Postfix manual - smtp(8)

From 95f5f6d1c3aec1cb62525f5162e71a4157aca717 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 10:42:27 +0200 Subject: Merging upstream version 3.9.0. Signed-off-by: Daniel Baumann --- html/lmtp.8.html | 248 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 135 insertions(+), 113 deletions(-) (limited to 'html/lmtp.8.html') diff --git a/html/lmtp.8.html b/html/lmtp.8.html index 1144ee8..4cc187c 100644 --- a/html/lmtp.8.html +++ b/html/lmtp.8.html @@ -5,88 +5,100 @@ Postfix manual - smtp(8)
-SMTP(8)                                                                SMTP(8)
+SMTP,(LMTP)                                                        SMTP,(LMTP)
 
 NAME
-       smtp - Postfix SMTP+LMTP client
+       smtp, lmtp - Postfix SMTP+LMTP client
 
 SYNOPSIS
        smtp [generic Postfix daemon options] [flags=DORX]
 
+       lmtp [generic Postfix daemon options] [flags=DORX]
+
 DESCRIPTION
        The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
        protocols. It processes message delivery requests from the  queue  man-
        ager.  Each  request specifies a queue file, a sender address, a domain
        or host to deliver to, and recipient information.  This program expects
-       to be run from the master(8) process manager.
+       to be run from the master(8) process manager. The process name, smtp or
+       lmtp, controls the protocol, and the names of the configuration parame-
+       ters that will be used.
 
        The  SMTP+LMTP  client  updates  the queue file and marks recipients as
        finished, or it informs the queue manager that delivery should be tried
        again  at  a  later  time.  Delivery  status  reports  are  sent to the
        bounce(8), defer(8) or trace(8) daemon as appropriate.
 
-       The SMTP+LMTP client looks up a list of mail  exchanger  addresses  for
-       the  destination  host,  sorts  the list by preference, and connects to
-       each listed address until it finds a server that responds.
-
-       When a server is not reachable, or when mail delivery fails  due  to  a
-       recoverable  error  condition, the SMTP+LMTP client will try to deliver
-       the mail to an alternate host.
+       The server lookup strategy is different for SMTP and LMTP, as described
+       in the sections "SMTP SERVER LOOKUP" and "LMTP SERVER LOOKUP".
 
-       After a successful mail transaction, a connection may be saved  to  the
-       scache(8)  connection  cache  server,  so  that  it  may be used by any
+       After  a  successful mail transaction, a connection may be saved to the
+       scache(8) connection cache server, so  that  it  may  be  used  by  any
        SMTP+LMTP client for a subsequent transaction.
 
-       By default, connection caching is enabled temporarily for  destinations
+       By  default, connection caching is enabled temporarily for destinations
        that have a high volume of mail in the active queue. Connection caching
        can be enabled permanently for specific destinations.
 
-SMTP DESTINATION SYNTAX
-       The Postfix SMTP+LMTP client supports multiple  destinations  separated
-       by comma or whitespace (Postfix 3.5 and later).  SMTP destinations have
-       the following form:
+SMTP SERVER LOOKUP
+       The  Postfix  SMTP  client  supports multiple destinations separated by
+       comma or whitespace (Postfix 3.5 and later).  Each destination is tried
+       in the specified order.
+
+       SMTP destinations have the following form:
 
        domainname
 
-       domainname:port
-              Look up the mail exchangers for the specified domain,  and  con-
-              nect to the specified port (default: smtp).
+       domainname:service
+              Look  up  the mail exchangers for the specified domain, and con-
+              nect to the specified service (default: smtp).  Optionally, mail
+              exchangers may be looked up with SRV queries instead of MX; this
+              requires that service is given in symbolic form.
 
        [hostname]
 
-       [hostname]:port
-              Look  up  the  address(es) of the specified host, and connect to
-              the specified port (default: smtp).
+       [hostname]:service
+              Look up the address(es) for the specified host, and  connect  to
+              the specified service (default: smtp).
 
        [address]
 
-       [address]:port
+       [address]:service
               Connect to the host at the specified address, and connect to the
-              specified  port (default: smtp). An IPv6 address must be format-
-              ted as [ipv6:address].
+              specified service (default: smtp). An IPv6 address must be  for-
+              matted as [ipv6:address].
 
-LMTP DESTINATION SYNTAX
-       The Postfix SMTP+LMTP client supports multiple  destinations  separated
-       by comma or whitespace (Postfix 3.5 and later).  LMTP destinations have
-       the following form:
+LMTP SERVER LOOKUP
+       The  Postfix  LMTP  client  supports multiple destinations separated by
+       comma or whitespace (Postfix 3.5 and later).  Each destination is tried
+       in the specified order.
+
+       LMTP destinations have the following form:
 
        unix:pathname
-              Connect to the local UNIX-domain server that  is  bound  to  the
-              specified  pathname.  If  the process runs chrooted, an absolute
+              Connect  to  the  local  UNIX-domain server that is bound to the
+              specified pathname. If the process runs  chrooted,  an  absolute
               pathname is interpreted relative to the Postfix queue directory.
 
+       inet:domainname
+
+       inet:domainname:service
+              Look up the LMTP servers for the specified  domain  and  service
+              (default:  lmtp).   This  form is supported when SRV lookups are
+              enabled, and requires that service is in symbolic form.
+
        inet:hostname
 
-       inet:hostname:port
+       inet:hostname:service
+              Look up the address(es) for the specified host, and  connect  to
+              the  specified  service  (default:  lmtp).  When SRV lookups are
+              enabled, use the form [hostname] to force address lookups.
 
        inet:[address]
 
-       inet:[address]:port
-              Connect  to  the  specified  TCP  port on the specified local or
-              remote host. If no  port  is  specified,  connect  to  the  port
-              defined  as  lmtp  in services(4).  If no such service is found,
-              the lmtp_tcp_port configuration parameter (default value of  24)
-              will   be   used.    An   IPv6  address  must  be  formatted  as
+       inet:[address]:service
+              Connect to the  specified  local  or  remote  host  and  service
+              (default:   lmtp).    An  IPv6  address  must  be  formatted  as
               [ipv6:address].
 
 SINGLE-RECIPIENT DELIVERY
@@ -136,10 +148,9 @@ SMTP(8)                                                                SMTP(8)
                      This feature is available as of Postfix 3.5.
 
 SECURITY
-       The SMTP+LMTP client is moderately security-sensitive. It
-       talks to SMTP or LMTP servers and to DNS servers on the
-       network. The SMTP+LMTP client can be run chrooted at fixed
-       low privilege.
+       The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
+       or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
+       can be run chrooted at fixed low privilege.
 
 STANDARDS
        RFC 821 (SMTP protocol)
@@ -180,20 +191,19 @@ SMTP(8)                                                                SMTP(8)
        for all destinations that map onto the same IP address and TCP port.
 
 CONFIGURATION PARAMETERS
-       Before Postfix version 2.3, the LMTP client is a separate program  that
-       implements  only  a  subset  of  the functionality available with SMTP:
-       there is no support for TLS, and  connections  are  cached  in-process,
-       making it ineffective when the client is used for multiple domains.
+       Postfix versions 2.3 and later implement the SMTP and LMTP client  with
+       the  same program, and choose the protocol and configuration parameters
+       based on the process name, smtp or lmtp.
 
        Most smtp_xxx configuration parameters have an lmtp_xxx "mirror" param-
-       eter for the equivalent LMTP  feature.  This  document  describes  only
+       eter  for  the  equivalent  LMTP  feature. This document describes only
        those LMTP-related parameters that aren't simply "mirror" parameters.
 
-       Changes  to  main.cf  are picked up automatically, as smtp(8) processes
+       Changes to main.cf are picked up automatically,  as  smtp(8)  processes
        run for only a limited amount of time. Use the command "postfix reload"
        to speed up a change.
 
-       The  text  below provides only a parameter summary. See postconf(5) for
+       The text below provides only a parameter summary. See  postconf(5)  for
        more details including examples.
 
 COMPATIBILITY CONTROLS
@@ -214,8 +224,8 @@ SMTP(8)                                                                SMTP(8)
               will send via SMTP.
 
        smtp_pix_workaround_delay_time (10s)
-              How  long  the  Postfix  SMTP  client  pauses   before   sending
-              ".<CR><LF>"   in   order   to   work  around  the  PIX  firewall
+              How   long   the  Postfix  SMTP  client  pauses  before  sending
+              ".<CR><LF>"  in  order  to  work   around   the   PIX   firewall
               "<CR><LF>.<CR><LF>" bug.
 
        smtp_pix_workaround_threshold_time (500s)
@@ -224,19 +234,19 @@ SMTP(8)                                                                SMTP(8)
               delivery through firewalls with "smtp fixup" mode turned on.
 
        smtp_pix_workarounds (disable_esmtp, delay_dotcrlf)
-              A list that specifies zero or more  workarounds  for  CISCO  PIX
+              A  list  that  specifies  zero or more workarounds for CISCO PIX
               firewall bugs.
 
        smtp_pix_workaround_maps (empty)
-              Lookup  tables,  indexed by the remote SMTP server address, with
+              Lookup tables, indexed by the remote SMTP server  address,  with
               per-destination workarounds for CISCO PIX firewall bugs.
 
        smtp_quote_rfc821_envelope (yes)
-              Quote addresses in Postfix SMTP client MAIL  FROM  and  RCPT  TO
+              Quote  addresses  in  Postfix  SMTP client MAIL FROM and RCPT TO
               commands as required by RFC 5321.
 
        smtp_reply_filter (empty)
-              A  mechanism  to  transform replies from remote SMTP servers one
+              A mechanism to transform replies from remote  SMTP  servers  one
               line at a time.
 
        smtp_skip_5xx_greeting (yes)
@@ -248,68 +258,68 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.0 and earlier:
 
        smtp_skip_4xx_greeting (yes)
-              Skip SMTP servers that greet with a 4XX status  code  (go  away,
+              Skip  SMTP  servers  that greet with a 4XX status code (go away,
               try again later).
 
        Available in Postfix version 2.2 and later:
 
        smtp_discard_ehlo_keyword_address_maps (empty)
-              Lookup  tables,  indexed by the remote SMTP server address, with
-              case insensitive lists of EHLO keywords  (pipelining,  starttls,
+              Lookup tables, indexed by the remote SMTP server  address,  with
+              case  insensitive  lists of EHLO keywords (pipelining, starttls,
               auth, etc.) that the Postfix SMTP client will ignore in the EHLO
               response from a remote SMTP server.
 
        smtp_discard_ehlo_keywords (empty)
-              A case insensitive list of EHLO keywords (pipelining,  starttls,
+              A  case insensitive list of EHLO keywords (pipelining, starttls,
               auth, etc.) that the Postfix SMTP client will ignore in the EHLO
               response from a remote SMTP server.
 
        smtp_generic_maps (empty)
-              Optional lookup tables that perform  address  rewriting  in  the
-              Postfix  SMTP  client,  typically  to  transform a locally valid
-              address into a globally valid address when sending  mail  across
+              Optional  lookup  tables  that  perform address rewriting in the
+              Postfix SMTP client, typically  to  transform  a  locally  valid
+              address  into  a globally valid address when sending mail across
               the Internet.
 
        Available in Postfix version 2.2.9 and later:
 
        smtp_cname_overrides_servername (version dependent)
-              When  the  remote  SMTP  servername  is a DNS CNAME, replace the
-              servername with the result from CNAME expansion for the  purpose
-              of  logging,  SASL password lookup, TLS policy decisions, or TLS
+              When the remote SMTP servername is  a  DNS  CNAME,  replace  the
+              servername  with the result from CNAME expansion for the purpose
+              of logging, SASL password lookup, TLS policy decisions,  or  TLS
               certificate verification.
 
        Available in Postfix version 2.3 and later:
 
        lmtp_discard_lhlo_keyword_address_maps (empty)
-              Lookup tables, indexed by the remote LMTP server  address,  with
-              case  insensitive  lists of LHLO keywords (pipelining, starttls,
+              Lookup  tables,  indexed by the remote LMTP server address, with
+              case insensitive lists of LHLO keywords  (pipelining,  starttls,
               auth, etc.) that the Postfix LMTP client will ignore in the LHLO
               response from a remote LMTP server.
 
        lmtp_discard_lhlo_keywords (empty)
-              A  case insensitive list of LHLO keywords (pipelining, starttls,
+              A case insensitive list of LHLO keywords (pipelining,  starttls,
               auth, etc.) that the Postfix LMTP client will ignore in the LHLO
               response from a remote LMTP server.
 
        Available in Postfix version 2.4.4 and later:
 
        send_cyrus_sasl_authzid (no)
-              When  authenticating  to  a  remote SMTP or LMTP server with the
-              default setting "no", send no SASL authoriZation  ID  (authzid);
-              send  only  the  SASL authentiCation ID (authcid) plus the auth-
+              When authenticating to a remote SMTP or  LMTP  server  with  the
+              default  setting  "no", send no SASL authoriZation ID (authzid);
+              send only the SASL authentiCation ID (authcid)  plus  the  auth-
               cid's password.
 
        Available in Postfix version 2.5 and later:
 
        smtp_header_checks (empty)
-              Restricted header_checks(5) tables for the Postfix SMTP  client.
+              Restricted  header_checks(5) tables for the Postfix SMTP client.
 
        smtp_mime_header_checks (empty)
-              Restricted  mime_header_checks(5)  tables  for  the Postfix SMTP
+              Restricted mime_header_checks(5) tables  for  the  Postfix  SMTP
               client.
 
        smtp_nested_header_checks (empty)
-              Restricted nested_header_checks(5) tables for the  Postfix  SMTP
+              Restricted  nested_header_checks(5)  tables for the Postfix SMTP
               client.
 
        smtp_body_checks (empty)
@@ -318,7 +328,7 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.6 and later:
 
        tcp_windowsize (0)
-              An  optional  workaround for routers that break TCP window scal-
+              An optional workaround for routers that break TCP  window  scal-
               ing.
 
        Available in Postfix version 2.8 and later:
@@ -329,16 +339,16 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.9 - 3.6:
 
        smtp_per_record_deadline (no)
-              Change the behavior of the smtp_*_timeout time  limits,  from  a
-              time  limit  per  read  or write system call, to a time limit to
-              send or receive a complete record (an SMTP  command  line,  SMTP
-              response  line,  SMTP message content line, or TLS protocol mes-
+              Change  the  behavior  of the smtp_*_timeout time limits, from a
+              time limit per read or write system call, to  a  time  limit  to
+              send  or  receive  a complete record (an SMTP command line, SMTP
+              response line, SMTP message content line, or TLS  protocol  mes-
               sage).
 
        Available in Postfix version 2.9 and later:
 
        smtp_send_dummy_mail_auth (no)
-              Whether or not to append the "AUTH=<>" option to the  MAIL  FROM
+              Whether  or  not to append the "AUTH=<>" option to the MAIL FROM
               command in SASL-authenticated SMTP sessions.
 
        Available in Postfix version 2.11 and later:
@@ -349,7 +359,7 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 3.0 and later:
 
        smtp_delivery_status_filter ($default_delivery_status_filter)
-              Optional  filter  for  the  smtp(8) delivery agent to change the
+              Optional filter for the smtp(8) delivery  agent  to  change  the
               delivery status code or explanatory text of successful or unsuc-
               cessful deliveries.
 
@@ -359,38 +369,38 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 3.3 and later:
 
        smtp_balance_inet_protocols (yes)
-              When  a remote destination resolves to a combination of IPv4 and
+              When a remote destination resolves to a combination of IPv4  and
               IPv6 addresses, ensure that the Postfix SMTP client can try both
               address types before it runs into the smtp_mx_address_limit.
 
        Available in Postfix 3.5 and later:
 
        info_log_address_format (external)
-              The  email  address  form that will be used in non-debug logging
+              The email address form that will be used  in  non-debug  logging
               (info, warning, etc.).
 
        Available in Postfix 3.6 and later:
 
        dnssec_probe (ns:.)
-              The DNS query type (default: "ns") and DNS query name  (default:
+              The  DNS query type (default: "ns") and DNS query name (default:
               ".") that Postfix may use to determine whether DNSSEC validation
               is available.
 
-       known_tcp_ports  (lmtp=24,  smtp=25,   smtps=submissions=465,   submis-
+       known_tcp_ports   (lmtp=24,   smtp=25,  smtps=submissions=465,  submis-
        sion=587)
-              Optional setting that avoids lookups in  the  services(5)  data-
+              Optional  setting  that  avoids lookups in the services(5) data-
               base.
 
        Available in Postfix version 3.7 and later:
 
        smtp_per_request_deadline (no)
-              Change  the  behavior  of the smtp_*_timeout time limits, from a
-              time limit per plaintext or TLS read or write call,  to  a  com-
-              bined  time  limit  for  sending a complete SMTP request and for
+              Change the behavior of the smtp_*_timeout time  limits,  from  a
+              time  limit  per  plaintext or TLS read or write call, to a com-
+              bined time limit for sending a complete  SMTP  request  and  for
               receiving a complete SMTP response.
 
        smtp_min_data_rate (500)
-              The minimum plaintext data transfer  rate  in  bytes/second  for
+              The  minimum  plaintext  data  transfer rate in bytes/second for
               DATA    requests,    when    deadlines    are    enabled    with
               smtp_per_request_deadline.
 
@@ -400,16 +410,16 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 3.8 and later:
 
        use_srv_lookup (empty)
-              Enables discovery for the specified  service(s)  using  DNS  SRV
+              Enables  discovery  for  the  specified service(s) using DNS SRV
               records.
 
        ignore_srv_lookup_error (no)
-              When  SRV  record  lookup  fails,  fall back to MX or IP address
+              When SRV record lookup fails, fall back  to  MX  or  IP  address
               lookup as if SRV record lookup was not enabled.
 
        allow_srv_lookup_fallback (no)
-              When SRV record lookup fails or no SRV record exists, fall  back
-              to  MX  or  IP  address  lookup  as if SRV record lookup was not
+              When  SRV record lookup fails or no SRV record exists, fall back
+              to MX or IP address lookup as  if  SRV  record  lookup  was  not
               enabled.
 
 MIME PROCESSING CONTROLS
@@ -428,7 +438,7 @@ SMTP(8)                                                                SMTP(8)
        Available in Postfix version 2.1 and later:
 
        smtp_send_xforward_command (no)
-              Send  the  non-standard  XFORWARD  command when the Postfix SMTP
+              Send the non-standard XFORWARD command  when  the  Postfix  SMTP
               server EHLO response announces XFORWARD support.
 
 SASL AUTHENTICATION CONTROLS
@@ -436,60 +446,66 @@ SMTP(8)                                                                SMTP(8)
               Enable SASL authentication in the Postfix SMTP client.
 
        smtp_sasl_password_maps (empty)
-              Optional Postfix  SMTP  client  lookup  tables  with  one  user-
-              name:password  entry  per  sender,  remote  hostname or next-hop
+              Optional  Postfix  SMTP  client  lookup  tables  with  one user-
+              name:password entry per  sender,  remote  hostname  or  next-hop
               domain.
 
        smtp_sasl_security_options (noplaintext, noanonymous)
               Postfix SMTP client SASL security options; as of Postfix 2.3 the
-              list  of available features depends on the SASL client implemen-
+              list of available features depends on the SASL client  implemen-
               tation that is selected with smtp_sasl_type.
 
        Available in Postfix version 2.2 and later:
 
        smtp_sasl_mechanism_filter (empty)
-              If non-empty, a Postfix SMTP client filter for the  remote  SMTP
+              If  non-empty,  a Postfix SMTP client filter for the remote SMTP
               server's list of offered SASL mechanisms.
 
        Available in Postfix version 2.3 and later:
 
        smtp_sender_dependent_authentication (no)
               Enable  sender-dependent  authentication  in  the  Postfix  SMTP
-              client; this is available only  with  SASL  authentication,  and
-              disables  SMTP  connection caching to ensure that mail from dif-
+              client;  this  is  available  only with SASL authentication, and
+              disables SMTP connection caching to ensure that mail  from  dif-
               ferent senders will use the appropriate credentials.
 
        smtp_sasl_path (empty)
               Implementation-specific information that the Postfix SMTP client
-              passes  through  to  the  SASL  plug-in  implementation  that is
+              passes through  to  the  SASL  plug-in  implementation  that  is
               selected with smtp_sasl_type.
 
        smtp_sasl_type (cyrus)
-              The SASL plug-in type that the Postfix SMTP  client  should  use
+              The  SASL  plug-in  type that the Postfix SMTP client should use
               for authentication.
 
        Available in Postfix version 2.5 and later:
 
        smtp_sasl_auth_cache_name (empty)
-              An  optional table to prevent repeated SASL authentication fail-
-              ures with the same remote SMTP  server  hostname,  username  and
+              An optional table to prevent repeated SASL authentication  fail-
+              ures  with  the  same  remote SMTP server hostname, username and
               password.
 
        smtp_sasl_auth_cache_time (90d)
-              The  maximal age of an smtp_sasl_auth_cache_name entry before it
+              The maximal age of an smtp_sasl_auth_cache_name entry before  it
               is removed.
 
        smtp_sasl_auth_soft_bounce (yes)
-              When a remote SMTP server rejects a SASL authentication  request
-              with  a 535 reply code, defer mail delivery instead of returning
+              When  a remote SMTP server rejects a SASL authentication request
+              with a 535 reply code, defer mail delivery instead of  returning
               mail as undeliverable.
 
        Available in Postfix version 2.9 and later:
 
        smtp_send_dummy_mail_auth (no)
-              Whether or not to append the "AUTH=<>" option to the  MAIL  FROM
+              Whether  or  not to append the "AUTH=<>" option to the MAIL FROM
               command in SASL-authenticated SMTP sessions.
 
+       Available in Postfix version 3.9 and later:
+
+       smtp_sasl_password_result_delimiter (:)
+              The delimiter between username and password in  sasl_passwd_maps
+              lookup results.
+
 STARTTLS SUPPORT CONTROLS
        Detailed  information  about STARTTLS configuration may be found in the
        TLS_README document.
@@ -619,7 +635,7 @@ SMTP(8)                                                                SMTP(8)
 
        Available in Postfix version 2.6 and later:
 
-       smtp_tls_protocols (see postconf -d output)
+       smtp_tls_protocols (see 'postconf -d' output)
               TLS  protocols that the Postfix SMTP client will use with oppor-
               tunistic TLS encryption.
 
@@ -724,6 +740,12 @@ SMTP(8)                                                                SMTP(8)
               The application name passed by Postfix to OpenSSL  library  ini-
               tialization functions.
 
+       Available in Postfix version 3.9 and later:
+
+       smtp_tls_enable_rpk (no)
+              Request  that remote SMTP servers send an RFC7250 raw public key
+              instead of an X.509 certificate.
+
 OBSOLETE STARTTLS CONTROLS
        The following configuration parameters  exist  for  compatibility  with
        Postfix  versions  before  2.3.  Support for these will be removed in a
@@ -954,7 +976,7 @@ SMTP(8)                                                                SMTP(8)
               The  local  network  interface  addresses  that this mail system
               receives mail on.
 
-       inet_protocols (see 'postconf -d output')
+       inet_protocols (see 'postconf -d' output)
               The Internet protocols Postfix will attempt to use  when  making
               or accepting connections.
 
@@ -1119,5 +1141,5 @@ SMTP(8)                                                                SMTP(8)
        Victor Duchovni
        Morgan Stanley
 
-                                                                       SMTP(8)
+                                       8                           SMTP,(LMTP)
-- cgit v1.2.3