diff options
Diffstat (limited to 'html/lmtp.8.html')
-rw-r--r-- | html/lmtp.8.html | 1092 |
1 files changed, 1092 insertions, 0 deletions
diff --git a/html/lmtp.8.html b/html/lmtp.8.html new file mode 100644 index 0000000..8593cde --- /dev/null +++ b/html/lmtp.8.html @@ -0,0 +1,1092 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> +<html> <head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<title> Postfix manual - smtp(8) </title> +</head> <body> <pre> +SMTP(8) SMTP(8) + +<b>NAME</b> + smtp - Postfix SMTP+LMTP client + +<b>SYNOPSIS</b> + <b>smtp</b> [generic Postfix daemon options] [flags=DORX] + +<b>DESCRIPTION</b> + The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery + protocols. It processes message delivery requests from the queue man- + ager. Each request specifies a queue file, a sender address, a domain + or host to deliver to, and recipient information. This program expects + to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. + + The SMTP+LMTP client updates the queue file and marks recipients as + finished, or it informs the queue manager that delivery should be tried + again at a later time. Delivery status reports are sent to the + <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate. + + The SMTP+LMTP client looks up a list of mail exchanger addresses for + the destination host, sorts the list by preference, and connects to + each listed address until it finds a server that responds. + + When a server is not reachable, or when mail delivery fails due to a + recoverable error condition, the SMTP+LMTP client will try to deliver + the mail to an alternate host. + + After a successful mail transaction, a connection may be saved to the + <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any + SMTP+LMTP client for a subsequent transaction. + + By default, connection caching is enabled temporarily for destinations + that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching + can be enabled permanently for specific destinations. + +<b>SMTP DESTINATION SYNTAX</b> + The Postfix SMTP+LMTP client supports multiple destinations separated + by comma or whitespace (Postfix 3.5 and later). SMTP destinations have + the following form: + + <i>domainname</i> + + <i>domainname</i>:<i>port</i> + Look up the mail exchangers for the specified domain, and con- + nect to the specified port (default: <b>smtp</b>). + + [<i>hostname</i>] + + [<i>hostname</i>]:<i>port</i> + Look up the address(es) of the specified host, and connect to + the specified port (default: <b>smtp</b>). + + [<i>address</i>] + + [<i>address</i>]:<i>port</i> + Connect to the host at the specified address, and connect to the + specified port (default: <b>smtp</b>). An IPv6 address must be format- + ted as [<b>ipv6</b>:<i>address</i>]. + +<b>LMTP DESTINATION SYNTAX</b> + The Postfix SMTP+LMTP client supports multiple destinations separated + by comma or whitespace (Postfix 3.5 and later). LMTP destinations have + the following form: + + <b>unix</b>:<i>pathname</i> + Connect to the local UNIX-domain server that is bound to the + specified <i>pathname</i>. If the process runs chrooted, an absolute + pathname is interpreted relative to the Postfix queue directory. + + <b>inet</b>:<i>hostname</i> + + <b>inet</b>:<i>hostname</i>:<i>port</i> + + <b>inet</b>:[<i>address</i>] + + <b>inet</b>:[<i>address</i>]:<i>port</i> + Connect to the specified TCP port on the specified local or + remote host. If no port is specified, connect to the port + defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found, + the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24) + will be used. An IPv6 address must be formatted as + [<b>ipv6</b>:<i>address</i>]. + +<b>SINGLE-RECIPIENT DELIVERY</b> + By default, the Postfix SMTP+LMTP client delivers mail to multiple + recipients per delivery request. This is undesirable when prepending a + <b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from + sending multiple recipients per delivery request, specify + + <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b> + + in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first + column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service. + +<b>COMMAND ATTRIBUTE SYNTAX</b> + <b>flags=DORX</b> (optional) + Optional message processing flags. + + <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with + the envelope recipient address. Note: for this to work, + the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see + SINGLE-RECIPIENT DELIVERY above for details). + + The <b>D</b> flag also enforces loop detection: if a message + already contains a <b>Delivered-To:</b> header with the same + recipient address, then the message is returned as unde- + liverable. The address comparison is case insensitive. + + This feature is available as of Postfix 3.5. + + <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with + the recipient address as given to Postfix. Note: for this + to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must + be 1 (see SINGLE-RECIPIENT DELIVERY above for details). + + This feature is available as of Postfix 3.5. + + <b>R</b> Prepend a "<b>Return-Path:</b> <<i>sender</i>>" message header with the + envelope sender address. + + This feature is available as of Postfix 3.5. + + <b>X</b> Indicates that the delivery is final. This flag affects + the status reported in "success" DSN (delivery status + notification) messages, and changes it from "relayed" + into "delivered". + + This feature is available as of Postfix 3.5. + +<b>SECURITY</b> + The SMTP+LMTP client is moderately security-sensitive. It + talks to SMTP or LMTP servers and to DNS servers on the + network. The SMTP+LMTP client can be run chrooted at fixed + low privilege. + +<b>STANDARDS</b> + <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol) + <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages) + <a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions) + <a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport) + <a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration) + <a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol) + <a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes) + <a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies) + <a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types) + <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command) + <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol) + <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining) + <a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command) + <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension) + <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes) + <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command) + <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol) + <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) + <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) + <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) + +<b>DIAGNOSTICS</b> + Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. + Corrupted message files are marked so that the queue manager can move + them to the <b>corrupt</b> queue for further inspection. + + Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas- + ter is notified of bounces, protocol problems, and of other trouble. + +<b>BUGS</b> + SMTP and LMTP connection reuse for TLS (without closing the SMTP or + LMTP connection) is not supported before Postfix 3.4. + + SMTP and LMTP connection reuse assumes that SASL credentials are valid + for all destinations that map onto the same IP address and TCP port. + +<b>CONFIGURATION PARAMETERS</b> + Before Postfix version 2.3, the LMTP client is a separate program that + implements only a subset of the functionality available with SMTP: + there is no support for TLS, and connections are cached in-process, + making it ineffective when the client is used for multiple domains. + + Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param- + eter for the equivalent LMTP feature. This document describes only + those LMTP-related parameters that aren't simply "mirror" parameters. + + Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes + run for only a limited amount of time. Use the command "<b>postfix reload</b>" + to speed up a change. + + The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for + more details including examples. + +<b>COMPATIBILITY CONTROLS</b> + <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b> + Ignore DNS MX lookups that produce no response. + + <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b> + Always send EHLO at the start of an SMTP session. + + <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b> + Never send EHLO at the start of an SMTP session. + + <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b> + Defer mail delivery when no MX record resolves to an IP address. + + <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b> + The maximal length of message header and body lines that Postfix + will send via SMTP. + + <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b> + How long the Postfix SMTP client pauses before sending + ".<CR><LF>" in order to work around the PIX firewall + "<CR><LF>.<CR><LF>" bug. + + <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b> + How long a message must be queued before the Postfix SMTP client + turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for + delivery through firewalls with "smtp fixup" mode turned on. + + <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b> + A list that specifies zero or more workarounds for CISCO PIX + firewall bugs. + + <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b> + Lookup tables, indexed by the remote SMTP server address, with + per-destination workarounds for CISCO PIX firewall bugs. + + <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b> + Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO + commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. + + <b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b> + A mechanism to transform replies from remote SMTP servers one + line at a time. + + <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b> + Skip remote SMTP servers that greet with a 5XX status code. + + <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b> + Do not wait for the response to the SMTP QUIT command. + + Available in Postfix version 2.0 and earlier: + + <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b> + Skip SMTP servers that greet with a 4XX status code (go away, + try again later). + + Available in Postfix version 2.2 and later: + + <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b> + Lookup tables, indexed by the remote SMTP server address, with + case insensitive lists of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO + response from a remote SMTP server. + + <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b> + A case insensitive list of EHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix SMTP client will ignore in the EHLO + response from a remote SMTP server. + + <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b> + Optional lookup tables that perform address rewriting in the + Postfix SMTP client, typically to transform a locally valid + address into a globally valid address when sending mail across + the Internet. + + Available in Postfix version 2.2.9 and later: + + <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b> + When the remote SMTP servername is a DNS CNAME, replace the + servername with the result from CNAME expansion for the purpose + of logging, SASL password lookup, TLS policy decisions, or TLS + certificate verification. + + Available in Postfix version 2.3 and later: + + <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b> + Lookup tables, indexed by the remote LMTP server address, with + case insensitive lists of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO + response from a remote LMTP server. + + <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b> + A case insensitive list of LHLO keywords (pipelining, starttls, + auth, etc.) that the Postfix LMTP client will ignore in the LHLO + response from a remote LMTP server. + + Available in Postfix version 2.4.4 and later: + + <b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b> + When authenticating to a remote SMTP or LMTP server with the + default setting "no", send no SASL authoriZation ID (authzid); + send only the SASL authentiCation ID (authcid) plus the auth- + cid's password. + + Available in Postfix version 2.5 and later: + + <b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b> + Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client. + + <b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b> + Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP + client. + + <b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b> + Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP + client. + + <b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b> + Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client. + + Available in Postfix version 2.6 and later: + + <b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b> + An optional workaround for routers that break TCP window scal- + ing. + + Available in Postfix version 2.8 and later: + + <b><a href="postconf.5.html#smtp_dns_resolver_options">smtp_dns_resolver_options</a> (empty)</b> + DNS Resolver options for the Postfix SMTP client. + + Available in Postfix version 2.9 - 3.6: + + <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- + sage). + + Available in Postfix version 2.9 and later: + + <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. + + Available in Postfix version 2.11 and later: + + <b><a href="postconf.5.html#smtp_dns_support_level">smtp_dns_support_level</a> (empty)</b> + Level of DNS support in the Postfix SMTP client. + + Available in Postfix version 3.0 and later: + + <b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b> + Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the + delivery status code or explanatory text of successful or unsuc- + cessful deliveries. + + <b><a href="postconf.5.html#smtp_dns_reply_filter">smtp_dns_reply_filter</a> (empty)</b> + Optional filter for Postfix SMTP client DNS lookup results. + + Available in Postfix version 3.3 and later: + + <b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b> + When a remote destination resolves to a combination of IPv4 and + IPv6 addresses, ensure that the Postfix SMTP client can try both + address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>. + + Available in Postfix 3.5 and later: + + <b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b> + The email address form that will be used in non-debug logging + (info, warning, etc.). + + Available in Postfix 3.6 and later: + + <b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b> + The DNS query type (default: "ns") and DNS query name (default: + ".") that Postfix may use to determine whether DNSSEC validation + is available. + + <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b> + <b>sion=587)</b> + Optional setting that avoids lookups in the <b>services</b>(5) data- + base. + + Available in Postfix version 3.7 and later: + + <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for + receiving a complete SMTP response. + + <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> + The minimum plaintext data transfer rate in bytes/second for + DATA requests, when deadlines are enabled with + <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. + + <b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b> + The format of the Postfix-generated <b>From:</b> header. + +<b>MIME PROCESSING CONTROLS</b> + Available in Postfix version 2.0 and later: + + <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b> + Disable the conversion of 8BITMIME format to 7BIT format. + + <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b> + The maximal length of MIME multipart boundary strings. + + <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b> + The maximal recursion level that the MIME processor will handle. + +<b>EXTERNAL CONTENT INSPECTION CONTROLS</b> + Available in Postfix version 2.1 and later: + + <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b> + Send the non-standard XFORWARD command when the Postfix SMTP + server EHLO response announces XFORWARD support. + +<b>SASL AUTHENTICATION CONTROLS</b> + <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b> + Enable SASL authentication in the Postfix SMTP client. + + <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b> + Optional Postfix SMTP client lookup tables with one user- + name:password entry per sender, remote hostname or next-hop + domain. + + <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b> + Postfix SMTP client SASL security options; as of Postfix 2.3 the + list of available features depends on the SASL client implemen- + tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. + + Available in Postfix version 2.2 and later: + + <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b> + If non-empty, a Postfix SMTP client filter for the remote SMTP + server's list of offered SASL mechanisms. + + Available in Postfix version 2.3 and later: + + <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b> + Enable sender-dependent authentication in the Postfix SMTP + client; this is available only with SASL authentication, and + disables SMTP connection caching to ensure that mail from dif- + ferent senders will use the appropriate credentials. + + <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b> + Implementation-specific information that the Postfix SMTP client + passes through to the SASL plug-in implementation that is + selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>. + + <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b> + The SASL plug-in type that the Postfix SMTP client should use + for authentication. + + Available in Postfix version 2.5 and later: + + <b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b> + An optional table to prevent repeated SASL authentication fail- + ures with the same remote SMTP server hostname, username and + password. + + <b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b> + The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it + is removed. + + <b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b> + When a remote SMTP server rejects a SASL authentication request + with a 535 reply code, defer mail delivery instead of returning + mail as undeliverable. + + Available in Postfix version 2.9 and later: + + <b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b> + Whether or not to append the "AUTH=<>" option to the MAIL FROM + command in SASL-authenticated SMTP sessions. + +<b>STARTTLS SUPPORT CONTROLS</b> + Detailed information about STARTTLS configuration may be found in the + <a href="TLS_README.html">TLS_README</a> document. + + <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b> + The default SMTP TLS security level for the Postfix SMTP client; + when a non-empty value is specified, this overrides the obsolete + parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and + <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. + + <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b> + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions. + + <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b> + Time limit for Postfix SMTP client write and read operations + during TLS startup and shutdown handshake procedures. + + <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b> + A file containing CA certificates of root CAs trusted to sign + either remote SMTP server certificates or intermediate CA cer- + tificates. + + <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b> + Directory with PEM format Certification Authority certificates + that the Postfix SMTP client uses to verify a remote SMTP server + certificate. + + <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b> + File with the Postfix SMTP client RSA certificate in PEM format. + + <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b> + The minimum TLS cipher grade that the Postfix SMTP client will + use with mandatory TLS encryption. + + <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b> + List of ciphers or cipher types to exclude from the Postfix SMTP + client cipher list at all TLS security levels. + + <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b> + Additional list of ciphers or cipher types to exclude from the + Postfix SMTP client cipher list at mandatory TLS security lev- + els. + + <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b> + File with the Postfix SMTP client DSA certificate in PEM format. + + <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b> + File with the Postfix SMTP client DSA private key in PEM format. + + <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b> + File with the Postfix SMTP client RSA private key in PEM format. + + <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b> + Enable additional Postfix SMTP client logging of TLS activity. + + <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b> + Log the hostname of a remote SMTP server that offers STARTTLS, + when TLS is not already enabled for that server. + + <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b> + Optional lookup tables with the Postfix SMTP client TLS security + policy by next-hop destination; when a non-empty value is speci- + fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter. + + <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b> + TLS protocols that the Postfix SMTP client will use with manda- + tory TLS encryption. + + <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b> + The verification depth for remote SMTP server certificates. + + <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b> + How the Postfix SMTP client verifies the server certificate + peername for the "secure" TLS security level. + + <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b> + Name of the file containing the optional Postfix SMTP client TLS + session cache. + + <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b> + The expiration time of Postfix SMTP client TLS session cache + information. + + <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b> + How the Postfix SMTP client verifies the server certificate + peername for the "verify" TLS security level. + + <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b> + The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> + process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its + internal pseudo random number generator (PRNG). + + <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b> + The OpenSSL cipherlist for "high" grade ciphers. + + <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b> + The OpenSSL cipherlist for "medium" or higher grade ciphers. + + <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b> + The OpenSSL cipherlist for "low" or higher grade ciphers. + + <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b> + The OpenSSL cipherlist for "export" or higher grade ciphers. + + <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b> + The OpenSSL cipherlist for "NULL" grade ciphers that provide + authentication without encryption. + + Available in Postfix version 2.4 and later: + + <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b> + <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b> + The SASL authentication security options that the Postfix SMTP + client uses for TLS encrypted SMTP sessions with a verified + server certificate. + + Available in Postfix version 2.5 and later: + + <b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b> + List of acceptable remote SMTP server certificate fingerprints + for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b> + <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint). + + <b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b> + The message digest algorithm used to construct remote SMTP + server certificate fingerprints. + + Available in Postfix version 2.6 and later: + + <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see postconf -d output)</b> + TLS protocols that the Postfix SMTP client will use with oppor- + tunistic TLS encryption. + + <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b> + The minimum TLS cipher grade that the Postfix SMTP client will + use with opportunistic TLS encryption. + + <b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b> + File with the Postfix SMTP client ECDSA certificate in PEM for- + mat. + + <b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b> + File with the Postfix SMTP client ECDSA private key in PEM for- + mat. + + Available in Postfix version 2.7 and later: + + <b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b> + Try to detect a mail hijacking attack based on a TLS protocol + vulnerability (CVE-2009-3555), where an attacker prepends mali- + cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client + TLS session. + + Available in Postfix version 2.8 and later: + + <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b> + List or bit-mask of OpenSSL bug work-arounds to disable. + + Available in Postfix version 2.11-3.1: + + <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b> + Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility. + + <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b> + Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain + digests of trust-anchors with certificate usage "2". + + Available in Postfix version 2.11 and later: + + <b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b> + Zero or more PEM-format files with trust-anchor certificates + and/or public keys. + + <b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b> + Lookup the associated DANE TLSA RRset even when a hostname is + not an alias and its address records lie in an unsigned zone. + + <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b> + The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>. + + Available in Postfix version 3.0 and later: + + <b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b> + Request that the Postfix SMTP client connects using the legacy + SMTPS protocol instead of using the STARTTLS command. + + Available in Postfix version 3.1 and later: + + <b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b> + The TLS policy for MX hosts with "secure" TLSA records when the + nexthop destination security level is <b>dane</b>, but the MX record + was found via an "insecure" MX lookup. + + Available in Postfix version 3.4 and later: + + <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> + Try to make multiple deliveries per TLS-encrypted connection. + + <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b> + List of one or more PEM files, each holding one or more private + keys directly followed by a corresponding certificate chain. + + <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b> + Optional name to send to the remote SMTP server in the TLS + Server Name Indication (SNI) extension. + + Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: + + <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b> + A workaround for implementations that hang Postfix while shut- + ting down a TLS session, until Postfix times out. + + Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: + + <b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b> + Optional configuration file with baseline OpenSSL settings. + + <b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b> + The application name passed by Postfix to OpenSSL library ini- + tialization functions. + +<b>OBSOLETE STARTTLS CONTROLS</b> + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a + future release. + + <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> + Opportunistic mode: use TLS when a remote SMTP server announces + STARTTLS support, otherwise send the mail in the clear. + + <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> + Enforcement mode: require that remote SMTP servers use TLS + encryption, and never send mail in the clear. + + <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP + server certificate. + + <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- + name. + + <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + cipher list. + +<b>RESOURCE AND RATE CONTROLS</b> + <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> + The Postfix SMTP client time limit for completing a TCP connec- + tion, or zero (use the operating system built-in time limit). + + <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server + response. + + <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> + The Postfix LMTP client time limit for sending the LHLO command, + and for receiving the initial remote LMTP server response. + + <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b> + The Postfix SMTP client time limit for sending the XFORWARD com- + mand, and for receiving the remote SMTP server response. + + <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> + The Postfix SMTP client time limit for sending the MAIL FROM + command, and for receiving the remote SMTP server response. + + <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> + The Postfix SMTP client time limit for sending the SMTP RCPT TO + command, and for receiving the remote SMTP server response. + + <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> + The Postfix SMTP client time limit for sending the SMTP DATA + command, and for receiving the remote SMTP server response. + + <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> + The Postfix SMTP client time limit for sending the SMTP message + content. + + <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> + The Postfix SMTP client time limit for sending the SMTP ".", and + for receiving the remote SMTP server response. + + <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> + The Postfix SMTP client time limit for sending the QUIT command, + and for receiving the remote SMTP server response. + + Available in Postfix version 2.1 and later: + + <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b> + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero + (no limit). + + <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back + <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). + + <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> + The Postfix SMTP client time limit for sending the RSET command, + and for receiving the remote SMTP server response. + + Available in Postfix version 2.2 and earlier: + + <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b> + Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a> + seconds. + + Available in Postfix version 2.2 and later: + + <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> + Permanently enable SMTP connection caching for the specified + destinations. + + <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> + Temporarily enable SMTP connection caching while a destination + has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. + + <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b> + The amount of time during which Postfix will use an SMTP connec- + tion repeatedly. + + <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> + When SMTP connection caching is enabled, the amount of time that + an unused SMTP client socket is kept open before it is closed. + + Available in Postfix version 2.3 and later: + + <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> + Time limit for connection cache connect, send or receive opera- + tions. + + Available in Postfix version 2.9 - 3.6: + + <b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b> + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- + sage). + + Available in Postfix version 2.11 and later: + + <b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b> + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero + (no limit). + + Available in Postfix version 3.4 and later: + + <b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b> + Try to make multiple deliveries per TLS-encrypted connection. + + Available in Postfix version 3.7 and later: + + <b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b> + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for + receiving a complete SMTP response. + + <b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b> + The minimum plaintext data transfer rate in bytes/second for + DATA requests, when deadlines are enabled with + <a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>. + + Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon: + + <b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b> + <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b> + A transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>- + <a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> + name of the message delivery transport. + + <b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b> + <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b> + A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>- + <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> + name of the message delivery transport. + +<b>SMTPUTF8 CONTROLS</b> + Preliminary SMTPUTF8 support is introduced with Postfix 3.0. + + <b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b> + Enable preliminary SMTPUTF8 support for the protocols described + in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. + + <b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b> + Detect that a message requires SMTPUTF8 support for the speci- + fied mail origin classes. + + Available in Postfix version 3.2 and later: + + <b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b> + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII + form that is used for DNS lookups. + +<b>TROUBLE SHOOTING CONTROLS</b> + <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a + pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. + + <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in + $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. + + <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> + The recipient of postmaster notifications about mail delivery + problems that are caused by policy, resource, software or proto- + col errors. + + <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> + What categories of Postfix-generated mail are subject to + before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, + <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. + + <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> + The list of error classes that are reported to the postmaster. + +<b>MISCELLANEOUS CONTROLS</b> + <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> + Where the Postfix SMTP client should deliver mail when it + detects a "mail loops back to myself" error condition. + + <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> + The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con- + figuration files. + + <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> + How much time a Postfix daemon process may take to handle a + request before it is terminated by a built-in watchdog timer. + + <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> + The maximal number of digits after the decimal point when log- + ging sub-second delay values. + + <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> + Disable DNS lookups in the Postfix SMTP and LMTP clients. + + <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> + The network interface addresses that this mail system receives + mail on. + + <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d output')</b> + The Internet protocols Postfix will attempt to use when making + or accepting connections. + + <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> + The time limit for sending or receiving information over an + internal communication channel. + + <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- + ery status notifications instead of "relayed". + + <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> + The default TCP port that the Postfix LMTP client connects to. + + <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> + The maximum amount of time that an idle Postfix daemon process + waits for an incoming connection before terminating voluntarily. + + <b><a href="postconf.5.html#max_use">max_use</a> (100)</b> + The maximal number of incoming connections that a Postfix daemon + process will service before terminating voluntarily. + + <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> + The process ID of a Postfix command or daemon process. + + <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> + The process name of a Postfix command or daemon process. + + <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> + The network interface addresses that this mail system receives + mail on by way of a proxy or network address translation unit. + + <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b> + The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP + client will try first, when a destination has IPv6 and IPv4 + addresses with equal MX preference. + + <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv4 connection. + + <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> + An optional numerical network address that the Postfix SMTP + client should bind to when making an IPv6 connection. + + <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> + The hostname to send in the SMTP HELO or EHLO command. + + <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> + The hostname to send in the LMTP LHLO command. + + <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> + What mechanisms the Postfix SMTP client uses to look up a host's + IP address. + + <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> + Randomize the order of equal-preference MX host addresses. + + <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> + The syslog facility of Postfix logging. + + <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> + A prefix that is prepended to the process name in syslog + records, so that, for example, "smtpd" becomes "prefix/smtpd". + + Available with Postfix 2.2 and earlier: + + <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. + + Available with Postfix 2.3 and later: + + <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> + Optional list of relay hosts for SMTP destinations that can't be + found or that are unreachable. + + Available with Postfix 3.0 and later: + + <b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b> + In the context of email address verification, the SMTP protocol + stage that determines whether an email address is deliverable. + + Available with Postfix 3.1 and later: + + <b><a href="postconf.5.html#lmtp_fallback_relay">lmtp_fallback_relay</a> (empty)</b> + Optional list of relay hosts for LMTP destinations that can't be + found or that are unreachable. + + Available with Postfix 3.2 and later: + + <b><a href="postconf.5.html#smtp_tcp_port">smtp_tcp_port</a> (smtp)</b> + The default TCP port that the Postfix SMTP client connects to. + + Available in Postfix 3.3 and later: + + <b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b> + The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process. + + Available in Postfix 3.7 and later: + + <b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b> + Defer delivery when the Postfix SMTP client cannot apply the + <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting. + +<b>SEE ALSO</b> + <a href="generic.5.html">generic(5)</a>, output address rewriting + <a href="header_checks.5.html">header_checks(5)</a>, message header content inspection + <a href="header_checks.5.html">body_checks(5)</a>, body parts content inspection + <a href="qmgr.8.html">qmgr(8)</a>, queue manager + <a href="bounce.8.html">bounce(8)</a>, delivery status reports + <a href="scache.8.html">scache(8)</a>, connection cache server + <a href="postconf.5.html">postconf(5)</a>, configuration parameters + <a href="master.5.html">master(5)</a>, generic daemon options + <a href="master.8.html">master(8)</a>, process manager + <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management + <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging + syslogd(8), system logging + +<b>README FILES</b> + <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto + <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto + +<b>LICENSE</b> + The Secure Mailer license must be distributed with this software. + +<b>AUTHOR(S)</b> + Wietse Venema + IBM T.J. Watson Research + P.O. Box 704 + Yorktown Heights, NY 10598, USA + + Wietse Venema + Google, Inc. + 111 8th Avenue + New York, NY 10011, USA + + Command pipelining in cooperation with: + Jon Ribbens + Oaktree Internet Solutions Ltd., + Internet House, + Canal Basin, + Coventry, + CV1 4LY, United Kingdom. + + SASL support originally by: + Till Franke + SuSE Rhein/Main AG + 65760 Eschborn, Germany + + TLS support originally by: + Lutz Jaenicke + BTU Cottbus + Allgemeine Elektrotechnik + Universitaetsplatz 3-4 + D-03044 Cottbus, Germany + + Revised TLS and SMTP connection cache support by: + Victor Duchovni + Morgan Stanley + + SMTP(8) +</pre> </body> </html> |