+silently ignore requests to use the <a href="proxymap.8.html">proxymap(8)</a> server. Instead
+it will open the table directly. Before Postfix version 2.2, the
+<a href="virtual.8.html">virtual(8)</a> delivery agent will terminate with a fatal error.
+</p>
+
+
+</DD>
+
+</dl>
+
+</body>
+
+</html>
diff --git a/html/postdrop.1.html b/html/postdrop.1.html
new file mode 100644
index 0000000..72a4abf
--- /dev/null
+++ b/html/postdrop.1.html
@@ -0,0 +1,137 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postdrop(1) </title>
+</head> <body> <pre>
+POSTDROP(1) POSTDROP(1)
+
+<b>NAME</b>
+ postdrop - Postfix mail posting utility
+
+<b>SYNOPSIS</b>
+ <b>postdrop</b> [<b>-rv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
+
+<b>DESCRIPTION</b>
+ The <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command creates a file in the <b>maildrop</b> directory and
+ copies its standard input to the file.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
+
+ <b>-r</b> Use a Postfix-internal protocol for reading the message from
+ standard input, and for reporting status information on standard
+ output. This is currently the only supported method.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose. As of Postfix
+ 2.3, this option is available for the super-user only.
+
+<b>SECURITY</b>
+ The command is designed to run with set-group ID privileges, so that it
+ can write to the <b>maildrop</b> queue directory and so that it can connect to
+ Postfix daemon processes.
+
+<b>DIAGNOSTICS</b>
+ Fatal errors: malformed input, I/O error, out of memory. Problems are
+ logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a> and to the standard error stream.
+ When the input is incomplete, or when the process receives a HUP, INT,
+ QUIT or TERM signal, the queue file is deleted.
+
+<b>ENVIRONMENT</b>
+ MAIL_CONFIG
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-standard directory is allowed
+ only if:
+
+ <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
+
+ <b>o</b> The command is invoked by the super-user.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ MAIL_CONFIG environment parameter.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ <b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
+ The time limit for sending a trigger to a Postfix daemon (for
+ example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
+
+ Available in Postfix version 3.6 and later:
+
+ <b><a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> (<a href="DATABASE_README.html#types">static</a>:*)</b>
+ A list of lookup tables that are searched by the UNIX login
+ name, and that return a list of allowed envelope sender patterns
+ separated by space or comma.
+
+ <b><a href="postconf.5.html#empty_address_local_login_sender_maps_lookup_key">empty_address_local_login_sender_maps_lookup_key</a> (</b>&lt;&gt;<b>)</b>
+ The lookup key to be used in <a href="postconf.5.html#local_login_sender_maps">local_login_sender_maps</a> tables,
+ instead of the null sender address.
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+<b>FILES</b>
+ /var/spool/postfix/<a href="QSHAPE_README.html#maildrop_queue">maildrop</a>, <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>
+
+<b>SEE ALSO</b>
+ <a href="sendmail.1.html">sendmail(1)</a>, compatibility interface
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTDROP(1)
+</pre> </body> </html>
diff --git a/html/postfix-doc.css b/html/postfix-doc.css
new file mode 100644
index 0000000..af19f73
--- /dev/null
+++ b/html/postfix-doc.css
@@ -0,0 +1,10 @@
+BODY {
+ font-family: Verdana, Arial, Helvetica, Geneva, sans-serif;
+ font-size: medium;
+ line-height: normal;
+ margin-left: 10px;
+ margin-right: 10px;
+ }
+PRE, TT, CODE {
+ font-family: Courier, monospace;
+ }
diff --git a/html/postfix-logo.jpg b/html/postfix-logo.jpg
new file mode 100644
index 0000000..f1bc4e0
--- /dev/null
+++ b/html/postfix-logo.jpg
Binary files differ
diff --git a/html/postfix-manuals.html b/html/postfix-manuals.html
new file mode 100644
index 0000000..7ddfa73
--- /dev/null
+++ b/html/postfix-manuals.html
@@ -0,0 +1,249 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix Manual Pages </title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+Manual Pages </h1>
+
+<hr>
+
+<h2> Information for new Postfix users </h2>
+
+<p> New Postfix users should first look at the following introductory
+documents. These introductions are hyperlinked to more advanced
+documents and to UNIX-style manual pages. The UNIX-style manual
+pages are intended for people who are already familiar with Postfix.
+</p>
+
+<ul>
+
+<li> <a href="OVERVIEW.html"> Postfix architecture overview </a>
+
+<li> <a href="BASIC_CONFIGURATION_README.html"> Basic configuration
+</a>
+
+<li> <a href="DEBUG_README.html"> Trouble shooting </a>
+
+<li> <a href="CONTENT_INSPECTION_README.html"> Content inspection
+overview</a>
+
+<li> <a href="SMTPD_ACCESS_README.html">Relay/access control overview
+</a>
+
+<li> <a href="DATABASE_README.html"> Lookup table overview </a>
+
+</ul>
+
+<h2> Postfix manual page organization </h2>
+
+<p> Each Postfix manual page is numbered after a section of the
+UNIX manual: examples are <a href="mailq.1.html">mailq(1)</a> or <a href="access.5.html">access(5)</a>. Unfortunately,
+there is no single universal method to organize manual pages; each
+UNIX flavor appears to be different. Postfix documentation assumes
+the following convention: </p>
+
+<blockquote>
+
+<table cellpadding="0" cellspacing="0">
+
+<tr><th> Section </th> <th> Topic </th> </tr>
+
+<tr><td colspan="2"> <hr> </td> </tr>
+
+<tr><td align="center"> 1 </td> <td> Commands </td> </tr>
+
+<tr><td align="center"> 3 </td> <td> Library routines </td> </tr>
+
+<tr><td align="center"> 5 </td> <td> File formats </td> </tr>
+
+<tr><td align="center"> 8 </td> <td> Daemons </td> </tr>
+
+</table>
+
+</blockquote>
+
+<h2> Commands </h2>
+
+<ul>
+
+
+<li> <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+
+<li> <a href="postcat.1.html">postcat(1)</a>, examine Postfix queue file
+
+<li> <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility
+
+<li> <a href="postdrop.1.html">postdrop(1)</a>, Postfix mail posting utility
+
+<li> <a href="postfix.1.html">postfix(1)</a>, Postfix control program
+
+<li> <a href="postfix-tls.1.html">postfix-tls(1)</a>, Postfix TLS management
+
+<li> <a href="postkick.1.html">postkick(1)</a>, trigger Postfix daemon
+
+<li> <a href="postlock.1.html">postlock(1)</a>, Postfix-compatible locking
+
+<li> <a href="postlog.1.html">postlog(1)</a>, Postfix-compatible logging
+
+<li> <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+
+<li> <a href="postmulti.1.html">postmulti(1)</a>, Postfix multi-instance manager
+
+<li> <a href="postqueue.1.html">postqueue(1)</a>, Postfix mail queue control
+
+<li> <a href="postsuper.1.html">postsuper(1)</a>, Postfix housekeeping
+
+<li> <a href="mailq.1.html">mailq(1)</a>, Sendmail compatibility interface
+
+<li> <a href="newaliases.1.html">newaliases(1)</a>, Sendmail compatibility interface
+
+<li> <a href="sendmail.1.html">sendmail(1)</a>, Sendmail compatibility interface
+
+</ul>
+
+<h2> Postfix configuration </h2>
+
+<ul>
+
+
+<li> <a href="bounce.5.html">bounce(5)</a>, Postfix bounce message templates
+
+<li> <a href="master.5.html">master(5)</a>, Postfix <a href="master.5.html">master.cf</a> file syntax
+
+<li> <a href="postconf.5.html">postconf(5)</a>, Postfix <a href="postconf.5.html">main.cf</a> file syntax
+
+<li> <a href="postfix-wrapper.5.html">postfix-wrapper(5)</a>, Postfix multi-instance API
+
+</ul>
+
+<h2> Table-driven mechanisms </h2>
+
+<ul>
+
+
+<li> <a href="access.5.html">access(5)</a>, Postfix SMTP access control table
+
+<li> <a href="aliases.5.html">aliases(5)</a>, Postfix alias database
+
+<li> <a href="canonical.5.html">canonical(5)</a>, Postfix input address rewriting
+
+<li> <a href="generic.5.html">generic(5)</a>, Postfix output address rewriting
+
+<li> <a href="header_checks.5.html">header_checks(5)</a>, <a href="header_checks.5.html">body_checks(5)</a>, Postfix content inspection
+
+<li> <a href="relocated.5.html">relocated(5)</a>, Users that have moved
+
+<li> <a href="transport.5.html">transport(5)</a>, Postfix routing table
+
+<li> <a href="virtual.5.html">virtual(5)</a>, Postfix virtual aliasing
+
+</ul>
+
+<h2> Table lookup mechanisms </h2>
+
+<ul>
+
+
+<li> <a href="cidr_table.5.html">cidr_table(5)</a>, Associate CIDR pattern with value
+
+<li> <a href="ldap_table.5.html">ldap_table(5)</a>, Postfix LDAP client
+
+<li> <a href="lmdb_table.5.html">lmdb_table(5)</a>, Postfix LMDB database driver
+
+<li> <a href="memcache_table.5.html">memcache_table(5)</a>, Postfix memcache client
+
+<li> <a href="mysql_table.5.html">mysql_table(5)</a>, Postfix MYSQL client
+
+<li> <a href="nisplus_table.5.html">nisplus_table(5)</a>, Postfix NIS+ client
+
+<li> <a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
+
+<li> <a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
+
+<li> <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
+
+<li> <a href="socketmap_table.5.html">socketmap_table(5)</a>, Postfix socketmap client
+
+<li> <a href="sqlite_table.5.html">sqlite_table(5)</a>, Postfix SQLite database driver
+
+<li> <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
+
+</ul>
+
+<h2> Daemon processes </h2>
+
+<ul>
+
+
+<li> <a href="anvil.8.html">anvil(8)</a>, Postfix connection/rate limiting
+
+<li> <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a>, <a href="trace.8.html">trace(8)</a>, Delivery status reports
+
+<li> <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue message
+
+<li> <a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+
+<li> <a href="dnsblog.8.html">dnsblog(8)</a>, DNS allow/denylist logger
+
+<li> <a href="error.8.html">error(8)</a>, Postfix error delivery agent
+
+<li> <a href="flush.8.html">flush(8)</a>, Postfix fast ETRN service
+
+<li> <a href="local.8.html">local(8)</a>, Postfix local delivery agent
+
+<li> <a href="master.8.html">master(8)</a>, Postfix master daemon
+
+<li> <a href="qmgr.8.html">oqmgr(8)</a>, old Postfix queue manager
+
+<li> <a href="pickup.8.html">pickup(8)</a>, Postfix local mail pickup
+
+<li> <a href="pipe.8.html">pipe(8)</a>, deliver mail to non-Postfix command
+
+<li> <a href="postlogd.8.html">postlogd(8)</a>, Postfix internal logging service
+
+<li> <a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
+
+<li> <a href="proxymap.8.html">proxymap(8)</a>, Postfix lookup table proxy server
+
+<li> <a href="qmgr.8.html">qmgr(8)</a>, Postfix queue manager
+
+<li> <a href="qmqpd.8.html">qmqpd(8)</a>, Postfix QMQP server
+
+<li> <a href="scache.8.html">scache(8)</a>, Postfix connection cache manager
+
+<li> <a href="showq.8.html">showq(8)</a>, list Postfix mail queue
+
+<li> <a href="smtp.8.html">smtp(8)</a>, <a href="lmtp.8.html">lmtp(8)</a>, Postfix SMTP+LMTP client
+
+<li> <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+
+<li> <a href="spawn.8.html">spawn(8)</a>, run non-Postfix server
+
+<li> <a href="tlsmgr.8.html">tlsmgr(8)</a>, Postfix TLS cache and randomness manager
+
+<li> <a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
+
+<li> <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, Postfix address rewriting
+
+<li> <a href="verify.8.html">verify(8)</a>, Postfix address verification
+
+<li> <a href="virtual.8.html">virtual(8)</a>, Postfix virtual delivery agent
+
+</ul>
+
+
+</body>
+
+</html>
diff --git a/html/postfix-power.png b/html/postfix-power.png
new file mode 100644
index 0000000..8ccf22a
--- /dev/null
+++ b/html/postfix-power.png
Binary files differ
diff --git a/html/postfix-tls.1.html b/html/postfix-tls.1.html
new file mode 100644
index 0000000..f599207
--- /dev/null
+++ b/html/postfix-tls.1.html
@@ -0,0 +1,241 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postfix-tls(1) </title>
+</head> <body> <pre>
+POSTFIX-TLS(1) POSTFIX-TLS(1)
+
+<b>NAME</b>
+ postfix-tls - Postfix TLS management
+
+<b>SYNOPSIS</b>
+ <b><a href="postfix-tls.1.html">postfix tls</a></b> <i>subcommand</i>
+
+<b>DESCRIPTION</b>
+ The "<b><a href="postfix-tls.1.html">postfix tls</a></b> <i>subcommand</i>" feature enables opportunistic TLS in the
+ Postfix SMTP client or server, and manages Postfix SMTP server private
+ keys and certificates.
+
+ The following subcommands are available:
+
+ <b>enable-client</b> [<b>-r</b> <i>randsource</i>]
+ Enable opportunistic TLS in the Postfix SMTP client, if all SMTP
+ client TLS settings are at their default values. Otherwise,
+ suggest parameter settings without making any changes.
+
+ Specify <i>randsource</i> to update the value of the <b><a href="postconf.5.html#tls_random_source">tls_random_source</a></b>
+ configuration parameter (typically, /dev/urandom). Prepend <b>dev:</b>
+ to device paths or <b>egd:</b> to EGD socket paths.
+
+ See also the <b>all-default-client</b> subcommand.
+
+ <b>enable-server</b> [<b>-r</b> <i>randsource</i>] [<b>-a</b> <i>algorithm</i>] [<b>-b</b> <i>bits</i>] [<i>hostname</i><b>...</b>]
+ Create a new private key and self-signed server certificate and
+ enable opportunistic TLS in the Postfix SMTP server, if all SMTP
+ server TLS settings are at their default values. Otherwise,
+ suggest parameter settings without making any changes.
+
+ The <i>randsource</i> parameter is as with <b>enable-client</b> above, and the
+ remaining options are as with <b>new-server-key</b> below.
+
+ See also the <b>all-default-server</b> subcommand.
+
+ <b>new-server-key</b> [<b>-a</b> <i>algorithm</i>] [<b>-b</b> <i>bits</i>] [<i>hostname</i><b>...</b>]
+ Create a new private key and self-signed server certificate, but
+ do not deploy them. Log and display commands to deploy the new
+ key and corresponding certificate. Also log and display com-
+ mands to output a corresponding CSR or TLSA records which may be
+ needed to obtain a CA certificate or to update DNS before the
+ new key can be deployed.
+
+ The <i>algorithm</i> defaults to <b>rsa</b>, and <i>bits</i> defaults to 2048. If
+ you choose the <b>ecdsa</b> <i>algorithm</i> then <i>bits</i> will be an EC curve
+ name (by default <b>secp256r1</b>, also known as prime256v1). Curves
+ other than <b>secp256r1</b>, <b>secp384r1</b> or <b>secp521r1</b> are unlikely to be
+ widely interoperable. When generating EC keys, use one of these
+ three. DSA keys are obsolete and are not supported.
+
+ Note: ECDSA support requires OpenSSL 1.0.0 or later and may not
+ be available on your system. Not all client systems will sup-
+ port ECDSA, so you'll generally want to deploy both RSA and
+ ECDSA certificates to make use of ECDSA with compatible clients
+ and RSA with the rest. If you want to deploy certificate chains
+ with intermediate CAs for both RSA and ECDSA, you'll want at
+ least OpenSSL 1.0.2, as earlier versions may not handle multiple
+ chain files correctly.
+
+ The first <i>hostname</i> argument will be the <b>CommonName</b> of both the
+ subject and issuer of the self-signed certificate. It, and any
+ additional <i>hostname</i> arguments, will also be listed as DNS alter-
+ native names in the certificate. If no <i>hostname</i> is provided the
+ value of the <b><a href="postconf.5.html#myhostname">myhostname</a></b> <a href="postconf.5.html">main.cf</a> parameter will be used.
+
+ For RSA, the generated private key and certificate files are
+ named <b>key-</b><i>yyyymmdd-hhmmss</i><b>.pem</b> and <b>cert-</b><i>yyyymmdd-hhmmss</i><b>.pem</b>,
+ where <i>yyyymmdd</i> is the calendar date and <i>hhmmss</i> is the time of
+ day in UTC. For ECDSA, the file names start with <b>eckey-</b> and
+ <b>eccert-</b> instead of <b>key-</b> and <b>cert-</b> respectively.
+
+ Before deploying the new key and certificate with DANE, update
+ the DNS with new DANE TLSA records, then wait for secondary
+ nameservers to update and then for stale records in remote DNS
+ caches to expire.
+
+ Before deploying a new CA certificate make sure to include all
+ the required intermediate issuing CA certificates in the cer-
+ tificate chain file. The server certificate must be the first
+ certificate in the chain file. Overwrite and deploy the file
+ with the original self-signed certificate that was generated
+ together with the key.
+
+ <b>new-server-cert</b> [<b>-a</b> <i>algorithm</i>] [<b>-b</b> <i>bits</i>] [<i>hostname</i><b>...</b>]
+ This is just like <b>new-server-key</b> except that, rather than gener-
+ ating a new private key, any currently deployed private key is
+ copied to the new key file. Thus if you're publishing DANE TLSA
+ "3 1 1" or "3 1 2" records, there is no need to update DNS
+ records. The <i>algorithm</i> and <i>bits</i> arguments are used only if no
+ key of the same algorithm is already configured.
+
+ This command is rarely needed, because the self-signed certifi-
+ cates generated have a 100-year nominal expiration time. The
+ underlying public key algorithms may well be obsoleted by quan-
+ tum computers long before then.
+
+ The most plausible reason for using this command is when the
+ system hostname changes, and you'd like the name in the certifi-
+ cate to match the new hostname (not required for DANE "3 1 1",
+ but some needlessly picky non-DANE opportunistic TLS clients may
+ log warnings or even refuse to communicate).
+
+ <b>deploy-server-cert</b> <i>certfile keyfile</i>
+ This subcommand deploys the certificates in <i>certfile</i> and private
+ key in <i>keyfile</i> (which are typically generated by the commands
+ above, which will also log and display the full command needed
+ to deploy the generated key and certificate). After the new
+ certificate and key are deployed any obsolete keys and certifi-
+ cates may be removed by hand. The <i>keyfile</i> and <i>certfile</i> file-
+ names may be relative to the Postfix configuration directory.
+
+ <b>output-server-csr</b> [<b>-k</b> <i>keyfile</i>] [<i>hostname</i><b>...</b>]
+ Write to stdout a certificate signing request (CSR) for the
+ specified <i>keyfile</i>.
+
+ Instead of an absolute pathname or a pathname relative to $<a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, <i>keyfile</i> may specify one of the supported key
+ algorithm names (see "<b>postconf -T public-key-algorithms</b>"). In
+ that case, the corresponding setting from <a href="postconf.5.html">main.cf</a> is used to
+ locate the <i>keyfile</i>. The default <i>keyfile</i> value is <b>rsa</b>.
+
+ Zero or more <i>hostname</i> values can be specified. The default
+ <i>hostname</i> is the value of <b><a href="postconf.5.html#myhostname">myhostname</a></b> <a href="postconf.5.html">main.cf</a> parameter.
+
+ <b>output-server-tlsa</b> [<b>-h</b> <i>hostname</i>] [<i>keyfile</i><b>...</b>]
+ Write to stdout a DANE TLSA RRset suitable for a port 25 SMTP
+ server on host <i>hostname</i> with keys from any of the specified <i>key-</i>
+ <i>file</i> values. The default <i>hostname</i> is the value of the <b>myhost-</b>
+ <b>name</b> <a href="postconf.5.html">main.cf</a> parameter.
+
+ Instead of absolute pathnames or pathnames relative to $<a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, the <i>keyfile</i> list may specify names of supported
+ public key algorithms (see "<b>postconf -T public-key-algorithms</b>").
+ In that case, the actual <i>keyfile</i> list uses the values of the
+ corresponding Postfix server TLS key file parameters. If a
+ parameter value is empty or equal to <b>none</b>, then no TLSA record
+ is output for that algorithm.
+
+ The default <i>keyfile</i> list consists of the two supported algo-
+ rithms <b>rsa</b> and <b>ecdsa</b>.
+
+<b>AUXILIARY COMMANDS</b>
+ <b>all-default-client</b>
+ Exit with status 0 (success) if all SMTP client TLS settings are
+ at their default values. Otherwise, exit with a non-zero status.
+ This is typically used as follows:
+
+ <b><a href="postfix-tls.1.html">postfix tls</a> all-default-client</b> &amp;&amp;
+ <b><a href="postfix-tls.1.html">postfix tls</a> enable-client</b>
+
+ <b>all-default-server</b>
+ Exit with status 0 (success) if all SMTP server TLS settings are
+ at their default values. Otherwise, exit with a non-zero status.
+ This is typically used as follows:
+
+ <b><a href="postfix-tls.1.html">postfix tls</a> all-default-server</b> &amp;&amp;
+ <b><a href="postfix-tls.1.html">postfix tls</a> enable-server</b>
+
+<b>CONFIGURATION PARAMETERS</b>
+ The "<b><a href="postfix-tls.1.html">postfix tls</a></b> <i>subcommand</i>" feature reads or updates the following
+ configuration parameters.
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#openssl_path">openssl_path</a> (openssl)</b>
+ The location of the OpenSSL command line program <b>openssl</b>(1).
+
+ <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP client logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
+ The default SMTP TLS security level for the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
+
+ <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
+ File with the Postfix SMTP server RSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
+ File with the Postfix SMTP server ECDSA certificate in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
+ File with the Postfix SMTP server ECDSA private key in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
+ File with the Postfix SMTP server RSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP server logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
+ Request that the Postfix SMTP server produces Received: message
+ headers that include information about the protocol and cipher
+ used, as well as the remote SMTP client CommonName and client
+ certificate issuer CommonName.
+
+ <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
+ The SMTP TLS security level for the Postfix SMTP server; when a
+ non-empty value is specified, this overrides the obsolete param-
+ eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
+
+ <b><a href="postconf.5.html#tls_random_source">tls_random_source</a> (see 'postconf -d' output)</b>
+ The external entropy source for the in-memory <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> pseudo
+ random number generator (PRNG) pool.
+
+<b>SEE ALSO</b>
+ <a href="master.8.html">master(8)</a> Postfix master program
+ <a href="postfix.1.html">postfix(1)</a> Postfix administrative interface
+
+<b>README FILES</b>
+ <a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The "<b><a href="postfix-tls.1.html">postfix tls</a></b>" command was introduced with Postfix version 3.1.
+
+<b>AUTHOR(S)</b>
+ Viktor Dukhovni
+
+ POSTFIX-TLS(1)
+</pre> </body> </html>
diff --git a/html/postfix-wrapper.5.html b/html/postfix-wrapper.5.html
new file mode 100644
index 0000000..a75472c
--- /dev/null
+++ b/html/postfix-wrapper.5.html
@@ -0,0 +1,273 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postfix-wrapper(5) </title>
+</head> <body> <pre>
+POSTFIX-WRAPPER(5) POSTFIX-WRAPPER(5)
+
+<b>NAME</b>
+ postfix-wrapper - Postfix multi-instance API
+
+<b>DESCRIPTION</b>
+ Support for managing multiple Postfix instances is available as of ver-
+ sion 2.6. Instances share executable files and documentation, but have
+ their own directories for configuration, queue and data files.
+
+ This document describes how the familiar "postfix start" etc. user
+ interface can be used to manage one or multiple Postfix instances, and
+ gives details of an API to coordinate activities between the <a href="postfix.1.html">postfix(1)</a>
+ command and a multi-instance manager program.
+
+ With multi-instance support, the default Postfix instance is always
+ required. This instance is identified by the <a href="postconf.5.html#config_directory">config_directory</a> parame-
+ ter's default value.
+
+<b>GENERAL OPERATION</b>
+ Multi-instance support is backwards compatible: when you run only one
+ Postfix instance, commands such as "postfix start" will not change
+ behavior at all.
+
+ Even with multiple Postfix instances, you can keep using the same post-
+ fix commands in boot scripts, upgrade procedures, and other places. The
+ commands do more work, but humans are not forced to learn new tricks.
+
+ For example, to start all Postfix instances, use:
+
+ # postfix start
+
+ Other <a href="postfix.1.html">postfix(1)</a> commands also work as expected. For example, to find
+ out what Postfix instances exist in a multi-instance configuration,
+ use:
+
+ # postfix status
+
+ This enumerates the status of all Postfix instances within a
+ multi-instance configuration.
+
+<b>MANAGING AN INDIVIDUAL POSTFIX INSTANCE</b>
+ To manage a specific Postfix instance, specify its configuration direc-
+ tory on the <a href="postfix.1.html">postfix(1)</a> command line:
+
+ # postfix -c <i>/path/to/config</i><b>_</b><i>directory command</i>
+
+ Alternatively, the <a href="postfix.1.html">postfix(1)</a> command accepts the instance's configura-
+ tion directory via the MAIL_CONFIG environment variable (the -c com-
+ mand-line option has higher precedence).
+
+ Otherwise, the <a href="postfix.1.html">postfix(1)</a> command will operate on all Postfix
+ instances.
+
+<b>ENABLING POSTFIX(1) MULTI-INSTANCE MODE</b>
+ By default, the <a href="postfix.1.html">postfix(1)</a> command operates in single-instance mode. In
+ this mode the command invokes the postfix-script file directly (cur-
+ rently installed in the daemon directory). This file contains the com-
+ mands that start or stop one Postfix instance, that upgrade the config-
+ uration of one Postfix instance, and so on.
+
+ When the <a href="postfix.1.html">postfix(1)</a> command operates in multi-instance mode as dis-
+ cussed below, the command needs to execute start, stop, etc. commands
+ for each Postfix instance. This multiplication of commands is handled
+ by a multi-instance manager program.
+
+ Turning on <a href="postfix.1.html">postfix(1)</a> multi-instance mode goes as follows: in the
+ default Postfix instance's <a href="postconf.5.html">main.cf</a> file, 1) specify the pathname of a
+ multi-instance manager program with the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parame-
+ ter; 2) populate the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter with the con-
+ figuration directory pathnames of additional Postfix instances. For
+ example:
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper
+ <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> = /etc/postfix-test
+
+ The $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper file implements a simple manager
+ and contains instructions for creating Postfix instances by hand. The
+ <a href="postmulti.1.html">postmulti(1)</a> command provides a more extensive implementation including
+ support for life-cycle management.
+
+ The <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> and other <a href="postconf.5.html">main.cf</a> parameters are listed
+ below in the CONFIGURATION PARAMETERS section.
+
+ In multi-instance mode, the <a href="postfix.1.html">postfix(1)</a> command invokes the
+ $<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> command instead of the postfix-script file.
+ This multi-instance manager in turn executes the <a href="postfix.1.html">postfix(1)</a> command in
+ single-instance mode for each Postfix instance.
+
+ To illustrate the main ideas behind multi-instance operation, below is
+ an example of a simple but useful multi-instance manager implementa-
+ tion:
+
+ #!/bin/sh
+
+ : ${<a href="postconf.5.html#command_directory">command_directory</a>?"do not invoke this command directly"}
+
+ POSTCONF=$<a href="postconf.5.html#command_directory">command_directory</a>/postconf
+ POSTFIX=$<a href="postconf.5.html#command_directory">command_directory</a>/postfix
+ instance_dirs=`$POSTCONF -h <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> |
+ sed 's/,/ /'` || exit 1
+
+ err=0
+ for dir in $<a href="postconf.5.html#config_directory">config_directory</a> $instance_dirs
+ do
+ case "$1" in
+ stop|abort|flush|reload|drain)
+ test "`$POSTCONF -c $dir -h <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>`" \
+ = yes || continue;;
+ start)
+ test "`$POSTCONF -c $dir -h <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>`" \
+ = yes || {
+ $POSTFIX -c $dir check || err=$?
+ continue
+ };;
+ esac
+ $POSTFIX -c $dir "$@" || err=$?
+ done
+
+ exit $err
+
+<b>PER-INSTANCE MULTI-INSTANCE MANAGER CONTROLS</b>
+ Each Postfix instance has its own <a href="postconf.5.html">main.cf</a> file with parameters that
+ control how the multi-instance manager operates on that instance. This
+ section discusses the most important settings.
+
+ The setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes" allows the multi-instance
+ manager to start (stop, etc.) the corresponding Postfix instance. For
+ safety reasons, this setting is not the default.
+
+ The default setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no" is useful for manual
+ testing with "postfix -c <i>/path/name</i> start" etc. The multi-instance
+ manager will not start such an instance, and it will skip commands such
+ as "stop" or "flush" that require a running Postfix instance. The
+ multi-instance manager will execute commands such as "check", "set-per-
+ missions" or "upgrade-configuration", and it will replace "start" by
+ "check" so that problems will be reported even when the instance is
+ disabled.
+
+<b>MAINTAINING SHARED AND NON-SHARED FILES</b>
+ Some files are shared between Postfix instances, such as executables
+ and manpages, and some files are per-instance, such as configuration
+ files, mail queue files, and data files. See the NON-SHARED FILES sec-
+ tion below for a list of per-instance files.
+
+ Before Postfix multi-instance support was implemented, the executables,
+ manpages, etc., have always been maintained as part of the default
+ Postfix instance.
+
+ With multi-instance support, we simply continue to do this. Specifi-
+ cally, a Postfix instance will not check or update shared files when
+ that instance's <a href="postconf.5.html#config_directory">config_directory</a> value is listed with the default
+ <a href="postconf.5.html">main.cf</a> file's <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter.
+
+ The consequence of this approach is that the default Postfix instance
+ should be checked and updated before any other instances.
+
+<b>MULTI-INSTANCE API SUMMARY</b>
+ Only the multi-instance manager implements support for the
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> configuration parameter. The multi-instance man-
+ ager will start only Postfix instances whose <a href="postconf.5.html">main.cf</a> file has
+ "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". A setting of "no" allows a Postfix
+ instance to be tested by hand.
+
+ The <a href="postfix.1.html">postfix(1)</a> command operates on only one Postfix instance when the
+ -c option is specified, or when MAIL_CONFIG is present in the process
+ environment. This is necessary to terminate recursion.
+
+ Otherwise, when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value is
+ non-empty, the <a href="postfix.1.html">postfix(1)</a> command executes the command specified with
+ the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter, instead of executing the commands
+ in postfix-script.
+
+ The multi-instance manager skips commands such as "stop" or "reload"
+ that require a running Postfix instance, when an instance does not have
+ "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". This avoids false error messages.
+
+ The multi-instance manager replaces a "start" command by "check" when a
+ Postfix instance's <a href="postconf.5.html">main.cf</a> file does not have "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> =
+ yes". This substitution ensures that problems will be reported even
+ when the instance is disabled.
+
+ No Postfix command or script will update or check shared files when its
+ <a href="postconf.5.html#config_directory">config_directory</a> value is listed in the default <a href="postconf.5.html">main.cf</a>'s
+ <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value. Therefore, the default
+ instance should be checked and updated before any Postfix instances
+ that depend on it.
+
+ Set-gid commands such as <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a> effectively
+ append the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value to the legacy
+ <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter value. The commands use this
+ information to determine whether a -c option or MAIL_CONFIG environment
+ setting specifies a legitimate value.
+
+ The legacy <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter remains necessary for
+ non-default Postfix instances that are running different versions of
+ Postfix, or that are not managed together with the default Postfix
+ instance.
+
+<b>ENVIRONMENT VARIABLES</b>
+ MAIL_CONFIG
+ When present, this forces the <a href="postfix.1.html">postfix(1)</a> command to operate only
+ on the specified Postfix instance. This environment variable is
+ exported by the <a href="postfix.1.html">postfix(1)</a> -c option, so that <a href="postfix.1.html">postfix(1)</a> com-
+ mands in descendant processes will work correctly.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The text below provides only a parameter summary. See <a href="postconf.5.html">postconf(5)</a> for
+ more details.
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> (empty)</b>
+ The pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
+ <a href="postfix.1.html"><b>fix</b>(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+ parameter value is non-empty.
+
+ <b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
+ The optional instance name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
+ The optional instance group name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
+
+<b>NON-SHARED FILES</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+<b>SEE ALSO</b>
+ <a href="postfix.1.html">postfix(1)</a> Postfix control program
+ <a href="postmulti.1.html">postmulti(1)</a> full-blown multi-instance manager
+ $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper simple multi-instance manager
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTFIX-WRAPPER(5)
+</pre> </body> </html>
diff --git a/html/postfix.1.html b/html/postfix.1.html
new file mode 100644
index 0000000..4654071
--- /dev/null
+++ b/html/postfix.1.html
@@ -0,0 +1,455 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postfix(1) </title>
+</head> <body> <pre>
+POSTFIX(1) POSTFIX(1)
+
+<b>NAME</b>
+ postfix - Postfix control program
+
+<b>SYNOPSIS</b>
+ <b>postfix</b> [<b>-Dv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>command</i>
+
+<b>DESCRIPTION</b>
+ This command is reserved for the superuser. To submit mail, use the
+ Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
+
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> command controls the operation of the Postfix mail sys-
+ tem: start or stop the <a href="master.8.html"><b>master</b>(8)</a> daemon, do a health check, and other
+ maintenance.
+
+ By default, the <a href="postfix.1.html"><b>postfix</b>(1)</a> command sets up a standardized environment
+ and runs the <b>postfix-script</b> shell script to do the actual work.
+
+ However, when support for multiple Postfix instances is configured,
+ <a href="postfix.1.html"><b>postfix</b>(1)</a> executes the command specified with the <b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrap</a>-</b>
+ <b><a href="postconf.5.html#multi_instance_wrapper">per</a></b> configuration parameter. This command will execute the <i>command</i> for
+ each applicable Postfix instance.
+
+ The following commands are implemented:
+
+ <b>check</b> Warn about bad directory/file ownership or permissions, and cre-
+ ate missing directories.
+
+ <b>start</b> Start the Postfix mail system. This also runs the configuration
+ check described above.
+
+ <b>start-fg</b>
+ Like <b>start</b>, but keep the <a href="master.8.html"><b>master</b>(8)</a> daemon running in the fore-
+ ground, and enable <a href="master.8.html"><b>master</b>(8)</a> "init" mode when running as PID 1.
+ This command requires that multi-instance support is disabled
+ (i.e. the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value must be
+ empty).
+
+ When running Postfix inside a container, see <a href="MAILLOG_README.html">MAILLOG_README</a> for
+ logging to stdout. Postfix logs to syslog by default, which
+ requires a) running a syslogd process inside the container, or
+ b) mounting the container host's /dev/log socket inside the con-
+ tainer (example: "docker run -v /dev/log:/dev/log ..."), and c)
+ a distinct Postfix "<a href="postconf.5.html#syslog_name">syslog_name</a>" prefix that identifies logging
+ from the Postfix instance.
+
+ <b>stop</b> Stop the Postfix mail system in an orderly fashion. If possible,
+ running processes are allowed to terminate at their earliest
+ convenience.
+
+ Note: in order to refresh the Postfix mail system after a con-
+ figuration change, do not use the <b>start</b> and <b>stop</b> commands in
+ succession. Use the <b>reload</b> command instead.
+
+ <b>abort</b> Stop the Postfix mail system abruptly. Running processes are
+ signaled to stop immediately.
+
+ <b>flush</b> Force delivery: attempt to deliver every message in the deferred
+ mail queue. Normally, attempts to deliver delayed mail happen at
+ regular intervals, the interval doubling after each failed
+ attempt.
+
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
+
+ <b>reload</b> Re-read configuration files. Running processes terminate at
+ their earliest convenience.
+
+ <b>status</b> Indicate if the Postfix mail system is currently running (zero
+ exit status) or stopped (non-zero exit status).
+
+ <b>set-permissions</b> [<i>name</i>=<i>value ...</i>]
+ Set the ownership and permissions of Postfix related files and
+ directories, as specified in the <b>postfix-files</b> file.
+
+ Specify <i>name</i>=<i>value</i> to override and update specific <a href="postconf.5.html">main.cf</a> con-
+ figuration parameters. Use this, for example, to change the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b> setting for an already installed
+ Postfix system.
+
+ This feature is available in Postfix 2.1 and later. With Post-
+ fix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_directory</a>/post-install</b>
+ <b>set-permissions</b>".
+
+ <b>logrotate</b>
+ Rotate the logfile specified with $<a href="postconf.5.html#maillog_file">maillog_file</a>, by appending a
+ time-stamp suffix that is formatted according to $<a href="postconf.5.html#maillog_file_rotate_suffix">mail</a>-
+ <a href="postconf.5.html#maillog_file_rotate_suffix">log_file_rotate_suffix</a>, and by compressing the file with the
+ command specified with $<a href="postconf.5.html#maillog_file_compressor">maillog_file_compressor</a>. This will not
+ rotate /dev/* files.
+
+ This feature is available in Postfix 3.4 and later.
+
+ <b>tls</b> <i>subcommand</i>
+ Enable opportunistic TLS in the Postfix SMTP client or server,
+ and manage Postfix SMTP server TLS private keys and certifi-
+ cates. See <a href="postfix-tls.1.html">postfix-tls(1)</a> for documentation.
+
+ This feature is available in Postfix 3.1 and later.
+
+ <b>upgrade-configuration</b> [<i>name</i>=<i>value ...</i>]
+ Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with information that
+ Postfix needs in order to run: add or update services, and add
+ or update configuration parameter settings.
+
+ Specify <i>name</i>=<i>value</i> to override and update specific <a href="postconf.5.html">main.cf</a> con-
+ figuration parameters.
+
+ This feature is available in Postfix 2.1 and later. With Post-
+ fix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_directory</a>/post-install</b>
+ <b>upgrade-configuration</b>".
+
+ The following options are implemented:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files in the named
+ directory instead of the default configuration directory. Use
+ this to distinguish between multiple Postfix instances on the
+ same host.
+
+ With Postfix 2.6 and later, this option forces the <a href="postfix.1.html">postfix(1)</a>
+ command to operate on the specified Postfix instance only. This
+ behavior is inherited by <a href="postfix.1.html">postfix(1)</a> commands that run as a
+ descendant of the current process.
+
+ <b>-D</b> (with <b>postfix start</b> only)
+ Run each Postfix daemon under control of a debugger as specified
+ via the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>ENVIRONMENT</b>
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment variables
+ before executing the <b>postfix-script</b> file:
+
+ <b>MAIL_CONFIG</b>
+ This is set when the -c command-line option is present.
+
+ With Postfix 2.6 and later, this environment variable forces the
+ <a href="postfix.1.html">postfix(1)</a> command to operate on the specified Postfix instance
+ only. This behavior is inherited by <a href="postfix.1.html">postfix(1)</a> commands that
+ run as a descendant of the current process.
+
+ <b>MAIL_VERBOSE</b>
+ This is set when the -v command-line option is present.
+
+ <b>MAIL_DEBUG</b>
+ This is set when the -D command-line option is present.
+
+ When the internal logging service is enabled (by setting a non-empty
+ <a href="postconf.5.html#maillog_file">maillog_file</a> parameter value) the <a href="postfix.1.html">postfix(1)</a> command exports settings
+ that are used by child processes before they have processed <a href="postconf.5.html">main.cf</a> or
+ command-line settings.
+
+ <b>POSTLOG_SERVICE</b>
+ The name of the public postlog service endpoint.
+
+ <b>POSTLOG_HOSTNAME</b>
+ The hostname to prepend to internal logging.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are exported as environ-
+ ment variables with the same names:
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#html_directory">html_directory</a> (see 'postconf -d' output)</b>
+ The location of Postfix HTML files that describe how to build,
+ configure or operate a specific Postfix subsystem or feature.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#mailq_path">mailq_path</a> (see 'postconf -d' output)</b>
+ Sendmail compatibility feature that specifies where the Postfix
+ <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
+
+ <b><a href="postconf.5.html#manpage_directory">manpage_directory</a> (see 'postconf -d' output)</b>
+ Where the Postfix manual pages are installed.
+
+ <b><a href="postconf.5.html#newaliases_path">newaliases_path</a> (see 'postconf -d' output)</b>
+ Sendmail compatibility feature that specifies the location of
+ the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#readme_directory">readme_directory</a> (see 'postconf -d' output)</b>
+ The location of Postfix README files that describe how to build,
+ configure or operate a specific Postfix subsystem or feature.
+
+ <b><a href="postconf.5.html#sendmail_path">sendmail_path</a> (see 'postconf -d' output)</b>
+ A Sendmail compatibility feature that specifies the location of
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
+
+ <b><a href="postconf.5.html#setgid_group">setgid_group</a> (postdrop)</b>
+ The group ownership of set-gid Postfix commands and of
+ group-writable Postfix directories.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#compatibility_level">compatibility_level</a> (0)</b>
+ A safety net that causes Postfix to run with backwards-compati-
+ ble default settings after an upgrade to a newer Postfix ver-
+ sion.
+
+ <b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
+ The location of non-executable files that are shared among mul-
+ tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+ ter.cf</a>.proto.
+
+ <b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
+ The location of Postfix dynamically-linked libraries (libpost-
+ fix-*.so), and the default location of Postfix database plugins
+ (postfix-*.so) that have a relative pathname in the dynam-
+ icmaps.cf file.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#openssl_path">openssl_path</a> (openssl)</b>
+ The location of the OpenSSL command line program <b>openssl</b>(1).
+
+ Other configuration parameters:
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> (empty)</b>
+ The pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
+ <a href="postfix.1.html"><b>fix</b>(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+ parameter value is non-empty.
+
+ <b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
+ The optional instance group name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
+ The optional instance name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#maillog_file">maillog_file</a> (empty)</b>
+ The name of an optional logfile that is written by the Postfix
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service.
+
+ <b><a href="postconf.5.html#maillog_file_compressor">maillog_file_compressor</a> (gzip)</b>
+ The program to run after rotating $<a href="postconf.5.html#maillog_file">maillog_file</a> with "postfix
+ logrotate".
+
+ <b><a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> (/var, /dev/stdout)</b>
+ A list of allowed prefixes for a <a href="postconf.5.html#maillog_file">maillog_file</a> value.
+
+ <b><a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> (%Y%m%d-%H%M%S)</b>
+ The format of the suffix to append to $<a href="postconf.5.html#maillog_file">maillog_file</a> while rotat-
+ ing the file with "postfix logrotate".
+
+ <b><a href="postconf.5.html#postlog_service_name">postlog_service_name</a> (postlog)</b>
+ The name of the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+<b>FILES</b>
+ Prior to Postfix version 2.6, all of the following files were in <b>$<a href="postconf.5.html#config_directory">con</a>-</b>
+ <b><a href="postconf.5.html#config_directory">fig_directory</a></b>. Some files are now in <b>$<a href="postconf.5.html#daemon_directory">daemon_directory</a></b> or <b>$meta_direc-</b>
+ <b>tory</b> so that they can be shared among multiple instances that run the
+ same Postfix version.
+
+ Use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" or "<b>postconf <a href="postconf.5.html#daemon_directory">daemon_direc</a>-</b>
+ <b><a href="postconf.5.html#daemon_directory">tory</a></b>" to expand the names into their actual values.
+
+ $<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
+ $<a href="postconf.5.html#config_directory">config_directory</a>/<a href="master.5.html">master.cf</a>, Postfix daemon processes
+ $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-script, administrative commands
+ $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/post-install, post-installation configuration
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/dynamicmaps.cf, plug-in database clients
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/postfix-files, file/directory permissions
+
+<b>SEE ALSO</b>
+ Commands:
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postcat.1.html">postcat(1)</a>, examine Postfix queue file
+ <a href="postconf.1.html">postconf(1)</a>, Postfix configuration utility
+ <a href="postdrop.1.html">postdrop(1)</a>, Postfix mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, Postfix control program
+ <a href="postfix-tls.1.html">postfix-tls(1)</a>, Postfix TLS management
+ <a href="postkick.1.html">postkick(1)</a>, trigger Postfix daemon
+ <a href="postlock.1.html">postlock(1)</a>, Postfix-compatible locking
+ <a href="postlog.1.html">postlog(1)</a>, Postfix-compatible logging
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postmulti.1.html">postmulti(1)</a>, Postfix multi-instance manager
+ <a href="postqueue.1.html">postqueue(1)</a>, Postfix mail queue control
+ <a href="postsuper.1.html">postsuper(1)</a>, Postfix housekeeping
+ <a href="mailq.1.html">mailq(1)</a>, Sendmail compatibility interface
+ <a href="newaliases.1.html">newaliases(1)</a>, Sendmail compatibility interface
+ <a href="sendmail.1.html">sendmail(1)</a>, Sendmail compatibility interface
+
+ Postfix configuration:
+ <a href="bounce.5.html">bounce(5)</a>, Postfix bounce message templates
+ <a href="master.5.html">master(5)</a>, Postfix <a href="master.5.html">master.cf</a> file syntax
+ <a href="postconf.5.html">postconf(5)</a>, Postfix <a href="postconf.5.html">main.cf</a> file syntax
+ <a href="postfix-wrapper.5.html">postfix-wrapper(5)</a>, Postfix multi-instance API
+
+ Table-driven mechanisms:
+ <a href="access.5.html">access(5)</a>, Postfix SMTP access control table
+ <a href="aliases.5.html">aliases(5)</a>, Postfix alias database
+ <a href="canonical.5.html">canonical(5)</a>, Postfix input address rewriting
+ <a href="generic.5.html">generic(5)</a>, Postfix output address rewriting
+ <a href="header_checks.5.html">header_checks(5)</a>, <a href="header_checks.5.html">body_checks(5)</a>, Postfix content inspection
+ <a href="relocated.5.html">relocated(5)</a>, Users that have moved
+ <a href="transport.5.html">transport(5)</a>, Postfix routing table
+ <a href="virtual.5.html">virtual(5)</a>, Postfix virtual aliasing
+
+ Table lookup mechanisms:
+ <a href="cidr_table.5.html">cidr_table(5)</a>, Associate CIDR pattern with value
+ <a href="ldap_table.5.html">ldap_table(5)</a>, Postfix LDAP client
+ <a href="lmdb_table.5.html">lmdb_table(5)</a>, Postfix LMDB database driver
+ <a href="memcache_table.5.html">memcache_table(5)</a>, Postfix memcache client
+ <a href="mysql_table.5.html">mysql_table(5)</a>, Postfix MYSQL client
+ <a href="nisplus_table.5.html">nisplus_table(5)</a>, Postfix NIS+ client
+ <a href="pcre_table.5.html">pcre_table(5)</a>, Associate PCRE pattern with value
+ <a href="pgsql_table.5.html">pgsql_table(5)</a>, Postfix PostgreSQL client
+ <a href="regexp_table.5.html">regexp_table(5)</a>, Associate POSIX regexp pattern with value
+ <a href="socketmap_table.5.html">socketmap_table(5)</a>, Postfix socketmap client
+ <a href="sqlite_table.5.html">sqlite_table(5)</a>, Postfix SQLite database driver
+ <a href="tcp_table.5.html">tcp_table(5)</a>, Postfix client-server table lookup
+
+ Daemon processes:
+ <a href="anvil.8.html">anvil(8)</a>, Postfix connection/rate limiting
+ <a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a>, <a href="trace.8.html">trace(8)</a>, Delivery status reports
+ <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue message
+ <a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+ <a href="dnsblog.8.html">dnsblog(8)</a>, DNS allow/denylist logger
+ <a href="error.8.html">error(8)</a>, Postfix error delivery agent
+ <a href="flush.8.html">flush(8)</a>, Postfix fast ETRN service
+ <a href="local.8.html">local(8)</a>, Postfix local delivery agent
+ <a href="master.8.html">master(8)</a>, Postfix master daemon
+ <a href="qmgr.8.html">oqmgr(8)</a>, old Postfix queue manager
+ <a href="pickup.8.html">pickup(8)</a>, Postfix local mail pickup
+ <a href="pipe.8.html">pipe(8)</a>, deliver mail to non-Postfix command
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix internal logging service
+ <a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
+ <a href="proxymap.8.html">proxymap(8)</a>, Postfix lookup table proxy server
+ <a href="qmgr.8.html">qmgr(8)</a>, Postfix queue manager
+ <a href="qmqpd.8.html">qmqpd(8)</a>, Postfix QMQP server
+ <a href="scache.8.html">scache(8)</a>, Postfix connection cache manager
+ <a href="showq.8.html">showq(8)</a>, list Postfix mail queue
+ <a href="smtp.8.html">smtp(8)</a>, <a href="lmtp.8.html">lmtp(8)</a>, Postfix SMTP+LMTP client
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="spawn.8.html">spawn(8)</a>, run non-Postfix server
+ <a href="tlsmgr.8.html">tlsmgr(8)</a>, Postfix TLS cache and randomness manager
+ <a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, Postfix address rewriting
+ <a href="verify.8.html">verify(8)</a>, Postfix address verification
+ <a href="virtual.8.html">virtual(8)</a>, Postfix virtual delivery agent
+
+ Other:
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="OVERVIEW.html">OVERVIEW</a>, overview of Postfix commands and processes
+ <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a>, Postfix basic configuration
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address rewriting
+ <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, SMTP relay/access control
+ <a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a>, Postfix content inspection
+ <a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TLS support by:
+ Lutz Jaenicke
+ Brandenburg University of Technology
+ Cottbus, Germany
+
+ Victor Duchovni
+ Morgan Stanley
+
+ SASL support originally by:
+ Till Franke
+ SuSE Rhein/Main AG
+ 65760 Eschborn, Germany
+
+ LMTP support originally by:
+ Philip A. Prindeville
+ Mirapoint, Inc.
+ USA.
+
+ Amos Gouaux
+ University of Texas at Dallas
+ P.O. Box 830688, MC34
+ Richardson, TX 75083, USA
+
+ IPv6 support originally by:
+ Mark Huizer, Eindhoven University, The Netherlands
+ Jun-ichiro 'itojun' Hagino, KAME project, Japan
+ The Linux PLD project
+ Dean Strik, Eindhoven University, The Netherlands
+
+ POSTFIX(1)
+</pre> </body> </html>
diff --git a/html/postkick.1.html b/html/postkick.1.html
new file mode 100644
index 0000000..3156fc4
--- /dev/null
+++ b/html/postkick.1.html
@@ -0,0 +1,97 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postkick(1) </title>
+</head> <body> <pre>
+POSTKICK(1) POSTKICK(1)
+
+<b>NAME</b>
+ postkick - kick a Postfix service
+
+<b>SYNOPSIS</b>
+ <b>postkick</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-v</b>] <i>class service request</i>
+
+<b>DESCRIPTION</b>
+ The <a href="postkick.1.html"><b>postkick</b>(1)</a> command sends <i>request</i> to the specified <i>service</i> over a
+ local transport channel. This command makes Postfix private IPC acces-
+ sible for use in, for example, shell scripts.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+ Arguments:
+
+ <i>class</i> Name of a class of local transport channel endpoints, either
+ <b>public</b> (accessible by any local user) or <b>private</b> (administrative
+ access only).
+
+ <i>service</i>
+ The name of a local transport endpoint within the named class.
+
+ <i>request</i>
+ A string. The list of valid requests is service-specific.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to the standard error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b>
+ Enable verbose logging for debugging purposes.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#application_event_drain_time">application_event_drain_time</a> (100s)</b>
+ How long the <a href="postkick.1.html"><b>postkick</b>(1)</a> command waits for a request to enter
+ the Postfix daemon process input buffer before giving up.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+<b>FILES</b>
+ /var/spool/postfix/private, private class endpoints
+ /var/spool/postfix/public, public class endpoints
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager trigger protocol
+ <a href="pickup.8.html">pickup(8)</a>, local pickup daemon
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTKICK(1)
+</pre> </body> </html>
diff --git a/html/postlock.1.html b/html/postlock.1.html
new file mode 100644
index 0000000..0ca0b57
--- /dev/null
+++ b/html/postlock.1.html
@@ -0,0 +1,118 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postlock(1) </title>
+</head> <body> <pre>
+POSTLOCK(1) POSTLOCK(1)
+
+<b>NAME</b>
+ postlock - lock mail folder and execute command
+
+<b>SYNOPSIS</b>
+ <b>postlock</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-l</b> <i>lock</i><b>_</b><i>style</i>]
+ [<b>-v</b>] <i>file command...</i>
+
+<b>DESCRIPTION</b>
+ The <a href="postlock.1.html"><b>postlock</b>(1)</a> command locks <i>file</i> for exclusive access, and executes
+ <i>command</i>. The locking method is compatible with the Postfix UNIX-style
+ local delivery agent.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-l</b> <i>lock</i><b>_</b><i>style</i>
+ Override the locking method specified via the <b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_deliv</a>-</b>
+ <b><a href="postconf.5.html#mailbox_delivery_lock">ery_lock</a></b> configuration parameter (see below).
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+ Arguments:
+
+ <i>file</i> A mailbox file. The user should have read/write permission.
+
+ <i>command...</i>
+ The command to execute while <i>file</i> is locked for exclusive
+ access. The command is executed directly, i.e. without inter-
+ pretation by a shell command interpreter.
+
+<b>DIAGNOSTICS</b>
+ The result status is 75 (EX_TEMPFAIL) when <a href="postlock.1.html"><b>postlock</b>(1)</a> could not per-
+ form the requested operation. Otherwise, the exit status is the exit
+ status from the command.
+
+<b>BUGS</b>
+ With remote file systems, the ability to acquire a lock does not neces-
+ sarily eliminate access conflicts. Avoid file access by processes run-
+ ning on different machines.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b>
+ Enable verbose logging for debugging purposes.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+<b>LOCKING CONTROLS</b>
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
+
+ <b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
+ delivery.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child process.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTLOCK(1)
+</pre> </body> </html>
diff --git a/html/postlog.1.html b/html/postlog.1.html
new file mode 100644
index 0000000..587edbc
--- /dev/null
+++ b/html/postlog.1.html
@@ -0,0 +1,116 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postlog(1) </title>
+</head> <body> <pre>
+POSTLOG(1) POSTLOG(1)
+
+<b>NAME</b>
+ postlog - Postfix-compatible logging utility
+
+<b>SYNOPSIS</b>
+ <b>postlog</b> [<b>-iv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-p</b> <i>priority</i>] [<b>-t</b> <i>tag</i>] [<i>text...</i>]
+
+<b>DESCRIPTION</b>
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command implements a Postfix-compatible logging inter-
+ face for use in, for example, shell scripts.
+
+ By default, <a href="postlog.1.html"><b>postlog</b>(1)</a> logs the <i>text</i> given on the command line as one
+ record. If no <i>text</i> is specified on the command line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads
+ from standard input and logs each input line as one record.
+
+ By default, logging is sent to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>; when the
+ standard error stream is connected to a terminal, logging is sent there
+ as well.
+
+ The following options are implemented:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-i</b> (obsolete)
+ Include the process ID in the logging tag. This flag is ignored
+ as of Postfix 3.4, where the PID is always included.
+
+ <b>-p</b> <i>priority</i> (default: <b>info</b>)
+ Specifies the logging severity: <b>info</b>, <b>warn</b>, <b>error</b>, <b>fatal</b>, or
+ <b>panic</b>. With Postfix 3.1 and later, the program will pause for 1
+ second after reporting a <b>fatal</b> or <b>panic</b> condition, just like
+ other Postfix programs.
+
+ <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
+ appears at the beginning of each logging record. A default tag
+ is used when none is specified.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>SECURITY</b>
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command is designed to run with set-groupid privileges,
+ so that it can connect to the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> daemon process (Postfix 3.7
+ and later; earlier implementations of this command must not have
+ set-groupid or set-userid permissions).
+
+<b>ENVIRONMENT</b>
+ MAIL_CONFIG
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.4 and later:
+
+ <b><a href="postconf.5.html#maillog_file">maillog_file</a> (empty)</b>
+ The name of an optional logfile that is written by the Postfix
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service.
+
+ <b><a href="postconf.5.html#postlog_service_name">postlog_service_name</a> (postlog)</b>
+ The name of the <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command was introduced with Postfix version 3.4.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTLOG(1)
+</pre> </body> </html>
diff --git a/html/postlogd.8.html b/html/postlogd.8.html
new file mode 100644
index 0000000..58cdf01
--- /dev/null
+++ b/html/postlogd.8.html
@@ -0,0 +1,93 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postlogd(8) </title>
+</head> <body> <pre>
+POSTLOGD(8) POSTLOGD(8)
+
+<b>NAME</b>
+ postlogd - Postfix internal log server
+
+<b>SYNOPSIS</b>
+ <b>postlogd</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ This program logs events on behalf of Postfix programs when the maillog
+ configuration parameter specifies a non-empty value.
+
+<b>BUGS</b>
+ Non-daemon Postfix programs don't know that they should log to the
+ internal logging service before they have processed command-line
+ options and <a href="postconf.5.html">main.cf</a> parameters. These programs still log earlier events
+ to the syslog service.
+
+ If Postfix is down, the non-daemon programs <a href="postfix.1.html"><b>postfix</b>(1)</a>, <a href="postsuper.1.html"><b>postsuper</b>(1)</a>,
+ <a href="postmulti.1.html"><b>postmulti</b>(1)</a>, and <a href="postlog.1.html"><b>postlog</b>(1)</a>, will log directly to <b>$<a href="postconf.5.html#maillog_file">maillog_file</a></b>. These
+ programs expect to run with root privileges, for example during Postfix
+ start-up, reload, or shutdown.
+
+ Other non-daemon Postfix programs will never write directly to <b>$<a href="postconf.5.html#maillog_file">mail</a>-</b>
+ <b><a href="postconf.5.html#maillog_file">log_file</a></b> (also, logging to stdout would interfere with the operation of
+ some of these programs). These programs can log to <a href="postlogd.8.html"><b>postlogd</b>(8)</a> if they
+ are run by the super-user, or if their executable file has set-gid per-
+ mission. Do not set this permission on programs other than <a href="postdrop.1.html"><b>postdrop</b>(1)</a>,
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> and (Postfix &gt;= 3.7) <a href="postlog.1.html"><b>postlog</b>(1)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="postlogd.8.html"><b>postlogd</b>(8)</a> pro-
+ cesses run for only a limited amount of time. Use the command "<b>postfix</b>
+ <b>reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#maillog_file">maillog_file</a> (empty)</b>
+ The name of an optional logfile that is written by the Postfix
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a> service.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ <b><a href="postconf.5.html#postlogd_watchdog_timeout">postlogd_watchdog_timeout</a> (10s)</b>
+ How much time a <a href="postlogd.8.html"><b>postlogd</b>(8)</a> process may take to process a
+ request before it is terminated by a built-in watchdog timer.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
+ <a href="MAILLOG_README.html">MAILLOG_README</a>, Postfix logging to file or stdout
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 3.4.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTLOGD(8)
+</pre> </body> </html>
diff --git a/html/postmap.1.html b/html/postmap.1.html
new file mode 100644
index 0000000..371af30
--- /dev/null
+++ b/html/postmap.1.html
@@ -0,0 +1,321 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postmap(1) </title>
+</head> <body> <pre>
+POSTMAP(1) POSTMAP(1)
+
+<b>NAME</b>
+ postmap - Postfix lookup table management
+
+<b>SYNOPSIS</b>
+ <b>postmap</b> [<b>-bfFhimnNoprsuUvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-d</b> <i>key</i>] [<b>-q</b> <i>key</i>]
+ [<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
+
+<b>DESCRIPTION</b>
+ The <a href="postmap.1.html"><b>postmap</b>(1)</a> command creates or queries one or more Postfix lookup
+ tables, or updates an existing one.
+
+ If the result files do not exist they will be created with the same
+ group and other read permissions as their source file.
+
+ While the table update is in progress, signal delivery is postponed,
+ and an exclusive, advisory, lock is placed on the entire table, in
+ order to avoid surprises in spectator processes.
+
+<b>INPUT FILE FORMAT</b>
+ The format of a lookup table input file is as follows:
+
+ <b>o</b> A table entry has the form
+
+ <i>key</i> whitespace <i>value</i>
+
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ The <i>key</i> and <i>value</i> are processed as is, except that surrounding white
+ space is stripped off. Whitespace in lookup keys is supported in Post-
+ fix 3.2 and later, by surrounding the key with double quote characters
+ `"'. Within the double quotes, double quote `"' and backslash `\' char-
+ acters can be included by quoting them with a preceding backslash.
+
+ When the <b>-F</b> option is given, the <i>value</i> must specify one or more file-
+ names separated by comma and/or whitespace; <a href="postmap.1.html"><b>postmap</b>(1)</a> will concatenate
+ the file content (with a newline character inserted between files) and
+ will store the base64-encoded result instead of the <i>value</i>.
+
+ When the <i>key</i> specifies email address information, the localpart should
+ be enclosed with double quotes if required by <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>. For example, an
+ address localpart that contains ";", or a localpart that starts or ends
+ with ".".
+
+ By default the lookup key is mapped to lowercase to make the lookups
+ case insensitive; as of Postfix 2.3 this case folding happens only with
+ tables whose lookup keys are fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or
+ <a href="DATABASE_README.html#types">hash</a>:. With earlier versions, the lookup key is folded even with tables
+ where a lookup field can match both upper and lower case text, such as
+ <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in loss of information with $<i>number</i>
+ substitutions.
+
+<b>COMMAND-LINE ARGUMENTS</b>
+ <b>-b</b> Enable message body query mode. When reading lookup keys from
+ standard input with "<b>-q -</b>", process the input as if it is an
+ email message in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each line of body content
+ becomes one lookup key.
+
+ By default, the <b>-b</b> option starts generating lookup keys at the
+ first non-header line, and stops when the end of the message is
+ reached. To simulate <a href="header_checks.5.html"><b>body_checks</b>(5)</a> processing, enable MIME
+ parsing with <b>-m</b>. With this, the <b>-b</b> option generates no
+ body-style lookup keys for attachment MIME headers and for
+ attached message/* headers.
+
+ NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-b</b> option disables UTF-8
+ syntax checks on query keys and lookup results. Specify the <b>-U</b>
+ option to force UTF-8 syntax checks anyway.
+
+ This feature is available in Postfix version 2.6 and later.
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one entry per map.
+ The exit status is zero when the requested information was
+ found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream. The exit status is zero when at
+ least one of the requested keys was found.
+
+ <b>-f</b> Do not fold the lookup key to lower case while creating or
+ querying a table.
+
+ With Postfix version 2.3 and later, this option has no effect
+ for regular expression tables. There, case folding is controlled
+ by appending a flag to a pattern.
+
+ <b>-F</b> When querying a map, or listing a map, base64-decode each value.
+ When creating a map from source file, process each value as a
+ list of filenames, concatenate the content of those files, and
+ store the base64-encoded result instead of the value (see INPUT
+ FILE FORMAT for details).
+
+ This feature is available in Postfix version 3.4 and later.
+
+ <b>-h</b> Enable message header query mode. When reading lookup keys from
+ standard input with "<b>-q -</b>", process the input as if it is an
+ email message in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each logical header line
+ becomes one lookup key. A multi-line header becomes one lookup
+ key with one or more embedded newline characters.
+
+ By default, the <b>-h</b> option generates lookup keys until the first
+ non-header line is reached. To simulate <a href="header_checks.5.html"><b>header_checks</b>(5)</a> pro-
+ cessing, enable MIME parsing with <b>-m</b>. With this, the <b>-h</b> option
+ also generates header-style lookup keys for attachment MIME
+ headers and for attached message/* headers.
+
+ NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-b</b> option option dis-
+ ables UTF-8 syntax checks on query keys and lookup results.
+ Specify the <b>-U</b> option to force UTF-8 syntax checks anyway.
+
+ This feature is available in Postfix version 2.6 and later.
+
+ <b>-i</b> Incremental mode. Read entries from standard input and do not
+ truncate an existing database. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> creates a
+ new database from the entries in <b>file_name</b>.
+
+ <b>-m</b> Enable MIME parsing with "<b>-b</b>" and "<b>-h</b>".
+
+ This feature is available in Postfix version 2.6 and later.
+
+ <b>-N</b> Include the terminating null character that terminates lookup
+ keys and values. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is the
+ default for the host operating system.
+
+ <b>-n</b> Don't include the terminating null character that terminates
+ lookup keys and values. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is
+ the default for the host operating system.
+
+ <b>-o</b> Do not release root privileges when processing a non-root input
+ file. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> drops root privileges and runs as
+ the source file owner instead.
+
+ <b>-p</b> Do not inherit the file access permissions from the input file
+ when creating a new file. Instead, create a new file with
+ default access permissions (mode 0644).
+
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the first value
+ found to the standard output stream. The exit status is zero
+ when the requested information was found.
+
+ Note: this performs a single query with the key as specified,
+ and does not make iterative queries with substrings of the key
+ as described for <a href="access.5.html">access(5)</a>, <a href="canonical.5.html">canonical(5)</a>, <a href="transport.5.html">transport(5)</a>, <a href="virtual.5.html">vir-</a>
+ <a href="virtual.5.html">tual(5)</a> and other Postfix table-driven features.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream and writes one line of <i>key value</i>
+ output for each key that was found. The exit status is zero when
+ at least one of the requested keys was found.
+
+ <b>-r</b> When updating a table, do not complain about attempts to update
+ existing entries, and make those updates anyway.
+
+ <b>-s</b> Retrieve all database elements, and write one line of <i>key value</i>
+ output for each element. The elements are printed in database
+ order, which is not necessarily the same as the original input
+ order.
+
+ This feature is available in Postfix version 2.2 and later, and
+ is not available for all database types.
+
+ <b>-u</b> Disable UTF-8 support. UTF-8 support is enabled by default when
+ "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes". It requires that keys and values are
+ valid UTF-8 strings.
+
+ <b>-U</b> With "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", force UTF-8 syntax checks with the
+ <b>-b</b> and <b>-h</b> options.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+ <b>-w</b> When updating a table, do not complain about attempts to update
+ existing entries, and ignore those attempts.
+
+ Arguments:
+
+ <i>file</i><b>_</b><i>type</i>
+ The database type. To find out what types are supported, use the
+ "<b>postconf -m</b>" command.
+
+ The <a href="postmap.1.html"><b>postmap</b>(1)</a> command can query any supported file type, but it
+ can create only the following file types:
+
+ <b>btree</b> The output file is a btree file, named <i>file</i><b>_</b><i>name</i><b>.db</b>.
+ This is available on systems with support for <b>db</b> data-
+ bases.
+
+ <b>cdb</b> The output consists of one file, named <i>file</i><b>_</b><i>name</i><b>.cdb</b>.
+ This is available on systems with support for <b>cdb</b> data-
+ bases.
+
+ <b>dbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>dbm</b> databases.
+
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging only. This table exists to
+ simplify Postfix error tests.
+
+ <b>hash</b> The output file is a hashed file, named <i>file</i><b>_</b><i>name</i><b>.db</b>.
+ This is available on systems with support for <b>db</b> data-
+ bases.
+
+ <b>lmdb</b> The output is a btree-based file, named <i>file</i><b>_</b><i>name</i><b>.lmdb</b>.
+ <b>lmdb</b> supports concurrent writes and reads from different
+ processes, unlike other supported file-based tables.
+ This is available on systems with support for <b>lmdb</b> data-
+ bases.
+
+ <b>sdbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>sdbm</b> databases.
+
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses the database
+ type specified via the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter.
+
+ <i>file</i><b>_</b><i>name</i>
+ The name of the lookup table source file when rebuilding a data-
+ base.
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. No output means that no problems were detected. Duplicate
+ entries are skipped and are flagged with a warning.
+
+ <a href="postmap.1.html"><b>postmap</b>(1)</a> terminates with zero exit status in case of success (includ-
+ ing successful "<b>postmap -q</b>" lookup) and terminates with non-zero exit
+ status in case of failure.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b>
+ Enable verbose logging for debugging purposes.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> (16777216)</b>
+ The per-table I/O buffer size for programs that create Berkeley
+ DB hash or btree tables.
+
+ <b><a href="postconf.5.html#berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> (131072)</b>
+ The per-table I/O buffer size for programs that read Berkeley DB
+ hash or btree tables.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 2.11 and later:
+
+ <b><a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (16777216)</b>
+ The initial OpenLDAP LMDB database size limit in bytes.
+
+<b>SEE ALSO</b>
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postconf.1.html">postconf(1)</a>, supported database types
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTMAP(1)
+</pre> </body> </html>
diff --git a/html/postmulti.1.html b/html/postmulti.1.html
new file mode 100644
index 0000000..8ef57cf
--- /dev/null
+++ b/html/postmulti.1.html
@@ -0,0 +1,410 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postmulti(1) </title>
+</head> <body> <pre>
+POSTMULTI(1) POSTMULTI(1)
+
+<b>NAME</b>
+ postmulti - Postfix multi-instance manager
+
+<b>SYNOPSIS</b>
+ <b>Enabling multi-instance management:</b>
+
+ <b>postmulti -e init</b> [<b>-v</b>]
+
+ <b>Iterator mode:</b>
+
+ <b>postmulti -l</b> [<b>-aRv</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>]
+
+ <b>postmulti -p</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] <i>postfix-command...</i>
+
+ <b>postmulti -x</b> [<b>-aRv</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] <i>unix-command...</i>
+
+ <b>Life-cycle management:</b>
+
+ <b>postmulti -e create</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>] [<b>-I</b> <i>name</i>]
+ [<i>param=value</i> ...]
+
+ <b>postmulti -e import</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>] [<b>-I</b> <i>name</i>]
+ [<b><a href="postconf.5.html#config_directory">config_directory</a>=</b><i>/path</i>]
+
+ <b>postmulti -e destroy</b> [<b>-v</b>] <b>-i</b> <i>name</i>
+
+ <b>postmulti -e deport</b> [<b>-v</b>] <b>-i</b> <i>name</i>
+
+ <b>postmulti -e enable</b> [<b>-v</b>] <b>-i</b> <i>name</i>
+
+ <b>postmulti -e disable</b> [<b>-v</b>] <b>-i</b> <i>name</i>
+
+ <b>postmulti -e assign</b> [<b>-v</b>] <b>-i</b> <i>name</i> [<b>-I</b> <i>name</i>] [-G <i>group</i>]
+
+<b>DESCRIPTION</b>
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command allows a Postfix administrator to manage mul-
+ tiple Postfix instances on a single host.
+
+ <a href="postmulti.1.html"><b>postmulti</b>(1)</a> implements two fundamental modes of operation. In <b>itera-</b>
+ <b>tor</b> mode, it executes the same command for multiple Postfix instances.
+ In <b>life-cycle management</b> mode, it adds or deletes one instance, or
+ changes the multi-instance status of one instance.
+
+ Each mode of operation has its own command syntax. For this reason,
+ each mode is documented in separate sections below.
+
+<b>BACKGROUND</b>
+ A multi-instance configuration consists of one primary Postfix
+ instance, and one or more secondary instances whose configuration
+ directory pathnames are recorded in the primary instance's <a href="postconf.5.html">main.cf</a>
+ file. Postfix instances share program files and documentation, but have
+ their own configuration, queue and data directories.
+
+ Currently, only the default Postfix instance can be used as primary
+ instance in a multi-instance configuration. The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command
+ does not currently support a <b>-c</b> option to select an alternative primary
+ instance, and exits with a fatal error if the <b>MAIL_CONFIG</b> environment
+ variable is set to a non-default configuration directory.
+
+ See the <a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a> tutorial for a more detailed discussion
+ of multi-instance management with <a href="postmulti.1.html"><b>postmulti</b>(1)</a>.
+
+<b>ITERATOR MODE</b>
+ In iterator mode, <b>postmulti</b> performs the same operation on all Postfix
+ instances in turn.
+
+ If multi-instance support is not enabled, the requested command is per-
+ formed just for the primary instance.
+
+ Iterator mode implements the following command options:
+
+<b>Instance selection</b>
+ <b>-a</b> Perform the operation on all instances. This is the default.
+
+ <b>-g</b> <i>group</i>
+ Perform the operation only for members of the named <i>group</i>.
+
+ <b>-i</b> <i>name</i>
+ Perform the operation only for the instance with the specified
+ <i>name</i>. You can specify either the instance name or the absolute
+ pathname of the instance's configuration directory. Specify "-"
+ to select the primary Postfix instance.
+
+ <b>-R</b> Reverse the iteration order. This may be appropriate when updat-
+ ing a multi-instance system, where "sink" instances are started
+ before "source" instances.
+
+ This option cannot be used with <b>-p</b>.
+
+<b>List mode</b>
+ <b>-l</b> List Postfix instances with their instance name, instance group
+ name, enable/disable status and configuration directory.
+
+<b>Postfix-wrapper mode</b>
+ <b>-p</b> <i>postfix-command</i>
+ Invoke <a href="postfix.1.html"><b>postfix(1)</a></b> to execute <i>postfix-command</i>. This option
+ implements the <a href="postfix-wrapper.5.html"><b>postfix-wrapper</b>(5)</a> interface.
+
+ <b>o</b> With "start"-like commands, "postfix check" is executed
+ for instances that are not enabled. The full list of com-
+ mands is specified with the <a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a>
+ parameter.
+
+ <b>o</b> With "stop"-like commands, the iteration order is
+ reversed, and disabled instances are skipped. The full
+ list of commands is specified with the <a href="postconf.5.html#postmulti_stop_commands">post</a>-
+ <a href="postconf.5.html#postmulti_stop_commands">multi_stop_commands</a> parameter.
+
+ <b>o</b> With "reload" and other commands that require a started
+ instance, disabled instances are skipped. The full list
+ of commands is specified with the <a href="postconf.5.html#postmulti_control_commands">postmulti_control_com</a>-
+ <a href="postconf.5.html#postmulti_control_commands">mands</a> parameter.
+
+ <b>o</b> With "status" and other commands that don't require a
+ started instance, the command is executed for all
+ instances.
+
+ The <b>-p</b> option can also be used interactively to start/stop/etc.
+ a named instance or instance group. For example, to start just
+ the instances in the group "msa", invoke <a href="postmulti.1.html"><b>postmulti</b>(1)</a> as fol-
+ lows:
+
+ # postmulti -g msa -p start
+
+<b>Command mode</b>
+ <b>-x</b> <i>unix-command</i>
+ Execute the specified <i>unix-command</i> for all Postfix instances.
+ The command runs with appropriate environment settings for
+ MAIL_CONFIG, <a href="postconf.5.html#command_directory">command_directory</a>, <a href="postconf.5.html#daemon_directory">daemon_directory</a>, <a href="postconf.5.html#config_directory">config_direc</a>-
+ <a href="postconf.5.html#config_directory">tory</a>, <a href="postconf.5.html#queue_directory">queue_directory</a>, <a href="postconf.5.html#data_directory">data_directory</a>, <a href="postconf.5.html#multi_instance_name">multi_instance_name</a>,
+ <a href="postconf.5.html#multi_instance_group">multi_instance_group</a> and <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>.
+
+<b>Other options</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>LIFE-CYCLE MANAGEMENT MODE</b>
+ With the <b>-e</b> option <a href="postmulti.1.html"><b>postmulti</b>(1)</a> can be used to add or delete a Postfix
+ instance, and to manage the multi-instance status of an existing
+ instance.
+
+ The following options are implemented:
+
+<b>Existing instance selection</b>
+ <b>-a</b> When creating or importing an instance, place the new instance
+ at the front of the secondary instance list.
+
+ <b>-g</b> <i>group</i>
+ When creating or importing an instance, place the new instance
+ before the first secondary instance that is a member of the
+ specified group.
+
+ <b>-i</b> <i>name</i>
+ When creating or importing an instance, place the new instance
+ before the matching secondary instance.
+
+ With other life-cycle operations, apply the operation to the
+ named existing instance. Specify "-" to select the primary
+ Postfix instance.
+
+<b>New or existing instance name assignment</b>
+ <b>-I</b> <i>name</i>
+ Assign the specified instance <i>name</i> to an existing instance,
+ newly-created instance, or imported instance. Instance names
+ other than "-" (which makes the instance "nameless") must start
+ with "postfix-". This restriction reduces the likelihood of
+ name collisions with system files.
+
+ <b>-G</b> <i>group</i>
+ Assign the specified <i>group</i> name to an existing instance or to a
+ newly created or imported instance.
+
+<b>Instance creation/deletion/status change</b>
+ <b>-e</b> <i>action</i>
+ "Edit" managed instances. The following actions are supported:
+
+ <b>init</b> This command is required before <a href="postmulti.1.html"><b>postmulti</b>(1)</a> can be used
+ to manage Postfix instances. The "postmulti -e init"
+ command updates the primary instance's <a href="postconf.5.html">main.cf</a> file by
+ setting:
+
+ <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> =
+ ${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p --
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes
+
+ You can set these by other means if you prefer.
+
+ <b>create</b> Create a new Postfix instance and add it to the
+ <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the primary
+ instance. The "<b>-I</b> <i>name</i>" option is recommended to give
+ the instance a short name that is used to construct
+ default values for the private directories of the new
+ instance. The "<b>-G</b> <i>group</i>" option may be specified to
+ assign the instance to a group, otherwise, the new
+ instance is not a member of any group.
+
+ The new instance <a href="postconf.5.html">main.cf</a> is the stock <a href="postconf.5.html">main.cf</a> with the
+ parameters that specify the locations of shared files
+ cloned from the primary instance. For "nameless"
+ instances, you should manually adjust "<a href="postconf.5.html#syslog_name">syslog_name</a>" to
+ yield a unique "logtag" starting with "postfix-" that
+ will uniquely identify the instance in the mail logs. It
+ is simpler to assign the instance a short name with the
+ "<b>-I</b> <i>name</i>" option.
+
+ Optional "name=value" arguments specify the instance <a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, <a href="postconf.5.html#queue_directory">queue_directory</a> and <a href="postconf.5.html#data_directory">data_directory</a>. For
+ example:
+
+ # postmulti -I postfix-mumble \
+ -G mygroup -e create \
+ <a href="postconf.5.html#config_directory">config_directory</a>=/my/config/dir \
+ <a href="postconf.5.html#queue_directory">queue_directory</a>=/my/queue/dir \
+ <a href="postconf.5.html#data_directory">data_directory</a>=/my/data/dir
+
+ If any of these pathnames is not supplied, the program
+ attempts to generate the missing pathname(s) by taking
+ the corresponding primary instance pathname, and replac-
+ ing the last pathname component by the value of the <b>-I</b>
+ option.
+
+ If the instance configuration directory already exists,
+ and contains both a <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> file, <b>create</b>
+ will "import" the instance as-is. For existing instances,
+ <b>create</b> and <b>import</b> are identical.
+
+ <b>import</b> Import an existing instance into the list of instances
+ managed by the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> multi-instance manager. This
+ adds the instance to the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> list
+ of the primary instance. If the "<b>-I</b> <i>name</i>" option is pro-
+ vided it specifies the new name for the instance and is
+ used to define a default location for the instance con-
+ figuration directory (as with <b>create</b> above). The "<b>-G</b>
+ <i>group</i>" option may be used to assign the instance to a
+ group. Add a "<b><a href="postconf.5.html#config_directory">config_directory</a>=</b><i>/path</i>" argument to over-
+ ride a default pathname based on "<b>-I</b> <i>name</i>".
+
+ <b>destroy</b>
+ Destroy a secondary Postfix instance. To be a candidate
+ for destruction an instance must be disabled, stopped and
+ its queue must not contain any messages. Attempts to
+ destroy the primary Postfix instance trigger a fatal
+ error, without destroying the instance.
+
+ The instance is removed from the primary instance <a href="postconf.5.html">main.cf</a>
+ file's <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter and its
+ data, queue and configuration directories are cleaned of
+ files and directories created by the Postfix system. The
+ <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> files are removed from the configu-
+ ration directory even if they have been modified since
+ initial creation. Finally, the instance is "deported"
+ from the list of managed instances.
+
+ If other files are present in instance private directo-
+ ries, the directories may not be fully removed, a warning
+ is logged to alert the administrator. It is expected that
+ an instance built using "fresh" directories via the <b>cre-</b>
+ <b>ate</b> action will be fully removed by the <b>destroy</b> action
+ (if first disabled). If the instance configuration and
+ queue directories are populated with additional files
+ (access and rewriting tables, chroot jail content, etc.)
+ the instance directories will not be fully removed.
+
+ The <b>destroy</b> action triggers potentially dangerous file
+ removal operations. Make sure the instance's data, queue
+ and configuration directories are set correctly and do
+ not contain any valuable files.
+
+ <b>deport</b> Deport a secondary instance from the list of managed
+ instances. This deletes the instance configuration direc-
+ tory from the primary instance's <a href="postconf.5.html#multi_instance_directories">multi_instance_directo</a>-
+ <a href="postconf.5.html#multi_instance_directories">ries</a> list, but does not remove any files or directories.
+
+ <b>assign</b> Assign a new instance name or a new group name to the
+ selected instance. Use "<b>-G -</b>" to specify "no group" and
+ "<b>-I -</b>" to specify "no name". If you choose to make an
+ instance "nameless", set a suitable <a href="postconf.5.html#syslog_name">syslog_name</a> in the
+ corresponding <a href="postconf.5.html">main.cf</a> file.
+
+ <b>enable</b> Mark the selected instance as enabled. This just sets the
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> parameter to "yes" in the
+ instance's <a href="postconf.5.html">main.cf</a> file.
+
+ <b>disable</b>
+ Mark the selected instance as disabled. This means that
+ the instance will not be started etc. with "postfix
+ start", "postmulti -p start" and so on. The instance can
+ still be started etc. with "postfix -c config-directory
+ start".
+
+<b>Other options</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>ENVIRONMENT</b>
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command exports the following environment variables
+ before executing the requested <i>command</i> for a given instance:
+
+ <b>MAIL_VERBOSE</b>
+ This is set when the -v command-line option is present.
+
+ <b>MAIL_CONFIG</b>
+ The location of the configuration directory of the instance.
+
+<b>CONFIGURATION PARAMETERS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
+ The optional instance group name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
+ The optional instance name of this Postfix instance.
+
+ <b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
+
+ <b><a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a> (start)</b>
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "start" commands.
+
+ <b><a href="postconf.5.html#postmulti_stop_commands">postmulti_stop_commands</a> (see 'postconf -d' output)</b>
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "stop" commands.
+
+ <b><a href="postconf.5.html#postmulti_control_commands">postmulti_control_commands</a> (reload flush)</b>
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "control" commands, that operate on running instances.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#meta_directory">meta_directory</a> (see 'postconf -d' output)</b>
+ The location of non-executable files that are shared among mul-
+ tiple Postfix instances, such as postfix-files, dynamicmaps.cf,
+ and the multi-instance template files <a href="postconf.5.html">main.cf</a>.proto and <a href="master.5.html">mas-
+ ter.cf</a>.proto.
+
+ <b><a href="postconf.5.html#shlib_directory">shlib_directory</a> (see 'postconf -d' output)</b>
+ The location of Postfix dynamically-linked libraries (libpost-
+ fix-*.so), and the default location of Postfix database plugins
+ (postfix-*.so) that have a relative pathname in the dynam-
+ icmaps.cf file.
+
+<b>FILES</b>
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/<a href="postconf.5.html">main.cf</a>.proto, stock configuration file
+ $<a href="postconf.5.html#meta_directory">meta_directory</a>/<a href="master.5.html">master.cf</a>.proto, stock configuration file
+ $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postmulti-script, life-cycle helper program
+
+<b>SEE ALSO</b>
+ <a href="postfix.1.html">postfix(1)</a>, Postfix control program
+ <a href="postfix-wrapper.5.html">postfix-wrapper(5)</a>, Postfix multi-instance API
+
+<b>README FILES</b>
+ <a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a>, Postfix multi-instance management
+
+<b>HISTORY</b>
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command was introduced with Postfix version 2.6.
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Victor Duchovni
+ Morgan Stanley
+
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTMULTI(1)
+</pre> </body> </html>
diff --git a/html/postqueue.1.html b/html/postqueue.1.html
new file mode 100644
index 0000000..49f2ed5
--- /dev/null
+++ b/html/postqueue.1.html
@@ -0,0 +1,257 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postqueue(1) </title>
+</head> <body> <pre>
+POSTQUEUE(1) POSTQUEUE(1)
+
+<b>NAME</b>
+ postqueue - Postfix queue control
+
+<b>SYNOPSIS</b>
+ <b>To flush the mail queue</b>:
+
+ <b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-f</b>
+
+ <b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-i</b> <i>queue</i><b>_</b><i>id</i>
+
+ <b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-s</b> <i>site</i>
+
+ <b>To list the mail queue</b>:
+
+ <b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-j</b>
+
+ <b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-p</b>
+
+<b>DESCRIPTION</b>
+ The <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command implements the Postfix user interface for
+ queue management. It implements operations that are traditionally
+ available via the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command
+ for queue operations that require super-user privileges such as delet-
+ ing a message from the queue or changing the status of a message.
+
+ The following options are recognized:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
+
+ <b>-f</b> Flush the queue: attempt to deliver all queued mail.
+
+ This option implements the traditional "<b>sendmail -q</b>" command, by
+ contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
+
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
+
+ <b>-i</b> <i>queue</i><b>_</b><i>id</i>
+ Schedule immediate delivery of deferred mail with the specified
+ queue ID.
+
+ This option implements the traditional <b>sendmail -qI</b> command, by
+ contacting the <a href="flush.8.html"><b>flush</b>(8)</a> server.
+
+ This feature is available with Postfix version 2.4 and later.
+
+ <b>-j</b> Produce a queue listing in JSON LINES format, based on output
+ from the <a href="showq.8.html">showq(8)</a> daemon. See "<b>JSON OBJECT FORMAT</b>" below for
+ details.
+
+ This feature is available in Postfix 3.1 and later.
+
+ <b>-p</b> Produce a traditional sendmail-style queue listing. This option
+ implements the traditional <b>mailq</b> command, by contacting the
+ Postfix <a href="showq.8.html"><b>showq</b>(8)</a> daemon.
+
+ Each queue entry shows the queue file ID, message size, arrival
+ time, sender, and the recipients that still need to be deliv-
+ ered. If mail could not be delivered upon the last attempt, the
+ reason for failure is shown. The queue ID string is followed by
+ an optional status character:
+
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
+
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
+
+ <b>#</b> The message is forced to expire. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ options <b>-e</b> or <b>-f</b>.
+
+ This feature is available in Postfix 3.5 and later.
+
+ <b>-s</b> <i>site</i>
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. A numerical site must be specified as a valid <a href="https://tools.ietf.org/html/rfc5321">RFC</a>
+ <a href="https://tools.ietf.org/html/rfc5321">5321</a> address literal enclosed in [], just like in email
+ addresses. The site must be eligible for the "fast flush" ser-
+ vice. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast flush"
+ service.
+
+ This option implements the traditional "<b>sendmail -qR</b><i>site</i>" com-
+ mand, by contacting the Postfix <a href="flush.8.html"><b>flush</b>(8)</a> daemon.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose. As of Postfix
+ 2.3, this option is available for the super-user only.
+
+<b>JSON OBJECT FORMAT</b>
+ Each JSON object represents one queue file; it is emitted as a single
+ text line followed by a newline character.
+
+ Object members have string values unless indicated otherwise. Programs
+ should ignore object members that are not listed here; the list of mem-
+ bers is expected to grow over time.
+
+ <b>queue_name</b>
+ The name of the queue where the message was found. Note that
+ the contents of the mail queue may change while it is being
+ listed; some messages may appear more than once, and some mes-
+ sages may be missed.
+
+ <b>queue_id</b>
+ The queue file name. The queue_id may be reused within a Postfix
+ instance unless "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> = true" and time is mono-
+ tonic. Even then, the queue_id is not expected to be unique
+ between different Postfix instances. Management tools that
+ require a unique name should combine the queue_id with the
+ <a href="postconf.5.html#myhostname">myhostname</a> setting of the Postfix instance.
+
+ <b>arrival_time</b>
+ The number of seconds since the start of the UNIX epoch.
+
+ <b>message_size</b>
+ The number of bytes in the message header and body. This number
+ does not include message envelope information. It is approxi-
+ mately equal to the number of bytes that would be transmitted
+ via SMTP including the &lt;CR&gt;&lt;LF&gt; line endings.
+
+ <b>forced_expire</b>
+ The message is forced to expire (<b>true</b> or <b>false</b>). See the <a href="postsuper.1.html"><b>post-</b></a>
+ <a href="postsuper.1.html"><b>super</b>(1)</a> options <b>-e</b> or <b>-f</b>.
+
+ This feature is available in Postfix 3.5 and later.
+
+ <b>sender</b> The envelope sender address.
+
+ <b>recipients</b>
+ An array containing zero or more objects with members:
+
+ <b>address</b>
+ One recipient address.
+
+ <b>delay_reason</b>
+ If present, the reason for delayed delivery. Delayed
+ recipients may have no delay reason, for example, while
+ delivery is in progress, or after the system was stopped
+ before it could record the reason.
+
+<b>SECURITY</b>
+ This program is designed to run with set-group ID privileges, so that
+ it can connect to Postfix daemon processes.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc7159">RFC 7159</a> (JSON notation)
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ MAIL_CONFIG
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-standard directory is allowed
+ only if:
+
+ <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
+
+ <b>o</b> The command is invoked by the super-user.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ MAIL_CONFIG environment parameter.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ <b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
+ The time limit for sending a trigger to a Postfix daemon (for
+ example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to flush the queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to view the queue.
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="showq.8.html">showq(8)</a>, list mail queue
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible user interface
+ <a href="postsuper.1.html">postsuper(1)</a>, privileged queue operations
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The postqueue command was introduced with Postfix version 1.1.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTQUEUE(1)
+</pre> </body> </html>
diff --git a/html/postscreen.8.html b/html/postscreen.8.html
new file mode 100644
index 0000000..3511a9c
--- /dev/null
+++ b/html/postscreen.8.html
@@ -0,0 +1,468 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postscreen(8) </title>
+</head> <body> <pre>
+POSTSCREEN(8) POSTSCREEN(8)
+
+<b>NAME</b>
+ postscreen - Postfix zombie blocker
+
+<b>SYNOPSIS</b>
+ <b>postscreen</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server provides additional protection against
+ mail server overload. One <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process handles multiple
+ inbound SMTP connections, and decides which clients may talk to a Post-
+ fix SMTP server process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ leaves more SMTP server processes available for legitimate clients, and
+ delays the onset of server overload conditions.
+
+ This program should not be used on SMTP ports that receive mail from
+ end-user clients (MUAs). In a typical deployment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles
+ the MX service on TCP port 25, and <a href="smtpd.8.html"><b>smtpd</b>(8)</a> receives mail from MUAs on
+ the <b>submission</b> service (TCP port 587) which requires client authentica-
+ tion. Alternatively, a site could set up a dedicated, non-postscreen,
+ "port 25" server that provides <b>submission</b> service and client authenti-
+ cation, but no MX service.
+
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> maintains a temporary allowlist for clients that have
+ passed a number of tests. When an SMTP client IP address is
+ allowlisted, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off the connection immediately to a
+ Postfix SMTP server process. This minimizes the overhead for legitimate
+ mail.
+
+ By default, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs statistics and hands off each connection
+ to a Postfix SMTP server process, while excluding clients in <a href="postconf.5.html#mynetworks">mynetworks</a>
+ from all tests (primarily, to avoid problems with non-standard SMTP
+ implementations in network appliances). This default mode blocks no
+ clients, and is useful for non-destructive testing.
+
+ In a typical production setting, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to reject
+ mail from clients that fail one or more tests. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs
+ rejected mail with the client address, helo, sender and recipient
+ information.
+
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is not an SMTP proxy; this is intentional. The purpose
+ is to keep spambots away from Postfix SMTP server processes, while min-
+ imizing overhead for legitimate traffic.
+
+<b>SECURITY</b>
+ The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server is moderately security-sensitive. It talks to
+ untrusted clients on the network. The process can be run chrooted at
+ fixed low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
+ <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="https://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
+ <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="https://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
+ <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
+ <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ Not: <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
+ <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+ <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently does not
+ announce support for AUTH, XCLIENT or XFORWARD. If you need to make
+ these services available on port 25, then do not enable the optional
+ "after 220 server greeting" tests.
+
+ The optional "after 220 server greeting" tests may result in unexpected
+ delivery delays from senders that retry email delivery from a different
+ IP address. Reason: after passing these tests a new client must dis-
+ connect, and reconnect from the same IP address before it can deliver
+ mail. See <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, section "Tests after the 220 SMTP server
+ greeting", for a discussion.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ processes may run for several hours. Use the command "postfix reload"
+ after a configuration change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
+ ior. This is supported only when the default parameter value is
+ stress-dependent (that is, it looks like ${stress?{X}:{Y}}, or it is
+ the $<i>name</i> of an smtpd parameter with a stress-dependent default).
+ Other parameters always evaluate as if the <b>stress</b> parameter value is
+ the empty string.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
+ A mechanism to transform commands from remote SMTP clients.
+
+ <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_key</a>-</b>
+ <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">word_address_maps</a>)</b>
+ Lookup tables, indexed by the remote SMTP client address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
+ EHLO response to a remote SMTP client.
+
+ <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b>
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
+ EHLO response to a remote SMTP client.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#dns_ncache_ttl_fix_enable">dns_ncache_ttl_fix_enable</a> (no)</b>
+ Enable a workaround for future libc incompatibility.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#postscreen_reject_footer_maps">postscreen_reject_footer_maps</a> ($<a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a>)</b>
+ Optional lookup table for information that is appended after a
+ 4XX or 5XX <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#respectful_logging">respectful_logging</a> (see 'postconf -d' output)</b>
+ Avoid logging that implies white is better than black.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ <b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
+ List of characters that are permitted in
+ <a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.
+
+ <b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
+ Optional information that is appended after a 4XX or 5XX
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
+
+ <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
+
+<b>BEFORE-POSTSCREEN PROXY AGENT</b>
+ Available in Postfix version 2.10 and later:
+
+ <b><a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> (empty)</b>
+ The name of the proxy protocol used by an optional
+ before-postscreen proxy agent.
+
+ <b><a href="postconf.5.html#postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> (5s)</b>
+ The time limit for the proxy protocol specified with the
+ <a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter.
+
+<b>PERMANENT ALLOW/DENYLIST TEST</b>
+ This test is executed immediately after a remote SMTP client connects.
+ If a client is permanently allowlisted, the client will be handed off
+ immediately to a Postfix SMTP server process.
+
+ <b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
+ Permanent allow/denylist for remote SMTP client IP addresses.
+
+ <b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
+ Renamed to <a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> in Postfix 3.6.
+
+<b>MAIL EXCHANGER POLICY TESTS</b>
+ When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to monitor all primary and backup MX
+ addresses, it can refuse to allowlist clients that connect to a backup
+ MX address only. For small sites, this requires configuring primary and
+ backup MX addresses on the same MTA. Larger sites would have to share
+ the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup MTAs, which would
+ introduce a common point of failure.
+
+ <b><a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
+ A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses where a
+ non-allowlisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
+ temporary allowlist status.
+
+<b>BEFORE 220 GREETING TESTS</b>
+ These tests are executed before the remote SMTP client receives the
+ "220 servername" greeting. If no tests remain after the successful com-
+ pletion of this phase, the client will be handed off immediately to a
+ Postfix SMTP server process.
+
+ <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
+ The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client's
+ combined DNSBL score is equal to or greater than a threshold (as
+ defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and
+ <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> parameters).
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
+ A mapping from an actual DNSBL domain name which includes a
+ secret password, to the DNSBL domain name that postscreen will
+ reply with when it rejects mail.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
+ Optional list of patterns with DNS allow/denylist domains, fil-
+ ters and weight factors.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
+ The inclusive lower bound for blocking a remote SMTP client,
+ based on its combined DNSBL score as defined with the
+ <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+
+ <b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ speaks before its turn within the time specified with the
+ <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
+
+ <b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
+ The <i>text</i> in the optional "220-<i>text</i>..." server response that
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real Postfix SMTP server's "220
+ text..." response, in an attempt to confuse bad SMTP clients so
+ that they speak before their turn (pre-greet).
+
+ <b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (normal: 6s, overload: 2s)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for an SMTP
+ client to send a command before its turn, and for DNS blocklist
+ lookup results to arrive (default: up to 2 seconds under stress,
+ up to 6 seconds otherwise).
+
+ <b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
+ The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off allowed con-
+ nections to.
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> (0)</b>
+ Renamed to <a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> in Postfix 3.6.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_timeout">postscreen_dnsbl_timeout</a> (10s)</b>
+ The time limit for DNSBL or DNSWL lookups.
+
+ Available in Postfix version 3.6 and later:
+
+ <b><a href="postconf.5.html#postscreen_denylist_action">postscreen_denylist_action</a> (ignore)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client is
+ permanently denylisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parame-
+ ter.
+
+ <b><a href="postconf.5.html#postscreen_allowlist_interfaces">postscreen_allowlist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
+ A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses where a
+ non-allowlisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
+ temporary allowlist status.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_allowlist_threshold">postscreen_dnsbl_allowlist_threshold</a> (0)</b>
+ Allow a remote SMTP client to skip "before" and "after 220
+ greeting" protocol tests, based on its combined DNSBL score as
+ defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+
+<b>AFTER 220 GREETING TESTS</b>
+ These tests are executed after the remote SMTP client receives the "220
+ servername" greeting. If a client passes all tests during this phase,
+ it will receive a 4XX response to all RCPT TO commands. After the
+ client reconnects, it will be allowed to talk directly to a Postfix
+ SMTP server process.
+
+ <b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends a bare newline character, that is, a newline not preceded
+ by carriage return.
+
+ <b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
+ Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ server.
+
+ <b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
+ Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
+
+ <b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
+ List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server considers in vio-
+ lation of the SMTP protocol.
+
+ <b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
+ Require that a remote SMTP client sends HELO or EHLO before com-
+ mencing a MAIL transaction.
+
+ <b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbid</a>-
+ <a href="postconf.5.html#postscreen_forbidden_commands">den_commands</a> parameter.
+
+ <b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
+ Enable "non-SMTP command" tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+
+ <b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends multiple commands instead of sending one command and wait-
+ ing for the server to respond.
+
+ <b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
+ Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ server.
+
+<b>CACHE CONTROLS</b>
+ <b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
+ The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache cleanup runs.
+
+ <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (<a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b>
+ Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server decisions.
+
+ <b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an expired tem-
+ porary allowlist entry before it is removed.
+
+ <b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "bare newline" SMTP protocol test.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_max_ttl">postscreen_dnsbl_max_ttl</a></b>
+ <b>(${<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>?{$<a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a>}:{1}}h)</b>
+ The maximum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ result from a successful DNS-based reputation test before a
+ client IP address is required to pass that test again.
+
+ <b><a href="postconf.5.html#postscreen_dnsbl_min_ttl">postscreen_dnsbl_min_ttl</a> (60s)</b>
+ The minimum amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ result from a successful DNS-based reputation test before a
+ client IP address is required to pass that test again.
+
+ <b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful PREGREET test.
+
+ <b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "non_smtp_command" SMTP protocol test.
+
+ <b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "pipelining" SMTP protocol test.
+
+<b>RESOURCE CONTROLS</b>
+ <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
+
+ <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connec</a>-</b>
+ <b><a href="postconf.5.html#smtpd_client_connection_count_limit">tion_count_limit</a>)</b>
+ How many simultaneous connections any remote SMTP client is
+ allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
+
+ <b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
+ The limit on the total number of commands per SMTP session for
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
+
+ <b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (normal: 300s, overload: 10s)</b>
+ The time limit to read an entire command line with
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
+
+ <b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
+ The number of clients that can be waiting for service from a
+ real Postfix SMTP server process.
+
+ <b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
+ The number of non-allowlisted clients that can be waiting for a
+ decision whether they will receive service from a real Postfix
+ SMTP server process.
+
+ <b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
+ How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to respond to a
+ remote SMTP client command or to perform a cache operation
+ before it is terminated by a built-in watchdog timer.
+
+<b>STARTTLS CONTROLS</b>
+ <b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
+ The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server; when a
+ non-empty value is specified, this overrides the obsolete param-
+ eters <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
+
+ <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
+ The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
+ These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
+ parameters.
+
+ <b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
+
+ <b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
+ <a href="dnsblog.8.html">dnsblog(8)</a>, DNS allow/denylist logger
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.8.
+
+ Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work by Michael
+ Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTSCREEN(8)
+</pre> </body> </html>
diff --git a/html/postsuper.1.html b/html/postsuper.1.html
new file mode 100644
index 0000000..30a524a
--- /dev/null
+++ b/html/postsuper.1.html
@@ -0,0 +1,318 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - postsuper(1) </title>
+</head> <body> <pre>
+POSTSUPER(1) POSTSUPER(1)
+
+<b>NAME</b>
+ postsuper - Postfix superintendent
+
+<b>SYNOPSIS</b>
+ <b>postsuper</b> [<b>-psSv</b>]
+ [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-d</b> <i>queue</i><b>_</b><i>id</i>]
+ [<b>-e</b> <i>queue</i><b>_</b><i>id</i>] [<b>-f</b> <i>queue</i><b>_</b><i>id</i>]
+ [<b>-h</b> <i>queue</i><b>_</b><i>id</i>] [<b>-H</b> <i>queue</i><b>_</b><i>id</i>]
+ [<b>-r</b> <i>queue</i><b>_</b><i>id</i>] [<i>directory ...</i>]
+
+<b>DESCRIPTION</b>
+ The <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command does maintenance jobs on the Postfix queue.
+ Use of the command is restricted to the superuser. See the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command for unprivileged queue operations such as listing
+ or flushing the mail queue.
+
+ By default, <a href="postsuper.1.html"><b>postsuper</b>(1)</a> performs the operations requested with the <b>-s</b>
+ and <b>-p</b> command-line options on all Postfix queue directories - this
+ includes the <b>incoming</b>, <b>active</b>, <b>deferred</b>, and <b>hold</b> directories with mes-
+ sage files and the <b>bounce</b>, <b>defer</b>, <b>trace</b> and <b>flush</b> directories with log
+ files.
+
+ Options:
+
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
+
+ <b>-d</b> <i>queue</i><b>_</b><i>id</i>
+ Delete one message with the named queue ID from the named mail
+ queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>).
+
+ To delete multiple files, specify the <b>-d</b> option multiple times,
+ or specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from standard
+ input. For example, to delete all mail with exactly one recipi-
+ ent <b>user@example.com</b>:
+
+ postqueue -j | jq -r '
+ # See JSON OBJECT FORMAT section in the <a href="postqueue.1.html">postqueue(1)</a> manpage
+ select(.recipients[0].address == "user@example.com")
+ | select(.recipients[1].address == null)
+ | .queue_id
+ ' | postsuper -d -
+
+ (note the "jq -r" option), or the historical form:
+
+ mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" }
+ # $7=sender, $8=recipient1, $9=recipient2
+ { if ($8 == "user@example.com" &amp;&amp; $9 == "")
+ print $1 }
+ ' | tr -d '*!' | postsuper -d -
+
+ Specify "<b>-d ALL</b>" to remove all messages; for example, specify
+ "<b>-d ALL deferred</b>" to delete all mail in the <b>deferred</b> queue. As
+ a safety measure, the word <b>ALL</b> must be specified in upper case.
+
+ Warning: Postfix queue IDs are reused (always with Postfix &lt;=
+ 2.8; and with Postfix &gt;= 2.9 when <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no).
+ There is a very small possibility that postsuper deletes the
+ wrong message file when it is executed while the Postfix mail
+ system is delivering mail.
+
+ The scenario is as follows:
+
+ 1) The Postfix queue manager deletes the message that <a href="postsuper.1.html"><b>post-</b></a>
+ <a href="postsuper.1.html"><b>super</b>(1)</a> is asked to delete, because Postfix is finished
+ with the message (it is delivered, or it is returned to
+ the sender).
+
+ 2) New mail arrives, and the new message is given the same
+ queue ID as the message that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is supposed to
+ delete. The probability for reusing a deleted queue ID
+ is about 1 in 2**15 (the number of different microsecond
+ values that the system clock can distinguish within a
+ second).
+
+ 3) <a href="postsuper.1.html"><b>postsuper</b>(1)</a> deletes the new message, instead of the old
+ message that it should have deleted.
+
+ <b>-e</b> <i>queue</i><b>_</b><i>id</i>
+
+ <b>-f</b> <i>queue</i><b>_</b><i>id</i>
+ Request forced expiration for one message with the named queue
+ ID in the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b>
+ and <b>deferred</b>).
+
+ <b>o</b> The message will be returned to the sender when the queue
+ manager attempts to deliver that message (note that Post-
+ fix will never deliver messages in the <b>hold</b> queue).
+
+ <b>o</b> The <b>-e</b> and <b>-f</b> options both request forced expiration. The
+ difference is that <b>-f</b> will also release a message if it
+ is in the <b>hold</b> queue. With <b>-e</b>, such a message would not
+ be returned to the sender until it is released with <b>-f</b> or
+ <b>-H</b>.
+
+ <b>o</b> When a deferred message is force-expired, the return mes-
+ sage will state the reason for the delay. Otherwise, the
+ reason will be "message is administratively expired".
+
+ To expire multiple files, specify the <b>-e</b> or <b>-f</b> option multiple
+ times, or specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from stan-
+ dard input (see the <b>-d</b> option above for an example, but be sure
+ to replace <b>-d</b> in the example).
+
+ Specify "<b>-e ALL</b>" or "<b>-f ALL</b>" to expire all messages; for exam-
+ ple, specify "<b>-e ALL deferred</b>" to expire all mail in the
+ <b>deferred</b> queue. As a safety measure, the word <b>ALL</b> must be spec-
+ ified in upper case.
+
+ These features are available in Postfix 3.5 and later.
+
+ <b>-h</b> <i>queue</i><b>_</b><i>id</i>
+ Put mail "on hold" so that no attempt is made to deliver it.
+ Move one message with the named queue ID from the named mail
+ queue(s) (default: <b>incoming</b>, <b>active</b> and <b>deferred</b>) to the <b>hold</b>
+ queue.
+
+ To hold multiple files, specify the <b>-h</b> option multiple times, or
+ specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from standard input.
+
+ Specify "<b>-h ALL</b>" to hold all messages; for example, specify "<b>-h</b>
+ <b>ALL deferred</b>" to hold all mail in the <b>deferred</b> queue. As a
+ safety measure, the word <b>ALL</b> must be specified in upper case.
+
+ Note: while mail is "on hold" it will not expire when its time
+ in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> setting. It becomes subject to expiration
+ after it is released from "hold".
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>-H</b> <i>queue</i><b>_</b><i>id</i>
+ Release mail that was put "on hold". Move one message with the
+ named queue ID from the named mail queue(s) (default: <b>hold</b>) to
+ the <b>deferred</b> queue.
+
+ To release multiple files, specify the <b>-H</b> option multiple times,
+ or specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from standard
+ input.
+
+ Note: specify "<b>postsuper -r</b>" to release mail that was kept on
+ hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer.
+
+ Specify "<b>-H ALL</b>" to release all mail that is "on hold". As a
+ safety measure, the word <b>ALL</b> must be specified in upper case.
+
+ This feature is available in Postfix 2.0 and later.
+
+ <b>-p</b> Purge old temporary files that are left over after system or
+ software crashes. The <b>-p</b>, <b>-s</b>, and <b>-S</b> operations are done before
+ other operations.
+
+ <b>-r</b> <i>queue</i><b>_</b><i>id</i>
+ Requeue the message with the named queue ID from the named mail
+ queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>).
+
+ To requeue multiple files, specify the <b>-r</b> option multiple times,
+ or specify a <i>queue</i><b>_</b><i>id</i> of <b>-</b> to read queue IDs from standard
+ input.
+
+ Specify "<b>-r ALL</b>" to requeue all messages. As a safety measure,
+ the word <b>ALL</b> must be specified in upper case.
+
+ A requeued message is moved to the <b>maildrop</b> queue, from where it
+ is copied by the <a href="pickup.8.html"><b>pickup</b>(8)</a> and <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemons to a new queue
+ file. In many respects its handling differs from that of a new
+ local submission.
+
+ <b>o</b> The message is not subjected to the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> or
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> settings. When mail has passed through
+ an external content filter, this would produce incorrect
+ results with Milter applications that depend on original
+ SMTP connection state information.
+
+ <b>o</b> The message is subjected again to mail address rewriting
+ and substitution. This is useful when rewriting rules or
+ virtual mappings have changed.
+
+ The address rewriting context (local or remote) is the
+ same as when the message was received.
+
+ <b>o</b> The message is subjected to the same <a href="postconf.5.html#content_filter">content_filter</a> set-
+ tings (if any) as used for new local mail submissions.
+ This is useful when <a href="postconf.5.html#content_filter">content_filter</a> settings have changed.
+
+ Warning: Postfix queue IDs are reused (always with Postfix &lt;=
+ 2.8; and with Postfix &gt;= 2.9 when <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no).
+ There is a very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues the
+ wrong message file when it is executed while the Postfix mail
+ system is running, but no harm should be done.
+
+ This feature is available in Postfix 1.1 and later.
+
+ <b>-s</b> Structure check and structure repair. This should be done once
+ before Postfix startup. The <b>-p</b>, <b>-s</b>, and <b>-S</b> operations are done
+ before other operations.
+
+ <b>o</b> Rename files whose name does not match the message file
+ inode number. This operation is necessary after restoring
+ a mail queue from a different machine or from backup,
+ when queue files were created with Postfix &lt;= 2.8 or with
+ "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> = no".
+
+ <b>o</b> Move queue files that are in the wrong place in the file
+ system hierarchy and remove subdirectories that are no
+ longer needed. File position rearrangements are neces-
+ sary after a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
+ <b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters.
+
+ <b>o</b> Rename queue files created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> =
+ yes" to short names, for migration to Postfix &lt;= 2.8.
+ The procedure is as follows:
+
+ # postfix stop
+ # postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no
+ # postsuper
+
+ Run <a href="postsuper.1.html"><b>postsuper</b>(1)</a> repeatedly until it stops reporting file
+ name changes.
+
+ <b>-S</b> A redundant version of <b>-s</b> that requires that long file names
+ also match the message file inode number. This option exists for
+ testing purposes, and is available with Postfix 2.9 and later.
+ The <b>-p</b>, <b>-s</b>, and <b>-S</b> operations are done before other operations.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
+
+<b>DIAGNOSTICS</b>
+ Problems are reported to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ <a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with <b>-d</b>, the number
+ of messages expired with <b>-e</b>, the number of messages expired or released
+ with <b>-f</b>, the number of messages held or released with <b>-h</b> or <b>-H</b>, the
+ number of messages requeued with <b>-r</b>, and the number of messages whose
+ queue file name was fixed with <b>-s</b>. The report is written to the stan-
+ dard error stream and to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>ENVIRONMENT</b>
+ MAIL_CONFIG
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
+
+<b>BUGS</b>
+ Mail that is not sanitized by Postfix (i.e. mail in the <b>maildrop</b> queue)
+ cannot be placed "on hold".
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
+ The number of subdirectory levels for queue directories listed
+ with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
+
+ <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
+ The names of queue directories that are split across multiple
+ subdirectory levels.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
+ Enable long, non-repeating, queue IDs (queue file names).
+
+<b>SEE ALSO</b>
+ <a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible user interface
+ <a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ POSTSUPER(1)
+</pre> </body> </html>
diff --git a/html/posttls-finger.1.html b/html/posttls-finger.1.html
new file mode 100644
index 0000000..2ed629a
--- /dev/null
+++ b/html/posttls-finger.1.html
@@ -0,0 +1,365 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - posttls-finger(1) </title>
+</head> <body> <pre>
+POSTTLS-FINGER(1) POSTTLS-FINGER(1)
+
+<b>NAME</b>
+ posttls-finger - Probe the TLS properties of an ESMTP or LMTP server.
+
+<b>SYNOPSIS</b>
+ <b>posttls-finger</b> [<i>options</i>] [<b>inet:</b>]<i>domain</i>[:<i>port</i>] [<i>match ...</i>]
+ <b>posttls-finger</b> -S [<i>options</i>] <b>unix:</b><i>pathname</i> [<i>match ...</i>]
+
+<b>DESCRIPTION</b>
+ <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> connects to the specified destination and reports
+ TLS-related information about the server. With SMTP, the destination is
+ a domainname; with LMTP it is either a domainname prefixed with <b>inet:</b>
+ or a pathname prefixed with <b>unix:</b>. If Postfix is built without TLS
+ support, the resulting <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> program has very limited func-
+ tionality, and only the <b>-a</b>, <b>-c</b>, <b>-h</b>, <b>-o</b>, <b>-S</b>, <b>-t</b>, <b>-T</b> and <b>-v</b> options are
+ available.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ For SMTP servers that don't support ESMTP, only the greeting banner and
+ the negative EHLO response are reported. Otherwise, the reported EHLO
+ response details further server capabilities.
+
+ If TLS support is enabled when <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> is compiled, and the
+ server supports <b>STARTTLS</b>, a TLS handshake is attempted.
+
+ If DNSSEC support is available, the connection TLS security level (<b>-l</b>
+ option) defaults to <b>dane</b>; see <a href="TLS_README.html">TLS_README</a> for details. Otherwise, it
+ defaults to <b>secure</b>. This setting determines the certificate matching
+ policy.
+
+ If TLS negotiation succeeds, the TLS protocol and cipher details are
+ reported. The server certificate is then verified in accordance with
+ the policy at the chosen (or default) security level. With public
+ CA-based trust, when the <b>-L</b> option includes <b>certmatch</b>, (true by
+ default) name matching is performed even if the certificate chain is
+ not trusted. This logs the names found in the remote SMTP server cer-
+ tificate and which if any would match, were the certificate chain
+ trusted.
+
+ Note: <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> does not perform any table lookups, so the TLS
+ policy table and obsolete per-site tables are not consulted. It does
+ not communicate with the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> daemon (or any other Postfix dae-
+ mons); its TLS session cache is held in private memory, and disappears
+ when the process exits.
+
+ With the <b>-r</b> <i>delay</i> option, if the server assigns a TLS session id, the
+ TLS session is cached. The connection is then closed and re-opened
+ after the specified delay, and <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> then reports whether
+ the cached TLS session was re-used.
+
+ When the destination is a load balancer, it may be distributing load
+ between multiple server caches. Typically, each server returns its
+ unique name in its EHLO response. If, upon reconnecting with <b>-r</b>, a new
+ server name is detected, another session is cached for the new server,
+ and the reconnect is repeated up to a maximum number of times (default
+ 5) that can be specified via the <b>-m</b> option.
+
+ The choice of SMTP or LMTP (<b>-S</b> option) determines the syntax of the
+ destination argument. With SMTP, one can specify a service on a
+ non-default port as <i>host</i>:<i>service</i>, and disable MX (mail exchanger) DNS
+ lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The [] form is required when you
+ specify an IP address instead of a hostname. An IPv6 address takes the
+ form [<b>ipv6:</b><i>address</i>]. The default port for SMTP is taken from the
+ <b>smtp/tcp</b> entry in /etc/services, defaulting to 25 if the entry is not
+ found.
+
+ With LMTP, specify <b>unix:</b><i>pathname</i> to connect to a local server listening
+ on a unix-domain socket bound to the specified pathname; otherwise,
+ specify an optional <b>inet:</b> prefix followed by a <i>domain</i> and an optional
+ port, with the same syntax as for SMTP. The default TCP port for LMTP
+ is 24.
+
+ Arguments:
+
+ <b>-a</b> <i>family</i> (default: <b>any</b>)
+ Address family preference: <b>ipv4</b>, <b>ipv6</b> or <b>any</b>. When using <b>any</b>,
+ <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> will randomly select one of the two as the
+ more preferred, and exhaust all MX preferences for the first
+ address family before trying any addresses for the other.
+
+ <b>-A</b> <i>trust-anchor.pem</i> (default: none)
+ A list of PEM trust-anchor files that overrides CAfile and CAp-
+ ath trust chain verification. Specify the option multiple times
+ to specify multiple files. See the <a href="postconf.5.html">main.cf</a> documentation for
+ <a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> for details.
+
+ <b>-c</b> Disable SMTP chat logging; only TLS-related information is
+ logged.
+
+ <b>-C</b> Print the remote SMTP server certificate trust chain in PEM for-
+ mat. The issuer DN, subject DN, certificate and public key fin-
+ gerprints (see <b>-d</b> <i>mdalg</i> option below) are printed above each PEM
+ certificate block. If you specify <b>-F</b> <i>CAfile</i> or <b>-P</b> <i>CApath</i>, the
+ OpenSSL library may augment the chain with missing issuer cer-
+ tificates. To see the actual chain sent by the remote SMTP
+ server leave <i>CAfile</i> and <i>CApath</i> unset.
+
+ <b>-d</b> <i>mdalg</i> (default: <b>$<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a></b>)
+ The message digest algorithm to use for reporting remote SMTP
+ server fingerprints and matching against user provided certifi-
+ cate fingerprints (with DANE TLSA records the algorithm is spec-
+ ified in the DNS). In Postfix versions prior to 3.6, the
+ default value was "md5".
+
+ <b>-f</b> Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
+ See <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> for details.
+
+ <b>-F</b> <i>CAfile.pem</i> (default: none)
+ The PEM formatted CAfile for remote SMTP server certificate ver-
+ ification. By default no CAfile is used and no public CAs are
+ trusted.
+
+ <b>-g</b> <i>grade</i> (default: medium)
+ The minimum TLS cipher grade used by <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a>. See
+ <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> for details.
+
+ <b>-h</b> <i>host</i><b>_</b><i>lookup</i> (default: <b>dns</b>)
+ The hostname lookup methods used for the connection. See the
+ documentation of <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> for syntax and semantics.
+
+ <b>-H</b> <i>chainfiles</i> (default: <i>none</i>)
+ List of files with a sequence PEM-encoded TLS client certificate
+ chains. The list can be built-up incrementally, by specifying
+ the option multiple times, or all at once via a comma or white-
+ space separated list of filenames. Each chain starts with a
+ private key, which is followed immediately by the corresponding
+ certificate, and optionally by additional issuer certificates.
+ Each new key begins a new chain for the corresponding algorithm.
+ This option is mutually exclusive with the below <b>-k</b> and <b>-K</b>
+ options.
+
+ <b>-k</b> <i>certfile</i> (default: <i>keyfile</i>)
+ File with PEM-encoded TLS client certificate chain. This
+ defaults to <i>keyfile</i> if one is specified.
+
+ <b>-K</b> <i>keyfile</i> (default: <i>certfile</i>)
+ File with PEM-encoded TLS client private key. This defaults to
+ <i>certfile</i> if one is specified.
+
+ <b>-l</b> <i>level</i> (default: <b>dane</b> or <b>secure</b>)
+ The security level for the connection, default <b>dane</b> or <b>secure</b>
+ depending on whether DNSSEC is available. For syntax and seman-
+ tics, see the documentation of <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>. When
+ <b>dane</b> or <b>dane-only</b> is supported and selected, if no TLSA records
+ are found, or all the records found are unusable, the <i>secure</i>
+ level will be used instead. The <b>fingerprint</b> security level
+ allows you to test certificate or public-key fingerprint matches
+ before you deploy them in the policy table.
+
+ Note, since <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> does not actually deliver any
+ email, the <b>none</b>, <b>may</b> and <b>encrypt</b> security levels are not very
+ useful. Since <b>may</b> and <b>encrypt</b> don't require peer certificates,
+ they will often negotiate anonymous TLS ciphersuites, so you
+ won't learn much about the remote SMTP server's certificates at
+ these levels if it also supports anonymous TLS (though you may
+ learn that the server supports anonymous TLS).
+
+ <b>-L</b> <i>logopts</i> (default: <b>routine,certmatch</b>)
+ Fine-grained TLS logging options. To tune the TLS features
+ logged during the TLS handshake, specify one or more of:
+
+ <b>0, none</b>
+ These yield no TLS logging; you'll generally want more,
+ but this is handy if you just want the trust chain:
+ $ posttls-finger -cC -L none destination
+
+ <b>1, routine, summary</b>
+ These synonymous values yield a normal one-line summary
+ of the TLS connection.
+
+ <b>2, debug</b>
+ These synonymous values combine routine, ssl-debug, cache
+ and verbose.
+
+ <b>3, ssl-expert</b>
+ These synonymous values combine debug with ssl-hand-
+ shake-packet-dump. For experts only.
+
+ <b>4, ssl-developer</b>
+ These synonymous values combine ssl-expert with ssl-ses-
+ sion-packet-dump. For experts only, and in most cases,
+ use wireshark instead.
+
+ <b>ssl-debug</b>
+ Turn on OpenSSL logging of the progress of the SSL hand-
+ shake.
+
+ <b>ssl-handshake-packet-dump</b>
+ Log hexadecimal packet dumps of the SSL handshake; for
+ experts only.
+
+ <b>ssl-session-packet-dump</b>
+ Log hexadecimal packet dumps of the entire SSL session;
+ only useful to those who can debug SSL protocol problems
+ from hex dumps.
+
+ <b>untrusted</b>
+ Logs trust chain verification problems. This is turned
+ on automatically at security levels that use peer names
+ signed by Certification Authorities to validate certifi-
+ cates. So while this setting is recognized, you should
+ never need to set it explicitly.
+
+ <b>peercert</b>
+ This logs a one line summary of the remote SMTP server
+ certificate subject, issuer, and fingerprints.
+
+ <b>certmatch</b>
+ This logs remote SMTP server certificate matching, show-
+ ing the CN and each subjectAltName and which name
+ matched. With DANE, logs matching of TLSA record
+ trust-anchor and end-entity certificates.
+
+ <b>cache</b> This logs session cache operations, showing whether ses-
+ sion caching is effective with the remote SMTP server.
+ Automatically used when reconnecting with the <b>-r</b> option;
+ rarely needs to be set explicitly.
+
+ <b>verbose</b>
+ Enables verbose logging in the Postfix TLS driver;
+ includes all of peercert..cache and more.
+
+ The default is <b>routine,certmatch</b>. After a reconnect, <b>peercert</b>,
+ <b>certmatch</b> and <b>verbose</b> are automatically disabled while <b>cache</b> and
+ <b>summary</b> are enabled.
+
+ <b>-m</b> <i>count</i> (default: <b>5</b>)
+ When the <b>-r</b> <i>delay</i> option is specified, the <b>-m</b> option determines
+ the maximum number of reconnect attempts to use with a server
+ behind a load balancer, to see whether connection caching is
+ likely to be effective for this destination. Some MTAs don't
+ expose the underlying server identity in their EHLO response;
+ with these servers there will never be more than 1 reconnection
+ attempt.
+
+ <b>-M</b> <i>insecure</i><b>_</b><i>mx</i><b>_</b><i>policy</i> (default: <b>dane</b>)
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
+ was found via an "insecure" MX lookup. See the <a href="postconf.5.html">main.cf</a> documen-
+ tation for <a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> for details.
+
+ <b>-o</b> <i>name=value</i>
+ Specify zero or more times to override the value of the <a href="postconf.5.html">main.cf</a>
+ parameter <i>name</i> with <i>value</i>. Possible use-cases include overrid-
+ ing the values of TLS library parameters, or "<a href="postconf.5.html#myhostname">myhostname</a>" to
+ configure the SMTP EHLO name sent to the remote server.
+
+ <b>-p</b> <i>protocols</i> (default: &gt;=TLSv1)
+ TLS protocols that <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> will exclude or include.
+ See <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
+
+ <b>-P</b> <i>CApath/</i> (default: none)
+ The OpenSSL CApath/ directory (indexed via c_rehash(1)) for
+ remote SMTP server certificate verification. By default no CAp-
+ ath is used and no public CAs are trusted.
+
+ <b>-r</b> <i>delay</i>
+ With a cacheable TLS session, disconnect and reconnect after
+ <i>delay</i> seconds. Report whether the session is re-used. Retry if a
+ new server is encountered, up to 5 times or as specified with
+ the <b>-m</b> option. By default reconnection is disabled, specify a
+ positive delay to enable this behavior.
+
+ <b>-R</b> Use SRV lookup instead of MX.
+
+ <b>-s</b> <i>servername</i>
+ The server name to send with the TLS Server Name Indication
+ (SNI) extension. When the server has DANE TLSA records, this
+ parameter is ignored and the TLSA base domain is used instead.
+ Otherwise, SNI is not used by default, but can be enabled by
+ specifying the desired value with this option.
+
+ <b>-S</b> Disable SMTP; that is, connect to an LMTP server. The default
+ port for LMTP over TCP is 24. Alternative ports can specified
+ by appending "<i>:servicename</i>" or ":<i>portnumber</i>" to the destination
+ argument.
+
+ <b>-t</b> <i>timeout</i> (default: <b>30</b>)
+ The TCP connection timeout to use. This is also the timeout for
+ reading the remote server's 220 banner.
+
+ <b>-T</b> <i>timeout</i> (default: <b>30</b>)
+ The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
+
+ <b>-v</b> Enable verbose Postfix logging. Specify more than once to
+ increase the level of verbose logging.
+
+ <b>-w</b> Enable outgoing TLS wrapper mode, or SUBMISSIONS/SMTPS support.
+ This is typically provided on port 465 by servers that are com-
+ patible with the SMTP-in-SSL protocol, rather than the STARTTLS
+ protocol. The destination <i>domain</i>:<i>port</i> must of course provide
+ such a service.
+
+ <b>-X</b> Enable <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> mode. This is an unsupported mode, for pro-
+ gram development only.
+
+ [<b>inet:</b>]<i>domain</i>[:<i>port</i>]
+ Connect via TCP to domain <i>domain</i>, port <i>port</i>. The default port is
+ <b>smtp</b> (or 24 with LMTP). With SMTP an MX lookup is performed to
+ resolve the domain to a host, unless the domain is enclosed in
+ <b>[]</b>. If you want to connect to a specific MX host, for instance
+ <i>mx1.example.com</i>, specify [<i>mx1.example.com</i>] as the destination
+ and <i>example.com</i> as a <b>match</b> argument. When using DNS, the desti-
+ nation domain is assumed fully qualified and no <a href="ADDRESS_CLASS_README.html#default_domain_class">default domain</a>
+ or search suffixes are applied; you must use fully-qualified
+ names or also enable <b>native</b> host lookups (these don't support
+ <b>dane</b> or <b>dane-only</b> as no DNSSEC validation information is avail-
+ able via <b>native</b> lookups).
+
+ <b>unix:</b><i>pathname</i>
+ Connect to the UNIX-domain socket at <i>pathname</i>. LMTP only.
+
+ <b>match ...</b>
+ With no match arguments specified, certificate peername matching
+ uses the compiled-in default strategies for each security level.
+ If you specify one or more arguments, these will be used as the
+ list of certificate or public-key digests to match for the <b>fin-</b>
+ <b>gerprint</b> level, or as the list of DNS names to match in the cer-
+ tificate at the <b>verify</b> and <b>secure</b> levels. If the security level
+ is <b>dane</b>, or <b>dane-only</b> the match names are ignored, and <b>hostname,</b>
+ <b>nexthop</b> strategies are used.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Read configuration parameters from a non-default location.
+
+ <b>MAIL_VERBOSE</b>
+ Same as <b>-v</b> option.
+
+<b>SEE ALSO</b>
+ <a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message source
+ <a href="smtp-sink.1.html">smtp-sink(1)</a>, SMTP/LMTP message dump
+
+<b>README FILES</b>
+ <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ Viktor Dukhovni
+
+ POSTTLS-FINGER(1)
+</pre> </body> </html>
diff --git a/html/proxymap.8.html b/html/proxymap.8.html
new file mode 100644
index 0000000..7c98c47
--- /dev/null
+++ b/html/proxymap.8.html
@@ -0,0 +1,223 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - proxymap(8) </title>
+</head> <body> <pre>
+PROXYMAP(8) PROXYMAP(8)
+
+<b>NAME</b>
+ proxymap - Postfix lookup table proxy server
+
+<b>SYNOPSIS</b>
+ <b>proxymap</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write table lookup
+ service to Postfix processes. These services are implemented with dis-
+ tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose
+ of these services is:
+
+ <b>o</b> To overcome chroot restrictions. For example, a chrooted SMTP
+ server needs access to the system passwd file in order to reject
+ mail for non-existent local addresses, but it is not practical
+ to maintain a copy of the passwd file in the chroot jail. The
+ solution:
+
+ <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
+ <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
+
+ <b>o</b> To consolidate the number of open lookup tables by sharing one
+ open table among multiple processes. For example, making mysql
+ connections from every Postfix daemon process results in "too
+ many connections" errors. The solution:
+
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
+ <a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf
+
+ The total number of connections is limited by the number of
+ proxymap server processes.
+
+ <b>o</b> To provide single-updater functionality for lookup tables that
+ do not reliably support multiple writers (i.e. all file-based
+ tables).
+
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
+
+ <b>open</b> <i>maptype:mapname flags</i>
+ Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled
+ by <i>flags</i>. The reply includes the <i>maptype</i> dependent flags (to
+ distinguish a fixed string table from a regular expression ta-
+ ble).
+
+ <b>lookup</b> <i>maptype:mapname flags key</i>
+ Look up the data stored under the requested key. The reply is
+ the request completion status code and the lookup result value.
+ The <i>maptype:mapname</i> and <i>flags</i> are the same as with the <b>open</b>
+ request.
+
+ <b>update</b> <i>maptype:mapname flags key value</i>
+ Update the data stored under the requested key. The reply is
+ the request completion status code. The <i>maptype:mapname</i> and
+ <i>flags</i> are the same as with the <b>open</b> request.
+
+ To implement single-updater maps, specify a process limit of 1
+ in the <a href="master.5.html">master.cf</a> file entry for the <b>proxywrite</b> service.
+
+ This request is supported in Postfix 2.5 and later.
+
+ <b>delete</b> <i>maptype:mapname flags key</i>
+ Delete the data stored under the requested key. The reply is
+ the request completion status code. The <i>maptype:mapname</i> and
+ <i>flags</i> are the same as with the <b>open</b> request.
+
+ This request is supported in Postfix 2.5 and later.
+
+ <b>sequence</b> <i>maptype:mapname flags function</i>
+ Iterate over the specified database. The <i>function</i> is one of
+ DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. The reply is the
+ request completion status code and a lookup key and result
+ value, if found.
+
+ This request is supported in Postfix 2.9 and later.
+
+ The request completion status is one of OK, RETRY, NOKEY (lookup failed
+ because the key was not found), BAD (malformed request) or DENY (the
+ table is not approved for proxy read or update access).
+
+ There is no <b>close</b> command, nor are tables implicitly closed when a
+ client disconnects. The purpose is to share tables among multiple
+ client processes.
+
+<b>SERVER PROCESS MANAGEMENT</b>
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
+ Each server can handle multiple simultaneous connections. When all
+ servers are busy while a client connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server process, provided that the process limit is not
+ exceeded. Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
+ clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.
+
+<b>SECURITY</b>
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved via the
+ <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does not
+ talk to users, and can run at fixed low privilege, chrooted or not.
+ However, running the proxymap server chrooted severely limits usabil-
+ ity, because it can open only chrooted tables.
+
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be
+ used to look up sensitive information such as UNIX user or group IDs,
+ mailbox file/directory names or external commands.
+
+ In Postfix version 2.2 and later, the proxymap client recognizes
+ requests to access a table for security-sensitive purposes, and opens
+ the table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by
+ sensitive and non-sensitive processes.
+
+ Postfix-writable data files should be stored under a dedicated direc-
+ tory that is writable only by the Postfix mail system, such as the
+ Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
+
+ In particular, Postfix-writable files should never exist in root-owned
+ directories. That would open up a particular type of security hole
+ where ownership of a file or directory does not match the provider of
+ its content.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple clients, and must
+ therefore not be used for tables that have high-latency lookups.
+
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly close lookup
+ tables (even if it did, this could not be relied on, because the
+ process may be terminated between table updates). The read-write ser-
+ vice should therefore not be used with tables that leave persistent
+ storage in an inconsistent state between updates (for example, CDB).
+ Tables that support "sync on update" should be safe (for example,
+ Berkeley DB) as should tables that are implemented by a real DBMS.
+
+<b>CONFIGURATION PARAMETERS</b>
+ On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>proxymap</b>(8)</a> relevant
+ changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the command "<b>postfix reload</b>" to
+ speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
+ The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
+ access for the read-only service.
+
+ Available in Postfix 2.5 and later:
+
+ <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
+
+ <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b>
+ The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
+ access for the read-write service.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The proxymap service was introduced with Postfix 2.0.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ PROXYMAP(8)
+</pre> </body> </html>
diff --git a/html/qmgr.8.html b/html/qmgr.8.html
new file mode 100644
index 0000000..bfaa05f
--- /dev/null
+++ b/html/qmgr.8.html
@@ -0,0 +1,509 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - qmgr(8) </title>
+</head> <body> <pre>
+QMGR(8) QMGR(8)
+
+<b>NAME</b>
+ qmgr - Postfix queue manager
+
+<b>SYNOPSIS</b>
+ <b>qmgr</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon awaits the arrival of incoming mail and arranges for
+ its delivery via Postfix delivery processes. The actual mail routing
+ strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This program
+ expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
+ carded. This stops potential loops caused by undeliverable bounce
+ notifications.
+
+<b>MAIL QUEUES</b>
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon maintains the following queues:
+
+ <b>incoming</b>
+ Inbound mail from the network, or mail picked up by the local
+ <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon from the <b>maildrop</b> directory.
+
+ <b>active</b> Messages that the queue manager has opened for delivery. Only a
+ limited number of messages is allowed to enter the <b>active</b> queue
+ (leaky bucket strategy, for a fixed delivery rate).
+
+ <b>deferred</b>
+ Mail that could not be delivered upon the first attempt. The
+ queue manager implements exponential backoff by doubling the
+ time between delivery attempts.
+
+ <b>corrupt</b>
+ Unreadable or damaged queue files are moved here for inspection.
+
+ <b>hold</b> Messages that are kept "on hold" are kept here until someone
+ sets them free.
+
+<b>DELIVERY STATUS REPORTS</b>
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon keeps an eye on per-message delivery status reports
+ in the following directories. Each status report file has the same name
+ as the corresponding message file:
+
+ <b>bounce</b> Per-recipient status information about why mail is bounced.
+ These files are maintained by the <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
+
+ <b>defer</b> Per-recipient status information about why mail is delayed.
+ These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
+
+ <b>trace</b> Per-recipient status information as requested with the Postfix
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
+ tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
+
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or
+ <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery reports.
+
+<b>STRATEGIES</b>
+ The queue manager implements a variety of strategies for either opening
+ queue files (input) or for message delivery (output).
+
+ <b>leaky bucket</b>
+ This strategy limits the number of messages in the <b>active</b> queue
+ and prevents the queue manager from running out of memory under
+ heavy load.
+
+ <b>fairness</b>
+ When the <b>active</b> queue has room, the queue manager takes one mes-
+ sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
+ This prevents a large mail backlog from blocking the delivery of
+ new mail.
+
+ <b>slow start</b>
+ This strategy eliminates "thundering herd" problems by slowly
+ adjusting the number of parallel deliveries to the same destina-
+ tion.
+
+ <b>round robin</b>
+ The queue manager sorts delivery requests by destination.
+ Round-robin selection prevents one destination from dominating
+ deliveries to other destinations.
+
+ <b>exponential backoff</b>
+ Mail that cannot be delivered upon the first attempt is
+ deferred. The time interval between delivery attempts is dou-
+ bled after each attempt.
+
+ <b>destination status cache</b>
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
+ tions.
+
+ <b>preemptive message scheduling</b>
+ The queue manager attempts to minimize the average per-recipient
+ delay while still preserving the correct per-message delays,
+ using a sophisticated preemptive message scheduling.
+
+<b>TRIGGERS</b>
+ On an idle system, the queue manager waits for the arrival of trigger
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
+ sage. Depending on the message received, the queue manager performs
+ one of the following actions (the message is followed by the symbolic
+ constant used internally by the software):
+
+ <b>D (QMGR_REQ_SCAN_DEFERRED)</b>
+ Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
+
+ <b>I (QMGR_REQ_SCAN_INCOMING)</b>
+ Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
+
+ <b>A (QMGR_REQ_SCAN_ALL)</b>
+ Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request affects the
+ next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
+
+ <b>F (QMGR_REQ_FLUSH_DEAD)</b>
+ Purge all information about dead transports and destinations.
+
+ <b>W (TRIGGER_REQ_WAKEUP)</b>
+ Wakeup call, This is used by the master server to instantiate
+ servers that should not go away forever. The action is to start
+ an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan.
+
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon reads an entire buffer worth of triggers. Multiple
+ identical trigger requests are collapsed into one, and trigger requests
+ are sorted so that <b>A</b> and <b>F</b> precede <b>D</b> and <b>I</b>. Thus, in order to force a
+ <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> run, one would request <b>A F D</b>; in order to notify the
+ queue manager of the arrival of new mail one would request <b>I</b>.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
+
+<b>SECURITY</b>
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads single-character
+ messages from untrusted local users, and thus may be susceptible to
+ denial of service attacks. The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon does not talk to the out-
+ side world, and it can be run at fixed low privilege in a chrooted
+ environment.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are saved to the <b>corrupt</b> queue for further
+ inspection.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>BUGS</b>
+ A single queue manager process has to compete for disk access with mul-
+ tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
+ mail can negatively impact outbound delivery rates.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically as <a href="qmgr.8.html"><b>qmgr</b>(8)</a> is a per-
+ sistent process. Use the "<b>postfix reload</b>" command after a configuration
+ change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
+
+<b>COMPATIBILITY CONTROLS</b>
+ Available before Postfix version 2.5:
+
+ <b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
+ Allow a sender or recipient address to have `-' as the first
+ character.
+
+ Available with Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
+ When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+ next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+ that value is empty, use the domain in the recipient address.
+
+<b><a href="QSHAPE_README.html#active_queue">ACTIVE QUEUE</a> CONTROLS</b>
+ <b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
+ The minimal delay between warnings that a specific destination
+ is clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> (20000)</b>
+ The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
+ The maximal number of recipients held in memory by the Postfix
+ queue manager, and the maximal size of the short-term, in-memory
+ "dead" destination status cache.
+
+ <b><a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> (10)</b>
+ The minimal number of in-memory recipients for any message.
+
+ <b><a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> (20000)</b>
+ The default per-transport upper limit on the number of in-memory
+ recipients.
+
+ <b><a href="postconf.5.html#transport_recipient_limit">transport_recipient_limit</a> ($<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ message delivery transport.
+
+ <b><a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> (1000)</b>
+ The default value for the extra per-transport limit imposed on
+ the number of in-memory recipients.
+
+ <b><a href="postconf.5.html#transport_extra_recipient_limit">transport_extra_recipient_limit</a> ($<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipi</a>-
+ <a href="postconf.5.html#default_extra_recipient_limit">ent_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
+ of the message delivery transport.
+
+ Available in Postfix version 2.4 and later:
+
+ <b><a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> (100)</b>
+ The default per-transport limit on the number of recipients
+ refilled at once.
+
+ <b><a href="postconf.5.html#transport_recipient_refill_limit">transport_recipient_refill_limit</a> ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-
+ <a href="postconf.5.html#default_recipient_refill_limit">ent_refill_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ ter.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> (5s)</b>
+ The default per-transport maximum delay between recipients
+ refills.
+
+ <b><a href="postconf.5.html#transport_recipient_refill_delay">transport_recipient_refill_delay</a> ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-
+ <a href="postconf.5.html#default_recipient_refill_delay">ent_refill_delay</a> parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ ter.cf</a> name of the message delivery transport.
+
+<b>DELIVERY CONCURRENCY CONTROLS</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
+ The initial per-destination concurrency level for parallel
+ delivery to the same destination.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
+ The default maximal number of parallel deliveries to the same
+ destination.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency">transport_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#initial_destination_concurrency">initial_destination_con</a>-
+ <a href="postconf.5.html#initial_destination_concurrency">currency</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
+ of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
+ How many pseudo-cohorts must suffer connection or handshake
+ failure before a specific destination is considered unavailable
+ (and further delivery is suspended).
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit">transport_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">currency_failed_cohort_limit</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
+ The per-destination amount of delivery concurrency negative
+ feedback, after a delivery completes with a connection or hand-
+ shake failure.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback">transport_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_negative_feedback">currency_negative_feedback</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
+ The per-destination amount of delivery concurrency positive
+ feedback, after a delivery completes without connection or hand-
+ shake failure.
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback">transport_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_positive_feedback">currency_positive_feedback</a> parameter value, where <i>transport</i> is
+ the <a href="master.5.html">master.cf</a> name of the message delivery transport.
+
+ <b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
+ Make the queue manager's feedback algorithm verbose for perfor-
+ mance analysis purposes.
+
+<b>RECIPIENT SCHEDULING CONTROLS</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
+ The default maximal number of recipients per message delivery.
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+<b>MESSAGE SCHEDULING CONTROLS</b>
+ <b><a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> (5)</b>
+ How often the Postfix queue manager's scheduler is allowed to
+ preempt delivery of one message with another.
+
+ <b><a href="postconf.5.html#transport_delivery_slot_cost">transport_delivery_slot_cost</a> ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ message delivery transport.
+
+ <b><a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> (3)</b>
+ How many recipients a message must have in order to invoke the
+ Postfix queue manager's scheduling algorithm at all.
+
+ <b><a href="postconf.5.html#transport_minimum_delivery_slots">transport_minimum_delivery_slots</a> ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-
+ <a href="postconf.5.html#default_minimum_delivery_slots">ery_slots</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
+ of the message delivery transport.
+
+ <b><a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> (50)</b>
+ The default value for transport-specific _delivery_slot_discount
+ settings.
+
+ <b><a href="postconf.5.html#transport_delivery_slot_discount">transport_delivery_slot_discount</a> ($<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_dis</a>-
+ <a href="postconf.5.html#default_delivery_slot_discount">count</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+ the message delivery transport.
+
+ <b><a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> (3)</b>
+ The default value for transport-specific _delivery_slot_loan
+ settings.
+
+ <b><a href="postconf.5.html#transport_delivery_slot_loan">transport_delivery_slot_loan</a> ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ message delivery transport.
+
+<b>OTHER RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
+ The minimal time between attempts to deliver a deferred message;
+ prior to Postfix 2.4 the default value was 1000s.
+
+ <b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
+ The maximal time between attempts to deliver a deferred message.
+
+ <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
+ Consider a message as undeliverable, when delivery fails with a
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
+
+ <b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
+ The time between attempts by the Postfix queue manager to con-
+ tact a malfunctioning message delivery transport.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
+ Consider a bounce message as undeliverable, when delivery fails
+ with a temporary error, and the time in the queue has reached
+ the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
+ The default amount of delay that is inserted between individual
+ message deliveries to the same destination and over the same
+ message delivery transport.
+
+ <b><a href="postconf.5.html#transport_destination_rate_delay">transport_destination_rate_delay</a> ($<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-
+ <a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a> parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ ter.cf</a> name of the message delivery transport.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a> (0s)</b>
+ The default amount of delay that is inserted between individual
+ message deliveries over the same message delivery transport,
+ regardless of destination.
+
+ <b><a href="postconf.5.html#transport_transport_rate_delay">transport_transport_rate_delay</a> ($<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_trans</a>-
+ <a href="postconf.5.html#default_transport_rate_delay">port_rate_delay</a> parameter value, where the initial <i>transport</i> in
+ the parameter name is the <a href="master.5.html">master.cf</a> name of the message delivery
+ transport.
+
+<b>SAFETY CONTROLS</b>
+ <b><a href="postconf.5.html#qmgr_daemon_timeout">qmgr_daemon_timeout</a> (1000s)</b>
+ How much time a Postfix queue manager process may take to handle
+ a request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
+ The time limit for the queue manager to send or receive informa-
+ tion over an internal communication channel.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#address_verify_pending_request_limit">address_verify_pending_request_limit</a> (see 'postconf -d' output)</b>
+ A safety limit that prevents address verification requests from
+ overwhelming the Postfix queue.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
+ The names of message delivery transports that should not deliver
+ mail unless someone issues "<b>sendmail -q</b>" or equivalent.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a> (no)</b>
+ After sending a "your message is delayed" notification, inform
+ the sender when the delay clears up.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>FILES</b>
+ /var/spool/postfix/incoming, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
+ /var/spool/postfix/active, <a href="QSHAPE_README.html#active_queue">active queue</a>
+ /var/spool/postfix/deferred, <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
+ /var/spool/postfix/bounce, non-delivery status
+ /var/spool/postfix/defer, non-delivery status
+ /var/spool/postfix/trace, delivery status
+
+<b>SEE ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address routing
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="SCHEDULER_README.html">SCHEDULER_README</a>, scheduling algorithm
+ <a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Preemptive scheduler enhancements:
+ Patrik Rak
+ Modra 6
+ 155 00, Prague, Czech Republic
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ QMGR(8)
+</pre> </body> </html>
diff --git a/html/qmqp-sink.1.html b/html/qmqp-sink.1.html
new file mode 100644
index 0000000..3ef4945
--- /dev/null
+++ b/html/qmqp-sink.1.html
@@ -0,0 +1,65 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - qmqp-sink(1) </title>
+</head> <body> <pre>
+QMQP-SINK(1) QMQP-SINK(1)
+
+<b>NAME</b>
+ qmqp-sink - parallelized QMQP test server
+
+<b>SYNOPSIS</b>
+ <b>qmqp-sink</b> [<b>-46cv</b>] [<b>-x</b> <i>time</i>] [<b>inet:</b>][<i>host</i>]:<i>port backlog</i>
+
+ <b>qmqp-sink</b> [<b>-46cv</b>] [<b>-x</b> <i>time</i>] <b>unix:</b><i>pathname backlog</i>
+
+<b>DESCRIPTION</b>
+ <b>qmqp-sink</b> listens on the named host (or address) and port. It receives
+ messages from the network and throws them away. The purpose is to mea-
+ sure QMQP client performance, not protocol compliance. Connections can
+ be accepted on IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4
+ and IPv6 are the default. This program is the complement of the
+ <a href="qmqp-source.1.html"><b>qmqp-source</b>(1)</a> program.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ Arguments:
+
+ <b>-4</b> Support IPv4 only. This option has no effect when Postfix is
+ built without IPv6 support.
+
+ <b>-6</b> Support IPv6 only. This option is not available when Postfix is
+ built without IPv6 support.
+
+ <b>-c</b> Display a running counter that is updated whenever a delivery is
+ completed.
+
+ <b>-v</b> Increase verbosity. Specify <b>-v -v</b> to see some of the QMQP con-
+ versation.
+
+ <b>-x</b> <i>time</i>
+ Terminate after <i>time</i> seconds. This is to facilitate memory leak
+ testing.
+
+<b>SEE ALSO</b>
+ <a href="qmqp-source.1.html">qmqp-source(1)</a>, QMQP message generator
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ QMQP-SINK(1)
+</pre> </body> </html>
diff --git a/html/qmqp-source.1.html b/html/qmqp-source.1.html
new file mode 100644
index 0000000..fc511c5
--- /dev/null
+++ b/html/qmqp-source.1.html
@@ -0,0 +1,98 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - qmqp-source(1) </title>
+</head> <body> <pre>
+QMQP-SOURCE(1) QMQP-SOURCE(1)
+
+<b>NAME</b>
+ qmqp-source - parallelized QMQP test generator
+
+<b>SYNOPSIS</b>
+ <b>qmqp-source</b> [<i>options</i>] [<b>inet:</b>]<i>host</i>[:<i>port</i>]
+
+ <b>qmqp-source</b> [<i>options</i>] <b>unix:</b><i>pathname</i>
+
+<b>DESCRIPTION</b>
+ <b>qmqp-source</b> connects to the named host and TCP port (default 628) and
+ sends one or more messages to it, either sequentially or in parallel.
+ The program speaks the QMQP protocol. Connections can be made to
+ UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ Arguments:
+
+ <b>-4</b> Connect to the server with IPv4. This option has no effect when
+ Postfix is built without IPv6 support.
+
+ <b>-6</b> Connect to the server with IPv6. This option is not available
+ when Postfix is built without IPv6 support.
+
+ <b>-c</b> Display a running counter that is incremented each time a deliv-
+ ery completes.
+
+ <b>-C</b> <i>count</i>
+ When a host sends RESET instead of SYN|ACK, try <i>count</i> times
+ before giving up. The default count is 1. Specify a larger count
+ in order to work around a problem with TCP/IP stacks that send
+ RESET when the listen queue is full.
+
+ <b>-f</b> <i>from</i>
+ Use the specified sender address (default: &lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
+
+ <b>-l</b> <i>length</i>
+ Send <i>length</i> bytes as message payload. The length includes the
+ message headers.
+
+ <b>-m</b> <i>message</i><b>_</b><i>count</i>
+ Send the specified number of messages (default: 1).
+
+ <b>-M</b> <i><a href="postconf.5.html#myhostname">myhostname</a></i>
+ Use the specified hostname or [address] in the default sender
+ and recipient addresses, instead of the machine hostname.
+
+ <b>-r</b> <i>recipient</i><b>_</b><i>count</i>
+ Send the specified number of recipients per transaction
+ (default: 1). Recipient names are generated by prepending a
+ number to the recipient address.
+
+ <b>-s</b> <i>session</i><b>_</b><i>count</i>
+ Run the specified number of QMQP sessions in parallel (default:
+ 1).
+
+ <b>-t</b> <i>to</i> Use the specified recipient address (default: &lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
+
+ <b>-R</b> <i>interval</i>
+ Wait for a random period of time 0 &lt;= n &lt;= interval between mes-
+ sages. Suspending one thread does not affect other delivery
+ threads.
+
+ <b>-v</b> Make the program more verbose, for debugging purposes.
+
+ <b>-w</b> <i>interval</i>
+ Wait a fixed time between messages. Suspending one thread does
+ not affect other delivery threads.
+
+<b>SEE ALSO</b>
+ <a href="qmqp-sink.1.html">qmqp-sink(1)</a>, QMQP message dump
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ QMQP-SOURCE(1)
+</pre> </body> </html>
diff --git a/html/qmqpd.8.html b/html/qmqpd.8.html
new file mode 100644
index 0000000..9506cfa
--- /dev/null
+++ b/html/qmqpd.8.html
@@ -0,0 +1,199 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - qmqpd(8) </title>
+</head> <body> <pre>
+QMQPD(8) QMQPD(8)
+
+<b>NAME</b>
+ qmqpd - Postfix QMQP server
+
+<b>SYNOPSIS</b>
+ <b>qmqpd</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix QMQP server receives one message per connection. Each mes-
+ sage is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the
+ <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single queue file. The program expects to be run
+ from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The QMQP server implements one access policy: only explicitly autho-
+ rized client hosts are allowed to use the service.
+
+<b>SECURITY</b>
+ The QMQP server is moderately security-sensitive. It talks to QMQP
+ clients and to DNS servers on the network. The QMQP server can be run
+ chrooted at fixed low privilege.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ The QMQP protocol provides only one server reply per message delivery.
+ It is therefore not possible to reject individual recipients.
+
+ The QMQP protocol requires the server to receive the entire message
+ before replying. If a message is malformed, or if any netstring compo-
+ nent is longer than acceptable, Postfix replies immediately and closes
+ the connection. It is left up to the client to handle the situation.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="qmqpd.8.html"><b>qmqpd</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>CONTENT INSPECTION CONTROLS</b>
+ <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
+
+ <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
+
+ <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
+ The maximal size in bytes of a message, including envelope
+ information.
+
+ <b><a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> (300s)</b>
+ The time limit for sending or receiving information over the
+ network.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+ <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
+
+<b>TARPIT CONTROLS</b>
+ <b><a href="postconf.5.html#qmqpd_error_delay">qmqpd_error_delay</a> (1s)</b>
+ How long the Postfix QMQP server will pause before sending a
+ negative reply to the remote QMQP client.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> (empty)</b>
+ What remote QMQP clients are allowed to connect to the Postfix
+ QMQP server port.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#qmqpd_client_port_logging">qmqpd_client_port_logging</a> (no)</b>
+ Enable logging of the remote QMQP client port in addition to the
+ hostname and IP address.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
+ <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="QMQP_README.html">QMQP_README</a>, Postfix ezmlm-idx howto.
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ The qmqpd service was introduced with Postfix version 1.1.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ QMQPD(8)
+</pre> </body> </html>
diff --git a/html/qshape.1.html b/html/qshape.1.html
new file mode 100644
index 0000000..26be5a3
--- /dev/null
+++ b/html/qshape.1.html
@@ -0,0 +1,126 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - qshape(1) </title>
+</head> <body> <pre>
+QSHAPE(1) QSHAPE(1)
+
+<b>NAME</b>
+ qshape - Print Postfix queue domain and age distribution
+
+<b>SYNOPSIS</b>
+ <b>qshape</b> [<b>-s</b>] [<b>-p</b>] [<b>-m</b> <i>min</i><b>_</b><i>subdomains</i>]
+ [<b>-b</b> <i>bucket</i><b>_</b><i>count</i>] [<b>-t</b> <i>bucket</i><b>_</b><i>time</i>]
+ [<b>-l</b>] [<b>-w</b> <i>terminal</i><b>_</b><i>width</i>]
+ [<b>-N</b> <i>batch</i><b>_</b><i>msg</i><b>_</b><i>count</i>] [<b>-n</b> <i>batch</i><b>_</b><i>top</i><b>_</b><i>domains</i>]
+ [<b>-c</b> <i>config</i><b>_</b><i>directory</i>] [<i>queue</i><b>_</b><i>name</i> ...]
+
+<b>DESCRIPTION</b>
+ The <b>qshape</b> program helps the administrator understand the Postfix queue
+ message distribution in time and by sender domain or recipient domain.
+ The program needs read access to the queue directories and queue files,
+ so it must run as the superuser or the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> specified in <a href="postconf.5.html"><b>main.cf</b></a>
+ (typically <b>postfix</b>).
+
+ Options:
+
+ <b>-s</b> Display the sender domain distribution instead of the recipient
+ domain distribution. By default the recipient distribution is
+ displayed. There can be more recipients than messages, but as
+ each message has only one sender, the sender distribution is a
+ message distribution.
+
+ <b>-p</b> Generate aggregate statistics for parent domains. Top level
+ domains are not shown, nor are domains with fewer than <i>min</i><b>_</b><i>sub-</i>
+ <i>domains</i> subdomains. The names of parent domains are shown with a
+ leading dot, (e.g. <i>.example.com</i>).
+
+ <b>-m</b> <i>min</i><b>_</b><i>subdomains</i>
+ When used with the <b>-p</b> option, sets the minimum subdomain count
+ needed to show a separate line for a parent domain. The default
+ is 5.
+
+ <b>-b</b> <i>bucket</i><b>_</b><i>count</i>
+ The age distribution is broken up into a sequence of geometri-
+ cally increasing intervals. This option sets the number of
+ intervals or "buckets". Each bucket has a maximum queue age that
+ is twice as large as that of the previous bucket. The last
+ bucket has no age limit.
+
+ <b>-t</b> <i>bucket</i><b>_</b><i>time</i>
+ The age limit in minutes for the first time bucket. The default
+ value is 5, meaning that the first bucket counts messages
+ between 0 and 5 minutes old.
+
+ <b>-l</b> Instead of using a geometric age sequence, use a linear age
+ sequence, in other words simple multiples of <b>bucket_time</b>.
+
+ This feature is available in Postfix 2.2 and later.
+
+ <b>-w</b> <i>terminal</i><b>_</b><i>width</i>
+ The output is right justified, with the counts for the last
+ bucket shown on the 80th column, the <i>terminal</i><b>_</b><i>width</i> can be
+ adjusted for wider screens allowing more buckets to be displayed
+ without truncating the domain names on the left. When a row for
+ a full domain name and its counters does not fit in the speci-
+ fied number of columns, only the last 17 bytes of the domain
+ name are shown with the prefix replaced by a '+' character.
+ Truncated parent domain rows are shown as '.+' followed by the
+ last 16 bytes of the domain name. If this is still too narrow to
+ show the domain name and all the counters, the terminal_width
+ limit is violated.
+
+ <b>-N</b> <i>batch</i><b>_</b><i>msg</i><b>_</b><i>count</i>
+ When the output device is a terminal, intermediate results are
+ shown each "batch_msg_count" messages. This produces usable
+ results in a reasonable time even when the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is
+ large. The default is to show intermediate results every 1000
+ messages.
+
+ <b>-n</b> <i>batch</i><b>_</b><i>top</i><b>_</b><i>domains</i>
+ When reporting intermediate or final results to a termainal,
+ report only the top "batch_top_domains" domains. The default
+ limit is 20 domains.
+
+ <b>-c</b> <i>config</i><b>_</b><i>directory</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
+
+ Arguments:
+
+ <i>queue</i><b>_</b><i>name</i>
+ By default <b>qshape</b> displays the combined distribution of the
+ incoming and <a href="QSHAPE_README.html#active_queue">active queues</a>. To display a different set of
+ queues, just list their directory names on the command line.
+ Absolute paths are used as is, other paths are taken relative to
+ the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter setting. While <a href="postconf.5.html"><b>main.cf</b></a>
+ supports the use of <i>$variable</i> expansion in the definition of the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter, the <b>qshape</b> program does not. If you
+ must use variable expansions in the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> setting, you
+ must specify an explicit absolute path for each queue subdirec-
+ tory even if you want the default <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queue</a> dis-
+ tribution.
+
+<b>SEE ALSO</b>
+ <a href="mailq.1.html">mailq(1)</a>, List all messages in the queue.
+ <a href="QSHAPE_README.html">QSHAPE_README</a> Examples and background material.
+
+<b>FILES</b>
+ $<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, Postfix installation parameters.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/maildrop/, local submission directory.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/incoming/, new message queue.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/hold/, messages waiting for tech support.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/active/, messages scheduled for delivery.
+ $<a href="postconf.5.html#queue_directory">queue_directory</a>/deferred/, messages postponed for later delivery.
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Victor Duchovni
+ Morgan Stanley
+
+ QSHAPE(1)
+</pre> </body> </html>
diff --git a/html/regexp_table.5.html b/html/regexp_table.5.html
new file mode 100644
index 0000000..05cda13
--- /dev/null
+++ b/html/regexp_table.5.html
@@ -0,0 +1,211 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - regexp_table(5) </title>
+</head> <body> <pre>
+REGEXP_TABLE(5) REGEXP_TABLE(5)
+
+<b>NAME</b>
+ regexp_table - format of Postfix regular expression tables
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting,
+ mail routing, or access control. These tables are usually in <b>dbm</b> or <b>db</b>
+ format.
+
+ Alternatively, lookup tables can be specified in POSIX regular expres-
+ sion form. In this case, each input is compared against a list of pat-
+ terns. When a match is found, the corresponding result is returned and
+ the search is terminated.
+
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
+
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above. Use "<b>postmap -hmq -</b> &lt;<i>file</i>" for <a href="header_checks.5.html">header_checks(5)</a> pat-
+ terns, and "<b>postmap -bmq -</b> &lt;<i>file</i>" for <a href="header_checks.5.html">body_checks(5)</a> (Postfix 2.6 and
+ later).
+
+<b>COMPATIBILITY</b>
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. Patterns are case insensi-
+ tive by default.
+
+<b>TABLE FORMAT</b>
+ The general form of a Postfix regular expression table is:
+
+ <b>/</b><i>pattern</i><b>/</b><i>flags result</i>
+ When <i>pattern</i> matches the input string, use the corresponding
+ <i>result</i> value.
+
+ <b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
+ When <i>pattern</i> does <b>not</b> match the input string, use the corre-
+ sponding <i>result</i> value.
+
+ <b>if /</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string matches /<i>pattern</i>/, then match that input
+ string against the patterns between <b>if</b> and <b>endif</b>. The <b>if</b>..<b>endif</b>
+ can nest.
+
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ <b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
+
+ <b>endif</b> If the input string does not match /<i>pattern</i>/, then match that
+ input string against the patterns between <b>if</b> and <b>endif</b>. The
+ <b>if</b>..<b>endif</b> can nest.
+
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
+
+ This feature is available in Postfix 2.1 and later.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ Each pattern is a POSIX regular expression enclosed by a pair of delim-
+ iters. The regular expression syntax is documented in <b>re_format</b>(7) with
+ 4.4BSD, in <b>regex</b>(5) with Solaris, and in <b>regex</b>(7) with Linux. Other
+ systems may use other document names.
+
+ The expression delimiter can be any non-alphanumerical character,
+ except whitespace or characters that have special meaning (tradition-
+ ally the forward slash is used). The regular expression can contain
+ whitespace.
+
+ By default, matching is case-insensitive, and newlines are not treated
+ as special characters. The behavior is controlled by flags, which are
+ toggled by appending one or more of the following characters after the
+ pattern:
+
+ <b>i</b> (default: on)
+ Toggles the case sensitivity flag. By default, matching is case
+ insensitive.
+
+ <b>m</b> (default: off)
+ Toggle the multi-line mode flag. When this flag is on, the <b>^</b> and
+ <b>$</b> metacharacters match immediately after and immediately before
+ a newline character, respectively, in addition to matching at
+ the start and end of the input string.
+
+ <b>x</b> (default: on)
+ Toggles the extended expression syntax flag. By default, support
+ for extended expression syntax is enabled.
+
+<b>TABLE SEARCH ORDER</b>
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the input string.
+
+ Each pattern is applied to the entire input string. Depending on the
+ application, that string is an entire client hostname, an entire client
+ IP address, or an entire mail address. Thus, no parent domain or par-
+ ent network search is done, and <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+<b>TEXT SUBSTITUTION</b>
+ Substitution of substrings (text that matches patterns inside "()")
+ from the matched expression into the result string is requested with
+ $1, $2, etc.; specify $$ to produce a $ character as output. The
+ macros in the result string may need to be written as ${n} or $(n) if
+ they aren't followed by whitespace.
+
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
+
+<b>INLINE SPECIFICATION</b>
+ The contents of a table may be specified in the table name (Postfix 3.7
+ and later). The basic syntax is:
+
+ <a href="postconf.5.html">main.cf</a>:
+ <i>parameter</i> <b>= .. <a href="regexp_table.5.html">regexp</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } ..</b>
+
+ <a href="master.5.html">master.cf</a>:
+ <b>.. -o {</b> <i>parameter</i> <b>= .. <a href="regexp_table.5.html">regexp</a>:{ {</b> <i>rule-1</i> <b>}, {</b> <i>rule-2</i> <b>} .. } .. } ..</b>
+
+ Postfix ignores whitespace after '{' and before '}', and writes each
+ <i>rule</i> as one text line to an in-memory file:
+
+ in-memory file:
+ rule-1
+ rule-2
+ ..
+
+ Postfix parses the result as if it is a file in /etc/postfix.
+
+ Note: if a rule contains <b>$</b>, specify <b>$$</b> to keep Postfix from trying to
+ do <i>$name</i> expansion as it evaluates a parameter value.
+
+<b>EXAMPLE SMTPD ACCESS MAP</b>
+ # Disallow sender-specified routing. This is a must if you relay mail
+ # for other domains.
+ /[%!@].*[%!@]/ 550 Sender-specified routing rejected
+
+ # Postmaster is OK, that way they can talk to us about how to fix
+ # their problem.
+ /^postmaster@/ OK
+
+ # Protect your outgoing majordomo exploders
+ if !/^owner-/
+ /^(.*)-outgoing@(.*)$/ 550 Use ${1}@${2} instead
+ endif
+
+<b>EXAMPLE HEADER FILTER MAP</b>
+ # These were once common in junk mail.
+ /^Subject: make money fast/ REJECT
+ /^To: friend@public\.com/ REJECT
+
+<b>EXAMPLE BODY FILTER MAP</b>
+ # First skip over base 64 encoded text to save CPU cycles.
+ ~^[[:alnum:]+/]{60,}$~ OK
+
+ # Put your own body patterns here.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
+ <a href="cidr_table.5.html">cidr_table(5)</a>, format of CIDR tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>AUTHOR(S)</b>
+ The regexp table lookup code was originally written by:
+ LaMont Jones
+ lamont@hp.com
+
+ That code was based on the PCRE dictionary contributed by:
+ Andrew McNamara
+ andrewm@connect.com.au
+ connect.com.au Pty. Ltd.
+ Level 3, 213 Miller St
+ North Sydney, NSW, Australia
+
+ Adopted and adapted by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ REGEXP_TABLE(5)
+</pre> </body> </html>
diff --git a/html/relocated.5.html b/html/relocated.5.html
new file mode 100644
index 0000000..efd2f53
--- /dev/null
+++ b/html/relocated.5.html
@@ -0,0 +1,167 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - relocated(5) </title>
+</head> <body> <pre>
+RELOCATED(5) RELOCATED(5)
+
+<b>NAME</b>
+ relocated - Postfix relocated table format
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/relocated</b>
+
+<b>DESCRIPTION</b>
+ The optional <a href="relocated.5.html"><b>relocated</b>(5)</a> table provides the information that is used
+ in "user has moved to <i>new</i><b>_</b><i>location</i>" bounce messages.
+
+ Normally, the <a href="relocated.5.html"><b>relocated</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/relocated</b>" to rebuild an
+ indexed file after changing the corresponding relocated table.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those case, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+ Table lookups are case insensitive.
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <b>o</b> An entry has one of the following form:
+
+ <i>pattern new</i><b>_</b><i>location</i>
+
+ Where <i>new</i><b>_</b><i>location</i> specifies contact information such as an
+ email address, or perhaps a street address or telephone number.
+
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
+
+ <i>user</i>@<i>domain</i>
+ Matches <i>user</i>@<i>domain</i>. This form has precedence over all other
+ forms.
+
+ <i>user</i> Matches <i>user</i>@<i>site</i> when <i>site</i> is $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in
+ $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when <i>site</i> is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
+ $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+
+ @<i>domain</i>
+ Matches other addresses in <i>domain</i>. This form has the lowest
+ precedence.
+
+<b>ADDRESS EXTENSION</b>
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions or when lookups are directed
+ to a TCP-based server. For a description of regular expression lookup
+ table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description
+ of the TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This
+ feature is available in Postfix 2.5 and later.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is
+ available in Postfix 2.5 and later.
+
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Results are the same as with indexed file lookups.
+
+<b>BUGS</b>
+ The table format does not understand quoting conventions.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
+
+ <b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
+ Optional lookup tables with new contact information for users or
+ domains that no longer exist.
+
+ Other parameters of interest:
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
+
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
+
+<b>SEE ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ RELOCATED(5)
+</pre> </body> </html>
diff --git a/html/scache.8.html b/html/scache.8.html
new file mode 100644
index 0000000..932b99a
--- /dev/null
+++ b/html/scache.8.html
@@ -0,0 +1,166 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - scache(8) </title>
+</head> <body> <pre>
+SCACHE(8) SCACHE(8)
+
+<b>NAME</b>
+ scache - Postfix shared connection cache server
+
+<b>SYNOPSIS</b>
+ <b>scache</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server maintains a shared multi-connection cache. This
+ information can be used by, for example, Postfix SMTP clients or other
+ Postfix delivery agents.
+
+ The connection cache is organized into logical destination names, phys-
+ ical endpoint names, and connections.
+
+ As a specific example, logical SMTP destinations specify (transport,
+ domain, port), and physical SMTP endpoints specify (transport, IP
+ address, port). An SMTP connection may be saved after a successful
+ mail transaction.
+
+ In the general case, one logical destination may refer to zero or more
+ physical endpoints, one physical endpoint may be referenced by zero or
+ more logical destinations, and one endpoint may refer to zero or more
+ connections.
+
+ The exact syntax of a logical destination or endpoint name is applica-
+ tion dependent; the <a href="scache.8.html"><b>scache</b>(8)</a> server does not care. A connection is
+ stored as a file descriptor together with application-dependent infor-
+ mation that is needed to re-activate a connection object. Again, the
+ <a href="scache.8.html"><b>scache</b>(8)</a> server is completely unaware of the details of that informa-
+ tion.
+
+ All information is stored with a finite time to live (ttl). The con-
+ nection cache daemon terminates when no client is connected for
+ <b><a href="postconf.5.html#max_idle">max_idle</a></b> time units.
+
+ This server implements the following requests:
+
+ <b>save_endp</b> <i>ttl endpoint endpoint</i><b>_</b><i>properties file</i><b>_</b><i>descriptor</i>
+ Save the specified file descriptor and connection property data
+ under the specified endpoint name. The endpoint properties are
+ used by the client to re-activate a passivated connection
+ object.
+
+ <b>find_endp</b> <i>endpoint</i>
+ Look up cached properties and a cached file descriptor for the
+ specified endpoint.
+
+ <b>save_dest</b> <i>ttl destination destination</i><b>_</b><i>properties endpoint</i>
+ Save the binding between a logical destination and an endpoint
+ under the destination name, together with destination specific
+ connection properties. The destination properties are used by
+ the client to re-activate a passivated connection object.
+
+ <b>find_dest</b> <i>destination</i>
+ Look up cached destination properties, cached endpoint proper-
+ ties, and a cached file descriptor for the specified logical
+ destination.
+
+<b>SECURITY</b>
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server is not security-sensitive. It does not talk to the
+ network, and it does not talk to local users. The <a href="scache.8.html"><b>scache</b>(8)</a> server can
+ run chrooted at fixed low privilege.
+
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server is not a trusted process. It must not be used to
+ store information that is security sensitive.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ The session cache cannot be shared among multiple machines.
+
+ When a connection expires from the cache, it is closed without the
+ appropriate protocol specific handshake.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="scache.8.html"><b>scache</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>RESOURCE CONTROLS</b>
+ <b><a href="postconf.5.html#connection_cache_ttl_limit">connection_cache_ttl_limit</a> (2s)</b>
+ The maximal time-to-live value that the <a href="scache.8.html"><b>scache</b>(8)</a> connection
+ cache server allows.
+
+ <b><a href="postconf.5.html#connection_cache_status_update_time">connection_cache_status_update_time</a> (600s)</b>
+ How frequently the <a href="scache.8.html"><b>scache</b>(8)</a> server logs usage statistics with
+ connection cache hit and miss rates for logical destinations and
+ for physical endpoints.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtp.8.html">smtp(8)</a>, SMTP client
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="CONNECTION_CACHE_README.html">CONNECTION_CACHE_README</a>, Postfix connection cache
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.2.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SCACHE(8)
+</pre> </body> </html>
diff --git a/html/sendmail.1.html b/html/sendmail.1.html
new file mode 100644
index 0000000..bebc17b
--- /dev/null
+++ b/html/sendmail.1.html
@@ -0,0 +1,523 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - sendmail(1) </title>
+</head> <body> <pre>
+SENDMAIL(1) SENDMAIL(1)
+
+<b>NAME</b>
+ sendmail - Postfix to Sendmail compatibility interface
+
+<b>SYNOPSIS</b>
+ <b>sendmail</b> [<i>option ...</i>] [<i>recipient ...</i>]
+
+ <b>mailq</b>
+ <b>sendmail -bp</b>
+
+ <b>newaliases</b>
+ <b>sendmail -I</b>
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
+
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
+
+ Specific command aliases are provided for other common modes of opera-
+ tion:
+
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
+
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
+
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
+
+ <b>#</b> The message is forced to expire. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ options <b>-e</b> or <b>-f</b>.
+
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ <b>newaliases</b>
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ The following options are recognized:
+
+ <b>-Am</b> (ignored)
+
+ <b>-Ac</b> (ignored)
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
+
+ <b>-B</b> <i>body</i><b>_</b><i>type</i>
+ The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
+
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
+
+ <b>-bh</b> (ignored)
+
+ <b>-bH</b> (ignored)
+ Postfix has no persistent host status database.
+
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
+
+ <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
+
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
+
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
+
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
+
+ This feature is available in Postfix version 2.1 and later.
+
+ <b>-C</b> <i>config</i><b>_</b><i>file</i>
+
+ <b>-C</b> <i>config</i><b>_</b><i>dir</i>
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
+
+ With Postfix version 3.2 and later, a non-default directory must
+ be authorized in the default <a href="postconf.5.html"><b>main.cf</b></a> file, through the alter-
+ nate_config_directories or <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parame-
+ ters.
+
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
+
+ <b>-F</b> <i>full</i><b>_</b><i>name</i>
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
+
+ <b>-f</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
+
+ This option is ignored before Postfix version 2.3.
+
+ <b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
+
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
+
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-L</b> <i>label</i> (ignored)
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
+
+ <b>-m</b> (ignored)
+ Backwards compatibility.
+
+ <b>-N</b> <i>dsn</i> (default: 'delay, failure')
+ Delivery status notification control. Specify either a
+ comma-separated list with one or more of <b>failure</b> (send notifica-
+ tion when delivery fails), <b>delay</b> (send notification when deliv-
+ ery is delayed), or <b>success</b> (send notification when the message
+ is delivered); or specify <b>never</b> (don't send any notifications at
+ all).
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-n</b> (ignored)
+ Backwards compatibility.
+
+ <b>-oA</b><i>alias</i><b>_</b><i>database</i>
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+
+ <b>-O</b> <i>option=value</i> (ignored)
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-o7</b> (ignored)
+
+ <b>-o8</b> (ignored)
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
+
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
+
+ <b>-om</b> (ignored)
+ The sender is never eliminated from alias etc. expansions.
+
+ <b>-o</b> <i>x value</i> (ignored)
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-r</b> <i>sender</i>
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
+
+ <b>-R</b> <i>return</i>
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
+
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
+
+ This option is ignored before Postfix version 2.10.
+
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
+
+ <b>-q</b><i>interval</i> (ignored)
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
+
+ <b>-qI</b><i>queueid</i>
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
+
+ <b>-qR</b><i>site</i>
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
+
+ <b>-qS</b><i>site</i>
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
+
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
+
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
+
+ <b>-U</b> (ignored)
+ Initial user submission.
+
+ <b>-V</b> <i>envid</i>
+ Specify the envelope ID for notification by servers that support
+ DSN.
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
+
+ By default, the personalized envelope sender address is
+ <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> charac-
+ ters are configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configu-
+ ration parameter.
+
+ <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
+
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
+
+ <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
+
+<b>SECURITY</b>
+ By design, this program is not set-user (or group) id. It is prepared
+ to handle message content from untrusted, possibly remote, users.
+
+ However, like most Postfix programs, this program does not enforce a
+ security policy on its command-line arguments. Instead, it relies on
+ the UNIX system to enforce access policies based on the effective user
+ and group IDs of the process. Concretely, this means that running Post-
+ fix commands as root (from sudo or equivalent) on behalf of a non-root
+ user is likely to create privilege escalation opportunities.
+
+ If an application runs any Postfix programs on behalf of users that do
+ not have normal shell access to Postfix commands, then that application
+ MUST restrict user-specified command-line arguments to avoid privilege
+ escalation.
+
+ <b>o</b> Filter all command-line arguments, for example arguments that
+ contain a pathname or that specify a database access method.
+ These pathname checks must reject user-controlled symlinks or
+ hardlinks to sensitive files, and must not be vulnerable to TOC-
+ TOU race attacks.
+
+ <b>o</b> Disable command options processing for all command arguments
+ that contain user-specified data. For example, the Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command line MUST be structured as follows:
+
+ <b>/path/to/sendmail</b> <i>system-arguments</i> <b>--</b> <i>user-arguments</i>
+
+ Here, the "<b>--</b>" disables command option processing for all
+ <i>user-arguments</i> that follow.
+
+ Without the "<b>--</b>", a malicious user could enable Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command options, by specifying an email address that
+ starts with "<b>-</b>".
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b> (value does not matter)
+ Enable verbose logging for debugging purposes.
+
+ <b>MAIL_DEBUG</b> (value does not matter)
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
+
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ Available with Postfix 2.9 and later:
+
+ <b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
+ Controls how the Postfix sendmail command converts email message
+ line endings from &lt;CR&gt;&lt;LF&gt; into UNIX format (&lt;LF&gt;).
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ system.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+<b>ACCESS CONTROLS</b>
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to flush the queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to view the queue.
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child process.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
+
+<b>FAST FLUSH CONTROLS</b>
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
+
+<b>VERP CONTROLS</b>
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and daemon programs.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a privileged Postfix
+ process will import from a non-Postfix parent process, or
+ name=value environment overrides.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Postfix 3.2 and later:
+
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ MAIL_CONFIG environment parameter.
+
+ <b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
+ etc., together with the default Postfix instance.
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+ /etc/postfix, configuration files
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, mail pickup daemon
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="postsuper.1.html">postsuper(1)</a>, queue maintenance
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, mail system control
+ <a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SENDMAIL(1)
+</pre> </body> </html>
diff --git a/html/showq.8.html b/html/showq.8.html
new file mode 100644
index 0000000..8dfc991
--- /dev/null
+++ b/html/showq.8.html
@@ -0,0 +1,126 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - showq(8) </title>
+</head> <body> <pre>
+SHOWQ(8) SHOWQ(8)
+
+<b>NAME</b>
+ showq - list the Postfix mail queue
+
+<b>SYNOPSIS</b>
+ <b>showq</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon reports the Postfix mail queue status. The output
+ is meant to be formatted by the <a href="postqueue.1.html">postqueue(1)</a> command, as it emulates
+ the Sendmail `mailq' command.
+
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can also be run in stand-alone mode by the supe-
+ ruser. This mode of operation is used to emulate the `mailq' command
+ while the Postfix mail system is down.
+
+<b>SECURITY</b>
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can run in a chroot jail at fixed low privilege,
+ and takes no input from the client. Its service port is accessible to
+ local untrusted users, so the service can be susceptible to denial of
+ service attacks.
+
+<b>STANDARDS</b>
+ None. The <a href="showq.8.html"><b>showq</b>(8)</a> daemon does not interact with the outside world.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="showq.8.html"><b>showq</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
+
+ <b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
+ The recipient of mail addressed to the null address.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
+ Enable long, non-repeating, queue IDs (queue file names).
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>FILES</b>
+ /var/spool/postfix, queue directories
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, local mail pickup service
+ <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SHOWQ(8)
+</pre> </body> </html>
diff --git a/html/smtp-sink.1.html b/html/smtp-sink.1.html
new file mode 100644
index 0000000..4fcac7a
--- /dev/null
+++ b/html/smtp-sink.1.html
@@ -0,0 +1,293 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - smtp-sink(1) </title>
+</head> <body> <pre>
+SMTP-SINK(1) SMTP-SINK(1)
+
+<b>NAME</b>
+ smtp-sink - parallelized SMTP/LMTP test server
+
+<b>SYNOPSIS</b>
+ <b>smtp-sink</b> [<i>options</i>] [<b>inet:</b>][<i>host</i>]:<i>port backlog</i>
+
+ <b>smtp-sink</b> [<i>options</i>] <b>unix:</b><i>pathname backlog</i>
+
+<b>DESCRIPTION</b>
+ <b>smtp-sink</b> listens on the named host (or address) and port. It takes
+ SMTP messages from the network and throws them away. The purpose is to
+ measure client performance, not protocol compliance.
+
+ <b>smtp-sink</b> may also be configured to capture each mail delivery transac-
+ tion to file. Since disk latencies are large compared to network
+ delays, this mode of operation can reduce the maximal performance by
+ several orders of magnitude.
+
+ Connections can be accepted on IPv4 or IPv6 endpoints, or on
+ UNIX-domain sockets. IPv4 and IPv6 are the default. This program is
+ the complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> program.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ Arguments:
+
+ <b>-4</b> Support IPv4 only. This option has no effect when Postfix is
+ built without IPv6 support.
+
+ <b>-6</b> Support IPv6 only. This option is not available when Postfix is
+ built without IPv6 support.
+
+ <b>-8</b> Do not announce 8BITMIME support.
+
+ <b>-a</b> Do not announce SASL authentication support.
+
+ <b>-A</b> <i>delay</i>
+ Wait <i>delay</i> seconds after responding to DATA, then abort prema-
+ turely with a 550 reply status. Do not read further input from
+ the client; this is an attempt to block the client before it
+ sends ".". Specify a zero delay value to abort immediately.
+
+ <b>-b</b> <i>soft-bounce-reply</i>
+ Use <i>soft-bounce-reply</i> for soft reject responses. The default
+ reply is "450 4.3.0 Error: command failed".
+
+ <b>-B</b> <i>hard-bounce-reply</i>
+ Use <i>hard-bounce-reply</i> for hard reject responses. The default
+ reply is "500 5.3.0 Error: command failed".
+
+ <b>-c</b> Display running counters that are updated whenever an SMTP ses-
+ sion ends, a QUIT command is executed, or when "." is received.
+
+ <b>-C</b> Disable XCLIENT support.
+
+ <b>-d</b> <i>dump-template</i>
+ Dump each mail transaction to a single-message file whose name
+ is created by expanding the <i>dump-template</i> via strftime(3) and
+ appending a pseudo-random hexadecimal number (example:
+ "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). If the
+ template contains "/" characters, missing directories are cre-
+ ated automatically. The message dump format is described below.
+
+ Note: this option keeps one capture file open for every mail
+ transaction in progress.
+
+ <b>-D</b> <i>dump-template</i>
+ Append mail transactions to a multi-message dump file whose name
+ is created by expanding the <i>dump-template</i> via strftime(3). If
+ the template contains "/" characters, missing directories are
+ created automatically. The message dump format is described
+ below.
+
+ Note: this option keeps one capture file open for every mail
+ transaction in progress.
+
+ <b>-e</b> Do not announce ESMTP support.
+
+ <b>-E</b> Do not announce ENHANCEDSTATUSCODES support.
+
+ <b>-f</b> <i>command,command,...</i>
+ Reject the specified commands with a hard (5xx) error code.
+ This option implies <b>-p</b>.
+
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
+
+ <b>-F</b> Disable XFORWARD support.
+
+ <b>-h</b> <i>hostname</i>
+ Use <i>hostname</i> in the SMTP greeting, in the HELO response, and in
+ the EHLO response. The default hostname is "smtp-sink".
+
+ <b>-H</b> <i>delay</i>
+ Delay the first read operation after receiving DATA (time in
+ seconds). Combine with a large test message and a small TCP win-
+ dow size (see the <b>-T</b> option) to test the Postfix client
+ write_wait() implementation.
+
+ <b>-L</b> Enable LMTP instead of SMTP.
+
+ <b>-m</b> <i>count</i> (default: 256)
+ An upper bound on the maximal number of simultaneous connections
+ that <b>smtp-sink</b> will handle. This prevents the process from run-
+ ning out of file descriptors. Excess connections will stay
+ queued in the TCP/IP stack.
+
+ <b>-M</b> <i>count</i>
+ Terminate after receiving <i>count</i> messages.
+
+ <b>-n</b> <i>count</i>
+ Terminate after <i>count</i> sessions.
+
+ <b>-N</b> Do not announce support for DSN.
+
+ <b>-p</b> Do not announce support for ESMTP command pipelining.
+
+ <b>-P</b> Change the server greeting so that it appears to come through a
+ CISCO PIX system. Implies <b>-e</b>.
+
+ <b>-q</b> <i>command,command,...</i>
+ Disconnect (without replying) after receiving one of the speci-
+ fied commands.
+
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
+
+ <b>-Q</b> <i>command,command,...</i>
+ Send a 421 reply and disconnect after receiving one of the spec-
+ ified commands.
+
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
+
+ <b>-r</b> <i>command,command,...</i>
+ Reject the specified commands with a soft (4xx) error code.
+ This option implies <b>-p</b>.
+
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
+
+ <b>-R</b> <i>root-directory</i>
+ Change the process root directory to the specified location.
+ This option requires super-user privileges. See also the <b>-u</b>
+ option.
+
+ <b>-s</b> <i>command,command,...</i>
+ Log the named commands to syslogd.
+
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
+
+ <b>-S start-string</b>
+ An optional string that is prepended to each message that is
+ written to a dump file (see the dump file format description
+ below). The following C escape sequences are supported: \a
+ (bell), \b (backspace), \f (formfeed), \n (newline), \r (car-
+ riage return), \t (horizontal tab), \v (vertical tab), \<i>ddd</i> (up
+ to three octal digits) and \\ (the backslash character).
+
+ <b>-t</b> <i>timeout</i> (default: 100)
+ Limit the time for receiving a command or sending a response.
+ The time limit is specified in seconds.
+
+ <b>-T</b> <i>windowsize</i>
+ Override the default TCP window size. To work around broken TCP
+ window scaling implementations, specify a value &gt; 0 and &lt; 65536.
+
+ <b>-u</b> <i>username</i>
+ Switch to the specified user privileges after opening the net-
+ work socket and optionally changing the process root directory.
+ This option is required when the process runs with super-user
+ privileges. See also the <b>-R</b> option.
+
+ <b>-v</b> Show the SMTP conversations.
+
+ <b>-w</b> <i>delay</i>
+ Wait <i>delay</i> seconds before responding to a DATA command.
+
+ <b>-W</b> <i>command:delay[:odds]</i>
+ Wait <i>delay</i> seconds before responding to <i>command</i>. If <i>odds</i> is
+ also specified (a number between 1-99 inclusive), wait for a
+ random multiple of <i>delay</i>. The random multiplier is equal to the
+ number of times the program needs to roll a dice with a range of
+ 0..99 inclusive, before the dice produces a result greater than
+ or equal to <i>odds</i>.
+
+ [<b>inet:</b>][<i>host</i>]:<i>port</i>
+ Listen on network interface <i>host</i> (default: any interface) TCP
+ port <i>port</i>. Both <i>host</i> and <i>port</i> may be specified in numeric or
+ symbolic form.
+
+ <b>unix:</b><i>pathname</i>
+ Listen on the UNIX-domain socket at <i>pathname</i>.
+
+ <i>backlog</i>
+ The maximum length of the queue of pending connections, as
+ defined by the <b>listen</b>(2) system call.
+
+<b>DUMP FILE FORMAT</b>
+ Each dumped message contains a sequence of text lines, terminated with
+ the newline character. The sequence of information is as follows:
+
+ <b>o</b> The optional string specified with the <b>-S</b> option.
+
+ <b>o</b> The <b>smtp-sink</b> generated headers as documented below.
+
+ <b>o</b> The message header and body as received from the SMTP client.
+
+ <b>o</b> An empty line.
+
+ The format of the <b>smtp-sink</b> generated headers is as follows:
+
+ <b>X-Client-Addr:</b> <i>text</i>
+ The client IP address without enclosing []. An IPv6 address is
+ prefixed with "ipv6:". This record is always present.
+
+ <b>X-Client-Proto:</b> <i>text</i>
+ The client protocol: SMTP, ESMTP or LMTP. This record is always
+ present.
+
+ <b>X-Helo-Args:</b> <i>text</i>
+ The arguments of the last HELO or EHLO command before this mail
+ delivery transaction. This record is present only if the client
+ sent a recognizable HELO or EHLO command before the DATA com-
+ mand.
+
+ <b>X-Mail-Args:</b> <i>text</i>
+ The arguments of the MAIL command that started this mail deliv-
+ ery transaction. This record is present exactly once.
+
+ <b>X-Rcpt-Args:</b> <i>text</i>
+ The arguments of an RCPT command within this mail delivery
+ transaction. There is one record for each RCPT command, and they
+ are in the order as sent by the client.
+
+ <b>Received:</b> <i>text</i>
+ A message header for compatibility with mail processing soft-
+ ware. This three-line header marks the end of the headers pro-
+ vided by <b>smtp-sink</b>, and is formatted as follows:
+
+ <b>from</b> <i>helo</i> ([<i>addr</i>])
+ The HELO or EHLO command argument and client IP address.
+ If the client did not send HELO or EHLO, the client IP
+ address is used instead.
+
+ <b>by</b> <i>host</i> <b>(smtp-sink) with</b> <i>proto</i> <b>id</b> <i>random</i><b>;</b>
+ The hostname specified with the <b>-h</b> option, the client
+ protocol (see <b>X-Client-Proto</b> above), and the pseudo-ran-
+ dom portion of the per-message capture file name.
+
+ <i>time-stamp</i>
+ A time stamp as defined in <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a>.
+
+<b>SEE ALSO</b>
+ <a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SMTP-SINK(1)
+</pre> </body> </html>
diff --git a/html/smtp-source.1.html b/html/smtp-source.1.html
new file mode 100644
index 0000000..db9a17b
--- /dev/null
+++ b/html/smtp-source.1.html
@@ -0,0 +1,138 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - smtp-source(1) </title>
+</head> <body> <pre>
+SMTP-SOURCE(1) SMTP-SOURCE(1)
+
+<b>NAME</b>
+ smtp-source - parallelized SMTP/LMTP test generator
+
+<b>SYNOPSIS</b>
+ <b>smtp-source</b> [<i>options</i>] [<b>inet:</b>]<i>host</i>[:<i>port</i>]
+
+ <b>smtp-source</b> [<i>options</i>] <b>unix:</b><i>pathname</i>
+
+<b>DESCRIPTION</b>
+ <b>smtp-source</b> connects to the named <i>host</i> and TCP <i>port</i> (default: port 25)
+ and sends one or more messages to it, either sequentially or in paral-
+ lel. The program speaks either SMTP (default) or LMTP. Connections can
+ be made to UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the
+ default.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ Arguments:
+
+ <b>-4</b> Connect to the server with IPv4. This option has no effect when
+ Postfix is built without IPv6 support.
+
+ <b>-6</b> Connect to the server with IPv6. This option is not available
+ when Postfix is built without IPv6 support.
+
+ <b>-A</b> Don't abort when the server sends something other than the
+ expected positive reply code.
+
+ <b>-c</b> Display a running counter that is incremented each time an SMTP
+ DATA command completes.
+
+ <b>-C</b> <i>count</i>
+ When a host sends RESET instead of SYN|ACK, try <i>count</i> times
+ before giving up. The default count is 1. Specify a larger count
+ in order to work around a problem with TCP/IP stacks that send
+ RESET when the listen queue is full.
+
+ <b>-d</b> Don't disconnect after sending a message; send the next message
+ over the same connection.
+
+ <b>-f</b> <i>from</i>
+ Use the specified sender address (default: &lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
+
+ <b>-F</b> <i>file</i>
+ Send the pre-formatted message header and body in the specified
+ <i>file</i>, while prepending '.' before lines that begin with '.', and
+ while appending CRLF after each line.
+
+ <b>-l</b> <i>length</i>
+ Send <i>length</i> bytes as message payload. The length does not
+ include message headers.
+
+ <b>-L</b> Speak LMTP rather than SMTP.
+
+ <b>-m</b> <i>message</i><b>_</b><i>count</i>
+ Send the specified number of messages (default: 1).
+
+ <b>-M</b> <i><a href="postconf.5.html#myhostname">myhostname</a></i>
+ Use the specified hostname or [address] in the HELO command and
+ in the default sender and recipient addresses, instead of the
+ machine hostname.
+
+ <b>-N</b> Prepend a non-repeating sequence number to each recipient
+ address. This avoids the artificial 100% hit rate in the resolve
+ and rewrite client caches and exercises the trivial-rewrite dae-
+ mon, better approximating Postfix performance under real-life
+ work-loads.
+
+ <b>-o</b> Old mode: don't send HELO, and don't send message headers.
+
+ <b>-r</b> <i>recipient</i><b>_</b><i>count</i>
+ Send the specified number of recipients per transaction
+ (default: 1). Recipient names are generated by prepending a
+ number to the recipient address.
+
+ <b>-R</b> <i>interval</i>
+ Wait for a random period of time 0 &lt;= n &lt;= interval between mes-
+ sages. Suspending one thread does not affect other delivery
+ threads.
+
+ <b>-s</b> <i>session</i><b>_</b><i>count</i>
+ Run the specified number of SMTP sessions in parallel (default:
+ 1).
+
+ <b>-S</b> <i>subject</i>
+ Send mail with the named subject line (default: none).
+
+ <b>-t</b> <i>to</i> Use the specified recipient address (default: &lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
+
+ <b>-T</b> <i>windowsize</i>
+ Override the default TCP window size. To work around broken TCP
+ window scaling implementations, specify a value &gt; 0 and &lt; 65536.
+
+ <b>-v</b> Make the program more verbose, for debugging purposes.
+
+ <b>-w</b> <i>interval</i>
+ Wait a fixed time between messages. Suspending one thread does
+ not affect other delivery threads.
+
+ [<b>inet:</b>]<i>host</i>[:<i>port</i>]
+ Connect via TCP to host <i>host</i>, port <i>port</i>. The default port is
+ <b>smtp</b>.
+
+ <b>unix:</b><i>pathname</i>
+ Connect to the UNIX-domain socket at <i>pathname</i>.
+
+<b>BUGS</b>
+ No SMTP command pipelining support.
+
+<b>SEE ALSO</b>
+ <a href="smtp-sink.1.html">smtp-sink(1)</a>, SMTP/LMTP message dump
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SMTP-SOURCE(1)
+</pre> </body> </html>
diff --git a/html/smtp.8.html b/html/smtp.8.html
new file mode 100644
index 0000000..1144ee8
--- /dev/null
+++ b/html/smtp.8.html
@@ -0,0 +1,1123 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - smtp(8) </title>
+</head> <body> <pre>
+SMTP(8) SMTP(8)
+
+<b>NAME</b>
+ smtp - Postfix SMTP+LMTP client
+
+<b>SYNOPSIS</b>
+ <b>smtp</b> [generic Postfix daemon options] [flags=DORX]
+
+<b>DESCRIPTION</b>
+ The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
+ protocols. It processes message delivery requests from the queue man-
+ ager. Each request specifies a queue file, a sender address, a domain
+ or host to deliver to, and recipient information. This program expects
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The SMTP+LMTP client updates the queue file and marks recipients as
+ finished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+ The SMTP+LMTP client looks up a list of mail exchanger addresses for
+ the destination host, sorts the list by preference, and connects to
+ each listed address until it finds a server that responds.
+
+ When a server is not reachable, or when mail delivery fails due to a
+ recoverable error condition, the SMTP+LMTP client will try to deliver
+ the mail to an alternate host.
+
+ After a successful mail transaction, a connection may be saved to the
+ <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
+ SMTP+LMTP client for a subsequent transaction.
+
+ By default, connection caching is enabled temporarily for destinations
+ that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching
+ can be enabled permanently for specific destinations.
+
+<b>SMTP DESTINATION SYNTAX</b>
+ The Postfix SMTP+LMTP client supports multiple destinations separated
+ by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
+ the following form:
+
+ <i>domainname</i>
+
+ <i>domainname</i>:<i>port</i>
+ Look up the mail exchangers for the specified domain, and con-
+ nect to the specified port (default: <b>smtp</b>).
+
+ [<i>hostname</i>]
+
+ [<i>hostname</i>]:<i>port</i>
+ Look up the address(es) of the specified host, and connect to
+ the specified port (default: <b>smtp</b>).
+
+ [<i>address</i>]
+
+ [<i>address</i>]:<i>port</i>
+ Connect to the host at the specified address, and connect to the
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
+ ted as [<b>ipv6</b>:<i>address</i>].
+
+<b>LMTP DESTINATION SYNTAX</b>
+ The Postfix SMTP+LMTP client supports multiple destinations separated
+ by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
+ the following form:
+
+ <b>unix</b>:<i>pathname</i>
+ Connect to the local UNIX-domain server that is bound to the
+ specified <i>pathname</i>. If the process runs chrooted, an absolute
+ pathname is interpreted relative to the Postfix queue directory.
+
+ <b>inet</b>:<i>hostname</i>
+
+ <b>inet</b>:<i>hostname</i>:<i>port</i>
+
+ <b>inet</b>:[<i>address</i>]
+
+ <b>inet</b>:[<i>address</i>]:<i>port</i>
+ Connect to the specified TCP port on the specified local or
+ remote host. If no port is specified, connect to the port
+ defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
+ the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
+ will be used. An IPv6 address must be formatted as
+ [<b>ipv6</b>:<i>address</i>].
+
+<b>SINGLE-RECIPIENT DELIVERY</b>
+ By default, the Postfix SMTP+LMTP client delivers mail to multiple
+ recipients per delivery request. This is undesirable when prepending a
+ <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from
+ sending multiple recipients per delivery request, specify
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
+
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service.
+
+<b>COMMAND ATTRIBUTE SYNTAX</b>
+ <b>flags=DORX</b> (optional)
+ Optional message processing flags.
+
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ SINGLE-RECIPIENT DELIVERY above for details).
+
+ The <b>D</b> flag also enforces loop detection: if a message
+ already contains a <b>Delivered-To:</b> header with the same
+ recipient address, then the message is returned as unde-
+ liverable. The address comparison is case insensitive.
+
+ This feature is available as of Postfix 3.5.
+
+ <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
+ the recipient address as given to Postfix. Note: for this
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
+
+ This feature is available as of Postfix 3.5.
+
+ <b>R</b> Prepend a "<b>Return-Path:</b> &lt;<i>sender</i>&gt;" message header with the
+ envelope sender address.
+
+ This feature is available as of Postfix 3.5.
+
+ <b>X</b> Indicates that the delivery is final. This flag affects
+ the status reported in "success" DSN (delivery status
+ notification) messages, and changes it from "relayed"
+ into "delivered".
+
+ This feature is available as of Postfix 3.5.
+
+<b>SECURITY</b>
+ The SMTP+LMTP client is moderately security-sensitive. It
+ talks to SMTP or LMTP servers and to DNS servers on the
+ network. The SMTP+LMTP client can be run chrooted at fixed
+ low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
+ <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
+ <a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
+ <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc2782">RFC 2782</a> (SRV resource records)
+ <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
+ <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
+ <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, and of other trouble.
+
+<b>BUGS</b>
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ LMTP connection) is not supported before Postfix 3.4.
+
+ SMTP and LMTP connection reuse assumes that SASL credentials are valid
+ for all destinations that map onto the same IP address and TCP port.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Before Postfix version 2.3, the LMTP client is a separate program that
+ implements only a subset of the functionality available with SMTP:
+ there is no support for TLS, and connections are cached in-process,
+ making it ineffective when the client is used for multiple domains.
+
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
+ eter for the equivalent LMTP feature. This document describes only
+ those LMTP-related parameters that aren't simply "mirror" parameters.
+
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b>
+ Ignore DNS MX lookups that produce no response.
+
+ <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b>
+ Always send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b>
+ Never send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b>
+ Defer mail delivery when no MX record resolves to an IP address.
+
+ <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b>
+ The maximal length of message header and body lines that Postfix
+ will send via SMTP.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
+ How long the Postfix SMTP client pauses before sending
+ ".&lt;CR&gt;&lt;LF&gt;" in order to work around the PIX firewall
+ "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
+ How long a message must be queued before the Postfix SMTP client
+ turns on the PIX firewall "&lt;CR&gt;&lt;LF&gt;.&lt;CR&gt;&lt;LF&gt;" bug workaround for
+ delivery through firewalls with "smtp fixup" mode turned on.
+
+ <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
+ A list that specifies zero or more workarounds for CISCO PIX
+ firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server address, with
+ per-destination workarounds for CISCO PIX firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+
+ <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
+ A mechanism to transform replies from remote SMTP servers one
+ line at a time.
+
+ <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
+ Skip remote SMTP servers that greet with a 5XX status code.
+
+ <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
+ Do not wait for the response to the SMTP QUIT command.
+
+ Available in Postfix version 2.0 and earlier:
+
+ <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
+ Skip SMTP servers that greet with a 4XX status code (go away,
+ try again later).
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
+ the Internet.
+
+ Available in Postfix version 2.2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
+ certificate verification.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
+ A case insensitive list of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
+
+ Available in Postfix version 2.4.4 and later:
+
+ <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
+ cid's password.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
+
+ <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
+
+ <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
+ Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
+ An optional workaround for routers that break TCP window scal-
+ ing.
+
+ Available in Postfix version 2.8 and later:
+
+ <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b>
+ DNS Resolver options for the Postfix SMTP client.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
+ sage).
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
+ Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b>
+ Level of DNS support in the Postfix SMTP client.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ delivery status code or explanatory text of successful or unsuc-
+ cessful deliveries.
+
+ <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b>
+ Optional filter for Postfix SMTP client DNS lookup results.
+
+ Available in Postfix version 3.3 and later:
+
+ <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
+ When a remote destination resolves to a combination of IPv4 and
+ IPv6 addresses, ensure that the Postfix SMTP client can try both
+ address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
+ The DNS query type (default: "ns") and DNS query name (default:
+ ".") that Postfix may use to determine whether DNSSEC validation
+ is available.
+
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b>sion=587)</b>
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
+ base.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
+ receiving a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
+ Enables discovery for the specified service(s) using DNS SRV
+ records.
+
+ <b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
+ When SRV record lookup fails, fall back to MX or IP address
+ lookup as if SRV record lookup was not enabled.
+
+ <b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
+ enabled.
+
+<b>MIME PROCESSING CONTROLS</b>
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
+ Disable the conversion of 8BITMIME format to 7BIT format.
+
+ <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
+ The maximal length of MIME multipart boundary strings.
+
+ <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
+ The maximal recursion level that the MIME processor will handle.
+
+<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
+ Send the non-standard XFORWARD command when the Postfix SMTP
+ server EHLO response announces XFORWARD support.
+
+<b>SASL AUTHENTICATION CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
+ Enable SASL authentication in the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
+ domain.
+
+ <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
+ Postfix SMTP client SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL client implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
+ server's list of offered SASL mechanisms.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
+ Enable sender-dependent authentication in the Postfix SMTP
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
+ ferent senders will use the appropriate credentials.
+
+ <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
+ Implementation-specific information that the Postfix SMTP client
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
+ The SASL plug-in type that the Postfix SMTP client should use
+ for authentication.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
+ password.
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ is removed.
+
+ <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
+ mail as undeliverable.
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
+ Whether or not to append the "AUTH=&lt;&gt;" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
+
+<b>STARTTLS SUPPORT CONTROLS</b>
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
+
+ <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
+ The default SMTP TLS security level for the Postfix SMTP client.
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions.
+
+ <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
+ Time limit for Postfix SMTP client write and read operations
+ during TLS startup and shutdown handshake procedures.
+
+ <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
+ tificates.
+
+ <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
+ Directory with PEM format Certification Authority certificates
+ that the Postfix SMTP client uses to verify a remote SMTP server
+ certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
+ File with the Postfix SMTP client RSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
+ List of ciphers or cipher types to exclude from the Postfix SMTP
+ client cipher list at all TLS security levels.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
+ els.
+
+ <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
+ File with the Postfix SMTP client DSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
+ File with the Postfix SMTP client DSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
+ File with the Postfix SMTP client RSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP client logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
+ Log the hostname of a remote SMTP server that offers STARTTLS,
+ when TLS is not already enabled for that server.
+
+ <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client TLS security
+ policy by next-hop destination; when a non-empty value is speci-
+ fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols that the Postfix SMTP client will use with manda-
+ tory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
+ The verification depth for remote SMTP server certificates.
+
+ <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "secure" TLS security level.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
+
+ <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "verify" TLS security level.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "high" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "medium" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
+
+ Available in in Postfix version 2.3..3.7:
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "low" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "export" or higher grade ciphers.
+
+ Available in Postfix version 2.4 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
+ server certificate.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
+
+ <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
+ The message digest algorithm used to construct remote SMTP
+ server certificate fingerprints.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols that the Postfix SMTP client will use with oppor-
+ tunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with opportunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
+ File with the Postfix SMTP client ECDSA private key in PEM for-
+ mat.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ TLS session.
+
+ Available in Postfix version 2.8 and later:
+
+ <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
+ List or bit-mask of OpenSSL bug work-arounds to disable.
+
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
+ Zero or more PEM-format files with trust-anchor certificates
+ and/or public keys.
+
+ <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
+ Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
+
+ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
+ Request that the Postfix SMTP client connects using the SUBMIS-
+ SIONS/SMTPS protocol instead of using the STARTTLS command.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
+ was found via an "insecure" MX lookup.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
+ The prioritized list of elliptic curves supported by the Postfix
+ SMTP client and server.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
+ Try to make multiple deliveries per TLS-encrypted connection.
+
+ <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
+ Optional name to send to the remote SMTP server in the TLS
+ Server Name Indication (SNI) extension.
+
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shut-
+ ting down a TLS session, until Postfix times out.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
+ The prioritized list of finite-field Diffie-Hellman ephemeral
+ (FFDHE) key exchange groups supported by the Postfix SMTP client
+ and server.
+
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+
+ <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
+ Optional configuration file with baseline OpenSSL settings.
+
+ <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
+ The application name passed by Postfix to OpenSSL library ini-
+ tialization functions.
+
+<b>OBSOLETE STARTTLS CONTROLS</b>
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
+
+ <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
+ Opportunistic mode: use TLS when a remote SMTP server announces
+ STARTTLS support, otherwise send the mail in the clear.
+
+ <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
+ Enforcement mode: require that remote SMTP servers use TLS
+ encryption, and never send mail in the clear.
+
+ <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
+ server certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
+ name.
+
+ <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
+ cipher list.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
+ The Postfix SMTP client time limit for completing a TCP connec-
+ tion, or zero (use the operating system built-in time limit).
+
+ <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
+ response.
+
+ <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
+ The Postfix LMTP client time limit for sending the LHLO command,
+ and for receiving the initial remote LMTP server response.
+
+ <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the XFORWARD com-
+ mand, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the MAIL FROM
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
+ The Postfix SMTP client time limit for sending the SMTP DATA
+ command, and for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
+ The Postfix SMTP client time limit for sending the SMTP message
+ content.
+
+ <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
+ The Postfix SMTP client time limit for sending the SMTP ".", and
+ for receiving the remote SMTP server response.
+
+ <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
+ The Postfix SMTP client time limit for sending the QUIT command,
+ and for receiving the remote SMTP server response.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
+ (no limit).
+
+ <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
+ <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
+
+ <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
+ The Postfix SMTP client time limit for sending the RSET command,
+ and for receiving the remote SMTP server response.
+
+ Available in Postfix version 2.2 and earlier:
+
+ <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
+ Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ seconds.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
+ Permanently enable SMTP connection caching for the specified
+ destinations.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
+ Temporarily enable SMTP connection caching while a destination
+ has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
+
+ <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
+ The amount of time during which Postfix will use an SMTP connec-
+ tion repeatedly.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
+ When SMTP connection caching is enabled, the amount of time that
+ an unused SMTP client socket is kept open before it is closed.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
+ Time limit for connection cache connect, send or receive opera-
+ tions.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
+ sage).
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
+ (no limit).
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
+ Try to make multiple deliveries per TLS-encrypted connection.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
+ receiving a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
+
+ Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
+
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+ <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ name of the message delivery transport.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+ <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
+ Where the Postfix SMTP client should deliver mail when it
+ detects a "mail loops back to myself" error condition.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
+ Disable DNS lookups in the Postfix SMTP and LMTP clients.
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The local network interface addresses that this mail system
+ receives mail on.
+
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
+ ery status notifications instead of "relayed".
+
+ <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
+ The default TCP port that the Postfix LMTP client connects to.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
+ tion unit.
+
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
+ The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
+ client will try first, when a destination has IPv6 and IPv4
+ addresses with equal MX preference.
+
+ <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv4 connection.
+
+ <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv6 connection.
+
+ <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the SMTP HELO or EHLO command.
+
+ <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the LMTP LHLO command.
+
+ <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
+ What mechanisms the Postfix SMTP client uses to look up a host's
+ IP address.
+
+ <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
+ Randomize the order of equal-preference MX host addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available with Postfix 2.2 and earlier:
+
+ <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
+
+ Available with Postfix 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
+ non-permanent error.
+
+ Available with Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
+ In the context of email address verification, the SMTP protocol
+ stage that determines whether an email address is deliverable.
+
+ Available with Postfix 3.1 and later:
+
+ <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b>
+ Optional list of relay hosts for LMTP destinations that can't be
+ found or that are unreachable.
+
+ Available with Postfix 3.2 and later:
+
+ <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b>
+ The default TCP port that the Postfix SMTP client connects to.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.7 and later:
+
+ <b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
+ Defer delivery when the Postfix SMTP client cannot apply the
+ <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
+
+<b>SEE ALSO</b>
+ <a href="generic.5.html">generic(5)</a>, output address rewriting
+ <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection
+ <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="scache.8.html">scache(8)</a>, connection cache server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
+ <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ Command pipelining in cooperation with:
+ Jon Ribbens
+ Oaktree Internet Solutions Ltd.,
+ Internet House,
+ Canal Basin,
+ Coventry,
+ CV1 4LY, United Kingdom.
+
+ SASL support originally by:
+ Till Franke
+ SuSE Rhein/Main AG
+ 65760 Eschborn, Germany
+
+ TLS support originally by:
+ Lutz Jaenicke
+ BTU Cottbus
+ Allgemeine Elektrotechnik
+ Universitaetsplatz 3-4
+ D-03044 Cottbus, Germany
+
+ Revised TLS and SMTP connection cache support by:
+ Victor Duchovni
+ Morgan Stanley
+
+ SMTP(8)
+</pre> </body> </html>
diff --git a/html/smtpd.8.html b/html/smtpd.8.html
new file mode 100644
index 0000000..672302a
--- /dev/null
+++ b/html/smtpd.8.html
@@ -0,0 +1,1483 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - smtpd(8) </title>
+</head> <body> <pre>
+SMTPD(8) SMTPD(8)
+
+<b>NAME</b>
+ smtpd - Postfix SMTP server
+
+<b>SYNOPSIS</b>
+ <b>smtpd</b> [generic Postfix daemon options]
+
+ <b>sendmail -bs</b>
+
+<b>DESCRIPTION</b>
+ The SMTP server accepts network connection requests and performs zero
+ or more SMTP transactions per connection. Each received message is
+ piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
+ queue as one single queue file. For this mode of operation, the pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Alternatively, the SMTP server be can run in stand-alone mode; this is
+ traditionally obtained with "<b>sendmail -bs</b>". When the SMTP server runs
+ stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges, it receives mail even
+ while the mail system is not running, deposits messages directly into
+ the <b>maildrop</b> queue, and disables the SMTP server's access policies. As
+ of Postfix version 2.3, the SMTP server refuses to receive mail from
+ the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges.
+
+ The SMTP server implements a variety of policies for connection
+ requests, and for parameters given to <b>HELO, ETRN, MAIL FROM, VRFY</b> and
+ <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
+ tion file.
+
+<b>SECURITY</b>
+ The SMTP server is moderately security-sensitive. It talks to SMTP
+ clients and to DNS servers on the network. The SMTP server can be run
+ chrooted at fixed low privilege.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
+ <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
+ <a href="https://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
+ <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message size declaration)
+ <a href="https://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
+ <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP enhanced status codes)
+ <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP pipelining)
+ <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
+ <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
+ <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN extension)
+ <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
+ <a href="https://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types)
+ <a href="https://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission)
+ <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
+ <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, policy violations, and
+ of other trouble.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ The following parameters work around implementation errors in other
+ software, and/or allow you to override standards in order to prevent
+ undesirable use.
+
+ <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
+ Enable interoperability with remote SMTP clients that implement
+ an obsolete version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>).
+
+ <b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
+ Disable the SMTP VRFY command.
+
+ <b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b>
+ List of commands that the Postfix SMTP server replies to with
+ "250 Ok", without doing any syntax checks and without changing
+ state.
+
+ <b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
+ Require that addresses received in SMTP MAIL FROM and RCPT TO
+ commands are enclosed with &lt;&gt;, and that those addresses do not
+ contain <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ access restriction is specified.
+
+ <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
+ What remote SMTP clients the Postfix SMTP server will not offer
+ AUTH support to.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP client address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP server will not send in the
+ EHLO response to a remote SMTP client.
+
+ <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP server will not send in the
+ EHLO response to a remote SMTP client.
+
+ <b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b>
+ Postpone the start of an SMTP mail transaction until a valid
+ RCPT TO command is received.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
+ Force the Postfix SMTP server to issue a TLS session id, even
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
+ An optional workaround for routers that break TCP window scal-
+ ing.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b>
+ A mechanism to transform commands from remote SMTP clients.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
+ content line, or TLS protocol message).
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtpd_dns_reply_filter">smtpd_dns_reply_filter</a> (empty)</b>
+ Optional filter for Postfix SMTP server DNS lookup results.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+ Available in Postfix version 3.6 and later:
+
+ <b><a href="postconf.5.html#smtpd_relay_before_recipient_restrictions">smtpd_relay_before_recipient_restrictions</a> (see 'postconf -d' output)</b>
+ Evaluate <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipi</a>-
+ <a href="postconf.5.html#smtpd_recipient_restrictions">ent_restrictions</a>.
+
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b>sion=587)</b>
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
+ base.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, overload: yes)</b>
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per plaintext or TLS
+ read or write call, to a combined time limit for receiving a
+ complete SMTP request and for sending a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtpd_min_data_rate">smtpd_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA and BDAT requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>.
+
+<b>ADDRESS REWRITING CONTROLS</b>
+ See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
+ Postfix address rewriting.
+
+ <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
+ Rewrite or add message headers in mail from these clients,
+ updating incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a>
+ or $<a href="postconf.5.html#mydomain">mydomain</a>, and adding missing headers.
+
+<b>BEFORE-SMTPD PROXY AGENT</b>
+ Available in Postfix version 2.10 and later:
+
+ <b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
+ The name of the proxy protocol used by an optional before-smtpd
+ proxy agent.
+
+ <b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b>
+ The time limit for the proxy protocol specified with the
+ <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
+
+<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ As of version 1.0, Postfix can be configured to send new mail to an
+ external content filter AFTER the mail is queued. This content filter
+ is expected to inject mail back into a (Postfix or other) MTA for fur-
+ ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details.
+
+ <b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
+
+<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ As of version 2.1, the Postfix SMTP server can be configured to send
+ incoming mail to a real-time SMTP-based content filter BEFORE mail is
+ queued. This content filter is expected to inject mail back into Post-
+ fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
+ ure and operate this feature.
+
+ <b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
+ The hostname and TCP port of the mail filtering proxy server.
+
+ <b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ How the Postfix SMTP server announces itself to the proxy fil-
+ ter.
+
+ <b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
+ List of options that control how the Postfix SMTP server commu-
+ nicates with a before-queue content filter.
+
+ <b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
+ The time limit for connecting to a proxy filter and for sending
+ or receiving information.
+
+<b>BEFORE QUEUE MILTER CONTROLS</b>
+ As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
+ filter) protocol. These content filters run outside Postfix. They can
+ inspect the SMTP command stream and the message content, and can
+ request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>-
+ <a href="MILTER_README.html">TER_README</a> document.
+
+ <b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
+ A list of Milter (mail filter) applications for new mail that
+ arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
+
+ <b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
+ The mail filter protocol version and optional protocol exten-
+ sions for communication with a Milter application; prior to
+ Postfix 2.6 the default protocol is 2.
+
+ <b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
+ The default action when a Milter (mail filter) response is
+ unavailable (for example, bad Postfix configuration or Milter
+ failure).
+
+ <b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The {daemon_name} macro value for Milter (mail filter) applica-
+ tions.
+
+ <b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
+ The {v} macro value for Milter (mail filter) applications.
+
+ <b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
+ The time limit for connecting to a Milter (mail filter) applica-
+ tion, and for negotiating protocol options.
+
+ <b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
+ The time limit for sending an SMTP command to a Milter (mail
+ filter) application, and for receiving the response.
+
+ <b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
+ The time limit for sending message content to a Milter (mail
+ filter) application, and for receiving the response.
+
+ <b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after completion of an SMTP connection.
+
+ <b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP HELO or EHLO command.
+
+ <b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP MAIL FROM command.
+
+ <b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP RCPT TO command.
+
+ <b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to version 4 or higher Milter (mail
+ filter) applications after the SMTP DATA command.
+
+ <b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to version 3 or higher Milter (mail
+ filter) applications after an unknown SMTP command.
+
+ <b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the end of the message header.
+
+ <b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
+ The macros that are sent to Milter (mail filter) applications
+ after the message end-of-data.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#milter_macro_defaults">milter_macro_defaults</a> (empty)</b>
+ Optional list of <i>name=value</i> pairs that specify default values
+ for arbitrary macros that Postfix may send to Milter applica-
+ tions.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_milter_maps">smtpd_milter_maps</a> (empty)</b>
+ Lookup tables with Milter settings per remote SMTP client IP
+ address.
+
+<b>GENERAL CONTENT INSPECTION CONTROLS</b>
+ The following parameters are applicable for both built-in and external
+ content filters.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
+
+<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ The following parameters are applicable for both before-queue and
+ after-queue content filtering.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
+ What remote SMTP clients are allowed to use the XFORWARD fea-
+ ture.
+
+<b>SASL AUTHENTICATION CONTROLS</b>
+ Postfix SASL support (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
+ clients to the Postfix SMTP server, and to authenticate the Postfix
+ SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
+ details.
+
+ <b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
+ Enable interoperability with remote SMTP clients that implement
+ an obsolete version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>).
+
+ <b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
+ Enable SASL authentication in the Postfix SMTP server.
+
+ <b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
+ The name of the Postfix SMTP server's local SASL authentication
+ realm.
+
+ <b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
+ Postfix SMTP server SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL server implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+
+ <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
+ Optional lookup table with the SASL login names that own the
+ sender (MAIL FROM) addresses.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
+ What remote SMTP clients the Postfix SMTP server will not offer
+ AUTH support to.
+
+ Available in Postfix version 2.1 and 2.2:
+
+ <b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
+ The application name that the Postfix SMTP server uses for SASL
+ server initialization.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
+ Report the SASL authenticated user name in the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received
+ message header.
+
+ <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
+ Implementation-specific information that the Postfix SMTP server
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+
+ <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
+ The SASL plug-in type that the Postfix SMTP server should use
+ for authentication.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
+ Search path for Cyrus SASL application configuration files, cur-
+ rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#smtpd_sasl_service">smtpd_sasl_service</a> (smtp)</b>
+ The service name that is passed to the SASL plug-in that is
+ selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtpd_sasl_response_limit">smtpd_sasl_response_limit</a> (12288)</b>
+ The maximum length of a SASL client's response to a server chal-
+ lenge.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#smtpd_sasl_mechanism_filter">smtpd_sasl_mechanism_filter</a> (!external, <a href="DATABASE_README.html#types">static</a>:rest)</b>
+ If non-empty, a filter for the SASL mechanism names that the
+ Postfix SMTP server will announce in the EHLO response.
+
+<b>STARTTLS SUPPORT CONTROLS</b>
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
+
+ <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
+ The SMTP TLS security level for the Postfix SMTP server; when a
+ non-empty value is specified, this overrides the obsolete param-
+ eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
+
+ <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ server uses for TLS encrypted SMTP sessions.
+
+ <b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b>
+ The time limit for Postfix SMTP server write and read operations
+ during TLS startup and shutdown handshake procedures.
+
+ <b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
+ A file containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
+
+ <b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
+ A directory containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
+
+ <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
+ Force the Postfix SMTP server to issue a TLS session id, even
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
+
+ <b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
+ Ask a remote SMTP client for a client certificate.
+
+ <b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
+ When TLS encryption is optional in the Postfix SMTP server, do
+ not announce or accept SASL authentication over unencrypted con-
+ nections.
+
+ <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
+ The verification depth for remote SMTP client certificates.
+
+ <b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
+ File with the Postfix SMTP server RSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
+ List of ciphers or cipher types to exclude from the SMTP server
+ cipher list at all TLS security levels.
+
+ <b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
+ File with the Postfix SMTP server DSA certificate in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
+ File with DH parameters that the Postfix SMTP server should use
+ with non-export EDH ciphers.
+
+ <b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
+ File with DH parameters that the Postfix SMTP server should use
+ with export-grade EDH ciphers.
+
+ <b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
+ File with the Postfix SMTP server DSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
+ File with the Postfix SMTP server RSA private key in PEM format.
+
+ <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP server logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP server will
+ use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP server cipher list at mandatory TLS security lev-
+ els.
+
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
+ TLS protocols accepted by the Postfix SMTP server with mandatory
+ TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
+ Request that the Postfix SMTP server produces Received: message
+ headers that include information about the protocol and cipher
+ used, as well as the remote SMTP client CommonName and client
+ certificate issuer CommonName.
+
+ <b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
+ With mandatory TLS encryption, require a trusted remote SMTP
+ client certificate in order to allow TLS connections to proceed.
+
+ <b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
+ Run the Postfix SMTP server in TLS "wrapper" mode, instead of
+ using the STARTTLS command.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "high" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "medium" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
+
+ Available in Postfix version 2.3..3.7:
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "low" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "export" or higher grade ciphers.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
+ The message digest algorithm to construct remote SMTP
+ client-certificate fingerprints or public key fingerprints
+ (Postfix 2.9 and later) for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b>per-</b>
+ <b>mit_tls_clientcerts</b>.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (see postconf -d output)</b>
+ TLS protocols accepted by the Postfix SMTP server with oppor-
+ tunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP server will
+ use with opportunistic TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
+ File with the Postfix SMTP server ECDSA certificate in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
+ File with the Postfix SMTP server ECDSA private key in PEM for-
+ mat.
+
+ <b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
+ The Postfix SMTP server security grade for ephemeral ellip-
+ tic-curve Diffie-Hellman (EECDH) key exchange.
+
+ <b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
+ The elliptic curve used by the Postfix SMTP server for sensibly
+ strong ephemeral ECDH key exchange.
+
+ <b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
+ The elliptic curve used by the Postfix SMTP server for maximally
+ strong ephemeral ECDH key exchange.
+
+ Available in Postfix version 2.8 and later:
+
+ <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
+ With SSLv3 and later, use the Postfix SMTP server's cipher pref-
+ erence order instead of the remote client's cipher preference
+ order.
+
+ <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
+ List or bit-mask of OpenSSL bug work-arounds to disable.
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &gt;<b>= 3.0: aes-256-cbc, Postfix</b> &lt; <b>3.0:</b>
+ <b>aes-128-cbc)</b>
+ Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
+ The prioritized list of elliptic curves supported by the Postfix
+ SMTP client and server.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
+ Optional lookup tables that map names received from remote SMTP
+ clients via the TLS Server Name Indication (SNI) extension to
+ the appropriate keys and certificate chains.
+
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shut-
+ ting down a TLS session, until Postfix times out.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
+ The prioritized list of finite-field Diffie-Hellman ephemeral
+ (FFDHE) key exchange groups supported by the Postfix SMTP client
+ and server.
+
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+
+ <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
+ Optional configuration file with baseline OpenSSL settings.
+
+ <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
+ The application name passed by Postfix to OpenSSL library ini-
+ tialization functions.
+
+<b>OBSOLETE STARTTLS CONTROLS</b>
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
+
+ <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix &lt; 2.3 control for the Postfix SMTP server TLS
+ cipher list.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
+ Enable preliminary SMTPUTF8 support for the protocols described
+ in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
+
+ <b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b>
+ Enable stricter enforcement of the SMTPUTF8 protocol.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>VERP SUPPORT CONTROLS</b>
+ With VERP style delivery, each recipient of a message receives a cus-
+ tomized copy of the message with his/her own recipient address encoded
+ in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
+ uration and operation details of Postfix support for variable envelope
+ return path addresses. VERP style delivery is requested with the SMTP
+ XVERP command or with the "sendmail -V" command-line option and is
+ available in Postfix version 1.1 and later.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
+
+ Available in Postfix version 1.1 and 2.0:
+
+ <b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
+ What remote SMTP clients are allowed to specify the XVERP com-
+ mand.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
+ What remote SMTP clients are allowed to specify the XVERP com-
+ mand.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
+ mail system. The methods vary from making the software log a lot of
+ detail, to running some daemon processes under control of a call tracer
+ or debugger.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+ <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+ <b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
+ Optional information that is appended after each Postfix SMTP
+ server 4XX or 5XX response.
+
+ <b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
+ What remote SMTP clients are allowed to use the XCLIENT feature.
+
+ Available in Postfix version 2.10 and later:
+
+ <b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b>
+ Enable logging of the named "permit" actions in SMTP server
+ access lists (by default, the SMTP server logs "reject" actions
+ but not "permit" actions).
+
+<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
+ As of Postfix version 2.0, the SMTP server rejects mail for unknown
+ recipients. This prevents the mail queue from clogging up with undeliv-
+ erable MAILER-DAEMON messages. Additional information on this topic is
+ in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
+
+ <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
+ Display the name of the recipient table in the "User unknown"
+ responses.
+
+ <b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for message headers and
+ envelopes.
+
+ <b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
+
+ <b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
+ Optional address mapping lookup tables for envelope and header
+ sender addresses.
+
+ Parameters concerning known/unknown local recipients:
+
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The local network interface addresses that this mail system
+ receives mail on.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
+ tion unit.
+
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b>
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
+
+ <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
+ Lookup tables with all names or addresses of local recipients: a
+ recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
+ <a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+ <b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
+ The numerical Postfix SMTP server response code when a recipient
+ address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
+ lookup tables that does not match the recipient.
+
+ Parameters concerning known/unknown recipients of relay destinations:
+
+ <b><a href="postconf.5.html#relay_domains">relay_domains</a> (Postfix</b> &gt;<b>= 3.0: empty, Postfix</b> &lt; <b>3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b>
+ What destination domains (and subdomains thereof) this system
+ will relay mail to.
+
+ <b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+
+ <b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
+ The numerical Postfix SMTP server reply code when a recipient
+ address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
+ address.
+
+ Parameters concerning known/unknown recipients in virtual alias
+ domains:
+
+ <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
+ Postfix is the final destination for the specified list of vir-
+ tual alias domains, that is, domains for which all addresses are
+ aliased to addresses in other local or remote domains.
+
+ <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote addresses.
+
+ <b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
+ address.
+
+ Parameters concerning known/unknown recipients in virtual mailbox
+ domains:
+
+ <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
+ Postfix is the final destination for the specified list of
+ domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail
+ delivery transport.
+
+ <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
+ <b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+ specifies a list of lookup tables that does not match the recip-
+ ient address.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ The following parameters limit resource usage by the SMTP server and/or
+ control client request rates.
+
+ <b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
+
+ <b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
+ The minimal amount of free space in bytes in the queue file sys-
+ tem that is needed to receive mail.
+
+ <b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
+ The maximal size in bytes of a message, including envelope
+ information.
+
+ <b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
+ The maximal number of recipients that the Postfix SMTP server
+ accepts per message delivery request.
+
+ <b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
+ When the Postfix SMTP server wants to send an SMTP server
+ response, how long the Postfix SMTP server will wait for an
+ underlying network write operation to complete; and when the
+ Postfix SMTP server Postfix wants to receive an SMTP client
+ request, how long the Postfix SMTP server will wait for an
+ underlying network read operation to complete.
+
+ <b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
+ The maximal number of lines in the Postfix SMTP server command
+ history before it is flushed upon receipt of EHLO, RSET, or end
+ of DATA.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
+ Attempt to look up the remote SMTP client hostname, and verify
+ that the name matches the client IP address.
+
+ The per SMTP client connection count and request rate limits are imple-
+ mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
+ Postfix version 2.2 and later.
+
+ <b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
+ How many simultaneous connections any client is allowed to make
+ to this service.
+
+ <b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
+ The maximal number of connection attempts any client is allowed
+ to make to this service per time unit.
+
+ <b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
+ The maximal number of message delivery requests that any client
+ is allowed to make to this service per time unit, regardless of
+ whether or not Postfix actually accepts those messages.
+
+ <b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
+ The maximal number of recipient addresses that any client is
+ allowed to send to this service per time unit, regardless of
+ whether or not Postfix actually accepts those recipients.
+
+ <b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
+ Clients that are excluded from smtpd_client_*_count/rate_limit
+ restrictions.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
+ The maximal number of new (i.e., uncached) TLS sessions that a
+ remote SMTP client is allowed to negotiate with this service per
+ time unit.
+
+ Available in Postfix version 2.9 - 3.6:
+
+ <b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
+ content line, or TLS protocol message).
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (0)</b>
+ The maximal number of AUTH commands that any client is allowed
+ to send to this service per time unit, regardless of whether or
+ not Postfix actually accepts those commands.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a> (normal: no, overload: yes)</b>
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per plaintext or TLS
+ read or write call, to a combined time limit for receiving a
+ complete SMTP request and for sending a complete SMTP response.
+
+ <b><a href="postconf.5.html#smtpd_min_data_rate">smtpd_min_data_rate</a> (500)</b>
+ The minimum plaintext data transfer rate in bytes/second for
+ DATA and BDAT requests, when deadlines are enabled with
+ <a href="postconf.5.html#smtpd_per_request_deadline">smtpd_per_request_deadline</a>.
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#smtpd_client_ipv4_prefix_length">smtpd_client_ipv4_prefix_length</a> (32)</b>
+ Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
+ tics by IPv4 network blocks with the specified network prefix.
+
+ <b><a href="postconf.5.html#smtpd_client_ipv6_prefix_length">smtpd_client_ipv6_prefix_length</a> (84)</b>
+ Aggregate smtpd_client_*_count and smtpd_client_*_rate statis-
+ tics by IPv6 network blocks with the specified network prefix.
+
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+
+ <b><a href="postconf.5.html#smtpd_forbid_unauth_pipelining">smtpd_forbid_unauth_pipelining</a> (Postfix</b> &gt;<b>= 3.9: yes)</b>
+ Disconnect remote SMTP clients that violate <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (or 5321)
+ command pipelining constraints.
+
+ Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later:
+
+ <b><a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> (Postfix</b> &lt; <b>3.9: no)</b>
+ Reject or restrict input lines from an SMTP client that end in
+ &lt;LF&gt; instead of the standard &lt;CR&gt;&lt;LF&gt;.
+
+ <b><a href="postconf.5.html#smtpd_forbid_bare_newline_exclusions">smtpd_forbid_bare_newline_exclusions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
+ Exclude the specified clients from <a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a>
+ enforcement.
+
+ Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and later:
+
+ <b><a href="postconf.5.html#smtpd_forbid_bare_newline_reject_code">smtpd_forbid_bare_newline_reject_code</a> (550)</b>
+ The numerical Postfix SMTP server response code when rejecting a
+ request with "<a href="postconf.5.html#smtpd_forbid_bare_newline">smtpd_forbid_bare_newline</a> = reject".
+
+<b>TARPIT CONTROLS</b>
+ When a remote SMTP client makes errors, the Postfix SMTP server can
+ insert delays before responding. This can help to slow down run-away
+ software. The behavior is controlled by an error counter that counts
+ the number of errors within an SMTP session that a client makes without
+ delivering mail.
+
+ <b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
+ With Postfix version 2.1 and later: the SMTP server response
+ delay after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+ errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
+ delivering mail.
+
+ <b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
+ The number of errors a remote SMTP client is allowed to make
+ without delivering mail before the Postfix SMTP server slows
+ down all its responses.
+
+ <b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
+ The maximal number of errors a remote SMTP client is allowed to
+ make without delivering mail.
+
+ <b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
+ The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
+ remote SMTP client can send before the Postfix SMTP server
+ starts to increment the error counter with each junk command.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
+ The number of recipients that a remote SMTP client can send in
+ excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
+ before the Postfix SMTP server increments the per-session error
+ count for each excess recipient.
+
+<b>ACCESS POLICY DELEGATION CONTROLS</b>
+ As of version 2.1, Postfix can be configured to delegate access policy
+ decisions to an external server that runs outside Postfix. See the
+ file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
+
+ <b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
+ The time after which an idle SMTPD policy service connection is
+ closed.
+
+ <b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
+ The time after which an active SMTPD policy service connection
+ is closed.
+
+ <b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
+ The time limit for connecting to, writing to, or receiving from
+ a delegated SMTPD policy server.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#smtpd_policy_service_default_action">smtpd_policy_service_default_action</a> (451 4.3.5 Server configuration</b>
+ <b>problem)</b>
+ The default action when an SMTPD policy service request fails.
+
+ <b><a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (0)</b>
+ The maximal number of requests per SMTPD policy service connec-
+ tion, or zero (no limit).
+
+ <b><a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (2)</b>
+ The maximal number of attempts to send an SMTPD policy service
+ request before giving up.
+
+ <b><a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (1s)</b>
+ The delay between attempts to resend a failed SMTPD policy ser-
+ vice request.
+
+ Available in Postfix version 3.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
+ Optional information that the Postfix SMTP server specifies in
+ the "policy_context" attribute of a policy service request
+ (originally, to share the same service endpoint among multiple
+ <a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
+
+<b>ACCESS CONTROLS</b>
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
+ server access control features.
+
+ <b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
+ Wait until the RCPT TO command before evaluating
+ $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
+ $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
+ before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
+ $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
+
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
+ explicit ".example.com" pattern.
+
+ <b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client connection request.
+
+ <b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
+ Require that a remote SMTP client introduces itself with the
+ HELO or EHLO command before sending the MAIL command or other
+ commands that require EHLO negotiation.
+
+ <b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client HELO command.
+
+ <b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client MAIL FROM command.
+
+ <b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client RCPT TO command, after
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+
+ <b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client ETRN command.
+
+ <b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
+ tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+
+ <b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
+ User-defined aliases for groups of access restrictions.
+
+ <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
+ The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+ the null sender address.
+
+ <b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
+ Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+ only domains whose primary MX hosts match the listed networks.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
+ Optional access restrictions that the Postfix SMTP server
+ applies in the context of the SMTP DATA command.
+
+ <b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
+ What characters are allowed in $name expansions of RBL reply
+ templates.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ access restriction is specified.
+
+ <b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
+ Request that the Postfix SMTP server rejects mail for unknown
+ recipient addresses, even when no explicit
+ <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
+ Optional access restrictions that the Postfix SMTP server
+ applies in the context of the SMTP END-OF-DATA command.
+
+ Available in Postfix version 2.10 and later:
+
+ <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
+ <b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
+ Access restrictions for mail relay control that the Postfix SMTP
+ server applies in the context of the RCPT TO command, before
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+
+<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
+ Postfix version 2.1 introduces sender and recipient address verifica-
+ tion. This feature is implemented by sending probe email messages that
+ are not actually delivered. This feature is requested via the
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is maintained by the
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+ mation about how to configure and operate the Postfix sender/recipient
+ address verification service.
+
+ <b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
+ How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion
+ of an address verification request in progress.
+
+ <b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
+ The delay between queries for the completion of an address veri-
+ fication request in progress.
+
+ <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
+ The sender address to use in address verification probes; prior
+ to Postfix 2.5 the default was "postmaster".
+
+ <b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
+
+ <b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
+ The numerical Postfix SMTP server response when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+ tion.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when a sender
+ address probe fails due to a temporary error condition.
+
+ <b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response when a recipient
+ address probe fails due to a temporary error condition.
+
+ <b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
+ The Postfix SMTP server's reply when rejecting mail with
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
+
+ <b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b>
+ The Postfix SMTP server's reply when rejecting mail with
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
+
+ <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ fails due to a temporary error condition.
+
+ <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ <a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
+
+ Available with Postfix 2.9 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
+ The time between changes in the time-dependent portion of
+ address verification probe sender addresses.
+
+<b>ACCESS CONTROL RESPONSES</b>
+ The following parameters control numerical SMTP reply codes and/or text
+ responses.
+
+ <b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
+ The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
+ map "reject" action.
+
+ <b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is rejected by the "defer" restriction.
+
+ <b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
+ The numerical Postfix SMTP server response code when the client
+ HELO or EHLO command parameter is rejected by the
+ <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
+
+ <b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+ <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
+ <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
+
+ <b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
+ The numerical Postfix SMTP server reply code when a client
+ request is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+ <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
+
+ <b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when a request
+ is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
+
+ <b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is rejected by the "reject" restriction.
+
+ <b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
+ The numerical Postfix SMTP server response code when a client
+ request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+ restriction.
+
+ <b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
+ The numerical response code when the Postfix SMTP server rejects
+ a sender or recipient address because its domain is unknown.
+
+ <b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when a client
+ without valid address &lt;=&gt; name mapping is rejected by the
+ <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
+
+ <b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
+ The numerical Postfix SMTP server response code when the host-
+ name specified with the HELO or EHLO command is rejected by the
+ <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
+ The default Postfix SMTP server response template for a request
+ that is rejected by an RBL-based restriction.
+
+ <b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ <a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
+
+ <b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
+ Optional lookup tables with RBL response templates.
+
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
+ The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
+ map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
+ "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
+
+ <b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
+ The Postfix SMTP server's action when a reject-type restriction
+ fails due to a temporary error condition.
+
+ <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to a temporary error condition.
+
+ <b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ fail due to a temporary error condition.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative commands.
+
+ <b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
+ The internet hostname of this mail system.
+
+ <b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
+ The list of "trusted" remote SMTP clients that have more privi-
+ leges than "strangers".
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+ <b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
+ The text that follows the 220 status code in the SMTP greeting
+ banner.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT GET POST <a href="regexp_table.5.html">regexp</a>:{{/^[^A-Z]/ Bogus}})</b>
+ List of commands that cause the Postfix SMTP server to immedi-
+ ately terminate the session with a 221 code.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b>
+ Enable logging of the remote SMTP client port in addition to the
+ hostname and IP address.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.4 and later:
+
+ <b><a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> (empty)</b>
+ Lookup tables, indexed by the complete Postfix SMTP server 4xx
+ or 5xx response, with reject footer templates.
+
+<b>SEE ALSO</b>
+ <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
+ <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
+ <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
+ <a href="verify.8.html">verify(8)</a>, address verification service
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address manipulation
+ <a href="BDAT_README.html">BDAT_README</a>, Postfix CHUNKING support
+ <a href="FILTER_README.html">FILTER_README</a>, external after-queue content filter
+ <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>, blocking unknown local recipients
+ <a href="MILTER_README.html">MILTER_README</a>, before-queue mail filter applications
+ <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a>, built-in access policies
+ <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a>, external policy server
+ <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a>, external before-queue content filter
+ <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
+ <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix XVERP extension
+ <a href="XCLIENT_README.html">XCLIENT_README</a>, Postfix XCLIENT extension
+ <a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SASL support originally by:
+ Till Franke
+ SuSE Rhein/Main AG
+ 65760 Eschborn, Germany
+
+ TLS support originally by:
+ Lutz Jaenicke
+ BTU Cottbus
+ Allgemeine Elektrotechnik
+ Universitaetsplatz 3-4
+ D-03044 Cottbus, Germany
+
+ Revised TLS support by:
+ Victor Duchovni
+ Morgan Stanley
+
+ SMTPD(8)
+</pre> </body> </html>
diff --git a/html/socketmap_table.5.html b/html/socketmap_table.5.html
new file mode 100644
index 0000000..a8bbd07
--- /dev/null
+++ b/html/socketmap_table.5.html
@@ -0,0 +1,102 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - socketmap_table(5) </title>
+</head> <body> <pre>
+SOCKETMAP_TABLE(5) SOCKETMAP_TABLE(5)
+
+<b>NAME</b>
+ socketmap_table - Postfix socketmap table lookup client
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="socketmap_table.html">socketmap</a>:inet:</b><i>host</i><b>:</b><i>port</i><b>:</b><i>name</i>
+ <b>postmap -q "</b><i>string</i><b>" <a href="socketmap_table.html">socketmap</a>:unix:</b><i>pathname</i><b>:</b><i>name</i>
+
+ <b>postmap -q - <a href="socketmap_table.html">socketmap</a>:inet:</b><i>host</i><b>:</b><i>port</i><b>:</b><i>name</i> &lt;<i>inputfile</i>
+ <b>postmap -q - <a href="socketmap_table.html">socketmap</a>:unix:</b><i>pathname</i><b>:</b><i>name</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting.
+ mail routing or policy lookup.
+
+ The Postfix socketmap client expects TCP endpoint names of the form
+ <b>inet:</b><i>host</i><b>:</b><i>port</i><b>:</b><i>name</i>, or UNIX-domain endpoints of the form <b>unix:</b><i>path-</i>
+ <i>name</i><b>:</b><i>name</i>. In both cases, <i>name</i> specifies the name field in a socketmap
+ client request (see "REQUEST FORMAT" below).
+
+<b>PROTOCOL</b>
+ Socketmaps use a simple protocol: the client sends one request, and the
+ server sends one reply. Each request and each reply are sent as one
+ netstring object.
+
+<b>REQUEST FORMAT</b>
+ The socketmap protocol supports only the lookup request. The request
+ has the following form:
+
+ <i>name</i> &lt;<b>space</b>&gt; <i>key</i>
+ Search the named socketmap for the specified key.
+
+ Postfix will not generate partial search keys such as domain names
+ without one or more subdomains, network addresses without one or more
+ least-significant octets, or email addresses without the localpart,
+ address extension or domain portion. This behavior is also found with
+ <a href="cidr_table.5.html">cidr</a>:, <a href="pcre_table.5.html">pcre</a>:, and <a href="regexp_table.5.html">regexp</a>: tables.
+
+<b>REPLY FORMAT</b>
+ The Postfix socketmap client requires that replies are not longer than
+ 100000 characters (not including the netstring encapsulation). Replies
+ must have the following form:
+
+ <b>OK</b> &lt;<b>space</b>&gt; <i>data</i>
+ The requested data was found.
+
+ <b>NOTFOUND</b> &lt;<b>space</b>&gt;
+ The requested data was not found.
+
+ <b>TEMP</b> &lt;<b>space</b>&gt; <i>reason</i>
+
+ <b>TIMEOUT</b> &lt;<b>space</b>&gt; <i>reason</i>
+
+ <b>PERM</b> &lt;<b>space</b>&gt; <i>reason</i>
+ The request failed. The reason, if non-empty, is descriptive
+ text.
+
+<b>SECURITY</b>
+ This map cannot be used for security-sensitive information,
+ because neither the connection nor the server are authenticated.
+
+<b>SEE ALSO</b>
+ <a href="http://cr.yp.to/proto/netstrings.txt">http://cr.yp.to/proto/netstrings.txt</a>, netstring definition
+ <a href="postconf.1.html">postconf(1)</a>, Postfix supported lookup tables
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
+ <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
+ <a href="cidr_table.5.html">cidr_table(5)</a>, format of CIDR tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>BUGS</b>
+ The protocol limits are not yet configurable.
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ Socketmap support was introduced with Postfix version 2.10.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SOCKETMAP_TABLE(5)
+</pre> </body> </html>
diff --git a/html/spawn.8.html b/html/spawn.8.html
new file mode 100644
index 0000000..8b2f2f1
--- /dev/null
+++ b/html/spawn.8.html
@@ -0,0 +1,151 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - spawn(8) </title>
+</head> <body> <pre>
+SPAWN(8) SPAWN(8)
+
+<b>NAME</b>
+ spawn - Postfix external command spawner
+
+<b>SYNOPSIS</b>
+ <b>spawn</b> [generic Postfix daemon options] command_attributes...
+
+<b>DESCRIPTION</b>
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon provides the Postfix equivalent of <b>inetd</b>. It lis-
+ tens on a port as specified in the Postfix <a href="master.5.html"><b>master.cf</b></a> file and spawns an
+ external command whenever a connection is established. The connection
+ can be made over local IPC (such as UNIX-domain sockets) or over
+ non-local IPC (such as TCP sockets). The command's standard input,
+ output and error streams are connected directly to the communication
+ endpoint.
+
+ This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+<b>COMMAND ATTRIBUTE SYNTAX</b>
+ The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
+ end of a service definition. The syntax is as follows:
+
+ <b>user</b>=<i>username</i> (required)
+
+ <b>user</b>=<i>username</i>:<i>groupname</i>
+ The external command is executed with the rights of the speci-
+ fied <i>username</i>. The software refuses to execute commands with
+ root privileges, or with the privileges of the mail system
+ owner. If <i>groupname</i> is specified, the corresponding group ID is
+ used instead of the group ID of <i>username</i>.
+
+ <b>argv</b>=<i>command</i>... (required)
+ The command to be executed. This must be specified as the last
+ command attribute. The command is executed directly, i.e. with-
+ out interpretation of shell meta characters by a shell command
+ interpreter.
+
+<b>BUGS</b>
+ In order to enforce standard Postfix process resource controls, the
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon runs only one external command at a time. As such, it
+ presents a noticeable overhead by wasting precious process resources.
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural
+ solution.
+
+<b>DIAGNOSTICS</b>
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged
+ to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>SECURITY</b>
+ This program needs root privilege in order to execute external commands
+ as the specified user. It is therefore security sensitive. However the
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not talk to the external command and thus is not
+ vulnerable to data-driven attacks.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ In the text below, <i>transport</i> is the first field of the entry in the
+ <a href="master.5.html"><b>master.cf</b></a> file.
+
+<b>RESOURCE AND RATE CONTROL</b>
+ <b><a href="postconf.5.html#transport_time_limit">transport_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
+ A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parame-
+ ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
+ delivery transport.
+
+<b>MISCELLANEOUS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ SPAWN(8)
+</pre> </body> </html>
diff --git a/html/sqlite_table.5.html b/html/sqlite_table.5.html
new file mode 100644
index 0000000..7c32d8c
--- /dev/null
+++ b/html/sqlite_table.5.html
@@ -0,0 +1,239 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - sqlite_table(5) </title>
+</head> <body> <pre>
+SQLITE_TABLE(5) SQLITE_TABLE(5)
+
+<b>NAME</b>
+ sqlite_table - Postfix SQLite configuration
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/</b><i>filename</i>
+
+ <b>postmap -q - <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/</b><i>filename</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as SQLite databases. In
+ order to use SQLite lookups, define an SQLite source as a lookup table
+ in <a href="postconf.5.html">main.cf</a>, for example:
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/sqlite-aliases.cf
+
+ The file /etc/postfix/sqlite-aliases.cf has the same format as the
+ Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
+
+<b>LIST MEMBERSHIP</b>
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
+
+<b>SQLITE PARAMETERS</b>
+ <b>dbpath</b> The SQLite database file location. Example:
+ dbpath = customer_database
+
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
+ query = SELECT replacement FROM aliases WHERE mailbox = '%s'
+
+ This parameter supports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is
+ non-empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ This parameter is available with Postfix 2.2. In prior releases
+ the SQL query was built from the separate parameters:
+ <b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>. The
+ mapping from the old parameters to the equivalent query is:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The '%s' in the <b>WHERE</b> clause expands to the escaped search
+ string. With Postfix 2.2 these legacy parameters are used if
+ the <b>query</b> parameter is not specified.
+
+ NOTE: DO NOT put quotes around the query parameter.
+
+ <b>result_format (default: %s</b>)
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
+
+ <b>%%</b> This is replaced by a literal '%' character.
+
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
+
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
+ skipped.
+
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
+
+ <b>%[SUD1-9]</b>
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT put quotes around the result format!
+
+ <b>domain (default: no domain list)</b>
+ This is a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys with
+ a *non-empty* localpart and a matching domain are eligible for
+ lookup: 'user' lookups, bare domain lookups and "@domain"
+ lookups are not performed. This can significantly reduce the
+ query load on the SQLite server.
+ domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
+
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
+
+ This parameter is available with Postfix 2.2 and later.
+
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
+
+ <b>expansion_limit (default: 0)</b>
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
+
+<b>OBSOLETE MAIN.CF PARAMETERS</b>
+ For compatibility with other Postfix lookup tables, SQLite parameters
+ can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as SQLite
+ source a name that doesn't begin with a slash or a dot. The SQLite
+ parameters will then be accessible as the name you've given the source
+ in its definition, an underscore, and the name of the parameter. For
+ example, if the map is specified as "<a href="sqlite_table.5.html">sqlite</a>:<i>sqlitename</i>", the parameter
+ "query" would be defined in <a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
+
+<b>OBSOLETE QUERY INTERFACE</b>
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface described
+ above. If the <b>query</b> parameter is defined, the legacy parameters
+ described here ignored. Please migrate to the new interface as the
+ legacy interface may be removed in a future release.
+
+ The following parameters can be used to fill in a SELECT template
+ statement of the form:
+
+ SELECT [<b>select_field</b>]
+ FROM [<b>table</b>]
+ WHERE [<b>where_field</b>] = '%s'
+ [<b>additional_conditions</b>]
+
+ The specifier %s is replaced by the search string, and is escaped so if
+ it contains single quotes or other odd characters, it will not cause a
+ parse error, or worse, a security problem.
+
+ <b>select_field</b>
+ The SQL "select" parameter. Example:
+ <b>select_field</b> = forw_addr
+
+ <b>table</b> The SQL "select .. from" table name. Example:
+ <b>table</b> = mxaliases
+
+ <b>where_field</b>
+ The SQL "select .. where" parameter. Example:
+ <b>where_field</b> = alias
+
+ <b>additional_conditions</b>
+ Additional conditions to the SQL query. Example:
+ <b>additional_conditions</b> = AND status = 'paid'
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table maintenance
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="ldap_table.5.html">ldap_table(5)</a>, LDAP lookup tables
+ <a href="mysql_table.5.html">mysql_table(5)</a>, MySQL lookup tables
+ <a href="pgsql_table.5.html">pgsql_table(5)</a>, PostgreSQL lookup tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="SQLITE_README.html">SQLITE_README</a>, Postfix SQLITE howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ SQLite support was introduced with Postfix version 2.8.
+
+<b>AUTHOR(S)</b>
+ Original implementation by:
+ Axel Steiner
+
+ SQLITE_TABLE(5)
+</pre> </body> </html>
diff --git a/html/tcp_table.5.html b/html/tcp_table.5.html
new file mode 100644
index 0000000..7c6a9d9
--- /dev/null
+++ b/html/tcp_table.5.html
@@ -0,0 +1,111 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - tcp_table(5) </title>
+</head> <body> <pre>
+TCP_TABLE(5) TCP_TABLE(5)
+
+<b>NAME</b>
+ tcp_table - Postfix client/server table lookup protocol
+
+<b>SYNOPSIS</b>
+ <b>postmap -q "</b><i>string</i><b>" <a href="tcp_table.5.html">tcp</a>:</b><i>host:port</i>
+
+ <b>postmap -q - <a href="tcp_table.5.html">tcp</a>:</b><i>host:port</i> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format. Alterna-
+ tively, table lookups can be directed to a TCP server.
+
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
+
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
+
+<b>PROTOCOL DESCRIPTION</b>
+ The TCP map class implements a very simple protocol: the client sends a
+ request, and the server sends one reply. Requests and replies are sent
+ as one line of ASCII text, terminated by the ASCII newline character.
+ Request and reply parameters (see below) are separated by whitespace.
+
+ Send and receive operations must complete in 100 seconds.
+
+<b>REQUEST FORMAT</b>
+ The tcp_table protocol supports only the lookup request. The request
+ has the following form:
+
+ <b>get</b> SPACE <i>key</i> NEWLINE
+ Look up data under the specified key.
+
+ Postfix will not generate partial search keys such as domain names
+ without one or more subdomains, network addresses without one or more
+ least-significant octets, or email addresses without the localpart,
+ address extension or domain portion. This behavior is also found with
+ <a href="cidr_table.5.html">cidr</a>:, <a href="pcre_table.5.html">pcre</a>:, and <a href="regexp_table.5.html">regexp</a>: tables.
+
+<b>REPLY FORMAT</b>
+ Each reply specifies a status code and text. Replies must be no longer
+ than 4096 characters including the newline terminator.
+
+ <b>500</b> SPACE <i>text</i> NEWLINE
+ In case of a lookup request, the requested data does not exist.
+ The text describes the nature of the problem.
+
+ <b>400</b> SPACE <i>text</i> NEWLINE
+ This indicates an error condition. The text describes the nature
+ of the problem. The client should retry the request later.
+
+ <b>200</b> SPACE <i>text</i> NEWLINE
+ The request was successful. In the case of a lookup request, the
+ text contains an encoded version of the requested data.
+
+<b>ENCODING</b>
+ In request and reply parameters, the character %, each non-printing
+ character, and each whitespace character must be replaced by %XX, where
+ XX is the corresponding ASCII hexadecimal character value. The hexadec-
+ imal codes can be specified in any case (upper, lower, mixed).
+
+ The Postfix client always encodes a request. The server may omit the
+ encoding as long as the reply is guaranteed to not contain the % or
+ NEWLINE character.
+
+<b>SECURITY</b>
+ Do not use TCP lookup tables for security critical purposes. The
+ client-server connection is not protected and the server is not authen-
+ ticated.
+
+<b>BUGS</b>
+ Only the lookup method is currently implemented.
+
+ The client does not hang up when the connection is idle for a long
+ time.
+
+<b>SEE ALSO</b>
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="regexp_table.5.html">regexp_table(5)</a>, format of regular expression tables
+ <a href="pcre_table.5.html">pcre_table(5)</a>, format of PCRE tables
+ <a href="cidr_table.5.html">cidr_table(5)</a>, format of CIDR tables
+
+<b>README FILES</b>
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TCP_TABLE(5)
+</pre> </body> </html>
diff --git a/html/tlsmgr.8.html b/html/tlsmgr.8.html
new file mode 100644
index 0000000..48d8a40
--- /dev/null
+++ b/html/tlsmgr.8.html
@@ -0,0 +1,195 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - tlsmgr(8) </title>
+</head> <body> <pre>
+TLSMGR(8) TLSMGR(8)
+
+<b>NAME</b>
+ tlsmgr - Postfix TLS session cache and PRNG manager
+
+<b>SYNOPSIS</b>
+ <b>tlsmgr</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> manages the Postfix TLS session caches. It stores and
+ retrieves cache entries on request by <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes,
+ and periodically removes entries that have expired.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> also manages the PRNG (pseudo random number generator)
+ pool. It answers queries by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes to seed
+ their internal PRNG pools.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>'s PRNG pool is initially seeded from an external source
+ (EGD, /dev/urandom, or regular file). It is updated at configurable
+ pseudo-random intervals with data from the external source. It is
+ updated periodically with data from TLS session cache entries and with
+ the time of day, and is updated with the time of day whenever a process
+ requests <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> saves the PRNG state to an exchange file periodically and
+ when the process terminates, and reads the exchange file when initial-
+ izing its PRNG.
+
+<b>SECURITY</b>
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is not security-sensitive. The code that maintains the
+ external and internal PRNG pools does not "trust" the data that it
+ manipulates, and the code that maintains the TLS session cache does not
+ touch the contents of the cached entries, except for seeding its inter-
+ nal PRNG pool.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> can be run chrooted and with reduced privileges. At
+ process startup it connects to the entropy source and exchange file,
+ and creates or truncates the optional TLS session cache files.
+
+ With Postfix version 2.5 and later, the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> no longer uses root
+ privileges when opening cache files. These files should now be stored
+ under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt
+ to open a cache file under a non-Postfix directory is redirected to the
+ Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ There is no automatic means to limit the number of entries in the TLS
+ session caches and/or the size of the TLS cache files.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, because <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ is a persistent processes. Use the command "<b>postfix reload</b>" after a
+ configuration change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>TLS SESSION CACHE</b>
+ <b><a href="postconf.5.html#lmtp_tls_loglevel">lmtp_tls_loglevel</a> (0)</b>
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> configuration
+ parameter.
+
+ <b><a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> (empty)</b>
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+ configuration parameter.
+
+ <b><a href="postconf.5.html#lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> (3600s)</b>
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
+ configuration parameter.
+
+ <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP client logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
+
+ <b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP server logging of TLS activity.
+
+ <b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix SMTP server TLS
+ session cache.
+
+ <b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
+ The expiration time of Postfix SMTP server TLS session cache
+ information.
+
+<b>PSEUDO RANDOM NUMBER GENERATOR</b>
+ <b><a href="postconf.5.html#tls_random_source">tls_random_source</a> (see 'postconf -d' output)</b>
+ The external entropy source for the in-memory <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> pseudo
+ random number generator (PRNG) pool.
+
+ <b><a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> (32)</b>
+ The number of bytes that <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a>
+ when (re)seeding the in-memory pseudo random number generator
+ (PRNG) pool.
+
+ <b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (see 'postconf -d' output)</b>
+ Name of the pseudo random number generator (PRNG) state file
+ that is maintained by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>.
+
+ <b><a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> (3600s)</b>
+ The time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to save the state of the
+ pseudo random number generator (PRNG) to the file specified with
+ $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>.
+
+ <b><a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> (3600s)</b>
+ The maximal time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to re-seed the
+ in-memory pseudo random number generator (PRNG) pool from exter-
+ nal sources.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtp.8.html">smtp(8)</a>, Postfix SMTP client
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.2.
+
+<b>AUTHOR(S)</b>
+ Lutz Jaenicke
+ BTU Cottbus
+ Allgemeine Elektrotechnik
+ Universitaetsplatz 3-4
+ D-03044 Cottbus, Germany
+
+ Adapted by:
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TLSMGR(8)
+</pre> </body> </html>
diff --git a/html/tlsproxy.8.html b/html/tlsproxy.8.html
new file mode 100644
index 0000000..0c36743
--- /dev/null
+++ b/html/tlsproxy.8.html
@@ -0,0 +1,449 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - tlsproxy(8) </title>
+</head> <body> <pre>
+TLSPROXY(8) TLSPROXY(8)
+
+<b>NAME</b>
+ tlsproxy - Postfix TLS proxy
+
+<b>SYNOPSIS</b>
+ <b>tlsproxy</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server implements a two-way TLS proxy. It is used by
+ the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server to talk SMTP-over-TLS with remote SMTP clients
+ that are not allowlisted (including clients whose allowlist status has
+ expired), and by the <a href="smtp.8.html"><b>smtp</b>(8)</a> client to support TLS connection reuse,
+ but it should also work for non-SMTP protocols.
+
+ Although one <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process can serve multiple sessions at the
+ same time, it is a good idea to allow the number of processes to
+ increase with load, so that the service remains responsive.
+
+<b>PROTOCOL EXAMPLE</b>
+ The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ server is agnostic of the application protocol, and the example is eas-
+ ily adapted to other applications.
+
+ After receiving a valid remote SMTP client STARTTLS command, the
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server sends the remote SMTP client endpoint string, the
+ requested role (server), and the requested timeout to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>.
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> then receives a "TLS available" indication from
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. If the TLS service is available, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends the
+ remote SMTP client file descriptor to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>, and sends the plain-
+ text 220 greeting to the remote SMTP client. This triggers TLS negoti-
+ ations between the remote SMTP client and <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. Upon completion
+ of the TLS-level handshake, <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> translates between plaintext
+ from/to <a href="postscreen.8.html"><b>postscreen</b>(8)</a> and ciphertext to/from the remote SMTP client.
+
+<b>SECURITY</b>
+ The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is moderately security-sensitive. It talks to
+ untrusted clients on the network. The process can be run chrooted at
+ fixed low privilege.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> pro-
+ cesses may run for a long time depending on mail server load. Use the
+ command "<b>postfix reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>STARTTLS GLOBAL CONTROLS</b>
+ The following settings are global and therefore cannot be overruled by
+ information specified in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
+
+ <b><a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> (no)</b>
+ Append the system-supplied default Certification Authority cer-
+ tificates to the ones specified with *_tls_CApath or
+ *_tls_CAfile.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "high" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "medium" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
+
+ <b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
+ The elliptic curve used by the Postfix SMTP server for sensibly
+ strong ephemeral ECDH key exchange.
+
+ <b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
+ The elliptic curve used by the Postfix SMTP server for maximally
+ strong ephemeral ECDH key exchange.
+
+ <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
+ List or bit-mask of OpenSSL bug work-arounds to disable.
+
+ <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
+ With SSLv3 and later, use the Postfix SMTP server's cipher pref-
+ erence order instead of the remote client's cipher preference
+ order.
+
+ Available in Postfix version 2.8..3.7:
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "low" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "export" or higher grade ciphers.
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#tls_legacy_public_key_fingerprints">tls_legacy_public_key_fingerprints</a> (no)</b>
+ A temporary migration aid for sites that use certificate <i>pub-</i>
+ <i>lic-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use an
+ incorrect algorithm.
+
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &gt;<b>= 3.0: aes-256-cbc, Postfix</b> &lt; <b>3.0:</b>
+ <b>aes-128-cbc)</b>
+ Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
+
+ <b><a href="postconf.5.html#openssl_path">openssl_path</a> (openssl)</b>
+ The location of the OpenSSL command line program <b>openssl</b>(1).
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
+ The prioritized list of elliptic curves supported by the Postfix
+ SMTP client and server.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
+ Optional lookup tables that map names received from remote SMTP
+ clients via the TLS Server Name Indication (SNI) extension to
+ the appropriate keys and certificate chains.
+
+ Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shut-
+ ting down a TLS session, until Postfix times out.
+
+ Available in Postfix version 3.8 and later:
+
+ <b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
+ The prioritized list of finite-field Diffie-Hellman ephemeral
+ (FFDHE) key exchange groups supported by the Postfix SMTP client
+ and server.
+
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
+
+ <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
+ Optional configuration file with baseline OpenSSL settings.
+
+ <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
+ The application name passed by Postfix to OpenSSL library ini-
+ tialization functions.
+
+<b>STARTTLS SERVER CONTROLS</b>
+ These settings are clones of Postfix SMTP server settings. They allow
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
+ the Postfix SMTP server, before dropping privileges, so that the key
+ files can be kept read-only for root. These settings can currently not
+ be overruled by information in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request, but that
+ limitation may be removed in a future version.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> ($<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b>
+ A file containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> ($<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b>
+ A directory containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> ($<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_ses</a>-</b>
+ <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">sion_ids</a>)</b>
+ Force the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server to issue a TLS session id,
+ even when TLS session caching is turned off.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> ($<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b>
+ Ask a remote SMTP client for a client certificate.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> ($<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b>
+ The verification depth for remote SMTP client certificates.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA certificate in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b>
+ The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ will use with opportunistic TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA certificate in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b>
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ should use with non-export EDH ciphers.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b>
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ should use with export-grade EDH ciphers.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA private key in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA certificate in
+ PEM format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA private key in
+ PEM format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> ($<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b>
+ The Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server security grade for ephemeral
+ elliptic-curve Diffie-Hellman (EECDH) key exchange.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b>
+ List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ server cipher list at all TLS security levels.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> ($<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b>
+ The message digest algorithm to construct remote SMTP
+ client-certificate fingerprints.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA private key in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> ($<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b>
+ Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server logging of TLS
+ activity.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b>
+ The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ will use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_manda</a>-</b>
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">tory_exclude_ciphers</a>)</b>
+ Additional list of ciphers or cipher types to exclude from the
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server cipher list at mandatory TLS security levels.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b>
+ The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> ($<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b>
+ List of TLS protocols that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will
+ exclude or include with opportunistic TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> ($<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b>
+ With mandatory TLS encryption, require a trusted remote SMTP
+ client certificate in order to allow TLS connections to proceed.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
+ The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server;
+ when a non-empty value is specified, this overrides the obsolete
+ parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
+
+ <b><a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a> ($<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b>
+ Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server keys and certificate
+ chains in PEM format.
+
+<b>STARTTLS CLIENT CONTROLS</b>
+ These settings are clones of Postfix SMTP client settings. They allow
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
+ the Postfix SMTP client, before dropping privileges, so that the key
+ files can be kept read-only for root. Some settings may be overruled by
+ information in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#tlsproxy_client_CAfile">tlsproxy_client_CAfile</a> ($<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>)</b>
+ A file containing CA certificates of root CAs trusted to sign
+ either remote TLS server certificates or intermediate CA cer-
+ tificates.
+
+ <b><a href="postconf.5.html#tlsproxy_client_CApath">tlsproxy_client_CApath</a> ($<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>)</b>
+ Directory with PEM format Certification Authority certificates
+ that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client uses to verify a remote TLS
+ server certificate.
+
+ <b><a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a> ($<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>)</b>
+ Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client keys and certificate
+ chains in PEM format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_cert_file">tlsproxy_client_cert_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client RSA certificate in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_key_file">tlsproxy_client_key_file</a> ($<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client RSA private key in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_dcert_file">tlsproxy_client_dcert_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client DSA certificate in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_dkey_file">tlsproxy_client_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client DSA private key in PEM
+ format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_eccert_file">tlsproxy_client_eccert_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client ECDSA certificate in
+ PEM format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_eckey_file">tlsproxy_client_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a>)</b>
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client ECDSA private key in
+ PEM format.
+
+ <b><a href="postconf.5.html#tlsproxy_client_fingerprint_digest">tlsproxy_client_fingerprint_digest</a> ($<a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a>)</b>
+ The message digest algorithm used to construct remote TLS server
+ certificate fingerprints.
+
+ <b><a href="postconf.5.html#tlsproxy_client_loglevel">tlsproxy_client_loglevel</a> ($<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b>
+ Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client logging of TLS
+ activity.
+
+ <b><a href="postconf.5.html#tlsproxy_client_loglevel_parameter">tlsproxy_client_loglevel_parameter</a> (<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>)</b>
+ The name of the parameter that provides the
+ <a href="postconf.5.html#tlsproxy_client_loglevel">tlsproxy_client_loglevel</a> value.
+
+ <b><a href="postconf.5.html#tlsproxy_client_scert_verifydepth">tlsproxy_client_scert_verifydepth</a> ($<a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>)</b>
+ The verification depth for remote TLS server certificates.
+
+ <b><a href="postconf.5.html#tlsproxy_client_use_tls">tlsproxy_client_use_tls</a> ($<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>)</b>
+ Opportunistic mode: use TLS when a remote server announces TLS
+ support.
+
+ <b><a href="postconf.5.html#tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a> ($<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b>
+ Enforcement mode: require that SMTP servers use TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_client_per_site">tlsproxy_client_per_site</a> ($<a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>)</b>
+ Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
+ usage policy by next-hop destination and by remote TLS server
+ hostname.
+
+ Available in Postfix version 3.4-3.6:
+
+ <b><a href="postconf.5.html#tlsproxy_client_level">tlsproxy_client_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+ The default TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ client.
+
+ <b><a href="postconf.5.html#tlsproxy_client_policy">tlsproxy_client_policy</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+ Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
+ security policy by next-hop destination.
+
+ Available in Postfix version 3.7 and later:
+
+ <b><a href="postconf.5.html#tlsproxy_client_security_level">tlsproxy_client_security_level</a> ($<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>)</b>
+ The default TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ client.
+
+ <b><a href="postconf.5.html#tlsproxy_client_policy_maps">tlsproxy_client_policy_maps</a> ($<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>)</b>
+ Optional lookup tables with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client TLS
+ security policy by next-hop destination.
+
+<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
+ These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
+ parameters.
+
+ <b><a href="postconf.5.html#tlsproxy_use_tls">tlsproxy_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
+
+ <b><a href="postconf.5.html#tlsproxy_client_use_tls">tlsproxy_client_use_tls</a> ($<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>)</b>
+ Opportunistic mode: use TLS when a remote server announces TLS
+ support.
+
+ <b><a href="postconf.5.html#tlsproxy_client_enforce_tls">tlsproxy_client_enforce_tls</a> ($<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>)</b>
+ Enforcement mode: require that SMTP servers use TLS encryption.
+
+<b>RESOURCE CONTROLS</b>
+ <b><a href="postconf.5.html#tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> (10s)</b>
+ How much time a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process may take to process local or
+ remote I/O before it is terminated by a built-in watchdog timer.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.8.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TLSPROXY(8)
+</pre> </body> </html>
diff --git a/html/trace.8.html b/html/trace.8.html
new file mode 100644
index 0000000..ba2ced9
--- /dev/null
+++ b/html/trace.8.html
@@ -0,0 +1,198 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - bounce(8) </title>
+</head> <body> <pre>
+BOUNCE(8) BOUNCE(8)
+
+<b>NAME</b>
+ bounce - Postfix delivery status reports
+
+<b>SYNOPSIS</b>
+ <b>bounce</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the
+ per-message log file be deleted when the requested operation fails.
+ This is used by clients that cannot retry transactions by themselves,
+ and that depend on retry logic in their own client.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
+ <a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
+ <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
+ <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
+ <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
+
+ <b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce message templates.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are subject to
+ before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.0 and later:
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.6 and later:
+
+ <b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
+ Enable non-delivery, success, and delay notifications that link
+ to the original message by including a References: and
+ In-Reply-To: header with the original Message-ID value.
+
+ Available in Postfix 3.7 and later:
+
+ <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
+ The format of the Postfix-generated <b>From:</b> header.
+
+<b>FILES</b>
+ /var/spool/postfix/bounce/* non-delivery records
+ /var/spool/postfix/defer/* non-delivery records
+ /var/spool/postfix/trace/* delivery status records
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce message template format
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ BOUNCE(8)
+</pre> </body> </html>
diff --git a/html/transport.5.html b/html/transport.5.html
new file mode 100644
index 0000000..b6e7f27
--- /dev/null
+++ b/html/transport.5.html
@@ -0,0 +1,288 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - transport(5) </title>
+</head> <body> <pre>
+TRANSPORT(5) TRANSPORT(5)
+
+<b>NAME</b>
+ transport - Postfix transport table format
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/transport</b>
+
+ <b>postmap -q "</b><i>string</i><b>" /etc/postfix/transport</b>
+
+ <b>postmap -q - /etc/postfix/transport</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from email
+ addresses to message delivery transports and next-hop destinations.
+ Message delivery transports such as <b>local</b> or <b>smtp</b> are defined in the
+ <a href="master.5.html"><b>master.cf</b></a> file, and next-hop destinations are typically hosts or domain
+ names. The table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.
+
+ This mapping overrides the default <i>transport</i>:<i>nexthop</i> selection that is
+ built into Postfix:
+
+ <b><a href="postconf.5.html#local_transport">local_transport</a> (default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ This is the default for final delivery to domains listed with
+ <b><a href="postconf.5.html#mydestination">mydestination</a></b>, and for [<i>ipaddress</i>] destinations that match
+ <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. The default <i>nexthop</i> des-
+ tination is the MTA hostname.
+
+ <b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (default: <a href="virtual.8.html">virtual</a>:)</b>
+ This is the default for final delivery to domains listed with
+ <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>. The default <i>nexthop</i> destination is the
+ recipient domain.
+
+ <b><a href="postconf.5.html#relay_transport">relay_transport</a> (default: relay:)</b>
+ This is the default for remote delivery to domains listed with
+ <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing precedence, the <i>nexthop</i>
+ destination is taken from <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
+
+ <b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
+ This is the default for remote delivery to other destinations.
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,</b>
+ <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>,
+ or from the recipient domain.
+
+ Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/transport</b>" to rebuild an
+ indexed file after changing the corresponding transport table.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those case, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <i>pattern result</i>
+ When <i>pattern</i> matches the recipient address or domain, use the
+ corresponding <i>result</i>.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ The <i>pattern</i> specifies an email address, a domain name, or a domain name
+ hierarchy, as described in section "TABLE SEARCH ORDER".
+
+ The <i>result</i> is of the form <i>transport:nexthop</i> and specifies how or where
+ to deliver mail. This is described in section "RESULT FORMAT".
+
+<b>TABLE SEARCH ORDER</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
+
+ <i>user+extension@domain transport</i>:<i>nexthop</i>
+ Deliver mail for <i>user+extension@domain</i> through <i>transport</i> to <i>nex-</i>
+ <i>thop</i>.
+
+ <i>user@domain transport</i>:<i>nexthop</i>
+ Deliver mail for <i>user@domain</i> through <i>transport</i> to <i>nexthop</i>.
+
+ <i>domain transport</i>:<i>nexthop</i>
+ Deliver mail for <i>domain</i> through <i>transport</i> to <i>nexthop</i>.
+
+ <i>.domain transport</i>:<i>nexthop</i>
+ Deliver mail for any subdomain of <i>domain</i> through <i>transport</i> to
+ <i>nexthop</i>. This applies only when the string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not
+ listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> configuration
+ setting. Otherwise, a domain name matches itself and its subdo-
+ mains.
+
+ <b>*</b> <i>transport</i>:<i>nexthop</i>
+ The special pattern <b>*</b> represents any address (i.e. it functions
+ as the wild-card pattern, and is unique to Postfix transport
+ tables).
+
+ Note 1: the null recipient address is looked up as
+ <b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-daemon@hostname).
+
+ Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is available in
+ Postfix 2.0 and later.
+
+<b>RESULT FORMAT</b>
+ The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The <i>transport</i>
+ field specifies a mail delivery transport such as <b>smtp</b> or <b>local</b>. The
+ <i>nexthop</i> field specifies where and how to deliver mail.
+
+ The transport field specifies the name of a mail delivery transport
+ (the first name of a mail delivery service entry in the Postfix <a href="master.5.html"><b>mas-</b>
+ <b>ter.cf</b></a> file).
+
+ The nexthop field usually specifies one recipient domain or hostname.
+ In the case of the Postfix SMTP/LMTP client, the nexthop field may con-
+ tain a list of nexthop destinations separated by comma or whitespace
+ (Postfix 3.5 and later).
+
+ The syntax of a nexthop destination is transport dependent. With SMTP,
+ specify a service on a non-default port as <i>host</i>:<i>service</i>, and disable MX
+ (mail exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The [] form is
+ required when you specify an IP address instead of a hostname.
+
+ A null <i>transport</i> and null <i>nexthop</i> field means "do not change": use the
+ delivery transport and nexthop information that would be used when the
+ entire transport table did not exist.
+
+ A non-null <i>transport</i> field with a null <i>nexthop</i> field resets the nexthop
+ information to the recipient domain.
+
+ A null <i>transport</i> field with non-null <i>nexthop</i> field does not modify the
+ transport information.
+
+<b>EXAMPLES</b>
+ In order to deliver internal mail directly, while using a mail relay
+ for all other mail, specify a null entry for internal destinations (do
+ not change the delivery transport or the nexthop information) and spec-
+ ify a wildcard for all other destinations.
+
+ <b>my.domain :</b>
+ <b>.my.domain :</b>
+ <b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
+
+ In order to send mail for <b>example.com</b> and its subdomains via the <b>uucp</b>
+ transport to the UUCP host named <b>example</b>:
+
+ <b>example.com uucp:example</b>
+ <b>.example.com uucp:example</b>
+
+ When no nexthop host name is specified, the destination domain name is
+ used instead. For example, the following directs mail for <i>user</i>@<b>exam-</b>
+ <b>ple.com</b> via the <b>slow</b> transport to a mail exchanger for <b>example.com</b>.
+ The <b>slow</b> transport could be configured to run at most one delivery
+ process at a time:
+
+ <b>example.com slow:</b>
+
+ When no transport is specified, Postfix uses the transport that matches
+ the address domain class (see DESCRIPTION above). The following sends
+ all mail for <b>example.com</b> and its subdomains to host <b>gateway.exam-</b>
+ <b>ple.com</b>:
+
+ <b>example.com :[gateway.example.com]</b>
+ <b>.example.com :[gateway.example.com]</b>
+
+ In the above example, the [] suppress MX lookups. This prevents mail
+ routing loops when your machine is primary MX host for <b>example.com</b>.
+
+ In the case of delivery via SMTP or LMTP, one may specify <i>host</i>:<i>service</i>
+ instead of just a host:
+
+ <b>example.com <a href="smtp.8.html">smtp</a>:bar.example:2025</b>
+
+ This directs mail for <i>user</i>@<b>example.com</b> to host <b>bar.example</b> port <b>2025</b>.
+ Instead of a numerical port a symbolic name may be used. Specify []
+ around the hostname if MX lookups must be disabled.
+
+ Deliveries via SMTP or LMTP support multiple destinations (Postfix &gt;=
+ 3.5):
+
+ <b>example.com <a href="smtp.8.html">smtp</a>:bar.example, foo.example</b>
+
+ This tries to deliver to <b>bar.example</b> before trying to deliver to
+ <b>foo.example</b>.
+
+ The error mailer can be used to bounce mail:
+
+ <b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not deliverable</b>
+
+ This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be bounced.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>some.domain.hierarchy</i> is not looked up
+ via its parent domains, nor is <i>user+foo@domain</i> looked up as
+ <i>user@domain</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> server disallows regular expression substitution
+ of $1 etc. in regular expression lookup tables, because that could open
+ a security hole (Postfix version 2.3 and later).
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
+
+ Each lookup operation uses the entire recipient address once. Thus,
+ <i>some.domain.hierarchy</i> is not looked up via its parent domains, nor is
+ <i>user+foo@domain</i> looked up as <i>user@domain</i>.
+
+ Results are the same as with indexed file lookups.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
+
+ <b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
+ The recipient of mail addressed to the null address.
+
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
+ explicit ".example.com" pattern.
+
+ <b><a href="postconf.5.html#transport_maps">transport_maps</a> (empty)</b>
+ Optional lookup tables with mappings from recipient address to
+ (message delivery transport, next-hop destination).
+
+<b>SEE ALSO</b>
+ <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, rewrite and resolve addresses
+ <a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> file format
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+
+<b>README FILES</b>
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="FILTER_README.html">FILTER_README</a>, external content filter
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TRANSPORT(5)
+</pre> </body> </html>
diff --git a/html/trivial-rewrite.8.html b/html/trivial-rewrite.8.html
new file mode 100644
index 0000000..1bcd8e7
--- /dev/null
+++ b/html/trivial-rewrite.8.html
@@ -0,0 +1,333 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - trivial-rewrite(8) </title>
+</head> <body> <pre>
+TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
+
+<b>NAME</b>
+ trivial-rewrite - Postfix address rewriting and resolving daemon
+
+<b>SYNOPSIS</b>
+ <b>trivial-rewrite</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon processes three types of client service
+ requests:
+
+ <b>rewrite</b> <i>context address</i>
+ Rewrite an address to standard form, according to the address
+ rewriting context:
+
+ <b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myorigin</a></b> or
+ <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses; do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and
+ <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> processing as described below, and
+ strip source routed addresses (<i>@site,@site:user@domain</i>)
+ to <i>user@domain</i> form.
+
+ <b>remote</b> Append the domain name specified with <b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-</b>
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a></b> to incomplete addresses. Otherwise the
+ result is identical to that of the <b>local</b> address rewrit-
+ ing context. This prevents Postfix from appending the
+ local domain to spam from poorly written remote clients.
+
+ <b>resolve</b> <i>sender address</i>
+ Resolve the address to a (<i>transport</i>, <i>nexthop</i>, <i>recipient</i>, <i>flags</i>)
+ quadruple. The meaning of the results is as follows:
+
+ <i>transport</i>
+ The delivery agent to use. This is the first field of an
+ entry in the <a href="master.5.html"><b>master.cf</b></a> file.
+
+ <i>nexthop</i>
+ The host to send to and optional delivery method informa-
+ tion.
+
+ <i>recipient</i>
+ The envelope recipient address that is passed on to <i>nex-</i>
+ <i>thop</i>.
+
+ <i>flags</i> The address class, whether the address requires relaying,
+ whether the address has problems, and whether the request
+ failed.
+
+ <b>verify</b> <i>sender address</i>
+ Resolve the address for address verification purposes.
+
+<b>SERVER PROCESS MANAGEMENT</b>
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> servers run under control by the Postfix <a href="master.8.html">mas-</a>
+ <a href="master.8.html">ter(8)</a> server. Each server can handle multiple simultaneous connec-
+ tions. When all servers are busy while a client connects, the master
+ creates a new server process, provided that the trivial-rewrite server
+ process limit is not exceeded. Each trivial-rewrite server terminates
+ after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b> clients of after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of
+ idle time.
+
+<b>STANDARDS</b>
+ None. The command does not interact with the outside world.
+
+<b>SECURITY</b>
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon is not security sensitive. By default,
+ this daemon does not talk to remote or local users. It can run at a
+ fixed low privilege in a chrooted environment.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>CONFIGURATION PARAMETERS</b>
+ On busy mail systems a long time may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change
+ affecting <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> is picked up. Use the command "<b>postfix</b>
+ <b>reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> (yes)</b>
+ Resolve a recipient address safely instead of correctly, by
+ looking inside quotes.
+
+ Available with Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#resolve_null_domain">resolve_null_domain</a> (no)</b>
+ Resolve an address that ends in the "@" null domain as if the
+ local hostname were specified, instead of rejecting the address
+ as invalid.
+
+ Available with Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> (no)</b>
+ Resolve "user@ipaddress" as "user@[ipaddress]", instead of
+ rejecting the address as invalid.
+
+ Available with Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
+ Allow a sender or recipient address to have `-' as the first
+ character.
+
+<b>ADDRESS REWRITING CONTROLS</b>
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> (yes)</b>
+ Enable the rewriting of the form "user%domain" to "user@domain".
+
+ <b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> (yes)</b>
+ With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to
+ mail addresses without domain information.
+
+ <b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> (Postfix</b> &gt;<b>= 3.0: no, Postfix</b> &lt; <b>3.0: yes)</b>
+ With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
+ addresses that have no ".domain" information.
+
+ <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
+ The set of characters that can separate an email address local-
+ part, user name, or a .forward file name from its extension.
+
+ <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a> (yes)</b>
+ Enable the rewriting of "site!user" into "user@site".
+
+ Available in Postfix 2.2 and later:
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
+
+<b>ROUTING CONTROLS</b>
+ The following is applicable to Postfix version 2.0 and later. Earlier
+ versions do not have support for: <a href="postconf.5.html#virtual_transport">virtual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>,
+ <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+ <b><a href="postconf.5.html#local_transport">local_transport</a> (<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for
+ [ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+ $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+
+ <b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
+ <b><a href="postconf.5.html#relay_transport">relay_transport</a> (relay)</b>
+ The default mail delivery transport and next-hop destination for
+ remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+
+ <b><a href="postconf.5.html#default_transport">default_transport</a> (smtp)</b>
+ The default mail delivery transport and next-hop destination for
+ destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+ $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail</a>-
+ <a href="postconf.5.html#virtual_mailbox_domains">box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
+ explicit ".example.com" pattern.
+
+ <b><a href="postconf.5.html#relayhost">relayhost</a> (empty)</b>
+ The next-hop destination(s) for non-local mail; overrides
+ non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses.
+
+ <b><a href="postconf.5.html#transport_maps">transport_maps</a> (empty)</b>
+ Optional lookup tables with mappings from recipient address to
+ (message delivery transport, next-hop destination).
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> (empty)</b>
+ A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
+ setting.
+
+ Available in Postfix version 2.5 and later:
+
+ <b><a href="postconf.5.html#empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> (</b>&lt;&gt;<b>)</b>
+ The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be
+ used instead of the null sender address.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> (</b>&lt;&gt;<b>)</b>
+ The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that
+ will be used instead of the null sender address.
+
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> (empty)</b>
+ A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a>
+ parameter setting.
+
+<b>ADDRESS VERIFICATION CONTROLS</b>
+ Postfix version 2.1 introduces sender and recipient address verifica-
+ tion. This feature is implemented by sending probe email messages that
+ are not actually delivered. By default, address verification probes
+ use the same route as regular mail. To override specific aspects of
+ message routing for address verification probes, specify one or more of
+ the following:
+
+ <b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
+ ification probes.
+
+ <b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
+ verification probes.
+
+ <b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
+ ification probes.
+
+ <b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
+ verification probes.
+
+ <b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
+ tion probes.
+
+ <b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
+ fication probes.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
+ for address verification probes.
+
+ Available in Postfix version 2.7 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+ setting for address verification probes.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
+ The recipient of mail addressed to the null address.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
+ Optional lookup tables with new contact information for users or
+ domains that no longer exist.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
+ Display the name of the recipient table in the "User unknown"
+ responses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="transport.5.html">transport(5)</a>, transport table format
+ <a href="relocated.5.html">relocated(5)</a>, format of the "user has moved" table
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, Postfix address classes howto
+ <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ TRIVIAL-REWRITE(8)
+</pre> </body> </html>
diff --git a/html/verify.8.html b/html/verify.8.html
new file mode 100644
index 0000000..8e8b451
--- /dev/null
+++ b/html/verify.8.html
@@ -0,0 +1,242 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - verify(8) </title>
+</head> <body> <pre>
+VERIFY(8) VERIFY(8)
+
+<b>NAME</b>
+ verify - Postfix address verification server
+
+<b>SYNOPSIS</b>
+ <b>verify</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a record of what
+ recipient addresses are known to be deliverable or undeliverable.
+
+ Addresses are verified by injecting probe messages into the Postfix
+ queue. Probe messages are run through all the routing and rewriting
+ machinery except for final delivery, and are discarded rather than
+ being deferred or bounced.
+
+ Address verification relies on the answer from the nearest MTA for the
+ specified address, and will therefore not detect all undeliverable
+ addresses.
+
+ The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by the Postfix
+ master server. It maintains an optional persistent database. To avoid
+ being interrupted by "postfix stop" in the middle of a database update,
+ the process runs in a separate process group.
+
+ The <a href="verify.8.html"><b>verify</b>(8)</a> server implements the following requests:
+
+ <b>update</b> <i>address status text</i>
+ Update the status and text of the specified address.
+
+ <b>query</b> <i>address</i>
+ Look up the <i>status</i> and <i>text</i> for the specified <i>address</i>. If the
+ status is unknown, a probe is sent and an "in progress" status
+ is returned.
+
+<b>SECURITY</b>
+ The address verification server is not security-sensitive. It does not
+ talk to the network, and it does not talk to local users. The verify
+ server can run chrooted at fixed low privilege.
+
+ The address verification server can be coerced to store unlimited
+ amounts of garbage. Limiting the cache expiry time trades one problem
+ (disk space exhaustion) for another one (poor response time to client
+ requests).
+
+ With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server no longer uses
+ root privileges when opening the <b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The
+ file should now be stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
+ migration aid, an attempt to open a cache file under a non-Postfix
+ directory is redirected to the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a
+ warning is logged.
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+
+<b>BUGS</b>
+ Address verification probe messages add additional traffic to the mail
+ queue. Recipient verification may cause an increased load on
+ down-stream servers in the case of a dictionary attack or a flood of
+ backscatter bounces. Sender address verification may cause your site
+ to be denylisted by some providers.
+
+ If the persistent database ever gets corrupted then the world comes to
+ an end and human intervention is needed. This violates a basic Postfix
+ principle.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> pro-
+ cesses are long-lived. Use the command "<b>postfix reload</b>" after a config-
+ uration change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>PROBE MESSAGE CONTROLS</b>
+ <b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
+ The sender address to use in address verification probes; prior
+ to Postfix 2.5 the default was "postmaster".
+
+ Available with Postfix 2.9 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
+ The time between changes in the time-dependent portion of
+ address verification probe sender addresses.
+
+<b>CACHE CONTROLS</b>
+ <b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
+ Lookup table for persistent address verification status storage.
+
+ <b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b>
+ The time after which a successful probe expires from the address
+ verification cache.
+
+ <b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b>
+ The time after which a successful address verification probe
+ needs to be refreshed.
+
+ <b><a href="postconf.5.html#address_verify_negative_cache">address_verify_negative_cache</a> (yes)</b>
+ Enable caching of failed address verification probe results.
+
+ <b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b>
+ The time after which a failed probe expires from the address
+ verification cache.
+
+ <b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b>
+ The time after which a failed address verification probe needs
+ to be refreshed.
+
+ Available with Postfix 2.7 and later:
+
+ <b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b>
+ The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address verification data-
+ base cleanup runs.
+
+<b>PROBE MESSAGE ROUTING CONTROLS</b>
+ By default, probe messages are delivered via the same route as regular
+ messages. The following parameters can be used to override specific
+ message routing mechanisms.
+
+ <b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
+ tion probes.
+
+ <b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
+ fication probes.
+
+ <b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
+ ification probes.
+
+ <b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
+ verification probes.
+
+ <b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
+ ification probes.
+
+ <b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
+ verification probes.
+
+ Available in Postfix 2.3 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
+ for address verification probes.
+
+ Available in Postfix 2.7 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+ setting for address verification probes.
+
+<b>SMTPUTF8 CONTROLS</b>
+ Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
+
+ <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
+ Detect that a message requires SMTPUTF8 support for the speci-
+ fied mail origin classes.
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ form that is used for DNS lookups.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix 3.3 and later:
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+<b>SEE ALSO</b>
+ <a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
+ <a href="cleanup.8.html">cleanup(8)</a>, enqueue Postfix message
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This service was introduced with Postfix version 2.1.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ VERIFY(8)
+</pre> </body> </html>
diff --git a/html/virtual.5.html b/html/virtual.5.html
new file mode 100644
index 0000000..7e9061e
--- /dev/null
+++ b/html/virtual.5.html
@@ -0,0 +1,295 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - virtual(5) </title>
+</head> <body> <pre>
+VIRTUAL(5) VIRTUAL(5)
+
+<b>NAME</b>
+ virtual - Postfix virtual alias table format
+
+<b>SYNOPSIS</b>
+ <b>postmap /etc/postfix/virtual</b>
+
+ <b>postmap -q "</b><i>string</i><b>" /etc/postfix/virtual</b>
+
+ <b>postmap -q - /etc/postfix/virtual</b> &lt;<i>inputfile</i>
+
+<b>DESCRIPTION</b>
+ The optional <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table rewrites recipient addresses for
+ all local, all virtual, and all remote mail destinations. This is
+ unlike the <a href="aliases.5.html"><b>aliases</b>(5)</a> table which is used only for <a href="local.8.html"><b>local</b>(8)</a> delivery.
+ This feature is implemented in the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon before
+ mail is queued.
+
+ Virtual aliasing is recursive; to terminate recursion for a specific
+ address, alias that address to itself.
+
+ The main applications of virtual aliasing are:
+
+ <b>o</b> To redirect mail for one address to one or more addresses.
+
+ <b>o</b> To implement virtual alias domains where all addresses are
+ aliased to addresses in other domains.
+
+ Virtual alias domains are not to be confused with the virtual
+ mailbox domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ mail delivery agent. With <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a>, each recipi-
+ ent address can have its own mailbox.
+
+ Virtual aliasing is applied only to recipient envelope addresses, and
+ does not affect message headers. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite
+ header and envelope addresses in general.
+
+ Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/virtual</b>" to rebuild an
+ indexed file after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to a TCP-based server. In those case, the lookups are done in
+ a slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+<b>CASE FOLDING</b>
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
+
+<b>TABLE FORMAT</b>
+ The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
+
+ <i>pattern address, address, ...</i>
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>address</i>.
+
+ blank lines and comments
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ multi-line text
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+<b>TABLE SEARCH ORDER</b>
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, each <i>user</i>@<i>domain</i> query produces a
+ sequence of query patterns as described below.
+
+ Each query pattern is sent to each specified lookup table before trying
+ the next query pattern, until a match is found.
+
+ <i>user</i>@<i>domain address, address, ...</i>
+ Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This form has the
+ highest precedence.
+
+ <i>user address, address, ...</i>
+ Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is equal to
+ $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is
+ listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+
+ This functionality overlaps with the functionality of the local
+ <i>aliases</i>(5) database. The difference is that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping
+ can be applied to non-local addresses.
+
+ @<i>domain address, address, ...</i>
+ Redirect mail for other users in <i>domain</i> to <i>address</i>. This form
+ has the lowest precedence.
+
+ Note: @<i>domain</i> is a wild-card. With this form, the Postfix SMTP
+ server accepts mail for any recipient in <i>domain</i>, regardless of
+ whether that recipient exists. This may turn your mail system
+ into a backscatter source: Postfix first accepts mail for
+ non-existent recipients and then tries to return that mail as
+ "undeliverable" to the often forged sender address.
+
+ To avoid backscatter with mail for a wild-card domain, replace
+ the wild-card mapping with explicit 1:1 mappings, or add a
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restriction for that domain:
+
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+ ...
+ <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+ <a href="postconf.5.html#check_recipient_access">check_recipient_access</a>
+ <a href="DATABASE_README.html#types">inline</a>:{example.com=<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>}
+ <a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> = 550
+
+ In the above example, Postfix may contact a remote server if the
+ recipient is aliased to a remote address.
+
+<b>RESULT ADDRESS REWRITING</b>
+ The lookup result is subject to address rewriting:
+
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>. This works only for the first
+ address in a multi-address lookup result.
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
+
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
+
+<b>ADDRESS EXTENSION</b>
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
+
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of a ta-
+ ble lookup.
+
+<b>VIRTUAL ALIAS DOMAINS</b>
+ Besides virtual aliases, the virtual alias table can also be used to
+ implement virtual alias domains. With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, all
+ recipient addresses are aliased to addresses in other domains.
+
+ Virtual alias domains are not to be confused with the virtual mailbox
+ domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery
+ agent. With <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a>, each recipient address can have
+ its own mailbox.
+
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its own user name
+ space. Local (i.e. non-virtual) usernames are not visible in a virtual
+ alias domain. In particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists
+ are not visible as <i>localname@virtual-alias.domain</i>.
+
+ Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
+
+ /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
+
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See the output
+ from "<b>postconf -m</b>" for available database types.
+
+ /etc/postfix/virtual:
+ <i>virtual-alias.domain anything</i> (right-hand content does not matter)
+ <i>postmaster@virtual-alias.domain postmaster</i>
+ <i>user1@virtual-alias.domain address1</i>
+ <i>user2@virtual-alias.domain address2, address3</i>
+
+ The <i>virtual-alias.domain anything</i> entry is required for a virtual alias
+ domain. <b>Without this entry, mail is rejected with "relay access</b>
+ <b>denied", or bounces with "mail loops back to myself".</b>
+
+ Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b>
+ or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
+
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the Postfix SMTP server accepts mail for
+ <i>known-user@virtual-alias.domain</i>, and rejects mail for <i>unknown-user</i>@<i>vir-</i>
+ <i>tual-alias.domain</i> as undeliverable.
+
+ Instead of specifying the virtual alias domain name via the <b><a href="postconf.5.html#virtual_alias_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a></b> table, you may also specify it via the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">vir-</b>
+ <b>tual_alias_domains</a></b> configuration parameter. This latter parameter uses
+ the same syntax as the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
+
+<b>REGULAR EXPRESSION TABLES</b>
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
+
+<b>TCP-BASED TABLES</b>
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is
+ available in Postfix 2.5 and later.
+
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Results are the same as with indexed file lookups.
+
+<b>BUGS</b>
+ The table format does not understand quoting conventions.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this topic.
+ See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax details and for default values.
+ Use the "<b>postfix reload</b>" command after a configuration change.
+
+ <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote addresses.
+
+ <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
+ Postfix is the final destination for the specified list of vir-
+ tual alias domains, that is, domains for which all addresses are
+ aliased to addresses in other local or remote domains.
+
+ <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
+
+ Other parameters of interest:
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail system receives
+ mail on.
+
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
+
+ <b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
+
+ <b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
+ Enable special treatment for owner-<i>listname</i> entries in the
+ <a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ set to "-".
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
+
+<b>SEE ALSO</b>
+ <a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
+ <a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="canonical.5.html">canonical(5)</a>, canonical address mapping
+
+<b>README FILES</b>
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
+ <a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
+ <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ VIRTUAL(5)
+</pre> </body> </html>
diff --git a/html/virtual.8.html b/html/virtual.8.html
new file mode 100644
index 0000000..c6995c0
--- /dev/null
+++ b/html/virtual.8.html
@@ -0,0 +1,333 @@
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
+<title> Postfix manual - virtual(8) </title>
+</head> <body> <pre>
+VIRTUAL(8) VIRTUAL(8)
+
+<b>NAME</b>
+ virtual - Postfix virtual domain mail delivery agent
+
+<b>SYNOPSIS</b>
+ <b>virtual</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is designed for virtual mail hosting ser-
+ vices. Originally based on the Postfix <a href="local.8.html"><b>local</b>(8)</a> delivery agent, this
+ agent looks up recipients with map lookups of their full recipient
+ address, instead of using hard-coded unix password file lookups of the
+ address local part only.
+
+ This delivery agent only delivers mail. Other features such as mail
+ forwarding, out-of-office notifications, etc., must be configured via
+ virtual_alias maps or via similar lookup mechanisms.
+
+<b>MAILBOX LOCATION</b>
+ The mailbox location is controlled by the <b><a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a></b> configuration parameters (see below). The <b><a href="postconf.5.html#virtual_mailbox_maps">vir-</b>
+ <b>tual_mailbox_maps</a></b> table is indexed by the recipient address as
+ described under TABLE SEARCH ORDER below.
+
+ The mailbox pathname is constructed as follows:
+
+ <b>$<a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a>/$virtual_mailbox_maps(</b><i>recipient</i><b>)</b>
+
+ where <i>recipient</i> is the full recipient address.
+
+<b>UNIX MAILBOX FORMAT</b>
+ When the mailbox location does not end in <b>/</b>, the message is delivered
+ in UNIX mailbox format. This format stores multiple messages in one
+ textfile.
+
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" enve-
+ lope header to each message, prepends a <b>Delivered-To:</b> message header
+ with the envelope recipient address, prepends an <b>X-Original-To:</b> header
+ with the recipient address as given to Postfix, prepends a <b>Return-Path:</b>
+ message header with the envelope sender address, prepends a &gt; character
+ to lines beginning with "<b>From</b> ", and appends an empty line.
+
+ The mailbox is locked for exclusive access while delivery is in
+ progress. In case of problems, an attempt is made to truncate the mail-
+ box to its original length.
+
+<b>QMAIL MAILDIR FORMAT</b>
+ When the mailbox location ends in <b>/</b>, the message is delivered in qmail
+ <b>maildir</b> format. This format stores one message per file.
+
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a <b>Delivered-To:</b> message header
+ with the final envelope recipient address, prepends an <b>X-Original-To:</b>
+ header with the recipient address as given to Postfix, and prepends a
+ <b>Return-Path:</b> message header with the envelope sender address.
+
+ By definition, <b>maildir</b> format does not require application-level file
+ locking during mail delivery or retrieval.
+
+<b>MAILBOX OWNERSHIP</b>
+ Mailbox ownership is controlled by the <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b> and <b><a href="postconf.5.html#virtual_gid_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_gid_maps">tual_gid_maps</a></b> lookup tables, which are indexed with the full recipient
+ address. Each table provides a string with the numerical user and group
+ ID, respectively.
+
+ The <b><a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a></b> parameter imposes a lower bound on numerical
+ user ID values that may be specified in any <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b>.
+
+<b>CASE FOLDING</b>
+ All delivery decisions are made using the full recipient address,
+ folded to lower case. See also the next section for a few exceptions
+ with optional address extensions.
+
+<b>TABLE SEARCH ORDER</b>
+ Normally, a lookup table is specified as a text file that serves as
+ input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b> or
+ <b>db</b> format, is used for fast searching by the mail system.
+
+ The search order is as follows. The search stops upon the first suc-
+ cessful lookup.
+
+ <b>o</b> When the recipient has an optional address extension the
+ <i>user+extension@domain.tld</i> address is looked up first.
+
+ With Postfix versions before 2.1, the optional address extension
+ is always ignored.
+
+ <b>o</b> The <i>user@domain.tld</i> address, without address extension, is
+ looked up next.
+
+ <b>o</b> Finally, the recipient <i>@domain</i> is looked up.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, a table can be provided as a regular-expression map
+ where patterns are given as regular expressions. In that case, only the
+ full recipient address is given to the regular-expression map.
+
+<b>SECURITY</b>
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is not security sensitive, provided that
+ the lookup tables with recipient user/group ID information are ade-
+ quately protected. This program is not designed to run chrooted.
+
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in regular expression lookup tables, because that would open
+ a security hole.
+
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server. Instead it will open the table directly. Before
+ Postfix version 2.2, the virtual delivery agent will terminate with a
+ fatal error.
+
+<b>STANDARDS</b>
+ <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
+
+<b>DIAGNOSTICS</b>
+ Mail bounces when the recipient has no mailbox or when the recipient is
+ over disk quota. In all other problem cases, mail for an existing
+ recipient is deferred and a warning is logged.
+
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue afterwards.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
+
+<b>BUGS</b>
+ This delivery agent supports address extensions in email addresses and
+ in lookup table keys, but does not propagate address extension informa-
+ tion to the result of table lookup.
+
+ Postfix should have lookup tables that can return multiple result
+ attributes. In order to avoid the inconvenience of maintaining three
+ tables, use an LDAP or MYSQL database.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="virtual.8.html"><b>virtual</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
+
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
+
+<b>MAILBOX DELIVERY CONTROLS</b>
+ <b><a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> (empty)</b>
+ A prefix that the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends to all
+ pathname results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups.
+
+ <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
+ <b><a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> (100)</b>
+ The minimum user ID value that the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent
+ accepts as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup.
+
+ <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> (empty)</b>
+ Lookup tables with the per-recipient user ID that the <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ delivery agent uses while writing to the recipient's mailbox.
+
+ <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> (empty)</b>
+ Lookup tables with the per-recipient group ID for <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ mailbox delivery.
+
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
+ Postfix is the final destination for the specified list of
+ domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail
+ delivery transport.
+
+ <b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
+ Available in Postfix version 2.5.3 and later:
+
+ <b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
+
+<b>LOCKING CONTROLS</b>
+ <b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
+ How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before attempting
+ delivery.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
+ The maximal size in bytes of an individual <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox or
+ maildir file, or zero (no limit).
+
+ Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
+
+ <b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
+ tion via the virtual message delivery transport.
+
+ <b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ The maximal number of recipients per message for the virtual
+ message delivery transport.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information over an
+ internal communication channel.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue directory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
+ A prefix that is prepended to the process name in syslog
+ records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#virtual_delivery_status_filter">virtual_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
+ Optional filter for the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent to change the
+ delivery status code or explanatory text of successful or unsuc-
+ cessful deliveries.
+
+ Available in Postfix version 3.3 and later:
+
+ <b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
+ aliasing or with canonical mapping).
+
+ <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
+ The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
+
+ Available in Postfix 3.5 and later:
+
+ <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
+ The email address form that will be used in non-debug logging
+ (info, warning, etc.).
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or
+ "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate this information.
+ <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this software.
+
+<b>HISTORY</b>
+ This delivery agent was originally based on the Postfix local delivery
+ agent. Modifications mainly consisted of removing code that either was
+ not applicable or that was not safe in this context: aliases,
+ ~user/.forward files, delivery to "|command" or to /file/name.
+
+ The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
+ Bernstein.
+
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by Daniel Bernstein.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Wietse Venema
+ Google, Inc.
+ 111 8th Avenue
+ New York, NY 10011, USA
+
+ Andrew McNamara
+ andrewm@connect.com.au
+ connect.com.au Pty. Ltd.
+ Level 3, 213 Miller St
+ North Sydney 2060, NSW, Australia
+
+ VIRTUAL(8)
+</pre> </body> </html>