diff options
Diffstat (limited to 'man')
82 files changed, 37260 insertions, 0 deletions
diff --git a/man/Makefile.in b/man/Makefile.in new file mode 100644 index 0000000..f98402c --- /dev/null +++ b/man/Makefile.in @@ -0,0 +1,408 @@ +SHELL = /bin/sh + +# For now, just hard-coded rules for daemons, commands, config files. + +DAEMONS = man8/bounce.8 man8/defer.8 man8/cleanup.8 man8/error.8 man8/local.8 \ + man8/lmtp.8 man8/master.8 man8/pickup.8 man8/pipe.8 man8/qmgr.8 \ + man8/showq.8 man8/smtp.8 man8/smtpd.8 man8/trivial-rewrite.8 \ + man8/oqmgr.8 man8/spawn.8 man8/flush.8 man8/virtual.8 man8/qmqpd.8 \ + man8/verify.8 man8/trace.8 man8/proxymap.8 man8/anvil.8 \ + man8/scache.8 man8/discard.8 man8/tlsmgr.8 man8/postscreen.8 \ + man8/dnsblog.8 man8/tlsproxy.8 man8/postlogd.8 +COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \ + man1/postkick.1 man1/postlock.1 man1/postlog.1 man1/postdrop.1 \ + man1/postmap.1 man1/postmulti.1 man1/postqueue.1 man1/postsuper.1 \ + man1/sendmail.1 man1/mailq.1 man1/newaliases.1 man1/postfix-tls.1 +CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \ + man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \ + man5/cidr_table.5 man5/tcp_table.5 man5/header_checks.5 \ + man5/body_checks.5 man5/ldap_table.5 man5/lmdb_table.5 \ + man5/memcache_table.5 man5/mysql_table.5 \ + man5/pgsql_table.5 man5/master.5 man5/nisplus_table.5 \ + man5/generic.5 man5/bounce.5 man5/postfix-wrapper.5 \ + man5/sqlite_table.5 man5/socketmap_table.5 +TOOLS = man1/smtp-sink.1 man1/smtp-source.1 man1/qmqp-sink.1 \ + man1/qmqp-source.1 man1/qshape.1 man1/posttls-finger.1 \ + man1/makedefs.1 + +update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(TOOLS) + +clean: + rm -f cat?/* + +tidy: clean + +clobber: + rm -f $(DAEMONS) $(COMMANDS) $(CONFIG) + +man8/bounce.8: ../src/bounce/bounce.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/defer.8: + echo .so man8/bounce.8 >$@ + +man8/cleanup.8: ../src/cleanup/cleanup.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/anvil.8: ../src/anvil/anvil.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/scache.8: ../src/scache/scache.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/discard.8: ../src/discard/discard.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/dnsblog.8: ../src/dnsblog/dnsblog.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/error.8: ../src/error/error.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/flush.8: ../src/flush/flush.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/local.8: ../src/local/local.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/lmtp.8: + echo .so man8/smtp.8 >$@ + +man8/master.8: ../src/master/master.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/oqmgr.8: ../src/oqmgr/qmgr.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? | \ + sed -e 's/qmgr[^_]/o&/' \ + -e 's/qmgr$$/o&/' \ + -e 's/QMGR[^_]/O&/' >$@ + +man8/pickup.8: ../src/pickup/pickup.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/pipe.8: ../src/pipe/pipe.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/postlogd.8: ../src/postlogd/postlogd.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/postscreen.8: ../src/postscreen/postscreen.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/proxymap.8: ../src/proxymap/proxymap.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/qmgr.8: ../src/qmgr/qmgr.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/qmqpd.8: ../src/qmqpd/qmqpd.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/showq.8: ../src/showq/showq.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/spawn.8: ../src/spawn/spawn.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/smtp.8: ../src/smtp/smtp.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/smtpd.8: ../src/smtpd/smtpd.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/tlsproxy.8: ../src/tlsproxy/tlsproxy.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/virtual.8: ../src/virtual/virtual.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/verify.8: ../src/verify/verify.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/trace.8: + echo .so man8/bounce.8 >$@ + +man8/tlsmgr.8: ../src/tlsmgr/tlsmgr.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man8/trivial-rewrite.8: ../src/trivial-rewrite/trivial-rewrite.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postalias.1: ../src/postalias/postalias.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postcat.1: ../src/postcat/postcat.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postconf.1: ../src/postconf/postconf.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postdrop.1: ../src/postdrop/postdrop.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postfix.1: ../src/postfix/postfix.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postfix-tls.1: ../conf/postfix-tls-script + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man1/postkick.1: ../src/postkick/postkick.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postlock.1: ../src/postlock/postlock.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postlog.1: ../src/postlog/postlog.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postmap.1: ../src/postmap/postmap.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postmulti.1: ../src/postmulti/postmulti.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postqueue.1: ../src/postqueue/postqueue.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/postsuper.1: ../src/postsuper/postsuper.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/sendmail.1: ../src/sendmail/sendmail.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/mailq.1: + echo .so man1/sendmail.1 >$@ + +man1/newaliases.1: + echo .so man1/sendmail.1 >$@ + +man5/access.5: ../proto/access + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/aliases.5: ../proto/aliases + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/bounce.5: ../proto/bounce + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/canonical.5: ../proto/canonical + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/cidr_table.5: ../proto/cidr_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/generic.5: ../proto/generic + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/header_checks.5: ../proto/header_checks + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/body_checks.5: ../proto/header_checks + echo .so man5/header_checks.5 >$@ + +man5/ldap_table.5: ../proto/ldap_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/lmdb_table.5: ../proto/lmdb_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/master.5: ../proto/master + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/memcache_table.5: ../proto/memcache_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/mysql_table.5: ../proto/mysql_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/socketmap_table.5: ../proto/socketmap_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/sqlite_table.5: ../proto/sqlite_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/nisplus_table.5: ../proto/nisplus_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/pcre_table.5: ../proto/pcre_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/pgsql_table.5: ../proto/pgsql_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/regexp_table.5: ../proto/regexp_table + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/relocated.5: ../proto/relocated + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/transport.5: ../proto/transport + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/virtual.5: ../proto/virtual + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man5/postfix-wrapper.5: ../proto/postfix-wrapper + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ + +man1/smtp-sink.1: ../src/smtpstone/smtp-sink.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/smtp-source.1: ../src/smtpstone/smtp-source.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/posttls-finger.1: ../src/posttls-finger/posttls-finger.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/makedefs.1: ../makedefs + ../mantools/srctoman - $? >$@ + +man5/tcp_table.5: ../proto/tcp_table + ../mantools/srctoman - $? >$@ + +man1/qmqp-sink.1: ../src/smtpstone/qmqp-sink.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/qmqp-source.1: ../src/smtpstone/qmqp-source.c + ../mantools/fixman ../proto/postconf.proto $? >junk && \ + (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman $? >$@ + +man1/qshape.1: ../auxiliary/qshape/qshape.pl + #../mantools/fixman ../proto/postconf.proto $? >junk && \ + # (cmp -s junk $? || mv junk $?) && rm -f junk + ../mantools/srctoman - $? >$@ diff --git a/man/cat1/.keep b/man/cat1/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/man/cat1/.keep diff --git a/man/cat5/.keep b/man/cat5/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/man/cat5/.keep diff --git a/man/cat8/.keep b/man/cat8/.keep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/man/cat8/.keep diff --git a/man/man1/mailq.1 b/man/man1/mailq.1 new file mode 100644 index 0000000..b12bf18 --- /dev/null +++ b/man/man1/mailq.1 @@ -0,0 +1 @@ +.so man1/sendmail.1 diff --git a/man/man1/makedefs.1 b/man/man1/makedefs.1 new file mode 100644 index 0000000..70c848e --- /dev/null +++ b/man/man1/makedefs.1 @@ -0,0 +1,191 @@ +.TH MAKEDEFS 1 +.ad +.fi +.SH NAME +makedefs +\- +Postfix makefile configuration utility +.SH "SYNOPSIS" +.na +.nf +\fBmake makefiles \fIname=value...\fR +.SH DESCRIPTION +.ad +.fi +The \fBmakedefs\fR command identifies the compilation +environment, and emits macro definitions on the standard +output stream that can be prepended to template Makefiles. +These macros implement an internal interface and are subject +to change without notice. +.SH "NAME=VALUE OVERRIDES" +.na +.nf +.ad +.fi +Default settings can be overruled by specifying them as +environment variables (or as name=value pairs on the "make" +command line). Use quotes if variables contain whitespace +or shell meta characters. + +The command "\fBmake makefiles name=value...\fR" will replace +the string \fBMAIL_VERSION\fR at the end of a value with the +Postfix version (\fImajor.minor.patchlevel\fR for a stable +release, \fImajor.minor\-date\fR for a development release). +Do not try to specify something like \fB$mail_version\fR: +that produces inconsistent results with different implementations +of the make(1) command. +.IP \fBAUXLIBS=\fIobject_library...\fR +Specifies one or more non\-default object libraries. Postfix +3.0 and later specify some of their database library +dependencies with AUXLIBS_CDB, AUXLIBS_LDAP, AUXLIBS_LMDB, +AUXLIBS_MYSQL, AUXLIBS_PCRE, AUXLIBS_PGSQL, AUXLIBS_SDBM, +and AUXLIBS_SQLITE, respectively. +.IP \fBCC=\fIcompiler_command\fR +Specifies a non\-default compiler. On many systems, the default +is \fBgcc\fR. +.IP \fBCCARGS=\fIcompiler_arguments\fR +Specifies non\-default compiler arguments, for example, a non\-default +\fIinclude\fR directory. +The following directives are special: +.RS +.IP \fB\-DNO_DB\fR +Do not build with Berkeley DB support. +.IP \fB\-DNO_DEVPOLL\fR +Do not build with Solaris /dev/poll support. +By default, /dev/poll support is compiled in on platforms that +are known to support it. +.IP \fB\-DNO_DNSSEC\fR +Do not build with DNSSEC support, even if the resolver +library appears to support it. +.IP \fB\-DNO_EPOLL\fR +Do not build with Linux EPOLL support. +By default, EPOLL support is compiled in on platforms that +are known to support it. +.IP \fB\-DNO_EAI\fR +Do not build with EAI (SMTPUTF8) support. By default, EAI +support is compiled in when the "pkg\-config" command is +found, or the deprecated "icu\-config" command. +.IP \fB\-DNO_INLINE\fR +Do not require support for C99 "inline" functions. Instead, +implement argument typechecks for non\-(printf/scanf)\-like +functions with ternary operators and unreachable code. +.IP \fB\-DNO_IPV6\fR +Do not build with IPv6 support. +By default, IPv6 support is compiled in on platforms that +are known to have IPv6 support. + +Note: this directive is for debugging and testing only. It +is not guaranteed to work on all platforms. If you don't +want IPv6 support, set "inet_protocols = ipv4" in main.cf. +.IP \fB\-DNO_IP_CYRUS_SASL_AUTH\fR +Don't pass remote SMTP client and Postfix SMTP server IP +address and port information to the Cyrus SASL library. +This is compatible with Postfix < 3.2. +.IP \fB\-DNO_KQUEUE\fR +Do not build with FreeBSD/NetBSD/OpenBSD/MacOSX KQUEUE support. +By default, KQUEUE support is compiled in on platforms that +are known to support it. +.IP \fB\-DNO_NIS\fR +Do not build with NIS or NISPLUS support. Support for NIS +is unavailable on some recent Linux distributions. +.IP \fB\-DNO_NISPLUS\fR +Do not build with NISPLUS support. Support for NISPLUS +is unavailable on some recent Solaris distributions. +.IP \fB\-DNO_PCRE\fR +Do not build with PCRE support. +By default, PCRE support is compiled in when the \fBpcre2\-config\fR +or \fBpcre\-config\fR utility are installed. +.IP \fB\-DNO_POSIX_GETPW_R\fR +Disable support for POSIX getpwnam_r/getpwuid_r. +.IP \fB\-DNO_RES_NCALLS\fR +Do not build with the threadsafe resolver(5) API (res_ninit() etc.). +.IP \fB\-DNO_SIGSETJMP\fR +Use setjmp()/longjmp() instead of sigsetjmp()/siglongjmp(). +By default, Postfix uses sigsetjmp()/siglongjmp() when they +appear to work. +.IP \fB\-DNO_SNPRINTF\fR +Use sprintf() instead of snprintf(). By default, Postfix +uses snprintf() except on ancient systems. +.RE +.IP \fBDEBUG=\fIdebug_level\fR +Specifies a non\-default debugging level. The default is \fB\-g\fR. +Specify \fBDEBUG=\fR to turn off debugging. +.IP \fBOPT=\fIoptimization_level\fR +Specifies a non\-default optimization level. The default is \fB\-O\fR. +Specify \fBOPT=\fR to turn off optimization. +.IP \fBPOSTFIX_INSTALL_OPTS=\fI\-option...\fR +Specifies options for the postfix\-install command, separated +by whitespace. Currently, the only supported option is +\fB\-keep\-build\-mtime\fR. +.IP \fBSHLIB_CFLAGS=\fIflags\fR +Override the compiler flags (typically, "\-fPIC") for Postfix +dynamically\-linked libraries and database plugins. + +This feature was introduced with Postfix 3.0. +.IP \fBSHLIB_RPATH=\fIrpath\fR +Override the runpath (typically, "'\-Wl,\-rpath,${SHLIB_DIR}'") +for Postfix dynamically\-linked libraries. + +This feature was introduced with Postfix 3.0. +.IP \fBSHLIB_SUFFIX=\fIsuffix\fR +Override the filename suffix (typically, ".so") for Postfix +dynamically\-linked libraries and database plugins. + +This feature was introduced with Postfix 3.0. +.IP \fBshared=yes\fR +.IP \fBshared=no\fR +Enable (disable) Postfix builds with dynamically\-linked +libraries typically named $shlib_directory/libpostfix\-*.so.*. + +This feature was introduced with Postfix 3.0. +.IP \fBdynamicmaps=yes\fR +.IP \fBdynamicmaps=no\fR +Enable (disable) Postfix builds with the configuration file +$meta_directory/dynamicmaps.cf and dynamically\-loadable +database plugins typically named postfix\-*.so.*. The setting +"dynamicmaps=yes" implicitly enables Postfix dynamically\-linked +libraries. + +This feature was introduced with Postfix 3.0. +.IP \fBpie=yes\fR +.IP \fBpie=no\fR +Enable (disable) Postfix builds with position\-independent +executables, on platforms where this is supported. + +This feature was introduced with Postfix 3.0. +.IP \fIinstallation_parameter\fB=\fIvalue\fR... +Override the compiled\-in default value of the specified +installation parameter(s). The following parameters are +supported in this context: + +command_directory config_directory daemon_directory +data_directory default_database_type html_directory +mail_spool_directory mailq_path manpage_directory meta_directory +newaliases_path queue_directory readme_directory sendmail_path +shlib_directory openssl_path + +See the postconf(5) manpage for a description of these +parameters. + +This feature was introduced with Postfix 3.0. +.IP \fBWARN=\fIwarning_flags\fR +Specifies non\-default gcc compiler warning options for use when +"make" is invoked in a source subdirectory only. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/newaliases.1 b/man/man1/newaliases.1 new file mode 100644 index 0000000..b12bf18 --- /dev/null +++ b/man/man1/newaliases.1 @@ -0,0 +1 @@ +.so man1/sendmail.1 diff --git a/man/man1/postalias.1 b/man/man1/postalias.1 new file mode 100644 index 0000000..4c7f02b --- /dev/null +++ b/man/man1/postalias.1 @@ -0,0 +1,262 @@ +.TH POSTALIAS 1 +.ad +.fi +.SH NAME +postalias +\- +Postfix alias database maintenance +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostalias\fR [\fB\-Nfinoprsuvw\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR] + [\fIfile_type\fR:]\fIfile_name\fR ... +.SH DESCRIPTION +.ad +.fi +The \fBpostalias\fR(1) command creates or queries one or more Postfix +alias databases, or updates an existing one. The input and output +file formats are expected to be compatible with Sendmail version 8, +and are expected to be suitable for use as NIS alias maps. + +If the result files do not exist they will be created with the +same group and other read permissions as their source file. + +While a database update is in progress, signal delivery is +postponed, and an exclusive, advisory, lock is placed on the +entire database, in order to avoid surprises in spectator +processes. + +The format of Postfix alias input files is described in +\fBaliases\fR(5). + +By default the lookup key is mapped to lowercase to make +the lookups case insensitive; as of Postfix 2.3 this case +folding happens only with tables whose lookup keys are +fixed\-case strings such as btree:, dbm: or hash:. With +earlier versions, the lookup key is folded even with tables +where a lookup field can match both upper and lower case +text, such as regexp: and pcre:. This resulted in loss of +information with $\fInumber\fR substitutions. + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR configuration file in the named directory +instead of the default configuration directory. +.IP "\fB\-d \fIkey\fR" +Search the specified maps for \fIkey\fR and remove one entry per map. +The exit status is zero when the requested information was found. + +If a key value of \fB\-\fR is specified, the program reads key +values from the standard input stream. The exit status is zero +when at least one of the requested keys was found. +.IP \fB\-f\fR +Do not fold the lookup key to lower case while creating or querying +a table. + +With Postfix version 2.3 and later, this option has no +effect for regular expression tables. There, case folding +is controlled by appending a flag to a pattern. +.IP \fB\-i\fR +Incremental mode. Read entries from standard input and do not +truncate an existing database. By default, \fBpostalias\fR(1) creates +a new database from the entries in \fIfile_name\fR. +.IP \fB\-N\fR +Include the terminating null character that terminates lookup keys +and values. By default, \fBpostalias\fR(1) does whatever +is the default for +the host operating system. +.IP \fB\-n\fR +Don't include the terminating null character that terminates lookup +keys and values. By default, \fBpostalias\fR(1) does whatever +is the default for +the host operating system. +.IP \fB\-o\fR +Do not release root privileges when processing a non\-root +input file. By default, \fBpostalias\fR(1) drops root privileges +and runs as the source file owner instead. +.IP \fB\-p\fR +Do not inherit the file access permissions from the input file +when creating a new file. Instead, create a new file with default +access permissions (mode 0644). +.IP "\fB\-q \fIkey\fR" +Search the specified maps for \fIkey\fR and write the first value +found to the standard output stream. The exit status is zero +when the requested information was found. + +Note: this performs a single query with the key as specified, +and does not make iterative queries with substrings of the +key as described in the aliases(5) manual page. + +If a key value of \fB\-\fR is specified, the program reads key +values from the standard input stream and writes one line of +\fIkey: value\fR output for each key that was found. The exit +status is zero when at least one of the requested keys was found. +.IP \fB\-r\fR +When updating a table, do not complain about attempts to update +existing entries, and make those updates anyway. +.IP \fB\-s\fR +Retrieve all database elements, and write one line of +\fIkey: value\fR output for each element. The elements are +printed in database order, which is not necessarily the same +as the original input order. +This feature is available in Postfix version 2.2 and later, +and is not available for all database types. +.IP \fB\-u\fR +Disable UTF\-8 support. UTF\-8 support is enabled by default +when "smtputf8_enable = yes". It requires that keys and +values are valid UTF\-8 strings. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.IP \fB\-w\fR +When updating a table, do not complain about attempts to update +existing entries, and ignore those attempts. +.PP +Arguments: +.IP \fIfile_type\fR +The database type. To find out what types are supported, use +the "\fBpostconf \-m\fR" command. + +The \fBpostalias\fR(1) command can query any supported file type, +but it can create only the following file types: +.RS +.IP \fBbtree\fR +The output is a btree file, named \fIfile_name\fB.db\fR. +This is available on systems with support for \fBdb\fR databases. +.IP \fBcdb\fR +The output is one file named \fIfile_name\fB.cdb\fR. +This is available on systems with support for \fBcdb\fR databases. +.IP \fBdbm\fR +The output consists of two files, named \fIfile_name\fB.pag\fR and +\fIfile_name\fB.dir\fR. +This is available on systems with support for \fBdbm\fR databases. +.IP \fBfail\fR +A table that reliably fails all requests. The lookup table +name is used for logging only. This table exists to simplify +Postfix error tests. +.IP \fBhash\fR +The output is a hashed file, named \fIfile_name\fB.db\fR. +This is available on systems with support for \fBdb\fR databases. +.IP \fBlmdb\fR +The output is a btree\-based file, named \fIfile_name\fB.lmdb\fR. +\fBlmdb\fR supports concurrent writes and reads from different +processes, unlike other supported file\-based tables. +This is available on systems with support for \fBlmdb\fR databases. +.IP \fBsdbm\fR +The output consists of two files, named \fIfile_name\fB.pag\fR and +\fIfile_name\fB.dir\fR. +This is available on systems with support for \fBsdbm\fR databases. +.PP +When no \fIfile_type\fR is specified, the software uses the database +type specified via the \fBdefault_database_type\fR configuration +parameter. +The default value for this parameter depends on the host environment. +.RE +.IP \fIfile_name\fR +The name of the alias database source file when creating a database. +.SH DIAGNOSTICS +.ad +.fi +Problems are logged to the standard error stream and to +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that +no problems were detected. Duplicate entries are skipped and are +flagged with a warning. + +\fBpostalias\fR(1) terminates with zero exit status in case of success +(including successful "\fBpostalias \-q\fR" lookup) and terminates +with non\-zero exit status in case of failure. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.IP \fBMAIL_VERBOSE\fR +Enable verbose logging for debugging purposes. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBalias_database (see 'postconf -d' output)\fR" +The alias databases for \fBlocal\fR(8) delivery that are updated with +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBberkeley_db_create_buffer_size (16777216)\fR" +The per\-table I/O buffer size for programs that create Berkeley DB +hash or btree tables. +.IP "\fBberkeley_db_read_buffer_size (131072)\fR" +The per\-table I/O buffer size for programs that read Berkeley DB +hash or btree tables. +.IP "\fBdefault_database_type (see 'postconf -d' output)\fR" +The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) +and \fBpostmap\fR(1) commands. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531, RFC 6532, and RFC 6533. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 2.11 and later: +.IP "\fBlmdb_map_size (16777216)\fR" +The initial OpenLDAP LMDB database size limit in bytes. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +.SH "SEE ALSO" +.na +.nf +aliases(5), format of alias database input file. +local(8), Postfix local delivery agent. +postconf(1), supported database types +postconf(5), configuration parameters +postmap(1), create/update/query lookup tables +newaliases(1), Sendmail compatibility interface. +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postcat.1 b/man/man1/postcat.1 new file mode 100644 index 0000000..eb3025b --- /dev/null +++ b/man/man1/postcat.1 @@ -0,0 +1,121 @@ +.TH POSTCAT 1 +.ad +.fi +.SH NAME +postcat +\- +show Postfix queue file contents +.SH "SYNOPSIS" +.na +.nf +\fBpostcat\fR [\fB\-bdehnoqv\fR] [\fB\-c \fIconfig_dir\fR] [\fIfiles\fR...] +.SH DESCRIPTION +.ad +.fi +The \fBpostcat\fR(1) command prints the contents of the +named \fIfiles\fR in human\-readable form. The files are +expected to be in Postfix queue file format. If no \fIfiles\fR +are specified on the command line, the program reads from +standard input. + +By default, \fBpostcat\fR(1) shows the envelope and message +content, as if the options \fB\-beh\fR were specified. To +view message content only, specify \fB\-bh\fR (Postfix 2.7 +and later). + +Options: +.IP \fB\-b\fR +Show body content. The \fB\-b\fR option starts producing +output at the first non\-header line, and stops when the end +of the message is reached. +.sp +This feature is available in Postfix 2.7 and later. +.IP "\fB\-c \fIconfig_dir\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. +.IP \fB\-d\fR +Print the decimal type of each record. +.IP \fB\-e\fR +Show message envelope content. +.sp +This feature is available in Postfix 2.7 and later. +.IP \fB\-h\fR +Show message header content. The \fB\-h\fR option produces +output from the beginning of the message up to, but not +including, the first non\-header line. +.sp +This feature is available in Postfix 2.7 and later. +.IP \fB\-o\fR +Print the queue file offset of each record. +.IP \fB\-q\fR +Search the Postfix queue for the named \fIfiles\fR instead +of taking the names literally. + +This feature is available in Postfix 2.0 and later. +.IP \fB\-r\fR +Print records in file order, don't follow pointer records. + +This feature is available in Postfix 3.7 and later. +.IP "\fB\-s \fIoffset\fR" +Skip to the specified queue file offset. + +This feature is available in Postfix 3.7 and later. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.SH DIAGNOSTICS +.ad +.fi +Problems are reported to the standard error stream. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.SH "FILES" +.na +.nf +/var/spool/postfix, Postfix queue directory +.SH "SEE ALSO" +.na +.nf +postconf(5), Postfix configuration +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postconf.1 b/man/man1/postconf.1 new file mode 100644 index 0000000..e422429 --- /dev/null +++ b/man/man1/postconf.1 @@ -0,0 +1,610 @@ +.TH POSTCONF 1 +.ad +.fi +.SH NAME +postconf +\- +Postfix configuration utility +.SH "SYNOPSIS" +.na +.nf +.fi +.ti -4 +\fBManaging main.cf:\fR + +\fBpostconf\fR [\fB\-dfhHnopvx\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-C \fIclass,...\fR] [\fIparameter ...\fR] + +\fBpostconf\fR [\fB\-epv\fR] [\fB\-c \fIconfig_dir\fR] +\fIparameter\fB=\fIvalue ...\fR + +\fBpostconf\fR \fB\-#\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR] +\fIparameter ...\fR + +\fBpostconf\fR \fB\-X\fR [\fB\-pv\fR] [\fB\-c \fIconfig_dir\fR] +\fIparameter ...\fR + +.ti -4 +\fBManaging master.cf service entries:\fR + +\fBpostconf\fR \fB\-M\fR [\fB\-fovx\fR] [\fB\-c \fIconfig_dir\fR] +[\fIservice\fR[\fB/\fItype\fR]\fI ...\fR] + +\fBpostconf\fR \fB\-M\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype\fB=\fIvalue ...\fR + +\fBpostconf\fR \fB\-M#\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype ...\fR + +\fBpostconf\fR \fB\-MX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype ...\fR + +.ti -4 +\fBManaging master.cf service fields:\fR + +\fBpostconf\fR \fB\-F\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] +[\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR] + +\fBpostconf\fR \fB\-F\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR + +.ti -4 +\fBManaging master.cf service parameters:\fR + +\fBpostconf\fR \fB\-P\fR [\fB\-fhHovx\fR] [\fB\-c \fIconfig_dir\fR] +[\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR] + +\fBpostconf\fR \fB\-P\fR [\fB\-ev\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR + +\fBpostconf\fR \fB\-PX\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] +\fIservice\fB/\fItype\fB/\fIparameter ...\fR + +.ti -4 +\fBManaging bounce message templates:\fR + +\fBpostconf\fR \fB\-b\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] +[\fItemplate_file\fR] + +\fBpostconf\fR \fB\-t\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] +[\fItemplate_file\fR] + +.ti -4 +\fBManaging TLS features:\fR + +\fBpostconf\fR \fB\-T \fImode\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] + +.ti -4 +\fBManaging other configuration:\fR + +\fBpostconf\fR \fB\-a\fR|\fB\-A\fR|\fB\-l\fR|\fB\-m\fR [\fB\-v\fR] +[\fB\-c \fIconfig_dir\fR] +.SH DESCRIPTION +.ad +.fi +By default, the \fBpostconf\fR(1) command displays the +values of \fBmain.cf\fR configuration parameters, and warns +about possible mis\-typed parameter names (Postfix 2.9 and later). +The command can also change \fBmain.cf\fR configuration +parameter values, or display other configuration information +about the Postfix mail system. + +Options: +.IP \fB\-a\fR +List the available SASL plug\-in types for the Postfix SMTP +server. The plug\-in type is selected with the \fBsmtpd_sasl_type\fR +configuration parameter by specifying one of the names +listed below. +.RS +.IP \fBcyrus\fR +This server plug\-in is available when Postfix is built with +Cyrus SASL support. +.IP \fBdovecot\fR +This server plug\-in uses the Dovecot authentication server, +and is available when Postfix is built with any form of SASL +support. +.RE +.IP +This feature is available with Postfix 2.3 and later. +.IP \fB\-A\fR +List the available SASL plug\-in types for the Postfix SMTP +client. The plug\-in type is selected with the \fBsmtp_sasl_type\fR +or \fBlmtp_sasl_type\fR configuration parameters by specifying +one of the names listed below. +.RS +.IP \fBcyrus\fR +This client plug\-in is available when Postfix is built with +Cyrus SASL support. +.RE +.IP +This feature is available with Postfix 2.3 and later. +.IP "\fB\-b\fR [\fItemplate_file\fR]" +Display the message text that appears at the beginning of +delivery status notification (DSN) messages, expanding +$\fBname\fR expressions with actual values as described in +\fBbounce\fR(5). + +To override the \fBbounce_template_file\fR parameter setting, +specify a template file name at the end of the "\fBpostconf +\-b\fR" command line. Specify an empty file name to display +built\-in templates (in shell language: ""). + +This feature is available with Postfix 2.3 and later. +.IP "\fB\-c \fIconfig_dir\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. +.IP "\fB\-C \fIclass,...\fR" +When displaying \fBmain.cf\fR parameters, select only +parameters from the specified class(es): +.RS +.IP \fBbuiltin\fR +Parameters with built\-in names. +.IP \fBservice\fR +Parameters with service\-defined names (the first field of +a \fBmaster.cf\fR entry plus a Postfix\-defined suffix). +.IP \fBuser\fR +Parameters with user\-defined names. +.IP \fBall\fR +All the above classes. +.RE +.IP +The default is as if "\fB\-C all\fR" is +specified. + +This feature is available with Postfix 2.9 and later. +.IP \fB\-d\fR +Print \fBmain.cf\fR default parameter settings instead of +actual settings. +Specify \fB\-df\fR to fold long lines for human readability +(Postfix 2.9 and later). +.IP \fB\-e\fR +Edit the \fBmain.cf\fR configuration file, and update +parameter settings with the "\fIname=value\fR" pairs on the +\fBpostconf\fR(1) command line. + +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, +and replace one or more service entries with new values as +specified with "\fIservice/type=value\fR" on the \fBpostconf\fR(1) +command line. + +With \fB\-F\fR, edit the \fBmaster.cf\fR configuration file, +and replace one or more service fields with new values as +specified with "\fIservice/type/field=value\fR" on the +\fBpostconf\fR(1) command line. Currently, the "command" +field contains the command name and command arguments. This +may change in the near future, so that the "command" field +contains only the command name, and a new "arguments" +pseudofield contains the command arguments. + +With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file, +and add or update one or more service parameter settings +(\-o parameter=value settings) with new values as specified +with "\fIservice/type/parameter=value\fR" on the \fBpostconf\fR(1) +command line. + +In all cases the file is copied to a temporary file then +renamed into place. Specify quotes to protect special +characters and whitespace on the \fBpostconf\fR(1) command +line. + +The \fB\-e\fR option is no longer needed with Postfix version +2.8 and later, as it is assumed whenever a value is specified +(empty or non\-empty). +.IP \fB\-f\fR +Fold long lines when printing \fBmain.cf\fR or \fBmaster.cf\fR +configuration file entries, for human readability. + +This feature is available with Postfix 2.9 and later. +.IP \fB\-F\fR +Show \fBmaster.cf\fR per\-entry field settings (by default +all services and all fields), formatted as +"\fIservice/type/field=value\fR", one per line. Specify +\fB\-Ff\fR to fold long lines. + +Specify one or more "\fIservice/type/field\fR" instances +on the \fBpostconf\fR(1) command line to limit the output +to fields of interest. Trailing parameter name or service +type fields that are omitted will be handled as "*" wildcard +fields. + +This feature is available with Postfix 2.11 and later. +.IP \fB\-h\fR +Show parameter or attribute values without the "\fIname\fR = " +label that normally precedes the value. +.IP \fB\-H\fR +Show parameter or attribute names without the " = \fIvalue\fR" +that normally follows the name. + +This feature is available with Postfix 3.1 and later. +.IP \fB\-l\fR +List the names of all supported mailbox locking methods. +Postfix supports the following methods: +.RS +.IP \fBflock\fR +A kernel\-based advisory locking method for local files only. +This locking method is available on systems with a BSD +compatible library. +.IP \fBfcntl\fR +A kernel\-based advisory locking method for local and remote +files. +.IP \fBdotlock\fR +An application\-level locking method. An application locks +a file named \fIfilename\fR by creating a file named +\fIfilename\fB.lock\fR. The application is expected to +remove its own lock file, as well as stale lock files that +were left behind after abnormal program termination. +.RE +.IP \fB\-m\fR +List the names of all supported lookup table types. In +Postfix configuration files, lookup tables are specified +as \fItype\fB:\fIname\fR, where \fItype\fR is one of the +types listed below. The table \fIname\fR syntax depends on +the lookup table type as described in the DATABASE_README +document. +.RS +.IP \fBbtree\fR +A sorted, balanced tree structure. Available on systems +with support for Berkeley DB databases. +.IP \fBcdb\fR +A read\-optimized structure with no support for incremental +updates. Available on systems with support for CDB databases. + +This feature is available with Postfix 2.2 and later. +.IP \fBcidr\fR +A table that associates values with Classless Inter\-Domain +Routing (CIDR) patterns. This is described in \fBcidr_table\fR(5). + +This feature is available with Postfix 2.2 and later. +.IP \fBdbm\fR +An indexed file type based on hashing. Available on systems +with support for DBM databases. +.IP \fBenviron\fR +The UNIX process environment array. The lookup key is the +environment variable name; the table name is ignored. Originally +implemented for testing, someone may find this useful someday. +.IP \fBfail\fR +A table that reliably fails all requests. The lookup table +name is used for logging. This table exists to simplify +Postfix error tests. + +This feature is available with Postfix 2.9 and later. +.IP \fBhash\fR +An indexed file type based on hashing. Available on systems +with support for Berkeley DB databases. +.IP "\fBinline\fR (read\-only)" +A non\-shared, in\-memory lookup table. Example: "\fBinline:{ +\fIkey\fB=\fIvalue\fB, { \fIkey\fB = \fItext with whitespace +or comma\fB }}\fR". Key\-value pairs are separated by +whitespace or comma; with a key\-value pair inside "\fB{}\fR", +whitespace is ignored after the opening "\fB{\fR", around +the "\fB=\fR" between key and value, and before the closing +"\fB}\fR". Inline tables eliminate the need to create a +database file for just a few fixed elements. See also the +\fIstatic:\fR map type. + +This feature is available with Postfix 3.0 and later. +.IP \fBinternal\fR +A non\-shared, in\-memory hash table. Its content are lost +when a process terminates. +.IP "\fBlmdb\fR" +OpenLDAP LMDB database (a memory\-mapped, persistent file). +Available on systems with support for LMDB databases. This +is described in \fBlmdb_table\fR(5). + +This feature is available with Postfix 2.11 and later. +.IP "\fBldap\fR (read\-only)" +LDAP database client. This is described in \fBldap_table\fR(5). +.IP "\fBmemcache\fR" +Memcache database client. This is described in +\fBmemcache_table\fR(5). + +This feature is available with Postfix 2.9 and later. +.IP "\fBmysql\fR (read\-only)" +MySQL database client. Available on systems with support +for MySQL databases. This is described in \fBmysql_table\fR(5). +.IP "\fBpcre\fR (read\-only)" +A lookup table based on Perl Compatible Regular Expressions. +The file format is described in \fBpcre_table\fR(5). +.IP "\fBpgsql\fR (read\-only)" +PostgreSQL database client. This is described in +\fBpgsql_table\fR(5). + +This feature is available with Postfix 2.1 and later. +.IP "\fBpipemap\fR (read\-only)" +A lookup table that constructs a pipeline of tables. Example: +"\fBpipemap:{\fItype_1:name_1, ..., type_n:name_n\fB}\fR". +Each "pipemap:" query is given to the first table. Each +lookup result becomes the query for the next table in the +pipeline, and the last table produces the final result. +When any table lookup produces no result, the pipeline +produces no result. The first and last characters of the +"pipemap:" table name must be "\fB{\fR" and "\fB}\fR". +Within these, individual maps are separated with comma or +whitespace. + +This feature is available with Postfix 3.0 and later. +.IP "\fBproxy\fR" +Postfix \fBproxymap\fR(8) client for shared access to Postfix +databases. The table name syntax is \fItype\fB:\fIname\fR. + +This feature is available with Postfix 2.0 and later. +.IP "\fBrandmap\fR (read\-only)" +An in\-memory table that performs random selection. Example: +"\fBrandmap:{\fIresult_1, ..., result_n\fB}\fR". Each table query +returns a random choice from the specified results. The first +and last characters of the "randmap:" table name must be +"\fB{\fR" and "\fB}\fR". Within these, individual results +are separated with comma or whitespace. To give a specific +result more weight, specify it multiple times. + +This feature is available with Postfix 3.0 and later. +.IP "\fBregexp\fR (read\-only)" +A lookup table based on regular expressions. The file format +is described in \fBregexp_table\fR(5). +.IP \fBsdbm\fR +An indexed file type based on hashing. Available on systems +with support for SDBM databases. + +This feature is available with Postfix 2.2 and later. +.IP "\fBsocketmap\fR (read\-only)" +Sendmail\-style socketmap client. The table name is +\fBinet\fR:\fIhost\fR:\fIport\fR:\fIname\fR for a TCP/IP +server, or \fBunix\fR:\fIpathname\fR:\fIname\fR for a +UNIX\-domain server. This is described in \fBsocketmap_table\fR(5). + +This feature is available with Postfix 2.10 and later. +.IP "\fBsqlite\fR (read\-only)" +SQLite database. This is described in \fBsqlite_table\fR(5). + +This feature is available with Postfix 2.8 and later. +.IP "\fBstatic\fR (read\-only)" +A table that always returns its name as lookup result. For +example, \fBstatic:foobar\fR always returns the string +\fBfoobar\fR as lookup result. Specify "\fBstatic:{ \fItext +with whitespace\fB }\fR" when the result contains whitespace; +this form ignores whitespace after the opening "\fB{\fR" +and before the closing +"\fB}\fR". See also the \fIinline:\fR map. + +The form "\fBstatic:{\fItext\fB}\fR is available with Postfix +3.0 and later. +.IP "\fBtcp\fR (read\-only)" +TCP/IP client. The protocol is described in \fBtcp_table\fR(5). +.IP "\fBtexthash\fR (read\-only)" +Produces similar results as hash: files, except that you +don't need to run the \fBpostmap\fR(1) command before you +can use the file, and that it does not detect changes after +the file is read. + +This feature is available with Postfix 2.8 and later. +.IP "\fBunionmap\fR (read\-only)" +A table that sends each query to multiple lookup tables and +that concatenates all found results, separated by comma. +The table name syntax is the same as for \fBpipemap\fR. + +This feature is available with Postfix 3.0 and later. +.IP "\fBunix\fR (read\-only)" +A limited view of the UNIX authentication database. The +following tables are implemented: +.RS +. IP \fBunix:passwd.byname\fR +The table is the UNIX password database. The key is a login +name. The result is a password file entry in \fBpasswd\fR(5) +format. +.IP \fBunix:group.byname\fR +The table is the UNIX group database. The key is a group +name. The result is a group file entry in \fBgroup\fR(5) +format. +.RE +.RE +.IP +Other table types may exist depending on how Postfix was +built. +.IP \fB\-M\fR +Show \fBmaster.cf\fR file contents instead of \fBmain.cf\fR +file contents. Specify \fB\-Mf\fR to fold long lines for +human readability. + +Specify zero or more arguments, each with a \fIservice\-name\fR +or \fIservice\-name/service\-type\fR pair, where \fIservice\-name\fR +is the first field of a master.cf entry and \fIservice\-type\fR +is one of (\fBinet\fR, \fBunix\fR, \fBfifo\fR, or \fBpass\fR). + +If \fIservice\-name\fR or \fIservice\-name/service\-type\fR +is specified, only the matching master.cf entries will be +output. For example, "\fBpostconf \-Mf smtp\fR" will output +all services named "smtp", and "\fBpostconf \-Mf smtp/inet\fR" +will output only the smtp service that listens on the +network. Trailing service type fields that are omitted +will be handled as "*" wildcard fields. + +This feature is available with Postfix 2.9 and later. The +syntax was changed from "\fIname.type\fR" to "\fIname/type\fR", +and "*" wildcard support was added with Postfix 2.11. +.IP \fB\-n\fR +Show only configuration parameters that have explicit +\fIname=value\fR settings in \fBmain.cf\fR. Specify \fB\-nf\fR +to fold long lines for human readability (Postfix 2.9 and +later). To show settings that differ from built\-in defaults +only, use the following bash syntax: +.nf + LANG=C comm \-23 <(postconf \-n) <(postconf \-d) +.fi +Replace "\-23" with "\-12" to show settings that duplicate +built\-in defaults. +.IP "\fB\-o \fIname=value\fR" +Override \fBmain.cf\fR parameter settings. This lets you see +the effect changing a parameter would have when it is used in +other configuration parameters, e.g.: +.nf + postconf \-x \-o stress=yes +.fi + +This feature is available with Postfix 2.10 and later. +.IP \fB\-p\fR +Show \fBmain.cf\fR parameter settings. This is the default. + +This feature is available with Postfix 2.11 and later. +.IP \fB\-P\fR +Show \fBmaster.cf\fR service parameter settings (by default +all services and all parameters), formatted as +"\fIservice/type/parameter=value\fR", one per line. Specify +\fB\-Pf\fR to fold long lines. + +Specify one or more "\fIservice/type/parameter\fR" instances +on the \fBpostconf\fR(1) command line to limit the output +to parameters of interest. Trailing parameter name or +service type fields that are omitted will be handled as "*" +wildcard fields. + +This feature is available with Postfix 2.11 and later. +.IP "\fB\-t\fR [\fItemplate_file\fR]" +Display the templates for text that appears at the beginning +of delivery status notification (DSN) messages, without +expanding $\fBname\fR expressions. + +To override the \fBbounce_template_file\fR parameter setting, +specify a template file name at the end of the "\fBpostconf +\-t\fR" command line. Specify an empty file name to display +built\-in templates (in shell language: ""). + +This feature is available with Postfix 2.3 and later. +.IP "\fB\-T \fImode\fR" +If Postfix is compiled without TLS support, the \fB\-T\fR option +produces no output. Otherwise, if an invalid \fImode\fR is specified, +the \fB\-T\fR option reports an error and exits with a non\-zero status +code. The valid modes are: +.RS +.IP \fBcompile\-version\fR +Output the OpenSSL version that Postfix was compiled with +(i.e. the OpenSSL version in a header file). The output +format is the same as with the command "\fBopenssl version\fR". +.IP \fBrun\-version\fR +Output the OpenSSL version that Postfix is linked with at +runtime (i.e. the OpenSSL version in a shared library). +.IP \fBpublic\-key\-algorithms\fR +Output the lower\-case names of the supported public\-key +algorithms, one per\-line. +.RE +.IP +This feature is available with Postfix 3.1 and later. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple +\fB\-v\fR options make the software increasingly verbose. +.IP \fB\-x\fR +Expand \fI$name\fR in \fBmain.cf\fR or \fBmaster.cf\fR +parameter values. The expansion is recursive. + +This feature is available with Postfix 2.10 and later. +.IP \fB\-X\fR +Edit the \fBmain.cf\fR configuration file, and remove the +parameters named on the \fBpostconf\fR(1) command line. +Specify a list of parameter names, not "\fIname=value\fR" +pairs. + +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, +and remove one or more service entries as specified with +"\fIservice/type\fR" on the \fBpostconf\fR(1) command line. + +With \fB\-P\fR, edit the \fBmaster.cf\fR configuration file, +and remove one or more service parameter settings (\-o +parameter=value settings) as specified with +"\fIservice/type/parameter\fR" on the \fBpostconf\fR(1) +command line. + +In all cases the file is copied to a temporary file then +renamed into place. Specify quotes to protect special +characters on the \fBpostconf\fR(1) command line. + +There is no \fBpostconf\fR(1) command to perform the reverse +operation. + +This feature is available with Postfix 2.10 and later. +Support for \-M and \-P was added with Postfix 2.11. +.IP \fB\-#\fR +Edit the \fBmain.cf\fR configuration file, and comment out +the parameters named on the \fBpostconf\fR(1) command line, +so that those parameters revert to their default values. +Specify a list of parameter names, not "\fIname=value\fR" +pairs. + +With \fB\-M\fR, edit the \fBmaster.cf\fR configuration file, +and comment out one or more service entries as specified +with "\fIservice/type\fR" on the \fBpostconf\fR(1) command +line. + +In all cases the file is copied to a temporary file then +renamed into place. Specify quotes to protect special +characters on the \fBpostconf\fR(1) command line. + +There is no \fBpostconf\fR(1) command to perform the reverse +operation. + +This feature is available with Postfix 2.6 and later. Support +for \-M was added with Postfix 2.11. +.SH DIAGNOSTICS +.ad +.fi +Problems are reported to the standard error stream. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially +relevant to this program. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBbounce_template_file (empty)\fR" +Pathname of a configuration file with bounce message templates. +.SH "FILES" +.na +.nf +/etc/postfix/main.cf, Postfix configuration parameters +/etc/postfix/master.cf, Postfix master daemon configuration +.SH "SEE ALSO" +.na +.nf +bounce(5), bounce template file format +master(5), master.cf configuration file syntax +postconf(5), main.cf configuration file syntax +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or "\fBpostconf +html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this +software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postdrop.1 b/man/man1/postdrop.1 new file mode 100644 index 0000000..23d6012 --- /dev/null +++ b/man/man1/postdrop.1 @@ -0,0 +1,139 @@ +.TH POSTDROP 1 +.ad +.fi +.SH NAME +postdrop +\- +Postfix mail posting utility +.SH "SYNOPSIS" +.na +.nf +\fBpostdrop\fR [\fB\-rv\fR] [\fB\-c \fIconfig_dir\fR] +.SH DESCRIPTION +.ad +.fi +The \fBpostdrop\fR(1) command creates a file in the \fBmaildrop\fR +directory and copies its standard input to the file. + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. See also the +MAIL_CONFIG environment setting below. +.IP \fB\-r\fR +Use a Postfix\-internal protocol for reading the message from +standard input, and for reporting status information on standard +output. This is currently the only supported method. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. As of Postfix 2.3, +this option is available for the super\-user only. +.SH "SECURITY" +.na +.nf +.ad +.fi +The command is designed to run with set\-group ID privileges, so +that it can write to the \fBmaildrop\fR queue directory and so that +it can connect to Postfix daemon processes. +.SH DIAGNOSTICS +.ad +.fi +Fatal errors: malformed input, I/O error, out of memory. Problems +are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to +the standard error stream. +When the input is incomplete, or when the process receives a HUP, +INT, QUIT or TERM signal, the queue file is deleted. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP MAIL_CONFIG +Directory with the \fBmain.cf\fR file. In order to avoid exploitation +of set\-group ID privileges, a non\-standard directory is allowed only +if: +.RS +.IP \(bu +The name is listed in the standard \fBmain.cf\fR file with the +\fBalternate_config_directories\fR configuration parameter. +.IP \(bu +The command is invoked by the super\-user. +.RE +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBalternate_config_directories (empty)\fR" +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line (in the +case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG +environment parameter. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBtrigger_timeout (10s)\fR" +The time limit for sending a trigger to a Postfix daemon (for +example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). +.PP +Available in Postfix version 2.2 and later: +.IP "\fBauthorized_submit_users (static:anyone)\fR" +List of users who are authorized to submit mail with the \fBsendmail\fR(1) +command (and with the privileged \fBpostdrop\fR(1) helper command). +.PP +Available in Postfix version 3.6 and later: +.IP "\fBlocal_login_sender_maps (static:*)\fR" +A list of lookup tables that are searched by the UNIX login name, +and that return a list of allowed envelope sender patterns separated +by space or comma. +.IP "\fBempty_address_local_login_sender_maps_lookup_key (<>)\fR" +The lookup key to be used in local_login_sender_maps tables, instead +of the null sender address. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.SH "FILES" +.na +.nf +/var/spool/postfix/maildrop, maildrop queue +.SH "SEE ALSO" +.na +.nf +sendmail(1), compatibility interface +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postfix-tls.1 b/man/man1/postfix-tls.1 new file mode 100644 index 0000000..1c96799 --- /dev/null +++ b/man/man1/postfix-tls.1 @@ -0,0 +1,246 @@ +.TH POSTFIX-TLS 1 +.ad +.fi +.SH NAME +postfix-tls +\- +Postfix TLS management +.SH "SYNOPSIS" +.na +.nf +\fBpostfix tls\fR \fIsubcommand\fR +.SH DESCRIPTION +.ad +.fi +The "\fBpostfix tls \fIsubcommand\fR" feature enables +opportunistic TLS in the Postfix SMTP client or server, and +manages Postfix SMTP server private keys and certificates. + +The following subcommands are available: +.IP "\fBenable\-client\fR [\fB\-r \fIrandsource\fR]" +Enable opportunistic TLS in the Postfix SMTP client, if all +SMTP client TLS settings are at their default values. +Otherwise, suggest parameter settings without making any +changes. +.sp +Specify \fIrandsource\fR to update the value of the +\fBtls_random_source\fR configuration parameter (typically, +/dev/urandom). Prepend \fBdev:\fR to device paths or +\fBegd:\fR to EGD socket paths. +.sp +See also the \fBall\-default\-client\fR subcommand. +.IP "\fBenable\-server\fR [\fB\-r \fIrandsource\fR] [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +Create a new private key and self\-signed server certificate +and enable opportunistic TLS in the Postfix SMTP server, +if all SMTP server TLS settings are at their default values. +Otherwise, suggest parameter settings without making any +changes. +.sp +The \fIrandsource\fR parameter is as with \fBenable\-client\fR +above, and the remaining options are as with \fBnew\-server\-key\fR +below. +.sp +See also the \fBall\-default\-server\fR subcommand. +.IP "\fBnew\-server\-key\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +Create a new private key and self\-signed server certificate, +but do not deploy them. Log and display commands to deploy +the new key and corresponding certificate. Also log and +display commands to output a corresponding CSR or TLSA +records which may be needed to obtain a CA certificate or +to update DNS before the new key can be deployed. +.sp +The \fIalgorithm\fR defaults to \fBrsa\fR, and \fIbits\fR +defaults to 2048. If you choose the \fBecdsa\fR \fIalgorithm\fR +then \fIbits\fR will be an EC curve name (by default +\fBsecp256r1\fR, also known as prime256v1). Curves other +than \fBsecp256r1\fR, \fBsecp384r1\fR or \fBsecp521r1\fR +are unlikely to be widely interoperable. When generating +EC keys, use one of these three. DSA keys are obsolete and +are not supported. +.sp +Note: ECDSA support requires OpenSSL 1.0.0 or later and may +not be available on your system. Not all client systems +will support ECDSA, so you'll generally want to deploy both +RSA and ECDSA certificates to make use of ECDSA with +compatible clients and RSA with the rest. If you want to +deploy certificate chains with intermediate CAs for both +RSA and ECDSA, you'll want at least OpenSSL 1.0.2, as earlier +versions may not handle multiple chain files correctly. +.sp +The first \fIhostname\fR argument will be the \fBCommonName\fR +of both the subject and issuer of the self\-signed certificate. +It, and any additional \fIhostname\fR arguments, will also +be listed as DNS alternative names in the certificate. If +no \fIhostname\fR is provided the value of the \fBmyhostname\fR +main.cf parameter will be used. +.sp +For RSA, the generated private key and certificate files +are named \fBkey\-\fIyyyymmdd\-hhmmss\fB.pem\fR and +\fBcert\-\fIyyyymmdd\-hhmmss\fB.pem\fR, where \fIyyyymmdd\fR +is the calendar date and \fIhhmmss\fR is the time of day +in UTC. For ECDSA, the file names start with \fBeckey\-\fR +and \fBeccert\-\fR instead of \fBkey\-\fR and \fBcert\-\fR +respectively. +.sp +Before deploying the new key and certificate with DANE, +update the DNS with new DANE TLSA records, then wait for +secondary nameservers to update and then for stale records +in remote DNS caches to expire. +.sp +Before deploying a new CA certificate make sure to include +all the required intermediate issuing CA certificates in +the certificate chain file. The server certificate must +be the first certificate in the chain file. Overwrite and +deploy the file with the original self\-signed certificate +that was generated together with the key. +.IP "\fBnew\-server\-cert\fR [\fB\-a \fIalgorithm\fR] [\fB\-b \fIbits\fR] [\fIhostname\fB...\fR]" +This is just like \fBnew\-server\-key\fR except that, rather +than generating a new private key, any currently deployed +private key is copied to the new key file. Thus if you're +publishing DANE TLSA "3 1 1" or "3 1 2" records, there is +no need to update DNS records. The \fIalgorithm\fR and +\fIbits\fR arguments are used only if no key of the same +algorithm is already configured. +.sp +This command is rarely needed, because the self\-signed +certificates generated have a 100\-year nominal expiration +time. The underlying public key algorithms may well be +obsoleted by quantum computers long before then. +.sp +The most plausible reason for using this command is when +the system hostname changes, and you'd like the name in the +certificate to match the new hostname (not required for +DANE "3 1 1", but some needlessly picky non\-DANE opportunistic +TLS clients may log warnings or even refuse to communicate). +.IP "\fBdeploy\-server\-cert \fIcertfile\fB \fIkeyfile\fR" +This subcommand deploys the certificates in \fIcertfile\fR +and private key in \fIkeyfile\fR (which are typically +generated by the commands above, which will also log and +display the full command needed to deploy the generated key +and certificate). After the new certificate and key are +deployed any obsolete keys and certificates may be removed +by hand. The \fIkeyfile\fR and \fIcertfile\fR filenames +may be relative to the Postfix configuration directory. +.IP "\fBoutput\-server\-csr\fR [\fB\-k \fIkeyfile\fR] [\fIhostname\fB...\fR]" +Write to stdout a certificate signing request (CSR) for the +specified \fIkeyfile\fR. +.sp +Instead of an absolute pathname or a pathname relative to +$config_directory, \fIkeyfile\fR may specify one of the +supported key algorithm names (see "\fBpostconf \-T +public\-key\-algorithms\fR"). In that case, the corresponding +setting from main.cf is used to locate the \fIkeyfile\fR. +The default \fIkeyfile\fR value is \fBrsa\fR. +.sp +Zero or more \fIhostname\fR values can be specified. The +default \fIhostname\fR is the value of \fBmyhostname\fR +main.cf parameter. +.IP "\fBoutput\-server\-tlsa\fR [\fB\-h \fIhostname\fR] [\fIkeyfile\fB...\fR]" +Write to stdout a DANE TLSA RRset suitable for a port 25 +SMTP server on host \fIhostname\fR with keys from any of +the specified \fIkeyfile\fR values. The default \fIhostname\fR +is the value of the \fBmyhostname\fR main.cf parameter. +.sp +Instead of absolute pathnames or pathnames relative to +$config_directory, the \fIkeyfile\fR list may specify +names of supported public key algorithms (see "\fBpostconf +\-T public\-key\-algorithms\fR"). In that case, the actual +\fIkeyfile\fR list uses the values of the corresponding +Postfix server TLS key file parameters. If a parameter +value is empty or equal to \fBnone\fR, then no TLSA record +is output for that algorithm. +.sp +The default \fIkeyfile\fR list consists of the two supported +algorithms \fBrsa\fR and \fBecdsa\fR. +.SH "AUXILIARY COMMANDS" +.na +.nf +.IP "\fBall\-default\-client\fR" +Exit with status 0 (success) if all SMTP client TLS settings are +at their default values. Otherwise, exit with a non\-zero status. +This is typically used as follows: +.sp +\fBpostfix tls all\-default\-client && + postfix tls enable\-client\fR +.IP "\fBall\-default\-server\fR" +Exit with status 0 (success) if all SMTP server TLS settings are +at their default values. Otherwise, exit with a non\-zero status. +This is typically used as follows: +.sp +\fBpostfix tls all\-default\-server && + postfix tls enable\-server\fR +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The "\fBpostfix tls \fIsubcommand\fR" feature reads +or updates the following configuration parameters. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_security_level (empty)\fR" +The default SMTP TLS security level for the Postfix SMTP client; +when a non\-empty value is specified, this overrides the obsolete +parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtpd_tls_cert_file (empty)\fR" +File with the Postfix SMTP server RSA certificate in PEM format. +.IP "\fBsmtpd_tls_eccert_file (empty)\fR" +File with the Postfix SMTP server ECDSA certificate in PEM format. +.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix SMTP server ECDSA private key in PEM format. +.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" +File with the Postfix SMTP server RSA private key in PEM format. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_received_header (no)\fR" +Request that the Postfix SMTP server produces Received: message +headers that include information about the protocol and cipher used, +as well as the remote SMTP client CommonName and client certificate issuer +CommonName. +.IP "\fBsmtpd_tls_security_level (empty)\fR" +The SMTP TLS security level for the Postfix SMTP server; when +a non\-empty value is specified, this overrides the obsolete parameters +smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBtls_random_source (see 'postconf -d' output)\fR" +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. +.SH "SEE ALSO" +.na +.nf +master(8) Postfix master program +postfix(1) Postfix administrative interface +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TLS_README, Postfix TLS configuration and operation +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +The "\fBpostfix tls\fR" command was introduced with Postfix +version 3.1. +.SH "AUTHOR(S)" +.na +.nf +Viktor Dukhovni diff --git a/man/man1/postfix.1 b/man/man1/postfix.1 new file mode 100644 index 0000000..21681de --- /dev/null +++ b/man/man1/postfix.1 @@ -0,0 +1,433 @@ +.TH POSTFIX 1 +.ad +.fi +.SH NAME +postfix +\- +Postfix control program +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostfix\fR [\fB\-Dv\fR] [\fB\-c \fIconfig_dir\fR] \fIcommand\fR +.SH DESCRIPTION +.ad +.fi +This command is reserved for the superuser. To submit mail, +use the Postfix \fBsendmail\fR(1) command. + +The \fBpostfix\fR(1) command controls the operation of the Postfix +mail system: start or stop the \fBmaster\fR(8) daemon, do a health +check, and other maintenance. + +By default, the \fBpostfix\fR(1) command sets up a standardized +environment and runs the \fBpostfix\-script\fR shell script +to do the actual work. + +However, when support for multiple Postfix instances is +configured, \fBpostfix\fR(1) executes the command specified +with the \fBmulti_instance_wrapper\fR configuration parameter. +This command will execute the \fIcommand\fR for each +applicable Postfix instance. + +The following commands are implemented: +.IP \fBcheck\fR +Warn about bad directory/file ownership or permissions, +and create missing directories. +.IP \fBstart\fR +Start the Postfix mail system. This also runs the configuration +check described above. +.IP \fBstart\-fg\fR +Like \fBstart\fR, but keep the \fBmaster\fR(8) daemon running +in the foreground, and enable \fBmaster\fR(8) "init" mode +when running as PID 1. +This command requires that multi\-instance support is +disabled (i.e. the multi_instance_directories parameter +value must be empty). + +When running Postfix inside a container, see MAILLOG_README +for logging to stdout. Postfix logs to syslog by default, +which requires a) running a syslogd process inside the +container, or b) mounting the container host's /dev/log +socket inside the container (example: "docker run \-v +/dev/log:/dev/log ..."), and c) a distinct Postfix "syslog_name" +prefix that identifies logging from the Postfix instance. +.IP \fBstop\fR +Stop the Postfix mail system in an orderly fashion. If +possible, running processes are allowed to terminate at +their earliest convenience. +.sp +Note: in order to refresh the Postfix mail system after a +configuration change, do not use the \fBstart\fR and \fBstop\fR +commands in succession. Use the \fBreload\fR command instead. +.IP \fBabort\fR +Stop the Postfix mail system abruptly. Running processes are +signaled to stop immediately. +.IP \fBflush\fR +Force delivery: attempt to deliver every message in the deferred +mail queue. Normally, attempts to deliver delayed mail happen at +regular intervals, the interval doubling after each failed attempt. +.sp +Warning: flushing undeliverable mail frequently will result in +poor delivery performance of all other mail. +.IP \fBreload\fR +Re\-read configuration files. Running processes terminate at their +earliest convenience. +.IP \fBstatus\fR +Indicate if the Postfix mail system is currently running. +.IP "\fBset\-permissions\fR [\fIname\fR=\fIvalue ...\fR]" +Set the ownership and permissions of Postfix related files and +directories, as specified in the \fBpostfix\-files\fR file. +.sp +Specify \fIname\fR=\fIvalue\fR to override and update specific +main.cf configuration parameters. Use this, for example, to +change the \fBmail_owner\fR or \fBsetgid_group\fR setting for an +already installed Postfix system. +.sp +This feature is available in Postfix 2.1 and later. With +Postfix 2.0 and earlier, use "\fB$config_directory/post\-install +set\-permissions\fR". +.IP "\fBlogrotate\fR" +Rotate the logfile specified with $maillog_file, by appending +a time\-stamp suffix that is formatted according to +$maillog_file_rotate_suffix, and by compressing the file +with the command specified with $maillog_file_compressor. +This will not rotate /dev/* files. +.sp +This feature is available in Postfix 3.4 and later. +.IP "\fBtls\fR \fIsubcommand\fR" +Enable opportunistic TLS in the Postfix SMTP client or +server, and manage Postfix SMTP server TLS private keys and +certificates. See postfix\-tls(1) for documentation. +.sp +This feature is available in Postfix 3.1 and later. +.IP "\fBupgrade\-configuration\fR [\fIname\fR=\fIvalue ...\fR]" +Update the \fBmain.cf\fR and \fBmaster.cf\fR files with information +that Postfix needs in order to run: add or update services, and add +or update configuration parameter settings. +.sp +Specify \fIname\fR=\fIvalue\fR to override and update specific +main.cf configuration parameters. +.sp +This feature is available in Postfix 2.1 and later. With +Postfix 2.0 and earlier, use "\fB$config_directory/post\-install +upgrade\-configuration\fR". +.PP +The following options are implemented: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in +the named directory instead of the default configuration directory. +Use this to distinguish between multiple Postfix instances on the +same host. + +With Postfix 2.6 and later, this option forces the postfix(1) +command to operate on the specified Postfix instance only. +This behavior is inherited by postfix(1) commands that run +as a descendant of the current process. +.IP "\fB\-D\fR (with \fBpostfix start\fR only)" +Run each Postfix daemon under control of a debugger as specified +via the \fBdebugger_command\fR configuration parameter. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +The \fBpostfix\fR(1) command exports the following environment +variables before executing the \fBpostfix\-script\fR file: +.IP \fBMAIL_CONFIG\fR +This is set when the \-c command\-line option is present. + +With Postfix 2.6 and later, this environment variable forces +the postfix(1) command to operate on the specified Postfix +instance only. This behavior is inherited by postfix(1) +commands that run as a descendant of the current process. +.IP \fBMAIL_VERBOSE\fR +This is set when the \-v command\-line option is present. +.IP \fBMAIL_DEBUG\fR +This is set when the \-D command\-line option is present. +.PP +When the internal logging service is enabled (by setting a +non\-empty maillog_file parameter value) the postfix(1) +command exports settings that are used by child processes +before they have processed main.cf or command\-line settings. +.IP \fBPOSTLOG_SERVICE +The name of the public postlog service endpoint. +.IP \fBPOSTLOG_HOSTNAME +The hostname to prepend to internal logging. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR configuration parameters are +exported as environment variables with the same names: +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBdaemon_directory (see 'postconf -d' output)\fR" +The directory with Postfix support programs and daemon programs. +.IP "\fBhtml_directory (see 'postconf -d' output)\fR" +The location of Postfix HTML files that describe how to build, +configure or operate a specific Postfix subsystem or feature. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmailq_path (see 'postconf -d' output)\fR" +Sendmail compatibility feature that specifies where the Postfix +\fBmailq\fR(1) command is installed. +.IP "\fBmanpage_directory (see 'postconf -d' output)\fR" +Where the Postfix manual pages are installed. +.IP "\fBnewaliases_path (see 'postconf -d' output)\fR" +Sendmail compatibility feature that specifies the location of the +\fBnewaliases\fR(1) command. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBreadme_directory (see 'postconf -d' output)\fR" +The location of Postfix README files that describe how to build, +configure or operate a specific Postfix subsystem or feature. +.IP "\fBsendmail_path (see 'postconf -d' output)\fR" +A Sendmail compatibility feature that specifies the location of +the Postfix \fBsendmail\fR(1) command. +.IP "\fBsetgid_group (postdrop)\fR" +The group ownership of set\-gid Postfix commands and of group\-writable +Postfix directories. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.PP +Available in Postfix version 3.0 and later: +.IP "\fBcompatibility_level (0)\fR" +A safety net that causes Postfix to run with backwards\-compatible +default settings after an upgrade to a newer Postfix version. +.IP "\fBmeta_directory (see 'postconf -d' output)\fR" +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. +.IP "\fBshlib_directory (see 'postconf -d' output)\fR" +The location of Postfix dynamically\-linked libraries +(libpostfix\-*.so), and the default location of Postfix database +plugins (postfix\-*.so) that have a relative pathname in the +dynamicmaps.cf file. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.PP +Other configuration parameters: +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.6 and later: +.IP "\fBmulti_instance_directories (empty)\fR" +An optional list of non\-default Postfix configuration directories; +these directories belong to additional Postfix instances that share +the Postfix executable files and documentation with the default +Postfix instance, and that are started, stopped, etc., together +with the default Postfix instance. +.IP "\fBmulti_instance_wrapper (empty)\fR" +The pathname of a multi\-instance manager command that the +\fBpostfix\fR(1) command invokes when the multi_instance_directories +parameter value is non\-empty. +.IP "\fBmulti_instance_group (empty)\fR" +The optional instance group name of this Postfix instance. +.IP "\fBmulti_instance_name (empty)\fR" +The optional instance name of this Postfix instance. +.IP "\fBmulti_instance_enable (no)\fR" +Allow this Postfix instance to be started, stopped, etc., by a +multi\-instance manager. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBmaillog_file (empty)\fR" +The name of an optional logfile that is written by the Postfix +\fBpostlogd\fR(8) service. +.IP "\fBmaillog_file_compressor (gzip)\fR" +The program to run after rotating $maillog_file with "postfix +logrotate". +.IP "\fBmaillog_file_prefixes (/var, /dev/stdout)\fR" +A list of allowed prefixes for a maillog_file value. +.IP "\fBmaillog_file_rotate_suffix (%Y%m%d\-%H%M%S)\fR" +The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". +.IP "\fBpostlog_service_name (postlog)\fR" +The name of the \fBpostlogd\fR(8) service entry in master.cf. +.SH "FILES" +.na +.nf +.ad +.fi +Prior to Postfix version 2.6, all of the following files +were in \fB$config_directory\fR. Some files are now in +\fB$daemon_directory\fR or \fB$meta_directory\fR so that they +can be shared among multiple instances that run the same Postfix +version. + +Use the command "\fBpostconf config_directory\fR" or +"\fBpostconf daemon_directory\fR" to expand the names +into their actual values. +.na +.nf + +$config_directory/main.cf, Postfix configuration parameters +$config_directory/master.cf, Postfix daemon processes +$daemon_directory/postfix\-script, administrative commands +$daemon_directory/post\-install, post\-installation configuration +$meta_directory/dynamicmaps.cf, plug\-in database clients +$meta_directory/postfix\-files, file/directory permissions +.SH "SEE ALSO" +.na +.nf +Commands: +postalias(1), create/update/query alias database +postcat(1), examine Postfix queue file +postconf(1), Postfix configuration utility +postdrop(1), Postfix mail posting utility +postfix(1), Postfix control program +postfix\-tls(1), Postfix TLS management +postkick(1), trigger Postfix daemon +postlock(1), Postfix\-compatible locking +postlog(1), Postfix\-compatible logging +postmap(1), Postfix lookup table manager +postmulti(1), Postfix multi\-instance manager +postqueue(1), Postfix mail queue control +postsuper(1), Postfix housekeeping +mailq(1), Sendmail compatibility interface +newaliases(1), Sendmail compatibility interface +sendmail(1), Sendmail compatibility interface + +Postfix configuration: +bounce(5), Postfix bounce message templates +master(5), Postfix master.cf file syntax +postconf(5), Postfix main.cf file syntax +postfix\-wrapper(5), Postfix multi\-instance API + +Table\-driven mechanisms: +access(5), Postfix SMTP access control table +aliases(5), Postfix alias database +canonical(5), Postfix input address rewriting +generic(5), Postfix output address rewriting +header_checks(5), body_checks(5), Postfix content inspection +relocated(5), Users that have moved +transport(5), Postfix routing table +virtual(5), Postfix virtual aliasing + +Table lookup mechanisms: +cidr_table(5), Associate CIDR pattern with value +ldap_table(5), Postfix LDAP client +lmdb_table(5), Postfix LMDB database driver +memcache_table(5), Postfix memcache client +mysql_table(5), Postfix MYSQL client +nisplus_table(5), Postfix NIS+ client +pcre_table(5), Associate PCRE pattern with value +pgsql_table(5), Postfix PostgreSQL client +regexp_table(5), Associate POSIX regexp pattern with value +socketmap_table(5), Postfix socketmap client +sqlite_table(5), Postfix SQLite database driver +tcp_table(5), Postfix client\-server table lookup + +Daemon processes: +anvil(8), Postfix connection/rate limiting +bounce(8), defer(8), trace(8), Delivery status reports +cleanup(8), canonicalize and enqueue message +discard(8), Postfix discard delivery agent +dnsblog(8), DNS allow/denylist logger +error(8), Postfix error delivery agent +flush(8), Postfix fast ETRN service +local(8), Postfix local delivery agent +master(8), Postfix master daemon +oqmgr(8), old Postfix queue manager +pickup(8), Postfix local mail pickup +pipe(8), deliver mail to non\-Postfix command +postlogd(8), Postfix internal logging service +postscreen(8), Postfix zombie blocker +proxymap(8), Postfix lookup table proxy server +qmgr(8), Postfix queue manager +qmqpd(8), Postfix QMQP server +scache(8), Postfix connection cache manager +showq(8), list Postfix mail queue +smtp(8), lmtp(8), Postfix SMTP+LMTP client +smtpd(8), Postfix SMTP server +spawn(8), run non\-Postfix server +tlsmgr(8), Postfix TLS cache and randomness manager +tlsproxy(8), Postfix TLS proxy server +trivial\-rewrite(8), Postfix address rewriting +verify(8), Postfix address verification +virtual(8), Postfix virtual delivery agent + +Other: +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +OVERVIEW, overview of Postfix commands and processes +BASIC_CONFIGURATION_README, Postfix basic configuration +ADDRESS_REWRITING_README, Postfix address rewriting +SMTPD_ACCESS_README, SMTP relay/access control +CONTENT_INSPECTION_README, Postfix content inspection +QSHAPE_README, Postfix queue analysis +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +TLS support by: +Lutz Jaenicke +Brandenburg University of Technology +Cottbus, Germany + +Victor Duchovni +Morgan Stanley + +SASL support originally by: +Till Franke +SuSE Rhein/Main AG +65760 Eschborn, Germany + +LMTP support originally by: +Philip A. Prindeville +Mirapoint, Inc. +USA. + +Amos Gouaux +University of Texas at Dallas +P.O. Box 830688, MC34 +Richardson, TX 75083, USA + +IPv6 support originally by: +Mark Huizer, Eindhoven University, The Netherlands +Jun\-ichiro 'itojun' Hagino, KAME project, Japan +The Linux PLD project +Dean Strik, Eindhoven University, The Netherlands diff --git a/man/man1/postkick.1 b/man/man1/postkick.1 new file mode 100644 index 0000000..6cd0ef6 --- /dev/null +++ b/man/man1/postkick.1 @@ -0,0 +1,102 @@ +.TH POSTKICK 1 +.ad +.fi +.SH NAME +postkick +\- +kick a Postfix service +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostkick\fR [\fB\-c \fIconfig_dir\fR] [\fB\-v\fR] +\fIclass service request\fR +.SH DESCRIPTION +.ad +.fi +The \fBpostkick\fR(1) command sends \fIrequest\fR to the +specified \fIservice\fR over a local transport channel. +This command makes Postfix private IPC accessible +for use in, for example, shell scripts. + +Options: +.IP "\fB\-c\fR \fIconfig_dir\fR" +Read the \fBmain.cf\fR configuration file in the named directory +instead of the default configuration directory. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.PP +Arguments: +.IP \fIclass\fR +Name of a class of local transport channel endpoints, +either \fBpublic\fR (accessible by any local user) or +\fBprivate\fR (administrative access only). +.IP \fIservice\fR +The name of a local transport endpoint within the named class. +.IP \fIrequest\fR +A string. The list of valid requests is service\-specific. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to the standard error +stream. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.IP \fBMAIL_VERBOSE\fR +Enable verbose logging for debugging purposes. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBapplication_event_drain_time (100s)\fR" +How long the \fBpostkick\fR(1) command waits for a request to enter the +Postfix daemon process input buffer before giving up. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.SH "FILES" +.na +.nf +/var/spool/postfix/private, private class endpoints +/var/spool/postfix/public, public class endpoints +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager trigger protocol +pickup(8), local pickup daemon +postconf(5), configuration parameters +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postlock.1 b/man/man1/postlock.1 new file mode 100644 index 0000000..cd468e7 --- /dev/null +++ b/man/man1/postlock.1 @@ -0,0 +1,126 @@ +.TH POSTLOCK 1 +.ad +.fi +.SH NAME +postlock +\- +lock mail folder and execute command +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostlock\fR [\fB\-c \fIconfig_dir\fR] [\fB\-l \fIlock_style\fR] + [\fB\-v\fR] \fIfile command...\fR +.SH DESCRIPTION +.ad +.fi +The \fBpostlock\fR(1) command locks \fIfile\fR for exclusive +access, and executes \fIcommand\fR. The locking method is +compatible with the Postfix UNIX\-style local delivery agent. + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR configuration file in the named directory +instead of the default configuration directory. +.IP "\fB\-l \fIlock_style\fR" +Override the locking method specified via the +\fBmailbox_delivery_lock\fR configuration parameter (see below). +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.PP +Arguments: +.IP \fIfile\fR +A mailbox file. The user should have read/write permission. +.IP \fIcommand...\fR +The command to execute while \fIfile\fR is locked for exclusive +access. The command is executed directly, i.e. without +interpretation by a shell command interpreter. +.SH DIAGNOSTICS +.ad +.fi +The result status is 75 (EX_TEMPFAIL) when \fBpostlock\fR(1) +could not perform the requested operation. Otherwise, the +exit status is the exit status from the command. +.SH BUGS +.ad +.fi +With remote file systems, the ability to acquire a lock does not +necessarily eliminate access conflicts. Avoid file access by +processes running on different machines. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.IP \fBMAIL_VERBOSE\fR +Enable verbose logging for debugging purposes. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "LOCKING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBstale_lock_time (500s)\fR" +The time after which a stale exclusive mailbox lockfile is removed. +.IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBfork_attempts (5)\fR" +The maximal number of attempts to fork() a child process. +.IP "\fBfork_delay (1s)\fR" +The delay between attempts to fork() a child process. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postlog.1 b/man/man1/postlog.1 new file mode 100644 index 0000000..406a3a3 --- /dev/null +++ b/man/man1/postlog.1 @@ -0,0 +1,125 @@ +.TH POSTLOG 1 +.ad +.fi +.SH NAME +postlog +\- +Postfix\-compatible logging utility +.SH "SYNOPSIS" +.na +.nf +.fi +.ad +\fBpostlog\fR [\fB\-iv\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-p \fIpriority\fR] [\fB\-t \fItag\fR] [\fItext...\fR] +.SH DESCRIPTION +.ad +.fi +The \fBpostlog\fR(1) command implements a Postfix\-compatible logging +interface for use in, for example, shell scripts. + +By default, \fBpostlog\fR(1) logs the \fItext\fR given on the command +line as one record. If no \fItext\fR is specified on the command +line, \fBpostlog\fR(1) reads from standard input and logs each input +line as one record. + +By default, logging is sent to \fBsyslogd\fR(8) or +\fBpostlogd\fR(8); when the +standard error stream is connected to a terminal, logging +is sent there as well. + +The following options are implemented: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR configuration file in the named directory +instead of the default configuration directory. +.IP "\fB\-i\fR (obsolete)" +Include the process ID in the logging tag. This flag is ignored as +of Postfix 3.4, where the PID is always included. +.IP "\fB\-p \fIpriority\fR (default: \fBinfo\fR)" +Specifies the logging severity: \fBinfo\fR, \fBwarn\fR, +\fBerror\fR, \fBfatal\fR, or \fBpanic\fR. With Postfix 3.1 +and later, the program will pause for 1 second after reporting +a \fBfatal\fR or \fBpanic\fR condition, just like other +Postfix programs. +.IP "\fB\-t \fItag\fR" +Specifies the logging tag, that is, the identifying name that +appears at the beginning of each logging record. A default tag +is used when none is specified. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBpostlog\fR(1) command is designed to run with +set\-groupid privileges, so that it can connect to the +\fBpostlogd\fR(8) daemon process (Postfix 3.7 and later; +earlier implementations of this command must not have +set\-groupid or set\-userid permissions). +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP MAIL_CONFIG +Directory with the \fBmain.cf\fR file. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.4 and later: +.IP "\fBmaillog_file (empty)\fR" +The name of an optional logfile that is written by the Postfix +\fBpostlogd\fR(8) service. +.IP "\fBpostlog_service_name (postlog)\fR" +The name of the \fBpostlogd\fR(8) service entry in master.cf. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +The \fBpostlog\fR(1) command was introduced with Postfix +version 3.4. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postmap.1 b/man/man1/postmap.1 new file mode 100644 index 0000000..d2551e5 --- /dev/null +++ b/man/man1/postmap.1 @@ -0,0 +1,343 @@ +.TH POSTMAP 1 +.ad +.fi +.SH NAME +postmap +\- +Postfix lookup table management +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostmap\fR [\fB\-bfFhimnNoprsuUvw\fR] [\fB\-c \fIconfig_dir\fR] +[\fB\-d \fIkey\fR] [\fB\-q \fIkey\fR] + [\fIfile_type\fR:]\fIfile_name\fR ... +.SH DESCRIPTION +.ad +.fi +The \fBpostmap\fR(1) command creates or queries one or more Postfix +lookup tables, or updates an existing one. + +If the result files do not exist they will be created with the +same group and other read permissions as their source file. + +While the table update is in progress, signal delivery is +postponed, and an exclusive, advisory, lock is placed on the +entire table, in order to avoid surprises in spectator +processes. +.SH "INPUT FILE FORMAT" +.na +.nf +.ad +.fi +The format of a lookup table input file is as follows: +.IP \(bu +A table entry has the form +.sp +.nf + \fIkey\fR whitespace \fIvalue\fR +.fi +.IP \(bu +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP \(bu +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.PP +The \fIkey\fR and \fIvalue\fR are processed as is, except that +surrounding white space is stripped off. Whitespace in lookup +keys is supported in Postfix 3.2 and later, by surrounding the +key with double quote characters `"'. Within the double quotes, +double quote `"' and backslash `\\' characters can be included +by quoting them with a preceding backslash. + +When the \fB\-F\fR option is given, the \fIvalue\fR must +specify one or more filenames separated by comma and/or +whitespace; \fBpostmap\fR(1) will concatenate the file +content (with a newline character inserted between files) +and will store the base64\-encoded result instead of the +\fIvalue\fR. + +When the \fIkey\fR specifies email address information, the +localpart should be enclosed with double quotes if required +by RFC 5322. For example, an address localpart that contains +";", or a localpart that starts or ends with ".". + +By default the lookup key is mapped to lowercase to make +the lookups case insensitive; as of Postfix 2.3 this case +folding happens only with tables whose lookup keys are +fixed\-case strings such as btree:, dbm: or hash:. With +earlier versions, the lookup key is folded even with tables +where a lookup field can match both upper and lower case +text, such as regexp: and pcre:. This resulted in loss of +information with $\fInumber\fR substitutions. +.SH "COMMAND-LINE ARGUMENTS" +.na +.nf +.ad +.fi +.IP \fB\-b\fR +Enable message body query mode. When reading lookup keys +from standard input with "\fB\-q \-\fR", process the input +as if it is an email message in RFC 5322 format. Each line +of body content becomes one lookup key. +.sp +By default, the \fB\-b\fR option starts generating lookup +keys at the first non\-header line, and stops when the end +of the message is reached. +To simulate \fBbody_checks\fR(5) processing, enable MIME +parsing with \fB\-m\fR. With this, the \fB\-b\fR option +generates no body\-style lookup keys for attachment MIME +headers and for attached message/* headers. +.sp +NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option +disables UTF\-8 syntax checks on query keys and lookup +results. Specify the \fB\-U\fR option to force UTF\-8 +syntax checks anyway. +.sp +This feature is available in Postfix version 2.6 and later. +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR configuration file in the named directory +instead of the default configuration directory. +.IP "\fB\-d \fIkey\fR" +Search the specified maps for \fIkey\fR and remove one entry per map. +The exit status is zero when the requested information was found. + +If a key value of \fB\-\fR is specified, the program reads key +values from the standard input stream. The exit status is zero +when at least one of the requested keys was found. +.IP \fB\-f\fR +Do not fold the lookup key to lower case while creating or querying +a table. + +With Postfix version 2.3 and later, this option has no +effect for regular expression tables. There, case folding +is controlled by appending a flag to a pattern. +.IP \fB\-F\fR +When querying a map, or listing a map, base64\-decode each +value. When creating a map from source file, process each +value as a list of filenames, concatenate the content of +those files, and store the base64\-encoded result instead +of the value (see INPUT FILE FORMAT for details). +.sp +This feature is available in Postfix version 3.4 and later. +.IP \fB\-h\fR +Enable message header query mode. When reading lookup keys +from standard input with "\fB\-q \-\fR", process the input +as if it is an email message in RFC 5322 format. Each +logical header line becomes one lookup key. A multi\-line +header becomes one lookup key with one or more embedded +newline characters. +.sp +By default, the \fB\-h\fR option generates lookup keys until +the first non\-header line is reached. +To simulate \fBheader_checks\fR(5) processing, enable MIME +parsing with \fB\-m\fR. With this, the \fB\-h\fR option also +generates header\-style lookup keys for attachment MIME +headers and for attached message/* headers. +.sp +NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option +option disables UTF\-8 syntax checks on query keys and +lookup results. Specify the \fB\-U\fR option to force UTF\-8 +syntax checks anyway. +.sp +This feature is available in Postfix version 2.6 and later. +.IP \fB\-i\fR +Incremental mode. Read entries from standard input and do not +truncate an existing database. By default, \fBpostmap\fR(1) creates +a new database from the entries in \fBfile_name\fR. +.IP \fB\-m\fR +Enable MIME parsing with "\fB\-b\fR" and "\fB\-h\fR". +.sp +This feature is available in Postfix version 2.6 and later. +.IP \fB\-N\fR +Include the terminating null character that terminates lookup keys +and values. By default, \fBpostmap\fR(1) does whatever is +the default for +the host operating system. +.IP \fB\-n\fR +Don't include the terminating null character that terminates lookup +keys and values. By default, \fBpostmap\fR(1) does whatever +is the default for +the host operating system. +.IP \fB\-o\fR +Do not release root privileges when processing a non\-root +input file. By default, \fBpostmap\fR(1) drops root privileges +and runs as the source file owner instead. +.IP \fB\-p\fR +Do not inherit the file access permissions from the input file +when creating a new file. Instead, create a new file with default +access permissions (mode 0644). +.IP "\fB\-q \fIkey\fR" +Search the specified maps for \fIkey\fR and write the first value +found to the standard output stream. The exit status is zero +when the requested information was found. + +Note: this performs a single query with the key as specified, +and does not make iterative queries with substrings of the +key as described for access(5), canonical(5), transport(5), +virtual(5) and other Postfix table\-driven features. + +If a key value of \fB\-\fR is specified, the program reads key +values from the standard input stream and writes one line of +\fIkey value\fR output for each key that was found. The exit +status is zero when at least one of the requested keys was found. +.IP \fB\-r\fR +When updating a table, do not complain about attempts to update +existing entries, and make those updates anyway. +.IP \fB\-s\fR +Retrieve all database elements, and write one line of +\fIkey value\fR output for each element. The elements are +printed in database order, which is not necessarily the same +as the original input order. +.sp +This feature is available in Postfix version 2.2 and later, +and is not available for all database types. +.IP \fB\-u\fR +Disable UTF\-8 support. UTF\-8 support is enabled by default +when "smtputf8_enable = yes". It requires that keys and +values are valid UTF\-8 strings. +.IP \fB\-U\fR +With "smtputf8_enable = yes", force UTF\-8 syntax checks +with the \fB\-b\fR and \fB\-h\fR options. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.IP \fB\-w\fR +When updating a table, do not complain about attempts to update +existing entries, and ignore those attempts. +.PP +Arguments: +.IP \fIfile_type\fR +The database type. To find out what types are supported, use +the "\fBpostconf \-m\fR" command. + +The \fBpostmap\fR(1) command can query any supported file type, +but it can create only the following file types: +.RS +.IP \fBbtree\fR +The output file is a btree file, named \fIfile_name\fB.db\fR. +This is available on systems with support for \fBdb\fR databases. +.IP \fBcdb\fR +The output consists of one file, named \fIfile_name\fB.cdb\fR. +This is available on systems with support for \fBcdb\fR databases. +.IP \fBdbm\fR +The output consists of two files, named \fIfile_name\fB.pag\fR and +\fIfile_name\fB.dir\fR. +This is available on systems with support for \fBdbm\fR databases. +.IP \fBfail\fR +A table that reliably fails all requests. The lookup table +name is used for logging only. This table exists to simplify +Postfix error tests. +.IP \fBhash\fR +The output file is a hashed file, named \fIfile_name\fB.db\fR. +This is available on systems with support for \fBdb\fR databases. +.IP \fBlmdb\fR +The output is a btree\-based file, named \fIfile_name\fB.lmdb\fR. +\fBlmdb\fR supports concurrent writes and reads from different +processes, unlike other supported file\-based tables. +This is available on systems with support for \fBlmdb\fR databases. +.IP \fBsdbm\fR +The output consists of two files, named \fIfile_name\fB.pag\fR and +\fIfile_name\fB.dir\fR. +This is available on systems with support for \fBsdbm\fR databases. +.PP +When no \fIfile_type\fR is specified, the software uses the database +type specified via the \fBdefault_database_type\fR configuration +parameter. +.RE +.IP \fIfile_name\fR +The name of the lookup table source file when rebuilding a database. +.SH DIAGNOSTICS +.ad +.fi +Problems are logged to the standard error stream and to +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). +No output means that no problems were detected. Duplicate entries are +skipped and are flagged with a warning. + +\fBpostmap\fR(1) terminates with zero exit status in case of success +(including successful "\fBpostmap \-q\fR" lookup) and terminates +with non\-zero exit status in case of failure. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.IP \fBMAIL_VERBOSE\fR +Enable verbose logging for debugging purposes. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBberkeley_db_create_buffer_size (16777216)\fR" +The per\-table I/O buffer size for programs that create Berkeley DB +hash or btree tables. +.IP "\fBberkeley_db_read_buffer_size (131072)\fR" +The per\-table I/O buffer size for programs that read Berkeley DB +hash or btree tables. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdefault_database_type (see 'postconf -d' output)\fR" +The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) +and \fBpostmap\fR(1) commands. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531, RFC 6532, and RFC 6533. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 2.11 and later: +.IP "\fBlmdb_map_size (16777216)\fR" +The initial OpenLDAP LMDB database size limit in bytes. +.SH "SEE ALSO" +.na +.nf +postalias(1), create/update/query alias database +postconf(1), supported database types +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postmulti.1 b/man/man1/postmulti.1 new file mode 100644 index 0000000..6db035e --- /dev/null +++ b/man/man1/postmulti.1 @@ -0,0 +1,434 @@ +.TH POSTMULTI 1 +.ad +.fi +.SH NAME +postmulti +\- +Postfix multi\-instance manager +.SH "SYNOPSIS" +.na +.nf +.fi +.ti -4 +\fBEnabling multi\-instance management:\fR + +\fBpostmulti\fR \fB\-e init\fR [\fB\-v\fR] + +.ti -4 +\fBIterator mode:\fR + +\fBpostmulti\fR \fB\-l\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] + +\fBpostmulti\fR \fB\-p\fR [\fB\-av\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] \fIpostfix\-command...\fR + +\fBpostmulti\fR \fB\-x\fR [\fB\-aRv\fR] [\fB\-g \fIgroup\fR] +[\fB\-i \fIname\fR] \fIunix\-command...\fR + +.ti -4 +\fBLife\-cycle management:\fR + +\fBpostmulti\fR \fB\-e create\fR [\fB\-av\fR] +[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR] +[\fB\-I \fIname\fR] [\fIparam=value\fR ...] + +\fBpostmulti\fR \fB\-e import\fR [\fB\-av\fR] +[\fB\-g \fIgroup\fR] [\fB\-i \fIname\fR] [\fB\-G \fIgroup\fR] +[\fB\-I \fIname\fR] [\fBconfig_directory=\fI/path\fR] + +\fBpostmulti\fR \fB\-e destroy\fR [\fB\-v\fR] \fB\-i \fIname\fR + +\fBpostmulti\fR \fB\-e deport\fR [\fB\-v\fR] \fB\-i \fIname\fR + +\fBpostmulti\fR \fB\-e enable\fR [\fB\-v\fR] \fB\-i \fIname\fR + +\fBpostmulti\fR \fB\-e disable\fR [\fB\-v\fR] \fB\-i \fIname\fR + +\fBpostmulti\fR \fB\-e assign\fR [\fB\-v\fR] \fB\-i \fIname\fR +[\fB\-I \fIname\fR] [\-G \fIgroup\fR] +.SH DESCRIPTION +.ad +.fi +The \fBpostmulti\fR(1) command allows a Postfix administrator +to manage multiple Postfix instances on a single host. + +\fBpostmulti\fR(1) implements two fundamental modes of +operation. In \fBiterator\fR mode, it executes the same +command for multiple Postfix instances. In \fBlife\-cycle +management\fR mode, it adds or deletes one instance, or +changes the multi\-instance status of one instance. + +Each mode of operation has its own command syntax. For this +reason, each mode is documented in separate sections below. +.SH "BACKGROUND" +.na +.nf +.ad +.fi +A multi\-instance configuration consists of one primary +Postfix instance, and one or more secondary instances whose +configuration directory pathnames are recorded in the primary +instance's main.cf file. Postfix instances share program +files and documentation, but have their own configuration, +queue and data directories. + +Currently, only the default Postfix instance can be used +as primary instance in a multi\-instance configuration. The +\fBpostmulti\fR(1) command does not currently support a \fB\-c\fR +option to select an alternative primary instance, and exits +with a fatal error if the \fBMAIL_CONFIG\fR environment +variable is set to a non\-default configuration directory. + +See the MULTI_INSTANCE_README tutorial for a more detailed +discussion of multi\-instance management with \fBpostmulti\fR(1). +.SH "ITERATOR MODE" +.na +.nf +.ad +.fi +In iterator mode, \fBpostmulti\fR performs the same operation +on all Postfix instances in turn. + +If multi\-instance support is not enabled, the requested +command is performed just for the primary instance. +.PP +Iterator mode implements the following command options: +.SH "Instance selection" +.IP \fB\-a\fR +Perform the operation on all instances. This is the default. +.IP "\fB\-g \fIgroup\fR" +Perform the operation only for members of the named \fIgroup\fR. +.IP "\fB\-i \fIname\fR" +Perform the operation only for the instance with the specified +\fIname\fR. You can specify either the instance name +or the absolute pathname of the instance's configuration +directory. Specify "\-" to select the primary Postfix instance. +.IP \fB\-R\fR +Reverse the iteration order. This may be appropriate when +updating a multi\-instance system, where "sink" instances +are started before "source" instances. +.sp +This option cannot be used with \fB\-p\fR. +.SH "List mode" +.IP \fB\-l\fR +List Postfix instances with their instance name, instance +group name, enable/disable status and configuration directory. +.SH "Postfix\-wrapper mode" +.IP "\fB\-p \fIpostfix\-command\fR" +Invoke \fBpostfix(1)\fR to execute \fIpostfix\-command\fR. +This option implements the \fBpostfix\-wrapper\fR(5) interface. +.RS +.IP \(bu +With "start"\-like commands, "postfix check" is executed for +instances that are not enabled. The full list of commands +is specified with the postmulti_start_commands parameter. +.IP \(bu +With "stop"\-like commands, the iteration order is reversed, +and disabled instances are skipped. The full list of commands +is specified with the postmulti_stop_commands parameter. +.IP \(bu +With "reload" and other commands that require a started +instance, disabled instances are skipped. The full list of +commands is specified with the postmulti_control_commands +parameter. +.IP \(bu +With "status" and other commands that don't require a started +instance, the command is executed for all instances. +.RE +.IP +The \fB\-p\fR option can also be used interactively to +start/stop/etc. a named instance or instance group. For +example, to start just the instances in the group "msa", +invoke \fBpostmulti\fR(1) as follows: +.RS +.IP +# postmulti \-g msa \-p start +.RE +.SH "Command mode" +.IP "\fB\-x \fIunix\-command\fR" +Execute the specified \fIunix\-command\fR for all Postfix instances. +The command runs with appropriate environment settings for +MAIL_CONFIG, command_directory, daemon_directory, +config_directory, queue_directory, data_directory, +multi_instance_name, multi_instance_group and +multi_instance_enable. +.SH "Other options" +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple +\fB\-v\fR options make the software increasingly verbose. +.SH "LIFE-CYCLE MANAGEMENT MODE" +.na +.nf +.ad +.fi +With the \fB\-e\fR option \fBpostmulti\fR(1) can be used to +add or delete a Postfix instance, and to manage the +multi\-instance status of an existing instance. +.PP +The following options are implemented: +.SH "Existing instance selection" +.IP \fB\-a\fR +When creating or importing an instance, place the new +instance at the front of the secondary instance list. +.IP "\fB\-g \fIgroup\fR" +When creating or importing an instance, place the new +instance before the first secondary instance that is a +member of the specified group. +.IP "\fB\-i \fIname\fR" +When creating or importing an instance, place the new +instance before the matching secondary instance. +.sp +With other life\-cycle operations, apply the operation to +the named existing instance. Specify "\-" to select the +primary Postfix instance. +.SH "New or existing instance name assignment" +.IP "\fB\-I \fIname\fR" +Assign the specified instance \fIname\fR to an existing +instance, newly\-created instance, or imported instance. +Instance +names other than "\-" (which makes the instance "nameless") +must start with "postfix\-". This restriction reduces the +likelihood of name collisions with system files. +.IP "\fB\-G \fIgroup\fR" +Assign the specified \fIgroup\fR name to an existing instance +or to a newly created or imported instance. +.SH "Instance creation/deletion/status change" +.IP "\fB\-e \fIaction\fR" +"Edit" managed instances. The following actions are supported: +.RS +.IP \fBinit\fR +This command is required before \fBpostmulti\fR(1) can be +used to manage Postfix instances. The "postmulti \-e init" +command updates the primary instance's main.cf file by +setting: +.RS +.IP +.nf +multi_instance_wrapper = + ${command_directory}/postmulti \-p \-\- +multi_instance_enable = yes +.fi +.RE +.IP +You can set these by other means if you prefer. +.IP \fBcreate\fR +Create a new Postfix instance and add it to the +multi_instance_directories parameter of the primary instance. +The "\fB\-I \fIname\fR" option is recommended to give the +instance a short name that is used to construct default +values for the private directories of the new instance. The +"\fB\-G \fIgroup\fR" option may be specified to assign the +instance to a group, otherwise, the new instance is not a +member of any group. +.sp +The new instance main.cf is the stock main.cf with the +parameters that specify the locations of shared files cloned +from the primary instance. For "nameless" instances, you +should manually adjust "syslog_name" to yield a unique +"logtag" starting with "postfix\-" that will uniquely identify +the instance in the mail logs. It is simpler to assign the +instance a short name with the "\fB\-I \fIname\fR" option. +.sp +Optional "name=value" arguments specify the instance +config_directory, queue_directory and data_directory. +For example: +.RS +.IP +.nf +# postmulti \-I postfix\-mumble \e + \-G mygroup \-e create \e + config_directory=/my/config/dir \e + queue_directory=/my/queue/dir \e + data_directory=/my/data/dir +.fi +.RE +.IP +If any of these pathnames is not supplied, the program +attempts to generate the missing pathname(s) by taking the +corresponding primary instance pathname, and replacing the +last pathname component by the value of the \fB\-I\fR option. +.sp +If the instance configuration directory already exists, and +contains both a main.cf and master.cf file, \fBcreate\fR +will "import" the instance as\-is. For existing instances, +\fBcreate\fR and \fBimport\fR are identical. +.IP \fBimport\fR +Import an existing instance into the list of instances +managed by the \fBpostmulti\fR(1) multi\-instance manager. +This adds the instance to the multi_instance_directories +list of the primary instance. If the "\fB\-I \fIname\fR" +option is provided it specifies the new name for the instance +and is used to define a default location for the instance +configuration directory (as with \fBcreate\fR above). The +"\fB\-G \fIgroup\fR" option may be used to assign the instance +to a group. Add a "\fBconfig_directory=\fI/path\fR" argument +to override a default pathname based on "\fB\-I \fIname\fR". +.IP \fBdestroy\fR +Destroy a secondary Postfix instance. To be a candidate for +destruction an instance must be disabled, stopped and its +queue must not contain any messages. Attempts to destroy +the primary Postfix instance trigger a fatal error, without +destroying the instance. +.sp +The instance is removed from the primary instance main.cf +file's alternate_config_directories parameter and its data, +queue and configuration directories are cleaned of files +and directories created by the Postfix system. The main.cf +and master.cf files are removed from the configuration +directory even if they have been modified since initial +creation. Finally, the instance is "deported" from the list +of managed instances. +.sp +If other files are present in instance private directories, +the directories may not be fully removed, a warning is +logged to alert the administrator. It is expected that an +instance built using "fresh" directories via the \fBcreate\fR +action will be fully removed by the \fBdestroy\fR action +(if first disabled). If the instance configuration and queue +directories are populated with additional files (access and +rewriting tables, chroot jail content, etc.) the instance +directories will not be fully removed. +.sp +The \fBdestroy\fR action triggers potentially dangerous +file removal operations. Make sure the instance's data, +queue and configuration directories are set correctly and +do not contain any valuable files. +.IP \fBdeport\fR +Deport a secondary instance from the list of managed +instances. This deletes the instance configuration directory +from the primary instance's multi_instance_directories list, +but does not remove any files or directories. +.IP \fBassign\fR +Assign a new instance name or a new group name to the +selected instance. Use "\fB\-G \-\fR" to specify "no group" +and "\fB\-I \-\fR" to specify "no name". If you choose to +make an instance "nameless", set a suitable syslog_name in +the corresponding main.cf file. +.IP \fBenable\fR +Mark the selected instance as enabled. This just sets the +multi_instance_enable parameter to "yes" in the instance's +main.cf file. +.IP \fBdisable\fR +Mark the selected instance as disabled. This means that +the instance will not be started etc. with "postfix start", +"postmulti \-p start" and so on. The instance can still be +started etc. with "postfix \-c config\-directory start". +.SH "Other options" +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple +\fB\-v\fR options make the software increasingly verbose. +.RE +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +The \fBpostmulti\fR(1) command exports the following environment +variables before executing the requested \fIcommand\fR for a given +instance: +.IP \fBMAIL_VERBOSE\fR +This is set when the \-v command\-line option is present. +.IP \fBMAIL_CONFIG\fR +The location of the configuration directory of the instance. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_directory (see 'postconf -d' output)\fR" +The directory with Postfix support programs and daemon programs. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBmulti_instance_directories (empty)\fR" +An optional list of non\-default Postfix configuration directories; +these directories belong to additional Postfix instances that share +the Postfix executable files and documentation with the default +Postfix instance, and that are started, stopped, etc., together +with the default Postfix instance. +.IP "\fBmulti_instance_group (empty)\fR" +The optional instance group name of this Postfix instance. +.IP "\fBmulti_instance_name (empty)\fR" +The optional instance name of this Postfix instance. +.IP "\fBmulti_instance_enable (no)\fR" +Allow this Postfix instance to be started, stopped, etc., by a +multi\-instance manager. +.IP "\fBpostmulti_start_commands (start)\fR" +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats +as "start" commands. +.IP "\fBpostmulti_stop_commands (see 'postconf -d' output)\fR" +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats +as "stop" commands. +.IP "\fBpostmulti_control_commands (reload flush)\fR" +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager +treats as "control" commands, that operate on running instances. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.0 and later: +.IP "\fBmeta_directory (see 'postconf -d' output)\fR" +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. +.IP "\fBshlib_directory (see 'postconf -d' output)\fR" +The location of Postfix dynamically\-linked libraries +(libpostfix\-*.so), and the default location of Postfix database +plugins (postfix\-*.so) that have a relative pathname in the +dynamicmaps.cf file. +.SH "FILES" +.na +.nf +$meta_directory/main.cf.proto, stock configuration file +$meta_directory/master.cf.proto, stock configuration file +$daemon_directory/postmulti\-script, life\-cycle helper program +.SH "SEE ALSO" +.na +.nf +postfix(1), Postfix control program +postfix\-wrapper(5), Postfix multi\-instance API +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or "\fBpostconf +html_directory\fR" to locate this information. +.nf +.na +MULTI_INSTANCE_README, Postfix multi\-instance management +.SH HISTORY +.ad +.fi +.ad +.fi +The \fBpostmulti\fR(1) command was introduced with Postfix +version 2.6. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Victor Duchovni +Morgan Stanley + +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postqueue.1 b/man/man1/postqueue.1 new file mode 100644 index 0000000..c8020c1 --- /dev/null +++ b/man/man1/postqueue.1 @@ -0,0 +1,271 @@ +.TH POSTQUEUE 1 +.ad +.fi +.SH NAME +postqueue +\- +Postfix queue control +.SH "SYNOPSIS" +.na +.nf +.ti -4 +\fBTo flush the mail queue\fR: + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-f\fR + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-i \fIqueue_id\fR + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-s \fIsite\fR + +.ti -4 +\fBTo list the mail queue\fR: + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-j\fR + +\fBpostqueue\fR [\fB\-v\fR] [\fB\-c \fIconfig_dir\fR] \fB\-p\fR +.SH DESCRIPTION +.ad +.fi +The \fBpostqueue\fR(1) command implements the Postfix user interface +for queue management. It implements operations that are +traditionally available via the \fBsendmail\fR(1) command. +See the \fBpostsuper\fR(1) command for queue operations +that require super\-user privileges such as deleting a message +from the queue or changing the status of a message. + +The following options are recognized: +.IP "\fB\-c \fIconfig_dir\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. See also the +MAIL_CONFIG environment setting below. +.IP \fB\-f\fR +Flush the queue: attempt to deliver all queued mail. + +This option implements the traditional "\fBsendmail \-q\fR" command, +by contacting the Postfix \fBqmgr\fR(8) daemon. + +Warning: flushing undeliverable mail frequently will result in +poor delivery performance of all other mail. +.IP "\fB\-i \fIqueue_id\fR" +Schedule immediate delivery of deferred mail with the +specified queue ID. + +This option implements the traditional \fBsendmail \-qI\fR +command, by contacting the \fBflush\fR(8) server. + +This feature is available with Postfix version 2.4 and later. +.IP "\fB\-j\fR" +Produce a queue listing in JSON format, based on output +from the showq(8) daemon. The result is a stream of zero +or more JSON objects, one per queue file. Each object is +followed by a newline character to support simple streaming +parsers. See "\fBJSON OBJECT FORMAT\fR" below for details. + +This feature is available in Postfix 3.1 and later. +.IP \fB\-p\fR +Produce a traditional sendmail\-style queue listing. +This option implements the traditional \fBmailq\fR command, +by contacting the Postfix \fBshowq\fR(8) daemon. + +Each queue entry shows the queue file ID, message +size, arrival time, sender, and the recipients that still need to +be delivered. If mail could not be delivered upon the last attempt, +the reason for failure is shown. The queue ID string +is followed by an optional status character: +.RS +.IP \fB*\fR +The message is in the \fBactive\fR queue, i.e. the message is +selected for delivery. +.IP \fB!\fR +The message is in the \fBhold\fR queue, i.e. no further delivery +attempt will be made until the mail is taken off hold. +.IP \fB#\fR +The message is forced to expire. See the \fBpostsuper\fR(1) +options \fB\-e\fR or \fB\-f\fR. +.sp +This feature is available in Postfix 3.5 and later. +.RE +.IP "\fB\-s \fIsite\fR" +Schedule immediate delivery of all mail that is queued for the named +\fIsite\fR. A numerical site must be specified as a valid RFC 5321 +address literal enclosed in [], just like in email addresses. +The site must be eligible for the "fast flush" service. +See \fBflush\fR(8) for more information about the "fast flush" +service. + +This option implements the traditional "\fBsendmail \-qR\fIsite\fR" +command, by contacting the Postfix \fBflush\fR(8) daemon. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. As of Postfix 2.3, +this option is available for the super\-user only. +.SH "JSON OBJECT FORMAT" +.na +.nf +.ad +.fi +Each JSON object represents one queue file; it is emitted +as a single text line followed by a newline character. + +Object members have string values unless indicated otherwise. +Programs should ignore object members that are not listed +here; the list of members is expected to grow over time. +.IP \fBqueue_name\fR +The name of the queue where the message was found. Note +that the contents of the mail queue may change while it is +being listed; some messages may appear more than once, and +some messages may be missed. +.IP \fBqueue_id\fR +The queue file name. The queue_id may be reused within a +Postfix instance unless "enable_long_queue_ids = true" and +time is monotonic. Even then, the queue_id is not expected +to be unique between different Postfix instances. Management +tools that require a unique name should combine the queue_id +with the myhostname setting of the Postfix instance. +.IP \fBarrival_time\fR +The number of seconds since the start of the UNIX epoch. +.IP \fBmessage_size\fR +The number of bytes in the message header and body. This +number does not include message envelope information. It +is approximately equal to the number of bytes that would +be transmitted via SMTP including the <CR><LF> line endings. +.IP \fBforced_expire\fR +The message is forced to expire (\fBtrue\fR or \fBfalse\fR). +See the \fBpostsuper\fR(1) options \fB\-e\fR or \fB\-f\fR. +.sp +This feature is available in Postfix 3.5 and later. +.IP \fBsender\fR +The envelope sender address. +.IP \fBrecipients\fR +An array containing zero or more objects with members: +.RS +.IP \fBaddress\fR +One recipient address. +.IP \fBdelay_reason\fR +If present, the reason for delayed delivery. Delayed +recipients may have no delay reason, for example, while +delivery is in progress, or after the system was stopped +before it could record the reason. +.RE +.SH "SECURITY" +.na +.nf +.ad +.fi +This program is designed to run with set\-group ID privileges, so +that it can connect to Postfix daemon processes. +.SH "STANDARDS" +.na +.nf +RFC 7159 (JSON notation) +.SH DIAGNOSTICS +.ad +.fi +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +and to the standard error stream. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP MAIL_CONFIG +Directory with the \fBmain.cf\fR file. In order to avoid exploitation +of set\-group ID privileges, a non\-standard directory is allowed only +if: +.RS +.IP \(bu +The name is listed in the standard \fBmain.cf\fR file with the +\fBalternate_config_directories\fR configuration parameter. +.IP \(bu +The command is invoked by the super\-user. +.RE +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBalternate_config_directories (empty)\fR" +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line (in the +case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG +environment parameter. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBfast_flush_domains ($relay_domains)\fR" +Optional list of destinations that are eligible for per\-destination +logfiles with mail that is queued to those destinations. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBtrigger_timeout (10s)\fR" +The time limit for sending a trigger to a Postfix daemon (for +example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). +.PP +Available in Postfix version 2.2 and later: +.IP "\fBauthorized_flush_users (static:anyone)\fR" +List of users who are authorized to flush the queue. +.IP "\fBauthorized_mailq_users (static:anyone)\fR" +List of users who are authorized to view the queue. +.SH "FILES" +.na +.nf +/var/spool/postfix, mail queue +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +showq(8), list mail queue +flush(8), fast flush service +sendmail(1), Sendmail\-compatible user interface +postsuper(1), privileged queue operations +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ETRN_README, Postfix ETRN howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The postqueue command was introduced with Postfix version 1.1. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/postsuper.1 b/man/man1/postsuper.1 new file mode 100644 index 0000000..885330f --- /dev/null +++ b/man/man1/postsuper.1 @@ -0,0 +1,343 @@ +.TH POSTSUPER 1 +.ad +.fi +.SH NAME +postsuper +\- +Postfix superintendent +.SH "SYNOPSIS" +.na +.nf +.fi +\fBpostsuper\fR [\fB\-psSv\fR] + [\fB\-c \fIconfig_dir\fR] [\fB\-d \fIqueue_id\fR] + [\fB\-e \fIqueue_id\fR] [\fB\-f \fIqueue_id\fR] + [\fB\-h \fIqueue_id\fR] [\fB\-H \fIqueue_id\fR] + [\fB\-r \fIqueue_id\fR] [\fIdirectory ...\fR] +.SH DESCRIPTION +.ad +.fi +The \fBpostsuper\fR(1) command does maintenance jobs on the Postfix +queue. Use of the command is restricted to the superuser. +See the \fBpostqueue\fR(1) command for unprivileged queue operations +such as listing or flushing the mail queue. + +By default, \fBpostsuper\fR(1) performs the operations +requested with the +\fB\-s\fR and \fB\-p\fR command\-line options on all Postfix queue +directories \- this includes the \fBincoming\fR, \fBactive\fR, +\fBdeferred\fR, and \fBhold\fR directories with message +files and the \fBbounce\fR, +\fBdefer\fR, \fBtrace\fR and \fBflush\fR directories with log files. + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. See also the +MAIL_CONFIG environment setting below. +.IP "\fB\-d \fIqueue_id\fR" +Delete one message with the named queue ID from the named +mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and +\fBdeferred\fR). + +To delete multiple files, specify the \fB\-d\fR option multiple +times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs +from standard input. For example, to delete all mail +with exactly one recipient \fBuser@example.com\fR: +.sp +.nf +postqueue \-j | jq -r ' + # See JSON OBJECT FORMAT section in the postqueue(1) manpage + select(.recipients[0].address == "user@example.com") + | select(.recipients[1].address == null) + | .queue_id + ' | postsuper \-d \- +.fi +.sp +(note the "jq -r" option), or the historical form: +.sp +.nf +mailq | tail \-n +2 | grep \-v '^ *(' | awk 'BEGIN { RS = "" } + # $7=sender, $8=recipient1, $9=recipient2 + { if ($8 == "user@example.com" && $9 == "") + print $1 } + ' | tr \-d '*!' | postsuper \-d \- +.fi +.sp +Specify "\fB\-d ALL\fR" to remove all messages; for example, specify +"\fB\-d ALL deferred\fR" to delete all mail in the \fBdeferred\fR queue. +As a safety measure, the word \fBALL\fR must be specified in upper +case. +.sp +Warning: Postfix queue IDs are reused (always with Postfix +<= 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no). +There is a very small possibility that postsuper deletes the +wrong message file when it is executed while the Postfix mail +system is delivering mail. +.sp +The scenario is as follows: +.RS +.IP 1) +The Postfix queue manager deletes the message that \fBpostsuper\fR(1) +is asked to delete, because Postfix is finished with the +message (it is delivered, or it is returned to the sender). +.IP 2) +New mail arrives, and the new message is given the same queue ID +as the message that \fBpostsuper\fR(1) is supposed to delete. +The probability for reusing a deleted queue ID is about 1 in 2**15 +(the number of different microsecond values that the system clock +can distinguish within a second). +.IP 3) +\fBpostsuper\fR(1) deletes the new message, instead of the old +message that it should have deleted. +.RE +.IP "\fB\-e \fIqueue_id\fR" +.IP "\fB\-f \fIqueue_id\fR" +Request forced expiration for one message with the named +queue ID in the named mail queue(s) (default: \fBhold\fR, +\fBincoming\fR, \fBactive\fR and \fBdeferred\fR). +.RS +.IP \(bu +The message will be returned to the sender when the queue +manager attempts to deliver that message (note that Postfix +will never deliver messages in the \fBhold\fR queue). +.IP \(bu +The \fB\-e\fR and \fB\-f\fR options both request forced +expiration. The difference is that \fB\-f\fR will also release +a message if it is in the \fBhold\fR queue. With \fB\-e\fR, such +a message would not be returned to the sender until it is +released with \fB\-f\fR or \fB\-H\fR. +.IP \(bu +When a deferred message is force\-expired, the return message +will state the reason for the delay. Otherwise, the reason +will be "message is administratively expired". +.RE +.IP +To expire multiple files, specify the \fB\-e\fR or \fB\-f\fR +option multiple times, or specify a \fIqueue_id\fR of \fB\-\fR +to read queue IDs from standard input (see the \fB\-d\fR option +above for an example, but be sure to replace \fB\-d\fR in +the example). +.sp +Specify "\fB\-e ALL\fR" or "\fB\-f ALL\fR" to expire all +messages; for example, specify "\fB\-e ALL deferred\fR" to +expire all mail in the \fBdeferred\fR queue. As a safety +measure, the word \fBALL\fR must be specified in upper case. +.sp +These features are available in Postfix 3.5 and later. +.IP "\fB\-h \fIqueue_id\fR" +Put mail "on hold" so that no attempt is made to deliver it. +Move one message with the named queue ID from the named +mail queue(s) (default: \fBincoming\fR, \fBactive\fR and +\fBdeferred\fR) to the \fBhold\fR queue. + +To hold multiple files, specify the \fB\-h\fR option multiple +times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs +from standard input. +.sp +Specify "\fB\-h ALL\fR" to hold all messages; for example, specify +"\fB\-h ALL deferred\fR" to hold all mail in the \fBdeferred\fR queue. +As a safety measure, the word \fBALL\fR must be specified in upper +case. +.sp +Note: while mail is "on hold" it will not expire when its +time in the queue exceeds the \fBmaximal_queue_lifetime\fR +or \fBbounce_queue_lifetime\fR setting. It becomes subject to +expiration after it is released from "hold". +.sp +This feature is available in Postfix 2.0 and later. +.IP "\fB\-H \fIqueue_id\fR" +Release mail that was put "on hold". +Move one message with the named queue ID from the named +mail queue(s) (default: \fBhold\fR) to the \fBdeferred\fR queue. + +To release multiple files, specify the \fB\-H\fR option multiple +times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs +from standard input. +.sp +Note: specify "\fBpostsuper \-r\fR" to release mail that was kept on +hold for a significant fraction of \fB$maximal_queue_lifetime\fR +or \fB$bounce_queue_lifetime\fR, or longer. +.sp +Specify "\fB\-H ALL\fR" to release all mail that is "on hold". +As a safety measure, the word \fBALL\fR must be specified in upper +case. +.sp +This feature is available in Postfix 2.0 and later. +.IP \fB\-p\fR +Purge old temporary files that are left over after system or +software crashes. +The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done +before other operations. +.IP "\fB\-r \fIqueue_id\fR" +Requeue the message with the named queue ID from the named +mail queue(s) (default: \fBhold\fR, \fBincoming\fR, \fBactive\fR and +\fBdeferred\fR). + +To requeue multiple files, specify the \fB\-r\fR option multiple +times, or specify a \fIqueue_id\fR of \fB\-\fR to read queue IDs +from standard input. +.sp +Specify "\fB\-r ALL\fR" to requeue all messages. As a safety +measure, the word \fBALL\fR must be specified in upper case. +.sp +A requeued message is moved to the \fBmaildrop\fR queue, +from where it is copied by the \fBpickup\fR(8) and +\fBcleanup\fR(8) daemons to a new queue file. In many +respects its handling differs from that of a new local +submission. +.RS +.IP \(bu +The message is not subjected to the smtpd_milters or +non_smtpd_milters settings. When mail has passed through +an external content filter, this would produce incorrect +results with Milter applications that depend on original +SMTP connection state information. +.IP \(bu +The message is subjected again to mail address rewriting +and substitution. This is useful when rewriting rules or +virtual mappings have changed. +.sp +The address rewriting context (local or remote) is the same +as when the message was received. +.IP \(bu +The message is subjected to the same content_filter settings +(if any) as used for new local mail submissions. This is +useful when content_filter settings have changed. +.RE +.IP +Warning: Postfix queue IDs are reused (always with Postfix +<= 2.8; and with Postfix >= 2.9 when enable_long_queue_ids=no). +There is a very small possibility that \fBpostsuper\fR(1) requeues +the wrong message file when it is executed while the Postfix mail +system is running, but no harm should be done. +.sp +This feature is available in Postfix 1.1 and later. +.IP \fB\-s\fR +Structure check and structure repair. This should be done once +before Postfix startup. +The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done +before other operations. +.RS +.IP \(bu +Rename files whose name does not match the message file inode +number. This operation is necessary after restoring a mail +queue from a different machine or from backup, when queue +files were created with Postfix <= 2.8 or with +"enable_long_queue_ids = no". +.IP \(bu +Move queue files that are in the wrong place in the file system +hierarchy and remove subdirectories that are no longer needed. +File position rearrangements are necessary after a change in the +\fBhash_queue_names\fR and/or \fBhash_queue_depth\fR +configuration parameters. +.IP \(bu +Rename queue files created with "enable_long_queue_ids = +yes" to short names, for migration to Postfix <= 2.8. The +procedure is as follows: +.sp +.nf +.na +# postfix stop +# postconf enable_long_queue_ids=no +# postsuper +.ad +.fi +.sp +Run \fBpostsuper\fR(1) repeatedly until it stops reporting +file name changes. +.RE +.IP \fB\-S\fR +A redundant version of \fB\-s\fR that requires that long +file names also match the message file inode number. This +option exists for testing purposes, and is available with +Postfix 2.9 and later. +The \fB\-p\fR, \fB\-s\fR, and \fB\-S\fR operations are done +before other operations. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. Multiple \fB\-v\fR +options make the software increasingly verbose. +.SH DIAGNOSTICS +.ad +.fi +Problems are reported to the standard error stream and to +\fBsyslogd\fR(8) or \fBpostlogd\fR(8). + +\fBpostsuper\fR(1) reports the number of messages deleted +with \fB\-d\fR, the number of messages expired with \fB\-e\fR, +the number of messages expired or released with \fB\-f\fR, +the number of messages held or released with \fB\-h\fR or +\fB\-H\fR, the number of messages requeued with \fB\-r\fR, +and the number of messages whose queue file name was fixed +with \fB\-s\fR. The report is written to the standard error +stream and to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP MAIL_CONFIG +Directory with the \fBmain.cf\fR file. +.SH BUGS +.ad +.fi +Mail that is not sanitized by Postfix (i.e. mail in the \fBmaildrop\fR +queue) cannot be placed "on hold". +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBhash_queue_depth (1)\fR" +The number of subdirectory levels for queue directories listed with +the hash_queue_names parameter. +.IP "\fBhash_queue_names (deferred, defer)\fR" +The names of queue directories that are split across multiple +subdirectory levels. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.9 and later: +.IP "\fBenable_long_queue_ids (no)\fR" +Enable long, non\-repeating, queue IDs (queue file names). +.SH "SEE ALSO" +.na +.nf +sendmail(1), Sendmail\-compatible user interface +postqueue(1), unprivileged queue operations +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/posttls-finger.1 b/man/man1/posttls-finger.1 new file mode 100644 index 0000000..54b72ab --- /dev/null +++ b/man/man1/posttls-finger.1 @@ -0,0 +1,343 @@ +.TH POSTTLS-FINGER 1 +.ad +.fi +.SH NAME +posttls-finger +\- +Probe the TLS properties of an ESMTP or LMTP server. +.SH "SYNOPSIS" +.na +.nf +\fBposttls\-finger\fR [\fIoptions\fR] [\fBinet:\fR]\fIdomain\fR[:\fIport\fR] [\fImatch ...\fR] +.br +\fBposttls\-finger\fR \-S [\fIoptions\fR] \fBunix:\fIpathname\fR [\fImatch ...\fR] +.SH DESCRIPTION +.ad +.fi +\fBposttls\-finger\fR(1) connects to the specified destination +and reports TLS\-related information about the server. With SMTP, the +destination is a domainname; with LMTP it is either a domainname +prefixed with \fBinet:\fR or a pathname prefixed with \fBunix:\fR. If +Postfix is built without TLS support, the resulting \fBposttls\-finger\fR(1) +program has very limited functionality, and only the \fB\-a\fR, \fB\-c\fR, +\fB\-h\fR, \fB\-o\fR, \fB\-S\fR, \fB\-t\fR, \fB\-T\fR and \fB\-v\fR options +are available. + +Note: this is an unsupported test program. No attempt is made +to maintain compatibility between successive versions. + +For SMTP servers that don't support ESMTP, only the greeting banner +and the negative EHLO response are reported. Otherwise, the reported +EHLO response details further server capabilities. + +If TLS support is enabled when \fBposttls\-finger\fR(1) is compiled, and +the server supports \fBSTARTTLS\fR, a TLS handshake is attempted. + +If DNSSEC support is available, the connection TLS security level +(\fB\-l\fR option) defaults to \fBdane\fR; see TLS_README for +details. Otherwise, it defaults to \fBsecure\fR. This setting +determines the certificate matching policy. + +If TLS negotiation succeeds, the TLS protocol and cipher details are +reported. The server certificate is then verified in accordance with +the policy at the chosen (or default) security level. With public +CA\-based trust, when the \fB\-L\fR option includes \fBcertmatch\fR, +(true by default) name matching is performed even if the certificate +chain is not trusted. This logs the names found in the remote SMTP +server certificate and which if any would match, were the certificate +chain trusted. + +Note: \fBposttls\-finger\fR(1) does not perform any table lookups, so +the TLS policy table and obsolete per\-site tables are not consulted. +It does not communicate with the \fBtlsmgr\fR(8) daemon (or any other +Postfix daemons); its TLS session cache is held in private memory, and +disappears when the process exits. + +With the \fB\-r \fIdelay\fR option, if the server assigns a TLS +session id, the TLS session is cached. The connection is then closed +and re\-opened after the specified delay, and \fBposttls\-finger\fR(1) +then reports whether the cached TLS session was re\-used. + +When the destination is a load balancer, it may be distributing +load between multiple server caches. Typically, each server returns +its unique name in its EHLO response. If, upon reconnecting with +\fB\-r\fR, a new server name is detected, another session is cached +for the new server, and the reconnect is repeated up to a maximum +number of times (default 5) that can be specified via the \fB\-m\fR +option. + +The choice of SMTP or LMTP (\fB\-S\fR option) determines the syntax of +the destination argument. With SMTP, one can specify a service on a +non\-default port as \fIhost\fR:\fIservice\fR, and disable MX (mail +exchanger) DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR. +The [] form is required when you specify an IP address instead of a +hostname. An IPv6 address takes the form [\fBipv6:\fIaddress\fR]. +The default port for SMTP is taken from the \fBsmtp/tcp\fR entry in +/etc/services, defaulting to 25 if the entry is not found. + +With LMTP, specify \fBunix:\fIpathname\fR to connect to a local server +listening on a unix\-domain socket bound to the specified pathname; +otherwise, specify an optional \fBinet:\fR prefix followed by a +\fIdomain\fR and an optional port, with the same syntax as for +SMTP. The default TCP port for LMTP is 24. + +Arguments: +.IP "\fB\-a\fR \fIfamily\fR (default: \fBany\fR)" +Address family preference: \fBipv4\fR, \fBipv6\fR or \fBany\fR. When +using \fBany\fR, \fBposttls\-finger\fR(1) will randomly select one of +the two as the more preferred, and exhaust all MX preferences for the +first address family before trying any addresses for the other. +.IP "\fB\-A\fR \fItrust\-anchor.pem\fR (default: none)" +A list of PEM trust\-anchor files that overrides CAfile and CApath +trust chain verification. Specify the option multiple times to +specify multiple files. See the main.cf documentation for +smtp_tls_trust_anchor_file for details. +.IP "\fB\-c\fR" +Disable SMTP chat logging; only TLS\-related information is logged. +.IP "\fB\-C\fR" +Print the remote SMTP server certificate trust chain in PEM format. +The issuer DN, subject DN, certificate and public key fingerprints +(see \fB\-d \fImdalg\fR option below) are printed above each PEM +certificate block. If you specify \fB\-F \fICAfile\fR or +\fB\-P \fICApath\fR, the OpenSSL library may augment the chain with +missing issuer certificates. To see the actual chain sent by the +remote SMTP server leave \fICAfile\fR and \fICApath\fR unset. +.IP "\fB\-d \fImdalg\fR (default: \fB$smtp_tls_fingerprint_digest\fR)" +The message digest algorithm to use for reporting remote SMTP server +fingerprints and matching against user provided certificate +fingerprints (with DANE TLSA records the algorithm is specified +in the DNS). In Postfix versions prior to 3.6, the default value +was "md5". +.IP "\fB\-f\fR" +Lookup the associated DANE TLSA RRset even when a hostname is not an +alias and its address records lie in an unsigned zone. See +smtp_tls_force_insecure_host_tlsa_lookup for details. +.IP "\fB\-F \fICAfile.pem\fR (default: none)" +The PEM formatted CAfile for remote SMTP server certificate +verification. By default no CAfile is used and no public CAs +are trusted. +.IP "\fB\-g \fIgrade\fR (default: medium)" +The minimum TLS cipher grade used by \fBposttls\-finger\fR(1). +See smtp_tls_mandatory_ciphers for details. +.IP "\fB\-h \fIhost_lookup\fR (default: \fBdns\fR)" +The hostname lookup methods used for the connection. See the +documentation of smtp_host_lookup for syntax and semantics. +.IP "\fB\-H \fIchainfiles\fR (default: \fInone\fR)\fR" +List of files with a sequence PEM\-encoded TLS client certificate +chains. The list can be built\-up incrementally, by specifying +the option multiple times, or all at once via a comma or +whitespace separated list of filenames. Each chain starts with +a private key, which is followed immediately by the +corresponding certificate, and optionally by additional issuer +certificates. Each new key begins a new chain for the +corresponding algorithm. This option is mutually exclusive with +the below \fB\-k\fR and \fB\-K\fR options. +.IP "\fB\-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR" +File with PEM\-encoded TLS client certificate chain. This +defaults to \fIkeyfile\fR if one is specified. +.IP "\fB\-K \fIkeyfile\fR (default: \fIcertfile\fR)" +File with PEM\-encoded TLS client private key. +This defaults to \fIcertfile\fR if one is specified. +.IP "\fB\-l \fIlevel\fR (default: \fBdane\fR or \fBsecure\fR)" +The security level for the connection, default \fBdane\fR or +\fBsecure\fR depending on whether DNSSEC is available. For syntax +and semantics, see the documentation of smtp_tls_security_level. +When \fBdane\fR or \fBdane\-only\fR is supported and selected, if no +TLSA records are found, or all the records found are unusable, the +\fIsecure\fR level will be used instead. The \fBfingerprint\fR +security level allows you to test certificate or public\-key +fingerprint matches before you deploy them in the policy table. +.IP +Note, since \fBposttls\-finger\fR(1) does not actually deliver any email, +the \fBnone\fR, \fBmay\fR and \fBencrypt\fR security levels are not +very useful. Since \fBmay\fR and \fBencrypt\fR don't require peer +certificates, they will often negotiate anonymous TLS ciphersuites, +so you won't learn much about the remote SMTP server's certificates +at these levels if it also supports anonymous TLS (though you may +learn that the server supports anonymous TLS). +.IP "\fB\-L \fIlogopts\fR (default: \fBroutine,certmatch\fR)" +Fine\-grained TLS logging options. To tune the TLS features logged +during the TLS handshake, specify one or more of: +.RS +.IP "\fB0, none\fR" +These yield no TLS logging; you'll generally want more, but this +is handy if you just want the trust chain: +.RS +.ad +.nf +$ posttls\-finger \-cC \-L none destination +.fi +.RE +.IP "\fB1, routine, summary\fR" +These synonymous values yield a normal one\-line summary of the TLS +connection. +.IP "\fB2, debug\fR" +These synonymous values combine routine, ssl\-debug, cache and verbose. +.IP "\fB3, ssl\-expert\fR" +These synonymous values combine debug with ssl\-handshake\-packet\-dump. +For experts only. +.IP "\fB4, ssl\-developer\fR" +These synonymous values combine ssl\-expert with ssl\-session\-packet\-dump. +For experts only, and in most cases, use wireshark instead. +.IP "\fBssl\-debug\fR" +Turn on OpenSSL logging of the progress of the SSL handshake. +.IP "\fBssl\-handshake\-packet\-dump\fR" +Log hexadecimal packet dumps of the SSL handshake; for experts only. +.IP "\fBssl\-session\-packet\-dump\fR" +Log hexadecimal packet dumps of the entire SSL session; only useful +to those who can debug SSL protocol problems from hex dumps. +.IP "\fBuntrusted\fR" +Logs trust chain verification problems. This is turned on +automatically at security levels that use peer names signed +by Certification Authorities to validate certificates. So while +this setting is recognized, you should never need to set it +explicitly. +.IP "\fBpeercert\fR" +This logs a one line summary of the remote SMTP server certificate +subject, issuer, and fingerprints. +.IP "\fBcertmatch\fR" +This logs remote SMTP server certificate matching, showing the CN +and each subjectAltName and which name matched. With DANE, logs +matching of TLSA record trust\-anchor and end\-entity certificates. +.IP "\fBcache\fR" +This logs session cache operations, showing whether session caching +is effective with the remote SMTP server. Automatically used when +reconnecting with the \fB\-r\fR option; rarely needs to be set +explicitly. +.IP "\fBverbose\fR" +Enables verbose logging in the Postfix TLS driver; includes all of +peercert..cache and more. +.RE +.IP +The default is \fBroutine,certmatch\fR. After a reconnect, +\fBpeercert\fR, \fBcertmatch\fR and \fBverbose\fR are automatically +disabled while \fBcache\fR and \fBsummary\fR are enabled. +.IP "\fB\-m \fIcount\fR (default: \fB5\fR)" +When the \fB\-r \fIdelay\fR option is specified, the \fB\-m\fR option +determines the maximum number of reconnect attempts to use with +a server behind a load balancer, to see whether connection caching +is likely to be effective for this destination. Some MTAs +don't expose the underlying server identity in their EHLO +response; with these servers there will never be more than +1 reconnection attempt. +.IP "\fB\-M \fIinsecure_mx_policy\fR (default: \fBdane\fR)" +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. See the main.cf +documentation for smtp_tls_dane_insecure_mx_policy for details. +.IP "\fB\-o \fIname=value\fR" +Specify zero or more times to override the value of the main.cf +parameter \fIname\fR with \fIvalue\fR. Possible use\-cases include +overriding the values of TLS library parameters, or "myhostname" to +configure the SMTP EHLO name sent to the remote server. +.IP "\fB\-p \fIprotocols\fR (default: >=TLSv1)" +TLS protocols that \fBposttls\-finger\fR(1) will exclude or include. See +smtp_tls_mandatory_protocols for details. +.IP "\fB\-P \fICApath/\fR (default: none)" +The OpenSSL CApath/ directory (indexed via c_rehash(1)) for remote +SMTP server certificate verification. By default no CApath is used +and no public CAs are trusted. +.IP "\fB\-r \fIdelay\fR" +With a cacheable TLS session, disconnect and reconnect after \fIdelay\fR +seconds. Report whether the session is re\-used. Retry if a new server +is encountered, up to 5 times or as specified with the \fB\-m\fR option. +By default reconnection is disabled, specify a positive delay to +enable this behavior. +.IP "\fB\-s \fIservername\fR" +The server name to send with the TLS Server Name Indication (SNI) +extension. When the server has DANE TLSA records, this parameter +is ignored and the TLSA base domain is used instead. Otherwise, SNI is +not used by default, but can be enabled by specifying the desired value +with this option. +.IP "\fB\-S\fR" +Disable SMTP; that is, connect to an LMTP server. The default port for +LMTP over TCP is 24. Alternative ports can specified by appending +"\fI:servicename\fR" or ":\fIportnumber\fR" to the destination +argument. +.IP "\fB\-t \fItimeout\fR (default: \fB30\fR)" +The TCP connection timeout to use. This is also the timeout for +reading the remote server's 220 banner. +.IP "\fB\-T \fItimeout\fR (default: \fB30\fR)" +The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT. +.IP "\fB\-v\fR" +Enable verbose Postfix logging. Specify more than once to increase +the level of verbose logging. +.IP "\fB\-w\fR" +Enable outgoing TLS wrapper mode, or SUBMISSIONS/SMTPS support. This +is typically provided on port 465 by servers that are compatible with +the SMTP\-in\-SSL protocol, rather than the STARTTLS protocol. +The destination \fIdomain\fR:\fIport\fR must of course provide such +a service. +.IP "\fB\-X\fR" +Enable \fBtlsproxy\fR(8) mode. This is an unsupported mode, +for program development only. +.IP "[\fBinet:\fR]\fIdomain\fR[:\fIport\fR]" +Connect via TCP to domain \fIdomain\fR, port \fIport\fR. The default +port is \fBsmtp\fR (or 24 with LMTP). With SMTP an MX lookup is +performed to resolve the domain to a host, unless the domain is +enclosed in \fB[]\fR. If you want to connect to a specific MX host, +for instance \fImx1.example.com\fR, specify [\fImx1.example.com\fR] +as the destination and \fIexample.com\fR as a \fBmatch\fR argument. +When using DNS, the destination domain is assumed fully qualified +and no default domain or search suffixes are applied; you must use +fully\-qualified names or also enable \fBnative\fR host lookups +(these don't support \fBdane\fR or \fBdane\-only\fR as no DNSSEC +validation information is available via \fBnative\fR lookups). +.IP "\fBunix:\fIpathname\fR" +Connect to the UNIX\-domain socket at \fIpathname\fR. LMTP only. +.IP "\fBmatch ...\fR" +With no match arguments specified, certificate peername matching uses +the compiled\-in default strategies for each security level. If you +specify one or more arguments, these will be used as the list of +certificate or public\-key digests to match for the \fBfingerprint\fR +level, or as the list of DNS names to match in the certificate at the +\fBverify\fR and \fBsecure\fR levels. If the security level is +\fBdane\fR, or \fBdane\-only\fR the match names are ignored, and +\fBhostname, nexthop\fR strategies are used. +.ad +.fi +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Read configuration parameters from a non\-default location. +.IP \fBMAIL_VERBOSE\fR +Same as \fB\-v\fR option. +.SH "SEE ALSO" +.na +.nf +smtp\-source(1), SMTP/LMTP message source +smtp\-sink(1), SMTP/LMTP message dump + +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or "\fBpostconf +html_directory\fR" to locate this information. +.na +.nf +TLS_README, Postfix STARTTLS howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +Viktor Dukhovni diff --git a/man/man1/qmqp-sink.1 b/man/man1/qmqp-sink.1 new file mode 100644 index 0000000..1556b51 --- /dev/null +++ b/man/man1/qmqp-sink.1 @@ -0,0 +1,69 @@ +.TH QMQP-SINK 1 +.ad +.fi +.SH NAME +qmqp-sink +\- +parallelized QMQP test server +.SH "SYNOPSIS" +.na +.nf +.fi +\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR] +[\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR + +\fBqmqp\-sink\fR [\fB\-46cv\fR] [\fB\-x \fItime\fR] +\fBunix:\fR\fIpathname\fR \fIbacklog\fR +.SH DESCRIPTION +.ad +.fi +\fBqmqp\-sink\fR listens on the named host (or address) and port. +It receives messages from the network and throws them away. +The purpose is to measure QMQP client performance, not protocol +compliance. +Connections can be accepted on IPv4 or IPv6 endpoints, or on +UNIX\-domain sockets. +IPv4 and IPv6 are the default. +This program is the complement of the \fBqmqp\-source\fR(1) program. + +Note: this is an unsupported test program. No attempt is made +to maintain compatibility between successive versions. + +Arguments: +.IP \fB\-4\fR +Support IPv4 only. This option has no effect when +Postfix is built without IPv6 support. +.IP \fB\-6\fR +Support IPv6 only. This option is not available when +Postfix is built without IPv6 support. +.IP \fB\-c\fR +Display a running counter that is updated whenever a delivery +is completed. +.IP \fB\-v\fR +Increase verbosity. Specify \fB\-v \-v\fR to see some of the QMQP +conversation. +.IP "\fB\-x \fItime\fR" +Terminate after \fItime\fR seconds. This is to facilitate memory +leak testing. +.SH "SEE ALSO" +.na +.nf +qmqp\-source(1), QMQP message generator +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/qmqp-source.1 b/man/man1/qmqp-source.1 new file mode 100644 index 0000000..86f23b9 --- /dev/null +++ b/man/man1/qmqp-source.1 @@ -0,0 +1,90 @@ +.TH QMQP-SOURCE 1 +.ad +.fi +.SH NAME +qmqp-source +\- +parallelized QMQP test generator +.SH "SYNOPSIS" +.na +.nf +.fi +\fBqmqp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] + +\fBqmqp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR +.SH DESCRIPTION +.ad +.fi +\fBqmqp\-source\fR connects to the named host and TCP port (default 628) +and sends one or more messages to it, either sequentially +or in parallel. The program speaks the QMQP protocol. +Connections can be made to UNIX\-domain and IPv4 or IPv6 servers. +IPv4 and IPv6 are the default. + +Note: this is an unsupported test program. No attempt is made +to maintain compatibility between successive versions. + +Arguments: +.IP \fB\-4\fR +Connect to the server with IPv4. This option has no effect when +Postfix is built without IPv6 support. +.IP \fB\-6\fR +Connect to the server with IPv6. This option is not available when +Postfix is built without IPv6 support. +.IP \fB\-c\fR +Display a running counter that is incremented each time +a delivery completes. +.IP "\fB\-C \fIcount\fR" +When a host sends RESET instead of SYN|ACK, try \fIcount\fR times +before giving up. The default count is 1. Specify a larger count in +order to work around a problem with TCP/IP stacks that send RESET +when the listen queue is full. +.IP "\fB\-f \fIfrom\fR" +Use the specified sender address (default: <foo@myhostname>). +.IP "\fB\-l \fIlength\fR" +Send \fIlength\fR bytes as message payload. The length +includes the message headers. +.IP "\fB\-m \fImessage_count\fR" +Send the specified number of messages (default: 1). +.IP "\fB\-M \fImyhostname\fR" +Use the specified hostname or [address] in the default +sender and recipient addresses, instead of the machine +hostname. +.IP "\fB\-r \fIrecipient_count\fR" +Send the specified number of recipients per transaction (default: 1). +Recipient names are generated by prepending a number to the +recipient address. +.IP "\fB\-s \fIsession_count\fR" +Run the specified number of QMQP sessions in parallel (default: 1). +.IP "\fB\-t \fIto\fR" +Use the specified recipient address (default: <foo@myhostname>). +.IP "\fB\-R \fIinterval\fR" +Wait for a random period of time 0 <= n <= interval between messages. +Suspending one thread does not affect other delivery threads. +.IP \fB\-v\fR +Make the program more verbose, for debugging purposes. +.IP "\fB\-w \fIinterval\fR" +Wait a fixed time between messages. +Suspending one thread does not affect other delivery threads. +.SH "SEE ALSO" +.na +.nf +qmqp\-sink(1), QMQP message dump +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/qshape.1 b/man/man1/qshape.1 new file mode 100644 index 0000000..5a6352f --- /dev/null +++ b/man/man1/qshape.1 @@ -0,0 +1,118 @@ +.TH QSHAPE 1 +.ad +.fi +.SH NAME +qshape +\- +Print Postfix queue domain and age distribution +.SH "SYNOPSIS" +.na +.nf +.fi +\fBqshape\fR [\fB\-s\fR] [\fB\-p\fR] [\fB\-m \fImin_subdomains\fR] + [\fB\-b \fIbucket_count\fR] [\fB\-t \fIbucket_time\fR] + [\fB\-l\fR] [\fB\-w \fIterminal_width\fR] + [\fB\-N \fIbatch_msg_count\fR] [\fB\-n \fIbatch_top_domains\fR] + [\fB\-c \fIconfig_directory\fR] [\fIqueue_name\fR ...] +.SH DESCRIPTION +.ad +.fi +The \fBqshape\fR program helps the administrator understand the +Postfix queue message distribution in time and by sender domain +or recipient domain. The program needs read access to the queue +directories and queue files, so it must run as the superuser or +the \fBmail_owner\fR specified in \fBmain.cf\fR (typically +\fBpostfix\fR). + +Options: +.IP \fB\-s\fR +Display the sender domain distribution instead of the recipient +domain distribution. By default the recipient distribution is +displayed. There can be more recipients than messages, but as +each message has only one sender, the sender distribution is a +message distribution. +.IP \fB\-p\fR +Generate aggregate statistics for parent domains. Top level domains +are not shown, nor are domains with fewer than \fImin_subdomains\fR +subdomains. The names of parent domains are shown with a leading dot, +(e.g. \fI.example.com\fR). +.IP "\fB\-m \fImin_subdomains\fR" +When used with the \fB\-p\fR option, sets the minimum subdomain count +needed to show a separate line for a parent domain. The default is 5. +.IP "\fB\-b \fIbucket_count\fR" +The age distribution is broken up into a sequence of geometrically +increasing intervals. This option sets the number of intervals +or "buckets". Each bucket has a maximum queue age that is twice +as large as that of the previous bucket. The last bucket has no +age limit. +.IP "\fB\-t \fIbucket_time\fR" +The age limit in minutes for the first time bucket. The default +value is 5, meaning that the first bucket counts messages between +0 and 5 minutes old. +.IP "\fB\-l\fR" +Instead of using a geometric age sequence, use a linear age sequence, +in other words simple multiples of \fBbucket_time\fR. + +This feature is available in Postfix 2.2 and later. +.IP "\fB\-w \fIterminal_width\fR" +The output is right justified, with the counts for the last +bucket shown on the 80th column, the \fIterminal_width\fR can be +adjusted for wider screens allowing more buckets to be displayed +without truncating the domain names on the left. When a row for a +full domain name and its counters does not fit in the specified +number of columns, only the last 17 bytes of the domain name +are shown with the prefix replaced by a '+' character. Truncated +parent domain rows are shown as '.+' followed by the last 16 bytes +of the domain name. If this is still too narrow to show the domain +name and all the counters, the terminal_width limit is violated. +.IP "\fB\-N \fIbatch_msg_count\fR" +When the output device is a terminal, intermediate results are +shown each "batch_msg_count" messages. This produces usable results +in a reasonable time even when the deferred queue is large. The +default is to show intermediate results every 1000 messages. +.IP "\fB\-n \fIbatch_top_domains\fR" +When reporting intermediate or final results to a termainal, report +only the top "batch_top_domains" domains. The default limit is 20 +domains. +.IP "\fB\-c \fIconfig_directory\fR" +The \fBmain.cf\fR configuration file is in the named directory +instead of the default configuration directory. +.PP +Arguments: +.IP \fIqueue_name\fR +By default \fBqshape\fR displays the combined distribution of +the incoming and active queues. To display a different set of +queues, just list their directory names on the command line. +Absolute paths are used as is, other paths are taken relative +to the \fBmain.cf\fR \fBqueue_directory\fR parameter setting. +While \fBmain.cf\fR supports the use of \fI$variable\fR expansion +in the definition of the \fBqueue_directory\fR parameter, the +\fBqshape\fR program does not. If you must use variable expansions +in the \fBqueue_directory\fR setting, you must specify an explicit +absolute path for each queue subdirectory even if you want the +default incoming and active queue distribution. +.SH "SEE ALSO" +.na +.nf +mailq(1), List all messages in the queue. +QSHAPE_README Examples and background material. +.SH "FILES" +.na +.nf +$config_directory/main.cf, Postfix installation parameters. +$queue_directory/maildrop/, local submission directory. +$queue_directory/incoming/, new message queue. +$queue_directory/hold/, messages waiting for tech support. +$queue_directory/active/, messages scheduled for delivery. +$queue_directory/deferred/, messages postponed for later delivery. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Victor Duchovni +Morgan Stanley diff --git a/man/man1/sendmail.1 b/man/man1/sendmail.1 new file mode 100644 index 0000000..22affe6 --- /dev/null +++ b/man/man1/sendmail.1 @@ -0,0 +1,512 @@ +.TH SENDMAIL 1 +.ad +.fi +.SH NAME +sendmail +\- +Postfix to Sendmail compatibility interface +.SH "SYNOPSIS" +.na +.nf +\fBsendmail\fR [\fIoption ...\fR] [\fIrecipient ...\fR] + +\fBmailq\fR +\fBsendmail \-bp\fR + +\fBnewaliases\fR +\fBsendmail \-I\fR +.SH DESCRIPTION +.ad +.fi +The Postfix \fBsendmail\fR(1) command implements the Postfix +to Sendmail compatibility interface. +For the sake of compatibility with existing applications, some +Sendmail command\-line options are recognized but silently ignored. + +By default, Postfix \fBsendmail\fR(1) reads a message from +standard input +until EOF or until it reads a line with only a \fB.\fR character, +and arranges for delivery. Postfix \fBsendmail\fR(1) relies on the +\fBpostdrop\fR(1) command to create a queue file in the \fBmaildrop\fR +directory. + +Specific command aliases are provided for other common modes of +operation: +.IP \fBmailq\fR +List the mail queue. Each entry shows the queue file ID, message +size, arrival time, sender, and the recipients that still need to +be delivered. If mail could not be delivered upon the last attempt, +the reason for failure is shown. The queue ID string is +followed by an optional status character: +.RS +.IP \fB*\fR +The message is in the \fBactive\fR queue, i.e. the message is +selected for delivery. +.IP \fB!\fR +The message is in the \fBhold\fR queue, i.e. no further delivery +attempt will be made until the mail is taken off hold. +.IP \fB#\fR +The message is forced to expire. See the \fBpostsuper\fR(1) +options \fB\-e\fR or \fB\-f\fR. +.RE +.IP +This mode of operation is implemented by executing the +\fBpostqueue\fR(1) command. +.IP \fBnewaliases\fR +Initialize the alias database. If no input file is specified (with +the \fB\-oA\fR option, see below), the program processes the file(s) +specified with the \fBalias_database\fR configuration parameter. +If no alias database type is specified, the program uses the type +specified with the \fBdefault_database_type\fR configuration parameter. +This mode of operation is implemented by running the \fBpostalias\fR(1) +command. +.sp +Note: it may take a minute or so before an alias database update +becomes visible. Use the "\fBpostfix reload\fR" command to eliminate +this delay. +.PP +These and other features can be selected by specifying the +appropriate combination of command\-line options. Some features are +controlled by parameters in the \fBmain.cf\fR configuration file. + +The following options are recognized: +.IP "\fB\-Am\fR (ignored)" +.IP "\fB\-Ac\fR (ignored)" +Postfix sendmail uses the same configuration file regardless of +whether or not a message is an initial submission. +.IP "\fB\-B \fIbody_type\fR" +The message body MIME type: \fB7BIT\fR or \fB8BITMIME\fR. +.IP \fB\-bd\fR +Go into daemon mode. This mode of operation is implemented by +executing the "\fBpostfix start\fR" command. +.IP "\fB\-bh\fR (ignored)" +.IP "\fB\-bH\fR (ignored)" +Postfix has no persistent host status database. +.IP \fB\-bi\fR +Initialize alias database. See the \fBnewaliases\fR +command above. +.IP \fB\-bl\fR +Go into daemon mode. To accept only local connections as +with Sendmail's \fB\-bl\fR option, specify "\fBinet_interfaces += loopback\fR" in the Postfix \fBmain.cf\fR configuration +file. +.IP \fB\-bm\fR +Read mail from standard input and arrange for delivery. +This is the default mode of operation. +.IP \fB\-bp\fR +List the mail queue. See the \fBmailq\fR command above. +.IP \fB\-bs\fR +Stand\-alone SMTP server mode. Read SMTP commands from +standard input, and write responses to standard output. +In stand\-alone SMTP server mode, mail relaying and other +access controls are disabled by default. To enable them, +run the process as the \fBmail_owner\fR user. +.sp +This mode of operation is implemented by running the +\fBsmtpd\fR(8) daemon. +.IP \fB\-bv\fR +Do not collect or deliver a message. Instead, send an email +report after verifying each recipient address. This is useful +for testing address rewriting and routing configurations. +.sp +This feature is available in Postfix version 2.1 and later. +.IP "\fB\-C \fIconfig_file\fR" +.IP "\fB\-C \fIconfig_dir\fR" +The path name of the Postfix \fBmain.cf\fR file, or of its +parent directory. This information is ignored with Postfix +versions before 2.3. + +With Postfix version 3.2 and later, a non\-default directory +must be authorized in the default \fBmain.cf\fR file, through +the alternate_config_directories or multi_instance_directories +parameters. + +With all Postfix versions, you can specify a directory pathname +with the MAIL_CONFIG environment variable to override the +location of configuration files. +.IP "\fB\-F \fIfull_name\fR" +Set the sender full name. This overrides the NAME environment +variable, and is used only with messages that +have no \fBFrom:\fR message header. +.IP "\fB\-f \fIsender\fR" +Set the envelope sender address. This is the address where +delivery problems are sent to. With Postfix versions before 2.1, the +\fBErrors\-To:\fR message header overrides the error return address. +.IP \fB\-G\fR +Gateway (relay) submission, as opposed to initial user +submission. Either do not rewrite addresses at all, or +update incomplete addresses with the domain information +specified with \fBremote_header_rewrite_domain\fR. + +This option is ignored before Postfix version 2.3. +.IP "\fB\-h \fIhop_count\fR (ignored)" +Hop count limit. Use the \fBhopcount_limit\fR configuration +parameter instead. +.IP \fB\-I\fR +Initialize alias database. See the \fBnewaliases\fR +command above. +.IP "\fB\-i\fR" +When reading a message from standard input, don't treat a line +with only a \fB.\fR character as the end of input. +.IP "\fB\-L \fIlabel\fR (ignored)" +The logging label. Use the \fBsyslog_name\fR configuration +parameter instead. +.IP "\fB\-m\fR (ignored)" +Backwards compatibility. +.IP "\fB\-N \fIdsn\fR (default: 'delay, failure')" +Delivery status notification control. Specify either a +comma\-separated list with one or more of \fBfailure\fR (send +notification when delivery fails), \fBdelay\fR (send +notification when delivery is delayed), or \fBsuccess\fR +(send notification when the message is delivered); or specify +\fBnever\fR (don't send any notifications at all). + +This feature is available in Postfix 2.3 and later. +.IP "\fB\-n\fR (ignored)" +Backwards compatibility. +.IP "\fB\-oA\fIalias_database\fR" +Non\-default alias database. Specify \fIpathname\fR or +\fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for +details. +.IP "\fB\-O \fIoption=value\fR (ignored)" +Set the named \fIoption\fR to \fIvalue\fR. Use the equivalent +configuration parameter in \fBmain.cf\fR instead. +.IP "\fB\-o7\fR (ignored)" +.IP "\fB\-o8\fR (ignored)" +To send 8\-bit or binary content, use an appropriate MIME encapsulation +and specify the appropriate \fB\-B\fR command\-line option. +.IP "\fB\-oi\fR" +When reading a message from standard input, don't treat a line +with only a \fB.\fR character as the end of input. +.IP "\fB\-om\fR (ignored)" +The sender is never eliminated from alias etc. expansions. +.IP "\fB\-o \fIx value\fR (ignored)" +Set option \fIx\fR to \fIvalue\fR. Use the equivalent +configuration parameter in \fBmain.cf\fR instead. +.IP "\fB\-r \fIsender\fR" +Set the envelope sender address. This is the address where +delivery problems are sent to. With Postfix versions before 2.1, the +\fBErrors\-To:\fR message header overrides the error return address. +.IP "\fB\-R \fIreturn\fR" +Delivery status notification control. Specify "hdrs" to +return only the header when a message bounces, "full" to +return a full copy (the default behavior). + +The \fB\-R\fR option specifies an upper bound; Postfix will +return only the header, when a full copy would exceed the +bounce_size_limit setting. + +This option is ignored before Postfix version 2.10. +.IP \fB\-q\fR +Attempt to deliver all queued mail. This is implemented by +executing the \fBpostqueue\fR(1) command. + +Warning: flushing undeliverable mail frequently will result in +poor delivery performance of all other mail. +.IP "\fB\-q\fIinterval\fR (ignored)" +The interval between queue runs. Use the \fBqueue_run_delay\fR +configuration parameter instead. +.IP \fB\-qI\fIqueueid\fR +Schedule immediate delivery of mail with the specified queue +ID. This option is implemented by executing the +\fBpostqueue\fR(1) command, and is available with Postfix +version 2.4 and later. +.IP \fB\-qR\fIsite\fR +Schedule immediate delivery of all mail that is queued for the named +\fIsite\fR. This option accepts only \fIsite\fR names that are +eligible for the "fast flush" service, and is implemented by +executing the \fBpostqueue\fR(1) command. +See \fBflush\fR(8) for more information about the "fast flush" +service. +.IP \fB\-qS\fIsite\fR +This command is not implemented. Use the slower "\fBsendmail \-q\fR" +command instead. +.IP \fB\-t\fR +Extract recipients from message headers. These are added to any +recipients specified on the command line. + +With Postfix versions prior to 2.1, this option requires that +no recipient addresses are specified on the command line. +.IP "\fB\-U\fR (ignored)" +Initial user submission. +.IP "\fB\-V \fIenvid\fR" +Specify the envelope ID for notification by servers that +support DSN. + +This feature is available in Postfix 2.3 and later. +.IP "\fB\-XV\fR (Postfix 2.2 and earlier: \fB\-V\fR)" +Variable Envelope Return Path. Given an envelope sender address +of the form \fIowner\-listname\fR@\fIorigin\fR, each recipient +\fIuser\fR@\fIdomain\fR receives mail with a personalized envelope +sender address. +.sp +By default, the personalized envelope sender address is +\fIowner\-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default +\fB+\fR and \fB=\fR characters are configurable with the +\fBdefault_verp_delimiters\fR configuration parameter. +.IP "\fB\-XV\fIxy\fR (Postfix 2.2 and earlier: \fB\-V\fIxy\fR)" +As \fB\-XV\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter +characters, instead of the characters specified with the +\fBdefault_verp_delimiters\fR configuration parameter. +.IP \fB\-v\fR +Send an email report of the first delivery attempt (Postfix +versions 2.1 and later). Mail delivery +always happens in the background. When multiple \fB\-v\fR +options are given, enable verbose logging for debugging purposes. +.IP "\fB\-X \fIlog_file\fR (ignored)" +Log mailer traffic. Use the \fBdebug_peer_list\fR and +\fBdebug_peer_level\fR configuration parameters instead. +.SH "SECURITY" +.na +.nf +.ad +.fi +By design, this program is not set\-user (or group) id. +It is prepared to handle message content from untrusted, +possibly remote, users. + +However, like most Postfix programs, this program does not +enforce a security policy on its command\-line arguments. +Instead, it relies on the UNIX system to enforce access +policies based on the effective user and group IDs of the +process. Concretely, this means that running Postfix commands +as root (from sudo or equivalent) on behalf of a non\-root +user is likely to create privilege escalation opportunities. + +If an application runs any Postfix programs on behalf of +users that do not have normal shell access to Postfix +commands, then that application MUST restrict user\-specified +command\-line arguments to avoid privilege escalation. +.IP \(bu +Filter all command\-line arguments, for example arguments +that contain a pathname or that specify a database access +method. These pathname checks must reject user\-controlled +symlinks or hardlinks to sensitive files, and must not be +vulnerable to TOCTOU race attacks. +.IP \(bu +Disable command options processing for all command arguments +that contain user\-specified data. For example, the Postfix +\fBsendmail\fR(1) command line MUST be structured as follows: + +.nf + \fB/path/to/sendmail\fR \fIsystem\-arguments\fR \fB\-\-\fR \fIuser\-arguments\fR +.fi + +Here, the "\fB\-\-\fR" disables command option processing for +all \fIuser\-arguments\fR that follow. +.IP +Without the "\fB\-\-\fR", a malicious user could enable Postfix +\fBsendmail\fR(1) command options, by specifying an email +address that starts with "\fB\-\fR". +.SH DIAGNOSTICS +.ad +.fi +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8), +and to the standard error stream. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.IP "\fBMAIL_VERBOSE\fR (value does not matter)" +Enable verbose logging for debugging purposes. +.IP "\fBMAIL_DEBUG\fR (value does not matter)" +Enable debugging with an external command, as specified with the +\fBdebugger_command\fR configuration parameter. +.IP \fBNAME\fR +The sender full name. This is used only with messages that +have no \fBFrom:\fR message header. See also the \fB\-F\fR +option above. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this program. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +Available with Postfix 2.9 and later: +.IP "\fBsendmail_fix_line_endings (always)\fR" +Controls how the Postfix sendmail command converts email message +line endings from <CR><LF> into UNIX format (<LF>). +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +The DEBUG_README file gives examples of how to troubleshoot a +Postfix system. +.IP "\fBdebugger_command (empty)\fR" +The external command to execute when a Postfix daemon program is +invoked with the \-D option. +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a nexthop destination, +remote client or server name or network address matches a pattern +given with the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of nexthop destination, remote client or server +name or network address patterns that, if matched, cause the verbose +logging level to increase by the amount specified in $debug_peer_level. +.SH "ACCESS CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.2 and later: +.IP "\fBauthorized_flush_users (static:anyone)\fR" +List of users who are authorized to flush the queue. +.IP "\fBauthorized_mailq_users (static:anyone)\fR" +List of users who are authorized to view the queue. +.IP "\fBauthorized_submit_users (static:anyone)\fR" +List of users who are authorized to submit mail with the \fBsendmail\fR(1) +command (and with the privileged \fBpostdrop\fR(1) helper command). +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBbounce_size_limit (50000)\fR" +The maximal amount of original message text that is sent in a +non\-delivery notification. +.IP "\fBfork_attempts (5)\fR" +The maximal number of attempts to fork() a child process. +.IP "\fBfork_delay (1s)\fR" +The delay between attempts to fork() a child process. +.IP "\fBhopcount_limit (50)\fR" +The maximal number of Received: message headers that is allowed +in the primary message headers. +.IP "\fBqueue_run_delay (300s)\fR" +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.SH "FAST FLUSH CONTROLS" +.na +.nf +.ad +.fi +The ETRN_README file describes configuration and operation +details for the Postfix "fast flush" service. +.IP "\fBfast_flush_domains ($relay_domains)\fR" +Optional list of destinations that are eligible for per\-destination +logfiles with mail that is queued to those destinations. +.SH "VERP CONTROLS" +.na +.nf +.ad +.fi +The VERP_README file describes configuration and operation +details of Postfix support for variable envelope return +path addresses. +.IP "\fBdefault_verp_delimiters (+=)\fR" +The two default VERP delimiter characters. +.IP "\fBverp_delimiter_filter (\-=+)\fR" +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBalias_database (see 'postconf -d' output)\fR" +The alias databases for \fBlocal\fR(8) delivery that are updated with +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_directory (see 'postconf -d' output)\fR" +The directory with Postfix support programs and daemon programs. +.IP "\fBdefault_database_type (see 'postconf -d' output)\fR" +The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) +and \fBpostmap\fR(1) commands. +.IP "\fBdelay_warning_time (0h)\fR" +The time after which the sender receives a copy of the message +headers of mail that is still queued. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Postfix 3.2 and later: +.IP "\fBalternate_config_directories (empty)\fR" +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line (in the +case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG +environment parameter. +.IP "\fBmulti_instance_directories (empty)\fR" +An optional list of non\-default Postfix configuration directories; +these directories belong to additional Postfix instances that share +the Postfix executable files and documentation with the default +Postfix instance, and that are started, stopped, etc., together +with the default Postfix instance. +.SH "FILES" +.na +.nf +/var/spool/postfix, mail queue +/etc/postfix, configuration files +.SH "SEE ALSO" +.na +.nf +pickup(8), mail pickup daemon +qmgr(8), queue manager +smtpd(8), SMTP server +flush(8), fast flush service +postsuper(1), queue maintenance +postalias(1), create/update/query alias database +postdrop(1), mail posting utility +postfix(1), mail system control +postqueue(1), mail queue control +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DEBUG_README, Postfix debugging howto +ETRN_README, Postfix ETRN howto +VERP_README, Postfix VERP howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/smtp-sink.1 b/man/man1/smtp-sink.1 new file mode 100644 index 0000000..17bb89c --- /dev/null +++ b/man/man1/smtp-sink.1 @@ -0,0 +1,276 @@ +.TH SMTP-SINK 1 +.ad +.fi +.SH NAME +smtp-sink +\- +parallelized SMTP/LMTP test server +.SH "SYNOPSIS" +.na +.nf +.fi +\fBsmtp\-sink\fR [\fIoptions\fR] [\fBinet:\fR][\fIhost\fR]:\fIport\fR +\fIbacklog\fR + +\fBsmtp\-sink\fR [\fIoptions\fR] \fBunix:\fR\fIpathname\fR \fIbacklog\fR +.SH DESCRIPTION +.ad +.fi +\fBsmtp\-sink\fR listens on the named host (or address) and port. +It takes SMTP messages from the network and throws them away. +The purpose is to measure client performance, not protocol +compliance. + +\fBsmtp\-sink\fR may also be configured to capture each mail +delivery transaction to file. Since disk latencies are large +compared to network delays, this mode of operation can +reduce the maximal performance by several orders of magnitude. + +Connections can be accepted on IPv4 or IPv6 endpoints, or on +UNIX\-domain sockets. +IPv4 and IPv6 are the default. +This program is the complement of the \fBsmtp\-source\fR(1) program. + +Note: this is an unsupported test program. No attempt is made +to maintain compatibility between successive versions. + +Arguments: +.IP \fB\-4\fR +Support IPv4 only. This option has no effect when +Postfix is built without IPv6 support. +.IP \fB\-6\fR +Support IPv6 only. This option is not available when +Postfix is built without IPv6 support. +.IP \fB\-8\fR +Do not announce 8BITMIME support. +.IP \fB\-a\fR +Do not announce SASL authentication support. +.IP "\fB\-A \fIdelay\fR" +Wait \fIdelay\fR seconds after responding to DATA, then +abort prematurely with a 550 reply status. Do not read +further input from the client; this is an attempt to block +the client before it sends ".". Specify a zero delay value +to abort immediately. +.IP "\fB\-b \fIsoft\-bounce\-reply\fR" +Use \fIsoft\-bounce\-reply\fR for soft reject responses. The +default reply is "450 4.3.0 Error: command failed". +.IP "\fB\-B \fIhard\-bounce\-reply\fR" +Use \fIhard\-bounce\-reply\fR for hard reject responses. The +default reply is "500 5.3.0 Error: command failed". +.IP \fB\-c\fR +Display running counters that are updated whenever an SMTP +session ends, a QUIT command is executed, or when "." is +received. +.IP \fB\-C\fR +Disable XCLIENT support. +.IP "\fB\-d \fIdump\-template\fR" +Dump each mail transaction to a single\-message file whose +name is created by expanding the \fIdump\-template\fR via +strftime(3) and appending a pseudo\-random hexadecimal number +(example: "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). +If the template contains "/" characters, missing directories +are created automatically. The message dump format is +described below. +.sp +Note: this option keeps one capture file open for every +mail transaction in progress. +.IP "\fB\-D \fIdump\-template\fR" +Append mail transactions to a multi\-message dump file whose +name is created by expanding the \fIdump\-template\fR via +strftime(3). +If the template contains "/" characters, missing directories +are created automatically. The message dump format is +described below. +.sp +Note: this option keeps one capture file open for every +mail transaction in progress. +.IP \fB\-e\fR +Do not announce ESMTP support. +.IP \fB\-E\fR +Do not announce ENHANCEDSTATUSCODES support. +.IP "\fB\-f \fIcommand,command,...\fR" +Reject the specified commands with a hard (5xx) error code. +This option implies \fB\-p\fR. +.sp +Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, +DATA, ., RSET, NOOP, and QUIT. Separate command names by +white space or commas, and use quotes to protect white space +from the shell. Command names are case\-insensitive. +.IP \fB\-F\fR +Disable XFORWARD support. +.IP "\fB\-h\fI hostname\fR" +Use \fIhostname\fR in the SMTP greeting, in the HELO response, +and in the EHLO response. The default hostname is "smtp\-sink". +.IP "\fB\-H\fI delay\fR" +Delay the first read operation after receiving DATA (time +in seconds). Combine with a large test message and a small +TCP window size (see the \fB\-T\fR option) to test the Postfix +client write_wait() implementation. +.IP \fB\-L\fR +Enable LMTP instead of SMTP. +.IP "\fB\-m \fIcount\fR (default: 256)" +An upper bound on the maximal number of simultaneous +connections that \fBsmtp\-sink\fR will handle. This prevents +the process from running out of file descriptors. Excess +connections will stay queued in the TCP/IP stack. +.IP "\fB\-M \fIcount\fR" +Terminate after receiving \fIcount\fR messages. +.IP "\fB\-n \fIcount\fR" +Terminate after \fIcount\fR sessions. +.IP \fB\-N\fR +Do not announce support for DSN. +.IP \fB\-p\fR +Do not announce support for ESMTP command pipelining. +.IP \fB\-P\fR +Change the server greeting so that it appears to come through +a CISCO PIX system. Implies \fB\-e\fR. +.IP "\fB\-q \fIcommand,command,...\fR" +Disconnect (without replying) after receiving one of the +specified commands. +.sp +Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, +DATA, ., RSET, NOOP, and QUIT. Separate command names by +white space or commas, and use quotes to protect white space +from the shell. Command names are case\-insensitive. +.IP "\fB\-Q \fIcommand,command,...\fR" +Send a 421 reply and disconnect after receiving one +of the specified commands. +.sp +Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, +DATA, ., RSET, NOOP, and QUIT. Separate command names by +white space or commas, and use quotes to protect white space +from the shell. Command names are case\-insensitive. +.IP "\fB\-r \fIcommand,command,...\fR" +Reject the specified commands with a soft (4xx) error code. +This option implies \fB\-p\fR. +.sp +Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, +DATA, ., RSET, NOOP, and QUIT. Separate command names by +white space or commas, and use quotes to protect white space +from the shell. Command names are case\-insensitive. +.IP "\fB\-R \fIroot\-directory\fR" +Change the process root directory to the specified location. +This option requires super\-user privileges. See also the +\fB\-u\fR option. +.IP "\fB\-s \fIcommand,command,...\fR" +Log the named commands to syslogd. +.sp +Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT, VRFY, +DATA, ., RSET, NOOP, and QUIT. Separate command names by +white space or commas, and use quotes to protect white space +from the shell. Command names are case\-insensitive. +.IP "\fB\-S start\-string\fR" +An optional string that is prepended to each message that is +written to a dump file (see the dump file format description +below). The following C escape sequences are supported: \ea +(bell), \eb (backspace), \ef (formfeed), \en (newline), \er +(carriage return), \et (horizontal tab), \ev (vertical tab), +\e\fIddd\fR (up to three octal digits) and \e\e (the backslash +character). +.IP "\fB\-t \fItimeout\fR (default: 100)" +Limit the time for receiving a command or sending a response. +The time limit is specified in seconds. +.IP "\fB\-T \fIwindowsize\fR" +Override the default TCP window size. To work around +broken TCP window scaling implementations, specify a +value > 0 and < 65536. +.IP "\fB\-u \fIusername\fR" +Switch to the specified user privileges after opening the +network socket and optionally changing the process root +directory. This option is required when the process runs +with super\-user privileges. See also the \fB\-R\fR option. +.IP \fB\-v\fR +Show the SMTP conversations. +.IP "\fB\-w \fIdelay\fR" +Wait \fIdelay\fR seconds before responding to a DATA command. +.IP "\fB\-W \fIcommand:delay[:odds]\fR" +Wait \fIdelay\fR seconds before responding to \fIcommand\fR. +If \fIodds\fR is also specified (a number between 1\-99 +inclusive), wait for a random multiple of \fIdelay\fR. The +random multiplier is equal to the number of times the program +needs to roll a dice with a range of 0..99 inclusive, before +the dice produces a result greater than or equal to \fIodds\fR. +.IP [\fBinet:\fR][\fIhost\fR]:\fIport\fR +Listen on network interface \fIhost\fR (default: any interface) +TCP port \fIport\fR. Both \fIhost\fR and \fIport\fR may be +specified in numeric or symbolic form. +.IP \fBunix:\fR\fIpathname\fR +Listen on the UNIX\-domain socket at \fIpathname\fR. +.IP \fIbacklog\fR +The maximum length of the queue of pending connections, +as defined by the \fBlisten\fR(2) system call. +.SH "DUMP FILE FORMAT" +.na +.nf +.ad +.fi +Each dumped message contains a sequence of text lines, +terminated with the newline character. The sequence of +information is as follows: +.IP \(bu +The optional string specified with the \fB\-S\fR option. +.IP \(bu +The \fBsmtp\-sink\fR generated headers as documented below. +.IP \(bu +The message header and body as received from the SMTP client. +.IP \(bu +An empty line. +.PP +The format of the \fBsmtp\-sink\fR generated headers is as +follows: +.IP "\fBX\-Client\-Addr: \fItext\fR" +The client IP address without enclosing []. An IPv6 address +is prefixed with "ipv6:". This record is always present. +.IP "\fBX\-Client\-Proto: \fItext\fR" +The client protocol: SMTP, ESMTP or LMTP. This record is +always present. +.IP "\fBX\-Helo\-Args: \fItext\fR" +The arguments of the last HELO or EHLO command before this +mail delivery transaction. This record is present only if +the client sent a recognizable HELO or EHLO command before +the DATA command. +.IP "\fBX\-Mail\-Args: \fItext\fR" +The arguments of the MAIL command that started this mail +delivery transaction. This record is present exactly once. +.IP "\fBX\-Rcpt\-Args: \fItext\fR" +The arguments of an RCPT command within this mail delivery +transaction. There is one record for each RCPT command, and +they are in the order as sent by the client. +.IP "\fBReceived: \fItext\fR" +A message header for compatibility with mail processing +software. This three\-line header marks the end of the headers +provided by \fBsmtp\-sink\fR, and is formatted as follows: +.RS +.IP "\fBfrom \fIhelo\fR ([\fIaddr\fR])" +The HELO or EHLO command argument and client IP address. +If the client did not send HELO or EHLO, the client IP +address is used instead. +.IP "\fBby \fIhost\fB (smtp\-sink) with \fIproto\fB id \fIrandom\fB;\fR" +The hostname specified with the \fB\-h\fR option, the client +protocol (see \fBX\-Client\-Proto\fR above), and the pseudo\-random +portion of the per\-message capture file name. +.IP \fItime\-stamp\fR +A time stamp as defined in RFC 2822. +.RE +.SH "SEE ALSO" +.na +.nf +smtp\-source(1), SMTP/LMTP message generator +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man1/smtp-source.1 b/man/man1/smtp-source.1 new file mode 100644 index 0000000..014ee10 --- /dev/null +++ b/man/man1/smtp-source.1 @@ -0,0 +1,127 @@ +.TH SMTP-SOURCE 1 +.ad +.fi +.SH NAME +smtp-source +\- +parallelized SMTP/LMTP test generator +.SH "SYNOPSIS" +.na +.nf +.fi +\fBsmtp\-source\fR [\fIoptions\fR] [\fBinet:\fR]\fIhost\fR[:\fIport\fR] + +\fBsmtp\-source\fR [\fIoptions\fR] \fBunix:\fIpathname\fR +.SH DESCRIPTION +.ad +.fi +\fBsmtp\-source\fR connects to the named \fIhost\fR and TCP \fIport\fR +(default: port 25) +and sends one or more messages to it, either sequentially +or in parallel. The program speaks either SMTP (default) or +LMTP. +Connections can be made to UNIX\-domain and IPv4 or IPv6 servers. +IPv4 and IPv6 are the default. + +Note: this is an unsupported test program. No attempt is made +to maintain compatibility between successive versions. + +Arguments: +.IP \fB\-4\fR +Connect to the server with IPv4. This option has no effect when +Postfix is built without IPv6 support. +.IP \fB\-6\fR +Connect to the server with IPv6. This option is not available when +Postfix is built without IPv6 support. +.IP "\fB\-A\fR" +Don't abort when the server sends something other than the +expected positive reply code. +.IP \fB\-c\fR +Display a running counter that is incremented each time +an SMTP DATA command completes. +.IP "\fB\-C \fIcount\fR" +When a host sends RESET instead of SYN|ACK, try \fIcount\fR times +before giving up. The default count is 1. Specify a larger count in +order to work around a problem with TCP/IP stacks that send RESET +when the listen queue is full. +.IP \fB\-d\fR +Don't disconnect after sending a message; send the next +message over the same connection. +.IP "\fB\-f \fIfrom\fR" +Use the specified sender address (default: <foo@myhostname>). +.IP "\fB\-F \fIfile\fR" +Send the pre\-formatted message header and body in the +specified \fIfile\fR, while prepending '.' before lines that +begin with '.', and while appending CRLF after each line. +.IP "\fB\-l \fIlength\fR" +Send \fIlength\fR bytes as message payload. The length does not +include message headers. +.IP \fB\-L\fR +Speak LMTP rather than SMTP. +.IP "\fB\-m \fImessage_count\fR" +Send the specified number of messages (default: 1). +.IP "\fB\-M \fImyhostname\fR" +Use the specified hostname or [address] in the HELO command +and in the default sender and recipient addresses, instead +of the machine hostname. +.IP "\fB\-N\fR" +Prepend a non\-repeating sequence number to each recipient +address. This avoids the artificial 100% hit rate in the +resolve and rewrite client caches and exercises the +trivial\-rewrite daemon, better approximating Postfix +performance under real\-life work\-loads. +.IP \fB\-o\fR +Old mode: don't send HELO, and don't send message headers. +.IP "\fB\-r \fIrecipient_count\fR" +Send the specified number of recipients per transaction (default: 1). +Recipient names are generated by prepending a number to the +recipient address. +.IP "\fB\-R \fIinterval\fR" +Wait for a random period of time 0 <= n <= interval between messages. +Suspending one thread does not affect other delivery threads. +.IP "\fB\-s \fIsession_count\fR" +Run the specified number of SMTP sessions in parallel (default: 1). +.IP "\fB\-S \fIsubject\fR" +Send mail with the named subject line (default: none). +.IP "\fB\-t \fIto\fR" +Use the specified recipient address (default: <foo@myhostname>). +.IP "\fB\-T \fIwindowsize\fR" +Override the default TCP window size. To work around +broken TCP window scaling implementations, specify a +value > 0 and < 65536. +.IP \fB\-v\fR +Make the program more verbose, for debugging purposes. +.IP "\fB\-w \fIinterval\fR" +Wait a fixed time between messages. +Suspending one thread does not affect other delivery threads. +.IP [\fBinet:\fR]\fIhost\fR[:\fIport\fR] +Connect via TCP to host \fIhost\fR, port \fIport\fR. The default +port is \fBsmtp\fR. +.IP \fBunix:\fIpathname\fR +Connect to the UNIX\-domain socket at \fIpathname\fR. +.SH BUGS +.ad +.fi +No SMTP command pipelining support. +.SH "SEE ALSO" +.na +.nf +smtp\-sink(1), SMTP/LMTP message dump +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/access.5 b/man/man5/access.5 new file mode 100644 index 0000000..07725be --- /dev/null +++ b/man/man5/access.5 @@ -0,0 +1,480 @@ +.TH ACCESS 5 +.ad +.fi +.SH NAME +access +\- +Postfix SMTP server access table +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/access\fR + +\fBpostmap \-q "\fIstring\fB" /etc/postfix/access\fR + +\fBpostmap \-q \- /etc/postfix/access <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +This document describes access control on remote SMTP client +information: host names, network addresses, and envelope +sender or recipient addresses; it is implemented by the +Postfix SMTP server. See \fBheader_checks\fR(5) or +\fBbody_checks\fR(5) for access control on the content of +email messages. + +Normally, the \fBaccess\fR(5) table is specified as a text file +that serves as input to the \fBpostmap\fR(1) command. +The result, an indexed file in \fBdbm\fR or \fBdb\fR format, +is used for fast searching by the mail system. Execute the +command "\fBpostmap /etc/postfix/access\fR" to rebuild an +indexed file after changing the corresponding text file. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those cases, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP "\fIpattern action\fR" +When \fIpattern\fR matches a mail address, domain or host address, +perform the corresponding \fIaction\fR. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "EMAIL ADDRESS PATTERNS" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, patterns are tried in the order as +listed below: +.IP \fIuser\fR@\fIdomain\fR +Matches the specified mail address. +.IP \fIdomain.tld\fR +Matches \fIdomain.tld\fR as the domain part of an email address. +.sp +The pattern \fIdomain.tld\fR also matches subdomains, but only +when the string \fBsmtpd_access_maps\fR is listed in the Postfix +\fBparent_domain_matches_subdomains\fR configuration setting. +.IP \fI.domain.tld\fR +Matches subdomains of \fIdomain.tld\fR, but only when the +string \fBsmtpd_access_maps\fR is not listed in the Postfix +\fBparent_domain_matches_subdomains\fR configuration setting. +.IP \fIuser\fR@ +Matches all mail addresses with the specified user part. +.PP +Note: lookup of the null sender address is not possible with +some types of lookup table. By default, Postfix uses \fB<>\fR +as the lookup key for such addresses. The value is specified with +the \fBsmtpd_null_access_lookup_key\fR parameter in the Postfix +\fBmain.cf\fR file. +.SH "EMAIL ADDRESS EXTENSION" +.na +.nf +.fi +.ad +When a mail address localpart contains the optional recipient delimiter +(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIdomain\fR, +\fIuser+foo\fR@, and \fIuser\fR@. +.SH "HOST NAME/ADDRESS PATTERNS" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, the following lookup patterns are +examined in the order as listed: +.IP \fIdomain.tld\fR +Matches \fIdomain.tld\fR. +.sp +The pattern \fIdomain.tld\fR also matches subdomains, but only +when the string \fBsmtpd_access_maps\fR is listed in the Postfix +\fBparent_domain_matches_subdomains\fR configuration setting. +.IP \fI.domain.tld\fR +Matches subdomains of \fIdomain.tld\fR, but only when the +string \fBsmtpd_access_maps\fR is not listed in the Postfix +\fBparent_domain_matches_subdomains\fR configuration setting. +.IP \fInet.work.addr.ess\fR +.IP \fInet.work.addr\fR +.IP \fInet.work\fR +.IP \fInet\fR +Matches a remote IPv4 host address or network address range. +Specify one to four decimal octets separated by ".". Do not +specify "[]" , "/", leading zeros, or hexadecimal forms. + +Network ranges are matched by repeatedly truncating the last +".octet" from a remote IPv4 host address string, until a +match is found in the access table, or until further +truncation is not possible. + +NOTE: use the \fBcidr\fR lookup table type to specify +network/netmask patterns. See \fBcidr_table\fR(5) for details. +.IP \fInet:work:addr:ess\fR +.IP \fInet:work:addr\fR +.IP \fInet:work\fR +.IP \fInet\fR +Matches a remote IPv6 host address or network address range. +Specify three to eight hexadecimal octet pairs separated +by ":", using the compressed form "::" for a sequence of +zero\-valued octet pairs. Do not specify "[]", "/", leading +zeros, or non\-compressed forms. + +A network range is matched by repeatedly truncating the +last ":octetpair" from the compressed\-form remote IPv6 host +address string, until a match is found in the access table, +or until further truncation is not possible. + +NOTE: use the \fBcidr\fR lookup table type to specify +network/netmask patterns. See \fBcidr_table\fR(5) for details. + +IPv6 support is available in Postfix 2.2 and later. +.SH "ACCEPT ACTIONS" +.na +.nf +.ad +.fi +.IP \fBOK\fR +Accept the address etc. that matches the pattern. +.IP \fIall\-numerical\fR +An all\-numerical result is treated as OK. This format is +generated by address\-based relay authorization schemes +such as pop\-before\-smtp. +.PP +For other accept actions, see "OTHER ACTIONS" below. +.SH "REJECT ACTIONS" +.na +.nf +.ad +.fi +Postfix version 2.3 and later support enhanced status codes +as defined in RFC 3463. +When no code is specified at the beginning of the \fItext\fR +below, Postfix inserts a default enhanced status code of "5.7.1" +in the case of reject actions, and "4.7.1" in the case of +defer actions. See "ENHANCED STATUS CODES" below. +.IP "\fB4\fINN text\fR" +.IP "\fB5\fINN text\fR" +Reject the address etc. that matches the pattern, and respond with +the numerical three\-digit code and text. \fB4\fINN\fR means "try +again later", while \fB5\fINN\fR means "do not try again". + +The following responses have special meaning for the Postfix +SMTP server: +.RS +.IP "\fB421 \fItext\fR (Postfix 2.3 and later)" +.IP "\fB521 \fItext\fR (Postfix 2.6 and later)" +After responding with the numerical three\-digit code and +text, disconnect immediately from the SMTP client. This +frees up SMTP server resources so that they can be made +available to another SMTP client. +.IP +Note: The "521" response should be used only with botnets +and other malware where interoperability is of no concern. +The "send 521 and disconnect" behavior is NOT defined in +the SMTP standard. +.RE +.IP "\fBREJECT \fIoptional text...\fR +Reject the address etc. that matches the pattern. Reply with +"\fB$access_map_reject_code \fIoptional text...\fR" when the +optional text is +specified, otherwise reply with a generic error response message. +.IP "\fBDEFER \fIoptional text...\fR +Reject the address etc. that matches the pattern. Reply with +"\fB$access_map_defer_code \fIoptional text...\fR" when the +optional text is +specified, otherwise reply with a generic error response message. +.sp +This feature is available in Postfix 2.6 and later. +.IP "\fBDEFER_IF_REJECT \fIoptional text...\fR +Defer the request if some later restriction would result in a +REJECT action. Reply with "\fB$access_map_defer_code 4.7.1 +\fIoptional text...\fR" when the +optional text is specified, otherwise reply with a generic error +response message. +.sp +Prior to Postfix 2.6, the SMTP reply code is 450. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBDEFER_IF_PERMIT \fIoptional text...\fR +Defer the request if some later restriction would result in +an explicit or implicit PERMIT action. +Reply with "\fB$access_map_defer_code 4.7.1 \fI optional +text...\fR" when the +optional text is specified, otherwise reply with a generic error +response message. +.sp +Prior to Postfix 2.6, the SMTP reply code is 450. +.sp +This feature is available in Postfix 2.1 and later. +.PP +For other reject actions, see "OTHER ACTIONS" below. +.SH "OTHER ACTIONS" +.na +.nf +.ad +.fi +.IP \fIrestriction...\fR +Apply the named UCE restriction(s) (\fBpermit\fR, \fBreject\fR, +\fBreject_unauth_destination\fR, and so on). +.IP "\fBBCC \fIuser@domain\fR" +Send one copy of the message to the specified recipient. +.sp +If multiple BCC actions are specified within the same SMTP +MAIL transaction, with Postfix 3.0 only the last action +will be used. +.sp +This feature is available in Postfix 3.0 and later. +.IP "\fBDISCARD \fIoptional text...\fR +Claim successful delivery and silently discard the message. +Log the optional text if specified, otherwise log a generic +message. +.sp +Note: this action currently affects all recipients of the message. +To discard only one recipient without discarding the entire message, +use the transport(5) table to direct mail to the discard(8) service. +.sp +This feature is available in Postfix 2.0 and later. +.IP \fBDUNNO\fR +Pretend that the lookup key was not found. This +prevents Postfix from trying substrings of the lookup key +(such as a subdomain name, or a network address subnetwork). +.sp +This feature is available in Postfix 2.0 and later. +.IP "\fBFILTER \fItransport:destination\fR" +After the message is queued, send the entire message through +the specified external content filter. The \fItransport\fR +name specifies the first field of a mail delivery agent +definition in master.cf; the syntax of the next\-hop +\fIdestination\fR is described in the manual page of the +corresponding delivery agent. More information about +external content filters is in the Postfix FILTER_README +file. +.sp +Note 1: do not use $\fInumber\fR regular expression +substitutions for \fItransport\fR or \fIdestination\fR +unless you know that the information has a trusted origin. +.sp +Note 2: this action overrides the main.cf \fBcontent_filter\fR +setting, and affects all recipients of the message. In the +case that multiple \fBFILTER\fR actions fire, only the last +one is executed. +.sp +Note 3: the purpose of the FILTER command is to override +message routing. To override the recipient's \fItransport\fR +but not the next\-hop \fIdestination\fR, specify an empty +filter \fIdestination\fR (Postfix 2.7 and later), or specify +a \fItransport:destination\fR that delivers through a +different Postfix instance (Postfix 2.6 and earlier). Other +options are using the recipient\-dependent \fBtrans\%port\%_maps\fR +or the sen\%der\-dependent +\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR +features. +.sp +This feature is available in Postfix 2.0 and later. +.IP "\fBHOLD \fIoptional text...\fR" +Place the message on the \fBhold\fR queue, where it will +sit until someone either deletes it or releases it for +delivery. +Log the optional text if specified, otherwise log a generic +message. + +Mail that is placed on hold can be examined with the +\fBpostcat\fR(1) command, and can be destroyed or released with +the \fBpostsuper\fR(1) command. +.sp +Note: use "\fBpostsuper \-r\fR" to release mail that was kept on +hold for a significant fraction of \fB$maximal_queue_lifetime\fR +or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper \-H\fR" +only for mail that will not expire within a few delivery attempts. +.sp +Note: this action currently affects all recipients of the message. +.sp +This feature is available in Postfix 2.0 and later. +.IP "\fBPREPEND \fIheadername: headervalue\fR" +Prepend the specified message header to the message. +When more than one PREPEND action executes, the first +prepended header appears before the second etc. prepended +header. +.sp +Note: this action must execute before the message content +is received; it cannot execute in the context of +\fBsmtpd_end_of_data_restrictions\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBREDIRECT \fIuser@domain\fR" +After the message is queued, send the message to the specified +address instead of the intended recipient(s). When multiple +\fBREDIRECT\fR actions fire, only the last one takes effect. +.sp +Note: this action overrides the FILTER action, and currently +overrides all recipients of the message. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBINFO \fIoptional text...\fR +Log an informational record with the optional text, together +with client information and if available, with helo, sender, +recipient and protocol information. +.sp +This feature is available in Postfix 3.0 and later. +.IP "\fBWARN \fIoptional text...\fR +Log a warning with the optional text, together with client information +and if available, with helo, sender, recipient and protocol information. +.sp +This feature is available in Postfix 2.1 and later. +.SH "ENHANCED STATUS CODES" +.na +.nf +.ad +.fi +Postfix version 2.3 and later support enhanced status codes +as defined in RFC 3463. +When an enhanced status code is specified in an access +table, it is subject to modification. The following +transformations are needed when the same access table is +used for client, helo, sender, or recipient access restrictions; +they happen regardless of whether Postfix replies to a MAIL +FROM, RCPT TO or other SMTP command. +.IP \(bu +When a sender address matches a REJECT action, the Postfix +SMTP server will transform a recipient DSN status (e.g., +4.1.1\-4.1.6) into the corresponding sender DSN status, and +vice versa. +.IP \(bu +When non\-address information matches a REJECT action (such +as the HELO command argument or the client hostname/address), +the Postfix SMTP server will transform a sender or recipient +DSN status into a generic non\-address DSN status (e.g., +4.0.0). +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). + +Each pattern is a regular expression that is applied to the entire +string being looked up. Depending on the application, that string +is an entire client hostname, an entire client IP address, or an +entire mail address. Thus, no parent domain or parent network search +is done, \fIuser@domain\fR mail addresses are not broken up into +their \fIuser@\fR and \fIdomain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +Actions are the same as with indexed file lookups, with +the additional feature that parenthesized substrings from the +pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is not available up to and including Postfix version 2.4. + +Each lookup operation uses the entire query string once. +Depending on the application, that string is an entire client +hostname, an entire client IP address, or an entire mail address. +Thus, no parent domain or parent network search is done, +\fIuser@domain\fR mail addresses are not broken up into +their \fIuser@\fR and \fIdomain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Actions are the same as with indexed file lookups. +.SH "EXAMPLE" +.na +.nf +.ad +.fi +The following example uses an indexed file, so that the +order of table entries does not matter. The example permits +access by the client at address 1.2.3.4 but rejects all +other clients in 1.2.3.0/24. Instead of \fBhash\fR lookup +tables, some systems use \fBdbm\fR. Use the command +"\fBpostconf \-m\fR" to find out what lookup tables Postfix +supports on your system. + +.nf +.na +/etc/postfix/main.cf: + smtpd_client_restrictions = + check_client_access hash:/etc/postfix/access + +/etc/postfix/access: + 1.2.3 REJECT + 1.2.3.4 OK +.fi +.ad + +Execute the command "\fBpostmap /etc/postfix/access\fR" after +editing the file. +.SH BUGS +.ad +.fi +The table format does not understand quoting conventions. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +smtpd(8), SMTP server +postconf(5), configuration parameters +transport(5), transport:nexthop syntax +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +SMTPD_ACCESS_README, built\-in SMTP server access control +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/aliases.5 b/man/man5/aliases.5 new file mode 100644 index 0000000..628b5d7 --- /dev/null +++ b/man/man5/aliases.5 @@ -0,0 +1,230 @@ +.TH ALIASES 5 +.ad +.fi +.SH NAME +aliases +\- +Postfix local alias database format +.SH "SYNOPSIS" +.na +.nf +.fi +\fBnewaliases\fR +.SH DESCRIPTION +.ad +.fi +The \fBaliases\fR(5) table provides a system\-wide mechanism to +redirect mail for local recipients. The redirections are +processed by the Postfix \fBlocal\fR(8) delivery agent. + +Normally, the \fBaliases\fR(5) table is specified as a text file +that serves as input to the \fBpostalias\fR(1) command. The +result, an indexed file in \fBdbm\fR or \fBdb\fR format, is +used for fast lookup by the mail system. Execute the command +\fBnewaliases\fR in order to rebuild the indexed file after +changing the Postfix alias database. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions. In +this case, the lookups are done in a slightly different way +as described below under "REGULAR EXPRESSION TABLES". + +Users can control delivery of their own mail by setting +up \fB.forward\fR files in their home directory. +Lines in per\-user \fB.forward\fR files have the same syntax +as the right\-hand side of \fBaliases\fR(5) entries. + +The format of the alias database input file is as follows: +.IP \(bu +An alias definition has the form +.sp +.nf + \fIname\fR: \fIvalue1\fR, \fIvalue2\fR, \fI...\fR +.fi +.IP \(bu +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP \(bu +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.PP +The \fIname\fR is a local address (no domain part). +Use double quotes when the name contains any special characters +such as whitespace, `#', `:', or `@'. The \fIname\fR is folded to +lowercase, in order to make database lookups case insensitive. +.PP +In addition, when an alias exists for \fBowner\-\fIname\fR, +this will override the envelope sender address, so that +delivery diagnostics are directed to \fBowner\-\fIname\fR, +instead of the originator of the message (for details, see +\fBowner_request_special\fR, \fBexpand_owner_alias\fR and +\fBreset_owner_alias\fR). +This is typically used to direct delivery errors to the maintainer of +a mailing list, who is in a better position to deal with mailing +list delivery problems than the originator of the undelivered mail. +.PP +The \fIvalue\fR contains one or more of the following: +.IP \fIaddress\fR +Mail is forwarded to \fIaddress\fR, which is compatible +with the RFC 822 standard. +.IP \fI/file/name\fR +Mail is appended to \fI/file/name\fR. See \fBlocal\fR(8) +for details of delivery to file. +Delivery is not limited to regular files. For example, to dispose +of unwanted mail, deflect it to \fB/dev/null\fR. +.IP "|\fIcommand\fR" +Mail is piped into \fIcommand\fR. Commands that contain special +characters, such as whitespace, should be enclosed between double +quotes. See \fBlocal\fR(8) for details of delivery to command. +.sp +When the command fails, a limited amount of command output is +mailed back to the sender. The file \fB/usr/include/sysexits.h\fR +defines the expected exit status codes. For example, use +\fB"|exit 67"\fR to simulate a "user unknown" error, and +\fB"|exit 0"\fR to implement an expensive black hole. +.IP \fB:include:\fI/file/name\fR +Mail is sent to the destinations listed in the named file. +Lines in \fB:include:\fR files have the same syntax +as the right\-hand side of alias entries. +.sp +A destination can be any destination that is described in this +manual page. However, delivery to "|\fIcommand\fR" and +\fI/file/name\fR is disallowed by default. To enable, edit the +\fBallow_mail_to_commands\fR and \fBallow_mail_to_files\fR +configuration parameters. +.SH "ADDRESS EXTENSION" +.na +.nf +.ad +.fi +When alias database search fails, and the recipient localpart +contains the optional recipient delimiter (e.g., \fIuser+foo\fR), +the search is repeated for the unextended address (e.g., \fIuser\fR). + +The \fBpropagate_unmatched_extensions\fR parameter controls +whether an unmatched address extension (\fI+foo\fR) is +propagated to the result of table lookup. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The local(8) delivery agent always folds the search string +to lowercase before database lookup. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). NOTE: these formats do not use ":" at the +end of a pattern. + +Each regular expression is applied to the entire search +string. Thus, a search string \fIuser+foo\fR is not broken +up into \fIuser\fR and \fIfoo\fR. + +Regular expressions are applied in the order as specified +in the table, until a regular expression is found that +matches the search string. + +Lookup results are the same as with indexed file lookups. +For security reasons there is no support for \fB$1\fR, +\fB$2\fR etc. substring interpolation. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBlocal\fR(8) delivery agent disallows regular expression +substitution of $1 etc. in \fBalias_maps\fR, because that +would open a security hole. + +The \fBlocal\fR(8) delivery agent will silently ignore +requests to use the \fBproxymap\fR(8) server within +\fBalias_maps\fR. Instead it will open the table directly. +Before Postfix version 2.2, the \fBlocal\fR(8) delivery +agent will terminate with a fatal error. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBalias_database (see 'postconf -d' output)\fR" +The alias databases for \fBlocal\fR(8) delivery that are updated with +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". +.IP "\fBalias_maps (see 'postconf -d' output)\fR" +The alias databases that are used for \fBlocal\fR(8) delivery. +.IP "\fBallow_mail_to_commands (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external commands. +.IP "\fBallow_mail_to_files (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external files. +.IP "\fBexpand_owner_alias (no)\fR" +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBfrozen_delivered_to (yes)\fR" +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: +address (see prepend_delivered_header) only once, at the start of +a delivery attempt; do not update the Delivered\-To: address while +expanding aliases or .forward files. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +.SH "SEE ALSO" +.na +.nf +local(8), local delivery agent +newaliases(1), create/update alias database +postalias(1), create/update alias database +postconf(5), configuration parameters +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/body_checks.5 b/man/man5/body_checks.5 new file mode 100644 index 0000000..d7c939e --- /dev/null +++ b/man/man5/body_checks.5 @@ -0,0 +1 @@ +.so man5/header_checks.5 diff --git a/man/man5/bounce.5 b/man/man5/bounce.5 new file mode 100644 index 0000000..7c7c8a1 --- /dev/null +++ b/man/man5/bounce.5 @@ -0,0 +1,235 @@ +.TH BOUNCE 5 +.ad +.fi +.SH NAME +bounce +\- +Postfix bounce message template format +.SH "SYNOPSIS" +.na +.nf +\fBbounce_template_file = /etc/postfix/bounce.cf\fR + +\fBpostconf \-b\fR [\fItemplate_file\fR] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBbounce\fR(8) server produces delivery status +notification (DSN) messages for undeliverable mail, delayed +mail, successful delivery or address verification requests. + +By default, these notifications are generated from built\-in +templates with message headers and message text. Sites can +override the built\-in information by specifying a bounce +template file with the \fBbounce_template_file\fR configuration +parameter. + +This document describes the general procedure to create a +bounce template file, followed by the specific details of +bounce template formats. +.SH "GENERAL PROCEDURE" +.na +.nf +.ad +.fi +To create a customized bounce template file, create a +temporary +copy of the file \fB/etc/postfix/bounce.cf.default\fR and +edit the temporary file. + +To preview the results of $\fIname\fR expansions in the +template text, use the command + +.nf + \fBpostconf \-b\fR \fItemporary_file\fR +.fi + +Errors in the template will be reported to the standard +error stream and to the syslog daemon. + +While previewing the text, be sure to pay particular attention +to the expansion of time value parameters that appear in +the delayed mail notification text. + +Once the result is satisfactory, copy the template to the +Postfix configuration directory and specify in main.cf +something like: + +.nf +/etc/postfix/main.cf: + bounce_template_file = /etc/postfix/bounce.cf +.fi +.SH "TEMPLATE FILE FORMAT" +.na +.nf +.ad +.fi +The template file can specify templates for failed mail, +delayed mail, successful delivery or for address verification. +These templates are named \fBfailure_template\fR, +\fBdelay_template\fR, \fBsuccess_template\fR and +\fBverify_template\fR, respectively. You can but do not +have to specify all four templates in a bounce template +file. + +Each template starts with "\fItemplate_name\fB = <<EOF\fR" +and ends with a line that contains the word "\fBEOF\fR" +only. You can change the word EOF, but you can't enclose +it in quotes as with the shell or with Perl (\fItemplate_name\fB += <<'EOF'\fR). Here is an example: + +.nf + # The failure template is used for undeliverable mail. + + failure_template = <<EOF + Charset: us\-ascii + From: MAILER\-DAEMON (Mail Delivery System) + Subject: Undelivered Mail Returned to Sender + Postmaster\-Subject: Postmaster Copy: Undelivered Mail + + This is the mail system at host $myhostname. + + I'm sorry to have to inform you that your message could not + be delivered to one or more recipients. It's attached below. + + For further assistance, please send mail to postmaster. + + If you do so, please include this problem report. You can + delete your own text from the attached returned message. + + The mail system + EOF +.fi +.PP +The usage and specification of bounce templates is +subject to the following restrictions: +.IP \(bu +No special meaning is given to the backslash character or +to leading whitespace; these are always taken literally. +.IP \(bu +Inside the << context, the "$" character is special. To +produce a "$" character as output, specify "$$". +.IP \(bu +Outside the << context, lines beginning with "#" are ignored, +as are empty lines, and lines consisting of whitespace only. +.PP +Examples of all templates can be found in the file +\fBbounce.cf.default\fR in the Postfix configuration +directory. +.SH "TEMPLATE HEADER FORMAT" +.na +.nf +.ad +.fi +The first portion of a bounce template consists of optional +template headers. Some become message headers in the +delivery status notification; some control the formatting +of that notification. Headers not specified in a template +will be left at their default value. + +The following headers are supported: +.IP \fBCharset:\fR +The MIME character set of the template message text. See +the "TEMPLATE MESSAGE TEXT FORMAT" description below. +.IP \fBFrom:\fR +The sender address in the message header of the delivery +status notification. +.IP \fBSubject:\fR +The subject in the message header of the delivery status +notification that is returned to the sender. +.IP \fBPostmaster\-Subject:\fR +The subject that will be used in Postmaster copies of +undeliverable or delayed mail notifications. These copies +are sent under control of the notify_classes configuration +parameter. +.PP +The usage and specification of template message headers is +subject to the following restrictions: +.IP \(bu +Template message header names can be specified in upper +case, lower case or mixed case. Postfix always produces +bounce message header labels of the form "\fBFrom:\fR" and +"\fBSubject:\fR". +.IP \(bu +Template message headers must not span multiple lines. +.IP \(bu +Template message headers do not support $parameter expansions. +.IP \(bu +Template message headers must contain ASCII characters only, +and must not contain ASCII null characters. +.SH "TEMPLATE MESSAGE TEXT FORMAT" +.na +.nf +.ad +.fi +The second portion of a bounce template consists of message +text. As the above example shows, template message text may +contain main.cf $parameters. Besides the parameters that are +defined in main.cf, the following parameters are treated +specially depending on the suffix that is appended to their +name. +.IP \fBdelay_warning_time_\fIsuffix\fR +Expands into the value of the \fBdelay_warning_time\fR +parameter, expressed in the time unit specified by +\fIsuffix\fR, which is one of \fBseconds\fR, \fBminutes\fR, +\fBhours\fB, \fBdays\fR, or \fBweeks\fR. +.IP \fBmaximal_queue_lifetime_\fIsuffix\fR +Expands into the value of the \fBmaximal_queue_lifetime\fR +parameter, expressed in the time unit specified by +\fIsuffix\fR. See above under \fBdelay_warning_time\fR for +possible \fIsuffix\fR values. +.IP \fBmydomain\fR +Expands into the value of the \fBmydomain\fR parameter. +With "smtputf8_enable = yes", this replaces ACE labels +(xn\-\-mumble) with their UTF\-8 equivalent. +.sp +This feature is available in Postfix 3.0. +.IP \fBmyhostname\fR +Expands into the value of the \fBmyhostname\fR parameter. +With "smtputf8_enable = yes", this replaces ACE labels +(xn\-\-mumble) with their UTF\-8 equivalent. +.sp +This feature is available in Postfix 3.0. +.PP +The usage and specification of template message text is +subject to the following restrictions: +.IP \(bu +The template message text is not sent in Postmaster copies +of delivery status notifications. +.IP \(bu +If the template message text contains non\-ASCII characters, +Postfix requires that the \fBCharset:\fR template header +is updated. Specify an appropriate superset of US\-ASCII. +A superset is needed because Postfix appends ASCII text +after the message template when it sends a delivery status +notification. +.SH "SEE ALSO" +.na +.nf +bounce(8), Postfix delivery status notifications +postconf(5), configuration parameters +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The Postfix bounce template format was originally developed by +Nicolas Riendeau. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/canonical.5 b/man/man5/canonical.5 new file mode 100644 index 0000000..e987664 --- /dev/null +++ b/man/man5/canonical.5 @@ -0,0 +1,304 @@ +.TH CANONICAL 5 +.ad +.fi +.SH NAME +canonical +\- +Postfix canonical table format +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/canonical\fR + +\fBpostmap \-q "\fIstring\fB" /etc/postfix/canonical\fR + +\fBpostmap \-q \- /etc/postfix/canonical <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The optional \fBcanonical\fR(5) table specifies an address mapping for +local and non\-local addresses. The mapping is used by the +\fBcleanup\fR(8) daemon, before mail is stored into the +queue. The address mapping is recursive. + +Normally, the \fBcanonical\fR(5) table is specified as a text file +that serves as input to the \fBpostmap\fR(1) command. +The result, an indexed file in \fBdbm\fR or \fBdb\fR format, +is used for fast searching by the mail system. Execute the command +"\fBpostmap /etc/postfix/canonical\fR" to rebuild an indexed +file after changing the corresponding text file. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those cases, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". + +By default the \fBcanonical\fR(5) mapping affects both message +header addresses (i.e. addresses that appear inside messages) +and message envelope addresses (for example, the addresses +that are used in SMTP protocol commands). This is controlled with +the \fBcanonical_classes\fR parameter. + +NOTE: Postfix versions 2.2 and later rewrite message headers +from remote SMTP clients only if the client matches the +local_header_rewrite_clients parameter, or if the +remote_header_rewrite_domain configuration parameter specifies +a non\-empty value. To get the behavior before Postfix 2.2, +specify "local_header_rewrite_clients = static:all". + +Typically, one would use the \fBcanonical\fR(5) table to replace login +names by \fIFirstname.Lastname\fR, or to clean up addresses produced +by legacy mail systems. + +The \fBcanonical\fR(5) mapping is not to be confused with \fIvirtual +alias\fR support or with local aliasing. To change the destination +but not the headers, use the \fBvirtual\fR(5) or \fBaliases\fR(5) +map instead. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP "\fIpattern address\fR" +When \fIpattern\fR matches a mail address, replace it by the +corresponding \fIaddress\fR. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR +query produces a sequence of query patterns as described below. + +Each query pattern is sent to each specified lookup table +before trying the next query pattern, until a match is +found. +.IP "\fIuser\fR@\fIdomain address\fR" +Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form +has the highest precedence. +.sp +This is useful to clean up addresses produced by legacy mail systems. +It can also be used to produce \fIFirstname.Lastname\fR style +addresses, but see below for a simpler solution. +.IP "\fIuser address\fR" +Replace \fIuser\fR@\fIsite\fR by \fIaddress\fR when \fIsite\fR is +equal to $\fBmyorigin\fR, when \fIsite\fR is listed in +$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR +or $\fBproxy_interfaces\fR. +.sp +This form is useful for replacing login names by +\fIFirstname.Lastname\fR. +.IP "@\fIdomain address\fR" +Replace other addresses in \fIdomain\fR by \fIaddress\fR. +This form has the lowest precedence. +.sp +Note: @\fIdomain\fR is a wild\-card. When this form is applied +to recipient addresses, the Postfix SMTP server accepts +mail for any recipient in \fIdomain\fR, regardless of whether +that recipient exists. This may turn your mail system into +a backscatter source: Postfix first accepts mail for +non\-existent recipients and then tries to return that mail +as "undeliverable" to the often forged sender address. +.sp +To avoid backscatter with mail for a wild\-card domain, +replace the wild\-card mapping with explicit 1:1 mappings, +or add a reject_unverified_recipient restriction for that +domain: + +.nf + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 +.fi + +In the above example, Postfix may contact a remote server +if the recipient is rewritten to a remote address. +.SH "RESULT ADDRESS REWRITING" +.na +.nf +.ad +.fi +The lookup result is subject to address rewriting: +.IP \(bu +When the result has the form @\fIotherdomain\fR, the +result becomes the same \fIuser\fR in \fIotherdomain\fR. +.IP \(bu +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". +.SH "ADDRESS EXTENSION" +.na +.nf +.fi +.ad +When a mail address localpart contains the optional recipient delimiter +(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, +\fIuser\fR, and @\fIdomain\fR. + +The \fBpropagate_unmatched_extensions\fR parameter controls whether +an unmatched address extension (\fI+foo\fR) is propagated to the +result of table lookup. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). + +Each pattern is a regular expression that is applied to the entire +address being looked up. Thus, \fIuser@domain\fR mail addresses are not +broken up into their \fIuser\fR and \fI@domain\fR constituent parts, +nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +Results are the same as with indexed file lookups, with +the additional feature that parenthesized substrings from the +pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is not available up to and including Postfix version 2.4. + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. +.SH BUGS +.ad +.fi +The table format does not understand quoting conventions. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +What addresses are subject to canonical_maps address mapping. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +Other parameters of interest: +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" +Rewrite message header addresses in mail from these clients and +update incomplete addresses with the domain name in $myorigin or +$mydomain; either don't rewrite message headers from other clients +at all, or rewrite message headers and update incomplete addresses +with the domain specified in the remote_header_rewrite_domain +parameter. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" +What addresses are subject to address masquerading. +.IP "\fBmasquerade_domains (empty)\fR" +Optional list of domains whose subdomain structure will be stripped +off in email addresses. +.IP "\fBmasquerade_exceptions (empty)\fR" +Optional list of user names that are not subjected to address +masquerading, even when their addresses match $masquerade_domains. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.SH "SEE ALSO" +.na +.nf +cleanup(8), canonicalize and enqueue mail +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +virtual(5), virtual aliasing +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +ADDRESS_REWRITING_README, address rewriting guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/cidr_table.5 b/man/man5/cidr_table.5 new file mode 100644 index 0000000..6722123 --- /dev/null +++ b/man/man5/cidr_table.5 @@ -0,0 +1,199 @@ +.TH CIDR_TABLE 5 +.ad +.fi +.SH NAME +cidr_table +\- +format of Postfix CIDR tables +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" cidr:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- cidr:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional lookup tables. +These tables are usually in \fBdbm\fR or \fBdb\fR format. +Alternatively, lookup tables can be specified in CIDR +(Classless Inter\-Domain Routing) form. In this case, each +input is compared against a list of patterns. When a match +is found, the corresponding result is returned and the search +is terminated. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command as +described in the SYNOPSIS above. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The general form of a Postfix CIDR table is: +.IP "\fIpattern result\fR" +When a search string matches the specified \fIpattern\fR, use +the corresponding \fIresult\fR value. The \fIpattern\fR must be +in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.IP "\fB!\fIpattern result\fR" +When a search string does not match the specified \fIpattern\fR, +use the specified \fIresult\fR value. The \fIpattern\fR must +be in \fInetwork/prefix\fR or \fInetwork_address\fR form (see +ADDRESS PATTERN SYNTAX below). +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif \fIpattern\fR" +.IP "\fBendif\fR" +When a search string matches the specified \fIpattern\fR, match +that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBif !\fIpattern\fR" +.IP "\fBendif\fR" +When a search string does not match the specified \fIpattern\fR, +match that search string against the patterns between \fBif\fR and +\fBendif\fR. The \fIpattern\fR must be in \fInetwork/prefix\fR or +\fInetwork_address\fR form (see ADDRESS PATTERN SYNTAX below). The +\fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to text between +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 3.2 and later. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. +.SH "ADDRESS PATTERN SYNTAX" +.na +.nf +.ad +.fi +Postfix CIDR tables are pattern\-based. A pattern is either +a \fInetwork_address\fR which requires an exact match, or a +\fInetwork_address/prefix_length\fR where the \fIprefix_length\fR +part specifies the length of the \fInetwork_address\fR prefix +that must be matched (the other bits in the \fInetwork_address\fR +part must be zero). + +An IPv4 network address is a sequence of four decimal octets +separated by ".", and an IPv6 network address is a sequence +of three to eight hexadecimal octet pairs separated by ":" +or "::", where the latter is short\-hand for a sequence of +one or more all\-zero octet pairs. The pattern 0.0.0.0/0 +matches every IPv4 address, and ::/0 matches every IPv6 +address. IPv6 support is available in Postfix 2.2 and +later. + +Before comparisons are made, lookup keys and table entries +are converted from string to binary. Therefore, IPv6 patterns +will be matched regardless of leading zeros (a leading zero in +an IPv4 address octet indicates octal notation). + +Note: address information may be enclosed inside "[]" but +this form is not required. +.SH "INLINE SPECIFICATION" +.na +.nf +.ad +.fi +The contents of a table may be specified in the table name +(Postfix 3.7 and later). +The basic syntax is: + +.nf +main.cf: + \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR + +master.cf: + \fB.. \-o { \fIparameter\fR \fB= .. cidr:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR +.fi + +Postfix ignores whitespace after '{' and before '}', and +writes each \fIrule\fR as one text line to an in\-memory +file: + +.nf +in\-memory file: + rule\-1 + rule\-2 + .. +.fi + +Postfix parses the result as if it is a file in /etc/postfix. + +Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep +Postfix from trying to do \fI$name\fR expansion as it +evaluates a parameter value. +.SH "EXAMPLE SMTPD ACCESS MAP" +.na +.nf +.nf +/etc/postfix/main.cf: + smtpd_client_restrictions = ... cidr:/etc/postfix/client.cidr ... + +/etc/postfix/client.cidr: + # Rule order matters. Put more specific allowlist entries + # before more general denylist entries. + 192.168.1.1 OK + 192.168.0.0/16 REJECT + 2001:db8::1 OK + 2001:db8::/32 REJECT +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +regexp_table(5), format of regular expression tables +pcre_table(5), format of PCRE tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH HISTORY +.ad +.fi +CIDR table support was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +The CIDR table lookup code was originally written by: +Jozsef Kadlecsik +KFKI Research Institute for Particle and Nuclear Physics +POB. 49 +1525 Budapest, Hungary + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/generic.5 b/man/man5/generic.5 new file mode 100644 index 0000000..6e891eb --- /dev/null +++ b/man/man5/generic.5 @@ -0,0 +1,274 @@ +.TH GENERIC 5 +.ad +.fi +.SH NAME +generic +\- +Postfix generic table format +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/generic\fR + +\fBpostmap \-q "\fIstring\fB" /etc/postfix/generic\fR + +\fBpostmap \-q \- /etc/postfix/generic <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The optional \fBgeneric\fR(5) table specifies an address +mapping that applies when mail is delivered. This is the +opposite of \fBcanonical\fR(5) mapping, which applies when +mail is received. + +Typically, one would use the \fBgeneric\fR(5) table on a +system that does not have a valid Internet domain name and +that uses something like \fIlocaldomain.local\fR instead. +The \fBgeneric\fR(5) table is then used by the \fBsmtp\fR(8) +client to transform local mail addresses into valid Internet +mail addresses when mail has to be sent across the Internet. +See the EXAMPLE section at the end of this document. + +The \fBgeneric\fR(5) mapping affects both message header +addresses (i.e. addresses that appear inside messages) and +message envelope addresses (for example, the addresses that +are used in SMTP protocol commands). + +Normally, the \fBgeneric\fR(5) table is specified as a +text file that serves as input to the \fBpostmap\fR(1) +command. The result, an indexed file in \fBdbm\fR or +\fBdb\fR format, is used for fast searching by the mail +system. Execute the command "\fBpostmap /etc/postfix/generic\fR" +to rebuild an indexed file after changing the corresponding +text file. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those cases, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP "\fIpattern result\fR" +When \fIpattern\fR matches a mail address, replace it by the +corresponding \fIresult\fR. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR +query produces a sequence of query patterns as described below. + +Each query pattern is sent to each specified lookup table +before trying the next query pattern, until a match is +found. +.IP "\fIuser\fR@\fIdomain address\fR" +Replace \fIuser\fR@\fIdomain\fR by \fIaddress\fR. This form +has the highest precedence. +.IP "\fIuser address\fR" +Replace \fIuser\fR@\fIsite\fR by \fIaddress\fR when \fIsite\fR is +equal to $\fBmyorigin\fR, when \fIsite\fR is listed in +$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR +or $\fBproxy_interfaces\fR. +.IP "@\fIdomain address\fR" +Replace other addresses in \fIdomain\fR by \fIaddress\fR. +This form has the lowest precedence. +.SH "RESULT ADDRESS REWRITING" +.na +.nf +.ad +.fi +The lookup result is subject to address rewriting: +.IP \(bu +When the result has the form @\fIotherdomain\fR, the +result becomes the same \fIuser\fR in \fIotherdomain\fR. +.IP \(bu +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". +.SH "ADDRESS EXTENSION" +.na +.nf +.fi +.ad +When a mail address localpart contains the optional recipient delimiter +(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, +\fIuser\fR, and @\fIdomain\fR. + +The \fBpropagate_unmatched_extensions\fR parameter controls whether +an unmatched address extension (\fI+foo\fR) is propagated to the +result of table lookup. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). + +Each pattern is a regular expression that is applied to the entire +address being looked up. Thus, \fIuser@domain\fR mail addresses are not +broken up into their \fIuser\fR and \fI@domain\fR constituent parts, +nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +Results are the same as with indexed file lookups, with +the additional feature that parenthesized substrings from the +pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is available in Postfix 2.5 and later. + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. +.SH "EXAMPLE" +.na +.nf +.ad +.fi +The following shows a generic mapping with an indexed file. +When mail is sent to a remote host via SMTP, this replaces +\fIhis@localdomain.local\fR by his ISP mail address, replaces +\fIher@localdomain.local\fR by her ISP mail address, and +replaces other local addresses by his ISP account, with +an address extension of \fI+local\fR (this example assumes +that the ISP supports "+" style address extensions). + +.na +.nf +/etc/postfix/main.cf: + smtp_generic_maps = hash:/etc/postfix/generic + +/etc/postfix/generic: + his@localdomain.local hisaccount@hisisp.example + her@localdomain.local heraccount@herisp.example + @localdomain.local hisaccount+local@hisisp.example + +.ad +.fi +Execute the command "\fBpostmap /etc/postfix/generic\fR" +whenever the table is changed. Instead of \fBhash\fR, some +systems use \fBdbm\fR database files. To find out what +tables your system supports use the command "\fBpostconf +\-m\fR". +.SH BUGS +.ad +.fi +The table format does not understand quoting conventions. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBsmtp_generic_maps (empty)\fR" +Optional lookup tables that perform address rewriting in the +Postfix SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +Other parameters of interest: +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +smtp(8), Postfix SMTP client +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_REWRITING_README, address rewriting guide +DATABASE_README, Postfix lookup table overview +STANDARD_CONFIGURATION_README, configuration examples +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +A genericstable feature appears in the Sendmail MTA. + +This feature is available in Postfix 2.2 and later. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/header_checks.5 b/man/man5/header_checks.5 new file mode 100644 index 0000000..31ac7dc --- /dev/null +++ b/man/man5/header_checks.5 @@ -0,0 +1,528 @@ +.TH HEADER_CHECKS 5 +.ad +.fi +.SH NAME +header_checks +\- +Postfix built\-in content inspection +.SH "SYNOPSIS" +.na +.nf +.nf +\fBheader_checks = pcre:/etc/postfix/header_checks\fR +\fBmime_header_checks = pcre:/etc/postfix/mime_header_checks\fR +\fBnested_header_checks = pcre:/etc/postfix/nested_header_checks\fR +\fBbody_checks = pcre:/etc/postfix/body_checks\fR +.sp +\fBmilter_header_checks = pcre:/etc/postfix/milter_header_checks\fR +.sp +\fBsmtp_header_checks = pcre:/etc/postfix/smtp_header_checks\fR +\fBsmtp_mime_header_checks = pcre:/etc/postfix/smtp_mime_header_checks\fR +\fBsmtp_nested_header_checks = pcre:/etc/postfix/smtp_nested_header_checks\fR +\fBsmtp_body_checks = pcre:/etc/postfix/smtp_body_checks\fR +.sp +\fBpostmap \-q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR +\fBpostmap \-q \- pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR +.fi +.SH DESCRIPTION +.ad +.fi +This document describes access control on the content of +message headers and message body lines; it is implemented +by the Postfix \fBcleanup\fR(8) server before mail is queued. +See \fBaccess\fR(5) for access control on remote SMTP client +information. + +Each message header or message body line is compared against +a list of patterns. +When a match is found the corresponding action is executed, and +the matching process is repeated for the next message header or +message body line. + +Note: message headers are examined one logical header at a time, +even when a message header spans multiple lines. Body lines are +always examined one line at a time. + +For examples, see the EXAMPLES section at the end of this +manual page. + +Postfix header or body_checks are designed to stop a flood of mail +from worms or viruses; they do not decode attachments, and they do +not unzip archives. See the documents referenced below in the README +FILES section if you need more sophisticated content analysis. +.SH "FILTERS WHILE RECEIVING MAIL" +.na +.nf +.ad +.fi +Postfix implements the following four built\-in content +inspection classes while receiving mail: +.IP "\fBheader_checks\fR (default: empty)" +These are applied to initial message headers (except for +the headers that are processed with \fBmime_header_checks\fR). +.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)" +These are applied to MIME related message headers only. +.sp +This feature is available in Postfix 2.0 and later. +.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)" +These are applied to message headers of attached email +messages (except for the headers that are processed with +\fBmime_header_checks\fR). +.sp +This feature is available in Postfix 2.0 and later. +.IP \fBbody_checks\fR +These are applied to all other content, including multi\-part +message boundaries. +.sp +With Postfix versions before 2.0, all content after the initial +message headers is treated as body content. +.SH "FILTERS AFTER RECEIVING MAIL" +.na +.nf +.ad +.fi +Postfix supports a subset of the built\-in content inspection +classes after the message is received: +.IP "\fBmilter_header_checks\fR (default: empty)" +These are applied to headers that are added with Milter +applications. +.sp +This feature is available in Postfix 2.7 and later. +.SH "FILTERS WHILE DELIVERING MAIL" +.na +.nf +.ad +.fi +Postfix supports all four content inspection classes while +delivering mail via SMTP. +.IP "\fBsmtp_header_checks\fR (default: empty)" +.IP "\fBsmtp_mime_header_checks\fR (default: empty)" +.IP "\fBsmtp_nested_header_checks\fR (default: empty)" +.IP "\fBsmtp_body_checks\fR (default: empty)" +These features are available in Postfix 2.5 and later. +.SH "COMPATIBILITY" +.na +.nf +.ad +.fi +With Postfix version 2.2 and earlier specify "\fBpostmap +\-fq\fR" to query a table that contains case sensitive +patterns. By default, regexp: and pcre: patterns are case +insensitive. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +This document assumes that header and body_checks rules are specified +in the form of Postfix regular expression lookup tables. Usually the +best performance is obtained with \fBpcre\fR (Perl Compatible Regular +Expression) tables. The \fBregexp\fR (POSIX regular +expressions) tables are usually slower, but more widely +available. +Use the command "\fBpostconf \-m\fR" to find out what lookup table +types your Postfix system supports. + +The general format of Postfix regular expression tables is +given below. +For a discussion of specific pattern or flags syntax, +see \fBpcre_table\fR(5) or \fBregexp_table\fR(5), respectively. +.IP "\fB/\fIpattern\fB/\fIflags action\fR" +When /\fIpattern\fR/ matches the input string, execute +the corresponding \fIaction\fR. See below for a list +of possible actions. +.IP "\fB!/\fIpattern\fB/\fIflags action\fR" +When /\fIpattern\fR/ does \fBnot\fR match the input string, +execute the corresponding \fIaction\fR. +.IP "\fBif /\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string matches /\fIpattern\fR/, then match that +input string against the patterns between \fBif\fR and +\fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to patterns inside +\fBif\fR..\fBendif\fR. +.IP "\fBif !/\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string does not match /\fIpattern\fR/, then +match that input string against the patterns between \fBif\fR +and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A pattern/action line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +For each line of message input, the patterns are applied in the +order as specified in the table. When a pattern is found that matches +the input line, the corresponding action is executed and then the +next input line is inspected. +.SH "TEXT SUBSTITUTION" +.na +.nf +.ad +.fi +Substitution of substrings from the matched expression into the +\fIaction\fR +string is possible using the conventional Perl syntax +(\fB$1\fR, \fB$2\fR, etc.). +The macros in the result string may need to be written as \fB${n}\fR +or \fB$(n)\fR if they aren't followed by whitespace. + +Note: since negated patterns (those preceded by \fB!\fR) return a +result when the expression does not match, substitutions are not +available for negated patterns. +.SH "ACTIONS" +.na +.nf +.ad +.fi +Action names are case insensitive. They are shown in upper case +for consistency with other Postfix documentation. +.IP "\fBBCC \fIuser@domain\fR" +Add the specified address as a BCC recipient, and inspect +the next input line. The address +must have a local part and domain part. The number of BCC +addresses that can be added is limited only by the amount +of available storage space. + +Note 1: the BCC address is added as if it was specified with +NOTIFY=NONE. The sender will not be notified when the BCC +address is undeliverable, as long as all down\-stream software +implements RFC 3461. + +Note 2: this ignores duplicate addresses (with the same +delivery status notification options). +.sp +This feature is available in Postfix 3.0 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP "\fBDISCARD \fIoptional text...\fR" +Claim successful delivery and silently discard the message. +Do not inspect the remainder of the input message. +Log the optional text if specified, otherwise log a generic +message. +.sp +Note: this action disables further header or body_checks inspection +of the current message and affects all recipients. +To discard only one recipient without discarding the entire message, +use the transport(5) table to direct mail to the discard(8) service. +.sp +This feature is available in Postfix 2.0 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP \fBDUNNO\fR +Pretend that the input line did not match any pattern, and inspect the +next input line. This action can be used to shorten the table search. +.sp +For backwards compatibility reasons, Postfix also accepts +\fBOK\fR but it is (and always has been) treated as \fBDUNNO\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBFILTER \fItransport:destination\fR" +Override the content_filter parameter setting, and inspect +the next input line. +After the message is queued, send the entire message through +the specified external content filter. The \fItransport\fR +name specifies the first field of a mail delivery agent +definition in master.cf; the syntax of the next\-hop +\fIdestination\fR is described in the manual page of the +corresponding delivery agent. More information about +external content filters is in the Postfix FILTER_README +file. +.sp +Note 1: do not use $\fInumber\fR regular expression +substitutions for \fItransport\fR or \fIdestination\fR +unless you know that the information has a trusted origin. +.sp +Note 2: this action overrides the main.cf \fBcontent_filter\fR +setting, and affects all recipients of the message. In the +case that multiple \fBFILTER\fR actions fire, only the last +one is executed. +.sp +Note 3: the purpose of the FILTER command is to override +message routing. To override the recipient's \fItransport\fR +but not the next\-hop \fIdestination\fR, specify an empty +filter \fIdestination\fR (Postfix 2.7 and later), or specify +a \fItransport:destination\fR that delivers through a +different Postfix instance (Postfix 2.6 and earlier). Other +options are using the recipient\-dependent \fBtrans\%port\%_maps\fR +or the sen\%der\-dependent +\fBsender\%_de\%pen\%dent\%_de\%fault\%_trans\%port\%_maps\fR +features. +.sp +This feature is available in Postfix 2.0 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP "\fBHOLD \fIoptional text...\fR" +Arrange for the message to be placed on the \fBhold\fR queue, +and inspect the next input line. The message remains on \fBhold\fR +until someone either deletes it or releases it for delivery. +Log the optional text if specified, otherwise log a generic +message. + +Mail that is placed on hold can be examined with the +\fBpostcat\fR(1) command, and can be destroyed or released with +the \fBpostsuper\fR(1) command. +.sp +Note: use "\fBpostsuper \-r\fR" to release mail that was kept on +hold for a significant fraction of \fB$maximal_queue_lifetime\fR +or \fB$bounce_queue_lifetime\fR, or longer. Use "\fBpostsuper \-H\fR" +only for mail that will not expire within a few delivery attempts. +.sp +Note: this action affects all recipients of the message. +.sp +This feature is available in Postfix 2.0 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP \fBIGNORE\fR +Delete the current line from the input, and inspect +the next input line. See \fBSTRIP\fR for an alternative +that logs the action. +.IP "\fBINFO \fIoptional text...\fR +Log an "info:" record with the \fIoptional text...\fR (or +log a generic text), and inspect the next input line. This +action is useful for routine logging or for debugging. +.sp +This feature is available in Postfix 2.8 and later. +.IP "\fBPASS \fIoptional text...\fR" +Log a "pass:" record with the \fIoptional text...\fR (or +log a generic text), and turn off header, body, and Milter +inspection for the remainder of this message. +.sp +Note: this feature relies on trust in information that is +easy to forge. +.sp +This feature is available in Postfix 3.2 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP "\fBPREPEND \fItext...\fR" +Prepend one line with the specified text, and inspect the next +input line. +.sp +Notes: +.RS +.IP \(bu +The prepended text is output on a separate line, immediately +before the input that triggered the \fBPREPEND\fR action. +.IP \(bu +The prepended text is not considered part of the input +stream: it is not subject to header/body checks or address +rewriting, and it does not affect the way that Postfix adds +missing message headers. +.IP \(bu +When prepending text before a message header line, the prepended +text must begin with a valid message header label. +.IP \(bu +This action cannot be used to prepend multi\-line text. +.RE +.IP +This feature is available in Postfix 2.1 and later. +.sp +This feature is not supported with milter_header_checks. +.IP "\fBREDIRECT \fIuser@domain\fR" +Write a message redirection request to the queue file, and +inspect the next input line. After the message is queued, +it will be sent to the specified address instead of the +intended recipient(s). +.sp +Note: this action overrides the \fBFILTER\fR action, and affects +all recipients of the message. If multiple \fBREDIRECT\fR actions +fire, only the last one is executed. +.sp +This feature is available in Postfix 2.1 and later. +.sp +This feature is not supported with smtp header/body checks. +.IP "\fBREPLACE \fItext...\fR" +Replace the current line with the specified text, and inspect the next +input line. +.sp +This feature is available in Postfix 2.2 and later. The +description below applies to Postfix 2.2.2 and later. +.sp +Notes: +.RS +.IP \(bu +When replacing a message header line, the replacement text +must begin with a valid header label. +.IP \(bu +The replaced text remains part of the input stream. Unlike +the result from the \fBPREPEND\fR action, a replaced message +header may be subject to address rewriting and may affect +the way that Postfix adds missing message headers. +.RE +.IP "\fBREJECT \fIoptional text...\fR +Reject the entire message. Do not inspect the remainder of +the input message. Reply with \fIoptional text...\fR when +the optional text is specified, otherwise reply with a +generic error message. +.sp +Note: this action disables further header or body_checks inspection +of the current message and affects all recipients. +.sp +Postfix version 2.3 and later support enhanced status codes. +When no code is specified at the beginning of \fIoptional +text...\fR, Postfix inserts a default enhanced status code of +"5.7.1". +.sp +This feature is not supported with smtp header/body checks. +.IP "\fBSTRIP \fIoptional text...\fR" +Log a "strip:" record with the \fIoptional text...\fR (or +log a generic text), delete the input line from the input, +and inspect the next input line. See \fBIGNORE\fR for a +silent alternative. +.sp +This feature is available in Postfix 3.2 and later. +.IP "\fBWARN \fIoptional text...\fR +Log a "warning:" record with the \fIoptional text...\fR (or +log a generic text), and inspect the next input line. This +action is useful for debugging and for testing a pattern +before applying more drastic actions. +.SH BUGS +.ad +.fi +Empty lines never match, because some map types mis\-behave +when given a zero\-length search string. This limitation may +be removed for regular expression tables in a future release. + +Many people overlook the main limitations of header and body_checks +rules. +.IP \(bu +These rules operate on one logical message header or one body +line at a time. A decision made for one line is not carried over +to the next line. +.IP \(bu +If text in the message body is encoded +(RFC 2045) then the rules need to be specified for the encoded +form. +.IP \(bu +Likewise, when message headers are encoded (RFC +2047) then the rules need to be specified for the encoded +form. +.PP +Message headers added by the \fBcleanup\fR(8) daemon itself +are excluded from inspection. Examples of such message headers +are \fBFrom:\fR, \fBTo:\fR, \fBMessage\-ID:\fR, \fBDate:\fR. + +Message headers deleted by the \fBcleanup\fR(8) daemon will +be examined before they are deleted. Examples are: \fBBcc:\fR, +\fBContent\-Length:\fR, \fBReturn\-Path:\fR. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +.IP \fBbody_checks\fR +Lookup tables with content filter rules for message body lines. +These filters see one physical line at a time, in chunks of +at most \fB$line_length_limit\fR bytes. +.IP \fBbody_checks_size_limit\fP +The amount of content per message body segment (attachment) that is +subjected to \fB$body_checks\fR filtering. +.IP \fBheader_checks\fR +.IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)" +.IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)" +Lookup tables with content filter rules for message header lines: +respectively, these are applied to the initial message headers +(not including MIME headers), to the MIME headers anywhere in +the message, and to the initial headers of attached messages. +.sp +Note: these filters see one logical message header at a time, even +when a message header spans multiple lines. Message headers that +are longer than \fB$header_size_limit\fR characters are truncated. +.IP \fBdisable_mime_input_processing\fR +While receiving mail, give no special treatment to MIME related +message headers; all text after the initial message headers is +considered to be part of the message body. This means that +\fBheader_checks\fR is applied to all the initial message headers, +and that \fBbody_checks\fR is applied to the remainder of the +message. +.sp +Note: when used in this manner, \fBbody_checks\fR will process +a multi\-line message header one line at a time. +.SH "EXAMPLES" +.na +.nf +.ad +.fi +Header pattern to block attachments with bad file name +extensions. For convenience, the PCRE /x flag is specified, +so that there is no need to collapse the pattern into a +single line of text. The purpose of the [[:xdigit:]] +sub\-expressions is to recognize Windows CLSID strings. + +.na +.nf +/etc/postfix/main.cf: + header_checks = pcre:/etc/postfix/header_checks.pcre + +/etc/postfix/header_checks.pcre: + /^Content\-(Disposition|Type).*name\es*=\es*"?([^;]*(\e.|=2E)( + ade|adp|asp|bas|bat|chm|cmd|com|cpl|crt|dll|exe| + hlp|ht[at]| + inf|ins|isp|jse?|lnk|md[betw]|ms[cipt]|nws| + \e{[[:xdigit:]]{8}(?:\-[[:xdigit:]]{4}){3}\-[[:xdigit:]]{12}\e}| + ops|pcd|pif|prf|reg|sc[frt]|sh[bsm]|swf| + vb[esx]?|vxd|ws[cfh]))(\e?=)?"?\es*(;|$)/x + REJECT Attachment name "$2" may not end with ".$4" +.ad +.fi + +Body pattern to stop a specific HTML browser vulnerability exploit. + +.na +.nf +/etc/postfix/main.cf: + body_checks = regexp:/etc/postfix/body_checks + +/etc/postfix/body_checks: + /^<iframe src=(3D)?cid:.* height=(3D)?0 width=(3D)?0>$/ + REJECT IFRAME vulnerability exploit +.SH "SEE ALSO" +.na +.nf +cleanup(8), canonicalize and enqueue Postfix message +pcre_table(5), format of PCRE lookup tables +regexp_table(5), format of POSIX regular expression tables +postconf(1), Postfix configuration utility +postmap(1), Postfix lookup table management +postsuper(1), Postfix janitor +postcat(1), show Postfix queue file contents +RFC 2045, base64 and quoted\-printable encoding rules +RFC 2047, message header encoding for non\-ASCII text +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +CONTENT_INSPECTION_README, Postfix content inspection overview +BUILTIN_FILTER_README, Postfix built\-in content inspection +BACKSCATTER_README, blocking returned forged mail +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/ldap_table.5 b/man/man5/ldap_table.5 new file mode 100644 index 0000000..464f517 --- /dev/null +++ b/man/man5/ldap_table.5 @@ -0,0 +1,750 @@ +.TH LDAP_TABLE 5 +.ad +.fi +.SH NAME +ldap_table +\- +Postfix LDAP client configuration +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" ldap:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- ldap:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified as LDAP databases. + +In order to use LDAP lookups, define an LDAP source as a lookup +table in main.cf, for example: + +.nf + alias_maps = ldap:/etc/postfix/ldap\-aliases.cf +.fi + +The file /etc/postfix/ldap\-aliases.cf has the same format as +the Postfix main.cf file, and can specify the parameters +described below. An example is given at the end of this manual. + +This configuration method is available with Postfix version +2.1 and later. See the section "OBSOLETE MAIN.CF PARAMETERS" +below for older Postfix versions. + +For details about LDAP SSL and STARTTLS, see the section +on SSL and STARTTLS below. +.SH "LIST MEMBERSHIP" +.na +.nf +.ad +.fi +When using LDAP to store lists such as $mynetworks, +$mydestination, $relay_domains, $local_recipient_maps, +etc., it is important to understand that the table must +store each list member as a separate key. The table lookup +verifies the *existence* of the key. See "Postfix lists +versus tables" in the DATABASE_README document for a +discussion. + +Do NOT create tables that return the full list of domains +in $mydestination or $relay_domains etc., or IP addresses +in $mynetworks. + +DO create tables with each matching item as a key and with +an arbitrary value. With LDAP databases it is not uncommon to +return the key itself. + +For example, NEVER do this in a map defining $mydestination: + +.nf + query_filter = domain=* + result_attribute = domain +.fi + +Do this instead: + +.nf + query_filter = domain=%s + result_attribute = domain +.fi +.SH "GENERAL LDAP PARAMETERS" +.na +.nf +.ad +.fi +In the text below, default values are given in parentheses. +Note: don't use quotes in these variables; at least, not until the +Postfix configuration routines understand how to deal with quoted +strings. +.IP "\fBserver_host (default: localhost)\fR" +The name of the host running the LDAP server, e.g. + +.nf + server_host = ldap.example.com +.fi + +Depending on the LDAP client library you're using, it should +be possible to specify multiple servers here, with the library +trying them in order should the first one fail. It should also +be possible to give each server in the list a different port +(overriding \fBserver_port\fR below), by naming them like + +.nf + server_host = ldap.example.com:1444 +.fi + +With OpenLDAP, a (list of) LDAP URLs can be used to specify both +the hostname(s) and the port(s): + +.nf + server_host = ldap://ldap.example.com:1444 + ldap://ldap2.example.com:1444 +.fi + +All LDAP URLs accepted by the OpenLDAP library are supported, +including connections over UNIX domain sockets, and LDAP SSL +(the last one provided that OpenLDAP was compiled with support +for SSL): + +.nf + server_host = ldapi://%2Fsome%2Fpath + ldaps://ldap.example.com:636 +.fi +.IP "\fBserver_port (default: 389)\fR" +The port the LDAP server listens on, e.g. + +.nf + server_port = 778 +.fi +.IP "\fBtimeout (default: 10 seconds)\fR" +The number of seconds a search can take before timing out, e.g. + +.fi + timeout = 5 +.fi +.IP "\fBsearch_base (No default; you must configure this)\fR" +The RFC2253 base DN at which to conduct the search, e.g. + +.nf + search_base = dc=your, dc=com +.fi +.IP +With Postfix 2.2 and later this parameter supports the +following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the input key. +RFC 2253 quoting is used to make sure that the input key +does not add unexpected metacharacters. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, \fB%u\fR +is replaced by the (RFC 2253) quoted local part of the address. +Otherwise, \fB%u\fR is replaced by the entire search string. +If the localpart is empty, the search is suppressed and returns +no results. +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, \fB%d\fR +is replaced by the (RFC 2253) quoted domain part of the address. +Otherwise, the search is suppressed and returns no results. +.IP "\fB%[SUD]\fR" +For the \fBsearch_base\fR parameter, the upper\-case equivalents +of the above expansions behave identically to their lower\-case +counter\-parts. With the \fBresult_format\fR parameter (previously +called \fBresult_filter\fR see the OTHER OBSOLETE FEATURES section +and below), they expand to the corresponding components of input +key rather than the result value. +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If the +input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, +%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is +unqualified or does not have enough domain components to satisfy +all the specified patterns, the search is suppressed and returns +no results. +.RE +.IP "\fBquery_filter (default: mailacceptinggeneralid=%s)\fR" +The RFC2254 filter used to search the directory, where \fB%s\fR +is a substitute for the address Postfix is trying to resolve, +e.g. + +.nf + query_filter = (&(mail=%s)(paid_up=true)) +.fi + +This parameter supports the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. (Postfix 2.2 and later). +.IP "\fB%s\fR" +This is replaced by the input key. +RFC 2254 quoting is used to make sure that the input key +does not add unexpected metacharacters. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, \fB%u\fR +is replaced by the (RFC 2254) quoted local part of the address. +Otherwise, \fB%u\fR is replaced by the entire search string. +If the localpart is empty, the search is suppressed and returns +no results. +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, \fB%d\fR +is replaced by the (RFC 2254) quoted domain part of the address. +Otherwise, the search is suppressed and returns no results. +.IP "\fB%[SUD]\fR" +The upper\-case equivalents of the above expansions behave in the +\fBquery_filter\fR parameter identically to their lower\-case +counter\-parts. With the \fBresult_format\fR parameter (previously +called \fBresult_filter\fR see the OTHER OBSOLETE FEATURES section +and below), they expand to the corresponding components of input +key rather than the result value. +.IP +The above %S, %U and %D expansions are available with Postfix 2.2 +and later. +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If the +input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, +%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is +unqualified or does not have enough domain components to satisfy +all the specified patterns, the search is suppressed and returns +no results. +.IP +The above %1, ..., %9 expansions are available with Postfix 2.2 +and later. +.RE +.IP +The "domain" parameter described below limits the input +keys to addresses in matching domains. When the "domain" +parameter is non\-empty, LDAP queries for unqualified +addresses or addresses in non\-matching domains are suppressed +and return no results. + +NOTE: DO NOT put quotes around the \fBquery_filter\fR parameter. +.IP "\fBresult_format (default: \fB%s\fR)\fR" +Called \fBresult_filter\fR in Postfix releases prior to 2.2. +Format template applied to result attributes. Most commonly used +to append (or prepend) text to the result. This parameter supports +the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. (Postfix 2.2 and later). +.IP "\fB%s\fR" +This is replaced by the value of the result attribute. When +result is empty it is skipped. +.IP "\fB%u\fR +When the result attribute value is an address of the form +user@domain, \fB%u\fR is replaced by the local part of the +address. When the result has an empty localpart it is skipped. +.IP "\fB%d\fR" +When a result attribute value is an address of the form +user@domain, \fB%d\fR is replaced by the domain part of +the attribute value. When the result is unqualified it +is skipped. +.IP "\fB%[SUD1\-9]\fR" +The upper\-case and decimal digit expansions interpolate +the parts of the input key rather than the result. Their +behavior is identical to that described with \fBquery_filter\fR, +and in fact because the input key is known in advance, lookups +whose key does not contain all the information specified in +the result template are suppressed and return no results. +.IP +The above %S, %U, %D and %1, ..., %9 expansions are available with +Postfix 2.2 and later. +.RE +.IP +For example, using "result_format = smtp:[%s]" allows one +to use a mailHost attribute as the basis of a transport(5) +table. After applying the result format, multiple values +are concatenated as comma separated strings. The expansion_limit +and size_limit parameters explained below allow one to +restrict the number of values in the result, which is +especially useful for maps that should return a single +value. + +The default value \fB%s\fR specifies that each +attribute value should be used as is. + +This parameter was called \fBresult_filter\fR in Postfix +releases prior to 2.2. If no "result_format" is specified, +the value of "result_filter" will be used instead before +resorting to the default value. This provides compatibility +with old configuration files. + +NOTE: DO NOT put quotes around the result format! +.IP "\fBdomain (default: no domain list)\fR" +This is a list of domain names, paths to files, or +"type:table" databases. When specified, only fully qualified search +keys with a *non\-empty* localpart and a matching domain +are eligible for lookup: 'user' lookups, bare domain lookups +and "@domain" lookups are not performed. This can significantly +reduce the query load on the LDAP server. + +.nf + domain = postfix.org, hash:/etc/postfix/searchdomains +.fi + +It is best not to use LDAP to store the domains eligible +for LDAP lookups. + +NOTE: DO NOT define this parameter for local(8) aliases. + +This feature is available in Postfix 1.0 and later. +.IP "\fBresult_attribute (default: maildrop)\fR" +The attribute(s) Postfix will read from any directory +entries returned by the lookup, to be resolved to an email +address. + +.nf + result_attribute = mailbox, maildrop +.fi + +Don't rely on the default value ("maildrop"). Set the +result_attribute explicitly in all ldap table configuration +files. This is particularly relevant when no result_attribute +is applicable, e.g. cases in which leaf_result_attribute and/or +terminal_result_attribute are used instead. The default value +is harmless if "maildrop" is also listed as a leaf or terminal +result attribute, but it is best to not leave this to chance. +.IP "\fBspecial_result_attribute (default: empty)\fR" +The attribute(s) of directory entries that can contain DNs +or RFC 2255 LDAP URLs. If found, a recursive search +is performed to retrieve the entry referenced by the DN, or +the entries matched by the URL query. + +.nf + special_result_attribute = memberdn +.fi + +DN recursion retrieves the same result_attributes as the +main query, including the special attributes for further +recursion. + +URL processing retrieves only those attributes that are included +in both the URL definition and as result attributes (ordinary, +special, leaf or terminal) in the Postfix table definition. +If the URL lists any of the table's special result attributes, +these are retrieved and used recursively. A URL that does not +specify any attribute selection, is equivalent (RFC 2255) to a +URL that selects all attributes, in which case the selected +attributes will be the full set of result attributes in the +Postfix table. + +If an LDAP URL attribute\-descriptor or the corresponding Postfix +LDAP table result attribute (but not both) uses RFC 2255 sub\-type +options ("attr;option"), the attribute requested from the LDAP server +will include the sub\-type option. In all other cases, the URL +attribute and the table attribute must match exactly. Attributes +with options in both the URL and the Postfix table are requested +only when the options are identical. LDAP attribute\-descriptor +options are very rarely used, most LDAP users will not +need to concern themselves with this level of nuanced detail. +.IP "\fBterminal_result_attribute (default: empty)\fR" +When one or more terminal result attributes are found in an LDAP +entry, all other result attributes are ignored and only the terminal +result attributes are returned. This is useful for delegating expansion +of group members to a particular host, by using an optional "maildrop" +attribute on selected groups to route the group to a specific host, +where the group is expanded, possibly via mailing\-list manager or +other special processing. + +.nf + result_attribute = + terminal_result_attribute = maildrop +.fi + +When using terminal and/or leaf result attributes, the +result_attribute is best set to an empty value when it is not +used, or else explicitly set to the desired value, even if it is +the default value "maildrop". + +This feature is available with Postfix 2.4 or later. +.IP "\fBleaf_result_attribute (default: empty)\fR" +When one or more special result attributes are found in a non\-terminal +(see above) LDAP entry, leaf result attributes are excluded from the +expansion of that entry. This is useful when expanding groups and the +desired mail address attribute(s) of the member objects obtained via +DN or URI recursion are also present in the group object. To only +return the attribute values from the leaf objects and not the +containing group, add the attribute to the leaf_result_attribute list, +and not the result_attribute list, which is always expanded. Note, +the default value of "result_attribute" is not empty, you may want to +set it explicitly empty when using "leaf_result_attribute" to expand +the group to a list of member DN addresses. If groups have both +member DN references AND attributes that hold multiple string valued +rfc822 addresses, then the string attributes go in "result_attribute". +The attributes that represent the email addresses of objects +referenced via a DN (or LDAP URI) go in "leaf_result_attribute". + +.nf + result_attribute = memberaddr + special_result_attribute = memberdn + terminal_result_attribute = maildrop + leaf_result_attribute = mail +.fi + +When using terminal and/or leaf result attributes, the +result_attribute is best set to an empty value when it is not +used, or else explicitly set to the desired value, even if it is +the default value "maildrop". + +This feature is available with Postfix 2.4 or later. +.IP "\fBscope (default: sub)\fR" +The LDAP search scope: \fBsub\fR, \fBbase\fR, or \fBone\fR. +These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, +and LDAP_SCOPE_ONELEVEL. +.IP "\fBbind (default: yes)\fR" +Whether or how to bind to the LDAP server. Newer LDAP +implementations don't require clients to bind, which saves +time. Example: + +.nf + # Don't bind + bind = no + # Use SIMPLE bind + bind = yes + # Use SASL bind + bind = sasl +.fi + +Postfix versions prior to 2.8 only support "bind = no" which +means don't bind, and "bind = yes" which means do a SIMPLE bind. +Postfix 2.8 and later also supports "bind = SASL" when compiled +with LDAP SASL support as described in LDAP_README, it also adds +the synonyms "bind = none" and "bind = simple" for "bind = no" +and "bind = yes" respectively. See the SASL section below for +additional parameters available with "bind = sasl". + +If you do need to bind, you might consider configuring +Postfix to connect to the local machine on a port that's +an SSL tunnel to your LDAP server. If your LDAP server +doesn't natively support SSL, put a tunnel (wrapper, proxy, +whatever you want to call it) on that system too. This +should prevent the password from traversing the network in +the clear. +.IP "\fBbind_dn (default: empty)\fR" +If you do have to bind, do it with this distinguished name. Example: + +.nf + bind_dn = uid=postfix, dc=your, dc=com +.fi +With "bind = sasl" (see above) the DN may be optional for some SASL +mechanisms, don't specify a DN if not needed. +.IP "\fBbind_pw (default: empty)\fR" +The password for the distinguished name above. If you have +to use this, you probably want to make the map configuration +file readable only by the Postfix user. When using the +obsolete ldap:ldapsource syntax, with map parameters in +main.cf, it is not possible to securely store the bind +password. This is because main.cf needs to be world readable +to allow local accounts to submit mail via the sendmail +command. Example: + +.nf + bind_pw = postfixpw +.fi +With "bind = sasl" (see above) the password may be optional +for some SASL mechanisms, don't specify a password if not needed. +.IP "\fBcache (IGNORED with a warning)\fR" +.IP "\fBcache_expiry (IGNORED with a warning)\fR" +.IP "\fBcache_size (IGNORED with a warning)\fR" +The above parameters are NO LONGER SUPPORTED by Postfix. +Cache support has been dropped from OpenLDAP as of release +2.1.13. +.IP "\fBrecursion_limit (default: 1000)\fR" +A limit on the nesting depth of DN and URL special result +attribute evaluation. The limit must be a non\-zero positive +number. +.IP "\fBexpansion_limit (default: 0)\fR" +A limit on the total number of result elements returned +(as a comma separated list) by a lookup against the map. +A setting of zero disables the limit. Lookups fail with a +temporary error if the limit is exceeded. Setting the +limit to 1 ensures that lookups do not return multiple +values. +.IP "\fBsize_limit (default: $expansion_limit)\fR" +A limit on the number of LDAP entries returned by any single +LDAP search performed as part of the lookup. A setting of +0 disables the limit. Expansion of DN and URL references +involves nested LDAP queries, each of which is separately +subjected to this limit. + +Note: even a single LDAP entry can generate multiple lookup +results, via multiple result attributes and/or multi\-valued +result attributes. This limit caps the per search resource +utilization on the LDAP server, not the final multiplicity +of the lookup result. It is analogous to the "\-z" option +of "ldapsearch". +.IP "\fBdereference (default: 0)\fR" +When to dereference LDAP aliases. (Note that this has +nothing do with Postfix aliases.) The permitted values are +those legal for the OpenLDAP/UM LDAP implementations: +.RS +.IP 0 +never +.IP 1 +when searching +.IP 2 +when locating the base object for the search +.IP 3 +always +.RE +.IP +See ldap.h or the ldap_open(3) or ldapsearch(1) man pages +for more information. And if you're using an LDAP package +that has other possible values, please bring it to the +attention of the postfix\-users@postfix.org mailing list. +.IP "\fBchase_referrals (default: 0)\fR" +Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version +3 support). +.IP "\fBversion (default: 2)\fR" +Specifies the LDAP protocol version to use. +.IP "\fBdebuglevel (default: 0)\fR" +What level to set for debugging in the OpenLDAP libraries. +.SH "LDAP SASL PARAMETERS" +.na +.nf +.ad +.fi +If you're using the OpenLDAP libraries compiled with SASL +support, Postfix 2.8 and later built with LDAP SASL support +as described in LDAP_README can authenticate to LDAP servers +via SASL. + +This enables authentication to the LDAP server via mechanisms +other than a simple password. The added flexibility has a cost: +it is no longer practical to set an explicit timeout on the duration +of an LDAP bind operation. Under adverse conditions, whether a SASL +bind times out, or if it does, the duration of the timeout is +determined by the LDAP and SASL libraries. + +It is best to use tables that use SASL binds via proxymap(8), this +way the requesting process can time\-out the proxymap request. This +also lets you tailer the process environment by overriding the +proxymap(8) import_environment setting in master.cf(5). Special +environment settings may be needed to configure GSSAPI credential +caches or other SASL mechanism specific options. The GSSAPI +credentials used for LDAP lookups may need to be different than +say those used for the Postfix SMTP client to authenticate to remote +servers. + +Using SASL mechanisms requires LDAP protocol version 3, the default +protocol version is 2 for backwards compatibility. You must set +"version = 3" in addition to "bind = sasl". + +The following parameters are relevant to using LDAP with SASL +.IP "\fBsasl_mechs (default: empty)\fR" +Space separated list of SASL mechanism(s) to try. +.IP "\fBsasl_realm (default: empty)\fR" +SASL Realm to use, if applicable. +.IP "\fBsasl_authz_id (default: empty)\fR" +The SASL authorization identity to assert, if applicable. +.IP "\fBsasl_minssf (default: 0)\fR" +The minimum required sasl security factor required to establish a +connection. +.SH "LDAP SSL AND STARTTLS PARAMETERS" +.na +.nf +.ad +.fi +If you're using the OpenLDAP libraries compiled with SSL +support, Postfix can connect to LDAP SSL servers and can +issue the STARTTLS command. + +LDAP SSL service can be requested by using a LDAP SSL URL +in the server_host parameter: + +.nf + server_host = ldaps://ldap.example.com:636 +.fi + +STARTTLS can be turned on with the start_tls parameter: + +.nf + start_tls = yes +.fi + +Both forms require LDAP protocol version 3, which has to be set +explicitly with: + +.nf + version = 3 +.fi + +If any of the Postfix programs querying the map is configured in +master.cf to run chrooted, all the certificates and keys involved +have to be copied to the chroot jail. Of course, the private keys +should only be readable by the user "postfix". + +The following parameters are relevant to LDAP SSL and STARTTLS: +.IP "\fBstart_tls (default: no)\fR" +Whether or not to issue STARTTLS upon connection to the +server. Don't set this with LDAP SSL (the SSL session is setup +automatically when the TCP connection is opened). +.IP "\fBtls_ca_cert_dir (No default; set either this or tls_ca_cert_file)\fR" +Directory containing X509 Certification Authority certificates +in PEM format which are to be recognized by the client in +SSL/TLS connections. The files each contain one CA certificate. +The files are looked up by the CA subject name hash value, +which must hence be available. If more than one CA certificate +with the same name hash value exist, the extension must be +different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is +performed in the ordering of the extension number, regardless +of other properties of the certificates. Use the c_rehash +utility (from the OpenSSL distribution) to create the +necessary links. +.IP "\fBtls_ca_cert_file (No default; set either this or tls_ca_cert_dir)\fR" +File containing the X509 Certification Authority certificates +in PEM format which are to be recognized by the client in +SSL/TLS connections. This setting takes precedence over +tls_ca_cert_dir. +.IP "\fBtls_cert (No default; you must set this)\fR" +File containing client's X509 certificate to be used by +the client in SSL/ TLS connections. +.IP "\fBtls_key (No default; you must set this)\fR" +File containing the private key corresponding to the above +tls_cert. +.IP "\fBtls_require_cert (default: no)\fR" +Whether or not to request server's X509 certificate and +check its validity when establishing SSL/TLS connections. +The supported values are \fBno\fR and \fByes\fR. +.sp +With \fBno\fR, the server certificate trust chain is not checked, +but with OpenLDAP prior to 2.1.13, the name in the server +certificate must still match the LDAP server name. With OpenLDAP +2.0.0 to 2.0.11 the server name is not necessarily what you +specified, rather it is determined (by reverse lookup) from the +IP address of the LDAP server connection. With OpenLDAP prior to +2.0.13, subjectAlternativeName extensions in the LDAP server +certificate are ignored: the server name must match the subject +CommonName. The \fBno\fR setting corresponds to the \fBnever\fR +value of \fBTLS_REQCERT\fR in LDAP client configuration files. +.sp +Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11) +if you can avoid it. +.sp +With \fByes\fR, the server certificate must be issued by a trusted +CA, and not be expired. The LDAP server name must match one of the +name(s) found in the certificate (see above for OpenLDAP library +version dependent behavior). The \fByes\fR setting corresponds to the +\fBdemand\fR value of \fBTLS_REQCERT\fR in LDAP client configuration +files. +.sp +The "try" and "allow" values of \fBTLS_REQCERT\fR have no equivalents +here. They are not available with OpenLDAP 2.0, and in any case have +questionable security properties. Either you want TLS verified LDAP +connections, or you don't. +.sp +The \fByes\fR value only works correctly with Postfix 2.5 and later, +or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP +releases don't work together with this setting. Support for LDAP +over TLS was added to Postfix based on the OpenLDAP 2.0 API. +.IP "\fBtls_random_file (No default)\fR" +Path of a file to obtain random bits from when /dev/[u]random +is not available, to be used by the client in SSL/TLS +connections. +.IP "\fBtls_cipher_suite (No default)\fR" +Cipher suite to use in SSL/TLS negotiations. +.SH "EXAMPLE" +.na +.nf +.ad +.fi +Here's a basic example for using LDAP to look up local(8) +aliases. +Assume that in main.cf, you have: + +.nf + alias_maps = hash:/etc/aliases, + ldap:/etc/postfix/ldap\-aliases.cf +.fi + +and in ldap:/etc/postfix/ldap\-aliases.cf you have: + +.nf + server_host = ldap.example.com + search_base = dc=example, dc=com +.fi + +Upon receiving mail for a local address "ldapuser" that +isn't found in the /etc/aliases database, Postfix will +search the LDAP server listening at port 389 on ldap.example.com. +It will bind anonymously, search for any directory entries +whose mailacceptinggeneralid attribute is "ldapuser", read +the "maildrop" attributes of those found, and build a list +of their maildrops, which will be treated as RFC822 addresses +to which the message will be delivered. +.SH "OBSOLETE MAIN.CF PARAMETERS" +.na +.nf +.ad +.fi +For backwards compatibility with Postfix version 2.0 and earlier, +LDAP parameters can also be defined in main.cf. Specify +as LDAP source a name that doesn't begin with a slash or +a dot. The LDAP parameters will then be accessible as the +name you've given the source in its definition, an underscore, +and the name of the parameter. For example, if the map is +specified as "ldap:\fIldapsource\fR", the "server_host" +parameter below would be defined in main.cf as +"\fIldapsource\fR_server_host". + +Note: with this form, the passwords for the LDAP sources are +written in main.cf, which is normally world\-readable. Support +for this form will be removed in a future Postfix version. +.SH "OTHER OBSOLETE FEATURES" +.na +.nf +.ad +.fi +For backwards compatibility with the pre +2.2 LDAP clients, \fBresult_filter\fR can for now be used instead +of \fBresult_format\fR, when the latter parameter is not also set. +The new name better reflects the function of the parameter. This +compatibility interface may be removed in a future release. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +mysql_table(5), MySQL lookup tables +pgsql_table(5), PostgreSQL lookup tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +LDAP_README, Postfix LDAP client guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +.ad +.fi +Carsten Hoeger, +Hery Rakotoarisoa, +John Hensley, +Keith Stevenson, +LaMont Jones, +Liviu Daia, +Manuel Guesdon, +Mike Mattice, +Prabhat K Singh, +Sami Haahtinen, +Samuel Tardieu, +Victor Duchovni, +and many others. diff --git a/man/man5/lmdb_table.5 b/man/man5/lmdb_table.5 new file mode 100644 index 0000000..c4c74d6 --- /dev/null +++ b/man/man5/lmdb_table.5 @@ -0,0 +1,142 @@ +.TH LMDB_TABLE 5 +.ad +.fi +.SH NAME +lmdb_table +\- +Postfix LMDB adapter +.SH "SYNOPSIS" +.na +.nf +\fBpostmap lmdb:/etc/postfix/\fIfilename\fR +.br +\fBpostmap \-i lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR + +\fBpostmap \-d "\fIkey\fB" lmdb:/etc/postfix/\fIfilename\fR +.br +\fBpostmap \-d \- lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR + +\fBpostmap \-q "\fIkey\fB" lmdb:/etc/postfix/\fIfilename\fR +.br +\fBpostmap \-q \- lmdb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix LMDB adapter provides access to a persistent, +memory\-mapped, key\-value store. The database size is limited +only by the size of the memory address space (typically 31 +or 47 bits on 32\-bit or 64\-bit CPUs, respectively) and by +the available file system space. +.SH "REQUESTS" +.na +.nf +.ad +.fi +The LMDB adapter supports all Postfix lookup table operations. +This makes LMDB suitable for Postfix address rewriting, +routing, access policies, caches, or any information that +can be stored under a fixed lookup key. + +When a transaction fails due to a full database, Postfix +resizes the database and retries the transaction. + +Postfix table lookups may generate partial search keys such +as domain names without one or more subdomains, network +addresses without one or more least\-significant octets, or +email addresses without the localpart, address extension +or domain portion. This behavior is also found with, for +example, btree:, hash:, or ldap: tables. + +Changes to an LMDB database do not trigger an automatic +daemon restart, and do not require a daemon restart with +"\fBpostfix reload\fR". +.SH "RELIABILITY" +.na +.nf +.ad +.fi +LMDB's copy\-on\-write architecture provides safe updates, +at the cost of using more space than some other flat\-file +databases. Read operations are memory\-mapped for speed. +Write operations are not memory\-mapped to avoid silent +corruption due to stray pointer bugs. + +Multiple processes can safely update an LMDB database without +serializing requests through the proxymap(8) service. This +makes LMDB suitable as a shared cache for verify(8) or +postscreen(8) services. +.SH "SYNCHRONIZATION" +.na +.nf +.ad +.fi +The Postfix LMDB adapter does not use LMDB's built\-in locking +scheme, because that would require world\-writable lockfiles +and would violate the Postfix security model. Instead, +Postfix uses fcntl(2) locks with whole\-file granularity. +Programs that use LMDB's built\-in locking protocol will +corrupt a Postfix LMDB database or will read garbage. + +Every Postfix LMDB database read or write transaction must +be protected from start to end with a shared or exclusive +fcntl(2) lock. A writer may atomically downgrade an exclusive +lock to a shared lock, but it must hold an exclusive lock +while opening another write transaction. + +Note that fcntl(2) locks do not protect transactions within +the same process against each other. If a program cannot +avoid making simultaneous database requests, then it must +protect its transactions with in\-process locks, in addition +to the per\-process fcntl(2) locks. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Short\-lived programs automatically pick up changes to +main.cf. With long\-running daemon programs, Use the command +"\fBpostfix reload\fR" after a configuration change. +.IP "\fBlmdb_map_size (16777216)\fR" +The initial OpenLDAP LMDB database size limit in bytes. +.SH "SEE ALSO" +.na +.nf +postconf(1), Postfix supported lookup tables +postmap(1), Postfix lookup table maintenance +postconf(5), configuration parameters +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +LMDB_README, Postfix OpenLDAP LMDB howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +LMDB support was introduced with Postfix version 2.11. +.SH "AUTHOR(S)" +.na +.nf +Howard Chu +Symas Corporation + +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/master.5 b/man/man5/master.5 new file mode 100644 index 0000000..48fd4fd --- /dev/null +++ b/man/man5/master.5 @@ -0,0 +1,270 @@ +.TH MASTER 5 +.ad +.fi +.SH NAME +master +\- +Postfix master process configuration file format +.SH DESCRIPTION +.ad +.fi +The Postfix mail system is implemented by small number of +(mostly) client commands that are invoked by users, and by +a larger number of services that run in the background. + +Postfix services are implemented by daemon processes. These +run in the background, started on\-demand by the \fBmaster\fR(8) +process. The master.cf configuration file defines how a +client program connects to a service, and what daemon +program runs when a service is requested. Most daemon +processes are short\-lived and terminate voluntarily after +serving \fBmax_use\fR clients, or after inactivity for +\fBmax_idle\fR or more units of time. + +All daemons specified here must speak a Postfix\-internal +protocol. In order to execute non\-Postfix software use the +\fBlocal\fR(8), \fBpipe\fR(8) or \fBspawn\fR(8) services, or +execute the software with \fBinetd\fR(8) or equivalent. +.PP +After changing master.cf you must execute "\fBpostfix reload\fR" +to reload the configuration. +.SH "SYNTAX" +.na +.nf +.ad +.fi +The general format of the master.cf file is as follows: +.IP \(bu +Empty lines and whitespace\-only lines are ignored, as are +lines whose first non\-whitespace character is a `#'. +.IP \(bu +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.IP \(bu +Each logical line defines a single Postfix service. +Each service is identified by its name and type as described +below. When multiple lines specify the same service name +and type, only the last one is remembered. Otherwise, the +order of master.cf service definitions does not matter. +.PP +Each logical line consists of eight fields separated by +whitespace. These are described below in the order as they +appear in the master.cf file. + +Where applicable a field of "\-" requests that the built\-in +default value be used. For boolean fields specify "y" or +"n" to override the default value. +.IP "\fBService name\fR" +The service name syntax depends on the service type as +described next. +.IP "\fBService type\fR" +Specify one of the following service types: +.RS +.IP \fBinet\fR +The service listens on a TCP/IP socket and is accessible +via the network. + +The service name is specified as \fIhost:port\fR, denoting +the host and port on which new connections should be +accepted. The host part (and colon) may be omitted. Either +host or port may be given in symbolic form (see \fBhosts\fR(5) or +\fBservices\fR(5)) or in numeric form (IP address or port number). +Host information may be enclosed inside "[]"; this form +is necessary only with IPv6 addresses. +.sp +Examples: a service named \fB127.0.0.1:smtp\fR or \fB::1:smtp\fR +receives +mail via the loopback interface only; and a service named +\fB10025\fR accepts connections on TCP port 10025 via +all interfaces configured with the \fBinet_interfaces\fR +parameter. + +.sp +Note: with Postfix version 2.2 and later specify +"\fBinet_interfaces = loopback\-only\fR" in main.cf, instead +of hard\-coding loopback IP address information in master.cf +or in main.cf. +.IP \fBunix\fR +The service listens on a UNIX\-domain stream socket and is +accessible for local clients only. + +The service name is a pathname relative to the Postfix +queue directory (pathname controlled with the \fBqueue_directory\fR +configuration parameter in main.cf). +.sp +On Solaris 8 and earlier systems the \fBunix\fR type is +implemented with streams sockets. +.IP \fBunix\-dgram\fR +The service listens on a UNIX\-domain datagram socket and is +accessible for local clients only. + +The service name is a pathname relative to the Postfix +queue directory (pathname controlled with the \fBqueue_directory\fR +configuration parameter in main.cf). +.IP "\fBfifo\fR (obsolete)" +The service listens on a FIFO (named pipe) and is accessible +for local clients only. + +The service name is a pathname relative to the Postfix +queue directory (pathname controlled with the \fBqueue_directory\fR +configuration parameter in main.cf). +.IP \fBpass\fR +The service listens on a UNIX\-domain stream socket, and is +accessible to local clients only. It receives one open +connection (file descriptor passing) per connection request. + +The service name is a pathname relative to the Postfix +queue directory (pathname controlled with the \fBqueue_directory\fR +configuration parameter in main.cf). +.sp +On Solaris 8 and earlier systems the \fBpass\fR type is +implemented with streams sockets. + +This feature is available as of Postfix version 2.5. +.RE +.IP "\fBPrivate (default: y)\fR" +Whether a service is internal to Postfix (pathname starts +with \fBprivate/\fR), or exposed through Postfix command\-line +tools (pathname starts with \fBpublic/\fR). +Internet (type \fBinet\fR) services can't be private. +.IP "\fBUnprivileged (default: y)\fR" +Whether the service runs with root privileges or as the +owner of the Postfix system (the owner name is controlled +by the \fBmail_owner\fR configuration variable in the +main.cf file). +.sp +The \fBlocal\fR(8), \fBpipe\fR(8), \fBspawn\fR(8), and +\fBvirtual\fR(8) daemons require privileges. +.IP "\fBChroot (default: Postfix >= 3.0: n, Postfix < 3.0: y)\fR" +Whether or not the service runs chrooted to the mail queue +directory (pathname is controlled by the \fBqueue_directory\fR +configuration variable in the main.cf file). +.sp +Chroot should not be used with the \fBlocal\fR(8), +\fBpipe\fR(8), \fBspawn\fR(8), and \fBvirtual\fR(8) daemons. +Although the +\fBproxymap\fR(8) server can run chrooted, doing so defeats +most of the purpose of having that service in the first +place. +.sp +The files in the examples/chroot\-setup subdirectory of the +Postfix source show how to set up a Postfix chroot environment +on a variety of systems. See also BASIC_CONFIGURATION_README +for issues related to running daemons chrooted. +.IP "\fBWake up time (default: 0)\fR" +Automatically wake up the named service after the specified +number of seconds. The wake up is implemented by connecting +to the service and sending a wake up request. A ? at the +end of the wake\-up time field requests that no wake up +events be sent before the first time a service is used. +Specify 0 for no automatic wake up. +.sp +The \fBpickup\fR(8), \fBqmgr\fR(8) and \fBflush\fR(8) +daemons require a wake up timer. +.IP "\fBProcess limit (default: $default_process_limit)\fR" +The maximum number of processes that may execute this +service simultaneously. Specify 0 for no process count limit. +.sp +NOTE: Some Postfix services must be configured as a +single\-process service (for example, \fBqmgr\fR(8)) and +some services must be configured with no process limit (for +example, \fBcleanup\fR(8)). These limits must not be +changed. +.IP "\fBCommand name + arguments\fR" +The command to be executed. Characters that are special +to the shell such as ">" or "|" have no special meaning +here, and quotes cannot be used to protect arguments +containing whitespace. To protect whitespace, use "{" +and "}" as described below. +.sp +The command name is relative to the Postfix daemon directory +(pathname is controlled by the \fBdaemon_directory\fR +configuration variable). +.sp +The command argument syntax for specific commands is +specified in the respective daemon manual page. +.sp +The following command\-line options have the same effect for +all daemon programs: +.RS +.IP \fB\-D\fR +Run the daemon under control by the command specified with +the \fBdebugger_command\fR variable in the main.cf +configuration file. See DEBUG_README for hints and tips. +.IP "\fB\-o { \fIname\fR = \fIvalue\fB }\fR (long form, Postfix >= 3.0)" +.IP "\fB\-o \fIname\fR=\fIvalue\fR (short form)" +Override the named main.cf configuration parameter. The +parameter value can refer to other parameters as \fI$name\fR +etc., just like in main.cf. See \fBpostconf\fR(5) for +syntax. +.sp +NOTE 1: With the "long form" shown above, whitespace +after "{", around "=", and before "}" is ignored, and +whitespace within the parameter value is preserved. +.sp +NOTE 2: with the "short form" shown above, do not specify +whitespace around the "=" or in +parameter values. To specify a parameter value that contains +whitespace, use the long form described above, or use commas +instead of spaces, or specify the value in main.cf. Example: +.sp +.nf +/etc/postfix/master.cf: + submission inet .... smtpd + \-o smtpd_xxx_yyy=$submission_xxx_yyy +.sp +/etc/postfix/main.cf + submission_xxx_yyy = text with whitespace... +.fi +.sp +NOTE 3: Over\-zealous use of parameter overrides makes the +Postfix configuration hard to understand and maintain. At +a certain point, it might be easier to configure multiple +instances of Postfix, instead of configuring multiple +personalities via master.cf. +.IP \fB\-v\fR +Increase the verbose logging level. Specify multiple \fB\-v\fR +options to make a Postfix daemon process increasingly verbose. +.IP "Other command\-line arguments" +Specify "{" and "}" around command arguments that contain +whitespace (Postfix 3.0 and later). Whitespace +after "{" and before "}" is ignored. +.SH "SEE ALSO" +.na +.nf +master(8), process manager +postconf(5), configuration parameters +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +BASIC_CONFIGURATION_README, basic configuration +DEBUG_README, Postfix debugging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Initial version by +Magnus Baeck +Lund Institute of Technology +Sweden + +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/memcache_table.5 b/man/man5/memcache_table.5 new file mode 100644 index 0000000..430f73c --- /dev/null +++ b/man/man5/memcache_table.5 @@ -0,0 +1,259 @@ +.TH MEMCACHE_TABLE 5 +.ad +.fi +.SH NAME +memcache_table +\- +Postfix memcache client configuration +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" memcache:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- memcache:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified as memcache +instances. To use memcache lookups, define a memcache +source as a lookup table in main.cf, for example: + +.nf + virtual_alias_maps = memcache:/etc/postfix/memcache\-aliases.cf +.fi + +The file /etc/postfix/memcache\-aliases.cf has the same +format as the Postfix main.cf file, and specifies the +parameters described below. + +The Postfix memcache client supports the lookup, update, +delete and sequence (first/next) operations. The sequence +operation requires a backup database that supports the +operation. +.SH "MEMCACHE MAIN PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBmemcache (default: inet:localhost:11211)\fR" +The memcache server (note: singular) that Postfix will try +to connect to. For a TCP server specify "inet:" followed by +a hostname or address, ":", and a port name or number. +Specify an IPv6 address inside "[]". +For a UNIX\-domain server specify "unix:" followed by the +socket pathname. Examples: + +.nf + memcache = inet:memcache.example.com:11211 + memcache = inet:127.0.0.1:11211 + memcache = inet:[fc00:8d00:189::3]:11211 + memcache = unix:/path/to/socket +.fi + +NOTE: to access a UNIX\-domain socket with the proxymap(8) +server, the socket must be accessible by the unprivileged +postfix user. +.IP "\fBbackup (default: undefined)\fR" +An optional Postfix database that provides persistent backup +for the memcache database. The Postfix memcache client will +update the memcache database whenever it looks up or changes +information in the persistent database. Specify a Postfix +"type:table" database. Examples: + +.nf + # Non\-shared postscreen cache. + backup = btree:/var/lib/postfix/postscreen_cache_map + + # Shared postscreen cache for processes on the same host. + backup = proxy:btree:/var/lib/postfix/postscreen_cache_map +.fi + +Access to remote proxymap servers is under development. + +NOTE 1: When sharing a persistent \fBpostscreen\fR(8) or +\fBverify\fR(8) cache, disable automatic cache cleanup (set +*_cache_cleanup_interval = 0) except with one Postfix +instance that will be responsible for cache cleanup. + +NOTE 2: When multiple tables share the same memcache +database, each table should use the \fBkey_format\fR feature +(see below) to prepend its own unique string to the lookup +key. Otherwise, automatic \fBpostscreen\fR(8) or \fBverify\fR(8) +cache cleanup may not work. + +NOTE 3: When the backup database is accessed with "proxy:" +lookups, the full backup database name (including the +"proxy:" prefix) must be specified in the proxymap server's +proxy_read_maps or proxy_write_maps setting (depending on +whether the access is read\-only or read\-write). +.IP "\fBflags (default: 0)\fR" +Optional flags that should be stored along with a memcache +update. The flags are ignored when looking up information. +.IP "\fBttl (default: 3600)\fR" +The expiration time in seconds of memcache updates. + +NOTE 1: When using a memcache table as \fBpostscreen\fR(8) +or \fBverify\fR(8) cache without persistent backup, specify +a zero *_cache_cleanup_interval value with all Postfix +instances that use the memcache, and specify the largest +\fBpostscreen\fR(8) *_ttl value or \fBverify\fR(8) *_expire_time +value as the memcache table's \fBttl\fR value. + +NOTE 2: According to memcache protocol documentation, a +value greater than 30 days (2592000 seconds) specifies +absolute UNIX +time. Smaller values are relative to the time of the update. +.SH "MEMCACHE KEY PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBkey_format (default: %s)\fB" +Format of the lookup and update keys that the Postfix +memcache client sends to the memcache server. +By default, these are the same as the lookup and update +keys that the memcache client receives from Postfix +applications. + +NOTE 1: The \fBkey_format\fR feature is not used for \fBbackup\fR +database requests. + +NOTE 2: When multiple tables share the same memcache +database, each table should prepend its own unique string +to the lookup key. Otherwise, automatic \fBpostscreen\fR(8) +or \fBverify\fR(8) cache cleanup may not work. + +Examples: + +.nf + key_format = aliases:%s + key_format = verify:%s + key_format = postscreen:%s +.fi + +The \fBkey_format\fR parameter supports the following '%' +expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the memcache client input key. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, +\fB%u\fR is replaced by the SQL quoted local part of the +address. Otherwise, \fB%u\fR is replaced by the entire +search string. If the localpart is empty, a lookup is +silently suppressed and returns no results (an update is +skipped with a warning). +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, +\fB%d\fR is replaced by the domain part of the address. +Otherwise, a lookup is silently suppressed and returns no +results (an update is skipped with a warning). +.IP "\fB%[SUD]\fR" +The upper\-case equivalents of the above expansions behave +in the \fBkey_format\fR parameter identically to their +lower\-case counter\-parts. +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If +the input key is \fIuser@mail.example.com\fR, then %1 is +\fBcom\fR, %2 is \fBexample\fR and %3 is \fBmail\fR. If the +input key is unqualified or does not have enough domain +components to satisfy all the specified patterns, a lookup +is silently suppressed and returns no results (an update +is skipped with a warning). +.RE +.IP "\fBdomain (default: no domain list)\fR" +This feature can significantly reduce database server load. +Specify a list of domain names, paths to files, or "type:table" +databases. +When specified, only fully qualified search keys with a +*non\-empty* localpart and a matching domain are eligible +for lookup or update: bare 'user' lookups, bare domain +lookups and "@domain" lookups are silently skipped (updates +are skipped with a warning). Example: + +.nf + domain = example.com, hash:/etc/postfix/searchdomains +.fi +.SH "MEMCACHE ERROR CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdata_size_limit (default: 10240)\fR" +The maximal memcache reply data length in bytes. +.IP "\fBline_size_limit (default: 1024)\fR" +The maximal memcache reply line length in bytes. +.IP "\fBmax_try (default: 2)\fR" +The number of times to try a memcache command before giving +up. The memcache client does not retry a command when the +memcache server accepts no connection. +.IP "\fBretry_pause (default: 1)\fR" +The time in seconds before retrying a failed memcache command. +.IP "\fBtimeout (default: 2)\fR" +The time limit for sending a memcache command and for +receiving a memcache reply. +.SH BUGS +.ad +.fi +The Postfix memcache client cannot be used for security\-sensitive +tables such as \fBalias_maps\fR (these may contain +"\fI|command\fR and "\fI/file/name\fR" destinations), or +\fBvirtual_uid_maps\fR, \fBvirtual_gid_maps\fR and +\fBvirtual_mailbox_maps\fR (these specify UNIX process +privileges or "\fI/file/name\fR" destinations). In a typical +deployment a memcache database is writable by any process +that can talk to the memcache server; in contrast, +security\-sensitive tables must never be writable by the +unprivileged Postfix user. + +The Postfix memcache client requires additional configuration +when used as \fBpostscreen\fR(8) or \fBverify\fR(8) cache. +For details see the \fBbackup\fR and \fBttl\fR parameter +discussions in the MEMCACHE MAIN PARAMETERS section above. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +MEMCACHE_README, Postfix memcache client guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +Memcache support was introduced with Postfix version 2.9. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/mysql_table.5 b/man/man5/mysql_table.5 new file mode 100644 index 0000000..6c62b21 --- /dev/null +++ b/man/man5/mysql_table.5 @@ -0,0 +1,426 @@ +.TH MYSQL_TABLE 5 +.ad +.fi +.SH NAME +mysql_table +\- +Postfix MySQL client configuration +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" mysql:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- mysql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified as MySQL databases. +In order to use MySQL lookups, define a MySQL source as a lookup +table in main.cf, for example: +.nf + alias_maps = mysql:/etc/postfix/mysql\-aliases.cf +.fi + +The file /etc/postfix/mysql\-aliases.cf has the same format as +the Postfix main.cf file, and can specify the parameters +described below. +.SH "LIST MEMBERSHIP" +.na +.nf +.ad +.fi +When using SQL to store lists such as $mynetworks, +$mydestination, $relay_domains, $local_recipient_maps, +etc., it is important to understand that the table must +store each list member as a separate key. The table lookup +verifies the *existence* of the key. See "Postfix lists +versus tables" in the DATABASE_README document for a +discussion. + +Do NOT create tables that return the full list of domains +in $mydestination or $relay_domains etc., or IP addresses +in $mynetworks. + +DO create tables with each matching item as a key and with +an arbitrary value. With SQL databases it is not uncommon to +return the key itself or a constant value. +.SH "MYSQL PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBhosts\fR" +The hosts that Postfix will try to connect to and query from. +Specify \fIunix:\fR for UNIX domain sockets, \fIinet:\fR for TCP +connections (default). Examples: +.nf + hosts = inet:host1.some.domain inet:host2.some.domain:port + hosts = host1.some.domain host2.some.domain:port + hosts = unix:/file/name +.fi + +The hosts are tried in random order, with all connections over +UNIX domain sockets being tried before those over TCP. The +connections are automatically closed after being idle for about +1 minute, and are re\-opened as necessary. Postfix versions 2.0 +and earlier do not randomize the host order. + +NOTE: if you specify localhost as a hostname (even if you +prefix it with \fIinet:\fR), MySQL will connect to the default +UNIX domain socket. In order to instruct MySQL to connect to +localhost over TCP you have to specify +.nf + hosts = 127.0.0.1 +.fi +.IP "\fBuser, password\fR" +The user name and password to log into the mysql server. +Example: +.nf + user = someone + password = some_password +.fi +.IP "\fBdbname\fR" +The database name on the servers. Example: +.nf + dbname = customer_database +.fi +.IP "\fBquery\fR" +The SQL query template used to search the database, where \fB%s\fR +is a substitute for the address Postfix is trying to resolve, +e.g. +.nf + query = SELECT replacement FROM aliases WHERE mailbox = '%s' +.fi + +By default, every query must return a result set (instead +of storing its results in a table); with "\fBrequire_result_set += no\fR" (Postfix 3.2 and later), the absence of a result +set is treated as "not found". + +This parameter supports the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the input key. +SQL quoting is used to make sure that the input key does not +add unexpected metacharacters. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, \fB%u\fR +is replaced by the SQL quoted local part of the address. +Otherwise, \fB%u\fR is replaced by the entire search string. +If the localpart is empty, the query is suppressed and returns +no results. +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, \fB%d\fR +is replaced by the SQL quoted domain part of the address. +Otherwise, the query is suppressed and returns no results. +.IP "\fB%[SUD]\fR" +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. +With the \fBresult_format\fR parameter (see below), they expand the +input key rather than the result value. +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If the +input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, +%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is +unqualified or does not have enough domain components to satisfy +all the specified patterns, the query is suppressed and returns +no results. +.RE +.IP +The \fBdomain\fR parameter described below limits the input +keys to addresses in matching domains. When the \fBdomain\fR +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed +and return no results. + +This parameter is available with Postfix 2.2. In prior releases +the SQL query was built from the separate parameters: +\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and +\fBadditional_conditions\fR. The mapping from the old parameters +to the equivalent query is: + +.nf + SELECT [\fBselect_field\fR] + FROM [\fBtable\fR] + WHERE [\fBwhere_field\fR] = '%s' + [\fBadditional_conditions\fR] +.fi + +The '%s' in the \fBWHERE\fR clause expands to the escaped search string. +With Postfix 2.2 these legacy parameters are used if the \fBquery\fR +parameter is not specified. + +NOTE: DO NOT put quotes around the query parameter. +.IP "\fBresult_format (default: \fB%s\fR)\fR" +Format template applied to result attributes. Most commonly used +to append (or prepend) text to the result. This parameter supports +the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the value of the result attribute. When +result is empty it is skipped. +.IP "\fB%u\fR +When the result attribute value is an address of the form +user@domain, \fB%u\fR is replaced by the local part of the +address. When the result has an empty localpart it is skipped. +.IP "\fB%d\fR" +When a result attribute value is an address of the form +user@domain, \fB%d\fR is replaced by the domain part of +the attribute value. When the result is unqualified it +is skipped. +.IP "\fB%[SUD1\-9]\fR" +The upper\-case and decimal digit expansions interpolate +the parts of the input key rather than the result. Their +behavior is identical to that described with \fBquery\fR, +and in fact because the input key is known in advance, queries +whose key does not contain all the information specified in +the result template are suppressed and return no results. +.RE +.IP +For example, using "result_format = smtp:[%s]" allows one +to use a mailHost attribute as the basis of a transport(5) +table. After applying the result format, multiple values +are concatenated as comma separated strings. The expansion_limit +and parameter explained below allows one to restrict the number +of values in the result, which is especially useful for maps that +must return at most one value. + +The default value \fB%s\fR specifies that each result value should +be used as is. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT put quotes around the result format! +.IP "\fBdomain (default: no domain list)\fR" +This is a list of domain names, paths to files, or "type:table" +databases. When specified, only fully qualified search keys +with a *non\-empty* localpart and a matching domain are +eligible for lookup: 'user' lookups, bare domain lookups +and "@domain" lookups are not performed. This can significantly +reduce the query load on the MySQL server. +.nf + domain = postfix.org, hash:/etc/postfix/searchdomains +.fi + +It is best not to use SQL to store the domains eligible +for SQL lookups. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT define this parameter for local(8) aliases, +because the input keys are always unqualified. +.IP "\fBexpansion_limit (default: 0)\fR" +A limit on the total number of result elements returned +(as a comma separated list) by a lookup against the map. +A setting of zero disables the limit. Lookups fail with a +temporary error if the limit is exceeded. Setting the +limit to 1 ensures that lookups do not return multiple +values. +.IP "\fBoption_file\fR" +Read options from the given file instead of the default my.cnf +location. This reads options from the \fB[client]\fR option +group, optionally followed by options from the group given +with \fBoption_group\fR. +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBoption_group (default: Postfix >=3.2: client, <= 3.1: empty)\fR" +Read options from the given group of the mysql options file, +after reading options from the \fB[client]\fR group. +.sp +Postfix 3.2 and later read \fB[client]\fR option group +settings by default. To disable this specify no \fBoption_file\fR +and specify "\fBoption_group =\fR" (i.e. an empty value). +.sp +Postfix 3.1 and earlier don't read \fB[client]\fR option +group settings unless a non\-empty \fBoption_file\fR or +\fBoption_group\fR value are specified. To enable this, +specify, for example, "\fBoption_group = client\fR". +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBrequire_result_set (default: yes)\fR" +If "\fByes\fR", require that every query returns a result +set. If "\fBno\fR", treat the absence of a result set as +"not found". +.sp +This parameter is available with Postfix 3.2 and later. +.IP "\fBtls_cert_file\fR" +File containing client's X509 certificate. +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBtls_key_file\fR" +File containing the private key corresponding to \fBtls_cert_file\fR. +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBtls_CAfile\fR" +File containing certificates for all of the X509 Certification +Authorities the client will recognize. Takes precedence over +\fBtls_CApath\fR. +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBtls_CApath\fR" +Directory containing X509 Certification Authority certificates +in separate individual files. +.sp +This parameter is available with Postfix 2.11 and later. +.IP "\fBtls_verify_cert (default: no)\fR" +Verify that the server's name matches the common name in the +certificate. +.sp +This parameter is available with Postfix 2.11 and later. +.SH "USING MYSQL STORED PROCEDURES" +.na +.nf +.ad +.fi +Postfix 3.2 and later support calling a stored procedure +instead of using a SELECT statement in the query, e.g. + +.nf + \fBquery\fR = CALL lookup('%s') +.fi + +The previously described '%' expansions can be used in the +parameter(s) to the stored procedure. + +By default, every stored procedure call must return a result +set, i.e. every code path must execute a SELECT statement +that returns a result set (instead of storing its results +in a table). With "\fBrequire_result_set = no\fR", the +absence of a result set is treated as "not found". + +A stored procedure must not return multiple result sets. +That is, there must be no code path that executes multiple +SELECT statements that return a result (instead of storing +their results in a table). + +The following is an example of a stored procedure returning +a single result set: + +.nf +CREATE [DEFINER=`user`@`host`] PROCEDURE +`lookup`(IN `param` VARCHAR(255)) + READS SQL DATA + SQL SECURITY INVOKER + BEGIN + select goto from alias where address=param; + END +.fi +.SH "OBSOLETE MAIN.CF PARAMETERS" +.na +.nf +.ad +.fi +For compatibility with other Postfix lookup tables, MySQL +parameters can also be defined in main.cf. In order to do that, +specify as MySQL source a name that doesn't begin with a slash +or a dot. The MySQL parameters will then be accessible as the +name you've given the source in its definition, an underscore, +and the name of the parameter. For example, if the map is +specified as "mysql:\fImysqlname\fR", the parameter "hosts" +would be defined in main.cf as "\fImysqlname\fR_hosts". + +Note: with this form, the passwords for the MySQL sources are +written in main.cf, which is normally world\-readable. Support +for this form will be removed in a future Postfix version. +.SH "OBSOLETE QUERY INTERFACE" +.na +.nf +.ad +.fi +This section describes an interface that is deprecated as +of Postfix 2.2. It is replaced by the more general \fBquery\fR +interface described above. If the \fBquery\fR parameter +is defined, the legacy parameters described here ignored. +Please migrate to the new interface as the legacy interface +may be removed in a future release. + +The following parameters can be used to fill in a +SELECT template statement of the form: + +.nf + SELECT [\fBselect_field\fR] + FROM [\fBtable\fR] + WHERE [\fBwhere_field\fR] = '%s' + [\fBadditional_conditions\fR] +.fi + +The specifier %s is replaced by the search string, and is +escaped so if it contains single quotes or other odd characters, +it will not cause a parse error, or worse, a security problem. +.IP "\fBselect_field\fR" +The SQL "select" parameter. Example: +.nf + \fBselect_field\fR = forw_addr +.fi +.IP "\fBtable\fR" +The SQL "select .. from" table name. Example: +.nf + \fBtable\fR = mxaliases +.fi +.IP "\fBwhere_field\fR +The SQL "select .. where" parameter. Example: +.nf + \fBwhere_field\fR = alias +.fi +.IP "\fBadditional_conditions\fR +Additional conditions to the SQL query. Example: +.nf + \fBadditional_conditions\fR = AND status = 'paid' +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table maintenance +postconf(5), configuration parameters +ldap_table(5), LDAP lookup tables +pgsql_table(5), PostgreSQL lookup tables +sqlite_table(5), SQLite lookup tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +MYSQL_README, Postfix MYSQL client guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +MySQL support was introduced with Postfix version 1.0. +.SH "AUTHOR(S)" +.na +.nf +Original implementation by: +Scott Cotton, Joshua Marcus +IC Group, Inc. + +Further enhancements by: +Liviu Daia +Institute of Mathematics of the Romanian Academy +P.O. BOX 1\-764 +RO\-014700 Bucharest, ROMANIA + +Stored\-procedure support by John Fawcett. + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/nisplus_table.5 b/man/man5/nisplus_table.5 new file mode 100644 index 0000000..79176a1 --- /dev/null +++ b/man/man5/nisplus_table.5 @@ -0,0 +1,106 @@ +.TH NISPLUS_TABLE 5 +.ad +.fi +.SH NAME +nisplus_table +\- +Postfix NIS+ client +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" "nisplus:[\fIname\fB=%s];\fIname.name.\fB"\fR + +\fBpostmap \-q \- "nisplus:[\fIname\fB=%s];\fIname.name.\fB" <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional lookup tables. +These tables are usually in \fBdbm\fR or \fBdb\fR format. +Alternatively, lookup tables can be specified as NIS+ +databases. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test Postfix NIS+ lookup tables, use the "\fBpostmap \-q\fR" +command as described in the SYNOPSIS above. +.SH "QUERY SYNTAX" +.na +.nf +.ad +.fi +Most of the NIS+ query is specified via the NIS+ map name. The +general format of a Postfix NIS+ map name is as follows: + +.fi + \fBnisplus:[\fIname\fB=%s];\fIname.name.name\fB.:\fIcolumn\fR +.fi + +Postfix NIS+ map names differ from what one normally +would use with commands such as \fBniscat\fR: +.IP \(bu +With each NIS+ table lookup, "\fB%s\fR" is replaced by a +version of the lookup string. There can be only one +"\fB%s\fR" instance in a Postfix NIS+ map name. +.IP \(bu +Postfix NIS+ map names use "\fB;\fR" instead of "\fB,\fR", +because the latter character is special in the Postfix +main.cf file. Postfix replaces "\fB;\fR" characters in +the map name by "\fB,\fR" before making NIS+ queries. +.IP \(bu +The ":\fIcolumn\fR" part in the NIS+ map name is not part +of the actual NIS+ query. Instead, it specifies the number +of the table column that provides the lookup result. When +no ":\fIcolumn\fR" is specified the first column (1) is used. +.SH "EXAMPLE" +.na +.nf +.ad +.fi +A NIS+ aliases map might be queried as follows: + +.nf + alias_maps = dbm:/etc/mail/aliases, + nisplus:[alias=%s];mail_aliases.org_dir.$mydomain.:1 +.fi + +This queries the local aliases file before the NIS+ file. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Geoff Gibbs +UK\-HGMP\-RC +Hinxton +Cambridge +CB10 1SB, UK + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/pcre_table.5 b/man/man5/pcre_table.5 new file mode 100644 index 0000000..a9fd7b6 --- /dev/null +++ b/man/man5/pcre_table.5 @@ -0,0 +1,275 @@ +.TH PCRE_TABLE 5 +.ad +.fi +.SH NAME +pcre_table +\- +format of Postfix PCRE tables +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR + +\fBpostmap \-hmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR + +\fBpostmap \-bmq \- pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting, mail routing, or access control. These tables +are usually in \fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified in Perl Compatible +Regular Expression form. In this case, each input is compared +against a list of patterns. When a match is found, the +corresponding result is returned and the search is terminated. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command +as described in the SYNOPSIS above. Use "\fBpostmap \-hmq +\-\fR <\fIfile\fR" for header_checks(5) patterns, and +"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5) +(Postfix 2.6 and later). + +This driver can be built with the pcre2 library (Postfix +3.7 and later), or with the legacy pcre library (all Postfix +versions). +.SH "COMPATIBILITY" +.na +.nf +.ad +.fi +With Postfix version 2.2 and earlier specify "\fBpostmap +\-fq\fR" to query a table that contains case sensitive +patterns. Patterns are case insensitive by default. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The general form of a PCRE table is: +.IP "\fB/\fIpattern\fB/\fIflags result\fR" +When \fIpattern\fR matches the input string, use +the corresponding \fIresult\fR value. +.IP "\fB!/\fIpattern\fB/\fIflags result\fR" +When \fIpattern\fR does \fBnot\fR match the input string, use +the corresponding \fIresult\fR value. +.IP "\fBif /\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string matches /\fIpattern\fR/, then match that +input string against the patterns between \fBif\fR and +\fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to patterns inside +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBif !/\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string does not match /\fIpattern\fR/, then +match that input string against the patterns between \fBif\fR +and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to patterns inside +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.PP +Each pattern is a perl\-like regular expression. The expression +delimiter can be any non\-alphanumeric character, except +whitespace or characters +that have special meaning (traditionally the forward slash is used). +The regular expression can contain whitespace. + +By default, matching is case\-insensitive, and newlines are not +treated as special characters. The behavior is controlled by flags, +which are toggled by appending one or more of the following +characters after the pattern: +.IP "\fBi\fR (default: on)" +Toggles the case sensitivity flag. By default, matching is case +insensitive. +.IP "\fBm\fR (default: off)" +Toggles the pcre MULTILINE flag. When this flag is on, the \fB^\fR +and \fB$\fR metacharacters match immediately after and immediately +before a newline character, respectively, in addition to +matching at the start and end of the subject string. +.IP "\fBs\fR (default: on)" +Toggles the pcre DOTALL flag. When this flag is on, the \fB.\fR +metacharacter matches the newline character. With +Postfix versions prior to 2.0, the flag is off by +default, which is inconvenient for multi\-line message header +matching. +.IP "\fBx\fR (default: off)" +Toggles the pcre extended flag. When this flag is on, whitespace +characters in the pattern (other than in a character class) +are ignored. To include a whitespace character as part of +the pattern, escape it with backslash. +.sp +Note: do not use \fB#\fIcomment\fR after patterns. +.IP "\fBA\fR (default: off)" +Toggles the pcre ANCHORED flag. When this flag is on, +the pattern is forced to be "anchored", that is, it is +constrained to match only at the start of the string which +is being searched (the "subject string"). This effect can +also be achieved by appropriate constructs in the pattern +itself. +.IP "\fBE\fR (default: off)" +Toggles the pcre DOLLAR_ENDONLY flag. When this flag is on, +a \fB$\fR metacharacter in the pattern matches only at the +end of the subject string. Without this flag, a dollar also +matches immediately before the final character if it is a +newline character (but not before any other newline +characters). This flag is ignored if the pcre MULTILINE +flag is set. +.IP "\fBU\fR (default: off)" +Toggles the pcre UNGREEDY flag. When this flag is on, +the pattern matching engine inverts the "greediness" of +the quantifiers so that they are not greedy by default, +but become greedy if followed by "?". This flag can also +set by a (?U) modifier within the pattern. +.IP "\fBX\fR (default: off)" +Toggles the pcre EXTRA flag. +When this flag is on, any backslash in a pattern that is +followed by a letter that has no special meaning causes an +error, thus reserving these combinations for future expansion. + +This feature is not supported with PCRE2. +.SH "SEARCH ORDER" +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the input string. + +Each pattern is applied to the entire input string. +Depending on the application, that string is an entire client +hostname, an entire client IP address, or an entire mail address. +Thus, no parent domain or parent network search is done, and +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR +broken up into \fIuser\fR and \fIfoo\fR. +.SH "TEXT SUBSTITUTION" +.na +.nf +.ad +.fi +Substitution of substrings (text that matches patterns +inside "()") from the matched expression into the result +string is requested with $1, $2, etc.; specify $$ to produce +a $ character as output. +The macros in the result string may need to be written as +${n} or $(n) if they aren't followed by whitespace. +This feature does not support pcre2 substring names. + +Note: since negated patterns (those preceded by \fB!\fR) return a +result when the expression does not match, substitutions are not +available for negated patterns. +.SH "INLINE SPECIFICATION" +.na +.nf +.ad +.fi +The contents of a table may be specified in the table name +(Postfix 3.7 and later). +The basic syntax is: + +.nf +main.cf: + \fIparameter\fR \fB= .. pcre:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR + +master.cf: + \fB.. \-o { \fIparameter\fR \fB= .. pcre:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR +.fi + +Postfix ignores whitespace after '{' and before '}', and +writes each \fIrule\fR as one text line to an in\-memory +file: + +.nf +in\-memory file: + rule\-1 + rule\-2 + .. +.fi + +Postfix parses the result as if it is a file in /etc/postfix. + +Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep +Postfix from trying to do \fI$name\fR expansion as it +evaluates a parameter value. +.SH "EXAMPLE SMTPD ACCESS MAP" +.na +.nf +# Protect your outgoing majordomo exploders +/^(?!owner\-)(.*)\-outgoing@(.*)/ 550 Use ${1}@${2} instead + +# Bounce friend@whatever, except when whatever is our domain (you would +# be better just bouncing all friend@ mail \- this is just an example). +/^(friend@(?!my\\.domain$).*)$/ 550 Stick this in your pipe $1 + +# A multi\-line entry. The text is sent as one line. +# +/^noddy@my\\.domain$/ +\ 550 This user is a funny one. You really don't want to send mail to +\ them as it only makes their head spin. +.SH "EXAMPLE HEADER FILTER MAP" +.na +.nf +/^Subject: make money fast/ REJECT +/^To: friend@public\\.com/ REJECT +.SH "EXAMPLE BODY FILTER MAP" +.na +.nf +# First skip over base 64 encoded text to save CPU cycles. +# Requires PCRE version 3. +~^[[:alnum:]+/]{60,}$~ OK + +# Put your own body patterns here. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +regexp_table(5), format of POSIX regular expression tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "AUTHOR(S)" +.na +.nf +The PCRE table lookup code was originally written by: +Andrew McNamara +andrewm@connect.com.au +connect.com.au Pty. Ltd. +Level 3, 213 Miller St +North Sydney, NSW, Australia + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/pgsql_table.5 b/man/man5/pgsql_table.5 new file mode 100644 index 0000000..1501152 --- /dev/null +++ b/man/man5/pgsql_table.5 @@ -0,0 +1,342 @@ +.TH PGSQL_TABLE 5 +.ad +.fi +.SH NAME +pgsql_table +\- +Postfix PostgreSQL client configuration +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" pgsql:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- pgsql:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified as PostgreSQL +databases. In order to use PostgreSQL lookups, define a +PostgreSQL source as a lookup table in main.cf, for example: +.nf + alias_maps = pgsql:/etc/postfix/pgsql\-aliases.cf +.fi + +The file /etc/postfix/pgsql\-aliases.cf has the same format as +the Postfix main.cf file, and can specify the parameters +described below. +.SH "LIST MEMBERSHIP" +.na +.nf +.ad +.fi +When using SQL to store lists such as $mynetworks, +$mydestination, $relay_domains, $local_recipient_maps, +etc., it is important to understand that the table must +store each list member as a separate key. The table lookup +verifies the *existence* of the key. See "Postfix lists +versus tables" in the DATABASE_README document for a +discussion. + +Do NOT create tables that return the full list of domains +in $mydestination or $relay_domains etc., or IP addresses +in $mynetworks. + +DO create tables with each matching item as a key and with +an arbitrary value. With SQL databases it is not uncommon to +return the key itself or a constant value. +.SH "PGSQL PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBhosts\fR" +The hosts that Postfix will try to connect to and query +from. Besides a \fBpostgresql://\fR connection URI, this +setting supports the historical forms \fBunix:/\fIpathname\fR +for UNIX\-domain sockets and \fBinet:\fIhost:port\fR for TCP +connections, where the \fBunix:\fR and \fBinet:\fR prefixes +are accepted and ignored for backwards compatibility. +Examples: +.nf + hosts = postgresql://username@example.com/tablename?sslmode=require + hosts = inet:host1.some.domain inet:host2.some.domain:port + hosts = host1.some.domain host2.some.domain:port + hosts = unix:/file/name +.fi + +The hosts are tried in random order. The connections are +automatically closed after being idle for about 1 minute, +and are re\-opened as necessary. +.IP "\fBuser, password\fR" +The user name and password to log into the pgsql server. +Example: +.nf + user = someone + password = some_password +.fi +.IP "\fBdbname\fR" +The database name on the servers. Example: +.nf + dbname = customer_database +.fi +.IP "\fBquery\fR" +The SQL query template used to search the database, where \fB%s\fR +is a substitute for the address Postfix is trying to resolve, +e.g. +.nf + query = SELECT replacement FROM aliases WHERE mailbox = '%s' +.fi + +This parameter supports the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. (Postfix 2.2 and later) +.IP "\fB%s\fR" +This is replaced by the input key. +SQL quoting is used to make sure that the input key does not +add unexpected metacharacters. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, \fB%u\fR +is replaced by the SQL quoted local part of the address. +Otherwise, \fB%u\fR is replaced by the entire search string. +If the localpart is empty, the query is suppressed and returns +no results. +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, \fB%d\fR +is replaced by the SQL quoted domain part of the address. +Otherwise, the query is suppressed and returns no results. +.IP "\fB%[SUD]\fR" +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. +With the \fBresult_format\fR parameter (see below), they expand the +input key rather than the result value. +.IP +The above %S, %U and %D expansions are available with Postfix 2.2 +and later +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If the +input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, +%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is +unqualified or does not have enough domain components to satisfy +all the specified patterns, the query is suppressed and returns +no results. +.IP +The above %1, ... %9 expansions are available with Postfix 2.2 +and later +.RE +.IP +The \fBdomain\fR parameter described below limits the input +keys to addresses in matching domains. When the \fBdomain\fR +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed +and return no results. + +The precedence of this parameter has changed with Postfix 2.2, +in prior releases the precedence was, from highest to lowest, +\fBselect_function\fR, \fBquery\fR, \fBselect_field\fR, ... + +With Postfix 2.2 the \fBquery\fR parameter has highest precedence, +see OBSOLETE QUERY INTERFACES below. + +NOTE: DO NOT put quotes around the \fBquery\fR parameter. +.IP "\fBresult_format (default: \fB%s\fR)\fR" +Format template applied to result attributes. Most commonly used +to append (or prepend) text to the result. This parameter supports +the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the value of the result attribute. When +result is empty it is skipped. +.IP "\fB%u\fR +When the result attribute value is an address of the form +user@domain, \fB%u\fR is replaced by the local part of the +address. When the result has an empty localpart it is skipped. +.IP "\fB%d\fR" +When a result attribute value is an address of the form +user@domain, \fB%d\fR is replaced by the domain part of +the attribute value. When the result is unqualified it +is skipped. +.IP "\fB%[SUD1\-9]\fR" +The upper\-case and decimal digit expansions interpolate +the parts of the input key rather than the result. Their +behavior is identical to that described with \fBquery\fR, +and in fact because the input key is known in advance, queries +whose key does not contain all the information specified in +the result template are suppressed and return no results. +.RE +.IP +For example, using "result_format = smtp:[%s]" allows one +to use a mailHost attribute as the basis of a transport(5) +table. After applying the result format, multiple values +are concatenated as comma separated strings. The expansion_limit +and parameter explained below allows one to restrict the number +of values in the result, which is especially useful for maps that +must return at most one value. + +The default value \fB%s\fR specifies that each result value should +be used as is. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT put quotes around the result format! +.IP "\fBdomain (default: no domain list)\fR" +This is a list of domain names, paths to files, or "type:table" +databases. When specified, only fully qualified search +keys with a *non\-empty* localpart and a matching domain +are eligible for lookup: 'user' lookups, bare domain lookups +and "@domain" lookups are not performed. This can significantly +reduce the query load on the PostgreSQL server. +.nf + domain = postfix.org, hash:/etc/postfix/searchdomains +.fi + +It is best not to use SQL to store the domains eligible +for SQL lookups. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT define this parameter for local(8) aliases, +because the input keys are always unqualified. +.IP "\fBexpansion_limit (default: 0)\fR" +A limit on the total number of result elements returned +(as a comma separated list) by a lookup against the map. +A setting of zero disables the limit. Lookups fail with a +temporary error if the limit is exceeded. Setting the +limit to 1 ensures that lookups do not return multiple +values. +.SH "OBSOLETE MAIN.CF PARAMETERS" +.na +.nf +.ad +.fi +For compatibility with other Postfix lookup tables, PostgreSQL +parameters can also be defined in main.cf. In order to do +that, specify as PostgreSQL source a name that doesn't begin +with a slash or a dot. The PostgreSQL parameters will then +be accessible as the name you've given the source in its +definition, an underscore, and the name of the parameter. For +example, if the map is specified as "pgsql:\fIpgsqlname\fR", +the parameter "hosts" would be defined in main.cf as +"\fIpgsqlname\fR_hosts". + +Note: with this form, the passwords for the PostgreSQL sources +are written in main.cf, which is normally world\-readable. +Support for this form will be removed in a future Postfix +version. +.SH "OBSOLETE QUERY INTERFACES" +.na +.nf +.ad +.fi +This section describes query interfaces that are deprecated +as of Postfix 2.2. Please migrate to the new \fBquery\fR +interface as the old interfaces are slated to be phased +out. +.IP "\fBselect_function\fR" +This parameter specifies a database function name. Example: +.nf + select_function = my_lookup_user_alias +.fi + +This is equivalent to: +.nf + query = SELECT my_lookup_user_alias('%s') +.fi + +This parameter overrides the legacy table\-related fields (described +below). With Postfix versions prior to 2.2, it also overrides the +\fBquery\fR parameter. Starting with Postfix 2.2, the \fBquery\fR +parameter has highest precedence, and the \fBselect_function\fR +parameter is deprecated. +.PP +The following parameters (with lower precedence than the +\fBselect_function\fR interface described above) can be used to +build the SQL select statement as follows: + +.nf + SELECT [\fBselect_field\fR] + FROM [\fBtable\fR] + WHERE [\fBwhere_field\fR] = '%s' + [\fBadditional_conditions\fR] +.fi + +The specifier %s is replaced with each lookup by the lookup key +and is escaped so if it contains single quotes or other odd +characters, it will not cause a parse error, or worse, a security +problem. + +Starting with Postfix 2.2, this interface is obsoleted by the more +general \fBquery\fR interface described above. If higher precedence +the \fBquery\fR or \fBselect_function\fR parameters described above +are defined, the parameters described here are ignored. +.IP "\fBselect_field\fR" +The SQL "select" parameter. Example: +.nf + \fBselect_field\fR = forw_addr +.fi +.IP "\fBtable\fR" +The SQL "select .. from" table name. Example: +.nf + \fBtable\fR = mxaliases +.fi +.IP "\fBwhere_field\fR +The SQL "select .. where" parameter. Example: +.nf + \fBwhere_field\fR = alias +.fi +.IP "\fBadditional_conditions\fR +Additional conditions to the SQL query. Example: +.nf + \fBadditional_conditions\fR = AND status = 'paid' +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +ldap_table(5), LDAP lookup tables +mysql_table(5), MySQL lookup tables +sqlite_table(5), SQLite lookup tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +PGSQL_README, Postfix PostgreSQL client guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +PgSQL support was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +Based on the MySQL client by: +Scott Cotton, Joshua Marcus +IC Group, Inc. + +Ported to PostgreSQL by: +Aaron Sethman + +Further enhanced by: +Liviu Daia +Institute of Mathematics of the Romanian Academy +P.O. BOX 1\-764 +RO\-014700 Bucharest, ROMANIA diff --git a/man/man5/postconf.5 b/man/man5/postconf.5 new file mode 100644 index 0000000..ae694bb --- /dev/null +++ b/man/man5/postconf.5 @@ -0,0 +1,15490 @@ +.TH POSTCONF 5 +.SH NAME +postconf +\- +Postfix configuration parameters +.SH SYNOPSIS +.na +.nf +\fBpostconf\fR \fIparameter\fR ... + +\fBpostconf \-e\fR "\fIparameter=value\fR" ... +.SH DESCRIPTION +.ad +.fi +The Postfix main.cf configuration file specifies parameters that +control the operation of the Postfix mail system. Typically the +file contains only a small subset of all parameters; parameters +not specified are left at their default values. +.PP +The general format of the main.cf file is as follows: +.IP \(bu +Each logical line has the form "parameter = value". +Whitespace around the "=" is ignored, as is whitespace at the +end of a logical line. +.IP \(bu +Empty lines and whitespace-only lines are ignored, as are lines +whose first non-whitespace character is a `#'. +.IP \(bu +A logical line starts with non-whitespace text. A line that starts +with whitespace continues a logical line. +.IP \(bu +A parameter value may refer to other parameters. +.RS +.IP \(bu +The expressions "$name" and "${name}" are recursively replaced with +the value of the named parameter. The parameter name must contain +only characters from the set [a-zA-Z0-9_]. An undefined parameter +value is replaced with the empty value. +.IP \(bu +The expressions "${name?value}" and "${name?{value}}" are replaced +with "value" when "$name" is non-empty. The parameter name must +contain only characters from the set [a-zA-Z0-9_]. These forms are +supported with Postfix versions >= 2.2 and >= 3.0, respectively. +.IP \(bu +The expressions "${name:value}" and "${name:{value}}" are replaced +with "value" when "$name" is empty. The parameter name must contain +only characters from the set [a-zA-Z0-9_]. These forms are supported +with Postfix versions >= 2.2 and >= 3.0, respectively. +.IP \(bu +The expression "${name?{value1}:{value2}}" is replaced with "value1" +when "$name" is non-empty, and with "value2" when "$name" is empty. +The "{}" is required for "value1", optional for "value2". The +parameter name must contain only characters from the set [a-zA-Z0-9_]. +This form is supported with Postfix versions >= 3.0. +.IP \(bu +The first item inside "${...}" may be a relational expression of the +form: "{value3} == {value4}". Besides the "==" (equality) operator +Postfix supports "!=" (inequality), "<", "<=", ">=", and ">". The +comparison is numerical when both operands are all digits, otherwise +the comparison is lexicographical. These forms are supported with +Postfix versions >= 3.0. +.IP \(bu +Each "value" is subject to recursive named parameter and relational +expression evaluation, except where noted. +.IP \(bu +Whitespace before or after each "{value}" is ignored. +.IP \(bu +Specify "$$" to produce a single "$" character. +.IP \(bu +The legacy form "$(...)" is equivalent to the preferred form "${...}". +.RE +.IP \(bu +When the same parameter is defined multiple times, only the last +instance is remembered. +.IP \(bu +Otherwise, the order of main.cf parameter definitions does not matter. +.PP +The remainder of this document is a description of all Postfix +configuration parameters. Default values are shown after the +parameter name in parentheses, and can be looked up with the +"\fBpostconf \-d\fR" command. +.PP +Note: this is not an invitation to make changes to Postfix +configuration parameters. Unnecessary changes can impair the +operation of the mail system. +.SH 2bounce_notice_recipient (default: postmaster) +The recipient of undeliverable mail that cannot be returned to +the sender. This feature is enabled with the notify_classes +parameter. +.SH access_map_defer_code (default: 450) +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" +or "defer_if_reject". Prior to Postfix 2.6, the response +is hard\-coded as "450". +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.6 and later. +.SH access_map_reject_code (default: 554) +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "reject" action. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH address_verify_cache_cleanup_interval (default: 12h) +The amount of time between \fBverify\fR(8) address verification +database cleanup runs. This feature requires that the database +supports the "delete" and "sequence" operators. Specify a zero +interval to disable database cleanup. +.PP +After each database cleanup run, the \fBverify\fR(8) daemon logs the +number of entries that were retained and dropped. A cleanup run is +logged as "partial" when the daemon terminates early after "\fBpostfix +reload\fR", "\fBpostfix stop\fR", or no requests for $max_idle +seconds. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +This feature is available in Postfix 2.7. +.SH address_verify_default_transport (default: $default_transport) +Overrides the default_transport parameter setting for address +verification probes. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_local_transport (default: $local_transport) +Overrides the local_transport parameter setting for address +verification probes. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_map (default: see "postconf \-d" output) +Lookup table for persistent address verification status +storage. The table is maintained by the \fBverify\fR(8) service, and +is opened before the process releases privileges. +.PP +The lookup table is persistent by default (Postfix 2.7 and later). +Specify an empty table name to keep the information in volatile +memory which is lost after "\fBpostfix reload\fR" or "\fBpostfix +stop\fR". This is the default with Postfix version 2.6 and earlier. +.PP +Specify a location in a file system that will not fill up. If the +database becomes corrupted, the world comes to an end. To recover, +delete (NOT: truncate) the file and do "\fBpostfix reload\fR". +.PP +Postfix daemon processes do not use root privileges when opening +this file (Postfix 2.5 and later). The file must therefore be +stored under a Postfix\-owned directory such as the data_directory. +As a migration aid, an attempt to open the file under a non\-Postfix +directory is redirected to the Postfix\-owned data_directory, and a +warning is logged. +.PP +Examples: +.PP +.nf +.na +.ft C +address_verify_map = hash:/var/lib/postfix/verify +address_verify_map = btree:/var/lib/postfix/verify +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_negative_cache (default: yes) +Enable caching of failed address verification probe results. When +this feature is enabled, the cache may pollute quickly with garbage. +When this feature is disabled, Postfix will generate an address +probe for every lookup. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_negative_expire_time (default: 3d) +The time after which a failed probe expires from the address +verification cache. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_negative_refresh_time (default: 3h) +The time after which a failed address verification probe needs to +be refreshed. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_pending_request_limit (default: see "postconf \-d" output) +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. By default, the number of pending +requests is limited to 1/4 of the active queue maximum size +(qmgr_message_active_limit). The queue manager enforces the limit +by tempfailing requests that exceed the limit. This affects only +unknown addresses and inactive addresses that have expired, because +the \fBverify\fR(8) daemon automatically refreshes an active address +before it expires. +.PP +This feature is available in Postfix 3.1 and later. +.SH address_verify_poll_count (default: normal: 3, overload: 1) +How many times to query the \fBverify\fR(8) service for the completion +of an address verification request in progress. +.PP +By default, the Postfix SMTP server polls the \fBverify\fR(8) service +up to three times under non\-overload conditions, and only once when +under overload. With Postfix version 2.5 and earlier, the SMTP +server always polls the \fBverify\fR(8) service up to three times by +default. +.PP +Specify 1 to implement a crude form of greylisting, that is, always +defer the first delivery request for a new address. +.PP +Examples: +.PP +.nf +.na +.ft C +# Postfix <= 2.6 default +address_verify_poll_count = 3 +# Poor man's greylisting +address_verify_poll_count = 1 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_poll_delay (default: 3s) +The delay between queries for the completion of an address +verification request in progress. +.PP +The default polling delay is 3 seconds. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_positive_expire_time (default: 31d) +The time after which a successful probe expires from the address +verification cache. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_positive_refresh_time (default: 7d) +The time after which a successful address verification probe needs +to be refreshed. The address verification status is not updated +when the probe fails (optimistic caching). +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_relay_transport (default: $relay_transport) +Overrides the relay_transport parameter setting for address +verification probes. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_relayhost (default: $relayhost) +Overrides the relayhost parameter setting for address verification +probes. This information can be overruled with the \fBtransport\fR(5) table. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_sender (default: $double_bounce_sender) +The sender address to use in address verification probes; prior +to Postfix 2.5 the default was "postmaster". To +avoid problems with address probes that are sent in response to +address probes, the Postfix SMTP server excludes the probe sender +address from all SMTPD access blocks. +.PP +Specify an empty value (address_verify_sender =) or <> if you want +to use the null sender address. Beware, some sites reject mail from +<>, even though RFCs require that such addresses be accepted. +.PP +Examples: +.PP +.nf +.na +.ft C +address_verify_sender = <> +address_verify_sender = postmaster@my.domain +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_sender_dependent_default_transport_maps (default: $sender_dependent_default_transport_maps) +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.PP +This feature is available in Postfix 2.7 and later. +.SH address_verify_sender_dependent_relayhost_maps (default: $sender_dependent_relayhost_maps) +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. +.PP +This feature is available in Postfix 2.3 and later. +.SH address_verify_sender_ttl (default: 0s) +The time between changes in the time\-dependent portion of address +verification probe sender addresses. The time\-dependent portion is +appended to the localpart of the address specified with the +address_verify_sender parameter. This feature is ignored when the +probe sender addresses is the null sender, i.e. the address_verify_sender +value is empty or <>. +.PP +Historically, the probe sender address was fixed. This has +caused such addresses to end up on spammer mailing lists, and has +resulted in wasted network and processing resources. +.PP +To enable time\-dependent probe sender addresses, specify a +non\-zero time value. Specify a value of at least several hours, +to avoid problems with senders that use greylisting. Avoid nice +TTL values, to make the result less predictable. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.9 and later. +.SH address_verify_service_name (default: verify) +The name of the \fBverify\fR(8) address verification service. This service +maintains the status of sender and/or recipient address verification +probes, and generates probes on request by other Postfix processes. +.SH address_verify_transport_maps (default: $transport_maps) +Overrides the transport_maps parameter setting for address verification +probes. +.PP +This feature is available in Postfix 2.1 and later. +.SH address_verify_virtual_transport (default: $virtual_transport) +Overrides the virtual_transport parameter setting for address +verification probes. +.PP +This feature is available in Postfix 2.1 and later. +.SH alias_database (default: see "postconf \-d" output) +The alias databases for \fBlocal\fR(8) delivery that are updated with +"\fBnewaliases\fR" or with "\fBsendmail \-bi\fR". +.PP +This is a separate configuration parameter because not all the +tables specified with $alias_maps have to be local files. +.PP +Examples: +.PP +.nf +.na +.ft C +alias_database = hash:/etc/aliases +alias_database = hash:/etc/mail/aliases +.fi +.ad +.ft R +.SH alias_maps (default: see "postconf \-d" output) +The alias databases that are used for \fBlocal\fR(8) delivery. See +\fBaliases\fR(5) for syntax details. +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +Note: these lookups are recursive. +.PP +The default list is system dependent. On systems with NIS, the +default is to search the local alias database, then the NIS alias +database. +.PP +If you change the alias database, run "\fBpostalias /etc/aliases\fR" +(or wherever your system stores the mail alias file), or simply +run "\fBnewaliases\fR" to build the necessary DBM or DB file. +.PP +The \fBlocal\fR(8) delivery agent disallows regular expression substitution +of $1 etc. in alias_maps, because that would open a security hole. +.PP +The \fBlocal\fR(8) delivery agent will silently ignore requests to use +the \fBproxymap\fR(8) server within alias_maps. Instead it will open the +table directly. Before Postfix version 2.2, the \fBlocal\fR(8) delivery +agent will terminate with a fatal error. +.PP +Examples: +.PP +.nf +.na +.ft C +alias_maps = hash:/etc/aliases, nis:mail.aliases +alias_maps = hash:/etc/aliases +.fi +.ad +.ft R +.SH allow_mail_to_commands (default: alias, forward) +Restrict \fBlocal\fR(8) mail delivery to external commands. The default +is to disallow delivery to "|command" in :include: files (see +\fBaliases\fR(5) for the text that defines this terminology). +.PP +Specify zero or more of: \fBalias\fR, \fBforward\fR or \fBinclude\fR, +in order to allow commands in \fBaliases\fR(5), .forward files or in +:include: files, respectively. +.PP +Example: +.PP +.nf +.na +.ft C +allow_mail_to_commands = alias,forward,include +.fi +.ad +.ft R +.SH allow_mail_to_files (default: alias, forward) +Restrict \fBlocal\fR(8) mail delivery to external files. The default is +to disallow "/file/name" destinations in :include: files (see +\fBaliases\fR(5) for the text that defines this terminology). +.PP +Specify zero or more of: \fBalias\fR, \fBforward\fR or \fBinclude\fR, +in order to allow "/file/name" destinations in \fBaliases\fR(5), .forward +files and in :include: files, respectively. +.PP +Example: +.PP +.nf +.na +.ft C +allow_mail_to_files = alias,forward,include +.fi +.ad +.ft R +.SH allow_min_user (default: no) +Allow a sender or recipient address to have `\-' as the first +character. By +default, this is not allowed, to avoid accidents with software that +passes email addresses via the command line. Such software +would not be able to distinguish a malicious address from a +bona fide command\-line option. Although this can be prevented by +inserting a "\-\-" option terminator into the command line, this is +difficult to enforce consistently and globally. +.PP +As of Postfix version 2.5, this feature is implemented by +trivial\-\fBrewrite\fR(8). With earlier versions this feature was implemented +by \fBqmgr\fR(8) and was limited to recipient addresses only. +.SH allow_percent_hack (default: yes) +Enable the rewriting of the form "user%domain" to "user@domain". +This is enabled by default. +.PP +Note: as of Postfix version 2.2, message header address rewriting +happens only when one of the following conditions is true: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.PP +Example: +.PP +.nf +.na +.ft C +allow_percent_hack = no +.fi +.ad +.ft R +.SH allow_untrusted_routing (default: no) +Forward mail with sender\-specified routing (user[@%!]remote[@%!]site) +from untrusted clients to destinations matching $relay_domains. +.PP +By default, this feature is turned off. This closes a nasty open +relay loophole where a backup MX host can be tricked into forwarding +junk mail to a primary MX host which then spams it out to the world. +.PP +This parameter also controls if non\-local addresses with sender\-specified +routing can match Postfix access tables. By default, such addresses +cannot match Postfix access tables, because the address is ambiguous. +.SH alternate_config_directories (default: empty) +A list of non\-default Postfix configuration directories that may +be specified with "\-c config_directory" on the command line (in the +case of \fBsendmail\fR(1), with the "\-C" option), or via the MAIL_CONFIG +environment parameter. +.PP +This list must be specified in the default Postfix main.cf file, +and will be used by set\-gid Postfix commands such as \fBpostqueue\fR(1) +and \fBpostdrop\fR(1). +.PP +Specify absolute pathnames, separated by comma or space. Note: $name +expansion is not supported. +.SH always_add_missing_headers (default: no) +Always add (Resent\-) From:, To:, Date: or Message\-ID: headers +when not present. Postfix 2.6 and later add these headers only +when clients match the local_header_rewrite_clients parameter +setting. Earlier Postfix versions always add these headers; this +may break DKIM signatures that cover non\-existent headers. +The undisclosed_recipients_header parameter setting determines +whether a To: header will be added. +.SH always_bcc (default: empty) +Optional address that receives a "blind carbon copy" of each message +that is received by the Postfix mail system. +.PP +Note: with Postfix 2.3 and later the BCC address is added as if it +was specified with NOTIFY=NONE. The sender will not be notified +when the BCC address is undeliverable, as long as all down\-stream +software implements RFC 3461. +.PP +Note: with Postfix 2.2 and earlier the sender will be notified +when the BCC address is undeliverable. +.PP +Note: automatic BCC recipients are produced only for new mail. +To avoid mailer loops, automatic BCC recipients are not generated +after Postfix forwards mail internally, or after Postfix generates +mail itself. +.SH anvil_rate_time_unit (default: 60s) +The time unit over which client connection rates and other rates +are calculated. +.PP +This feature is implemented by the \fBanvil\fR(8) service which is available +in Postfix version 2.2 and later. +.PP +The default interval is relatively short. Because of the high +frequency of updates, the \fBanvil\fR(8) server uses volatile memory +only. Thus, information is lost whenever the process terminates. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH anvil_status_update_time (default: 600s) +How frequently the \fBanvil\fR(8) connection and rate limiting server +logs peak usage information. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH append_at_myorigin (default: yes) +With locally submitted mail, append the string "@$myorigin" to mail +addresses without domain information. With remotely submitted mail, +append the string "@$remote_header_rewrite_domain" instead. +.PP +Note 1: this feature is enabled by default and must not be turned off. +Postfix does not support domain\-less addresses. +.PP +Note 2: with Postfix version 2.2, message header address rewriting +happens only when one of the following conditions is true: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.SH append_dot_mydomain (default: Postfix >= 3.0: no, Postfix < 3.0: yes) +With locally submitted mail, append the string ".$mydomain" to +addresses that have no ".domain" information. With remotely submitted +mail, append the string ".$remote_header_rewrite_domain" +instead. +.PP +Note 1: this feature is enabled by default. If disabled, users will not be +able to send mail to "user@partialdomainname" but will have to +specify full domain names instead. +.PP +Note 2: with Postfix version 2.2, message header address rewriting +happens only when one of the following conditions is true: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.SH application_event_drain_time (default: 100s) +How long the \fBpostkick\fR(1) command waits for a request to enter the +Postfix daemon process input buffer before giving up. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH authorized_flush_users (default: static:anyone) +List of users who are authorized to flush the queue. +.PP +By default, all users are allowed to flush the queue. Access is +always granted if the invoking user is the super\-user or the +$mail_owner user. Otherwise, the real UID of the process is looked +up in the system password file, and access is granted only if the +corresponding login name is on the access list. The username +"unknown" is used for processes whose real UID is not found in the +password file. +.PP +Specify a list of user names, "/file/name" or "type:table" patterns, +separated by commas and/or whitespace. The list is matched left to +right, and the search stops on the first match. A "/file/name" +pattern is replaced +by its contents; a "type:table" lookup table is matched when a name +matches a lookup key (the lookup result is ignored). Continue long +lines by starting the next line with whitespace. Specify "!pattern" +to exclude a name from the list. The form "!/file/name" is supported +only in Postfix version 2.4 and later. +.PP +This feature is available in Postfix 2.2 and later. +.SH authorized_mailq_users (default: static:anyone) +List of users who are authorized to view the queue. +.PP +By default, all users are allowed to view the queue. Access is +always granted if the invoking user is the super\-user or the +$mail_owner user. Otherwise, the real UID of the process is looked +up in the system password file, and access is granted only if the +corresponding login name is on the access list. The username +"unknown" is used for processes whose real UID is not found in the +password file. +.PP +Specify a list of user names, "/file/name" or "type:table" patterns, +separated by commas and/or whitespace. The list is matched left to +right, and the search stops on the first match. A "/file/name" +pattern is replaced +by its contents; a "type:table" lookup table is matched when a name +matches a lookup key (the lookup result is ignored). Continue long +lines by starting the next line with whitespace. Specify "!pattern" +to exclude a user name from the list. The form "!/file/name" is +supported only in Postfix version 2.4 and later. +.PP +This feature is available in Postfix 2.2 and later. +.SH authorized_submit_users (default: static:anyone) +List of users who are authorized to submit mail with the \fBsendmail\fR(1) +command (and with the privileged \fBpostdrop\fR(1) helper command). +.PP +By default, all users are allowed to submit mail. Otherwise, the +real UID of the process is looked up in the system password file, +and access is granted only if the corresponding login name is on +the access list. The username "unknown" is used for processes +whose real UID is not found in the password file. To deny mail +submission access to all users specify an empty list. +.PP +Specify a list of user names, "/file/name" or "type:table" patterns, +separated by commas and/or whitespace. The list is matched left to right, +and the search stops on the first match. A "/file/name" pattern is +replaced by its contents; +a "type:table" lookup table is matched when a name matches a lookup key +(the lookup result is ignored). Continue long lines by starting the +next line with whitespace. Specify "!pattern" to exclude a user +name from the list. The form "!/file/name" is supported only in +Postfix version 2.4 and later. +.PP +Example: +.PP +.nf +.na +.ft C +authorized_submit_users = !www, static:all +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH authorized_verp_clients (default: $mynetworks) +What remote SMTP clients are allowed to specify the XVERP command. +This command requests that mail be delivered one recipient at a +time with a per recipient return address. +.PP +By default, only trusted clients are allowed to specify XVERP. +.PP +This parameter was introduced with Postfix version 1.1. Postfix +version 2.1 renamed this parameter to smtpd_authorized_verp_clients +and changed the default to none. +.PP +Specify a list of network/netmask patterns, separated by commas +and/or whitespace. The mask specifies the number of bits in the +network part of a host address. You can also specify hostnames or +\&.domain names (the initial dot causes the domain to match any name +below it), "/file/name" or "type:table" patterns. A "/file/name" +pattern is replaced by its contents; a "type:table" lookup table +is matched when a table entry matches a lookup string (the lookup +result is ignored). Continue long lines by starting the next line +with whitespace. Specify "!pattern" to exclude an address or network +block from the list. The form "!/file/name" is supported only in +Postfix version 2.4 and later. +.PP +Note: IP version 6 address information must be specified inside +[] in the authorized_verp_clients value, and in files +specified with "/file/name". IP version 6 addresses contain the +":" character, and would otherwise be confused with a "type:table" +pattern. +.SH backwards_bounce_logfile_compatibility (default: yes) +Produce additional \fBbounce\fR(8) logfile records that can be read by +Postfix versions before 2.0. The current and more extensible "name = +value" format is needed in order to implement more sophisticated +functionality. +.PP +This feature is available in Postfix 2.1 and later. +.SH berkeley_db_create_buffer_size (default: 16777216) +The per\-table I/O buffer size for programs that create Berkeley DB +hash or btree tables. Specify a byte count. +.PP +This feature is available in Postfix 2.0 and later. +.SH berkeley_db_read_buffer_size (default: 131072) +The per\-table I/O buffer size for programs that read Berkeley DB +hash or btree tables. Specify a byte count. +.PP +This feature is available in Postfix 2.0 and later. +.SH best_mx_transport (default: empty) +Where the Postfix SMTP client should deliver mail when it detects +a "mail loops back to myself" error condition. This happens when +the local MTA is the best SMTP mail exchanger for a destination +not listed in $mydestination, $inet_interfaces, $proxy_interfaces, +$virtual_alias_domains, or $virtual_mailbox_domains. By default, +the Postfix SMTP client returns such mail as undeliverable. +.PP +Specify, for example, "best_mx_transport = local" to pass the mail +from the Postfix SMTP client to the \fBlocal\fR(8) delivery agent. You +can specify +any message delivery "transport" or "transport:nexthop" that is +defined in the master.cf file. See the \fBtransport\fR(5) manual page +for the syntax and meaning of "transport" or "transport:nexthop". +.PP +However, this feature is expensive because it ties up a Postfix +SMTP client process while the \fBlocal\fR(8) delivery agent is doing its +work. It is more efficient (for Postfix) to list all hosted domains +in a table or database. +.SH biff (default: yes) +Whether or not to use the local biff service. This service sends +"new mail" notifications to users who have requested new mail +notification with the UNIX command "biff y". +.PP +For compatibility reasons this feature is on by default. On systems +with lots of interactive users, the biff service can be a performance +drain. Specify "biff = no" in main.cf to disable. +.SH body_checks (default: empty) +Optional lookup tables for content inspection as specified in +the \fBbody_checks\fR(5) manual page. +.PP +Note: with Postfix versions before 2.0, these rules inspect +all content after the primary message headers. +.SH body_checks_size_limit (default: 51200) +How much text in a message body segment (or attachment, if you +prefer to use that term) is subjected to body_checks inspection. +The amount of text is limited to avoid scanning huge attachments. +.PP +This feature is available in Postfix 2.0 and later. +.SH bounce_notice_recipient (default: postmaster) +The recipient of postmaster notifications with the message headers +of mail that Postfix did not deliver and of SMTP conversation +transcripts of mail that Postfix did not receive. This feature is +enabled with the notify_classes parameter. +.SH bounce_queue_lifetime (default: 5d) +Consider a bounce message as undeliverable, when delivery fails +with a temporary error, and the time in the queue has reached the +bounce_queue_lifetime limit. By default, this limit is the same +as for regular mail. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +Specify 0 when mail delivery should be tried only once. +.PP +This feature is available in Postfix 2.1 and later. +.SH bounce_service_name (default: bounce) +The name of the \fBbounce\fR(8) service. This service maintains a record +of failed delivery attempts and generates non\-delivery notifications. +.PP +This feature is available in Postfix 2.0 and later. +.SH bounce_size_limit (default: 50000) +The maximal amount of original message text that is sent in a +non\-delivery notification. Specify a byte count. A message is +returned as either message/rfc822 (the complete original) or as +text/rfc822\-headers (the headers only). With Postfix version 2.4 +and earlier, a message is always returned as message/rfc822 and is +truncated when it exceeds the size limit. +.PP +Notes: +.IP \(bu +If you increase this limit, then you should increase the +mime_nesting_limit value proportionally. +.IP \(bu +Be careful when making changes. Excessively large values +will result in the loss of non\-delivery notifications, when a bounce +message size exceeds a local or remote MTA's message size limit. +.br +.SH bounce_template_file (default: empty) +Pathname of a configuration file with bounce message templates. +These override the built\-in templates of delivery status notification +(DSN) messages for undeliverable mail, delayed mail, successful +delivery, or delivery verification. The \fBbounce\fR(5) manual page +describes how to edit and test template files. +.PP +Template message body text may contain $name references to +Postfix configuration parameters. The result of $name expansion can +be previewed with "\fBpostconf \-b \fIfile_name\fR\fR" before the file +is placed into the Postfix configuration directory. +.PP +This feature is available in Postfix 2.3 and later. +.SH broken_sasl_auth_clients (default: no) +Enable interoperability with remote SMTP clients that implement an obsolete +version of the AUTH command (RFC 4954). Examples of such clients +are MicroSoft Outlook Express version 4 and MicroSoft Exchange +version 5.0. +.PP +Specify "broken_sasl_auth_clients = yes" to have Postfix advertise +AUTH support in a non\-standard way. +.SH canonical_classes (default: envelope_sender, envelope_recipient, header_sender, header_recipient) +What addresses are subject to canonical_maps address mapping. +By default, canonical_maps address mapping is applied to envelope +sender and recipient addresses, and to header sender and header +recipient addresses. +.PP +Specify one or more of: envelope_sender, envelope_recipient, +header_sender, header_recipient +.PP +This feature is available in Postfix 2.2 and later. +.SH canonical_maps (default: empty) +Optional address mapping lookup tables for message headers and +envelopes. The mapping is applied to both sender and recipient +addresses, in both envelopes and in headers, as controlled +with the canonical_classes parameter. This is typically used +to clean up dirty addresses from legacy mail systems, or to replace +login names by Firstname.Lastname. The table format and lookups +are documented in \fBcanonical\fR(5). For an overview of Postfix address +manipulations see the ADDRESS_REWRITING_README document. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +Note: these lookups are recursive. +.PP +If you use this feature, run "\fBpostmap /etc/postfix/canonical\fR" to +build the necessary DBM or DB file after every change. The changes +will become visible after a minute or so. Use "\fBpostfix reload\fR" +to eliminate the delay. +.PP +Note: with Postfix version 2.2, message header address mapping +happens only when message header address rewriting is enabled: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.PP +Examples: +.PP +.nf +.na +.ft C +canonical_maps = dbm:/etc/postfix/canonical +canonical_maps = hash:/etc/postfix/canonical +.fi +.ad +.ft R +.SH cleanup_replace_stray_cr_lf (default: yes) +Replace each stray <CR> or <LF> character in message +content with a space character, to prevent outbound SMTP smuggling, +and to make the evaluation of Postfix\-added DKIM or other signatures +independent from how a remote mail server handles such characters. +.PP +SMTP does not allow such characters unless they are part of a +<CR><LF> sequence, and different mail systems handle +such stray characters in an implementation\-dependent manner. Stray +<CR> or <LF> characters could be used for outbound +SMTP smuggling, where an attacker uses a Postfix server to send +message content with a non\-standard End\-of\-DATA sequence that +triggers inbound SMTP smuggling at a remote SMTP server. +.PP +The replacement happens before all other content management, +and before Postfix may add a DKIM etc. signature; if the signature +were created first, the replacement could invalidate the signature. +.PP +In addition to preventing SMTP smuggling, replacing stray +<CR> or <LF> characters ensures that the result of +signature validation by later mail system will not depend on how +that mail system handles those stray characters in an +implementation\-dependent manner. +.PP +This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10, +3.6.14, and 3.5.24. +.SH cleanup_service_name (default: cleanup) +The name of the \fBcleanup\fR(8) service. This service rewrites addresses +into the standard form, and performs \fBcanonical\fR(5) address mapping +and \fBvirtual\fR(5) aliasing. +.PP +This feature is available in Postfix 2.0 and later. +.SH command_directory (default: see "postconf \-d" output) +The location of all postfix administrative commands. +.SH command_execution_directory (default: empty) +The \fBlocal\fR(8) delivery agent working directory for delivery to +external commands. Failure to change directory causes the delivery +to be deferred. +.PP +The command_execution_directory value is not subject to Postfix +configuration parameter $name expansion. Instead, the following +$name expansions are done on command_execution_directory before the +directory is used. Expansion happens in the context +of the delivery request. The result of $name expansion is filtered +with the character set that is specified with the +execution_directory_expansion_filter parameter. +.IP "\fB$user\fR" +The recipient's username. +.br +.IP "\fB$shell\fR" +The recipient's login shell pathname. +.br +.IP "\fB$home\fR" +The recipient's home directory. +.br +.IP "\fB$recipient\fR" +The full recipient address. +.br +.IP "\fB$extension\fR" +The optional recipient address extension. +.br +.IP "\fB$domain\fR" +The recipient domain. +.br +.IP "\fB$local\fR" +The entire recipient localpart. +.br +.IP "\fB$recipient_delimiter\fR" +The address extension delimiter that was found in the recipient +address (Postfix 2.11 and later), or the system\-wide recipient +address extension delimiter (Postfix 2.10 and earlier). +.br +.IP "\fB${name?value}\fR" +.IP "\fB${name?{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. +.br +.IP "\fB${name:value}\fR" +.IP "\fB${name:{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is empty. +.br +.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)" +Expands to \fIvalue1\fR when \fI$name\fR is non\-empty, +\fIvalue2\fR otherwise. +.br +.br +.PP +Instead of $name you can also specify ${name} or $(name). +.PP +This feature is available in Postfix 2.2 and later. +.SH command_expansion_filter (default: see "postconf \-d" output) +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $mailbox_command and $command_execution_directory. +Characters outside the +allowed set are replaced by underscores. +.SH command_time_limit (default: 1000s) +Time limit for delivery to external commands. This limit is used +by the \fBlocal\fR(8) delivery agent, and is the default time limit for +delivery by the \fBpipe\fR(8) delivery agent. +.PP +Note: if you set this time limit to a large value you must update the +global ipc_timeout parameter as well. +.SH compatibility_level (default: 0) +A safety net that causes Postfix to run with backwards\-compatible +default settings after an upgrade to a newer Postfix version. +.PP +With backwards compatibility turned on (the main.cf compatibility_level +value is less than the Postfix built\-in value), Postfix looks for +settings that are left at their implicit default value, and logs a +message when a backwards\-compatible default setting is required. +.sp +.in +4 +.nf +.na +.ft C +using backwards\-compatible default setting \fIname=value\fR + to [accept a specific client request] +.sp +using backwards\-compatible default setting \fIname=value\fR + to [enable specific Postfix behavior] +.fi +.ad +.ft R +.in -4 +.PP +See COMPATIBILITY_README for specific message details. If such +a message is logged in the context of a legitimate request, the +system administrator should make the backwards\-compatible setting +permanent in main.cf or master.cf, for example: +.sp +.in +4 +.nf +.na +.ft C +# \fBpostconf\fR \fIname=value\fR +# \fBpostfix reload\fR +.fi +.ad +.ft R +.in -4 +.PP +When no more backwards\-compatible settings need to be made +permanent, the administrator should turn off backwards compatibility +by updating the compatibility_level setting in main.cf: +.sp +.in +4 +.nf +.na +.ft C +# \fBpostconf compatibility_level=\fIN\fR\fR +# \fBpostfix reload\fR +.fi +.ad +.ft R +.in -4 +.PP +For \fIN\fR specify the number that is logged in your \fBpostfix\fR(1) +warning message: +.sp +.in +4 +.nf +.na +.ft C +warning: To disable backwards compatibility use "postconf + compatibility_level=\fIN\fR" and "postfix reload" +.fi +.ad +.ft R +.in -4 +.PP +Starting with Postfix version 3.6, the compatibility level in +the above warning message is the Postfix version that introduced +the last incompatible change. The level is formatted as +\fImajor.minor.patch\fR, where \fIpatch\fR is usually omitted and +defaults to zero. Earlier compatibility levels are 0, 1 and 2. +.PP +NOTE: this also introduces support for the "<level", +"<=level", and other operators to compare compatibility levels. +With the standard operators "<", "<=", etc., compatibility +level "3.10" would be smaller than "3.9" which is undesirable. +.PP +This feature is available in Postfix 3.0 and later. +.SH config_directory (default: see "postconf \-d" output) +The default location of the Postfix main.cf and master.cf +configuration files. This can be overruled via the following +mechanisms: +.IP \(bu +The MAIL_CONFIG environment variable (daemon processes +and commands). +.IP \(bu +The "\-c" command\-line option (commands only). +.br +.PP +With Postfix commands that run with set\-gid privileges, a +config_directory override either requires root privileges, or it +requires that the directory is listed with the alternate_config_directories +parameter in the default main.cf file. +.SH confirm_delay_cleared (default: no) +After sending a "your message is delayed" notification, inform +the sender when the delay clears up. This can result in a sudden +burst of notifications at the end of a prolonged network outage, +and is therefore disabled by default. +.PP +See also: delay_warning_time. +.PP +This feature is available in Postfix 3.0 and later. +.SH connection_cache_protocol_timeout (default: 5s) +Time limit for connection cache connect, send or receive +operations. The time limit is enforced in the client. +.PP +This feature is available in Postfix 2.3 and later. +.SH connection_cache_service_name (default: scache) +The name of the \fBscache\fR(8) connection cache service. This service +maintains a limited pool of cached sessions. +.PP +This feature is available in Postfix 2.2 and later. +.SH connection_cache_status_update_time (default: 600s) +How frequently the \fBscache\fR(8) server logs usage statistics with +connection cache hit and miss rates for logical destinations and for +physical endpoints. +.SH connection_cache_ttl_limit (default: 2s) +The maximal time\-to\-live value that the \fBscache\fR(8) connection +cache server +allows. Requests that specify a larger TTL will be stored with the +maximum allowed TTL. The purpose of this additional control is to +protect the infrastructure against careless people. The cache TTL +is already bounded by $max_idle. +.SH content_filter (default: empty) +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. The \fItransport\fR name +specifies the first field of a mail delivery agent definition in +master.cf; the syntax of the next\-hop \fIdestination\fR is described +in the manual page of the corresponding delivery agent. More +information about external content filters is in the Postfix +FILTER_README file. +.PP +Notes: +.IP \(bu +This setting has lower precedence than a FILTER action +that is specified in an \fBaccess\fR(5), \fBheader_checks\fR(5) or \fBbody_checks\fR(5) +table. +.IP \(bu +The meaning of an empty next\-hop filter \fIdestination\fR +is version dependent. Postfix 2.7 and later will use the recipient +domain; earlier versions will use $myhostname. Specify +"default_filter_nexthop = $myhostname" for compatibility with Postfix +2.6 or earlier, or specify a content_filter value with an explicit +next\-hop \fIdestination\fR. +.br +.SH cyrus_sasl_config_path (default: empty) +Search path for Cyrus SASL application configuration files, +currently used only to locate the $smtpd_sasl_path.conf file. +Specify zero or more directories separated by a colon character, +or an empty value to use Cyrus SASL's built\-in search path. +.PP +This feature is available in Postfix 2.5 and later when compiled +with Cyrus SASL 2.1.22 or later. +.SH daemon_directory (default: see "postconf \-d" output) +The directory with Postfix support programs and daemon programs. +These should not be invoked directly by humans. The directory must +be owned by root. +.SH daemon_table_open_error_is_fatal (default: no) +How a Postfix daemon process handles errors while opening lookup +tables: gradual degradation or immediate termination. +.IP "\fB no \fR (default)" +Gradual degradation: a +daemon process logs a message of type "error" and continues execution +with reduced functionality. Features that do not depend on the +unavailable table will work normally, while features that depend +on the table will result in a type "warning" message. +.br +When +the notify_classes parameter value contains the "data" class, the +Postfix SMTP server and client will report transcripts of sessions +with an error because a table is unavailable. +.br +.IP "\fB yes \fR (historical behavior)" +Immediate +termination: a daemon process logs a type "fatal" message and +terminates immediately. This option reduces the number of possible +code paths through Postfix, and may therefore be slightly more +secure than the default. +.br +.br +.PP +For the sake of sanity, the number of type "error" messages is +limited to 13 over the lifetime of a daemon process. +.PP +This feature is available in Postfix 2.9 and later. +.SH daemon_timeout (default: 18000s) +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH data_directory (default: see "postconf \-d" output) +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). This directory must be owned by +the mail_owner account, and must not be shared with non\-Postfix +software. +.PP +This feature is available in Postfix 2.5 and later. +.SH debug_peer_level (default: 2) +The increment in verbose logging level when a nexthop destination, +remote client or server name or network address matches a pattern +given with the debug_peer_list parameter. +.PP +Per\-nexthop debug logging is available in Postfix 3.6 and later. +.SH debug_peer_list (default: empty) +Optional list of nexthop destination, remote client or server +name or network address patterns that, if matched, cause the verbose +logging level to increase by the amount specified in $debug_peer_level. +.PP +Per\-nexthop debug logging is available in Postfix 3.6 and later. +.PP +Specify domain names, network/netmask patterns, "/file/name" +patterns or "type:table" lookup tables. The right\-hand side result +from "type:table" lookups is ignored. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "debug_peer_list" in the parent_domain_matches_subdomains +parameter value. +.PP +Examples: +.PP +.nf +.na +.ft C +debug_peer_list = 127.0.0.1 +debug_peer_list = example.com +.fi +.ad +.ft R +.SH debugger_command (default: empty) +The external command to execute when a Postfix daemon program is +invoked with the \-D option. +.PP +Use "command .. & sleep 5" so that the debugger can attach before +the process marches on. If you use an X\-based debugger, be sure to +set up your XAUTHORITY environment variable before starting Postfix. +.PP +Note: the command is subject to $name expansion, before it is +passed to the default command interpreter. Specify "$$" to +produce a single "$" character. +.PP +Example: +.PP +.nf +.na +.ft C +debugger_command = + PATH=/usr/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 +.fi +.ad +.ft R +.SH default_database_type (default: see "postconf \-d" output) +The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) +and \fBpostmap\fR(1) commands. On many UNIX systems the default type is +either \fBdbm\fR or \fBhash\fR. The default setting is frozen +when the Postfix system is built. +.PP +Examples: +.PP +.nf +.na +.ft C +default_database_type = hash +default_database_type = dbm +.fi +.ad +.ft R +.SH default_delivery_slot_cost (default: 5) +How often the Postfix queue manager's scheduler is allowed to +preempt delivery of one message with another. +.PP +Each transport maintains a so\-called "available delivery slot counter" +for each message. One message can be preempted by another one when +the other message can be delivered using no more delivery slots +(i.e., invocations of delivery agents) than the current message +counter has accumulated (or will eventually accumulate \- see about +slot loans below). This parameter controls how often the counter is +incremented \- it happens after each default_delivery_slot_cost +recipients have been delivered. +.PP +The cost of 0 is used to disable the preempting scheduling completely. +The minimum value the scheduling algorithm can use is 2 \- use it +if you want to maximize the message throughput rate. Although there +is no maximum, it doesn't make much sense to use values above say +50. +.PP +The only reason why the value of 2 is not the default is the way +this parameter affects the delivery of mailing\-list mail. In the +worst case, delivery can take somewhere between (cost+1/cost) +and (cost/cost\-1) times more than if the preemptive scheduler was +disabled. The default value of 5 turns out to provide reasonable +message response times while making sure the mailing\-list deliveries +are not extended by more than 20\-25 percent even in the worst case. +.PP +Use \fItransport\fR_delivery_slot_cost to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +Examples: +.PP +.nf +.na +.ft C +default_delivery_slot_cost = 0 +default_delivery_slot_cost = 2 +.fi +.ad +.ft R +.SH default_delivery_slot_discount (default: 50) +The default value for transport\-specific _delivery_slot_discount +settings. +.PP +This parameter speeds up the moment when a message preemption can +happen. Instead of waiting until the full amount of delivery slots +required is available, the preemption can happen when +\fItransport\fR_delivery_slot_discount percent of the required amount +plus \fItransport\fR_delivery_slot_loan still remains to be accumulated. +Note that the full amount will still have to be accumulated before +another preemption can take place later. +.PP +Use \fItransport\fR_delivery_slot_discount to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_delivery_slot_loan (default: 3) +The default value for transport\-specific _delivery_slot_loan +settings. +.PP +This parameter speeds up the moment when a message preemption can +happen. Instead of waiting until the full amount of delivery slots +required is available, the preemption can happen when +transport_delivery_slot_discount percent of the required amount +plus transport_delivery_slot_loan still remains to be accumulated. +Note that the full amount will still have to be accumulated before +another preemption can take place later. +.PP +Use \fItransport\fR_delivery_slot_loan to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_delivery_status_filter (default: empty) +Optional filter to replace the delivery status code or explanatory +text of successful or unsuccessful deliveries. This does not allow +the replacement of a successful status code (2.X.X) with an +unsuccessful status code (4.X.X or 5.X.X) or vice versa. +.PP +Note: the (smtp|lmtp)_delivery_status_filter is applied only +once per recipient: when delivery is successful, when delivery is +rejected with 5XX, or when there are no more alternate MX or A +destinations. Use smtp_reply_filter or lmtp_reply_filter to inspect +responses for all delivery attempts. +.PP +The following parameters can be used to implement a filter for +specific delivery agents: lmtp_delivery_status_filter, +local_delivery_status_filter, pipe_delivery_status_filter, +smtp_delivery_status_filter or virtual_delivery_status_filter. These +parameters support the same filter syntax as described here. +.PP +Specify zero or more "type:table" lookup table names, separated +by comma or whitespace. For each successful or unsuccessful delivery +to a recipient, the tables are queried in the specified order with +one line of text that is structured as follows: +.sp +.in +4 +enhanced\-status\-code SPACE explanatory\-text +.in -4 +.PP +The first table match wins. The lookup result must have the +same structure as the query, a successful status code (2.X.X) must +be replaced with a successful status code, an unsuccessful status +code (4.X.X or 5.X.X) must be replaced with an unsuccessful status +code, and the explanatory text field must be non\-empty. Other results +will result in a warning. +.PP +Example 1: convert specific soft TLS errors into hard errors, +by overriding the first number in the enhanced status code. +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_delivery_status_filter = pcre:/etc/postfix/smtp_dsn_filter +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/smtp_dsn_filter: + /^4(\e.\ed+\e.\ed+ TLS is required, but host \eS+ refused to start TLS: .+)/ + 5$1 + /^4(\e.\ed+\e.\ed+ TLS is required, but was not offered by host .+)/ + 5$1 + # Do not change the following into hard bounces. They may + # result from a local configuration problem. + # 4.\ed+.\ed+ TLS is required, but our TLS engine is unavailable + # 4.\ed+.\ed+ TLS is required, but unavailable + # 4.\ed+.\ed+ Cannot start TLS: handshake failure +.fi +.ad +.ft R +.in -4 +.PP +Example 2: censor the per\-recipient delivery status text so +that it does not reveal the destination command or filename +when a remote sender requests confirmation of successful delivery. +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + local_delivery_status_filter = pcre:/etc/postfix/local_dsn_filter +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/local_dsn_filter: + /^(2\eS+ delivered to file).+/ $1 + /^(2\eS+ delivered to command).+/ $1 +.fi +.ad +.ft R +.in -4 +.PP +Notes: +.IP \(bu +This feature will NOT override the soft_bounce safety net. +.IP \(bu +This feature will change the enhanced status code and text +that is logged to the maillog file, and that is reported to the +sender in delivery confirmation or non\-delivery notifications. +.br +.PP +This feature is available in Postfix 3.0 and later. +.SH default_destination_concurrency_failed_cohort_limit (default: 1) +How many pseudo\-cohorts must suffer connection or handshake +failure before a specific destination is considered unavailable +(and further delivery is suspended). Specify zero to disable this +feature. A destination's pseudo\-cohort failure count is reset each +time a delivery completes without connection or handshake failure +for that specific destination. +.PP +A pseudo\-cohort is the number of deliveries equal to a destination's +delivery concurrency. +.PP +Use \fItransport\fR_destination_concurrency_failed_cohort_limit to specify +a transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +This feature is available in Postfix 2.5. The default setting +is compatible with earlier Postfix versions. +.SH default_destination_concurrency_limit (default: 20) +The default maximal number of parallel deliveries to the same +destination. This is the default limit for delivery via the \fBlmtp\fR(8), +\fBpipe\fR(8), \fBsmtp\fR(8) and \fBvirtual\fR(8) delivery agents. +With a per\-destination recipient limit > 1, a destination is a domain, +otherwise it is a recipient. +.PP +Use \fItransport\fR_destination_concurrency_limit to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_destination_concurrency_negative_feedback (default: 1) +The per\-destination amount of delivery concurrency negative +feedback, after a delivery completes with a connection or handshake +failure. Feedback values are in the range 0..1 inclusive. With +negative feedback, concurrency is decremented at the beginning of +a sequence of length 1/feedback. This is unlike positive feedback, +where concurrency is incremented at the end of a sequence of length +1/feedback. +.PP +As of Postfix version 2.5, negative feedback cannot reduce +delivery concurrency to zero. Instead, a destination is marked +dead (further delivery suspended) after the failed pseudo\-cohort +count reaches $default_destination_concurrency_failed_cohort_limit +(or $\fItransport\fR_destination_concurrency_failed_cohort_limit). +To make the scheduler completely immune to connection or handshake +failures, specify a zero feedback value and a zero failed pseudo\-cohort +limit. +.PP +Specify one of the following forms: +.IP "\fB\fInumber\fR \fR" +.IP "\fB\fInumber\fR / \fInumber\fR \fR" +Constant feedback. The value must be in the range 0..1 inclusive. +The default setting of "1" is compatible with Postfix versions +before 2.5, where a destination's delivery concurrency is throttled +down to zero (and further delivery suspended) after a single failed +pseudo\-cohort. +.br +.IP "\fB\fInumber\fR / concurrency \fR" +Variable feedback of "\fInumber\fR / (delivery concurrency)". +The \fInumber\fR must be in the range 0..1 inclusive. With +\fInumber\fR equal to "1", a destination's delivery concurrency +is decremented by 1 after each failed pseudo\-cohort. +.br +.br +.PP +A pseudo\-cohort is the number of deliveries equal to a destination's +delivery concurrency. +.PP +Use \fItransport\fR_destination_concurrency_negative_feedback +to specify a transport\-specific override, where \fItransport\fR +is the master.cf +name of the message delivery transport. +.PP +This feature is available in Postfix 2.5. The default setting +is compatible with earlier Postfix versions. +.SH default_destination_concurrency_positive_feedback (default: 1) +The per\-destination amount of delivery concurrency positive +feedback, after a delivery completes without connection or handshake +failure. Feedback values are in the range 0..1 inclusive. The +concurrency increases until it reaches the per\-destination maximal +concurrency limit. With positive feedback, concurrency is incremented +at the end of a sequence with length 1/feedback. This is unlike +negative feedback, where concurrency is decremented at the start +of a sequence of length 1/feedback. +.PP +Specify one of the following forms: +.IP "\fB\fInumber\fR \fR" +.IP "\fB\fInumber\fR / \fInumber\fR \fR" +Constant feedback. The value must be in the range 0..1 +inclusive. The default setting of "1" is compatible with Postfix +versions before 2.5, where a destination's delivery concurrency +doubles after each successful pseudo\-cohort. +.br +.IP "\fB\fInumber\fR / concurrency \fR" +Variable feedback of "\fInumber\fR / (delivery concurrency)". +The \fInumber\fR must be in the range 0..1 inclusive. With +\fInumber\fR equal to "1", a destination's delivery concurrency +is incremented by 1 after each successful pseudo\-cohort. +.br +.br +.PP +A pseudo\-cohort is the number of deliveries equal to a destination's +delivery concurrency. +.PP +Use \fItransport\fR_destination_concurrency_positive_feedback +to specify a transport\-specific override, where \fItransport\fR +is the master.cf name of the message delivery transport. +.PP +This feature is available in Postfix 2.5 and later. +.SH default_destination_rate_delay (default: 0s) +The default amount of delay that is inserted between individual +message deliveries to the same destination and over the same message +delivery transport. Specify a non\-zero value to rate\-limit those +message deliveries to at most one per $default_destination_rate_delay. +.PP +The resulting behavior depends on the value of the corresponding +per\-destination recipient limit. +.IP \(bu +With a corresponding per\-destination recipient limit > +1, the rate delay specifies the time between deliveries to the +\fIsame domain\fR. Different domains are delivered in parallel, +subject to the process limits specified in master.cf. +.IP \(bu +With a corresponding per\-destination recipient limit equal +to 1, the rate delay specifies the time between deliveries to the +\fIsame recipient\fR. Different recipients are delivered in +parallel, subject to the process limits specified in master.cf. +.br +.PP +To enable the delay, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time +unit). +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds). +.PP +NOTE: the delay is enforced by the queue manager. The delay +timer state does not survive "\fBpostfix reload\fR" or "\fBpostfix +stop\fR". +.PP +Use \fItransport\fR_destination_rate_delay to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +NOTE: with a non\-zero _destination_rate_delay, specify a +\fItransport\fR_destination_concurrency_failed_cohort_limit of 10 +or more to prevent Postfix from deferring all mail for the same +destination after only one connection or handshake error. +.PP +This feature is available in Postfix 2.5 and later. +.SH default_destination_recipient_limit (default: 50) +The default maximal number of recipients per message delivery. +This is the default limit for delivery via the \fBlmtp\fR(8), \fBpipe\fR(8), +\fBsmtp\fR(8) and \fBvirtual\fR(8) delivery agents. +.PP +Setting this parameter to a value of 1 affects email deliveries +as follows: +.IP \(bu +It changes the meaning of the corresponding per\-destination +concurrency limit, from concurrency of deliveries to the \fIsame +domain\fR into concurrency of deliveries to the \fIsame recipient\fR. +Different recipients are delivered in parallel, subject to the +process limits specified in master.cf. +.IP \(bu +It changes the meaning of the corresponding per\-destination +rate delay, from the delay between deliveries to the \fIsame +domain\fR into the delay between deliveries to the \fIsame +recipient\fR. Again, different recipients are delivered in parallel, +subject to the process limits specified in master.cf. +.IP \(bu +It changes the meaning of other corresponding per\-destination +settings in a similar manner, from settings for delivery to the +\fIsame domain\fR into settings for delivery to the \fIsame +recipient\fR. +.br +.PP +Use \fItransport\fR_destination_recipient_limit to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_extra_recipient_limit (default: 1000) +The default value for the extra per\-transport limit imposed on the +number of in\-memory recipients. This extra recipient space is +reserved for the cases when the Postfix queue manager's scheduler +preempts one message with another and suddenly needs some extra +recipient slots for the chosen message in order to avoid performance +degradation. +.PP +Use \fItransport\fR_extra_recipient_limit to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_filter_nexthop (default: empty) +When a content_filter or FILTER request specifies no explicit +next\-hop destination, use $default_filter_nexthop instead; when +that value is empty, use the domain in the recipient address. +Specify "default_filter_nexthop = $myhostname" for compatibility +with Postfix version 2.6 and earlier, or specify an explicit next\-hop +destination with each content_filter value or FILTER action. +.PP +This feature is available in Postfix 2.7 and later. +.SH default_minimum_delivery_slots (default: 3) +How many recipients a message must have in order to invoke the +Postfix queue manager's scheduling algorithm at all. Messages +which would never accumulate at least this many delivery slots +(subject to slot cost parameter as well) are never preempted. +.PP +Use \fItransport\fR_minimum_delivery_slots to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_privs (default: nobody) +The default rights used by the \fBlocal\fR(8) delivery agent for delivery +to an external file or command. These rights are used when delivery +is requested from an \fBaliases\fR(5) file that is owned by \fBroot\fR, or +when delivery is done on behalf of \fBroot\fR. \fBDO NOT SPECIFY A +PRIVILEGED USER OR THE POSTFIX OWNER\fR. +.SH default_process_limit (default: 100) +The default maximal number of Postfix child processes that provide +a given service. This limit can be overruled for specific services +in the master.cf file. +.SH default_rbl_reply (default: see "postconf \-d" output) +The default Postfix SMTP server response template for a request that is +rejected by an RBL\-based restriction. This template can be overruled +by specific entries in the optional rbl_reply_maps lookup table. +.PP +This feature is available in Postfix 2.0 and later. +.PP +The template does not support Postfix configuration parameter $name +substitution. Instead, it supports exactly one level of $name +substitution for the following attributes: +.IP "\fB$client\fR" +The client hostname and IP address, formatted as name[address]. +.br +.IP "\fB$client_address\fR" +The client IP address. +.br +.IP "\fB$client_name\fR" +The client hostname or "unknown". See reject_unknown_client_hostname +for more details. +.br +.IP "\fB$reverse_client_name\fR" +The client hostname from address\->name lookup, or "unknown". +See reject_unknown_reverse_client_hostname for more details. +.br +.IP "\fB$helo_name\fR" +The hostname given in HELO or EHLO command or empty string. +.br +.IP "\fB$rbl_class\fR" +The denylisted entity type: Client host, Helo command, Sender +address, or Recipient address. +.br +.IP "\fB$rbl_code\fR" +The numerical SMTP response code, as specified with the +maps_rbl_reject_code configuration parameter. Note: The numerical +SMTP response code is required, and must appear at the start of the +reply. With Postfix version 2.3 and later this information may be followed +by an RFC 3463 enhanced status code. +.br +.IP "\fB$rbl_domain\fR" +The RBL domain where $rbl_what is denylisted. +.br +.IP "\fB$rbl_reason\fR" +The reason why $rbl_what is denylisted, or an empty string. +.br +.IP "\fB$rbl_what\fR" +The entity that is denylisted (an IP address, a hostname, a domain +name, or an email address whose domain was denylisted). +.br +.IP "\fB$recipient\fR" +The recipient address or <> in case of the null address. +.br +.IP "\fB$recipient_domain\fR" +The recipient domain or empty string. +.br +.IP "\fB$recipient_name\fR" +The recipient address localpart or <> in case of null address. +.br +.IP "\fB$sender\fR" +The sender address or <> in case of the null address. +.br +.IP "\fB$sender_domain\fR" +The sender domain or empty string. +.br +.IP "\fB$sender_name\fR" +The sender address localpart or <> in case of the null address. +.br +.IP "\fB${name?value}\fR" +.IP "\fB${name?{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. +.br +.IP "\fB${name:value}\fR" +.IP "\fB${name:{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is empty. +.br +.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)" +Expands to \fIvalue1\fR when \fI$name\fR is non\-empty, +\fIvalue2\fR otherwise. +.br +.br +.PP +Instead of $name you can also specify ${name} or $(name). +.PP +Note: when an enhanced status code is specified in an RBL reply +template, it is subject to modification. The following transformations +are needed when the same RBL reply template is used for client, +helo, sender, or recipient access restrictions. +.IP \(bu +When rejecting a sender address, the Postfix SMTP server +will transform a recipient DSN status (e.g., 4.1.1\-4.1.6) into the +corresponding sender DSN status, and vice versa. +.IP \(bu +When rejecting non\-address information (such as the HELO +command argument or the client hostname/address), the Postfix SMTP +server will transform a sender or recipient DSN status into a generic +non\-address DSN status (e.g., 4.0.0). +.br +.SH default_recipient_limit (default: 20000) +The default per\-transport upper limit on the number of in\-memory +recipients. These limits take priority over the global +qmgr_message_recipient_limit after the message has been assigned +to the respective transports. See also default_extra_recipient_limit +and qmgr_message_recipient_minimum. +.PP +Use \fItransport\fR_recipient_limit to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.SH default_recipient_refill_delay (default: 5s) +The default per\-transport maximum delay between refilling recipients. +When not all message recipients fit into memory at once, keep loading +more of them at least once every this many seconds. This is used to +make sure the recipients are refilled in a timely manner even when +$default_recipient_refill_limit is too high for too slow deliveries. +.PP +Use \fItransport\fR_recipient_refill_delay to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +This feature is available in Postfix 2.4 and later. +.SH default_recipient_refill_limit (default: 100) +The default per\-transport limit on the number of recipients refilled at +once. When not all message recipients fit into memory at once, keep +loading more of them in batches of at least this many at a time. See also +$default_recipient_refill_delay, which may result in recipient batches +lower than this when this limit is too high for too slow deliveries. +.PP +Use \fItransport\fR_recipient_refill_limit to specify a +transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport. +.PP +This feature is available in Postfix 2.4 and later. +.SH default_transport (default: smtp) +The default mail delivery transport and next\-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. This information can be overruled with the +sender_dependent_default_transport_maps parameter and with the +\fBtransport\fR(5) table. +.PP +In order of decreasing precedence, the nexthop destination is taken +from $sender_dependent_default_transport_maps, $default_transport, +$sender_dependent_relayhost_maps, $relayhost, or from the recipient +domain. +.PP +Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR +is the name of a mail delivery transport defined in master.cf. +The \fI:nexthop\fR destination is optional; its syntax is documented +in the manual page of the corresponding delivery agent. In the case of +SMTP or LMTP, specify one or more destinations separated by comma or +whitespace (with Postfix 3.5 and later). +.PP +Example: +.PP +.nf +.na +.ft C +default_transport = uucp:relayhostname +.fi +.ad +.ft R +.SH default_transport_rate_delay (default: 0s) +The default amount of delay that is inserted between individual +message deliveries over the same message delivery transport, +regardless of destination. Specify a non\-zero value to rate\-limit +those message deliveries to at most one per $default_transport_rate_delay. +.PP +Use \fItransport\fR_transport_rate_delay to specify a +transport\-specific override, where the initial \fItransport\fR is +the master.cf name of the message delivery transport. +.PP +Example: throttle outbound SMTP mail to at most 3 deliveries +per minute. +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_transport_rate_delay = 20s +.fi +.ad +.ft R +.PP +To enable the delay, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time +unit). +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds). +.PP +NOTE: the delay is enforced by the queue manager. +.PP +This feature is available in Postfix 3.1 and later. +.SH default_verp_delimiters (default: +=) +The two default VERP delimiter characters. These are used when +no explicit delimiters are specified with the SMTP XVERP command +or with the "\fBsendmail \-XV\fR" command\-line option (Postfix 2.2 +and earlier: \fB\-V\fR). Specify characters that are allowed by the +verp_delimiter_filter setting. +.PP +This feature is available in Postfix 1.1 and later. +.SH defer_code (default: 450) +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "defer" restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH defer_service_name (default: defer) +The name of the defer service. This service is implemented by the +\fBbounce\fR(8) daemon and maintains a record +of failed delivery attempts and generates non\-delivery notifications. +.PP +This feature is available in Postfix 2.0 and later. +.SH defer_transports (default: empty) +The names of message delivery transports that should not deliver mail +unless someone issues "\fBsendmail \-q\fR" or equivalent. Specify zero +or more mail delivery transport names that appear in the +first field of master.cf. +.PP +Example: +.PP +.nf +.na +.ft C +defer_transports = smtp +.fi +.ad +.ft R +.SH delay_logging_resolution_limit (default: 2) +The maximal number of digits after the decimal point when logging +sub\-second delay values. Specify a number in the range 0..6. +.PP +Large delay values are rounded off to an integral number of seconds; +delay values below the delay_logging_resolution_limit are logged +as "0", and delay values under 100s are logged with at most two\-digit +precision. +.PP +The format of the "delays=a/b/c/d" logging is as follows: +.IP \(bu +a = time from message arrival to last active queue entry +.IP \(bu +b = time from last active queue entry to connection setup +.IP \(bu +c = time in connection setup, including DNS, EHLO and STARTTLS +.IP \(bu +d = time in message transmission +.br +.PP +This feature is available in Postfix 2.3 and later. +.SH delay_notice_recipient (default: postmaster) +The recipient of postmaster notifications with the message headers +of mail that cannot be delivered within $delay_warning_time time +units. +.PP +See also: delay_warning_time, notify_classes. +.SH delay_warning_time (default: 0h) +The time after which the sender receives a copy of the message +headers of mail that is still queued. The confirm_delay_cleared +parameter controls sender notification when the delay clears up. +.PP +To enable this feature, specify a non\-zero time value (an integral +value plus an optional one\-letter suffix that specifies the time +unit). +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +See also: delay_notice_recipient, notify_classes, confirm_delay_cleared. +.SH deliver_lock_attempts (default: 20) +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.SH deliver_lock_delay (default: 1s) +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH destination_concurrency_feedback_debug (default: no) +Make the queue manager's feedback algorithm verbose for performance +analysis purposes. +.PP +This feature is available in Postfix 2.5 and later. +.SH detect_8bit_encoding_header (default: yes) +Automatically detect 8BITMIME body content by looking at +Content\-Transfer\-Encoding: message headers; historically, this +behavior was hard\-coded to be "always on". +.PP +This feature is available in Postfix 2.5 and later. +.SH disable_dns_lookups (default: no) +Disable DNS lookups in the Postfix SMTP and LMTP clients. When +disabled, hosts are looked up with the getaddrinfo() system +library routine which normally also looks in /etc/hosts. As of +Postfix 2.11, this parameter is deprecated; use smtp_dns_support_level +instead. +.PP +DNS lookups are enabled by default. +.SH disable_mime_input_processing (default: no) +Turn off MIME processing while receiving mail. This means that no +special treatment is given to Content\-Type: message headers, and +that all text after the initial message headers is considered to +be part of the message body. +.PP +This feature is available in Postfix 2.0 and later. +.PP +Mime input processing is enabled by default, and is needed in order +to recognize MIME headers in message content. +.SH disable_mime_output_conversion (default: no) +Disable the conversion of 8BITMIME format to 7BIT format. Mime +output conversion is needed when the destination does not advertise +8BITMIME support. +.PP +This feature is available in Postfix 2.0 and later. +.SH disable_verp_bounces (default: no) +Disable sending one bounce report per recipient. +.PP +The default, one per recipient, is what ezmlm needs. +.PP +This feature is available in Postfix 1.1 and later. +.SH disable_vrfy_command (default: no) +Disable the SMTP VRFY command. This stops some techniques used to +harvest email addresses. +.PP +Example: +.PP +.nf +.na +.ft C +disable_vrfy_command = no +.fi +.ad +.ft R +.SH dns_ncache_ttl_fix_enable (default: no) +Enable a workaround for future libc incompatibility. The Postfix +implementation of RFC 2308 negative reply caching relies on the +promise that res_query() and res_search() invoke res_send(), which +returns the server response in an application buffer even if the +requested record does not exist. If this promise is broken, specify +"yes" to enable a workaround for DNS reputation lookups. +.PP +This feature is available in Postfix 3.1 and later. +.SH dnsblog_reply_delay (default: 0s) +A debugging aid to artificially delay DNS responses. +.PP +This feature is available in Postfix 2.8. +.SH dnsblog_service_name (default: dnsblog) +The name of the \fBdnsblog\fR(8) service entry in master.cf. This +service performs DNS allow/denylist lookups. +.PP +This feature is available in Postfix 2.8 and later. +.SH dnssec_probe (default: ns:.) +The DNS query type (default: "ns") and DNS query name (default: +".") that Postfix may use to determine whether DNSSEC validation +is available. +.PP +Background: DNSSEC validation is needed for Postfix DANE support; +this ensures that Postfix receives TLSA records with secure TLS +server certificate info. When DNSSEC validation is unavailable, +mail deliveries using \fIopportunistic\fR DANE will not be protected +by server certificate info in TLSA records, and mail deliveries +using \fImandatory\fR DANE will not be made at all. +.PP +By default, a Postfix process will send a DNSSEC probe after +1) the process made a DNS query that requested DNSSEC validation, +2) the process did not receive a DNSSEC validated response to this +query or to an earlier query, and 3) the process did not already +send a DNSSEC probe. +.PP +When the DNSSEC probe has no response, or when the response is +not DNSSEC validated, Postfix logs a warning that DNSSEC validation +may be unavailable. +.PP +Example: +.PP +.nf +.na +.ft C +warning: DNSSEC validation may be unavailable +warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated +warning: reason: dnssec_probe 'ns:.' received no response: Server failure +.fi +.ad +.ft R +.PP +Possible reasons why DNSSEC validation may be unavailable: +.IP \(bu +The local /etc/resolv.conf file specifies a DNS resolver that +does not validate DNSSEC signatures (that's +$queue_directory/etc/resolv.conf when a Postfix daemon runs in a +chroot jail). +.IP \(bu +The local system library does not pass on the "DNSSEC validated" +bit to Postfix, or Postfix does not know how to ask the library to +do that. +.br +.PP +By default, the DNSSEC probe asks for the DNS root zone NS +records, because resolvers should always have that information +cached. If Postfix runs on a network where the DNS root zone is not +reachable, specify a different probe, or specify an empty dnssec_probe +value to disable the feature. +.PP +This feature is available in Postfix 3.6 and later. It was backported +to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. +.SH dont_remove (default: 0) +Don't remove queue files and save them to the "saved" mail queue. +This is a debugging aid. To inspect the envelope information and +content of a Postfix queue file, use the \fBpostcat\fR(1) command. +.SH double_bounce_sender (default: double\-bounce) +The sender address of postmaster notifications that are generated +by the mail system. All mail to this address is silently discarded, +in order to terminate mail bounce loops. +.SH duplicate_filter_limit (default: 1000) +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.SH empty_address_default_transport_maps_lookup_key (default: <>) +The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address. +.PP +This feature is available in Postfix 2.7 and later. +.SH empty_address_local_login_sender_maps_lookup_key (default: <>) +The lookup key to be used in local_login_sender_maps tables, instead +of the null sender address. +.PP +This feature is available in Postfix 3.6 and later. +.SH empty_address_recipient (default: MAILER\-DAEMON) +The recipient of mail addressed to the null address. Postfix does +not accept such addresses in SMTP commands, but they may still be +created locally as the result of configuration or software error. +.SH empty_address_relayhost_maps_lookup_key (default: <>) +The sender_dependent_relayhost_maps search string that will be +used instead of the null sender address. +.PP +This feature is available in Postfix 2.5 and later. With +earlier versions, sender_dependent_relayhost_maps lookups were +skipped for the null sender address. +.SH enable_errors_to (default: no) +Report mail delivery errors to the address specified with the +non\-standard Errors\-To: message header, instead of the envelope +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on +with older Postfix versions). +.SH enable_idna2003_compatibility (default: no) +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. Specify "yes" for compatibility with Postfix +<= 3.1 (not recommended). This affects the conversion of domain +names that contain for example the German sz and the Greek zeta. +See http://unicode.org/cldr/utility/idna.jsp for more examples. +.PP +This feature is available in Postfix 3.2 and later. +.SH enable_long_queue_ids (default: no) +Enable long, non\-repeating, queue IDs (queue file names). The +benefit of non\-repeating names is simpler logfile analysis and +easier queue migration (there is no need to run "postsuper" to +change queue file names that don't match their message file inode +number). +.PP +Note: see below for how to convert long queue file names to +Postfix <= 2.8. +.PP +Changing the parameter value to "yes" has the following effects: +.IP \(bu +Existing queue file names are not affected. +.IP \(bu +New queue files are created with names such as 3Pt2mN2VXxznjll. +These are encoded in a 52\-character alphabet that contains digits +(0\-9), upper\-case letters (B\-Z) and lower\-case letters (b\-z). For +safety reasons the vowels (AEIOUaeiou) are excluded from the alphabet. +The name format is: 6 or more characters for the time in seconds, +4 characters for the time in microseconds, the 'z'; the remainder +is the file inode number encoded in the first 51 characters of the +52\-character alphabet. +.IP \(bu +New messages have a Message\-ID header with +\fIqueueID\fR@\fImyhostname\fR. +.IP \(bu +The mailq (postqueue \-p) output has a wider Queue ID column. +The number of whitespace\-separated fields is not changed. +.IP \(bu +The hash_queue_depth algorithm uses the first characters +of the queue file creation time in microseconds, after conversion +into hexadecimal representation. This produces the same queue hashing +behavior as if the queue file name was created with "enable_long_queue_ids += no". +.br +.PP +Changing the parameter value to "no" has the following effects: +.IP \(bu +Existing long queue file names are renamed to the short +form (while running "postfix reload" or "postsuper"). +.IP \(bu +New queue files are created with names such as C3CD21F3E90 +from a hexadecimal alphabet that contains digits (0\-9) and upper\-case +letters (A\-F). The name format is: 5 characters for the time in +microseconds; the remainder is the file inode number. +.IP \(bu +New messages have a Message\-ID header with +\fIYYYYMMDDHHMMSS.queueid\fR@\fImyhostname\fR, where +\fIYYYYMMDDHHMMSS\fR are the year, month, day, hour, minute and +second. +.IP \(bu +The mailq (postqueue \-p) output has the same format as +with Postfix <= 2.8. +.IP \(bu +The hash_queue_depth algorithm uses the first characters +of the queue file name, with the hexadecimal representation of the +file creation time in microseconds. +.br +.PP +Before migration to Postfix <= 2.8, the following commands +are required to convert long queue file names into short names: +.PP +.nf +.na +.ft C +# postfix stop +# postconf enable_long_queue_ids=no +# postsuper +.fi +.ad +.ft R +.PP +Repeat the postsuper command until it reports no more queue file +name changes. +.PP +This feature is available in Postfix 2.9 and later. +.SH enable_original_recipient (default: yes) +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.PP +The original recipient address is used as follows: +.IP "Final delivery" +With "enable_original_recipient = +yes", the original recipient address is stored in the \fBX\-Original\-To\fR +message header. This header may be used to distinguish between +different recipients that share the same mailbox. +.br +.IP "Recipient deduplication" +With "enable_original_recipient += yes", the \fBcleanup\fR(8) daemon performs duplicate recipient elimination +based on the content of (original recipient, maybe\-rewritten +recipient) pairs. Otherwise, the \fBcleanup\fR(8) daemon performs duplicate +recipient elimination based only on the maybe\-rewritten recipient +address. +.br +.br +.PP +Note: with Postfix <= 3.2 the "setting enable_original_recipient += \fBno\fR" breaks address verification for addresses that are +aliased or otherwise rewritten (Postfix is unable to store the +address verification result under the original probe destination +address; instead, it can store the result only under the rewritten +address). +.PP +This feature is available in Postfix 2.1 and later. Postfix +version 2.0 behaves as if this parameter is always set to \fByes\fR. +Postfix versions before 2.0 have no support for the original recipient +address. +.SH enable_threaded_bounces (default: no) +Enable non\-delivery, success, and delay notifications that link +to the original message by including a References: and In\-Reply\-To: +header with the original Message\-ID value. There are advantages and +disadvantages to consider. +.IP "\fB advantage \fR" +This allows mail readers to present +a delivery status notification in the same email thread as the original +message. +.br +.IP "\fB disadvantage \fR" +This makes it easy for users to +mistakenly delete the whole email thread (all related messages), +instead of deleting only the non\-delivery notification. +.br +.br +.PP +This feature is available in Postfix 3.6 and later. +.SH error_notice_recipient (default: postmaster) +The recipient of postmaster notifications about mail delivery +problems that are caused by policy, resource, software or protocol +errors. These notifications are enabled with the notify_classes +parameter. +.SH error_service_name (default: error) +The name of the \fBerror\fR(8) pseudo delivery agent. This service always +returns mail as undeliverable. +.PP +This feature is available in Postfix 2.0 and later. +.SH execution_directory_expansion_filter (default: see "postconf \-d" output) +Restrict the characters that the \fBlocal\fR(8) delivery agent allows +in $name expansions of $command_execution_directory. Characters +outside the allowed set are replaced by underscores. +.PP +This feature is available in Postfix 2.2 and later. +.SH expand_owner_alias (default: no) +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +Normally, Postfix sets the envelope sender address to the name of +the "owner\-\fIaliasname\fR" alias. +.SH export_environment (default: see "postconf \-d" output) +The list of environment variables that a Postfix process will export +to non\-Postfix processes. The TZ variable is needed for sane +time keeping on System\-V\-ish systems. +.PP +Specify a list of names and/or name=value pairs, separated by +whitespace or comma. Specify "{ name=value }" to protect whitespace +or comma in parameter values (whitespace after the opening "{" and +before the closing "}" +is ignored). The form name=value is supported with Postfix version +2.1 and later; the use of {} is supported with Postfix 3.0 and +later. +.PP +Example: +.PP +.nf +.na +.ft C +export_environment = TZ PATH=/bin:/usr/bin +.fi +.ad +.ft R +.SH extract_recipient_limit (default: 10240) +The maximal number of recipient addresses that Postfix will extract +from message headers when mail is submitted with "\fBsendmail \-t\fR". +.PP +This feature was removed in Postfix version 2.1. +.SH fallback_relay (default: empty) +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. With Postfix 2.3 this parameter +is renamed to smtp_fallback_relay. +.PP +By default, mail is returned to the sender when a destination is +not found, and delivery is deferred when a destination is unreachable. +.PP +The fallback relays must be SMTP destinations. Specify a domain, +host, host:port, [host]:port, [address] or [address]:port; the form +[host] turns off MX lookups. If you specify multiple SMTP +destinations, Postfix will try them in the specified order. +.PP +Note: before Postfix 2.2, do not use the fallback_relay feature +when relaying mail +for a backup or primary MX domain. Mail would loop between the +Postfix MX host and the fallback_relay host when the final destination +is unavailable. +.IP \(bu +In main.cf specify "relay_transport = relay", +.IP \(bu +In master.cf specify "\-o fallback_relay =" (i.e., empty) at +the end of the relay entry. +.IP \(bu +In transport maps, specify "relay:\fInexthop...\fR" +as the right\-hand side for backup or primary MX domain entries. +.br +.PP +Postfix version 2.2 and later will not use the fallback_relay feature +for destinations that it is MX host for. +.SH fallback_transport (default: empty) +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for names that are not found in the \fBaliases\fR(5) +or UNIX password database. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.SH fallback_transport_maps (default: empty) +Optional lookup tables with per\-recipient message delivery +transports for recipients that the \fBlocal\fR(8) delivery agent could +not find in the \fBaliases\fR(5) or UNIX password database. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.PP +For safety reasons, this feature does not allow $number +substitutions in regular expression maps. +.PP +This feature is available in Postfix 2.3 and later. +.SH fast_flush_domains (default: $relay_domains) +Optional list of destinations that are eligible for per\-destination +logfiles with mail that is queued to those destinations. +.PP +By default, Postfix maintains "fast flush" logfiles only for +destinations that the Postfix SMTP server is willing to relay to +(i.e. the default is: "fast_flush_domains = $relay_domains"; see +the relay_domains parameter in the \fBpostconf\fR(5) manual). +.PP +Specify a list of hosts or domains, "/file/name" patterns or +"type:table" lookup tables, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. A +"/file/name" pattern is replaced by its contents; a "type:table" +lookup table is matched when the domain or its parent domain appears +as lookup key. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "fast_flush_domains" in the parent_domain_matches_subdomains +parameter value. +.PP +Specify "fast_flush_domains =" (i.e., empty) to disable the feature +altogether. +.SH fast_flush_purge_time (default: 7d) +The time after which an empty per\-destination "fast flush" logfile +is deleted. +.PP +You can specify the time as a number, or as a number followed by +a letter that indicates the time unit: s=seconds, m=minutes, h=hours, +d=days, w=weeks. The default time unit is days. +.SH fast_flush_refresh_time (default: 12h) +The time after which a non\-empty but unread per\-destination "fast +flush" logfile needs to be refreshed. The contents of a logfile +are refreshed by requesting delivery of all messages listed in the +logfile. +.PP +You can specify the time as a number, or as a number followed by +a letter that indicates the time unit: s=seconds, m=minutes, h=hours, +d=days, w=weeks. The default time unit is hours. +.SH fault_injection_code (default: 0) +Force specific internal tests to fail, to test the handling of +errors that are difficult to reproduce otherwise. +.SH flush_service_name (default: flush) +The name of the \fBflush\fR(8) service. This service maintains per\-destination +logfiles with the queue file names of mail that is queued for those +destinations. +.PP +This feature is available in Postfix 2.0 and later. +.SH fork_attempts (default: 5) +The maximal number of attempts to fork() a child process. +.SH fork_delay (default: 1s) +The delay between attempts to fork() a child process. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH forward_expansion_filter (default: see "postconf \-d" output) +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $forward_path. Characters outside the +allowed set are replaced by underscores. +.SH forward_path (default: see "postconf \-d" output) +The \fBlocal\fR(8) delivery agent search list for finding a .forward +file with user\-specified delivery methods. The first file that is +found is used. +.PP +The forward_path value is not subject to Postfix configuration +parameter $name expansion. Instead, the following $name expansions +are done on forward_path before the search actually happens. +The result of $name expansion is +filtered with the character set that is specified with the +forward_expansion_filter parameter. +.IP "\fB$user\fR" +The recipient's username. +.br +.IP "\fB$shell\fR" +The recipient's login shell pathname. +.br +.IP "\fB$home\fR" +The recipient's home directory. +.br +.IP "\fB$recipient\fR" +The full recipient address. +.br +.IP "\fB$extension\fR" +The optional recipient address extension. +.br +.IP "\fB$domain\fR" +The recipient domain. +.br +.IP "\fB$local\fR" +The entire recipient localpart. +.br +.IP "\fB$recipient_delimiter\fR" +The address extension delimiter that was found in the recipient +address (Postfix 2.11 and later), or the 'first' delimiter specified +with the system\-wide recipient address extension delimiter (Postfix +3.5.22, 3.5.12, 3.7.8, 3.8.3 and later). Historically, this was +always the system\-wide recipient +address extension delimiter (Postfix 2.10 and earlier). +.br +.IP "\fB${name?value}\fR" +.IP "\fB${name?{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. +.br +.IP "\fB${name:value}\fR" +.IP "\fB${name:{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is empty. +.br +.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)" +Expands to \fIvalue1\fR when \fI$name\fR is non\-empty, +\fIvalue2\fR otherwise. +.br +.br +.PP +Instead of $name you can also specify ${name} or $(name). +.PP +Examples: +.PP +.nf +.na +.ft C +forward_path = /var/forward/$user +forward_path = + /var/forward/$user/.forward$recipient_delimiter$extension, + /var/forward/$user/.forward +.fi +.ad +.ft R +.SH frozen_delivered_to (default: yes) +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: +address (see prepend_delivered_header) only once, at the start of +a delivery attempt; do not update the Delivered\-To: address while +expanding aliases or .forward files. +.PP +This feature is available in Postfix 2.3 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"no". The old setting can be expensive with deeply nested aliases +or .forward files. When an alias or .forward file changes the +Delivered\-To: address, it ties up one queue file and one cleanup +process instance while mail is being forwarded. +.SH hash_queue_depth (default: 1) +The number of subdirectory levels for queue directories listed with +the hash_queue_names parameter. Queue hashing is implemented by +creating one or more levels of directories with one\-character names. +Originally, these directory names were equal to the first characters +of the queue file name, with the hexadecimal representation of the +file creation time in microseconds. +.PP +With long queue file names, queue hashing produces the same +results as with short names. The file creation time in microseconds +is converted into hexadecimal form before the result is used for +queue hashing. The base 16 encoding gives finer control over the +number of subdirectories than is possible with the base 52 encoding +of long queue file names. +.PP +After changing the hash_queue_names or hash_queue_depth parameter, +execute the command "\fBpostfix reload\fR". +.SH hash_queue_names (default: deferred, defer) +The names of queue directories that are split across multiple +subdirectory levels. +.PP +Before Postfix version 2.2, the default list of hashed queues +was significantly larger. Claims about improvements in file system +technology suggest that hashing of the incoming and active queues +is no longer needed. Fewer hashed directories speed up the time +needed to restart Postfix. +.PP +After changing the hash_queue_names or hash_queue_depth parameter, +execute the command "\fBpostfix reload\fR". +.SH header_address_token_limit (default: 10240) +The maximal number of address tokens are allowed in an address +message header. Information that exceeds the limit is discarded. +The limit is enforced by the \fBcleanup\fR(8) server. +.SH header_checks (default: empty) +Optional lookup tables for content inspection of primary non\-MIME +message headers, as specified in the \fBheader_checks\fR(5) manual page. +.SH header_from_format (default: standard) +The format of the Postfix\-generated \fBFrom:\fR header. This +setting affects the appearance of 'full name' information when a +local program such as /bin/mail submits a message without a From: +header through the Postfix \fBsendmail\fR(1) command. +.PP +Specify one of the following: +.IP "\fBstandard\fR (default)" +Produce a header formatted +as "\fBFrom:\fR \fIname\fR\fB <\fR\fIaddress\fR\fB>\fR". +This is the default as of Postfix 3.3. +.br +.IP "\fBobsolete\fR" +Produce a header formatted as "\fBFrom:\fR +\fIaddress\fR \fB(\fR\fIname\fR\fB)\fR". This is the behavior +prior to Postfix 3.3. +.br +.br +.PP +Notes: +.IP \(bu +Postfix generates the format "\fBFrom:\fR \fIaddress\fR" +when \fIname\fR information is unavailable or the envelope sender +address is empty. This is the same behavior as prior to Postfix +3.3. +.IP \(bu +In the \fBstandard\fR form, the \fIname\fR will be quoted +if it contains \fBspecials\fR as defined in RFC 5322, or the "!%" +address operators. +.IP \(bu +The Postfix \fBsendmail\fR(1) command gets \fIname\fR information +from the \fB\-F\fR command\-line option, from the \fBNAME\fR +environment variable, or from the UNIX password file. +.br +.PP +This feature is available in Postfix 3.3 and later. +.SH header_size_limit (default: 102400) +The maximal amount of memory in bytes for storing a message header. +If a header is larger, the excess is discarded. The limit is +enforced by the \fBcleanup\fR(8) server. +.SH helpful_warnings (default: yes) +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.PP +This feature is available in Postfix 2.0 and later. +.SH home_mailbox (default: empty) +Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's +home directory. +.PP +Specify a pathname ending in "/" for qmail\-style delivery. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.PP +Examples: +.PP +.nf +.na +.ft C +home_mailbox = Mailbox +home_mailbox = Maildir/ +.fi +.ad +.ft R +.SH hopcount_limit (default: 50) +The maximal number of Received: message headers that is allowed +in the primary message headers. A message that exceeds the limit +is bounced, in order to stop a mailer loop. +.SH html_directory (default: see "postconf \-d" output) +The location of Postfix HTML files that describe how to build, +configure or operate a specific Postfix subsystem or feature. +.SH ignore_mx_lookup_error (default: no) +Ignore DNS MX lookups that produce no response. By default, +the Postfix SMTP client defers delivery and tries again after some +delay. This behavior is required by the SMTP standard. +.PP +Specify "ignore_mx_lookup_error = yes" to force a DNS A record +lookup instead. This violates the SMTP standard and can result in +mis\-delivery of mail. +.SH import_environment (default: see "postconf \-d" output) +The list of environment variables that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. Unprivileged utilities will enforce the +name=value overrides, but otherwise will not change their process +environment. Examples of relevant environment variables: +.IP "\fBTZ\fR" +May be needed for sane time keeping on most System\-V\-ish systems. +.br +.IP "\fBDISPLAY\fR" +Needed for debugging Postfix daemons with an X\-windows debugger. +.br +.IP "\fBXAUTHORITY\fR" +Needed for debugging Postfix daemons with an X\-windows debugger. +.br +.IP "\fBMAIL_CONFIG\fR" +Needed to make "\fBpostfix \-c\fR" work. +.br +.br +.PP +Specify a list of names and/or name=value pairs, separated by +whitespace or comma. Specify "{ name=value }" to protect whitespace +or comma in environment variable values (whitespace after the opening "{" and +before the closing "}" +is ignored). The form name=value is supported with Postfix version +2.1 and later; the use of {} is supported with Postfix 3.0 and +later. +.SH in_flow_delay (default: 1s) +Time to pause before accepting a new message, when the message +arrival rate exceeds the message delivery rate. This feature is +turned on by default (it's disabled on SCO UNIX due to an SCO bug). +.PP +With the default 100 Postfix SMTP server process limit, "in_flow_delay += 1s" limits the mail inflow to 100 messages per second above the +number of messages delivered per second. +.PP +Specify 0 to disable the feature. Valid delays are 0..10. +.SH inet_interfaces (default: all) +The network interface addresses that this mail system receives +mail on. Specify "all" to receive mail on all network +interfaces (default), and "loopback\-only" to receive mail +on loopback network interfaces only (Postfix version 2.2 and later). The +parameter also controls delivery of mail to user@[ip.address]. +.PP +Note 1: you need to stop and start Postfix when this parameter changes. +.PP +Note 2: address information may be enclosed inside [], +but this form is not required here. +.PP +When inet_interfaces specifies just one IPv4 and/or IPv6 address +that is not a loopback address, the Postfix SMTP client will use +this address as the IP source address for outbound mail. Support +for IPv6 is available in Postfix version 2.2 and later. +.PP +On a multi\-homed firewall with separate Postfix instances listening on the +"inside" and "outside" interfaces, this can prevent each instance from +being able to reach remote SMTP servers on the "other side" of the +firewall. Setting +smtp_bind_address to 0.0.0.0 avoids the potential problem for +IPv4, and setting smtp_bind_address6 to :: solves the problem +for IPv6. +.PP +A better solution for multi\-homed firewalls is to leave inet_interfaces +at the default value and instead use explicit IP addresses in +the master.cf SMTP server definitions. This preserves the Postfix +SMTP client's +loop detection, by ensuring that each side of the firewall knows that the +other IP address is still the same host. Setting $inet_interfaces to a +single IPv4 and/or IPV6 address is primarily useful with virtual +hosting of domains on +secondary IP addresses, when each IP address serves a different domain +(and has a different $myhostname setting). +.PP +See also the proxy_interfaces parameter, for network addresses that +are forwarded to Postfix by way of a proxy or address translator. +.PP +Examples: +.PP +.nf +.na +.ft C +inet_interfaces = all (DEFAULT) +inet_interfaces = loopback\-only (Postfix version 2.2 and later) +inet_interfaces = 127.0.0.1 +inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) +inet_interfaces = 192.168.1.2, 127.0.0.1 +.fi +.ad +.ft R +.SH inet_protocols (default: see 'postconf \-d output') +The Internet protocols Postfix will attempt to use when making +or accepting connections. Specify one or more of "ipv4" +or "ipv6", separated by whitespace or commas. The form +"all" is equivalent to "ipv4, ipv6" or "ipv4", depending +on whether the operating system implements IPv6. +.PP +With Postfix 2.8 and earlier the default is "ipv4". For backwards +compatibility with these releases, the Postfix 2.9 and later upgrade +procedure appends an explicit "inet_protocols = ipv4" setting to +main.cf when no explicit setting is present. This compatibility +workaround will be phased out as IPv6 deployment becomes more common. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Note: you MUST stop and start Postfix after changing this +parameter. +.PP +On systems that pre\-date IPV6_V6ONLY support (RFC 3493), an +IPv6 server will also accept IPv4 connections, even when IPv4 is +turned off with the inet_protocols parameter. On systems with +IPV6_V6ONLY support, Postfix will use separate server sockets for +IPv6 and IPv4, and each will accept only connections for the +corresponding protocol. +.PP +When IPv4 support is enabled via the inet_protocols parameter, +Postfix will look up DNS type A records, and will convert +IPv4\-in\-IPv6 client IP addresses (::ffff:1.2.3.4) to their original +IPv4 form (1.2.3.4). The latter is needed on hosts that pre\-date +IPV6_V6ONLY support (RFC 3493). +.PP +When IPv6 support is enabled via the inet_protocols parameter, +Postfix will do DNS type AAAA record lookups. +.PP +When both IPv4 and IPv6 support are enabled, the Postfix SMTP +client will choose the protocol as specified with the +smtp_address_preference parameter. Postfix versions before 2.8 +attempt to connect via IPv6 before attempting to use IPv4. +.PP +Examples: +.PP +.nf +.na +.ft C +inet_protocols = ipv4 +inet_protocols = all (DEFAULT) +inet_protocols = ipv6 +inet_protocols = ipv4, ipv6 +.fi +.ad +.ft R +.SH info_log_address_format (default: external) +The email address form that will be used in non\-debug logging +(info, warning, etc.). As of Postfix 3.5 when an address localpart +contains spaces or other special characters, the localpart will be +quoted, for example: +.sp +.in +4 +.nf +.na +.ft C + from=<"name with spaces"@example.com> +.fi +.ad +.ft R +.in -4 +.PP +Older Postfix versions would log the internal (unquoted) form: +.sp +.in +4 +.nf +.na +.ft C + from=<name with spaces@example.com> +.fi +.ad +.ft R +.in -4 +.PP +The external and internal forms are identical for the vast +majority of email addresses that contain no spaces or other special +characters in the localpart. +.PP +The logging in external form is consistent with the address +form that Postfix 3.2 and later prefer for most table lookups. This +is therefore the more useful form for non\-debug logging. +.PP +Specify "\fBinfo_log_address_format = internal\fR" for backwards +compatibility. +.PP +Postfix uses the unquoted form internally, because an attacker +can specify an email address in different forms by playing games +with quotes and backslashes. An attacker should not be able to use +such games to circumvent Postfix access policies. +.PP +This feature is available in Postfix 3.5 and later. +.SH initial_destination_concurrency (default: 5) +The initial per\-destination concurrency level for parallel delivery +to the same destination. +With per\-destination recipient limit > 1, a destination is a domain, +otherwise it is a recipient. +.PP +Use \fItransport\fR_initial_destination_concurrency to specify +a transport\-specific override, where \fItransport\fR is the master.cf +name of the message delivery transport (Postfix 2.5 and later). +.PP +Warning: with concurrency of 1, one bad message can be enough to +block all mail to a site. +.SH internal_mail_filter_classes (default: empty) +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. Specify zero or more of the following, separated +by whitespace or comma. +.IP "\fBbounce\fR" +Inspect the content of delivery +status notifications. +.br +.IP "\fBnotify\fR" +Inspect the content of postmaster +notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes. +.br +.br +.PP +NOTE: It's generally not safe to enable content inspection of +Postfix\-generated email messages. The user is warned. +.PP +This feature is available in Postfix 2.3 and later. +.SH invalid_hostname_reject_code (default: 501) +The numerical Postfix SMTP server response code when the client +HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname +restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH ipc_idle (default: version dependent) +The time after which a client closes an idle internal communication +channel. The purpose is to allow Postfix daemon processes to +terminate voluntarily after they become idle. This is used, for +example, by the Postfix address resolving and rewriting clients. +.PP +With Postfix 2.4 the default value was reduced from 100s to 5s. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH ipc_timeout (default: 3600s) +The time limit for sending or receiving information over an internal +communication channel. The purpose is to break out of deadlock +situations. If the time limit is exceeded the software aborts with a +fatal error. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH ipc_ttl (default: 1000s) +The time after which a client closes an active internal communication +channel. The purpose is to allow Postfix daemon processes to +terminate voluntarily +after reaching their client limit. This is used, for example, by +the Postfix address resolving and rewriting clients. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH known_tcp_ports (default: lmtp=24, smtp=25, smtps=submissions=465, submission=587) +Optional setting that avoids lookups in the \fBservices\fR(5) database. +This feature was implemented to address inconsistencies in the name +of the port "465" service. The ABNF is: +.sp +.in +4 +known_tcp_ports = empty | name\-to\-port *("," name\-to\-port) +.br +name\-to\-port = 1*(service\-name "=') port\-number +.in -4 +.PP +The comma is required. Whitespace is optional but it cannot appear +inside a service name or port number. +.PP +This feature is available in Postfix 3.6 and later. +.SH line_length_limit (default: 2048) +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.SH lmdb_map_size (default: 16777216) +The initial OpenLDAP LMDB database size limit in bytes. Each time +a database becomes full, its size limit is doubled. +.PP +This feature is available in Postfix 2.11 and later. +.SH lmtp_address_preference (default: ipv6) +The LMTP\-specific version of the smtp_address_preference +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.8 and later. +.SH lmtp_address_verify_target (default: rcpt) +The LMTP\-specific version of the smtp_address_verify_target +configuration parameter. See there for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH lmtp_assume_final (default: no) +When a remote LMTP server announces no DSN support, assume that +the +server performs final delivery, and send "delivered" delivery status +notifications instead of "relayed". The default setting is backwards +compatible to avoid the infinitesimal possibility of breaking +existing LMTP\-based content filters. +.SH lmtp_balance_inet_protocols (default: yes) +The LMTP\-specific version of the smtp_balance_inet_protocols +configuration parameter. See there for details. +.PP +This feature is available in Postfix 3.3 and later. +.SH lmtp_bind_address (default: empty) +The LMTP\-specific version of the smtp_bind_address configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_bind_address6 (default: empty) +The LMTP\-specific version of the smtp_bind_address6 configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_bind_address_enforce (default: empty) +The LMTP\-specific version of the smtp_bind_address_enforce +configuration parameter. See there for details. +.PP +This feature is available in Postfix 3.7 and later. +.SH lmtp_body_checks (default: empty) +The LMTP\-specific version of the smtp_body_checks configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_cache_connection (default: yes) +Keep Postfix LMTP client connections open for up to $max_idle +seconds. When the LMTP client receives a request for the same +connection the connection is reused. +.PP +This parameter is available in Postfix version 2.2 and earlier. +With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, +lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. +.PP +The effectiveness of cached connections will be determined by the +number of remote LMTP servers in use, and the concurrency limit specified +for the Postfix LMTP client. Cached connections are closed under any of +the following conditions: +.IP \(bu +The Postfix LMTP client idle time limit is reached. This limit is +specified with the Postfix max_idle configuration parameter. +.IP \(bu +A delivery request specifies a different destination than the +one currently cached. +.IP \(bu +The per\-process limit on the number of delivery requests is +reached. This limit is specified with the Postfix max_use +configuration parameter. +.IP \(bu +Upon the onset of another delivery request, the remote LMTP server +associated with the current session does not respond to the RSET +command. +.br +.PP +Most of these limitations have been with the Postfix +connection cache that is shared among multiple LMTP client +programs. +.SH lmtp_cname_overrides_servername (default: yes) +The LMTP\-specific version of the smtp_cname_overrides_servername +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_connect_timeout (default: 0s) +The Postfix LMTP client time limit for completing a TCP connection, or +zero (use the operating system built\-in time limit). When no +connection can be made within the deadline, the LMTP client tries +the next address on the mail exchanger list. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +Example: +.PP +.nf +.na +.ft C +lmtp_connect_timeout = 30s +.fi +.ad +.ft R +.SH lmtp_connection_cache_destinations (default: empty) +The LMTP\-specific version of the smtp_connection_cache_destinations +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_connection_cache_on_demand (default: yes) +The LMTP\-specific version of the smtp_connection_cache_on_demand +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_connection_cache_time_limit (default: 2s) +The LMTP\-specific version of the +smtp_connection_cache_time_limit configuration parameter. +See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_connection_reuse_count_limit (default: 0) +The LMTP\-specific version of the smtp_connection_reuse_count_limit +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.11 and later. +.SH lmtp_connection_reuse_time_limit (default: 300s) +The LMTP\-specific version of the smtp_connection_reuse_time_limit +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_data_done_timeout (default: 600s) +The Postfix LMTP client time limit for sending the LMTP ".", +and for receiving the remote LMTP server response. When no response +is received within the deadline, a warning is logged that the mail +may be delivered multiple times. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_data_init_timeout (default: 120s) +The Postfix LMTP client time limit for sending the LMTP DATA command, +and +for receiving the remote LMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_data_xfer_timeout (default: 180s) +The Postfix LMTP client time limit for sending the LMTP message +content. +When the connection stalls for more than $lmtp_data_xfer_timeout +the LMTP client terminates the transfer. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_defer_if_no_mx_address_found (default: no) +The LMTP\-specific version of the smtp_defer_if_no_mx_address_found +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_delivery_status_filter (default: empty) +The LMTP\-specific version of the smtp_delivery_status_filter +configuration parameter. See there for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH lmtp_destination_concurrency_limit (default: $default_destination_concurrency_limit) +The maximal number of parallel deliveries to the same destination +via the lmtp message delivery transport. This limit is enforced by +the queue manager. The message delivery transport name is the first +field in the entry in the master.cf file. +.SH lmtp_destination_recipient_limit (default: $default_destination_recipient_limit) +The maximal number of recipients per message for the lmtp +message delivery transport. This limit is enforced by the queue +manager. The message delivery transport name is the first field in +the entry in the master.cf file. +.PP +Setting this parameter to a value of 1 changes the meaning of +lmtp_destination_concurrency_limit from concurrency per domain into +concurrency per recipient. +.SH lmtp_discard_lhlo_keyword_address_maps (default: empty) +Lookup tables, indexed by the remote LMTP server address, with +case insensitive lists of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. See lmtp_discard_lhlo_keywords for +details. The table is not indexed by hostname for consistency with +smtpd_discard_ehlo_keyword_address_maps. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_discard_lhlo_keywords (default: empty) +A case insensitive list of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. +.PP +This feature is available in Postfix 2.3 and later. +.PP +Notes: +.IP \(bu +Specify the \fBsilent\-discard\fR pseudo keyword to prevent +this action from being logged. +.IP \(bu +Use the lmtp_discard_lhlo_keyword_address_maps feature to +discard LHLO keywords selectively. +.br +.SH lmtp_dns_reply_filter (default: empty) +Optional filter for Postfix LMTP client DNS lookup results. +See smtp_dns_reply_filter for details including an example. +.PP +This feature is available in Postfix 3.0 and later. +.SH lmtp_dns_resolver_options (default: empty) +The LMTP\-specific version of the smtp_dns_resolver_options +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.8 and later. +.SH lmtp_dns_support_level (default: empty) +The LMTP\-specific version of the smtp_dns_support_level +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.11 and later. +.SH lmtp_enforce_tls (default: no) +The LMTP\-specific version of the smtp_enforce_tls configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_fallback_relay (default: empty) +Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. In main.cf elements are separated by +whitespace or commas. +.PP +By default, mail is returned to the sender when a destination is not +found, and delivery is deferred when a destination is unreachable. +.PP +The fallback relays must be TCP destinations, specified without +a leading "inet:" prefix. Specify a host or host:port. Since MX +lookups do not apply with LMTP, there is no need to use the "[host]" or +"[host]:port" forms. If you specify multiple LMTP destinations, Postfix +will try them in the specified order. +.PP +This feature is available in Postfix 3.1 and later. +.SH lmtp_generic_maps (default: empty) +The LMTP\-specific version of the smtp_generic_maps configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_header_checks (default: empty) +The LMTP\-specific version of the smtp_header_checks configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_host_lookup (default: dns) +The LMTP\-specific version of the smtp_host_lookup configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_lhlo_name (default: $myhostname) +The hostname to send in the LMTP LHLO command. +.PP +The default value is the machine hostname. Specify a hostname or +[ip.add.re.ss] or [ip:v6:add:re::ss]. +.PP +This information can be specified in the main.cf file for all LMTP +clients, or it can be specified in the master.cf file for a specific +client, for example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + mylmtp ... lmtp \-o lmtp_lhlo_name=foo.bar.com +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_lhlo_timeout (default: 300s) +The Postfix LMTP client time limit for sending the LHLO command, +and for receiving the initial remote LMTP server response. +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w +(weeks). The default time unit is s (seconds). +.SH lmtp_line_length_limit (default: 990) +The LMTP\-specific version of the smtp_line_length_limit +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_mail_timeout (default: 300s) +The Postfix LMTP client time limit for sending the MAIL FROM command, +and for receiving the remote LMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_mime_header_checks (default: empty) +The LMTP\-specific version of the smtp_mime_header_checks +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_min_data_rate (default: 500) +The LMTP\-specific version of the smtp_min_data_rate configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.7 and later. +.SH lmtp_mx_address_limit (default: 5) +The LMTP\-specific version of the smtp_mx_address_limit configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_mx_session_limit (default: 2) +The LMTP\-specific version of the smtp_mx_session_limit configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_nested_header_checks (default: empty) +The LMTP\-specific version of the smtp_nested_header_checks +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_per_record_deadline (default: no) +The LMTP\-specific version of the smtp_per_record_deadline +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.9 and later. +.SH lmtp_per_request_deadline (default: no) +The LMTP\-specific version of the smtp_per_request_deadline +configuration parameter. See there for details. +.PP +This feature is available in Postfix 3.7 and later. +.SH lmtp_pix_workaround_delay_time (default: 10s) +The LMTP\-specific version of the smtp_pix_workaround_delay_time +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_pix_workaround_maps (default: empty) +The LMTP\-specific version of the smtp_pix_workaround_maps +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.4 and later. +.SH lmtp_pix_workaround_threshold_time (default: 500s) +The LMTP\-specific version of the smtp_pix_workaround_threshold_time +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_pix_workarounds (default: empty) +The LMTP\-specific version of the smtp_pix_workaround +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.4 and later. +.SH lmtp_quit_timeout (default: 300s) +The Postfix LMTP client time limit for sending the QUIT command, +and for receiving the remote LMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_quote_rfc821_envelope (default: yes) +The LMTP\-specific version of the smtp_quote_rfc821_envelope +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_randomize_addresses (default: yes) +The LMTP\-specific version of the smtp_randomize_addresses +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_rcpt_timeout (default: 300s) +The Postfix LMTP client time limit for sending the RCPT TO command, +and for receiving the remote LMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_reply_filter (default: empty) +The LMTP\-specific version of the smtp_reply_filter +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.7 and later. +.SH lmtp_rset_timeout (default: 20s) +The Postfix LMTP client time limit for sending the RSET command, +and for receiving the remote LMTP server response. The LMTP client +sends RSET in +order to finish a recipient address probe, or to verify that a +cached connection is still alive. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH lmtp_sasl_auth_cache_name (default: empty) +The LMTP\-specific version of the smtp_sasl_auth_cache_name +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_sasl_auth_cache_time (default: 90d) +The LMTP\-specific version of the smtp_sasl_auth_cache_time +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_sasl_auth_enable (default: no) +Enable SASL authentication in the Postfix LMTP client. +.SH lmtp_sasl_auth_soft_bounce (default: yes) +The LMTP\-specific version of the smtp_sasl_auth_soft_bounce +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_sasl_mechanism_filter (default: empty) +The LMTP\-specific version of the smtp_sasl_mechanism_filter +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_sasl_password_maps (default: empty) +Optional Postfix LMTP client lookup tables with one username:password entry +per host or domain. If a remote host or domain has no username:password +entry, then the Postfix LMTP client will not attempt to authenticate +to the remote host. +.SH lmtp_sasl_path (default: empty) +Implementation\-specific information that is passed through to +the SASL plug\-in implementation that is selected with +\fBlmtp_sasl_type\fR. Typically this specifies the name of a +configuration file or rendezvous point. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_sasl_security_options (default: noplaintext, noanonymous) +SASL security options; as of Postfix 2.3 the list of available +features depends on the SASL client implementation that is selected +with \fBlmtp_sasl_type\fR. +.PP +The following security features are defined for the \fBcyrus\fR +client SASL implementation: +.IP "\fBnoplaintext\fR" +Disallow authentication methods that use plaintext passwords. +.br +.IP "\fBnoactive\fR" +Disallow authentication methods that are vulnerable to non\-dictionary +active attacks. +.br +.IP "\fBnodictionary\fR" +Disallow authentication methods that are vulnerable to passive +dictionary attacks. +.br +.IP "\fBnoanonymous\fR" +Disallow anonymous logins. +.br +.br +.PP +Example: +.PP +.nf +.na +.ft C +lmtp_sasl_security_options = noplaintext +.fi +.ad +.ft R +.SH lmtp_sasl_tls_security_options (default: $lmtp_sasl_security_options) +The LMTP\-specific version of the smtp_sasl_tls_security_options +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_sasl_tls_verified_security_options (default: $lmtp_sasl_tls_security_options) +The LMTP\-specific version of the +smtp_sasl_tls_verified_security_options configuration parameter. +See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_sasl_type (default: cyrus) +The SASL plug\-in type that the Postfix LMTP client should use +for authentication. The available types are listed with the +"\fBpostconf \-A\fR" command. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_send_dummy_mail_auth (default: no) +The LMTP\-specific version of the smtp_send_dummy_mail_auth +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.9 and later. +.SH lmtp_send_xforward_command (default: no) +Send an XFORWARD command to the remote LMTP server when the LMTP LHLO +server response announces XFORWARD support. This allows an \fBlmtp\fR(8) +delivery agent, used for content filter message injection, to +forward the name, address, protocol and HELO name of the original +client to the content filter and downstream LMTP server. +Before you change the value to yes, it is best to make sure that +your content filter supports this command. +.PP +This feature is available in Postfix 2.1 and later. +.SH lmtp_sender_dependent_authentication (default: no) +The LMTP\-specific version of the smtp_sender_dependent_authentication +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_skip_5xx_greeting (default: yes) +The LMTP\-specific version of the smtp_skip_5xx_greeting +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_skip_quit_response (default: no) +Wait for the response to the LMTP QUIT command. +.SH lmtp_starttls_timeout (default: 300s) +The LMTP\-specific version of the smtp_starttls_timeout configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tcp_port (default: 24) +The default TCP port that the Postfix LMTP client connects to. +Specify a symbolic name (see \fBservices\fR(5)) or a numeric port. +.SH lmtp_tls_CAfile (default: empty) +The LMTP\-specific version of the smtp_tls_CAfile +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_CApath (default: empty) +The LMTP\-specific version of the smtp_tls_CApath +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_block_early_mail_reply (default: empty) +The LMTP\-specific version of the smtp_tls_block_early_mail_reply +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.7 and later. +.SH lmtp_tls_cert_file (default: empty) +The LMTP\-specific version of the smtp_tls_cert_file +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_chain_files (default: empty) +The LMTP\-specific version of the smtp_tls_chain_files configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.4 and later. +.SH lmtp_tls_ciphers (default: medium) +The LMTP\-specific version of the smtp_tls_ciphers configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.6 and later. +.SH lmtp_tls_connection_reuse (default: no) +The LMTP\-specific version of the smtp_tls_connection_reuse configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.4 and later. +.SH lmtp_tls_dcert_file (default: empty) +The LMTP\-specific version of the smtp_tls_dcert_file +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_dkey_file (default: $lmtp_tls_dcert_file) +The LMTP\-specific version of the smtp_tls_dkey_file +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_eccert_file (default: empty) +The LMTP\-specific version of the smtp_tls_eccert_file configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH lmtp_tls_eckey_file (default: empty) +The LMTP\-specific version of the smtp_tls_eckey_file configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH lmtp_tls_enforce_peername (default: yes) +The LMTP\-specific version of the smtp_tls_enforce_peername +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_exclude_ciphers (default: empty) +The LMTP\-specific version of the smtp_tls_exclude_ciphers +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_fingerprint_cert_match (default: empty) +The LMTP\-specific version of the smtp_tls_fingerprint_cert_match +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_tls_fingerprint_digest (default: see "postconf \-d" output) +The LMTP\-specific version of the smtp_tls_fingerprint_digest +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.5 and later. +.SH lmtp_tls_force_insecure_host_tlsa_lookup (default: no) +The LMTP\-specific version of the smtp_tls_force_insecure_host_tlsa_lookup +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.11 and later. +.SH lmtp_tls_key_file (default: $lmtp_tls_cert_file) +The LMTP\-specific version of the smtp_tls_key_file +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_loglevel (default: 0) +The LMTP\-specific version of the smtp_tls_loglevel +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_mandatory_ciphers (default: medium) +The LMTP\-specific version of the smtp_tls_mandatory_ciphers +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_mandatory_exclude_ciphers (default: empty) +The LMTP\-specific version of the smtp_tls_mandatory_exclude_ciphers +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_mandatory_protocols (default: see postconf \-d output) +The LMTP\-specific version of the smtp_tls_mandatory_protocols +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_note_starttls_offer (default: no) +The LMTP\-specific version of the smtp_tls_note_starttls_offer +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_per_site (default: empty) +The LMTP\-specific version of the smtp_tls_per_site configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_policy_maps (default: empty) +The LMTP\-specific version of the smtp_tls_policy_maps +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_protocols (default: see postconf \-d output) +The LMTP\-specific version of the smtp_tls_protocols configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.6 and later. +.SH lmtp_tls_scert_verifydepth (default: 9) +The LMTP\-specific version of the smtp_tls_scert_verifydepth +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_secure_cert_match (default: nexthop) +The LMTP\-specific version of the smtp_tls_secure_cert_match +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_security_level (default: empty) +The LMTP\-specific version of the smtp_tls_security_level configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_servername (default: empty) +The LMTP\-specific version of the smtp_tls_servername configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.4 and later. +.SH lmtp_tls_session_cache_database (default: empty) +The LMTP\-specific version of the smtp_tls_session_cache_database +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_session_cache_timeout (default: 3600s) +The LMTP\-specific version of the smtp_tls_session_cache_timeout +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_trust_anchor_file (default: empty) +The LMTP\-specific version of the smtp_tls_trust_anchor_file +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.11 and later. +.SH lmtp_tls_verify_cert_match (default: hostname) +The LMTP\-specific version of the smtp_tls_verify_cert_match +configuration parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_wrappermode (default: no) +The LMTP\-specific version of the smtp_tls_wrappermode configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH lmtp_use_tls (default: no) +The LMTP\-specific version of the smtp_use_tls configuration +parameter. See there for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH lmtp_xforward_timeout (default: 300s) +The Postfix LMTP client time limit for sending the XFORWARD command, +and for receiving the remote LMTP server response. +.PP +In case of problems the client does NOT try the next address on +the mail exchanger list. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH local_command_shell (default: empty) +Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix commands. +By default, non\-Postfix commands are executed directly; commands +are given to the default shell (typically, /bin/sh) only when they +contain shell meta characters or shell built\-in commands. +.PP +"sendmail's restricted shell" (smrsh) is what most people will +use in order to restrict what programs can be run from e.g. .forward +files (smrsh is part of the Sendmail distribution). +.PP +Note: when a shell program is specified, it is invoked even +when the command contains no shell built\-in commands or meta +characters. +.PP +Example: +.PP +.nf +.na +.ft C +local_command_shell = /some/where/smrsh \-c +local_command_shell = /bin/bash \-c +.fi +.ad +.ft R +.SH local_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBlocal\fR(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH local_destination_concurrency_limit (default: 2) +The maximal number of parallel deliveries via the local mail +delivery transport to the same recipient (when +"local_destination_recipient_limit = 1") or the maximal number of +parallel deliveries to the same local domain (when +"local_destination_recipient_limit > 1"). This limit is enforced by +the queue manager. The message delivery transport name is the first +field in the entry in the master.cf file. +.PP +A low limit of 2 is recommended, just in case someone has an +expensive shell command in a .forward file or in an alias (e.g., +a mailing list manager). You don't want to run lots of those at +the same time. +.SH local_destination_recipient_limit (default: 1) +The maximal number of recipients per message delivery via the +local mail delivery transport. This limit is enforced by the queue +manager. The message delivery transport name is the first field in +the entry in the master.cf file. +.PP +Setting this parameter to a value > 1 changes the meaning of +local_destination_concurrency_limit from concurrency per recipient +into concurrency per domain. +.SH local_header_rewrite_clients (default: permit_inet_interfaces) +Rewrite message header addresses in mail from these clients and +update incomplete addresses with the domain name in $myorigin or +$mydomain; either don't rewrite message headers from other clients +at all, or rewrite message headers and update incomplete addresses +with the domain specified in the remote_header_rewrite_domain +parameter. +.PP +See the append_at_myorigin and append_dot_mydomain parameters +for details of how domain names are appended to incomplete addresses. +.PP +Specify a list of zero or more of the following: +.IP "\fBpermit_inet_interfaces\fR" +Append the domain name in $myorigin or $mydomain when the +client IP address matches $inet_interfaces. This is enabled by +default. +.br +.IP "\fBpermit_mynetworks\fR" +Append the domain name in $myorigin or $mydomain when the +client IP address matches any network or network address listed in +$mynetworks. This setting will not prevent remote mail header +address rewriting when mail from a remote client is forwarded by +a neighboring system. +.br +.IP "\fBpermit_sasl_authenticated \fR" +Append the domain name in $myorigin or $mydomain when the +client is successfully authenticated via the RFC 4954 (AUTH) +protocol. +.br +.IP "\fBpermit_tls_clientcerts \fR" +Append the domain name in $myorigin or $mydomain when the +remote SMTP client TLS certificate fingerprint or public key fingerprint +(Postfix 2.9 and later) is listed in $relay_clientcerts. +The fingerprint digest algorithm is configurable via the +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to +Postfix version 2.5). +.br +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice +algorithm is now \fBsha256\fR. Recent advances in hash function +cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" +attacks against the older algorithms, their use in this context, though +not recommended, is still likely safe. +.br +.IP "\fBpermit_tls_all_clientcerts \fR" +Append the domain name in $myorigin or $mydomain when the +remote SMTP client TLS certificate is successfully verified, regardless of +whether it is listed on the server, and regardless of the certifying +authority. +.br +.IP "\fBcheck_address_map \fItype:table\fR \fR" +.IP "\fB\fItype:table\fR \fR" +Append the domain name in $myorigin or $mydomain when the +client IP address matches the specified lookup table. +The lookup result is ignored, and no subnet lookup is done. This +is suitable for, e.g., pop\-before\-smtp lookup tables. +.br +.br +.PP +Examples: +.PP +The Postfix < 2.2 backwards compatible setting: always rewrite +message headers, and always append my own domain to incomplete +header addresses. +.sp +.in +4 +.nf +.na +.ft C +local_header_rewrite_clients = static:all +.fi +.ad +.ft R +.in -4 +.PP +The purist (and default) setting: rewrite headers only in mail +from Postfix sendmail and in SMTP mail from this machine. +.sp +.in +4 +.nf +.na +.ft C +local_header_rewrite_clients = permit_inet_interfaces +.fi +.ad +.ft R +.in -4 +.PP +The intermediate setting: rewrite header addresses and append +$myorigin or $mydomain information only with mail from Postfix +sendmail, from local clients, or from authorized SMTP clients. +.PP +Note: this setting will not prevent remote mail header address +rewriting when mail from a remote client is forwarded by a neighboring +system. +.sp +.in +4 +.nf +.na +.ft C +local_header_rewrite_clients = permit_mynetworks, + permit_sasl_authenticated permit_tls_clientcerts + check_address_map hash:/etc/postfix/pop\-before\-smtp +.fi +.ad +.ft R +.in -4 +.SH local_login_sender_maps (default: static:*) +A list of lookup tables that are searched by the UNIX login name, +and that return a list of allowed envelope sender patterns separated +by space or comma. These sender patterns are enforced by the Postfix +\fBpostdrop\fR(1) command. The default is backwards\-compatible: +every user may specify any sender envelope address. +.PP +When no UNIX login name is available, the \fBpostdrop\fR(1) command will +prepend "\fBuid:\fR" to the numerical UID and use that instead. +.PP +This feature ignores address extensions in the user\-specified +envelope sender address. +.PP +The following sender patterns are special; these cannot be used +as part of a longer pattern. +.IP "\fB * \fR +This pattern allows any envelope sender address. +.br +.IP "\fB <> \fR" +This pattern allows the empty +envelope sender address. See the +empty_address_local_login_sender_maps_lookup_key configuration +parameter. +.br +.IP "\fB @\fR\fIdomain\fR" +This pattern allows an +envelope sender address when the '\fB@\fR' and \fIdomain\fR part +match. +.br +.br +.PP +Examples: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Allow root and postfix full control, anyone else can only + # send mail as themselves. Use "uid:" followed by the numerical + # UID when the UID has no entry in the UNIX password file. + local_login_sender_maps = + inline:{ { root = * }, { postfix = * } }, + pcre:/etc/postfix/login_senders +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/login_senders: + # Allow both the bare username and the user@domain forms. + /(.+)/ $1 $1@example.com +.fi +.ad +.ft R +.PP +This feature is available in Postfix 3.6 and later. +.SH local_recipient_maps (default: proxy:unix:passwd.byname $alias_maps) +Lookup tables with all names or addresses of local recipients: +a recipient address is local when its domain matches $mydestination, +$inet_interfaces or $proxy_interfaces. Specify @domain as a +wild\-card for domains that do not have a valid recipient list. +Technically, tables listed with $local_recipient_maps are used as +lists: Postfix needs to know only if a lookup string is found or +not, but it does not use the result from table lookup. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +If this parameter is non\-empty (the default), then the Postfix SMTP +server will reject mail for unknown local users. +.PP +To turn off local recipient checking in the Postfix SMTP server, +specify "local_recipient_maps =" (i.e. empty). +.PP +The default setting assumes that you use the default Postfix local +delivery agent for local delivery. You need to update the +local_recipient_maps setting if: +.IP \(bu +You redefine the local delivery agent in master.cf. +.IP \(bu +You redefine the "local_transport" setting in main.cf. +.IP \(bu +You use the "luser_relay", "mailbox_transport", or "fallback_transport" +feature of the Postfix \fBlocal\fR(8) delivery agent. +.br +.PP +Details are described in the LOCAL_RECIPIENT_README file. +.PP +Beware: if the Postfix SMTP server runs chrooted, you need to access +the passwd file via the \fBproxymap\fR(8) service, in order to overcome +chroot access restrictions. The alternative, maintaining a copy of +the system password file in the chroot jail is not practical. +.PP +Examples: +.PP +.nf +.na +.ft C +local_recipient_maps = +.fi +.ad +.ft R +.SH local_transport (default: local:$myhostname) +The default mail delivery transport and next\-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +This information can be overruled with the \fBtransport\fR(5) table. +.PP +By default, local mail is delivered to the transport called "local", +which is just the name of a service that is defined the master.cf file. +.PP +Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR +is the name of a mail delivery transport defined in master.cf. +The \fI:nexthop\fR destination is optional; its syntax is documented +in the manual page of the corresponding delivery agent. +.PP +Beware: if you override the default local delivery agent then you +need to review the LOCAL_RECIPIENT_README document, otherwise the +SMTP server may reject mail for local recipients. +.SH luser_relay (default: empty) +Optional catch\-all destination for unknown \fBlocal\fR(8) recipients. +By default, mail for unknown recipients in domains that match +$mydestination, $inet_interfaces or $proxy_interfaces is returned +as undeliverable. +.PP +The luser_relay value is not subject to Postfix configuration +parameter $name expansion. Instead, the following $name expansions +are done: +.IP "\fB$domain\fR" +The recipient domain. +.br +.IP "\fB$extension\fR" +The recipient address extension. +.br +.IP "\fB$home\fR" +The recipient's home directory. +.br +.IP "\fB$local\fR" +The entire recipient address localpart. +.br +.IP "\fB$recipient\fR" +The full recipient address. +.br +.IP "\fB$recipient_delimiter\fR" +The address extension delimiter that was found in the recipient +address (Postfix 2.11 and later), or the system\-wide recipient +address extension delimiter (Postfix 2.10 and earlier). +.br +.IP "\fB$shell\fR" +The recipient's login shell. +.br +.IP "\fB$user\fR" +The recipient username. +.br +.IP "\fB${name?value}\fR" +.IP "\fB${name?{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is non\-empty. +.br +.IP "\fB${name:value}\fR" +.IP "\fB${name:{value}}\fR (Postfix >= 3.0)" +Expands to \fIvalue\fR when \fI$name\fR is empty. +.br +.IP "\fB${name?{value1}:{value2}}\fR (Postfix >= 3.0)" +Expands to \fIvalue1\fR when \fI$name\fR is non\-empty, +\fIvalue2\fR otherwise. +.br +.br +.PP +Instead of $name you can also specify ${name} or $(name). +.PP +Note: luser_relay works only for the Postfix \fBlocal\fR(8) delivery agent. +.PP +Note: if you use this feature for accounts not in the UNIX password +file, then you must specify "local_recipient_maps =" (i.e. empty) +in the main.cf file, otherwise the Postfix SMTP server will reject mail +for non\-UNIX accounts with "User unknown in local recipient table". +.PP +Examples: +.PP +.nf +.na +.ft C +luser_relay = $user@other.host +luser_relay = $local@other.host +luser_relay = admin+$local +.fi +.ad +.ft R +.SH mail_name (default: Postfix) +The mail system name that is displayed in Received: headers, in +the SMTP greeting banner, and in bounced mail. +.SH mail_owner (default: postfix) +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. Specify the name of an unprivileged user account +that does not share a user or group ID with other accounts, and that +owns no other files +or processes on the system. In particular, don't specify nobody +or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID. +.PP +When this parameter value is changed you need to re\-run "\fBpostfix +set\-permissions\fR" (with Postfix version 2.0 and earlier: +"\fB/etc/postfix/post\-install set\-permissions\fR". +.SH mail_release_date (default: see "postconf \-d" output) +The Postfix release date, in "YYYYMMDD" format. +.SH mail_spool_directory (default: see "postconf \-d" output) +The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. The +default setting depends on the system type. Specify a name ending +in / for maildir\-style delivery. +.PP +Note: maildir delivery is done with the privileges of the recipient. +If you use the mail_spool_directory setting for maildir style +delivery, then you must create the top\-level maildir directory in +advance. Postfix will not create it. +.PP +Examples: +.PP +.nf +.na +.ft C +mail_spool_directory = /var/mail +mail_spool_directory = /var/spool/mail +.fi +.ad +.ft R +.SH mail_version (default: see "postconf \-d" output) +The version of the mail system. Stable releases are named +\fImajor\fR.\fIminor\fR.\fIpatchlevel\fR. Experimental releases +also include the release date. The version string can be used in, +for example, the SMTP greeting banner. +.SH mailbox_command (default: empty) +Optional external command that the \fBlocal\fR(8) delivery agent should +use for mailbox delivery. The command is run with the user ID and +the primary group ID privileges of the recipient. Exception: +command delivery for root executes with $default_privs privileges. +This is not a problem, because 1) mail for root should always be +aliased to a real user and 2) don't log in as root, use "su" instead. +.PP +The following environment variables are exported to the command: +.IP "\fBCLIENT_ADDRESS\fR" +Remote client network address. Available in Postfix version 2.2 and +later. +.br +.IP "\fBCLIENT_HELO\fR" +Remote client EHLO command parameter. Available in Postfix version 2.2 +and later. +.br +.IP "\fBCLIENT_HOSTNAME\fR" +Remote client hostname. Available in Postfix version 2.2 and later. +.br +.IP "\fBCLIENT_PROTOCOL\fR" +Remote client protocol. Available in Postfix version 2.2 and later. +.br +.IP "\fBDOMAIN\fR" +The domain part of the recipient address. +.br +.IP "\fBEXTENSION\fR" +The optional address extension. +.br +.IP "\fBHOME\fR" +The recipient home directory. +.br +.IP "\fBLOCAL\fR" +The recipient address localpart. +.br +.IP "\fBLOGNAME\fR" +The recipient's username. +.br +.IP "\fBORIGINAL_RECIPIENT\fR" +The entire recipient address, before any address rewriting or +aliasing. +.br +.IP "\fBRECIPIENT\fR" +The full recipient address. +.br +.IP "\fBSASL_METHOD\fR" +SASL authentication method specified in the remote client AUTH +command. Available in Postfix version 2.2 and later. +.br +.IP "\fBSASL_SENDER\fR" +SASL sender address specified in the remote client MAIL FROM +command. Available in Postfix version 2.2 and later. +.br +.IP "\fBSASL_USER\fR" +SASL username specified in the remote client AUTH command. +Available in Postfix version 2.2 and later. +.br +.IP "\fBSENDER\fR" +The full sender address. +.br +.IP "\fBSHELL\fR" +The recipient's login shell. +.br +.IP "\fBUSER\fR" +The recipient username. +.br +.br +.PP +Unlike other Postfix configuration parameters, the mailbox_command +parameter is not subjected to $name substitutions. This is to make +it easier to specify shell syntax (see example below). +.PP +If you can, avoid shell meta characters because they will force +Postfix to run an expensive shell process. If you're delivering +via "procmail" then running a shell won't make a noticeable difference +in the total cost. +.PP +Note: if you use the mailbox_command feature to deliver mail +system\-wide, you must set up an alias that forwards mail for root +to a real user. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.PP +Examples: +.PP +.nf +.na +.ft C +mailbox_command = /some/where/procmail +mailbox_command = /some/where/procmail \-a "$EXTENSION" +mailbox_command = /some/where/maildrop \-d "$USER" + \-f "$SENDER" "$EXTENSION" +.fi +.ad +.ft R +.SH mailbox_command_maps (default: empty) +Optional lookup tables with per\-recipient external commands to use +for \fBlocal\fR(8) mailbox delivery. Behavior is as with mailbox_command. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.SH mailbox_delivery_lock (default: see "postconf \-d" output) +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. +For a list of available file locking methods, use the "\fBpostconf +\-l\fR" command. +.PP +This setting is ignored with \fBmaildir\fR style delivery, +because such deliveries are safe without explicit locks. +.PP +Note: The \fBdotlock\fR method requires that the recipient UID or +GID has write access to the parent directory of the mailbox file. +.PP +Note: the default setting of this parameter is system dependent. +.SH mailbox_size_limit (default: 51200000) +The maximal size of any \fBlocal\fR(8) individual mailbox or maildir +file, or zero (no limit). In fact, this limits the size of any +file that is written to upon local delivery, including files written +by external commands that are executed by the \fBlocal\fR(8) delivery +agent. The value cannot exceed LONG_MAX (typically, a 32\-bit or +64\-bit signed integer). +.PP +This limit must not be smaller than the message size limit. +.SH mailbox_transport (default: empty) +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for mailbox delivery to all local recipients, +whether or not they are found in the UNIX passwd database. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.SH mailbox_transport_maps (default: empty) +Optional lookup tables with per\-recipient message delivery +transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the +recipients are found in the UNIX passwd database. +.PP +The precedence of \fBlocal\fR(8) delivery features from high to low +is: aliases, .forward files, mailbox_transport_maps, mailbox_transport, +mailbox_command_maps, mailbox_command, home_mailbox, mail_spool_directory, +fallback_transport_maps, fallback_transport and luser_relay. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +For safety reasons, this feature does not allow $number +substitutions in regular expression maps. +.PP +This feature is available in Postfix 2.3 and later. +.SH maillog_file (default: empty) +The name of an optional logfile that is written by the Postfix +\fBpostlogd\fR(8) service. An empty value selects logging to \fBsyslogd\fR(8). +Specify "/dev/stdout" to select logging to standard output. Stdout +logging requires that Postfix is started with "postfix start\-fg". +.PP +Note 1: The maillog_file parameter value must contain a prefix +that is specified with the maillog_file_prefixes parameter. +.PP +Note 2: Some Postfix non\-daemon programs may still log information +to \fBsyslogd\fR(8), before they have processed their configuration +parameters and command\-line options. +.PP +This feature is available in Postfix 3.4 and later. +.SH maillog_file_compressor (default: gzip) +The program to run after rotating $maillog_file with "postfix +logrotate". The command is run with the rotated logfile name as its +first argument. +.PP +This feature is available in Postfix 3.4 and later. +.SH maillog_file_prefixes (default: /var, /dev/stdout) +A list of allowed prefixes for a maillog_file value. This is a +safety feature to contain the damage from a single configuration +mistake. Specify one or more prefix strings, separated by comma or +whitespace. +.PP +This feature is available in Postfix 3.4 and later. +.SH maillog_file_rotate_suffix (default: %Y%m%d\-%H%M%S) +The format of the suffix to append to $maillog_file while rotating +the file with "postfix logrotate". See \fBstrftime\fR(3) for syntax. The +default suffix, YYYYMMDD\-HHMMSS, allows logs to be rotated frequently. +.PP +This feature is available in Postfix 3.4 and later. +.SH mailq_path (default: see "postconf \-d" output) +Sendmail compatibility feature that specifies where the Postfix +\fBmailq\fR(1) command is installed. This command can be used to +list the Postfix mail queue. +.SH manpage_directory (default: see "postconf \-d" output) +Where the Postfix manual pages are installed. +.SH maps_rbl_domains (default: empty) +Obsolete feature: use the reject_rbl_client feature instead. +.SH maps_rbl_reject_code (default: 554) +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_rbl_client, reject_rhsbl_client, +reject_rhsbl_reverse_client, reject_rhsbl_sender or +reject_rhsbl_recipient restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient) +What addresses are subject to address masquerading. +.PP +By default, address masquerading is limited to envelope sender +addresses, and to header sender and header recipient addresses. +This allows you to use address masquerading on a mail gateway while +still being able to forward mail to users on individual machines. +.PP +Specify zero or more of: envelope_sender, envelope_recipient, +header_sender, header_recipient +.SH masquerade_domains (default: empty) +Optional list of domains whose subdomain structure will be stripped +off in email addresses. +.PP +The list is processed left to right, and processing stops at the +first match. Thus, +.sp +.in +4 +.nf +.na +.ft C +masquerade_domains = foo.example.com example.com +.fi +.ad +.ft R +.in -4 +.PP +strips "user@any.thing.foo.example.com" to "user@foo.example.com", +but strips "user@any.thing.else.example.com" to "user@example.com". +.PP +A domain name prefixed with ! means do not masquerade this domain +or its subdomains. Thus, +.sp +.in +4 +.nf +.na +.ft C +masquerade_domains = !foo.example.com example.com +.fi +.ad +.ft R +.in -4 +.PP +does not change "user@any.thing.foo.example.com" or "user@foo.example.com", +but strips "user@any.thing.else.example.com" to "user@example.com". +.PP +Note: with Postfix version 2.2, message header address masquerading +happens only when message header address rewriting is enabled: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.PP +Example: +.PP +.nf +.na +.ft C +masquerade_domains = $mydomain +.fi +.ad +.ft R +.SH masquerade_exceptions (default: empty) +Optional list of user names that are not subjected to address +masquerading, even when their addresses match $masquerade_domains. +.PP +By default, address masquerading makes no exceptions. +.PP +Specify a list of user names, "/file/name" or "type:table" patterns, +separated by commas and/or whitespace. The list is matched left to +right, and the search stops on the first match. A "/file/name" +pattern is replaced +by its contents; a "type:table" lookup table is matched when a name +matches a lookup key (the lookup result is ignored). Continue long +lines by starting the next line with whitespace. Specify "!pattern" +to exclude a name from the list. The form "!/file/name" is supported +only in Postfix version 2.4 and later. +.PP +Examples: +.PP +.nf +.na +.ft C +masquerade_exceptions = root, mailer\-daemon +masquerade_exceptions = root +.fi +.ad +.ft R +.SH master_service_disable (default: empty) +Selectively disable \fBmaster\fR(8) listener ports by service type +or by service name and type. Specify a list of service types +("inet", "unix", "fifo", or "pass") or "name/type" tuples, where +"name" is the first field of a master.cf entry and "type" is a +service type. As with other Postfix matchlists, a search stops at +the first match. Specify "!pattern" to exclude a service from the +list. By default, all \fBmaster\fR(8) listener ports are enabled. +.PP +Note: this feature does not support "/file/name" or "type:table" +patterns, nor does it support wildcards such as "*" or "all". This +is intentional. +.PP +Examples: +.PP +.nf +.na +.ft C +# With Postfix 2.6..2.10 use '.' instead of '/'. +# Turn on all \fBmaster\fR(8) listener ports (the default). +master_service_disable = +# Turn off only the main SMTP listener port. +master_service_disable = smtp/inet +# Turn off all TCP/IP listener ports. +master_service_disable = inet +# Turn off all TCP/IP listener ports except "foo". +master_service_disable = !foo/inet, inet +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later. +.SH max_idle (default: 100s) +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. This +parameter +is ignored by the Postfix queue manager and by other long\-lived +Postfix daemon processes. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH max_use (default: 100) +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. This parameter +is ignored by the Postfix queue +manager and by other long\-lived Postfix daemon processes. +.SH maximal_backoff_time (default: 4000s) +The maximal time between attempts to deliver a deferred message. +.PP +This parameter should be set to a value greater than or equal +to $minimal_backoff_time. See also $queue_run_delay. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH maximal_queue_lifetime (default: 5d) +Consider a message as undeliverable, when delivery fails with a +temporary error, and the time in the queue has reached the +maximal_queue_lifetime limit. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +Specify 0 when mail delivery should be tried only once. +.SH message_drop_headers (default: bcc, content\-length, resent\-bcc, return\-path) +Names of message headers that the \fBcleanup\fR(8) daemon will remove +after applying \fBheader_checks\fR(5) and before invoking Milter applications. +The default setting is compatible with Postfix < 3.0. +.PP +Specify a list of header names, separated by comma or space. +Names are matched in a case\-insensitive manner. The list of supported +header names is limited only by available memory. +.PP +This feature is available in Postfix 3.0 and later. +.SH message_reject_characters (default: empty) +The set of characters that Postfix will reject in message +content. The usual C\-like escape sequences are recognized: \ea +\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and +\e\e. +.PP +Note 1: this feature does not recognize text that requires MIME +decoding. It inspects raw message content, just like header_checks +and body_checks. +.PP +Note 2: this feature is disabled with "receive_override_options += no_header_body_checks". +.PP +Example: +.PP +.nf +.na +.ft C +message_reject_characters = \e0 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH message_size_limit (default: 10240000) +The maximal size in bytes of a message, including envelope information. +The value cannot exceed LONG_MAX (typically, a 32\-bit or 64\-bit +signed integer). +.PP +Note: be careful when making changes. Excessively small values +will result in the loss of non\-delivery notifications, when a bounce +message size exceeds the local or remote MTA's message size limit. +.SH message_strip_characters (default: empty) +The set of characters that Postfix will remove from message +content. The usual C\-like escape sequences are recognized: \ea +\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and +\e\e. +.PP +Note 1: this feature does not recognize text that requires MIME +decoding. It inspects raw message content, just like header_checks +and body_checks. +.PP +Note 2: this feature is disabled with "receive_override_options += no_header_body_checks". +.PP +Example: +.PP +.nf +.na +.ft C +message_strip_characters = \e0 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH meta_directory (default: see 'postconf \-d' output) +The location of non\-executable files that are shared among +multiple Postfix instances, such as postfix\-files, dynamicmaps.cf, +and the multi\-instance template files main.cf.proto and master.cf.proto. +This directory should contain only Postfix\-related files. Typically, +the meta_directory parameter has the same default as the config_directory +parameter (/etc/postfix or /usr/local/etc/postfix). +.PP +For backwards compatibility with Postfix versions 2.6..2.11, +specify "meta_directory = $daemon_directory" in main.cf before +installing or upgrading Postfix, or specify "meta_directory = +/path/name" on the "make makefiles", "make install" or "make upgrade" +command line. +.PP +This feature is available in Postfix 3.0 and later. +.SH milter_command_timeout (default: 30s) +The time limit for sending an SMTP command to a Milter (mail +filter) application, and for receiving the response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_connect_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after completion of an SMTP connection. See MILTER_README +for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_connect_timeout (default: 30s) +The time limit for connecting to a Milter (mail filter) +application, and for negotiating protocol options. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_content_timeout (default: 300s) +The time limit for sending message content to a Milter (mail +filter) application, and for receiving the response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_data_macros (default: see "postconf \-d" output) +The macros that are sent to version 4 or higher Milter (mail +filter) applications after the SMTP DATA command. See MILTER_README +for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_default_action (default: tempfail) +The default action when a Milter (mail filter) response is +unavailable (for example, bad Postfix configuration or Milter +failure). Specify one of the following: +.IP "accept" +Proceed as if the mail filter was not present. +.br +.IP "reject" +Reject all further commands in this session +with a permanent status code. +.br +.IP "tempfail" +Reject all further commands in this session +with a temporary status code. +.br +.IP "quarantine" +Like "accept", but freeze the message in +the "hold" queue. Available with Postfix 2.6 and later. +.br +.br +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_end_of_data_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after the message end\-of\-data. See MILTER_README for a list of +available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_end_of_header_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after the end of the message header. See MILTER_README for a list +of available macro names and their meanings. +.PP +This feature is available in Postfix 2.5 and later. +.SH milter_header_checks (default: empty) +Optional lookup tables for content inspection of message headers +that are produced by Milter applications. See the \fBheader_checks\fR(5) +manual page available actions. Currently, PREPEND is not implemented. +.PP +The following example sends all mail that is marked as SPAM to +a spam handling machine. Note that matches are case\-insensitive +by default. +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + milter_header_checks = pcre:/etc/postfix/milter_header_checks +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/milter_header_checks: + /^X\-SPAM\-FLAG:\es+YES/ FILTER mysmtp:sanitizer.example.com:25 +.fi +.ad +.ft R +.PP +The milter_header_checks mechanism could also be used for +allowlisting. For example it could be used to skip heavy content +inspection for DKIM\-signed mail from known friendly domains. +.PP +This feature is available in Postfix 2.7, and as an optional +patch for Postfix 2.6. +.SH milter_helo_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after the SMTP HELO or EHLO command. See +MILTER_README for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_macro_daemon_name (default: $myhostname) +The {daemon_name} macro value for Milter (mail filter) applications. +See MILTER_README for a list of available macro names and their +meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_macro_defaults (default: empty) +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. These defaults are used when there is no corresponding +information from the message delivery context. +.PP +Specify \fIname=value\fR or \fI{name=value}\fR pairs separated +by comma or whitespace. Enclose a pair in "{}" when a value contains +comma or whitespace (this form ignores whitespace after the enclosing +"{", around the "=", and before the enclosing "}"). +.PP +This feature is available in Postfix 3.1 and later. +.SH milter_macro_v (default: $mail_name $mail_version) +The {v} macro value for Milter (mail filter) applications. +See MILTER_README for a list of available macro names and their +meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_mail_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after the SMTP MAIL FROM command. See MILTER_README +for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_protocol (default: 6) +The mail filter protocol version and optional protocol extensions +for communication with a Milter application; prior to Postfix 2.6 +the default protocol is 2. Postfix +sends this version number during the initial protocol handshake. +It should match the version number that is expected by the mail +filter application (or by its Milter library). +.PP +Protocol versions: +.IP "2" +Use Sendmail 8 mail filter protocol version 2 (default +with Sendmail version 8.11 .. 8.13 and Postfix version 2.3 .. +2.5). +.br +.IP "3" +Use Sendmail 8 mail filter protocol version 3. +.br +.IP "4" +Use Sendmail 8 mail filter protocol version 4. +.br +.IP "6" +Use Sendmail 8 mail filter protocol version 6 (default +with Sendmail version 8.14 and Postfix version 2.6). +.br +.br +.PP +Protocol extensions: +.IP "no_header_reply" +Specify this when the Milter application +will not reply for each individual message header. +.br +.br +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_rcpt_macros (default: see "postconf \-d" output) +The macros that are sent to Milter (mail filter) applications +after the SMTP RCPT TO command. See MILTER_README +for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH milter_unknown_command_macros (default: see "postconf \-d" output) +The macros that are sent to version 3 or higher Milter (mail +filter) applications after an unknown SMTP command. See MILTER_README +for a list of available macro names and their meanings. +.PP +This feature is available in Postfix 2.3 and later. +.SH mime_boundary_length_limit (default: 2048) +The maximal length of MIME multipart boundary strings. The MIME +processor is unable to distinguish between boundary strings that +do not differ in the first $mime_boundary_length_limit characters. +.PP +This feature is available in Postfix 2.0 and later. +.SH mime_header_checks (default: $header_checks) +Optional lookup tables for content inspection of MIME related +message headers, as described in the \fBheader_checks\fR(5) manual page. +.PP +This feature is available in Postfix 2.0 and later. +.SH mime_nesting_limit (default: 100) +The maximal recursion level that the MIME processor will handle. +Postfix refuses mail that is nested deeper than the specified limit. +.PP +This feature is available in Postfix 2.0 and later. +.SH minimal_backoff_time (default: 300s) +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.PP +This parameter also limits the time an unreachable destination is +kept in the short\-term, in\-memory, destination status cache. +.PP +This parameter should be set greater than or equal to +$queue_run_delay. See also $maximal_backoff_time. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH multi_instance_directories (default: empty) +An optional list of non\-default Postfix configuration directories; +these directories belong to additional Postfix instances that share +the Postfix executable files and documentation with the default +Postfix instance, and that are started, stopped, etc., together +with the default Postfix instance. Specify a list of pathnames +separated by comma or whitespace. +.PP +When $multi_instance_directories is empty, the \fBpostfix\fR(1) command +runs in single\-instance mode and operates on a single Postfix +instance only. Otherwise, the \fBpostfix\fR(1) command runs in multi\-instance +mode and invokes the multi\-instance manager specified with the +multi_instance_wrapper parameter. The multi\-instance manager in +turn executes \fBpostfix\fR(1) commands for the default instance and for +all Postfix instances in $multi_instance_directories. +.PP +Currently, this parameter setting is ignored except for the +default main.cf file. +.PP +This feature is available in Postfix 2.6 and later. +.SH multi_instance_enable (default: no) +Allow this Postfix instance to be started, stopped, etc., by a +multi\-instance manager. By default, new instances are created in +a safe state that prevents them from being started inadvertently. +This parameter is reserved for the multi\-instance manager. +.PP +This feature is available in Postfix 2.6 and later. +.SH multi_instance_group (default: empty) +The optional instance group name of this Postfix instance. A +group identifies closely\-related Postfix instances that the +multi\-instance manager can start, stop, etc., as a unit. This +parameter is reserved for the multi\-instance manager. +.PP +This feature is available in Postfix 2.6 and later. +.SH multi_instance_name (default: empty) +The optional instance name of this Postfix instance. This name +becomes also the default value for the syslog_name parameter. +.PP +This feature is available in Postfix 2.6 and later. +.SH multi_instance_wrapper (default: empty) +The pathname of a multi\-instance manager command that the +\fBpostfix\fR(1) command invokes when the multi_instance_directories +parameter value is non\-empty. The pathname may be followed by +initial command arguments separated by whitespace; shell +metacharacters such as quotes are not supported in this context. +.PP +The \fBpostfix\fR(1) command invokes the manager command with the +\fBpostfix\fR(1) non\-option command arguments on the manager command line, +and with all installation configuration parameters exported into +the manager command process environment. The manager command in +turn invokes the \fBpostfix\fR(1) command for individual Postfix instances +as "postfix \-c \fIconfig_directory\fR \fIcommand\fR". +.PP +This feature is available in Postfix 2.6 and later. +.SH multi_recipient_bounce_reject_code (default: 550) +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_multi_recipient_bounce +restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.1 and later. +.SH mydestination (default: $myhostname, localhost.$mydomain, localhost) +The list of domains that are delivered via the $local_transport +mail delivery transport. By default this is the Postfix \fBlocal\fR(8) +delivery agent which looks up all recipients in /etc/passwd and +/etc/aliases. The SMTP server validates recipient addresses with +$local_recipient_maps and rejects non\-existent recipients. See also +the local domain class in the ADDRESS_CLASS_README file. +.PP +The default mydestination value specifies names for the local +machine only. On a mail domain gateway, you should also include +$mydomain. +.PP +The $local_transport delivery method is also selected for mail +addressed to user@[the.net.work.address] of the mail system (the +IP addresses specified with the inet_interfaces and proxy_interfaces +parameters). +.PP +Warnings: +.IP \(bu +Do not specify the names of virtual domains \- those domains +are specified elsewhere. See VIRTUAL_README for more information. +.IP \(bu +Do not specify the names of domains that this machine is +backup MX host for. See STANDARD_CONFIGURATION_README for how to +set up backup MX hosts. +.IP \(bu +By default, the Postfix SMTP server rejects mail for recipients +not listed with the local_recipient_maps parameter. See the +\fBpostconf\fR(5) manual for a description of the local_recipient_maps +and unknown_local_recipient_reject_code parameters. +.br +.PP +Specify a list of host or domain names, "/file/name" or "type:table" +patterns, separated by commas and/or whitespace. A "/file/name" +pattern is replaced by its contents; a "type:table" lookup table +is matched when a name matches a lookup key (the lookup result is +ignored). Continue long lines by starting the next line with +whitespace. +.PP +Examples: +.PP +.nf +.na +.ft C +mydestination = $myhostname, localhost.$mydomain $mydomain +mydestination = $myhostname, localhost.$mydomain www.$mydomain, ftp.$mydomain +.fi +.ad +.ft R +.SH mydomain (default: see "postconf \-d" output) +The internet domain name of this mail system. The default is to +use $myhostname minus the first component, or "localdomain" (Postfix +2.3 and later). $mydomain is used as +a default value for many other configuration parameters. +.PP +Example: +.PP +.nf +.na +.ft C +mydomain = domain.tld +.fi +.ad +.ft R +.SH myhostname (default: see "postconf \-d" output) +The internet hostname of this mail system. The default is to use +the fully\-qualified domain name (FQDN) from gethostname(), or to +use the non\-FQDN result from gethostname() and append ".$mydomain". +$myhostname is used as a default value for many other configuration +parameters. +.PP +Example: +.PP +.nf +.na +.ft C +myhostname = host.example.com +.fi +.ad +.ft R +.SH mynetworks (default: see "postconf \-d" output) +The list of "trusted" remote SMTP clients that have more privileges than +"strangers". +.PP +In particular, "trusted" SMTP clients are allowed to relay mail +through Postfix. See the smtpd_relay_restrictions parameter +description in the \fBpostconf\fR(5) manual. +.PP +You can specify the list of "trusted" network addresses by hand +or you can let Postfix do it for you (which is the default). +See the description of the mynetworks_style parameter for more +information. +.PP +If you specify the mynetworks list by hand, +Postfix ignores the mynetworks_style setting. +.PP +Specify a list of network addresses or network/netmask patterns, +separated by commas and/or whitespace. Continue long lines by +starting the next line with whitespace. +.PP +The netmask specifies the number of bits in the network part +of a host address. You can also specify "/file/name" or "type:table" +patterns. A "/file/name" pattern is replaced by its contents; a +"type:table" lookup table is matched when a table entry matches a +lookup string (the lookup result is ignored). +.PP +The list is matched left to right, and the search stops on the +first match. Specify "!pattern" to exclude an address or network +block from the list. The form "!/file/name" is supported only +in Postfix version 2.4 and later. +.PP +Note 1: Pattern matching of domain names is controlled by the +presence or absence of "mynetworks" in the parent_domain_matches_subdomains +parameter value. +.PP +Note 2: IP version 6 address information must be specified inside +[] in the mynetworks value, and in files specified with +"/file/name". IP version 6 addresses contain the ":" character, +and would otherwise be confused with a "type:table" pattern. +.PP +Note 3: CIDR ranges cannot be specified in hash tables. Use cidr +tables if CIDR ranges are used. +.PP +Examples: +.PP +.nf +.na +.ft C +mynetworks = 127.0.0.0/8 168.100.189.0/28 +mynetworks = !192.168.0.1, 192.168.0.0/28 +mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:587::]/64 +mynetworks = $config_directory/mynetworks +mynetworks = hash:/etc/postfix/network_table +mynetworks = cidr:/etc/postfix/network_table.cidr +.fi +.ad +.ft R +.SH mynetworks_style (default: Postfix >= 3.0: host, Postfix < 3.0: subnet) +The method to generate the default value for the mynetworks parameter. +This is the list of trusted networks for relay access control etc. +.IP \(bu +Specify "mynetworks_style = host" when Postfix should +"trust" only the local machine. +.IP \(bu +Specify "mynetworks_style = subnet" when Postfix +should "trust" remote SMTP clients in the same IP subnetworks as the local +machine. On Linux, this works correctly only with interfaces +specified with the "ifconfig" or "ip" command. +.IP \(bu +Specify "mynetworks_style = class" when Postfix should +"trust" remote SMTP clients in the same IP class A/B/C networks as the +local machine. Caution: this may cause +Postfix to "trust" your entire provider's network. Instead, specify +an explicit mynetworks list by hand, as described with the mynetworks +configuration parameter. +.br +.SH myorigin (default: $myhostname) +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. The default, +$myhostname, is adequate for small sites. If you run a domain with +multiple machines, you should (1) change this to $mydomain and (2) +set up a domain\-wide alias database that aliases each user to +user@that.users.mailhost. +.PP +Example: +.PP +.nf +.na +.ft C +myorigin = $mydomain +.fi +.ad +.ft R +.SH nested_header_checks (default: $header_checks) +Optional lookup tables for content inspection of non\-MIME message +headers in attached messages, as described in the \fBheader_checks\fR(5) +manual page. +.PP +This feature is available in Postfix 2.0 and later. +.SH newaliases_path (default: see "postconf \-d" output) +Sendmail compatibility feature that specifies the location of the +\fBnewaliases\fR(1) command. This command can be used to rebuild the +\fBlocal\fR(8) \fBaliases\fR(5) database. +.SH non_fqdn_reject_code (default: 504) +The numerical Postfix SMTP server reply code when a client request +is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender +or reject_non_fqdn_recipient restriction. +.SH non_smtpd_milters (default: empty) +A list of Milter (mail filter) applications for new mail that +does not arrive via the Postfix \fBsmtpd\fR(8) server. This includes local +submission via the \fBsendmail\fR(1) command line, new mail that arrives +via the Postfix \fBqmqpd\fR(8) server, and old mail that is re\-injected +into the queue with "postsuper \-r". Specify space or comma as a +separator. See the MILTER_README document for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH notify_classes (default: resource, software) +The list of error classes that are reported to the postmaster. These +postmaster notifications do not replace user notifications. The +default is to report only the most serious problems. The paranoid +may wish to turn on the policy (UCE and mail relaying) and protocol +error (broken mail software) reports. +.PP +NOTE: postmaster notifications may contain confidential information +such as SASL passwords or message content. It is the system +administrator's responsibility to treat such information with care. +.PP +The error classes are: +.IP "\fBbounce\fR (also implies \fB2bounce\fR)" +Send the postmaster copies of the headers of bounced mail, and +send transcripts of SMTP sessions when Postfix rejects mail. The +notification is sent to the address specified with the +bounce_notice_recipient configuration parameter (default: postmaster). +.br +.IP "\fB2bounce\fR" +Send undeliverable bounced mail to the postmaster. The notification +is sent to the address specified with the 2bounce_notice_recipient +configuration parameter (default: postmaster). +.br +.IP "\fBdata\fR" +Send the postmaster a transcript of the SMTP session with an +error because a critical data file was unavailable. The notification +is sent to the address specified with the error_notice_recipient +configuration parameter (default: postmaster). +.br +This feature +is available in Postfix 2.9 and later. +.br +.IP "\fBdelay\fR" +Send the postmaster copies of the headers of delayed mail (see +delay_warning_time). The +notification is sent to the address specified with the +delay_notice_recipient configuration parameter (default: postmaster). +.br +.IP "\fBpolicy\fR" +Send the postmaster a transcript of the SMTP session when a +client request was rejected because of (UCE) policy. The notification +is sent to the address specified with the error_notice_recipient +configuration parameter (default: postmaster). +.br +.IP "\fBprotocol\fR" +Send the postmaster a transcript of the SMTP session in case +of client or server protocol errors. The notification is sent to +the address specified with the error_notice_recipient configuration +parameter (default: postmaster). +.br +.IP "\fBresource\fR" +Inform the postmaster of mail not delivered due to resource +problems. The notification is sent to the address specified with +the error_notice_recipient configuration parameter (default: +postmaster). +.br +.IP "\fBsoftware\fR" +Inform the postmaster of mail not delivered due to software +problems. The notification is sent to the address specified with +the error_notice_recipient configuration parameter (default: +postmaster). +.br +.br +.PP +Examples: +.PP +.nf +.na +.ft C +notify_classes = bounce, delay, policy, protocol, resource, software +notify_classes = 2bounce, resource, software +.fi +.ad +.ft R +.SH openssl_path (default: openssl) +The location of the OpenSSL command line program \fBopenssl\fR(1). This +is used by the "\fBpostfix tls\fR" command to create private keys, +certificate signing requests, self\-signed certificates, and to +compute public key digests for DANE TLSA records. In multi\-instance +environments, this parameter is always determined from the configuration +of the default Postfix instance. +.PP +Example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + # NetBSD pkgsrc: + openssl_path = /usr/pkg/bin/openssl + # Local build: + openssl_path = /usr/local/bin/openssl +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.1 and later. +.SH owner_request_special (default: yes) +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". This feature is useful for mailing lists. +.SH parent_domain_matches_subdomains (default: see "postconf \-d" output) +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. This is +planned backwards compatibility: eventually, all Postfix features +are expected to require explicit ".example.com" style patterns when +you really want to match subdomains. +.PP +The following Postfix feature names are supported. +.IP "Postfix version 1.0 and later" +debug_peer_list, +fast_flush_domains, +mynetworks, +permit_mx_backup_networks, +relay_domains, +transport_maps +.br +.IP "Postfix version 1.1 and later" +qmqpd_authorized_clients, +smtpd_access_maps, +.br +.IP "Postfix version 2.8 and later" +postscreen_access_list +.br +.IP "Postfix version 3.0 and later" +smtpd_client_event_limit_exceptions +.br +.br +.SH permit_mx_backup_networks (default: empty) +Restrict the use of the permit_mx_backup SMTP access feature to +only domains whose primary MX hosts match the listed networks. +The parameter value syntax is the same as with the mynetworks +parameter; note, however, that the default value is empty. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "permit_mx_backup_networks" in the +parent_domain_matches_subdomains parameter value. +.SH pickup_service_name (default: pickup) +The name of the \fBpickup\fR(8) service. This service picks up local mail +submissions from the Postfix maildrop queue. +.PP +This feature is available in Postfix 2.0 and later. +.SH pipe_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBpipe\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH plaintext_reject_code (default: 450) +The numerical Postfix SMTP server response code when a request +is rejected by the \fBreject_plaintext_session\fR restriction. +.PP +This feature is available in Postfix 2.3 and later. +.SH postlog_service_name (default: postlog) +The name of the \fBpostlogd\fR(8) service entry in master.cf. +This service appends logfile records to the file specified +with the maillog_file parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH postlogd_watchdog_timeout (default: 10s) +How much time a \fBpostlogd\fR(8) process may take to process a request +before it is terminated by a built\-in watchdog timer. This is a +safety mechanism that prevents \fBpostlogd\fR(8) from becoming non\-responsive +due to a bug in Postfix itself or in system software. This limit +cannot be set under 10s. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 3.4 and later. +.SH postmulti_control_commands (default: reload flush) +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager +treats as "control" commands, that operate on running instances. For +these commands, disabled instances are skipped. +.PP +This feature is available in Postfix 2.6 and later. +.SH postmulti_start_commands (default: start) +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats +as "start" commands. For these commands, disabled instances are "checked" +rather than "started", and failure to "start" a member instance of an +instance group will abort the start\-up of later instances. +.PP +This feature is available in Postfix 2.6 and later. +.SH postmulti_stop_commands (default: see "postconf \-d" output) +The \fBpostfix\fR(1) commands that the \fBpostmulti\fR(1) instance manager treats +as "stop" commands. For these commands, disabled instances are skipped, +and enabled instances are processed in reverse order. +.PP +This feature is available in Postfix 2.6 and later. +.SH postscreen_access_list (default: permit_mynetworks) +Permanent allow/denylist for remote SMTP client IP addresses. +\fBpostscreen\fR(8) searches this list immediately after a remote SMTP +client connects. Specify a comma\- or whitespace\-separated list of +commands (in upper or lower case) or lookup tables. The search stops +upon the first command that fires for the client IP address. +.IP "\fB permit_mynetworks \fR" +Allowlist the client and +terminate the search if the client IP address matches $mynetworks. +Do not subject the client to any before/after 220 greeting tests. +Pass the connection immediately to a Postfix SMTP server process. +.br +Pattern matching of domain names is controlled by the presence +or absence of "postscreen_access_list" in the +parent_domain_matches_subdomains parameter value. +.br +.IP "\fB type:table \fR" +Query the specified lookup +table. Each table lookup result is an access list, except that +access lists inside a table cannot specify type:table entries. +.br +To discourage the use of hash, btree, etc. tables, there is no +support for substring matching like \fBsmtpd\fR(8). Use CIDR tables +instead. +.br +.IP "\fB permit \fR" +Allowlist the client and terminate +the search. Do not subject the client to any before/after 220 +greeting tests. Pass the connection immediately to a Postfix SMTP +server process. +.br +.IP "\fB reject \fR" +Denylist the client and terminate +the search. Subject the client to the action configured with the +postscreen_denylist_action configuration parameter. +.br +.IP "\fB dunno \fR" +All \fBpostscreen\fR(8) access lists +implicitly have this command at the end. +.br +When \fB dunno \fR +is executed inside a lookup table, return from the lookup table and +evaluate the next command. +.br +When \fB dunno \fR is executed +outside a lookup table, terminate the search, and subject the client +to the configured before/after 220 greeting tests. +.br +.br +.PP +Example: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + postscreen_access_list = permit_mynetworks, + cidr:/etc/postfix/postscreen_access.cidr + # Postfix < 3.6 use postscreen_blacklist_action. + postscreen_denylist_action = enforce +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/postscreen_access.cidr: + # Rules are evaluated in the order as specified. + # Denylist 192.168.* except 192.168.0.1. + 192.168.0.1 dunno + 192.168.0.0/16 reject +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.8. +.SH postscreen_allowlist_interfaces (default: static:all) +A list of local \fBpostscreen\fR(8) server IP addresses where a +non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary +allowlist status. This status is required before the client can +talk to a Postfix SMTP server process. By default, a client can +obtain \fBpostscreen\fR(8)'s allowlist status on any local \fBpostscreen\fR(8) +server IP address. +.PP +When \fBpostscreen\fR(8) listens on both primary and backup MX +addresses, the postscreen_allowlist_interfaces parameter can be +configured to give the temporary allowlist status only when a client +connects to a primary MX address. Once a client is allowlisted it +can talk to a Postfix SMTP server on any address. Thus, clients +that connect only to backup MX addresses will never become allowlisted, +and will never be allowed to talk to a Postfix SMTP server process. +.PP +Specify a list of network addresses or network/netmask patterns, +separated by commas and/or whitespace. The netmask specifies the +number of bits in the network part of a host address. Continue long +lines by starting the next line with whitespace. +.PP +You can also specify "/file/name" or "type:table" patterns. A +"/file/name" pattern is replaced by its contents; a "type:table" +lookup table is matched when a table entry matches a lookup string +(the lookup result is ignored). +.PP +The list is matched left to right, and the search stops on the +first match. Specify "!pattern" to exclude an address or network +block from the list. +.PP +Note: IP version 6 address information must be specified inside +[] in the postscreen_allowlist_interfaces value, and in files +specified with "/file/name". IP version 6 addresses contain the +":" character, and would otherwise be confused with a "type:table" +pattern. +.PP +Example: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Don't allowlist connections to the backup IP address. + # Postfix < 3.6 use postscreen_whitelist_interfaces. + postscreen_allowlist_interfaces = !168.100.189.8, static:all +.fi +.ad +.ft R +.PP +This feature is available in Postfix 3.6 and later. +.PP +Available as postscreen_whitelist_interfaces in Postfix 2.9 \- 3.5. +.SH postscreen_bare_newline_action (default: ignore) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +a bare newline character, that is, a newline not preceded by carriage +return. Specify one of the following: +.IP "\fBignore\fR" +Ignore the failure of this test. Allow other tests to complete. +Do \fInot\fR repeat this test before the result from some +other test expires. +This option is useful for testing and collecting statistics +without blocking mail permanently. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. +.br +.br +.PP +This feature is available in Postfix 2.8. +.SH postscreen_bare_newline_enable (default: no) +Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8) +server. These tests are expensive: a remote SMTP client must +disconnect after +it passes the test, before it can talk to a real Postfix SMTP server. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_bare_newline_ttl (default: 30d) +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "bare newline" SMTP protocol test. During this +time, the client IP address is excluded from this test. The default +is long because a remote SMTP client must disconnect after it passes +the test, +before it can talk to a real Postfix SMTP server. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_blacklist_action (default: ignore) +Renamed to postscreen_denylist_action in Postfix 3.6. +.PP +This feature is available in Postfix 2.8 \- 3.5. +.SH postscreen_cache_cleanup_interval (default: 12h) +The amount of time between \fBpostscreen\fR(8) cache cleanup runs. +Cache cleanup increases the load on the cache database and should +therefore not be run frequently. This feature requires that the +cache database supports the "delete" and "sequence" operators. +Specify a zero interval to disable cache cleanup. +.PP +After each cache cleanup run, the \fBpostscreen\fR(8) daemon logs the +number of entries that were retained and dropped. A cleanup run is +logged as "partial" when the daemon terminates early after "\fBpostfix +reload\fR", "\fBpostfix stop\fR", or no requests for $max_idle +seconds. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_cache_map (default: btree:$data_directory/postscreen_cache) +Persistent storage for the \fBpostscreen\fR(8) server decisions. +.PP +To share a \fBpostscreen\fR(8) cache between multiple \fBpostscreen\fR(8) +instances, use "postscreen_cache_map = proxy:btree:/path/to/file". +This requires Postfix version 2.9 or later; earlier \fBproxymap\fR(8) +implementations don't support cache cleanup. For an alternative +approach see the \fBmemcache_table\fR(5) manpage. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_cache_retention_time (default: 7d) +The amount of time that \fBpostscreen\fR(8) will cache an expired +temporary allowlist entry before it is removed. This prevents clients +from being logged as "NEW" just because their cache entry expired +an hour ago. It also prevents the cache from filling up with clients +that passed some deep protocol test once and never came back. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_client_connection_count_limit (default: $smtpd_client_connection_count_limit) +How many simultaneous connections any remote SMTP client is +allowed to have +with the \fBpostscreen\fR(8) daemon. By default, this limit is the same +as with the Postfix SMTP server. Note that the triage process can +take several seconds, with the time spent in postscreen_greet_wait +delay, and with the time spent talking to the \fBpostscreen\fR(8) built\-in +dummy SMTP protocol engine. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_command_count_limit (default: 20) +The limit on the total number of commands per SMTP session for +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. This SMTP engine +defers or rejects all attempts to deliver mail, therefore there is +no need to enforce separate limits on the number of junk commands +and error commands. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_command_filter (default: $smtpd_command_filter) +A mechanism to transform commands from remote SMTP clients. +See smtpd_command_filter for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_command_time_limit (default: normal: 300s, overload: 10s) +The time limit to read an entire command line with \fBpostscreen\fR(8)'s +built\-in SMTP protocol engine. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_denylist_action (default: ignore) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client is +permanently denylisted with the postscreen_access_list parameter. +Specify one of the following: +.IP "\fBignore\fR (default)" +Ignore this result. Allow other tests to complete. Repeat +this test the next time the client connects. +This option is useful for testing and collecting statistics +without blocking mail. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. +.br +.br +.PP +This feature is available in Postfix 3.6 and later. +.PP +Available as postscreen_blacklist_action in Postfix 2.8 \- 3.5. +.SH postscreen_disable_vrfy_command (default: $disable_vrfy_command) +Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon. See +disable_vrfy_command for details. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_discard_ehlo_keyword_address_maps (default: $smtpd_discard_ehlo_keyword_address_maps) +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response +to a remote SMTP client. See smtpd_discard_ehlo_keywords for details. +The table is not searched by hostname for robustness reasons. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_discard_ehlo_keywords (default: $smtpd_discard_ehlo_keywords) +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO +response to a remote SMTP client. See smtpd_discard_ehlo_keywords +for details. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_dnsbl_action (default: ignore) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined +DNSBL score is equal to or greater than a threshold (as defined +with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold +parameters). Specify one of the following: +.IP "\fBignore\fR (default)" +Ignore the failure of this test. Allow other tests to complete. +Repeat this test the next time the client connects. +This option is useful for testing and collecting statistics +without blocking mail. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. +.br +.br +.PP +This feature is available in Postfix 2.8. +.SH postscreen_dnsbl_allowlist_threshold (default: 0) +Allow a remote SMTP client to skip "before" and "after 220 +greeting" protocol tests, based on its combined DNSBL score as +defined with the postscreen_dnsbl_sites parameter. +.PP +Specify a negative value to enable this feature. When a client +passes the postscreen_dnsbl_allowlist_threshold without having +failed other tests, all pending or disabled tests are flagged as +completed with a time\-to\-live value equal to postscreen_dnsbl_ttl. +When a test was already completed, its time\-to\-live value is updated +if it was less than postscreen_dnsbl_ttl. +.PP +This feature is available in Postfix 3.6 and later. +.PP +Available as postscreen_dnsbl_whitelist_threshold in Postfix 2.11 +\- 3.5. +.SH postscreen_dnsbl_max_ttl (default: ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h) +The maximum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a shorter TTL value, that value will be used unless +it would be smaller than postscreen_dnsbl_min_ttl. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +This feature is available in Postfix 3.1. The default setting +is backwards\-compatible with older Postfix versions. +.SH postscreen_dnsbl_min_ttl (default: 60s) +The minimum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. If the DNS +reply specifies a larger TTL value, that value will be used unless +it would be larger than postscreen_dnsbl_max_ttl. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 3.1. +.SH postscreen_dnsbl_reply_map (default: empty) +A mapping from an actual DNSBL domain name which includes a secret +password, to the DNSBL domain name that postscreen will reply with +when it rejects mail. When no mapping is found, the actual DNSBL +domain will be used. +.PP +For maximal stability it is best to use a file that is read +into memory such as pcre:, regexp: or texthash: (texthash: is similar +to hash:, except a) there is no need to run \fBpostmap\fR(1) before the +file can be used, and b) texthash: does not detect changes after +the file is read). +.PP +Example: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/dnsbl_reply: + secret.zen.spamhaus.org zen.spamhaus.org +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.8. +.SH postscreen_dnsbl_sites (default: empty) +Optional list of DNS allow/denylist domains, filters and weight +factors. When the list is non\-empty, the \fBdnsblog\fR(8) daemon will +query these domains with the IP addresses of remote SMTP clients, +and \fBpostscreen\fR(8) will update an SMTP client's DNSBL score with +each non\-error reply. +.PP +Caution: when postscreen rejects mail, it replies with the DNSBL +domain name. Use the postscreen_dnsbl_reply_map feature to hide +"password" information in DNSBL domain names. +.PP +When a client's score is equal to or greater than the threshold +specified with postscreen_dnsbl_threshold, \fBpostscreen\fR(8) can drop +the connection with the remote SMTP client. +.PP +Specify a list of domain=filter*weight entries, separated by +comma or whitespace. +.IP \(bu +When no "=filter" is specified, \fBpostscreen\fR(8) will use any +non\-error DNSBL reply. Otherwise, \fBpostscreen\fR(8) uses only DNSBL +replies that match the filter. The filter has the form d.d.d.d, +where each d is a number, or a pattern inside [] that contains one +or more ";"\-separated numbers or number..number ranges. +.IP \(bu +When no "*weight" is specified, \fBpostscreen\fR(8) increments +the remote SMTP client's DNSBL score by 1. Otherwise, the weight must be +an integral number, and \fBpostscreen\fR(8) adds the specified weight to +the remote SMTP client's DNSBL score. Specify a negative number for +allowlisting. +.IP \(bu +When one postscreen_dnsbl_sites entry produces multiple +DNSBL responses, \fBpostscreen\fR(8) applies the weight at most once. +.br +.PP +Examples: +.PP +To use example.com as a high\-confidence blocklist, and to +block mail with example.net and example.org only when both agree: +.PP +.nf +.na +.ft C +postscreen_dnsbl_threshold = 2 +postscreen_dnsbl_sites = example.com*2, example.net, example.org +.fi +.ad +.ft R +.PP +To filter only DNSBL replies containing 127.0.0.4: +.PP +.nf +.na +.ft C +postscreen_dnsbl_sites = example.com=127.0.0.4 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.8. +.SH postscreen_dnsbl_threshold (default: 1) +The inclusive lower bound for blocking a remote SMTP client, based on +its combined DNSBL score as defined with the postscreen_dnsbl_sites +parameter. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_dnsbl_timeout (default: 10s) +The time limit for DNSBL or DNSWL lookups. This is separate from +the timeouts in the \fBdnsblog\fR(8) daemon which are defined by system +\fBresolver\fR(3) routines. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 3.0. +.SH postscreen_dnsbl_ttl (default: 1h) +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful DNS\-based reputation test before a client +IP address is required to pass that test again. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is h (hours). +.PP +This feature is available in Postfix 2.8\-3.0. It was +replaced by postscreen_dnsbl_max_ttl in Postfix 3.1. +.SH postscreen_dnsbl_whitelist_threshold (default: 0) +Renamed to postscreen_dnsbl_allowlist_threshold in Postfix 3.6. +.PP +This feature is available in Postfix 2.11 \- 3.5. +.SH postscreen_enforce_tls (default: $smtpd_enforce_tls) +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. See smtpd_postscreen_enforce_tls +for details. +.PP +This feature is available in Postfix 2.8 and later. +Preferably, use postscreen_tls_security_level instead. +.SH postscreen_expansion_filter (default: see "postconf \-d" output) +List of characters that are permitted in postscreen_reject_footer +attribute expansions. See smtpd_expansion_filter for further +details. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_forbidden_commands (default: $smtpd_forbidden_commands) +List of commands that the \fBpostscreen\fR(8) server considers in +violation of the SMTP protocol. See smtpd_forbidden_commands for +syntax, and postscreen_non_smtp_command_action for possible actions. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_greet_action (default: ignore) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks +before its turn within the time specified with the postscreen_greet_wait +parameter. Specify one of the following: +.IP "\fBignore\fR (default)" +Ignore the failure of this test. Allow other tests to complete. +Repeat this test the next time the client connects. +This option is useful for testing and collecting statistics +without blocking mail. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. +.br +.br +.PP +In either case, \fBpostscreen\fR(8) will not allowlist the remote SMTP client +IP address. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_greet_banner (default: $smtpd_banner) +The \fItext\fR in the optional "220\-\fItext\fR..." server +response that +\fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220 +text..." response, in an attempt to confuse bad SMTP clients so +that they speak before their turn (pre\-greet). Specify an empty +value to disable this feature. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_greet_ttl (default: 1d) +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful PREGREET test. During this time, the client IP address +is excluded from this test. The default is relatively short, because +a good client can immediately talk to a real Postfix SMTP server. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_greet_wait (default: normal: 6s, overload: 2s) +The amount of time that \fBpostscreen\fR(8) will wait for an SMTP +client to send a command before its turn, and for DNS blocklist +lookup results to arrive (default: up to 2 seconds under stress, +up to 6 seconds otherwise). +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_helo_required (default: $smtpd_helo_required) +Require that a remote SMTP client sends HELO or EHLO before +commencing a MAIL transaction. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_non_smtp_command_action (default: drop) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +non\-SMTP commands as specified with the postscreen_forbidden_commands +parameter. Specify one of the following: +.IP "\fBignore\fR" +Ignore the failure of this test. Allow other tests to complete. +Do \fInot\fR repeat this test before the result from some +other test expires. +This option is useful for testing and collecting statistics +without blocking mail permanently. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. This action is the +same as with the Postfix SMTP server's smtpd_forbidden_commands +feature. +.br +.br +.PP +This feature is available in Postfix 2.8. +.SH postscreen_non_smtp_command_enable (default: no) +Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. These +tests are expensive: a client must disconnect after it passes the +test, before it can talk to a real Postfix SMTP server. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_non_smtp_command_ttl (default: 30d) +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "non_smtp_command" SMTP protocol test. During this +time, the client IP address is excluded from this test. The default +is long because a client must disconnect after it passes the test, +before it can talk to a real Postfix SMTP server. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_pipelining_action (default: enforce) +The action that \fBpostscreen\fR(8) takes when a remote SMTP client +sends +multiple commands instead of sending one command and waiting for +the server to respond. Specify one of the following: +.IP "\fBignore\fR" +Ignore the failure of this test. Allow other tests to complete. +Do \fInot\fR repeat this test before the result from some +other test expires. +This option is useful for testing and collecting statistics +without blocking mail permanently. +.br +.IP "\fBenforce\fR" +Allow other tests to complete. Reject attempts to deliver mail +with a 550 SMTP reply, and log the helo/sender/recipient information. +Repeat this test the next time the client connects. +.br +.IP "\fBdrop\fR" +Drop the connection immediately with a 521 SMTP reply. Repeat +this test the next time the client connects. +.br +.br +.PP +This feature is available in Postfix 2.8. +.SH postscreen_pipelining_enable (default: no) +Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8) +server. These tests are expensive: a good client must disconnect +after it passes the test, before it can talk to a real Postfix SMTP +server. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_pipelining_ttl (default: 30d) +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "pipelining" SMTP protocol test. During this time, the +client IP address is excluded from this test. The default is +long because a good client must disconnect after it passes the test, +before it can talk to a real Postfix SMTP server. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_post_queue_limit (default: $default_process_limit) +The number of clients that can be waiting for service from a +real Postfix SMTP server process. When this queue is full, all +clients will +receive a 421 response. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_pre_queue_limit (default: $default_process_limit) +The number of non\-allowlisted clients that can be waiting for +a decision whether they will receive service from a real Postfix +SMTP server +process. When this queue is full, all non\-allowlisted clients will +receive a 421 response. +.PP +This feature is available in Postfix 2.8. +.SH postscreen_reject_footer (default: $smtpd_reject_footer) +Optional information that is appended after a 4XX or 5XX +\fBpostscreen\fR(8) server +response. See smtpd_reject_footer for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_reject_footer_maps (default: $smtpd_reject_footer_maps) +Optional lookup table for information that is appended after a 4XX +or 5XX \fBpostscreen\fR(8) server response. See smtpd_reject_footer_maps for +further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH postscreen_tls_security_level (default: $smtpd_tls_security_level) +The SMTP TLS security level for the \fBpostscreen\fR(8) server; when +a non\-empty value is specified, this overrides the obsolete parameters +postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level +for details. +.PP +This feature is available in Postfix 2.8 and later. +.SH postscreen_upstream_proxy_protocol (default: empty) +The name of the proxy protocol used by an optional before\-postscreen +proxy agent. When a proxy agent is used, this protocol conveys local +and remote address and port information. Specify +"postscreen_upstream_proxy_protocol = haproxy" to enable the haproxy +protocol; version 2 is supported with Postfix 3.5 and later. +.PP +This feature is available in Postfix 2.10 and later. +.SH postscreen_upstream_proxy_timeout (default: 5s) +The time limit for the proxy protocol specified with the +postscreen_upstream_proxy_protocol parameter. +.PP +This feature is available in Postfix 2.10 and later. +.SH postscreen_use_tls (default: $smtpd_use_tls) +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.PP +This feature is available in Postfix 2.8 and later. +Preferably, use postscreen_tls_security_level instead. +.SH postscreen_watchdog_timeout (default: 10s) +How much time a \fBpostscreen\fR(8) process may take to respond to +a remote SMTP client command or to perform a cache operation before it +is terminated by a built\-in watchdog timer. This is a safety +mechanism that prevents \fBpostscreen\fR(8) from becoming non\-responsive +due to a bug in Postfix itself or in system software. To avoid +false alarms and unnecessary cache corruption this limit cannot be +set under 10s. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.8. +.SH postscreen_whitelist_interfaces (default: static:all) +Renamed to postscreen_allowlist_interfaces in Postfix 3.6. +.PP +This feature is available in Postfix 2.9 \- 3.5. +.SH prepend_delivered_header (default: command, file, forward) +The message delivery contexts where the Postfix \fBlocal\fR(8) delivery +agent prepends a Delivered\-To: message header with the address +that the mail was delivered to. This information is used for mail +delivery loop detection. +.PP +By default, the Postfix local delivery agent prepends a Delivered\-To: +header when forwarding mail and when delivering to file (mailbox) +and command. Turning off the Delivered\-To: header when forwarding +mail is not recommended. +.PP +Specify zero or more of \fBforward\fR, \fBfile\fR, or \fBcommand\fR. +.PP +Example: +.PP +.nf +.na +.ft C +prepend_delivered_header = forward +.fi +.ad +.ft R +.SH process_id (read\-only) +The process ID of a Postfix command or daemon process. +.SH process_id_directory (default: pid) +The location of Postfix PID files relative to $queue_directory. +This is a read\-only parameter. +.SH process_name (read\-only) +The process name of a Postfix command or daemon process. +.SH propagate_unmatched_extensions (default: canonical, virtual) +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +For example, with a \fBvirtual\fR(5) mapping of "\fIjoe@example.com => +joe.user@example.net\fR", the address "\fIjoe+foo@example.com\fR" +would rewrite to "\fIjoe.user+foo@example.net\fR". +.PP +Specify zero or more of \fBcanonical\fR, \fBvirtual\fR, \fBalias\fR, +\fBforward\fR, \fBinclude\fR or \fBgeneric\fR. These cause +address extension +propagation with \fBcanonical\fR(5), \fBvirtual\fR(5), and \fBaliases\fR(5) maps, +with \fBlocal\fR(8) .forward and :include: file lookups, and with \fBsmtp\fR(8) +generic maps, respectively. +.PP +Note: enabling this feature for types other than \fBcanonical\fR +and \fBvirtual\fR is likely to cause problems when mail is forwarded +to other sites, especially with mail that is sent to a mailing list +exploder address. +.PP +Examples: +.PP +.nf +.na +.ft C +propagate_unmatched_extensions = canonical, virtual, alias, + forward, include +propagate_unmatched_extensions = canonical, virtual +.fi +.ad +.ft R +.SH proxy_interfaces (default: empty) +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.PP +This feature is available in Postfix 2.0 and later. +.PP +You must specify your "outside" proxy/NAT addresses when your +system is a backup MX host for other domains, otherwise mail delivery +loops will happen when the primary MX host is down. +.PP +Example: +.PP +.nf +.na +.ft C +proxy_interfaces = 1.2.3.4 +.fi +.ad +.ft R +.SH proxy_read_maps (default: see "postconf \-d" output) +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-only service. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. +Table references that don't begin with proxy: are ignored. +.PP +This feature is available in Postfix 2.0 and later. +.SH proxy_write_maps (default: see "postconf \-d" output) +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-write service. Postfix\-owned local database +files should be stored under the Postfix\-owned data_directory. +Table references that don't begin with proxy: are ignored. +.PP +This feature is available in Postfix 2.5 and later. +.SH proxymap_service_name (default: proxymap) +The name of the proxymap read\-only table lookup service. This +service is normally implemented by the \fBproxymap\fR(8) daemon. +.PP +This feature is available in Postfix 2.6 and later. +.SH proxywrite_service_name (default: proxywrite) +The name of the proxywrite read\-write table lookup service. +This service is normally implemented by the \fBproxymap\fR(8) daemon. +.PP +This feature is available in Postfix 2.6 and later. +.SH qmgr_clog_warn_time (default: 300s) +The minimal delay between warnings that a specific destination is +clogging up the Postfix active queue. Specify 0 to disable. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is enabled with the helpful_warnings parameter. +.PP +This feature is available in Postfix 2.0 and later. +.SH qmgr_daemon_timeout (default: 1000s) +How much time a Postfix queue manager process may take to handle +a request before it is terminated by a built\-in watchdog timer. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.8 and later. +.SH qmgr_fudge_factor (default: 100) +Obsolete feature: the percentage of delivery resources that a busy +mail system will use up for delivery of a large mailing list +message. +.PP +This feature exists only in the \fBoqmgr\fR(8) old queue manager. The +current queue manager solves the problem in a better way. +.SH qmgr_ipc_timeout (default: 60s) +The time limit for the queue manager to send or receive information +over an internal communication channel. The purpose is to break +out of deadlock situations. If the time limit is exceeded the +software either retries or aborts the operation. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.8 and later. +.SH qmgr_message_active_limit (default: 20000) +The maximal number of messages in the active queue. +.SH qmgr_message_recipient_limit (default: 20000) +The maximal number of recipients held in memory by the Postfix +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. +.SH qmgr_message_recipient_minimum (default: 10) +The minimal number of in\-memory recipients for any message. This +takes priority over any other in\-memory recipient limits (i.e., +the global qmgr_message_recipient_limit and the per transport +_recipient_limit) if necessary. The minimum value allowed for this +parameter is 1. +.SH qmqpd_authorized_clients (default: empty) +What remote QMQP clients are allowed to connect to the Postfix QMQP +server port. +.PP +By default, no client is allowed to use the service. This is +because the QMQP server will relay mail to any destination. +.PP +Specify a list of client patterns. A list pattern specifies a host +name, a domain name, an internet address, or a network/mask pattern, +where the mask specifies the number of bits in the network part. +When a pattern specifies a file name, its contents are substituted +for the file name; when a pattern is a "type:table" table specification, +table lookup is used instead. +.PP +Patterns are separated by whitespace and/or commas. In order to +reverse the result, precede a pattern with an +exclamation point (!). The form "!/file/name" is supported only +in Postfix version 2.4 and later. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "qmqpd_authorized_clients" in the +parent_domain_matches_subdomains parameter value. +.PP +Example: +.PP +.nf +.na +.ft C +qmqpd_authorized_clients = !192.168.0.1, 192.168.0.0/24 +.fi +.ad +.ft R +.SH qmqpd_client_port_logging (default: no) +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +.PP +This feature is available in Postfix 2.5 and later. +.SH qmqpd_error_delay (default: 1s) +How long the Postfix QMQP server will pause before sending a negative +reply to the remote QMQP client. The purpose is to slow down confused +or malicious clients. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH qmqpd_timeout (default: 300s) +The time limit for sending or receiving information over the network. +If a read or write operation blocks for more than $qmqpd_timeout +seconds the Postfix QMQP server gives up and disconnects. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH queue_directory (default: see "postconf \-d" output) +The location of the Postfix top\-level queue directory. This is the +root directory of Postfix daemon processes that run chrooted. +.SH queue_file_attribute_count_limit (default: 100) +The maximal number of (name=value) attributes that may be stored +in a Postfix queue file. The limit is enforced by the \fBcleanup\fR(8) +server. +.PP +This feature is available in Postfix 2.0 and later. +.SH queue_minfree (default: 0) +The minimal amount of free space in bytes in the queue file system +that is needed to receive mail. This is currently used by the +Postfix SMTP server to decide if it will accept any mail at all. +.PP +By default, the Postfix SMTP server rejects MAIL FROM commands when +the amount of free space is less than 1.5*$message_size_limit +(Postfix version 2.1 and later). +To specify a higher minimum free space limit, specify a queue_minfree +value that is at least 1.5*$message_size_limit. +.PP +With Postfix versions 2.0 and earlier, a queue_minfree value of +zero means there is no minimum required amount of free space. +.SH queue_run_delay (default: 300s) +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.PP +This parameter should be set less than or equal to +$minimal_backoff_time. See also $maximal_backoff_time. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH queue_service_name (default: qmgr) +The name of the \fBqmgr\fR(8) service. This service manages the Postfix +queue and schedules delivery requests. +.PP +This feature is available in Postfix 2.0 and later. +.SH rbl_reply_maps (default: empty) +Optional lookup tables with RBL response templates. The tables are +indexed by the RBL domain name. By default, Postfix uses the default +template as specified with the default_rbl_reply configuration +parameter. See there for a discussion of the syntax of RBL reply +templates. +.PP +This feature is available in Postfix 2.0 and later. +.SH readme_directory (default: see "postconf \-d" output) +The location of Postfix README files that describe how to build, +configure or operate a specific Postfix subsystem or feature. +.SH receive_override_options (default: empty) +Enable or disable recipient validation, built\-in content +filtering, or address mapping. Typically, these are specified in +master.cf as command\-line arguments for the \fBsmtpd\fR(8), \fBqmqpd\fR(8) or +\fBpickup\fR(8) daemons. +.PP +Specify zero or more of the following options. The options +override main.cf settings and are either implemented by \fBsmtpd\fR(8), +\fBqmqpd\fR(8), or \fBpickup\fR(8) themselves, or they are forwarded to the +cleanup server. +.IP "\fBno_unknown_recipient_checks\fR" +Do not try to reject unknown recipients (SMTP server only). +This is typically specified AFTER an external content filter. +.br +.IP "\fBno_address_mappings\fR" +Disable canonical address mapping, virtual alias map expansion, +address masquerading, and automatic BCC (blind carbon\-copy) +recipients. This is typically specified BEFORE an external content +filter. +.br +.IP "\fBno_header_body_checks\fR" +Disable header/body_checks. This is typically specified AFTER +an external content filter. +.br +.IP "\fBno_milters\fR" +Disable Milter (mail filter) applications. This is typically +specified AFTER an external content filter. +.br +.br +.PP +Note: when the "BEFORE content filter" receive_override_options +setting is specified in the main.cf file, specify the "AFTER content +filter" receive_override_options setting in master.cf (and vice +versa). +.PP +Examples: +.PP +.nf +.na +.ft C +receive_override_options = + no_unknown_recipient_checks, no_header_body_checks +receive_override_options = no_address_mappings +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.1 and later. +.SH recipient_bcc_maps (default: empty) +Optional BCC (blind carbon\-copy) address lookup tables, indexed by +recipient address. The BCC address (multiple results are not +supported) is added when mail enters from outside of Postfix. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +The table search order is as follows: +.IP \(bu +Look up the "user+extension@domain.tld" address including the +optional address extension. +.IP \(bu +Look up the "user@domain.tld" address without the optional +address extension. +.IP \(bu +Look up the "user+extension" address local part when the +recipient domain equals $myorigin, $mydestination, $inet_interfaces +or $proxy_interfaces. +.IP \(bu +Look up the "user" address local part when the recipient domain +equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. +.IP \(bu +Look up the "@domain.tld" part. +.br +.PP +Note: with Postfix 2.3 and later the BCC address is added as if it +was specified with NOTIFY=NONE. The sender will not be notified +when the BCC address is undeliverable, as long as all down\-stream +software implements RFC 3461. +.PP +Note: with Postfix 2.2 and earlier the sender will unconditionally +be notified when the BCC address is undeliverable. +.PP +Note: automatic BCC recipients are produced only for new mail. +To avoid mailer loops, automatic BCC recipients are not generated +after Postfix forwards mail internally, or after Postfix generates +mail itself. +.PP +Example: +.PP +.nf +.na +.ft C +recipient_bcc_maps = hash:/etc/postfix/recipient_bcc +.fi +.ad +.ft R +.PP +After a change, run "\fBpostmap /etc/postfix/recipient_bcc\fR". +.PP +This feature is available in Postfix 2.1 and later. +.SH recipient_canonical_classes (default: envelope_recipient, header_recipient) +What addresses are subject to recipient_canonical_maps address +mapping. By default, recipient_canonical_maps address mapping is +applied to envelope recipient addresses, and to header recipient +addresses. +.PP +Specify one or more of: envelope_recipient, header_recipient +.PP +This feature is available in Postfix 2.2 and later. +.SH recipient_canonical_maps (default: empty) +Optional address mapping lookup tables for envelope and header +recipient addresses. +The table format and lookups are documented in \fBcanonical\fR(5). +.PP +Note: $recipient_canonical_maps is processed before $canonical_maps. +.PP +Example: +.PP +.nf +.na +.ft C +recipient_canonical_maps = hash:/etc/postfix/recipient_canonical +.fi +.ad +.ft R +.SH recipient_delimiter (default: empty) +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +For example, with "recipient_delimiter = +", the software tries +user+foo@example.com before trying user@example.com, user+foo before +trying user, and .forward+foo before trying .forward. +.PP +More formally, an email address localpart or user name is +separated from its extension by the first character that matches +the recipient_delimiter set. The delimiter character and extension +may then be used to generate an extended .forward file name. This +implementation recognizes one delimiter character and one extension +per email address localpart or email address. With Postfix 2.10 and +earlier, the recipient_delimiter specifies a single character. +.PP +See \fBcanonical\fR(5), \fBlocal\fR(8), \fBrelocated\fR(5) and \fBvirtual\fR(5) for the +effects of recipient_delimiter on lookups in aliases, canonical, +virtual, and relocated maps, and see the propagate_unmatched_extensions +parameter for propagating an extension from one email address to +another. +.PP +When used in command_execution_directory, forward_path, or +luser_relay, ${recipient_delimiter} is replaced with the actual +recipient delimiter that was found in the recipient email address +(Postfix 2.11 and later), or it is replaced with the main.cf +recipient_delimiter parameter value (Postfix 2.10 and earlier). +.PP +The recipient_delimiter is not applied to the mailer\-daemon +address, the postmaster address, or the double\-bounce address. With +the default "owner_request_special = yes" setting, the recipient_delimiter +is also not applied to addresses with the special "owner\-" prefix +or the special "\-request" suffix. +.PP +Examples: +.PP +.nf +.na +.ft C +# Handle Postfix\-style extensions. +recipient_delimiter = + +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Handle both Postfix and qmail extensions (Postfix 2.11 and later). +recipient_delimiter = +\- +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Use .forward for mail without address extension, and for mail with +# an unrecognized address extension. +forward_path = $home/.forward${recipient_delimiter}${extension}, + $home/.forward +.fi +.ad +.ft R +.SH reject_code (default: 554) +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "reject" restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH reject_tempfail_action (default: defer_if_permit) +The Postfix SMTP server's action when a reject\-type restriction +fails due to a temporary error condition. Specify "defer" to defer +the remote SMTP client request immediately. With the default +"defer_if_permit" action, the Postfix SMTP server continues to look +for opportunities to reject mail, and defers the client request +only if it would otherwise be accepted. +.PP +For finer control, see: unverified_recipient_tempfail_action, +unverified_sender_tempfail_action, unknown_address_tempfail_action, +and unknown_helo_hostname_tempfail_action. +.PP +This feature is available in Postfix 2.6 and later. +.SH relay_clientcerts (default: empty) +List of tables with remote SMTP client\-certificate fingerprints or +public key fingerprints (Postfix 2.9 and later) for which the Postfix +SMTP server will allow access with the permit_tls_clientcerts +feature. The fingerprint digest algorithm is configurable via the +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to +Postfix version 2.5). +.PP +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice +algorithm is now \fBsha256\fR. Recent advances in hash function +cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" +attacks against the older algorithms, their use in this context, though +not recommended, is still likely safe. +.PP +Postfix lookup tables are in the form of (key, value) pairs. +Since we only need the key, the value can be chosen freely, e.g. +the name of the user or host: +D7:04:2F:A7:0B:8C:A5:21:FA:31:77:E1:41:8A:EE:80 lutzpc.at.home +.PP +Example: +.PP +.nf +.na +.ft C +relay_clientcerts = hash:/etc/postfix/relay_clientcerts +.fi +.ad +.ft R +.PP +For more fine\-grained control, use check_ccert_access to select +an appropriate \fBaccess\fR(5) policy for each client. +See RESTRICTION_CLASS_README. +.PP +This feature is available with Postfix version 2.2. +.SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit) +The maximal number of parallel deliveries to the same destination +via the relay message delivery transport. This limit is enforced +by the queue manager. The message delivery transport name is the +first field in the entry in the master.cf file. +.PP +This feature is available in Postfix 2.0 and later. +.SH relay_destination_recipient_limit (default: $default_destination_recipient_limit) +The maximal number of recipients per message for the relay +message delivery transport. This limit is enforced by the queue +manager. The message delivery transport name is the first field in +the entry in the master.cf file. +.PP +Setting this parameter to a value of 1 changes the meaning of +relay_destination_concurrency_limit from concurrency per domain +into concurrency per recipient. +.PP +This feature is available in Postfix 2.0 and later. +.SH relay_domains (default: Postfix >= 3.0: empty, Postfix < 3.0: $mydestination) +What destination domains (and subdomains thereof) this system +will relay mail to. For details about how +the relay_domains value is used, see the description of the +permit_auth_destination and reject_unauth_destination SMTP recipient +restrictions. +.PP +Domains that match $relay_domains are delivered with the +$relay_transport mail delivery transport. The SMTP server validates +recipient addresses with $relay_recipient_maps and rejects non\-existent +recipients. See also the relay domains address class in the +ADDRESS_CLASS_README file. +.PP +Note: Postfix will not automatically forward mail for domains +that list this system as their primary or backup MX host. See the +permit_mx_backup restriction in the \fBpostconf\fR(5) manual page. +.PP +Specify a list of host or domain names, "/file/name" patterns +or "type:table" lookup tables, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. A +"/file/name" pattern is replaced by its contents; a "type:table" +lookup table is matched when a (parent) domain appears as lookup +key. Specify "!pattern" to exclude a domain from the list. The form +"!/file/name" is supported only in Postfix version 2.4 and later. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "relay_domains" in the parent_domain_matches_subdomains +parameter value. +.SH relay_domains_reject_code (default: 554) +The numerical Postfix SMTP server response code when a client +request is rejected by the reject_unauth_destination recipient +restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH relay_recipient_maps (default: empty) +Optional lookup tables with all valid addresses in the domains +that match $relay_domains. Specify @domain as a wild\-card for +domains that have no valid recipient list, and become a source of +backscatter mail: Postfix accepts spam for non\-existent recipients +and then floods innocent people with undeliverable mail. Technically, +tables +listed with $relay_recipient_maps are used as lists: Postfix needs +to know only if a lookup string is found or not, but it does not +use the result from the table lookup. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +If this parameter is non\-empty, then the Postfix SMTP server will reject +mail to unknown relay users. This feature is off by default. +.PP +See also the relay domains address class in the ADDRESS_CLASS_README +file. +.PP +Example: +.PP +.nf +.na +.ft C +relay_recipient_maps = hash:/etc/postfix/relay_recipients +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.0 and later. +.SH relay_transport (default: relay) +The default mail delivery transport and next\-hop destination for +remote delivery to domains listed with $relay_domains. In order of +decreasing precedence, the nexthop destination is taken from +$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or +from the recipient domain. This information can be overruled with +the \fBtransport\fR(5) table. +.PP +Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR +is the name of a mail delivery transport defined in master.cf. +The \fI:nexthop\fR destination is optional; its syntax is documented +in the manual page of the corresponding delivery agent. +.PP +See also the relay domains address class in the ADDRESS_CLASS_README +file. +.PP +This feature is available in Postfix 2.0 and later. +.SH relayhost (default: empty) +The next\-hop destination(s) for non\-local mail; overrides non\-local +domains in recipient addresses. This information is overruled with +relay_transport, sender_dependent_default_transport_maps, +default_transport, sender_dependent_relayhost_maps +and with the \fBtransport\fR(5) table. +.PP +On an intranet, specify the organizational domain name. If your +internal DNS uses no MX records, specify the name of the intranet +gateway host instead. +.PP +In the case of SMTP or LMTP delivery, specify one or more destinations +in the form of a domain name, hostname, hostname:port, [hostname]:port, +[hostaddress] or [hostaddress]:port, separated by comma or whitespace. +The form [hostname] turns off MX lookups. Multiple destinations are +supported in Postfix 3.5 and later. +.PP +If you're connected via UUCP, see the UUCP_README file for useful +information. +.PP +Examples: +.PP +.nf +.na +.ft C +relayhost = $mydomain +relayhost = [gateway.example.com] +relayhost = mail1.example:587, mail2.example:587 +relayhost = [an.ip.add.ress] +.fi +.ad +.ft R +.SH relocated_maps (default: empty) +Optional lookup tables with new contact information for users or +domains that no longer exist. The table format and lookups are +documented in \fBrelocated\fR(5). +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +If you use this feature, run "\fBpostmap /etc/postfix/relocated\fR" to +build the necessary DBM or DB file after change, then "\fBpostfix +reload\fR" to make the changes visible. +.PP +Examples: +.PP +.nf +.na +.ft C +relocated_maps = dbm:/etc/postfix/relocated +relocated_maps = hash:/etc/postfix/relocated +.fi +.ad +.ft R +.SH remote_header_rewrite_domain (default: empty) +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. The +local_header_rewrite_clients parameter controls what clients Postfix +considers local. +.PP +Examples: +.PP +The safe setting: append "domain.invalid" to incomplete header +addresses from remote SMTP clients, so that those addresses cannot +be confused with local addresses. +.sp +.in +4 +.nf +.na +.ft C +remote_header_rewrite_domain = domain.invalid +.fi +.ad +.ft R +.in -4 +.PP +The default, purist, setting: don't rewrite headers from remote +clients at all. +.sp +.in +4 +.nf +.na +.ft C +remote_header_rewrite_domain = +.fi +.ad +.ft R +.in -4 +.SH require_home_directory (default: no) +Require that a \fBlocal\fR(8) recipient's home directory exists +before mail delivery is attempted. By default this test is disabled. +It can be useful for environments that import home directories to +the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). +.SH reset_owner_alias (default: no) +Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias. +.PP +This feature is available in Postfix 2.8 and later. With older +Postfix releases, the behavior is as if this parameter is set to +"yes". +.PP +As documented in \fBaliases\fR(5), when an alias \fIname\fR has a +companion alias named owner\-\fIname\fR, this will replace the +envelope sender address, so that delivery errors will be +reported to the owner alias instead of the sender. This configuration +is recommended for mailing lists. +.PP +A less known property of the owner alias is that it also forces +the \fBlocal\fR(8) delivery agent to write local and remote addresses +from alias expansion to a new queue file, instead of attempting to +deliver mail to local addresses as soon as they come out of alias +expansion. +.PP +Writing local addresses from alias expansion to a new queue +file allows for robust handling of temporary delivery errors: errors +with one local member have no effect on deliveries to other members +of the list. On the other hand, delivery to local addresses as +soon as they come out of alias expansion is fragile: a temporary +error with one local address from alias expansion will cause the +entire alias to be expanded repeatedly until the error goes away, +or until the message expires in the queue. In that case, a problem +with one list member results in multiple message deliveries to other +list members. +.PP +The default behavior of Postfix 2.8 and later is to keep the +owner\-alias attribute of the parent alias, when delivering mail to +a child alias that does not have its own owner alias. Then, local +addresses from that child alias will be written to a new queue file, +and a temporary error with one local address will not affect delivery +to other mailing list members. +.PP +Unfortunately, older Postfix releases reset the owner\-alias +attribute when delivering mail to a child alias that does not have +its own owner alias. To be precise, this resets only the decision +to create a new queue file, not the decision to override the envelope +sender address. The \fBlocal\fR(8) delivery agent then attempts to +deliver local addresses as soon as they come out of child alias +expansion. If delivery to any address from child alias expansion +fails with a temporary error condition, the entire mailing list may +be expanded repeatedly until the mail expires in the queue, resulting +in multiple deliveries of the same message to mailing list members. +.SH resolve_dequoted_address (default: yes) +Resolve a recipient address safely instead of correctly, by +looking inside quotes. +.PP +By default, the Postfix address resolver does not quote the +address localpart as per RFC 822, so that additional @ or % or ! +operators remain visible. This behavior is safe but it is also +technically incorrect. +.PP +If you specify "resolve_dequoted_address = no", then +the Postfix +resolver will not know about additional @ etc. operators in the +address localpart. This opens opportunities for obscure mail relay +attacks with user@domain@domain addresses when Postfix provides +backup MX service for Sendmail systems. +.SH resolve_null_domain (default: no) +Resolve an address that ends in the "@" null domain as if the +local hostname were specified, instead of rejecting the address as +invalid. +.PP +This feature is available in Postfix 2.1 and later. +Earlier versions always resolve the null domain as the local +hostname. +.PP +The Postfix SMTP server uses this feature to reject mail from +or to addresses that end in the "@" null domain, and from addresses +that rewrite into a form that ends in the "@" null domain. +.SH resolve_numeric_domain (default: no) +Resolve "user@ipaddress" as "user@[ipaddress]", instead of +rejecting the address as invalid. +.PP +This feature is available in Postfix 2.3 and later. +.SH respectful_logging (default: see 'postconf \-d' output) +Avoid logging that implies white is better than black. Instead +use 'allowlist', 'denylist', and variations of those words. +.PP +This feature is available in Postfix 3.6 and later. +.SH rewrite_service_name (default: rewrite) +The name of the address rewriting service. This service rewrites +addresses to standard form and resolves them to a (delivery method, +next\-hop host, recipient) triple. +.PP +This feature is available in Postfix 2.0 and later. +.SH sample_directory (default: /etc/postfix) +The name of the directory with example Postfix configuration files. +Starting with Postfix 2.1, these files have been replaced with the +\fBpostconf\fR(5) manual page. +.SH send_cyrus_sasl_authzid (default: no) +When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. +.PP +The non\-default setting "yes" enables the behavior of older +Postfix versions. These always send a SASL authzid that is equal +to the SASL authcid, but this causes interoperability problems +with some SMTP servers. +.PP +This feature is available in Postfix 2.4.4 and later. +.SH sender_based_routing (default: no) +This parameter should not be used. It was replaced by sender_dependent_relayhost_maps +in Postfix version 2.3. +.SH sender_bcc_maps (default: empty) +Optional BCC (blind carbon\-copy) address lookup tables, indexed +by sender address. The BCC address (multiple results are not +supported) is added when mail enters from outside of Postfix. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +The table search order is as follows: +.IP \(bu +Look up the "user+extension@domain.tld" address including the +optional address extension. +.IP \(bu +Look up the "user@domain.tld" address without the optional +address extension. +.IP \(bu +Look up the "user+extension" address local part when the +sender domain equals $myorigin, $mydestination, $inet_interfaces +or $proxy_interfaces. +.IP \(bu +Look up the "user" address local part when the sender domain +equals $myorigin, $mydestination, $inet_interfaces or $proxy_interfaces. +.IP \(bu +Look up the "@domain.tld" part. +.br +.PP +Note: with Postfix 2.3 and later the BCC address is added as if it +was specified with NOTIFY=NONE. The sender will not be notified +when the BCC address is undeliverable, as long as all down\-stream +software implements RFC 3461. +.PP +Note: with Postfix 2.2 and earlier the sender will be notified +when the BCC address is undeliverable. +.PP +Note: automatic BCC recipients are produced only for new mail. +To avoid mailer loops, automatic BCC recipients are not generated +after Postfix forwards mail internally, or after Postfix generates +mail itself. +.PP +Example: +.PP +.nf +.na +.ft C +sender_bcc_maps = hash:/etc/postfix/sender_bcc +.fi +.ad +.ft R +.PP +After a change, run "\fBpostmap /etc/postfix/sender_bcc\fR". +.PP +This feature is available in Postfix 2.1 and later. +.SH sender_canonical_classes (default: envelope_sender, header_sender) +What addresses are subject to sender_canonical_maps address +mapping. By default, sender_canonical_maps address mapping is +applied to envelope sender addresses, and to header sender addresses. +.PP +Specify one or more of: envelope_sender, header_sender +.PP +This feature is available in Postfix 2.2 and later. +.SH sender_canonical_maps (default: empty) +Optional address mapping lookup tables for envelope and header +sender addresses. +The table format and lookups are documented in \fBcanonical\fR(5). +.PP +Example: you want to rewrite the SENDER address "user@ugly.domain" +to "user@pretty.domain", while still being able to send mail to +the RECIPIENT address "user@ugly.domain". +.PP +Note: $sender_canonical_maps is processed before $canonical_maps. +.PP +Example: +.PP +.nf +.na +.ft C +sender_canonical_maps = hash:/etc/postfix/sender_canonical +.fi +.ad +.ft R +.SH sender_dependent_default_transport_maps (default: empty) +A sender\-dependent override for the global default_transport +parameter setting. The tables are searched by the envelope sender +address and @domain. A lookup result of DUNNO terminates the search +without overriding the global default_transport parameter setting. +This information is overruled with the \fBtransport\fR(5) table. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +Note: this overrides default_transport, not transport_maps, and +therefore the expected syntax is that of default_transport, not the +syntax of transport_maps. Specifically, this does not support the +transport_maps syntax for null transport, null nexthop, or null +email addresses. +.PP +For safety reasons, this feature does not allow $number +substitutions in regular expression maps. +.PP +This feature is available in Postfix 2.7 and later. +.SH sender_dependent_relayhost_maps (default: empty) +A sender\-dependent override for the global relayhost parameter +setting. The tables are searched by the envelope sender address and +@domain. A lookup result of DUNNO terminates the search without +overriding the global relayhost parameter setting (Postfix 2.6 and +later). This information is overruled with relay_transport, +sender_dependent_default_transport_maps, default_transport and with +the \fBtransport\fR(5) table. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +For safety reasons, this feature does not allow $number +substitutions in regular expression maps. +.PP +This feature is available in Postfix 2.3 and later. +.SH sendmail_fix_line_endings (default: always) +Controls how the Postfix sendmail command converts email message +line endings from <CR><LF> into UNIX format (<LF>). +.IP "\fBalways\fR" +Always convert message lines ending +in <CR><LF>. This setting is the default with Postfix +2.9 and later. +.br +.IP "\fBstrict\fR" +Convert message lines ending in +<CR><LF> only if the first input line ends in +<CR><LF>. This setting is backwards\-compatible with +Postfix 2.8 and earlier. +.br +.IP "\fBnever\fR" +Never convert message lines ending in +<CR><LF>. This setting exists for completeness only. +.br +.br +.PP +This feature is available in Postfix 2.9 and later. +.SH sendmail_path (default: see "postconf \-d" output) +A Sendmail compatibility feature that specifies the location of +the Postfix \fBsendmail\fR(1) command. This command can be used to +submit mail into the Postfix queue. +.SH service_name (read\-only) +The master.cf service name of a Postfix daemon process. This +can be used to distinguish the logging from different services that +use the same program name. +.PP +Example master.cf entries: +.PP +.nf +.na +.ft C +# Distinguish inbound MTA logging from submission and smtps logging. +smtp inet n \- n \- \- smtpd +submission inet n \- n \- \- smtpd + \-o syslog_name=postfix/$service_name +smtps inet n \- n \- \- smtpd + \-o syslog_name=postfix/$service_name +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Distinguish outbound MTA logging from inbound relay logging. +smtp unix \- \- n \- \- smtp +relay unix \- \- n \- \- smtp + \-o syslog_name=postfix/$service_name +.fi +.ad +.ft R +.SH service_throttle_time (default: 60s) +How long the Postfix \fBmaster\fR(8) waits before forking a server that +appears to be malfunctioning. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH setgid_group (default: postdrop) +The group ownership of set\-gid Postfix commands and of group\-writable +Postfix directories. When this parameter value is changed you need +to re\-run "\fBpostfix set\-permissions\fR" (with Postfix version 2.0 and +earlier: "\fB/etc/postfix/post\-install set\-permissions\fR". +.SH shlib_directory (default: see 'postconf \-d' output) +The location of Postfix dynamically\-linked libraries +(libpostfix\-*.so), and the default location of Postfix database +plugins (postfix\-*.so) that have a relative pathname in the +dynamicmaps.cf file. The shlib_directory parameter defaults to +"no" when Postfix dynamically\-linked libraries and database plugins +are disabled at compile time, otherwise it typically defaults to +/usr/lib/postfix or /usr/local/lib/postfix. +.PP +Notes: +.IP \(bu +The directory specified with shlib_directory should contain +only Postfix\-related files. Postfix dynamically\-linked libraries +and database plugins should not be installed in a "public" system +directory such as /usr/lib or /usr/local/lib. Linking Postfix +dynamically\-linked library files or database plugins into non\-Postfix +programs is not supported. Postfix dynamically\-linked libraries +and database plugins implement a Postfix\-internal API that changes +without maintaining compatibility. +.IP \(bu +You can change the shlib_directory value after Postfix is +built. However, you may have to run ldconfig or equivalent to prevent +Postfix programs from failing because the libpostfix\-*.so files are +not found. No ldconfig command is needed if you keep the libpostfix\-*.so +files in the compiled\-in default $shlib_directory location. +.br +.PP +This feature is available in Postfix 3.0 and later. +.SH show_user_unknown_table_name (default: yes) +Display the name of the recipient table in the "User unknown" +responses. The extra detail makes troubleshooting easier but also +reveals information that is nobody else's business. +.PP +This feature is available in Postfix 2.0 and later. +.SH showq_service_name (default: showq) +The name of the \fBshowq\fR(8) service. This service produces mail queue +status reports. +.PP +This feature is available in Postfix 2.0 and later. +.SH smtp_address_preference (default: any) +The address type ("ipv6", "ipv4" or "any") that the Postfix +SMTP client will try first, when a destination has IPv6 and IPv4 +addresses with equal MX preference. This feature has no effect +unless the inet_protocols setting enables both IPv4 and IPv6. +.PP +Postfix SMTP client address preference has evolved. With Postfix +2.8 the default is "ipv6"; earlier implementations are hard\-coded +to prefer IPv6 over IPv4. +.PP +Notes for mail delivery between sites that have both IPv4 and +IPv6 connectivity: +.IP \(bu +The setting "smtp_address_preference = ipv6" is unsafe. +It can fail to deliver mail when there is an outage that affects +IPv6, while the destination is still reachable over IPv4. +.IP \(bu +The setting "smtp_address_preference = any" is safe. With +this, mail will eventually be delivered even if there is an outage +that affects IPv6 or IPv4, as long as it does not affect both. +.br +.PP +This feature is available in Postfix 2.8 and later. +.SH smtp_address_verify_target (default: rcpt) +In the context of email address verification, the SMTP protocol +stage that determines whether an email address is deliverable. +Specify one of "rcpt" or "data". The latter is needed with remote +SMTP servers that reject recipients after the DATA command. Use +transport_maps to apply this feature selectively: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + transport_maps = hash:/etc/postfix/transport +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/transport: + smtp\-domain\-that\-verifies\-after\-data smtp\-data\-target: + lmtp\-domain\-that\-verifies\-after\-data lmtp\-data\-target: +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + smtp\-data\-target unix \- \- n \- \- smtp + \-o smtp_address_verify_target=data + lmtp\-data\-target unix \- \- n \- \- lmtp + \-o lmtp_address_verify_target=data +.fi +.ad +.ft R +.in -4 +.PP +Unselective use of the "data" target does no harm, but will +result in unnecessary "lost connection after DATA" events at remote +SMTP/LMTP servers. +.PP +This feature is available in Postfix 3.0 and later. +.SH smtp_always_send_ehlo (default: yes) +Always send EHLO at the start of an SMTP session. +.PP +With "smtp_always_send_ehlo = no", the Postfix SMTP client sends +EHLO only when +the word "ESMTP" appears in the server greeting banner (example: +220 spike.porcupine.org ESMTP Postfix). +.SH smtp_balance_inet_protocols (default: yes) +When a remote destination resolves to a combination of IPv4 and +IPv6 addresses, ensure that the Postfix SMTP client can try both +address types before it runs into the smtp_mx_address_limit. +.PP +This avoids an interoperability problem when a destination resolves +to primarily IPv6 addresses, the smtp_address_limit feature eliminates +most or all IPv4 addresses, and the destination is not reachable over +IPv6. +.PP +This feature is available in Postfix 3.3 and later. +.SH smtp_bind_address (default: empty) +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv4 connection. +.PP +This can be specified in the main.cf file for all SMTP clients, or +it can be specified in the master.cf file for a specific client, +for example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + smtp ... smtp \-o smtp_bind_address=11.22.33.44 +.fi +.ad +.ft R +.in -4 +.PP +See smtp_bind_address_enforce for how Postfix should handle +errors (Postfix 3.7 and later). +.PP +Note 1: when inet_interfaces specifies no more than one IPv4 +address, and that address is a non\-loopback address, it is +automatically used as the smtp_bind_address. This supports virtual +IP hosting, but can be a problem on multi\-homed firewalls. See the +inet_interfaces documentation for more detail. +.PP +Note 2: address information may be enclosed inside [], +but this form is not required here. +.SH smtp_bind_address6 (default: empty) +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv6 connection. +.PP +This feature is available in Postfix 2.2 and later. +.PP +This can be specified in the main.cf file for all SMTP clients, or +it can be specified in the master.cf file for a specific client, +for example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + smtp ... smtp \-o smtp_bind_address6=1:2:3:4:5:6:7:8 +.fi +.ad +.ft R +.in -4 +.PP +See smtp_bind_address_enforce for how Postfix should handle +errors (Postfix 3.7 and later). +.PP +Note 1: when inet_interfaces specifies no more than one IPv6 +address, and that address is a non\-loopback address, it is +automatically used as the smtp_bind_address6. This supports virtual +IP hosting, but can be a problem on multi\-homed firewalls. See the +inet_interfaces documentation for more detail. +.PP +Note 2: address information may be enclosed inside [], +but this form is not recommended here. +.SH smtp_bind_address_enforce (default: no) +Defer delivery when the Postfix SMTP client cannot apply the +smtp_bind_address or smtp_bind_address6 setting. By default, the +Postfix SMTP client will continue delivery after logging a warning. +.PP +This feature is available in Postfix 3.7 and later. +.SH smtp_body_checks (default: empty) +Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. +These tables are searched while mail is being delivered. Actions +that change the delivery time or destination are not available. +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_cname_overrides_servername (default: version dependent) +When the remote SMTP servername is a DNS CNAME, replace the +servername with the result from CNAME expansion for the purpose of +logging, SASL password lookup, TLS +policy decisions, or TLS certificate verification. The value "no" +hardens Postfix smtp_tls_per_site hostname\-based policies against +false hostname information in DNS CNAME records, and makes SASL +password file lookups more predictable. This is the default setting +as of Postfix 2.3. +.PP +When DNS CNAME records are validated with secure DNS lookups +(smtp_dns_support_level = dnssec), they are always allowed to +override the above servername (Postfix 2.11 and later). +.PP +This feature is available in Postfix 2.2.9 and later. +.SH smtp_connect_timeout (default: 30s) +The Postfix SMTP client time limit for completing a TCP connection, or +zero (use the operating system built\-in time limit). +.PP +When no connection can be made within the deadline, the Postfix +SMTP client +tries the next address on the mail exchanger list. Specify 0 to +disable the time limit (i.e. use whatever timeout is implemented by +the operating system). +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_connection_cache_destinations (default: empty) +Permanently enable SMTP connection caching for the specified +destinations. With SMTP connection caching, a connection is not +closed immediately after completion of a mail transaction. Instead, +the connection is kept open for up to $smtp_connection_cache_time_limit +seconds. This allows connections to be reused for other deliveries, +and can improve mail delivery performance. +.PP +Specify a comma or white space separated list of destinations +or pseudo\-destinations: +.IP \(bu +if mail is sent without a relay host: a domain name (the +right\-hand side of an email address, without the [] around a numeric +IP address), +.IP \(bu +if mail is sent via a relay host: a relay host name (without +[] or non\-default TCP port), as specified in main.cf or in the +transport map, +.IP \(bu +if mail is sent via a UNIX\-domain socket: a pathname (without +the unix: prefix), +.IP \(bu +a /file/name with domain names and/or relay host names as +defined above, +.IP \(bu +a "type:table" with domain names and/or relay host names on +the left\-hand side. The right\-hand side result from "type:table" +lookups is ignored. +.br +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_connection_cache_on_demand (default: yes) +Temporarily enable SMTP connection caching while a destination +has a high volume of mail in the active queue. With SMTP connection +caching, a connection is not closed immediately after completion +of a mail transaction. Instead, the connection is kept open for +up to $smtp_connection_cache_time_limit seconds. This allows +connections to be reused for other deliveries, and can improve mail +delivery performance. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_connection_cache_time_limit (default: 2s) +When SMTP connection caching is enabled, the amount of time that +an unused SMTP client socket is kept open before it is closed. Do +not specify larger values without permission from the remote sites. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_connection_reuse_count_limit (default: 0) +When SMTP connection caching is enabled, the number of times +that an SMTP session may be reused before it is closed, or zero (no +limit). With a reuse count limit of N, a connection is used up to +N+1 times. +.PP +NOTE: This feature is unsafe. When a high\-volume destination +has multiple inbound MTAs, then the slowest inbound MTA will attract +the most connections to that destination. This limitation does not +exist with the smtp_connection_reuse_time_limit feature. +.PP +This feature is available in Postfix 2.11. +.SH smtp_connection_reuse_time_limit (default: 300s) +The amount of time during which Postfix will use an SMTP +connection repeatedly. The timer starts when the connection is +initiated (i.e. it includes the connect, greeting and helo latency, +in addition to the latencies of subsequent mail delivery transactions). +.PP +This feature addresses a performance stability problem with +remote SMTP servers. This problem is not specific to Postfix: it +can happen when any MTA sends large amounts of SMTP email to a site +that has multiple MX hosts. +.PP +The problem starts when one of a set of MX hosts becomes slower +than the rest. Even though SMTP clients connect to fast and slow +MX hosts with equal probability, the slow MX host ends up with more +simultaneous inbound connections than the faster MX hosts, because +the slow MX host needs more time to serve each client request. +.PP +The slow MX host becomes a connection attractor. If one MX +host becomes N times slower than the rest, it dominates mail delivery +latency unless there are more than N fast MX hosts to counter the +effect. And if the number of MX hosts is smaller than N, the mail +delivery latency becomes effectively that of the slowest MX host +divided by the total number of MX hosts. +.PP +The solution uses connection caching in a way that differs from +Postfix version 2.2. By limiting the amount of time during which a connection +can be used repeatedly (instead of limiting the number of deliveries +over that connection), Postfix not only restores fairness in the +distribution of simultaneous connections across a set of MX hosts, +it also favors deliveries over connections that perform well, which +is exactly what we want. +.PP +The default reuse time limit, 300s, is comparable to the various +smtp transaction timeouts which are fair estimates of maximum excess +latency for a slow delivery. Note that hosts may accept thousands +of messages over a single connection within the default connection +reuse time limit. This number is much larger than the default Postfix +version 2.2 limit of 10 messages per cached connection. It may prove necessary +to lower the limit to avoid interoperability issues with MTAs that +exhibit bugs when many messages are delivered via a single connection. +A lower reuse time limit risks losing the benefit of connection +reuse when the average connection and mail delivery latency exceeds +the reuse time limit. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_data_done_timeout (default: 600s) +The Postfix SMTP client time limit for sending the SMTP ".", and +for receiving the remote SMTP server response. +.PP +When no response is received within the deadline, a warning is +logged that the mail may be delivered multiple times. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_data_init_timeout (default: 120s) +The Postfix SMTP client time limit for sending the SMTP DATA command, +and for receiving the remote SMTP server response. +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_data_xfer_timeout (default: 180s) +The Postfix SMTP client time limit for sending the SMTP message content. +When the connection makes no progress for more than $smtp_data_xfer_timeout +seconds the Postfix SMTP client terminates the transfer. +.PP +Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_defer_if_no_mx_address_found (default: no) +Defer mail delivery when no MX record resolves to an IP address. +.PP +The default (no) is to return the mail as undeliverable. With older +Postfix versions the default was to keep trying to deliver the mail +until someone fixed the MX record or until the mail was too old. +.PP +Note: the Postfix SMTP client always ignores MX records with equal +or worse preference +than the local MTA itself. +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBsmtp\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +NOTE: This feature modifies Postfix SMTP client error or non\-error +messages that may or may not be derived from remote SMTP server +responses. In contrast, the smtp_reply_filter feature modifies +remote SMTP server responses only. +.SH smtp_destination_concurrency_limit (default: $default_destination_concurrency_limit) +The maximal number of parallel deliveries to the same destination +via the smtp message delivery transport. This limit is enforced by +the queue manager. The message delivery transport name is the first +field in the entry in the master.cf file. +.SH smtp_destination_recipient_limit (default: $default_destination_recipient_limit) +The maximal number of recipients per message for the smtp +message delivery transport. This limit is enforced by the queue +manager. The message delivery transport name is the first field in +the entry in the master.cf file. +.PP +Setting this parameter to a value of 1 changes the meaning of +smtp_destination_concurrency_limit from concurrency per domain +into concurrency per recipient. +.SH smtp_discard_ehlo_keyword_address_maps (default: empty) +Lookup tables, indexed by the remote SMTP server address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP client will ignore in the EHLO response from a +remote SMTP server. See smtp_discard_ehlo_keywords for details. The +table is not indexed by hostname for consistency with +smtpd_discard_ehlo_keyword_address_maps. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_discard_ehlo_keywords (default: empty) +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP client will ignore in the EHLO +response from a remote SMTP server. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Notes: +.IP \(bu +Specify the \fBsilent\-discard\fR pseudo keyword to prevent +this action from being logged. +.IP \(bu +Use the smtp_discard_ehlo_keyword_address_maps feature to +discard EHLO keywords selectively. +.br +.SH smtp_dns_reply_filter (default: empty) +Optional filter for Postfix SMTP client DNS lookup results. +Specify zero or more lookup tables. The lookup tables are searched +in the given order for a match with the DNS lookup result, converted +to the following form: +.PP +.nf +.na +.ft C + \fIname ttl class type preference value\fR +.fi +.ad +.ft R +.PP +The \fIclass\fR field is always "IN", the \fIpreference\fR +field exists only for MX records, the names of hosts, domains, etc. +end in ".", and those names are in ASCII form (xn\-\-mumble form in +the case of UTF8 names). +.PP +When a match is found, the table lookup result specifies an +action. By default, the table query and the action name are +case\-insensitive. Currently, only the \fBIGNORE\fR action is +implemented. +.PP +Notes: +.IP \(bu +Postfix DNS reply filters have no effect on implicit DNS +lookups through nsswitch.conf or equivalent mechanisms. +.IP \(bu +The Postfix SMTP/LMTP client uses smtp_dns_reply_filter +and lmtp_dns_reply_filter only to discover a remote SMTP or LMTP +service (record types MX, A, AAAA, and TLSA). These lookups are +also made to implement the features reject_unverified_sender and +reject_unverified_recipient. +.IP \(bu +The Postfix SMTP/LMTP client defers mail delivery when +a filter removes all lookup results from a successful query. +.IP \(bu +Postfix SMTP server uses smtpd_dns_reply_filter only to +look up MX, A, AAAA, and TXT records to implement the features +reject_unknown_helo_hostname, reject_unknown_sender_domain, +reject_unknown_recipient_domain, reject_rbl_*, and reject_rhsbl_*. +.IP \(bu +The Postfix SMTP server logs a warning or defers mail +delivery when a filter removes all lookup results from a successful +query. +.br +.PP +Example: ignore Google AAAA records in Postfix SMTP client DNS +lookups, because Google sometimes hard\-rejects mail from IPv6 clients +with valid PTR etc. records. +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/smtp_dns_reply_filter: + # /domain ttl IN AAAA address/ action, all case\-insensitive. + # Note: the domain name ends in ".". + /^\eS+\e.google\e.com\e.\es+\eS+\es+\eS+\es+AAAA\es+/ IGNORE +.fi +.ad +.ft R +.PP +This feature is available in Postfix 3.0 and later. +.SH smtp_dns_resolver_options (default: empty) +DNS Resolver options for the Postfix SMTP client. Specify zero +or more of the following options, separated by comma or whitespace. +Option names are case\-sensitive. Some options refer to domain names +that are specified in the file /etc/resolv.conf or equivalent. +.IP "\fBres_defnames\fR" +Append the current domain name to single\-component names (those +that do not contain a "." character). This can produce incorrect +results, and is the hard\-coded behavior prior to Postfix 2.8. +.br +.IP "\fBres_dnsrch\fR" +Search for host names in the current domain and in parent +domains. This can produce incorrect results and is therefore not +recommended. +.br +.br +.PP +This feature is available in Postfix 2.8 and later. +.SH smtp_dns_support_level (default: empty) +Level of DNS support in the Postfix SMTP client. With +"smtp_dns_support_level" left at its empty default value, the legacy +"disable_dns_lookups" parameter controls whether DNS is enabled in +the Postfix SMTP client, otherwise the legacy parameter is ignored. +.PP +Specify one of the following: +.IP "\fBdisabled\fR" +Disable DNS lookups. No MX lookups are performed and hostname +to address lookups are unconditionally "native". This setting is +not appropriate for hosts that deliver mail to the public Internet. +Some obsolete how\-to documents recommend disabling DNS lookups in +some configurations with content_filters. This is no longer required +and strongly discouraged. +.br +.IP "\fBenabled\fR" +Enable DNS lookups. Nexthop destination domains not enclosed +in "[]" will be subject to MX lookups. If "dns" and "native" are +included in the "smtp_host_lookup" parameter value, DNS will be +queried first to resolve MX\-host A records, followed by "native" +lookups if no answer is found in DNS. +.br +.IP "\fBdnssec\fR" +Enable DNSSEC +lookups. The "dnssec" setting differs from the "enabled" setting +above in the following ways: +.IP \(bu +Any MX lookups will set +RES_USE_DNSSEC and RES_USE_EDNS0 to request DNSSEC\-validated +responses. If the MX response is DNSSEC\-validated the corresponding +hostnames are considered validated. +.IP \(bu +The address lookups of +validated hostnames are also validated, (provided of course +"smtp_host_lookup" includes "dns", see below). +.IP \(bu +Temporary +failures in DNSSEC\-enabled hostname\-to\-address resolution block any +"native" lookups. Additional "native" lookups only happen when +DNSSEC lookups hard\-fail (NODATA or NXDOMAIN). +.br +.br +.br +.PP +The Postfix SMTP client considers non\-MX "[nexthop]" and +"[nexthop]:port" destinations equivalent to statically\-validated +MX records of the form "nexthop. IN MX 0 nexthop." Therefore, +with "dnssec" support turned on, validated hostname\-to\-address +lookups apply to the nexthop domain of any "[nexthop]" or +"[nexthop]:port" destination. This is also true for LMTP "inet:host" +and "inet:host:port" destinations, as LMTP hostnames are never +subject to MX lookups. +.PP +The "dnssec" setting is recommended only if you plan to use the +dane or dane\-only TLS security +level, otherwise enabling DNSSEC support in Postfix offers no +additional security. Postfix DNSSEC support relies on an upstream +recursive nameserver that validates DNSSEC signatures. Such a DNS +server will always filter out forged DNS responses, even when Postfix +itself is not configured to use DNSSEC. +.PP +When using Postfix DANE support the "smtp_host_lookup" parameter +should include "dns", as DANE is not applicable +to hosts resolved via "native" lookups. +.PP +As mentioned above, Postfix is not a validating stub +resolver; it relies on the system's configured DNSSEC\-validating +recursive +nameserver to perform all DNSSEC validation. Since this +nameserver's DNSSEC\-validated responses will be fully trusted, it +is strongly recommended that the MTA host have a local DNSSEC\-validating +recursive caching nameserver listening on a loopback address, and +be configured to use only this nameserver for all lookups. Otherwise, +Postfix may remain subject to man\-in\-the\-middle attacks that forge +responses from the recursive nameserver +.PP +DNSSEC support requires a version of Postfix compiled against a +reasonably\-modern DNS \fBresolver\fR(3) library that implements the +RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. +.PP +This feature is available in Postfix 2.11 and later. +.SH smtp_enforce_tls (default: no) +Enforcement mode: require that remote SMTP servers use TLS +encryption, and never send mail in the clear. This also requires +that the remote SMTP server hostname matches the information in +the remote server certificate, and that the remote SMTP server +certificate was issued by a CA that is trusted by the Postfix SMTP +client. If the certificate doesn't verify or the hostname doesn't +match, delivery is deferred and mail stays in the queue. +.PP +The server hostname is matched against all names provided as +dNSNames in the SubjectAlternativeName. If no dNSNames are specified, +the CommonName is checked. The behavior may be changed with the +smtp_tls_enforce_peername option. +.PP +This option is useful only if you are definitely sure that you +will only connect to servers that support RFC 2487 _and_ that +provide valid server certificates. Typical use is for clients that +send all their email to a dedicated mailhub. +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtp_tls_security_level instead. +.SH smtp_fallback_relay (default: $fallback_relay) +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. With Postfix 2.2 and earlier this +parameter is called fallback_relay. +.PP +By default, mail is returned to the sender when a destination is +not found, and delivery is deferred when a destination is unreachable. +.PP +With bulk email deliveries, it can be beneficial to run the +fallback relay MTA on the same host, so that it can reuse the sender +IP address. This speeds up deliveries that are delayed by IP\-based +reputation systems (greylist, etc.). +.PP +The fallback relays must be SMTP destinations. Specify a domain, +host, host:port, [host]:port, [address] or [address]:port; the form +[host] turns off MX lookups. If you specify multiple SMTP +destinations, Postfix will try them in the specified order. +.PP +To prevent mailer loops between MX hosts and fall\-back hosts, +Postfix version 2.2 and later will not use the fallback relays for +destinations that it is MX host for (assuming DNS lookup is turned on). +.SH smtp_generic_maps (default: empty) +Optional lookup tables that perform address rewriting in the +Postfix SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +This is needed when the local machine does not have its own Internet +domain name, but uses something like \fIlocaldomain.local\fR +instead. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +The table format and lookups are documented in \fBgeneric\fR(5); +examples are shown in the ADDRESS_REWRITING_README and +STANDARD_CONFIGURATION_README documents. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_header_checks (default: empty) +Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. +These tables are searched while mail is being delivered. Actions +that change the delivery time or destination are not available. +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_helo_name (default: $myhostname) +The hostname to send in the SMTP HELO or EHLO command. +.PP +The default value is the machine hostname. Specify a hostname or +[ip.add.re.ss]. +.PP +This information can be specified in the main.cf file for all SMTP +clients, or it can be specified in the master.cf file for a specific +client, for example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + mysmtp ... smtp \-o smtp_helo_name=foo.bar.com +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.0 and later. +.SH smtp_helo_timeout (default: 300s) +The Postfix SMTP client time limit for sending the HELO or EHLO command, +and for receiving the initial remote SMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_host_lookup (default: dns) +What mechanisms the Postfix SMTP client uses to look up a host's +IP address. This parameter is ignored when DNS lookups are disabled +(see: disable_dns_lookups and smtp_dns_support_level). The "dns" +mechanism is always tried before "native" if both are listed. +.PP +Specify one of the following: +.IP "\fBdns\fR" +Hosts can be found in the DNS (preferred). +.br +.IP "\fBnative\fR" +Use the native naming service only (nsswitch.conf, or equivalent +mechanism). +.br +.IP "\fBdns, native\fR" +Use the native service for hosts not found in the DNS. +.br +.br +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_line_length_limit (default: 998) +The maximal length of message header and body lines that Postfix +will send via SMTP. This limit does not include the <CR><LF> +at the end of each line. Longer lines are broken by inserting +"<CR><LF><SPACE>", to minimize the damage to MIME +formatted mail. Specify zero to disable this limit. +.PP +The Postfix limit of 998 characters not including <CR><LF> +is consistent with the SMTP limit of 1000 characters including +<CR><LF>. The Postfix limit was 990 with Postfix 2.8 +and earlier. +.SH smtp_mail_timeout (default: 300s) +The Postfix SMTP client time limit for sending the MAIL FROM command, +and for receiving the remote SMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_mime_header_checks (default: empty) +Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP +client. These tables are searched while mail is being delivered. +Actions that change the delivery time or destination are not +available. +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_min_data_rate (default: 500) +The minimum plaintext data transfer rate in bytes/second for +DATA requests, when deadlines are enabled with smtp_per_request_deadline. +After a write operation transfers N plaintext message bytes (possibly +after TLS encryption), and after the DATA request deadline is +decremented by the elapsed time of that write operation, the DATA +request deadline is incremented by N/smtp_min_data_rate seconds. +However, the deadline will never be incremented beyond the time +limit specified with smtp_data_xfer_timeout. +.PP +This feature is available in Postfix 3.7 and later. +.SH smtp_mx_address_limit (default: 5) +The maximal number of MX (mail exchanger) IP addresses that can +result from Postfix SMTP client mail exchanger lookups, or zero (no +limit). Prior to +Postfix version 2.3, this limit was disabled by default. +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_mx_session_limit (default: 2) +The maximal number of SMTP sessions per delivery request before +the Postfix SMTP client +gives up or delivers to a fall\-back relay host, or zero (no +limit). This restriction ignores sessions that fail to complete the +SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to +complete the EHLO and TLS handshake (Postfix version 2.3 and later). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_nested_header_checks (default: empty) +Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP +client. These tables are searched while mail is being delivered. +Actions that change the delivery time or destination are not +available. +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_never_send_ehlo (default: no) +Never send EHLO at the start of an SMTP session. See also the +smtp_always_send_ehlo parameter. +.SH smtp_per_record_deadline (default: no) +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time. +.PP +Note: when per\-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per\-record deadline. +.PP +This feature is available in Postfix 2.9\-3.6. With older +Postfix releases, the behavior is as if this parameter is set to +"no". Postfix 3.7 and later use smtp_per_request_deadline. +.SH smtp_per_request_deadline (default: no) +Change the behavior of the smtp_*_timeout time limits, from a +time limit per plaintext or TLS read or write call, to a combined +time limit for sending a complete SMTP request and for receiving a +complete SMTP response. The deadline limits only the time spent +waiting for plaintext or TLS read or write calls, not time spent +elsewhere. The per\-request deadline limits the impact from hostile +peers that trickle data one byte at a time. +.PP +See smtp_min_data_rate for how the per\-request deadline is +managed during the DATA phase. +.PP +Note: when per\-request deadlines are enabled, a short time limit +may cause problems with TLS over very slow network connections. The +reason is that a TLS protocol message can be up to 16 kbytes long +(with TLSv1), and that an entire TLS protocol message must be +transferred within the per\-request deadline. +.PP +This feature is available in Postfix 3.7 and later. A weaker +feature, called smtp_per_record_deadline, is available with Postfix +2.9\-3.6. +.PP +This feature is available in Postfix 3.7 and later. +.SH smtp_pix_workaround_delay_time (default: 10s) +How long the Postfix SMTP client pauses before sending +".<CR><LF>" in order to work around the PIX firewall +"<CR><LF>.<CR><LF>" bug. +.PP +Choosing too short a time makes this workaround ineffective when +sending large messages over slow network connections. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_pix_workaround_maps (default: empty) +Lookup tables, indexed by the remote SMTP server address, with +per\-destination workarounds for CISCO PIX firewall bugs. The table +is not indexed by hostname for consistency with +smtp_discard_ehlo_keyword_address_maps. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +This feature is available in Postfix 2.4 and later. +.SH smtp_pix_workaround_threshold_time (default: 500s) +How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "<CR><LF>.<CR><LF>" +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +By default, the workaround is turned off for mail that is queued +for less than 500 seconds. In other words, the workaround is normally +turned off for the first delivery attempt. +.PP +Specify 0 to enable the PIX firewall +"<CR><LF>.<CR><LF>" bug workaround upon the +first delivery attempt. +.SH smtp_pix_workarounds (default: disable_esmtp, delay_dotcrlf) +A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. These workarounds are implemented by the Postfix +SMTP client. Workaround names are separated by comma or space, and +are case insensitive. This parameter setting can be overruled with +per\-destination smtp_pix_workaround_maps settings. +.IP "\fBdelay_dotcrlf\fR +Insert a delay before sending +".<CR><LF>" after the end of the message content. The +delay is subject to the smtp_pix_workaround_delay_time and +smtp_pix_workaround_threshold_time parameter settings. +.br +.IP "\fBdisable_esmtp\fR +Disable all extended SMTP commands: +send HELO instead of EHLO. +.br +.br +.PP +This feature is available in Postfix 2.4 and later. The default +settings are backwards compatible with earlier Postfix versions. +.SH smtp_quit_timeout (default: 300s) +The Postfix SMTP client time limit for sending the QUIT command, +and for receiving the remote SMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_quote_rfc821_envelope (default: yes) +Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands +as required +by RFC 5321. This includes putting quotes around an address localpart +that ends in ".". +.PP +The default is to comply with RFC 5321. If you have to send mail to +a broken SMTP server, configure a special SMTP client in master.cf: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/master.cf: + broken\-smtp . . . smtp \-o smtp_quote_rfc821_envelope=no +.fi +.ad +.ft R +.in -4 +.PP +and route mail for the destination in question to the "broken\-smtp" +message delivery with a \fBtransport\fR(5) table. +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_randomize_addresses (default: yes) +Randomize the order of equal\-preference MX host addresses. This +is a performance feature of the Postfix SMTP client. +.SH smtp_rcpt_timeout (default: 300s) +The Postfix SMTP client time limit for sending the SMTP RCPT TO +command, and for receiving the remote SMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtp_reply_filter (default: empty) +A mechanism to transform replies from remote SMTP servers one +line at a time. This is a last\-resort tool to work around server +replies that break interoperability with the Postfix SMTP client. +Other uses involve fault injection to test Postfix's handling of +invalid responses. +.PP +Notes: +.IP \(bu +In the case of a multi\-line reply, the Postfix SMTP client +uses the final reply line's numerical SMTP reply code and enhanced +status code. +.IP \(bu +The numerical SMTP reply code (XYZ) takes precedence over +the enhanced status code (X.Y.Z). When the enhanced status code +initial digit differs from the SMTP reply code initial digit, or +when no enhanced status code is present, the Postfix SMTP client +uses a generic enhanced status code (X.0.0) instead. +.br +.PP +Specify the name of a "type:table" lookup table. The search +string is a single SMTP reply line as received from the remote SMTP +server, except that the trailing <CR><LF> are removed. +When the lookup succeeds, the result replaces the single SMTP reply +line. +.PP +Examples: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_reply_filter = pcre:/etc/postfix/reply_filter +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/reply_filter: + # Transform garbage into "250\-filler..." so that it looks like + # one line from a multi\-line reply. It does not matter what we + # substitute here as long it has the right syntax. The Postfix + # SMTP client will use the final line's numerical SMTP reply + # code and enhanced status code. + !/^([2\-5][0\-9][0\-9]($|[\- ]))/ 250\-filler for garbage +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.7. +.SH smtp_rset_timeout (default: 20s) +The Postfix SMTP client time limit for sending the RSET command, +and for receiving the remote SMTP server response. The SMTP client +sends RSET in +order to finish a recipient address probe, or to verify that a +cached session is still usable. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_sasl_auth_cache_name (default: empty) +An optional table to prevent repeated SASL authentication +failures with the same remote SMTP server hostname, username and +password. Each table (key, value) pair contains a server name, a +username and password, and the full server response. This information +is stored when a remote SMTP server rejects an authentication attempt +with a 535 reply code. As long as the smtp_sasl_password_maps +information does not change, and as long as the smtp_sasl_auth_cache_name +information does not expire (see smtp_sasl_auth_cache_time) the +Postfix SMTP client avoids SASL authentication attempts with the +same server, username and password, and instead bounces or defers +mail as controlled with the smtp_sasl_auth_soft_bounce configuration +parameter. +.PP +Use a per\-destination delivery concurrency of 1 (for example, +"smtp_destination_concurrency_limit = 1", +"relay_destination_concurrency_limit = 1", etc.), otherwise multiple +delivery agents may experience a login failure at the same time. +.PP +The table must be accessed via the proxywrite service, i.e. the +map name must start with "proxy:". The table should be stored under +the directory specified with the data_directory parameter. +.PP +This feature uses cryptographic hashing to protect plain\-text +passwords, and requires that Postfix is compiled with TLS support. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_sasl_auth_cache_name = proxy:btree:/var/lib/postfix/sasl_auth_cache +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_sasl_auth_cache_time (default: 90d) +The maximal age of an smtp_sasl_auth_cache_name entry before it +is removed. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is d (days). +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_sasl_auth_enable (default: no) +Enable SASL authentication in the Postfix SMTP client. By default, +the Postfix SMTP client uses no authentication. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_sasl_auth_enable = yes +.fi +.ad +.ft R +.SH smtp_sasl_auth_soft_bounce (default: yes) +When a remote SMTP server rejects a SASL authentication request +with a 535 reply code, defer mail delivery instead of returning +mail as undeliverable. The latter behavior was hard\-coded prior to +Postfix version 2.5. +.PP +Note: the setting "yes" overrides the global soft_bounce +parameter, but the setting "no" does not. +.PP +Example: +.PP +.nf +.na +.ft C +# Default as of Postfix 2.5 +smtp_sasl_auth_soft_bounce = yes +# The old hard\-coded default +smtp_sasl_auth_soft_bounce = no +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_sasl_mechanism_filter (default: empty) +If non\-empty, a Postfix SMTP client filter for the remote SMTP +server's list of offered SASL mechanisms. Different client and +server implementations may support different mechanism lists; by +default, the Postfix SMTP client will use the intersection of the +two. smtp_sasl_mechanism_filter specifies an optional third mechanism +list to intersect with. +.PP +Specify mechanism names, "/file/name" patterns or "type:table" +lookup tables. The right\-hand side result from "type:table" lookups +is ignored. Specify "!pattern" to exclude a mechanism name from the +list. The form "!/file/name" is supported only in Postfix version +2.4 and later. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Examples: +.PP +.nf +.na +.ft C +smtp_sasl_mechanism_filter = plain, login +smtp_sasl_mechanism_filter = /etc/postfix/smtp_mechs +smtp_sasl_mechanism_filter = !gssapi, !login, static:rest +.fi +.ad +.ft R +.SH smtp_sasl_password_maps (default: empty) +Optional Postfix SMTP client lookup tables with one username:password +entry per sender, remote hostname or next\-hop domain. Per\-sender +lookup is done only when sender\-dependent authentication is enabled. +If no username:password entry is found, then the Postfix SMTP client +will not attempt to authenticate to the remote host. +.PP +The Postfix SMTP client opens the lookup table before going to +chroot jail, so you can leave the password file in /etc/postfix. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.SH smtp_sasl_path (default: empty) +Implementation\-specific information that the Postfix SMTP client +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtp_sasl_type\fR. Typically this specifies the name of a +configuration file or rendezvous point. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_sasl_security_options (default: noplaintext, noanonymous) +Postfix SMTP client SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL client implementation that is selected +with \fBsmtp_sasl_type\fR. +.PP +The following security features are defined for the \fBcyrus\fR +client SASL implementation: +.PP +Specify zero or more of the following: +.IP "\fBnoplaintext\fR" +Disallow methods that use plaintext passwords. +.br +.IP "\fBnoactive\fR" +Disallow methods subject to active (non\-dictionary) attack. +.br +.IP "\fBnodictionary\fR" +Disallow methods subject to passive (dictionary) attack. +.br +.IP "\fBnoanonymous\fR" +Disallow methods that allow anonymous authentication. +.br +.IP "\fBmutual_auth\fR" +Only allow methods that provide mutual authentication (not +available with SASL version 1). +.br +.br +.PP +Example: +.PP +.nf +.na +.ft C +smtp_sasl_security_options = noplaintext +.fi +.ad +.ft R +.SH smtp_sasl_tls_security_options (default: $smtp_sasl_security_options) +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_sasl_tls_verified_security_options (default: $smtp_sasl_tls_security_options) +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions with a verified server +certificate. +.PP +When mail is sent to the public MX host for the recipient's +domain, server certificates are by default optional, and delivery +proceeds even if certificate verification fails. For delivery via +a submission service that requires SASL authentication, it may be +appropriate to send plaintext passwords only when the connection +to the server is strongly encrypted \fBand\fR the server identity +is verified. +.PP +The smtp_sasl_tls_verified_security_options parameter makes it +possible to only enable plaintext mechanisms when a secure connection +to the server is available. Submission servers subject to this +policy must either have verifiable certificates or offer suitable +non\-plaintext SASL mechanisms. +.PP +This feature is available in Postfix 2.6 and later. +.SH smtp_sasl_type (default: cyrus) +The SASL plug\-in type that the Postfix SMTP client should use +for authentication. The available types are listed with the +"\fBpostconf \-A\fR" command. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_send_dummy_mail_auth (default: no) +Whether or not to append the "AUTH=<>" option to the MAIL +FROM command in SASL\-authenticated SMTP sessions. The default is +not to send this, to avoid problems with broken remote SMTP servers. +Before Postfix 2.9 the behavior is as if "smtp_send_dummy_mail_auth += yes". +.PP +This feature is available in Postfix 2.9 and later. +.SH smtp_send_xforward_command (default: no) +Send the non\-standard XFORWARD command when the Postfix SMTP server +EHLO response announces XFORWARD support. +.PP +This allows a Postfix SMTP delivery agent, used for injecting mail +into +a content filter, to forward the name, address, protocol and HELO +name of the original client to the content filter and downstream +queuing SMTP server. This can produce more useful logging than +localhost[127.0.0.1] etc. +.PP +This feature is available in Postfix 2.1 and later. +.SH smtp_sender_dependent_authentication (default: no) +Enable sender\-dependent authentication in the Postfix SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_skip_4xx_greeting (default: yes) +Skip SMTP servers that greet with a 4XX status code (go away, try +again later). +.PP +By default, the Postfix SMTP client moves on the next mail exchanger. +Specify +"smtp_skip_4xx_greeting = no" if Postfix should defer delivery +immediately. +.PP +This feature is available in Postfix 2.0 and earlier. +Later Postfix versions always skip remote SMTP servers that greet +with a +4XX status code. +.SH smtp_skip_5xx_greeting (default: yes) +Skip remote SMTP servers that greet with a 5XX status code. +.PP +By default, the Postfix SMTP client moves on the next mail +exchanger. Specify "smtp_skip_5xx_greeting = no" if Postfix should +bounce the mail immediately. Caution: the latter behavior appears +to contradict RFC 2821. +.SH smtp_skip_quit_response (default: yes) +Do not wait for the response to the SMTP QUIT command. +.SH smtp_starttls_timeout (default: 300s) +Time limit for Postfix SMTP client write and read operations +during TLS startup and shutdown handshake procedures. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tcp_port (default: smtp) +The default TCP port that the Postfix SMTP client connects to. +Specify a symbolic name (see \fBservices\fR(5)) or a numeric port. +.SH smtp_tls_CAfile (default: empty) +A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +These are loaded into memory before the \fBsmtp\fR(8) client enters the +chroot jail. If the number of trusted roots is large, consider using +smtp_tls_CApath instead, but note that the latter directory must be +present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This +file may also be used to augment the client certificate trust chain, +but it is best to include all the required certificates directly in +$smtp_tls_cert_file (or, Postfix >= 3.4 $smtp_tls_chain_files). +.PP +Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use +ONLY the system\-supplied default Certification Authority certificates. +.PP +Specify "tls_append_default_CA = no" to prevent Postfix from +appending the system\-supplied default CAs and trusting third\-party +certificates. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_CAfile = /etc/postfix/CAcert.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_CApath (default: empty) +Directory with PEM format Certification Authority certificates +that the Postfix SMTP client uses to verify a remote SMTP server +certificate. Don't forget to create the necessary "hash" links +with, for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". +.PP +To use this option in chroot mode, this directory (or a copy) +must be inside the chroot jail. +.PP +Specify "smtp_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system\-supplied default Certification Authority certificates. +.PP +Specify "tls_append_default_CA = no" to prevent Postfix from +appending the system\-supplied default CAs and trusting third\-party +certificates. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_CApath = /etc/postfix/certs +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_block_early_mail_reply (default: no) +Try to detect a mail hijacking attack based on a TLS protocol +vulnerability (CVE\-2009\-3555), where an attacker prepends malicious +HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. +The attack would succeed with non\-Postfix SMTP servers that reply +to the malicious HELO, MAIL, RCPT, DATA commands after negotiating +the Postfix SMTP client TLS session. +.PP +This feature is available in Postfix 2.7. +.SH smtp_tls_cert_file (default: empty) +File with the Postfix SMTP client RSA certificate in PEM format. +This file may also contain the Postfix SMTP client private RSA key, and +these may be the same as the Postfix SMTP server RSA certificate and key +file. With Postfix >= 3.4 the preferred way to configure client keys +and certificates is via the "smtp_tls_chain_files" parameter. +.PP +Do not configure client certificates unless you \fBmust\fR present +client TLS certificates to one or more servers. Client certificates are +not usually needed, and can cause problems in configurations that work +well without them. The recommended setting is to let the defaults stand: +.sp +.in +4 +.nf +.na +.ft C +smtp_tls_cert_file = +smtp_tls_key_file = +smtp_tls_eccert_file = +smtp_tls_eckey_file = +# Obsolete DSA parameters +smtp_tls_dcert_file = +smtp_tls_dkey_file = +# Postfix >= 3.4 interface +smtp_tls_chain_files = +.fi +.ad +.ft R +.in -4 +.PP +The best way to use the default settings is to comment out the above +parameters in main.cf if present. +.PP +To enable remote SMTP servers to verify the Postfix SMTP client +certificate, the issuing CA certificates must be made available to the +server. You should include the required certificates in the client +certificate file, the client certificate first, then the issuing +CA(s) (bottom\-up order). +.PP +Example: the certificate for "client.example.com" was issued by +"intermediate CA" which itself has a certificate issued by "root CA". +As the "root" super\-user create the client.pem file with: +.sp +.in +4 +.nf +.na +.ft C +# \fBumask 077\fR +# \fBcat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem \fR +.fi +.ad +.ft R +.in -4 +.PP +If you also want to verify remote SMTP server certificates issued by +these CAs, you can add the CA certificates to the smtp_tls_CAfile, in +which case it is not necessary to have them in the smtp_tls_cert_file, +smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file. +.PP +A certificate supplied here must be usable as an SSL client certificate +and hence pass the "openssl verify \-purpose sslclient ..." test. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_cert_file = /etc/postfix/chain.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_chain_files (default: empty) +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm\-specific key and certificate file settings. When this +parameter is non\-empty, the legacy parameters are ignored, and a warning +is logged if any are also non\-empty. +.PP +With the proliferation of multiple private key algorithms-which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448-it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. +.PP +Each key must appear \fBimmediately before\fR the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: \fIkey1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR +.PP +Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key. +.PP +The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or a configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve. +.PP +Example (separate files for each key and corresponding certificate chain): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_chain_files = + ${config_directory}/ed25519.pem, + ${config_directory}/ed448.pem, + ${config_directory}/rsa.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed25519.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed448.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/rsa.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +Example (all keys and certificates in a single file): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_chain_files = ${config_directory}/chains.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/chains.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.4 and later. +.SH smtp_tls_cipherlist (default: empty) +Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS +cipher list. As this feature applies to all TLS security levels, it is easy +to create interoperability problems by choosing a non\-default cipher +list. Do not use a non\-default TLS cipher list on hosts that deliver email +to the public Internet: you will be unable to send email to servers that +only support the ciphers you exclude. Using a restricted cipher list +may be more appropriate for an internal MTA, where one can exert some +control over the TLS software and settings of the peer servers. +.PP +\fBNote:\fR do not use "" quotes around the parameter value. +.PP +This feature is available in Postfix version 2.2. It is not used with +Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead. +.SH smtp_tls_ciphers (default: medium) +The minimum TLS cipher grade that the Postfix SMTP client +will use with opportunistic TLS encryption. Cipher types listed in +smtp_tls_exclude_ciphers are excluded from the base definition of +the selected cipher grade. The default value is "medium" for +Postfix releases after the middle of 2015, "export" for older +releases. +.PP +When TLS is mandatory the cipher grade is chosen via the +smtp_tls_mandatory_ciphers configuration parameter, see there for syntax +details. See smtp_tls_policy_maps for information on how to configure +ciphers on a per\-destination basis. +.PP +This feature is available in Postfix 2.6 and later. With earlier Postfix +releases only the smtp_tls_mandatory_ciphers parameter is implemented, +and opportunistic TLS always uses "export" or better (i.e. all) ciphers. +.SH smtp_tls_connection_reuse (default: no) +Try to make multiple deliveries per TLS\-encrypted connection. +This uses the \fBtlsproxy\fR(8) service to encrypt an SMTP connection, +uses the \fBscache\fR(8) service to save that connection, and relies on +hints from the \fBqmgr\fR(8) daemon. +.PP +See "Client\-side +TLS connection reuse" for background details. +.PP +This feature is available in Postfix 3.4 and later. +.SH smtp_tls_dane_insecure_mx_policy (default: see "postconf \-d" output) +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. The choices are: +.IP "\fBmay\fR" +The TLSA records will be ignored and TLS will be optional. If +the MX host does not appear to support STARTTLS, or the STARTTLS +handshake fails, mail may be sent in the clear. +.br +.IP "\fBencrypt\fR" +The TLSA records will signal a requirement to use TLS. While +TLS encryption will be required, authentication will not be performed. +.br +.IP "\fBdane\fR" +The TLSA records will be used just as with "secure" MX records. +TLS encryption will be required, and, if at least one of the TLSA +records is "usable", authentication will be required. When +authentication succeeds, it will be logged only as "Trusted", not +"Verified", because the MX host name could have been forged. +.br +.br +The default setting for Postfix >= 3.6 is "dane" with +"smtp_tls_security_level = dane", otherwise "may". This behavior +was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21. +With earlier Postfix versions the default setting was always "dane". +.PP +Though with "insecure" MX records an active attacker can +compromise SMTP transport security by returning forged MX records, +such attacks are "tamper\-evident" since any forged MX hostnames +will be recorded in the mail logs. Attackers who place a high value +on staying hidden may be deterred from forging MX records. +.PP +This feature is available in Postfix 3.1 and later. The \fBmay\fR +policy is backwards\-compatible with earlier Postfix versions. +.SH smtp_tls_dcert_file (default: empty) +File with the Postfix SMTP client DSA certificate in PEM format. +This file may also contain the Postfix SMTP client private DSA key. +The DSA algorithm is obsolete and should not be used. +.PP +See the discussion under smtp_tls_cert_file for more details. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_dcert_file = /etc/postfix/client\-dsa.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_dkey_file (default: $smtp_tls_dcert_file) +File with the Postfix SMTP client DSA private key in PEM format. +This file may be combined with the Postfix SMTP client DSA certificate +file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete +and should not be used. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_eccert_file (default: empty) +File with the Postfix SMTP client ECDSA certificate in PEM format. +This file may also contain the Postfix SMTP client ECDSA private key. +With Postfix >= 3.4 the preferred way to configure client keys and +certificates is via the "smtp_tls_chain_files" parameter. +.PP +See the discussion under smtp_tls_cert_file for more details. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_eccert_file = /etc/postfix/ecdsa\-ccert.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file) +File with the Postfix SMTP client ECDSA private key in PEM format. +This file may be combined with the Postfix SMTP client ECDSA certificate +file specified with $smtp_tls_eccert_file. With Postfix >= 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH smtp_tls_enforce_peername (default: yes) +With mandatory TLS encryption, require that the remote SMTP +server hostname matches the information in the remote SMTP server +certificate. As of RFC 2487 the requirements for hostname checking +for MTA clients are not specified. +.PP +This option can be set to "no" to disable strict peer name +checking. This setting has no effect on sessions that are controlled +via the smtp_tls_per_site table. +.PP +Disabling the hostname verification can make sense in a closed +environment where special CAs are created. If not used carefully, +this option opens the danger of a "man\-in\-the\-middle" attack (the +CommonName of this attacker will be logged). +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtp_tls_security_level instead. +.SH smtp_tls_exclude_ciphers (default: empty) +List of ciphers or cipher types to exclude from the Postfix +SMTP client cipher +list at all TLS security levels. This is not an OpenSSL cipherlist, it is +a simple list separated by whitespace and/or commas. The elements are a +single cipher, or one or more "+" separated cipher properties, in which +case only ciphers matching \fBall\fR the properties are excluded. +.PP +Examples (some of these will cause problems): +.sp +.in +4 +.nf +.na +.ft C +smtp_tls_exclude_ciphers = aNULL +smtp_tls_exclude_ciphers = MD5, DES +smtp_tls_exclude_ciphers = DES+MD5 +smtp_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5 +smtp_tls_exclude_ciphers = kEDH+aRSA +.fi +.ad +.ft R +.in -4 +.PP +The first setting disables anonymous ciphers. The next setting +disables ciphers that use the MD5 digest algorithm or the (single) DES +encryption algorithm. The next setting disables ciphers that use MD5 and +DES together. The next setting disables the two ciphers "AES256\-SHA" +and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH" +key exchange with RSA authentication. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_fingerprint_cert_match (default: empty) +List of acceptable remote SMTP server certificate fingerprints for +the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = +fingerprint). At this security level, Certification Authorities are not +used, and certificate expiration times are ignored. Instead, server +certificates are verified directly via their certificate fingerprint +or public key fingerprint (Postfix 2.9 and later). The fingerprint +is a message digest of the server certificate (or public key). The +digest algorithm is selected via the \fBsmtp_tls_fingerprint_digest\fR +parameter. +.PP +The colons between each pair of nibbles in the fingerprint value +are optional (Postfix >= 3.6). These were required in earlier +Postfix releases. +.PP +When an \fBsmtp_tls_policy_maps\fR table entry specifies the +"fingerprint" security level, any "match" attributes in that entry specify +the list of valid fingerprints for the corresponding destination. Multiple +fingerprints can be combined with a "|" delimiter in a single match +attribute, or multiple match attributes can be employed. +.PP +Example: Certificate fingerprint verification with internal mailhub. +Two matching fingerprints are listed. The relayhost may be multiple +physical hosts behind a load\-balancer, each with its own private/public +key and self\-signed certificate. Alternatively, a single relayhost may +be in the process of switching from one set of private/public keys to +another, and both keys are trusted just prior to the transition. +.sp +.in +4 +.nf +.na +.ft C +relayhost = [mailhub.example.com] +smtp_tls_security_level = fingerprint +smtp_tls_fingerprint_digest = sha256 +smtp_tls_fingerprint_cert_match = + cd:fc:d8:db:f8:c4:82:96:6c:...:28:71:e8:f5:8d:a5:0d:9b:d4:a6 + dd:5c:ef:f5:c3:bc:64:25:36:...:99:36:06:ce:40:ef:de:2e:ad:a4 +.fi +.ad +.ft R +.in -4 +.PP +Example: Certificate fingerprint verification with selected destinations. +As in the example above, we show two matching fingerprints: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_policy_maps = hash:/etc/postfix/tls_policy + smtp_tls_fingerprint_digest = sha256 +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/tls_policy: + example.com fingerprint + match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76 + match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_tls_fingerprint_digest (default: see "postconf \-d" output) +The message digest algorithm used to construct remote SMTP server +certificate fingerprints. At the "fingerprint" TLS security level +(\fBsmtp_tls_security_level\fR = fingerprint), the server certificate is +verified by directly matching its certificate fingerprint or its public +key fingerprint (Postfix 2.9 and later). The fingerprint is the +message digest of the server certificate (or its public key) +using the selected +algorithm. With a digest algorithm resistant to "second pre\-image" +attacks, it is not feasible to create a new public key and a matching +certificate (or public/private key\-pair) that has the same fingerprint. +.PP +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. +.PP +The best\-practice algorithm is now \fBsha256\fR. Recent advances in hash +function cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" attacks +against the older algorithms, their use in this context, though not +recommended, is still likely safe. +.PP +While additional digest algorithms are often available with OpenSSL's +libcrypto, only those used by libssl in SSL cipher suites are available to +Postfix. You'll likely find support for md5, sha1, sha256 and sha512. +.PP +To find the fingerprint of a specific certificate file, with a +specific digest algorithm, run: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem +.fi +.ad +.ft R +.in -4 +.PP +The text to the right of the "=" sign is the desired fingerprint. +For example: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-noout \-fingerprint \-sha256 \-in cert.pem +SHA256 Fingerprint=D4:6A:AB:19:24:...:BB:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A +.fi +.ad +.ft R +.in -4 +.PP +To extract the public key fingerprint from an X.509 certificate, +you need to extract the public key from the certificate and compute +the appropriate digest of its DER (ASN.1) encoding. With OpenSSL +the "\-pubkey" option of the "x509" command extracts the public +key always in "PEM" format. We pipe the result to another OpenSSL +command that converts the key to DER and then to the "dgst" command +to compute the fingerprint. +.PP +The actual command to transform the key to DER format depends on the +version of OpenSSL used. As of OpenSSL 1.0.0, the "pkey" command supports +all key types. +.sp +.in +4 +.nf +.na +.ft C +# OpenSSL >= 1.0 with SHA\-256 fingerprints. +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl pkey \-pubin \-outform DER | + openssl dgst \-sha256 \-c +(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:...:fc:09:1a:61:98:b5:bc:7c:60:58 +.fi +.ad +.ft R +.in -4 +.PP +The Postfix SMTP server and client log the peer (leaf) certificate +fingerprint and the public key fingerprint when the TLS loglevel is 2 or +higher. +.PP +This feature is available in Postfix 2.5 and later. +.SH smtp_tls_force_insecure_host_tlsa_lookup (default: no) +Lookup the associated DANE TLSA RRset even when a hostname is +not an alias and its address records lie in an unsigned zone. This +is unlikely to ever yield DNSSEC validated results, since child +zones of unsigned zones are also unsigned in the absence of DLV or +locally configured non\-root trust\-anchors. We anticipate that such +mechanisms will not be used for just the "_tcp" subdomain of a host. +Suppressing the TLSA RRset lookup reduces latency and avoids potential +interoperability problems with nameservers for unsigned zones that +are not prepared to handle the new TLSA RRset. +.PP +This feature is available in Postfix 2.11. +.SH smtp_tls_key_file (default: $smtp_tls_cert_file) +File with the Postfix SMTP client RSA private key in PEM format. +This file may be combined with the Postfix SMTP client RSA certificate +file specified with $smtp_tls_cert_file. With Postfix >= 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_key_file = $smtp_tls_cert_file +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_loglevel (default: 0) +Enable additional Postfix SMTP client logging of TLS activity. +Each logging level also includes the information that is logged at +a lower logging level. +.IP "" +0 Disable logging of TLS activity. +.br +.IP "" +1 Log only a summary message on TLS handshake completion +- no logging of remote SMTP server certificate trust\-chain +verification errors if server certificate verification is not required. +With Postfix 2.8 and earlier, log the summary message and unconditionally +log trust\-chain verification errors. +.br +.IP "" +2 Also log levels during TLS negotiation. +.br +.IP "" +3 Also log the hexadecimal and ASCII dump of the +TLS negotiation process. +.br +.IP "" +4 Also log the hexadecimal and ASCII dump of complete +transmission after STARTTLS. +.br +.br +.PP +Do not use "smtp_tls_loglevel = 2" or higher except in case of +problems. Use of loglevel 4 is strongly discouraged. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_mandatory_ciphers (default: medium) +The minimum TLS cipher grade that the Postfix SMTP client will +use with +mandatory TLS encryption. The default value "medium" is suitable +for most destinations with which you may want to enforce TLS, and +is beyond the reach of today's cryptanalytic methods. See +smtp_tls_policy_maps for information on how to configure ciphers +on a per\-destination basis. +.PP +The following cipher grades are supported: +.IP "\fBexport\fR" +Enable "EXPORT" grade or better OpenSSL ciphers. The underlying +cipherlist is specified via the tls_export_cipherlist configuration +parameter, which you are strongly encouraged not to change. This +choice is insecure and SHOULD NOT be used. +.br +.IP "\fBlow\fR" +Enable "LOW" grade or better OpenSSL ciphers. The underlying +cipherlist is specified via the tls_low_cipherlist configuration +parameter, which you are strongly encouraged not to change. This +choice is insecure and SHOULD NOT be used. +.br +.IP "\fBmedium\fR" +Enable "MEDIUM" grade or better OpenSSL ciphers. +The underlying cipherlist is specified via the tls_medium_cipherlist +configuration parameter, which you are strongly encouraged not to change. +.br +.IP "\fBhigh\fR" +Enable only "HIGH" grade OpenSSL ciphers. This setting may +be appropriate when all mandatory TLS destinations (e.g. when all +mail is routed to a suitably capable relayhost) support at least one +"HIGH" grade cipher. The underlying cipherlist is specified via the +tls_high_cipherlist configuration parameter, which you are strongly +encouraged not to change. +.br +.IP "\fBnull\fR" +Enable only the "NULL" OpenSSL ciphers, these provide authentication +without encryption. This setting is only appropriate in the rare case +that all servers are prepared to use NULL ciphers (not normally enabled +in TLS servers). A plausible use\-case is an LMTP server listening on a +UNIX\-domain socket that is configured to support "NULL" ciphers. The +underlying cipherlist is specified via the tls_null_cipherlist +configuration parameter, which you are strongly encouraged not to +change. +.br +.br +.PP +The underlying cipherlists for grades other than "null" include +anonymous ciphers, but these are automatically filtered out if the +Postfix SMTP client is configured to verify server certificates. +You are very unlikely to need to take any steps to exclude anonymous +ciphers, they are excluded automatically as necessary. If you must +exclude anonymous ciphers at the "may" or "encrypt" security levels, +when the Postfix SMTP client does not need or use peer certificates, set +"smtp_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only when +TLS is enforced, set "smtp_tls_mandatory_exclude_ciphers = aNULL". +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_mandatory_exclude_ciphers (default: empty) +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP client cipher list at mandatory TLS security levels. This list +works in addition to the exclusions listed with smtp_tls_exclude_ciphers +(see there for syntax details). +.PP +Starting with Postfix 2.6, the mandatory cipher exclusions can be +specified on a per\-destination basis via the TLS policy "exclude" +attribute. See smtp_tls_policy_maps for notes and examples. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_mandatory_protocols (default: see "postconf \-d" output) +TLS protocols that the Postfix SMTP client will use with mandatory +TLS encryption. In main.cf the values are separated by whitespace, +commas or colons. In the policy table "protocols" attribute (see +smtp_tls_policy_maps) the only valid separator is colon. An empty value +means allow all protocols. +.PP +The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2", +"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with +Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as +the lowest supported TLS protocol version (see below). Older releases +use the "!" exclusion syntax, also described below. +.PP +As of Postfix 3.6, the preferred way to limit the range of +acceptable protocols is to set a lowest acceptable TLS protocol version +and/or a highest acceptable TLS protocol version. To set the lower +bound include an element of the form: ">=\fIversion\fR" where +\fIversion\fR is a either one of the TLS protocol names listed above, +or a hexadecimal number corresponding to the desired TLS protocol +version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper +bound, use "<=\fIversion\fR". There must be no whitespace between +the ">=" or "<=" symbols and the protocol name or number. +.PP +Hexadecimal protocol numbers make it possible to specify protocol +bounds for TLS versions that are known to OpenSSL, but might not be +known to Postfix. They cannot be used with the legacy exclusion syntax. +Leading "0" or "0x" prefixes are supported, but not required. +Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to +"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the +upper or lower bound, and a warning will be logged. Hexadecimal +versions should only be used when Postfix is linked with some future +version of OpenSSL that supports TLS 1.4 or later, but Postfix does not +yet support a symbolic name for that protocol version. +.PP +Hexadecimal example (Postfix >= 3.6): +.sp +.in +4 +.nf +.na +.ft C +# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported +# in some future version of OpenSSL (presently a warning is logged). +smtp_tls_mandatory_protocols = >=TLSv1.2, <=0305 +# Allow only TLS 1.2 and up: +smtp_tls_mandatory_protocols = >=0x0303 +.fi +.ad +.ft R +.in -4 +.PP +With Postfix < 3.6 there is no support for a minimum or maximum +version, and the protocol range is configured via protocol exclusions. +To require at least TLS 1.0, set "smtp_tls_mandatory_protocols = !SSLv2, +!SSLv3". Listing the protocols to include, rather than the protocols to +exclude, is supported, but not recommended. The exclusion syntax more +accurately matches the underlying OpenSSL interface. +.PP +When using the exclusion syntax, take care to ensure that the range +of protocols supported by the Postfix SMTP client is contiguous. When +a protocol version is enabled, disabling any higher version implicitly +disables all versions above that higher version. Thus, for example: +.sp +.in +4 +.nf +.na +.ft C +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1.1 +.fi +.ad +.ft R +.in -4 +.PP +also disables any protocol versions higher than TLSv1.1 leaving +only "TLSv1" enabled. +.PP +Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling +this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch +releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2). +.PP +While the vast majority of SMTP servers with DANE TLSA records now +support at least TLS 1.2, a few still only support TLS 1.0. If you use +"dane" or "dane\-only" it is best not to disable TLSv1, except perhaps +via the policy table for destinations which you are sure will support +"TLSv1.2". +.PP +See the documentation of the smtp_tls_policy_maps parameter and +TLS_README for more information about security levels. +.PP +Example: +.nf +.na +.ft C +# Preferred syntax with Postfix >= 3.6: +smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3 +# Legacy syntax: +smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_note_starttls_offer (default: no) +Log the hostname of a remote SMTP server that offers STARTTLS, +when TLS is not already enabled for that server. +.PP +The logfile record looks like: +.PP +.nf +.na +.ft C +postfix/smtp[pid]: Host offered STARTTLS: [name.of.host] +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_per_site (default: empty) +Optional lookup tables with the Postfix SMTP client TLS usage +policy by next\-hop destination and by remote SMTP server hostname. +When both lookups succeed, the more specific per\-site policy (NONE, +MUST, etc.) overrides the less specific one (MAY), and the more secure +per\-site policy (MUST, etc.) overrides the less secure one (NONE). +With Postfix 2.3 and later smtp_tls_per_site is strongly discouraged: +use smtp_tls_policy_maps instead. +.PP +Use of the bare hostname as the per\-site table lookup key is +discouraged. Always use the full destination nexthop (enclosed in +[] with a possible ":port" suffix). A recipient domain or MX\-enabled +transport next\-hop with no port suffix may look like a bare hostname, +but is still a suitable \fIdestination\fR. +.PP +Specify a next\-hop destination or server hostname on the left\-hand +side; no wildcards are allowed. The next\-hop destination is either +the recipient domain, or the destination specified with a \fBtransport\fR(5) +table, the relayhost parameter, or the relay_transport parameter. +On the right hand side specify one of the following keywords: +.IP "NONE" +Don't use TLS at all. This overrides a less +specific \fBMAY\fR lookup result from the alternate host or next\-hop +lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls, +and smtp_tls_enforce_peername settings. +.br +.IP "MAY" +Try to use TLS if the server announces support, +otherwise use an unencrypted connection. This has less precedence +than a more specific result (including \fBNONE\fR) from the alternate +host or next\-hop lookup key, and has less precedence than the more +specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername += yes". +.br +.IP "MUST_NOPEERMATCH" +Require TLS encryption, but do not +require that the remote SMTP server hostname matches the information +in the remote SMTP server certificate, or that the server certificate +was issued by a trusted CA. This overrides a less secure \fBNONE\fR +or a less specific \fBMAY\fR lookup result from the alternate host +or next\-hop lookup key, and overrides the global smtp_use_tls, +smtp_enforce_tls and smtp_tls_enforce_peername settings. +.br +.IP "MUST" +Require TLS encryption, require that the remote +SMTP server hostname matches the information in the remote SMTP +server certificate, and require that the remote SMTP server certificate +was issued by a trusted CA. This overrides a less secure \fBNONE\fR +or \fBMUST_NOPEERMATCH\fR or a less specific \fBMAY\fR lookup +result from the alternate host or next\-hop lookup key, and overrides +the global smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername +settings. +.br +.br +.PP +The above keywords correspond to the "none", "may", "encrypt" and +"verify" security levels for the new smtp_tls_security_level parameter +introduced in Postfix 2.3. Starting with Postfix 2.3, and independently +of how the policy is specified, the smtp_tls_mandatory_ciphers and +smtp_tls_mandatory_protocols parameters apply when TLS encryption +is mandatory. Connections for which encryption is optional typically +enable all "export" grade and better ciphers (see smtp_tls_ciphers +and smtp_tls_protocols). +.PP +As long as no secure DNS lookup mechanism is available, false +hostnames in MX or CNAME responses can change the server hostname +that Postfix uses for TLS policy lookup and server certificate +verification. Even with a perfect match between the server hostname and +the server certificate, there is no guarantee that Postfix is connected +to the right server. See TLS_README (Closing a DNS loophole with obsolete +per\-site TLS policies) for a possible work\-around. +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtp_tls_policy_maps instead. +.SH smtp_tls_policy_maps (default: empty) +Optional lookup tables with the Postfix SMTP client TLS security +policy by next\-hop destination; when a non\-empty value is specified, +this overrides the obsolete smtp_tls_per_site parameter. See +TLS_README for a more detailed discussion of TLS security levels. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +The TLS policy table is indexed by the full next\-hop destination, +which is either the recipient domain, or the verbatim next\-hop +specified in the transport table, $local_transport, $virtual_transport, +$relay_transport or $default_transport. This includes any enclosing +square brackets and any non\-default destination server port suffix. The +LMTP socket type prefix (inet: or unix:) is not included in the lookup +key. +.PP +Only the next\-hop domain, or $myhostname with LMTP over UNIX\-domain +sockets, is used as the nexthop name for certificate verification. The +port and any enclosing square brackets are used in the table lookup key, +but are not used for server name verification. +.PP +When the lookup key is a domain name without enclosing square brackets +or any \fI:port\fR suffix (typically the recipient domain), and the full +domain is not found in the table, just as with the \fBtransport\fR(5) table, +the parent domain starting with a leading "." is matched recursively. This +allows one to specify a security policy for a recipient domain and all +its sub\-domains. +.PP +The lookup result is a security level, followed by an optional list +of whitespace and/or comma separated name=value attributes that override +related main.cf settings. The TLS security levels in order of increasing +security are: +.IP "\fBnone\fR" +No TLS. No additional attributes are supported at this level. +.br +.IP "\fBmay\fR" +Opportunistic TLS. Since sending in the clear is acceptable, +demanding stronger than default TLS security merely reduces +interoperability. The optional "ciphers", "exclude", and "protocols" +attributes (available for opportunistic TLS with Postfix >= 2.6) +and "connection_reuse" attribute (Postfix >= 3.4) override the +"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", "smtp_tls_protocols", +and +"smtp_tls_connection_reuse" configuration parameters. In the policy table, +multiple ciphers, protocols or excluded ciphers must be separated by colons, +as attribute values may not contain whitespace or commas. When opportunistic +TLS handshakes fail, Postfix retries the connection with TLS disabled. +This allows mail delivery to sites with non\-interoperable TLS +implementations. +.br +.IP "\fBencrypt\fR" +Mandatory TLS encryption. At this level +and higher, the optional "protocols" attribute overrides the main.cf +smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute +overrides the main.cf smtp_tls_mandatory_ciphers parameter, the +optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf +smtp_tls_mandatory_exclude_ciphers parameter, and the optional +"connection_reuse" attribute (Postfix >= 3.4) overrides the +main.cf smtp_tls_connection_reuse parameter. In the policy table, +multiple ciphers, protocols or excluded ciphers must be separated by colons, +as attribute values may not contain whitespace or commas. +.br +.IP "\fBdane\fR" +Opportunistic DANE TLS. The TLS policy for the destination is +obtained via TLSA records in DNSSEC. If no TLSA records are found, +the effective security level used is may. If TLSA records are +found, but none are usable, the effective security level is encrypt. When usable +TLSA records are obtained for the remote SMTP server, the +server certificate must match the TLSA records. RFC 7672 (DANE) +TLS authentication and DNSSEC support is available with Postfix +2.11 and later. The optional "connection_reuse" attribute (Postfix +>= 3.4) overrides the main.cf smtp_tls_connection_reuse parameter. +When the effective security level used is may, the optional "ciphers", +"exclude", and "protocols" attributes (Postfix >= 2.6) override the +"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", and "smtp_tls_protocols" +configuration parameters. +When the effective security level used is encrypt, the optional "ciphers", +"exclude", and "protocols" attributes (Postfix >= 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. +.br +.IP "\fBdane\-only\fR" +Mandatory DANE TLS. The TLS policy for the destination is +obtained via TLSA records in DNSSEC. If no TLSA records are found, +or none are usable, no connection is made to the server. When +usable TLSA records are obtained for the remote SMTP server, the +server certificate must match the TLSA records. RFC 7672 (DANE) TLS +authentication and DNSSEC support is available with Postfix 2.11 +and later. The optional "ciphers", "exclude", and "protocols" attributes +(Postfix >= 2.6) override the "smtp_tls_mandatory_ciphers", +"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" +configuration parameters. The optional "connection_reuse" attribute +(Postfix >= 3.4) overrides the main.cf smtp_tls_connection_reuse parameter. +.br +.IP "\fBfingerprint\fR" +Certificate fingerprint +verification. Available with Postfix 2.5 and later. At this security +level, there are no trusted Certification Authorities. The certificate +trust chain, expiration date, ... are not checked. Instead, +the optional "match" attribute, or else the main.cf +\fBsmtp_tls_fingerprint_cert_match\fR parameter, lists the certificate +fingerprints or the public key fingerprint (Postfix 2.9 and later) +of the valid server certificate. The digest +algorithm used to calculate the fingerprint is selected by the +\fBsmtp_tls_fingerprint_digest\fR parameter. Multiple fingerprints can +be combined with a "|" delimiter in a single match attribute, or multiple +match attributes can be employed. The ":" character is not used as a +delimiter as it occurs between each pair of fingerprint (hexadecimal) +digits. The optional "ciphers", "exclude", and "protocols" attributes +(Postfix >= 2.6) override the "smtp_tls_mandatory_ciphers", +"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" +configuration parameters. The optional "connection_reuse" attribute +(Postfix >= 3.4) overrides the main.cf smtp_tls_connection_reuse +parameter. +.br +.IP "\fBverify\fR" +Mandatory TLS verification. At this security +level, DNS MX lookups are trusted to be secure enough, and the name +verified in the server certificate is usually obtained indirectly via +unauthenticated DNS MX lookups. The optional "match" attribute overrides +the main.cf smtp_tls_verify_cert_match parameter. In the policy table, +multiple match patterns and strategies must be separated by colons. +In practice explicit control over matching is more common with the +"secure" policy, described below. The optional "ciphers", "exclude", +and "protocols" attributes (Postfix >= 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. The optional +"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. +.br +.IP "\fBsecure\fR" +Secure\-channel TLS. At this security level, DNS +MX lookups, though potentially used to determine the candidate next\-hop +gateway IP addresses, are \fBnot\fR trusted to be secure enough for TLS +peername verification. Instead, the default name verified in the server +certificate is obtained directly from the next\-hop, or is explicitly +specified via the optional "match" attribute which overrides the +main.cf smtp_tls_secure_cert_match parameter. In the policy table, +multiple match patterns and strategies must be separated by colons. +The match attribute is most useful when multiple domains are supported by +a common server: the policy entries for additional domains specify matching +rules for the primary domain certificate. While transport table overrides +that route the secondary domains to the primary nexthop also allow secure +verification, they risk delivery to the wrong destination when domains +change hands or are re\-assigned to new gateways. With the "match" +attribute approach, routing is not perturbed, and mail is deferred if +verification of a new MX host fails. The optional "ciphers", "exclude", +and "protocols" attributes (Postfix >= 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. The optional +"connection_reuse" attribute (Postfix >= 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. +.br +.br +.PP +Example: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_policy_maps = hash:/etc/postfix/tls_policy + # Postfix 2.5 and later. + # + # The default digest is sha256 with Postfix >= 3.6 and + # compatibility level >= 3. + # + smtp_tls_fingerprint_digest = sha256 +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/tls_policy: + example.edu none + example.mil may + example.gov encrypt protocols=TLSv1 + example.com verify ciphers=high + example.net secure + .example.net secure match=.example.net:example.net + [mail.example.org]:587 secure match=nexthop + # Postfix 2.5 and later + [thumb.example.org] fingerprint + match=b6:b4:72:34:e2:59:cd:...:c2:ca:63:0d:4d:cc:2c:7d:84:de:e6:2f + match=51:e9:af:2e:1e:40:1f:...:64:0a:30:35:2d:09:16:31:5a:eb:82:76 +.fi +.ad +.ft R +.PP +\fBNote:\fR The "hostname" strategy if listed in a non\-default +setting of smtp_tls_secure_cert_match or in the "match" attribute +in the policy table can render the "secure" level vulnerable to +DNS forgery. Do not use the "hostname" strategy for secure\-channel +configurations in environments where DNS security is not assured. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_protocols (default: see postconf \-d output) +TLS protocols that the Postfix SMTP client will use with +opportunistic TLS encryption. In main.cf the values are separated by +whitespace, commas or colons. In the policy table "protocols" attribute +(see smtp_tls_policy_maps) the only valid separator is colon. An empty +value means allow all protocols. +.PP +The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2", +"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with +Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as +the lowest supported TLS protocol version (see below). Older releases +use the "!" exclusion syntax, also described below. +.PP +As of Postfix 3.6, the preferred way to limit the range of +acceptable protocols is to set the lowest acceptable TLS protocol +version and/or the highest acceptable TLS protocol version. To set the +lower bound include an element of the form: ">=\fIversion\fR" where +\fIversion\fR is either one of the TLS protocol names listed above, +or a hexadecimal number corresponding to the desired TLS protocol +version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper +bound, use "<=\fIversion\fR". There must be no whitespace between +the ">=" or "<=" symbols and the protocol name or number. +.PP +Hexadecimal protocol numbers make it possible to specify protocol +bounds for TLS versions that are known to OpenSSL, but might not be +known to Postfix. They cannot be used with the legacy exclusion syntax. +Leading "0" or "0x" prefixes are supported, but not required. +Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to +"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the +upper or lower bound, and a warning will be logged. Hexadecimal +versions should only be used when Postfix is linked with some future +version of OpenSSL that supports TLS 1.4 or later, but Postfix does not +yet support a symbolic name for that protocol version. +.PP +Hexadecimal example (Postfix >= 3.6): +.sp +.in +4 +.nf +.na +.ft C +# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported +# in some future version of OpenSSL (presently a warning is logged). +smtp_tls_protocols = >=TLSv1, <=0305 +# Allow only TLS 1.0 and up: +smtp_tls_protocols = >=0x0301 +.fi +.ad +.ft R +.in -4 +.PP +With Postfix < 3.6 there is no support for a minimum or maximum +version, and the protocol range is configured via protocol exclusions. +To require at least TLS 1.0, set "smtp_tls_protocols = !SSLv2, !SSLv3". +Listing the protocols to include, rather than protocols to exclude, is +supported, but not recommended. The exclusion form more accurately +matches the underlying OpenSSL interface. +.PP +When using the exclusion syntax, take care to ensure that the range of +protocols advertised by an SSL/TLS client is contiguous. When a protocol +version is enabled, disabling any higher version implicitly disables all +versions above that higher version. Thus, for example: +.sp +.in +4 +.nf +.na +.ft C +smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1.1 +.fi +.ad +.ft R +.in -4 +also disables any protocols version higher than TLSv1.1 leaving +only "TLSv1" enabled. +.PP +Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling +this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch +releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2). +.PP +Example: +.nf +.na +.ft C +# Preferred syntax with Postfix >= 3.6: +smtp_tls_protocols = >=TLSv1, <=TLSv1.3 +# Legacy syntax: +smtp_tls_protocols = !SSLv2, !SSLv3 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later. +.SH smtp_tls_scert_verifydepth (default: 9) +The verification depth for remote SMTP server certificates. A depth +of 1 is sufficient if the issuing CA is listed in a local CA file. +.PP +The default verification depth is 9 (the OpenSSL default) for +compatibility with earlier Postfix behavior. Prior to Postfix 2.5, +the default value was 5, but the limit was not actually enforced. If +you have set this to a lower non\-default value, certificates with longer +trust chains may now fail to verify. Certificate chains with 1 or 2 +CAs are common, deeper chains are more rare and any number between 5 +and 9 should suffice in practice. You can choose a lower number if, +for example, you trust certificates directly signed by an issuing CA +but not any CAs it delegates to. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_secure_cert_match (default: nexthop, dot\-nexthop) +How the Postfix SMTP client verifies the server certificate +peername for the "secure" TLS security level. In a "secure" TLS policy table +($smtp_tls_policy_maps) entry the optional "match" attribute +overrides this main.cf setting. +.PP +This parameter specifies one or more patterns or strategies separated +by commas, whitespace or colons. In the policy table the only valid +separator is the colon character. +.PP +For a description of the pattern and strategy syntax see the +smtp_tls_verify_cert_match parameter. The "hostname" strategy should +be avoided in this context, as in the absence of a secure global DNS, using +the results of MX lookups in certificate verification is not immune to active +(man\-in\-the\-middle) attacks on DNS. +.PP +Sample main.cf setting: +.sp +.in +4 +.nf +.na +.ft C +smtp_tls_secure_cert_match = nexthop +.fi +.ad +.ft R +.in -4 +.PP +Sample policy table override: +.sp +.in +4 +.nf +.na +.ft C +example.net secure match=example.com:.example.com +\&.example.net secure match=example.com:.example.com +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_security_level (default: empty) +The default SMTP TLS security level for the Postfix SMTP client. +When a non\-empty value is specified, this overrides the obsolete +parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername; +when no value is specified for smtp_tls_enforce_peername or the obsolete +parameters, the default SMTP TLS security level is +none. +.PP +Specify one of the following security levels: +.IP "\fBnone\fR" +No TLS. TLS will not be used unless enabled for specific +destinations via smtp_tls_policy_maps. +.br +.IP "\fBmay\fR" +Opportunistic TLS. Use TLS if this is supported by the remote +SMTP server, otherwise use plaintext. Since +sending in the clear is acceptable, demanding stronger than default TLS +security merely reduces interoperability. +The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6) +configuration parameters provide control over the protocols and +cipher grade used with opportunistic TLS. With earlier releases the +opportunistic TLS cipher grade is always "export" and no protocols +are disabled. +When TLS handshakes fail, the connection is retried with TLS disabled. +This allows mail delivery to sites with non\-interoperable TLS +implementations. +.br +.IP "\fBencrypt\fR" +Mandatory TLS encryption. Since a minimum +level of security is intended, it is reasonable to be specific about +sufficiently secure protocol versions and ciphers. At this security level +and higher, the main.cf parameters smtp_tls_mandatory_protocols and +smtp_tls_mandatory_ciphers specify the TLS protocols and minimum +cipher grade which the administrator considers secure enough for +mandatory encrypted sessions. This security level is not an appropriate +default for systems delivering mail to the Internet. +.br +.IP "\fBdane\fR" +Opportunistic DANE TLS. At this security level, the TLS policy +for the destination is obtained via DNSSEC. For TLSA policy to be +in effect, the destination domain's containing DNS zone must be +signed and the Postfix SMTP client's operating system must be +configured to send its DNS queries to a recursive DNS nameserver +that is able to validate the signed records. Each MX host's DNS +zone should also be signed, and should publish DANE TLSA (RFC 7672) +records that specify how that MX host's TLS certificate is to be +verified. TLSA records do not preempt the normal SMTP MX host +selection algorithm, if some MX hosts support TLSA and others do +not, TLS security will vary from delivery to delivery. It is up +to the domain owner to configure their MX hosts and their DNS +sensibly. To configure the Postfix SMTP client for DNSSEC lookups +see the documentation for the smtp_dns_support_level main.cf +parameter. When DNSSEC\-validated TLSA records are not found the +effective tls security level is "may". When TLSA records are found, +but are all unusable the effective security level is "encrypt". For +purposes of protocol and cipher selection, the "dane" security level +is treated like a "mandatory" TLS security level, and weak ciphers +and protocols are disabled. Since DANE authenticates server +certificates the "aNULL" cipher\-suites are transparently excluded +at this level, no need to configure this manually. RFC 7672 (DANE) +TLS authentication is available with Postfix 2.11 and later. +.br +.IP "\fBdane\-only\fR" +Mandatory DANE TLS. This is just like "dane" above, but DANE +TLSA authentication is required. There is no fallback to "may" or +"encrypt" when TLSA records are missing or unusable. RFC 7672 +(DANE) TLS authentication is available with Postfix 2.11 and later. +.br +.IP "\fBfingerprint\fR" +Certificate fingerprint verification. +At this security level, there are no trusted Certification Authorities. +The certificate trust chain, expiration date, etc., are +not checked. Instead, the \fBsmtp_tls_fingerprint_cert_match\fR +parameter lists the certificate fingerprint or public key fingerprint +(Postfix 2.9 and later) of the valid server certificate. The digest +algorithm used to calculate the fingerprint is selected by the +\fBsmtp_tls_fingerprint_digest\fR parameter. Available with Postfix +2.5 and later. +.br +.IP "\fBverify\fR" +Mandatory TLS verification. At this security +level, DNS MX lookups are trusted to be secure enough, and the name +verified in the server certificate is usually obtained indirectly +via unauthenticated DNS MX lookups. The smtp_tls_verify_cert_match +parameter controls how the server name is verified. In practice explicit +control over matching is more common at the "secure" level, described +below. This security level is not an appropriate default for systems +delivering mail to the Internet. +.br +.IP "\fBsecure\fR" +Secure\-channel TLS. At this security level, +DNS MX lookups, though potentially used to determine the candidate +next\-hop gateway IP addresses, are \fBnot\fR trusted to be secure enough +for TLS peername verification. Instead, the default name verified in +the server certificate is obtained from the next\-hop domain as specified +in the smtp_tls_secure_cert_match configuration parameter. The default +matching rule is that a server certificate matches when its name is equal +to or is a sub\-domain of the nexthop domain. This security level is not +an appropriate default for systems delivering mail to the Internet. +.br +.br +.PP +Examples: +.PP +.nf +.na +.ft C +# No TLS. Formerly: smtp_use_tls=no and smtp_enforce_tls=no. +smtp_tls_security_level = none +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Opportunistic TLS. +smtp_tls_security_level = may +# Do not tweak opportunistic ciphers or protocols unless it is essential +# to do so (if a security vulnerability is found in the SSL library that +# can be mitigated by disabling a particular protocol or raising the +# cipher grade). +smtp_tls_ciphers = medium +smtp_tls_protocols = >=TLSv1 +# Legacy (Postfix < 3.6) syntax: +smtp_tls_protocols = !SSLv2, !SSLv3 +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Mandatory (high\-grade) TLS encryption. +smtp_tls_security_level = encrypt +smtp_tls_mandatory_ciphers = high +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Authenticated TLS 1.2 or better matching the nexthop domain or a +# subdomain. +smtp_tls_security_level = secure +smtp_tls_mandatory_ciphers = high +smtp_tls_mandatory_protocols = >=TLSv1.2 +smtp_tls_secure_cert_match = nexthop, dot\-nexthop +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# Certificate fingerprint verification (Postfix >= 2.5). +# The CA\-less "fingerprint" security level only scales to a limited +# number of destinations. As a global default rather than a per\-site +# setting, this is practical only when mail for all recipients is sent +# to a central mail hub. +relayhost = [mailhub.example.com] +smtp_tls_security_level = fingerprint +smtp_tls_mandatory_protocols = >=TLSv1.2 +smtp_tls_mandatory_ciphers = high +smtp_tls_fingerprint_cert_match = + 3D:95:34:51:...:40:99:C0:C1 + EC:3B:2D:B0:...:A3:9D:72:F6 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_servername (default: empty) +Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. The SNI extension is always on when +DANE is used to authenticate the server, and in that case the SNI name +sent is the one required by RFC7672 and this parameter is ignored. +.PP +Some SMTP servers use the received SNI name to select an appropriate +certificate chain to present to the client. While this may improve +interoperability with such servers, it may reduce interoperability with +other servers that choose to abort the connection when they don't have a +certificate chain configured for the requested name. Such servers +should select a default certificate chain and continue the handshake, +but some may not. Therefore, absent DANE, no SNI name is sent by +default. +.PP +The SNI name must be either a valid DNS hostname, or else one of the +special values \fBhostname\fR or \fBnexthop\fR, which select either the +remote hostname or the nexthop domain respectively. DNS names for SNI must be +in A\-label (punycode) form. Invalid DNS names log a configuration error +warning and mail delivery is deferred. +.PP +Except when using a relayhost to forward all email, the only +sensible non\-empty main.cf setting for this parameter is +\fBhostname\fR. Other non\-empty values are only practical on a +per\-destination basis via the \fBservername\fR attribute of the Postfix +TLS policy table. When +in doubt, leave this parameter empty, and configure per\-destination SNI +as needed. +.PP +This feature is available in Postfix 3.4 and later. +.SH smtp_tls_session_cache_database (default: empty) +Name of the file containing the optional Postfix SMTP client +TLS session cache. Specify a database type that supports enumeration, +such as \fBbtree\fR or \fBsdbm\fR; there is no need to support +concurrent access. The file is created if it does not exist. The \fBsmtp\fR(8) +daemon does not use this parameter directly, rather the cache is +implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that +per\-smtp\-instance master.cf overrides of this parameter are not effective. +Note that each of the cache databases supported by \fBtlsmgr\fR(8) daemon: +$smtpd_tls_session_cache_database, $smtp_tls_session_cache_database +(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to +be stored separately. It is not at this time possible to store multiple +caches in a single database. +.PP +Note: \fBdbm\fR databases are not suitable. TLS +session objects are too large. +.PP +As of version 2.5, Postfix no longer uses root privileges when +opening this file. The file should now be stored under the Postfix\-owned +data_directory. As a migration aid, an attempt to open the file +under a non\-Postfix directory is redirected to the Postfix\-owned +data_directory, and a warning is logged. +.PP +Example: +.PP +.nf +.na +.ft C +smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_session_cache_timeout (default: 3600s) +The expiration time of Postfix SMTP client TLS session cache +information. A cache cleanup is performed periodically +every $smtp_tls_session_cache_timeout seconds. As with +$smtp_tls_session_cache_database, this parameter is implemented in the +\fBtlsmgr\fR(8) daemon and therefore per\-smtp\-instance master.cf overrides +are not possible. +.PP +As of Postfix 2.11 this setting cannot exceed 100 days. If set +<= 0, session caching is disabled. If set to a positive value +less than 2 minutes, the minimum value of 2 minutes is used instead. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH smtp_tls_trust_anchor_file (default: empty) +Zero or more PEM\-format files with trust\-anchor certificates +and/or public keys. If the parameter is not empty the root CAs in +CAfile and CApath are no longer trusted. Rather, the Postfix SMTP +client will only trust certificate\-chains signed by one of the +trust\-anchors contained in the chosen files. The specified +trust\-anchor certificates and public keys are not subject to +expiration, and need not be (self\-signed) root CAs. They may, if +desired, be intermediate certificates. Therefore, these certificates +also may be found "in the middle" of the trust chain presented by +the remote SMTP server, and any untrusted issuing parent certificates +will be ignored. Specify a list of pathnames separated by comma +or whitespace. +.PP +Whether specified in main.cf, or on a per\-destination basis, +the trust\-anchor PEM file must be accessible to the Postfix SMTP +client in the chroot jail if applicable. The trust\-anchor file +should contain only certificates and public keys, no private key +material, and must be readable by the non\-privileged $mail_owner +user. This allows destinations to be bound to a set of specific +CAs or public keys without trusting the same CAs for all destinations. +.PP +The main.cf parameter supports single\-purpose Postfix installations +that send mail to a fixed set of SMTP peers. At most sites, if +trust\-anchor files are used at all, they will be specified on a +per\-destination basis via the "tafile" attribute of the "verify" +and "secure" levels in smtp_tls_policy_maps. +.PP +The underlying mechanism is in support of RFC 7672 (DANE TLSA), +which defines mechanisms for an SMTP client MTA to securely determine +server TLS certificates via DNS. +.PP +If you want your trust anchors to be public keys, with OpenSSL +you can extract a single PEM public key from a PEM X.509 file +containing a single certificate, as follows: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-in cert.pem \-out ta\-key.pem \-noout \-pubkey +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.11 and later. +.SH smtp_tls_verify_cert_match (default: hostname) +How the Postfix SMTP client verifies the server certificate +peername for the +"verify" TLS security level. In a "verify" TLS policy table +($smtp_tls_policy_maps) entry the optional "match" attribute +overrides this main.cf setting. +.PP +This parameter specifies one or more patterns or strategies separated +by commas, whitespace or colons. In the policy table the only valid +separator is the colon character. +.PP +Patterns specify domain names, or domain name suffixes: +.IP "\fIexample.com\fR" +Match the \fIexample.com\fR domain, +i.e. one of the names in the server certificate must be \fIexample.com\fR. +Upper and lower case distinctions are ignored. +.br +.IP "\fI.example.com\fR" +Match subdomains of the \fIexample.com\fR domain, i.e. match +a name in the server certificate that consists of a non\-zero number of +labels followed by a \fI.example.com\fR suffix. Case distinctions are +ignored. +.br +.br +.PP +Strategies specify a transformation from the next\-hop domain +to the expected name in the server certificate: +.IP "nexthop" +Match against the next\-hop domain, which is either the recipient +domain, or the transport next\-hop configured for the domain stripped of +any optional socket type prefix, enclosing square brackets and trailing +port. When MX lookups are not suppressed, this is the original nexthop +domain prior to the MX lookup, not the result of the MX lookup. For +LMTP delivery via UNIX\-domain sockets, the verified next\-hop name is +$myhostname. This strategy is suitable for use with the "secure" +policy. Case is ignored. +.br +.IP "dot\-nexthop" +As above, but match server certificate names that are subdomains +of the next\-hop domain. Case is ignored. +.br +.IP "hostname" +Match against the hostname of the server, often +obtained via an unauthenticated DNS MX lookup. For LMTP delivery via +UNIX\-domain sockets, the verified name is $myhostname. This matches +the verification strategy of the "MUST" keyword in the obsolete +smtp_tls_per_site table, and is suitable for use with the "verify" +security level. When the next\-hop name is enclosed in square brackets +to suppress MX lookups, the "hostname" strategy is the same as the +"nexthop" strategy. Case is ignored. +.br +.br +.PP +Sample main.cf setting: +.PP +.nf +.na +.ft C +smtp_tls_verify_cert_match = hostname, nexthop, dot\-nexthop +.fi +.ad +.ft R +.PP +Sample policy table override: +.PP +.nf +.na +.ft C +example.com verify match=hostname:nexthop +\&.example.com verify match=example.com:.example.com:hostname +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH smtp_tls_wrappermode (default: no) +Request that the Postfix SMTP client connects using the +SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command. +.PP +This mode requires "smtp_tls_security_level = encrypt" or +stronger. +.PP +Example: deliver all remote mail via a provider's server +"mail.example.com". +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Client\-side SMTPS requires "encrypt" or stronger. + smtp_tls_security_level = encrypt + smtp_tls_wrappermode = yes + # The [] suppress MX lookups. + relayhost = [mail.example.com]:465 +.fi +.ad +.ft R +.PP +More examples are in TLS_README, including examples for older +Postfix versions. +.PP +This feature is available in Postfix 3.0 and later. +.SH smtp_use_tls (default: no) +Opportunistic mode: use TLS when a remote SMTP server announces +STARTTLS support, otherwise send the mail in the clear. Beware: +some SMTP servers offer STARTTLS even if it is not configured. With +Postfix < 2.3, if the TLS handshake fails, and no other server is +available, delivery is deferred and mail stays in the queue. If this +is a concern for you, use the smtp_tls_per_site feature instead. +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtp_tls_security_level instead. +.SH smtp_xforward_timeout (default: 300s) +The Postfix SMTP client time limit for sending the XFORWARD command, +and for receiving the remote SMTP server response. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_authorized_verp_clients (default: $authorized_verp_clients) +What remote SMTP clients are allowed to specify the XVERP command. +This command requests that mail be delivered one recipient at a +time with a per recipient return address. +.PP +By default, no clients are allowed to specify XVERP. +.PP +This parameter was renamed with Postfix version 2.1. The default value +is backwards compatible with Postfix version 2.0. +.PP +Specify a list of network/netmask patterns, separated by commas +and/or whitespace. The mask specifies the number of bits in the +network part of a host address. You can also specify hostnames or +\&.domain names (the initial dot causes the domain to match any name +below it), "/file/name" or "type:table" patterns. A "/file/name" +pattern is replaced by its contents; a "type:table" lookup table +is matched when a table entry matches a lookup string (the lookup +result is ignored). Continue long lines by starting the next line +with whitespace. Specify "!pattern" to exclude an address or network +block from the list. The form "!/file/name" is supported only in +Postfix version 2.4 and later. +.PP +Note: IP version 6 address information must be specified inside +[] in the smtpd_authorized_verp_clients value, and in +files specified with "/file/name". IP version 6 addresses contain +the ":" character, and would otherwise be confused with a "type:table" +pattern. +.SH smtpd_authorized_xclient_hosts (default: empty) +What remote SMTP clients are allowed to use the XCLIENT feature. This +command overrides remote SMTP client information that is used for access +control. Typical use is for SMTP\-based content filters, fetchmail\-like +programs, or SMTP server access rule testing. See the XCLIENT_README +document for details. +.PP +This feature is available in Postfix 2.1 and later. +.PP +By default, no clients are allowed to specify XCLIENT. +.PP +Specify a list of network/netmask patterns, separated by commas +and/or whitespace. The mask specifies the number of bits in the +network part of a host address. You can also specify hostnames or +\&.domain names (the initial dot causes the domain to match any name +below it), "/file/name" or "type:table" patterns. A "/file/name" +pattern is replaced by its contents; a "type:table" lookup table +is matched when a table entry matches a lookup string (the lookup +result is ignored). Continue long lines by starting the next line +with whitespace. Specify "!pattern" to exclude an address or network +block from the list. The form "!/file/name" is supported only in +Postfix version 2.4 and later. +.PP +Note: IP version 6 address information must be specified inside +[] in the smtpd_authorized_xclient_hosts value, and in +files specified with "/file/name". IP version 6 addresses contain +the ":" character, and would otherwise be confused with a "type:table" +pattern. +.SH smtpd_authorized_xforward_hosts (default: empty) +What remote SMTP clients are allowed to use the XFORWARD feature. This +command forwards information that is used to improve logging after +SMTP\-based content filters. See the XFORWARD_README document for +details. +.PP +This feature is available in Postfix 2.1 and later. +.PP +By default, no clients are allowed to specify XFORWARD. +.PP +Specify a list of network/netmask patterns, separated by commas +and/or whitespace. The mask specifies the number of bits in the +network part of a host address. You can also specify hostnames or +\&.domain names (the initial dot causes the domain to match any name +below it), "/file/name" or "type:table" patterns. A "/file/name" +pattern is replaced by its contents; a "type:table" lookup table +is matched when a table entry matches a lookup string (the lookup +result is ignored). Continue long lines by starting the next line +with whitespace. Specify "!pattern" to exclude an address or network +block from the list. The form "!/file/name" is supported only in +Postfix version 2.4 and later. +.PP +Note: IP version 6 address information must be specified inside +[] in the smtpd_authorized_xforward_hosts value, and in +files specified with "/file/name". IP version 6 addresses contain +the ":" character, and would otherwise be confused with a "type:table" +pattern. +.SH smtpd_banner (default: $myhostname ESMTP $mail_name) +The text that follows the 220 status code in the SMTP greeting +banner. Some people like to see the mail version advertised. By +default, Postfix shows no version. +.PP +You MUST specify $myhostname at the start of the text. This is +required by the SMTP protocol. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) +.fi +.ad +.ft R +.SH smtpd_client_auth_rate_limit (default: 0) +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +.PP +By default, there is no limit on the number of AUTH commands that a +client may send. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 3.1 and later. +.SH smtpd_client_connection_count_limit (default: 50) +How many simultaneous connections any client is allowed to +make to this service. By default, the limit is set to half +the default process limit value. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_client_connection_rate_limit (default: 0) +The maximal number of connection attempts any client is allowed to +make to this service per time unit. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +.PP +By default, a client can make as many connections per time unit as +Postfix can accept. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_client_connection_rate_limit = 1000 +.fi +.ad +.ft R +.SH smtpd_client_event_limit_exceptions (default: $mynetworks) +Clients that are excluded from smtpd_client_*_count/rate_limit +restrictions. See the mynetworks parameter +description for the parameter value syntax. +.PP +By default, clients in trusted networks are excluded. Specify a +list of network blocks, hostnames or .domain names (the initial +dot causes the domain to match any name below it). +.PP +Note: IP version 6 address information must be specified inside +[] in the smtpd_client_event_limit_exceptions value, and +in files specified with "/file/name". IP version 6 addresses +contain the ":" character, and would otherwise be confused with a +"type:table" pattern. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "smtpd_client_event_limit_exceptions" in the +parent_domain_matches_subdomains parameter value (Postfix 3.0 and +later). +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_client_message_rate_limit (default: 0) +The maximal number of message delivery requests that any client is +allowed to make to this service per time unit, regardless of whether +or not Postfix actually accepts those messages. The time unit is +specified with the anvil_rate_time_unit configuration parameter. +.PP +By default, a client can send as many message delivery requests +per time unit as Postfix can accept. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_client_message_rate_limit = 1000 +.fi +.ad +.ft R +.SH smtpd_client_new_tls_session_rate_limit (default: 0) +The maximal number of new (i.e., uncached) TLS sessions that a +remote SMTP client is allowed to negotiate with this service per +time unit. The time unit is specified with the anvil_rate_time_unit +configuration parameter. +.PP +By default, a remote SMTP client can negotiate as many new TLS +sessions per time unit as Postfix can accept. +.PP +To disable this feature, specify a limit of 0. Otherwise, specify +a limit that is at least the per\-client concurrent session limit, +or else legitimate client sessions may be rejected. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 2.3 and later. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_client_new_tls_session_rate_limit = 100 +.fi +.ad +.ft R +.SH smtpd_client_port_logging (default: no) +Enable logging of the remote SMTP client port in addition to +the hostname and IP address. The logging format is "host[address]:port". +.PP +This feature is available in Postfix 2.5 and later. +.SH smtpd_client_recipient_rate_limit (default: 0) +The maximal number of recipient addresses that any client is allowed +to send to this service per time unit, regardless of whether or not +Postfix actually accepts those recipients. The time unit is specified +with the anvil_rate_time_unit configuration parameter. +.PP +By default, a client can send as many recipient addresses per time +unit as Postfix can accept. +.PP +To disable this feature, specify a limit of 0. +.PP +WARNING: The purpose of this feature is to limit abuse. It must +not be used to regulate legitimate mail traffic. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_client_recipient_rate_limit = 1000 +.fi +.ad +.ft R +.SH smtpd_client_restrictions (default: empty) +Optional restrictions that the Postfix SMTP server applies in the +context of a client connection request. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +The default is to allow all connection requests. +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are specific to client hostname or +client network address information. +.IP "\fBcheck_ccert_access \fItype:table\fR\fR" +By default use the remote SMTP client certificate fingerprint +or the public key +fingerprint (Postfix 2.9 and later) as the lookup key for the specified +\fBaccess\fR(5) database; with Postfix version 2.2, also require that the +remote SMTP client certificate is verified successfully. +The fingerprint digest algorithm is configurable via the +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to +Postfix version 2.5). This feature requires "smtpd_tls_ask_ccert += yes" and is available with Postfix version +2.2 and later. +.br +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice +algorithm is now \fBsha256\fR. Recent advances in hash function +cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" +attacks against the older algorithms, their use in this context, though +not recommended, is still likely safe. +.br +Alternatively, check_ccert_access accepts an explicit search +order (Postfix 3.5 and later). The default search order as described +above corresponds with: +.br +check_ccert_access { type:table, { search_order = cert_fingerprint, +pubkey_fingerprint } } +.br +The commas are optional. +.br +.IP "\fBcheck_client_access \fItype:table\fR\fR" +Search the specified access database for the client hostname, +parent domains, client IP address, or networks obtained by stripping +least significant octets. See the \fBaccess\fR(5) manual page for details. +.br +.IP "\fBcheck_client_a_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the IP addresses for the +client hostname, and execute the corresponding action. Note: a result +of "OK" is not allowed for safety reasons. Instead, use DUNNO in order +to exclude specific hosts from denylists. This feature is available +in Postfix 3.0 and later. +.br +.IP "\fBcheck_client_mx_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MX hosts for the +client hostname, and execute the corresponding action. If no MX +record is found, look up A or AAAA records, just like the Postfix +SMTP client would. Note: a result +of "OK" is not allowed for safety reasons. Instead, use DUNNO in order +to exclude specific hosts from denylists. This feature is available +in Postfix 2.7 and later. +.br +.IP "\fBcheck_client_ns_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the DNS servers for +the client hostname, and execute the corresponding action. Note: a +result of "OK" is not allowed for safety reasons. Instead, use DUNNO +in order to exclude specific hosts from denylists. This feature is +available in Postfix 2.7 and later. +.br +.IP "\fBcheck_reverse_client_hostname_access \fItype:table\fR\fR" +Search the specified access database for the unverified reverse +client hostname, parent domains, client IP address, or networks +obtained by stripping least significant octets. See the \fBaccess\fR(5) +manual page for details. Note: a result of "OK" is not allowed for +safety reasons. Instead, use DUNNO in order to exclude specific +hosts from denylists. This feature is available in Postfix 2.6 +and later. +.br +.IP "\fBcheck_reverse_client_hostname_a_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the IP addresses for the +unverified reverse client hostname, and execute the corresponding +action. Note: a result of "OK" is not allowed for safety reasons. +Instead, use DUNNO in order to exclude specific hosts from denylists. +This feature is available in Postfix 3.0 and later. +.br +.IP "\fBcheck_reverse_client_hostname_mx_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MX hosts for the +unverified reverse client hostname, and execute the corresponding +action. If no MX record is found, look up A or AAAA records, just +like the Postfix SMTP client would. +Note: a result of "OK" is not allowed for safety reasons. +Instead, use DUNNO in order to exclude specific hosts from denylists. +This feature is available in Postfix 2.7 and later. +.br +.IP "\fBcheck_reverse_client_hostname_ns_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the DNS servers for +the unverified reverse client hostname, and execute the corresponding +action. Note: a result of "OK" is not allowed for safety reasons. +Instead, use DUNNO in order to exclude specific hosts from denylists. +This feature is available in Postfix 2.7 and later. +.br +.IP "\fBcheck_sasl_access \fItype:table\fR\fR" +Use the remote SMTP client SASL user name as the lookup key for +the specified \fBaccess\fR(5) database. The lookup key has the form +"username@domainname" when the smtpd_sasl_local_domain parameter +value is non\-empty. Unlike the check_client_access feature, +check_sasl_access does not perform matches of parent domains or IP +subnet ranges. This feature is available with Postfix version 2.11 +and later. +.br +.IP "\fBpermit_inet_interfaces\fR" +Permit the request when the client IP address matches +$inet_interfaces. +.br +.IP "\fBpermit_mynetworks\fR" +Permit the request when the client IP address matches any +network or network address listed in $mynetworks. +.br +.IP "\fBpermit_sasl_authenticated\fR" +Permit the request when the client is successfully +authenticated via the RFC 4954 (AUTH) protocol. +.br +.IP "\fBpermit_tls_all_clientcerts\fR" +Permit the request when the remote SMTP client certificate is +verified successfully. This option must be used only if a special +CA issues the certificates and only this CA is listed as a trusted +CA. Otherwise, clients with a third\-party certificate would also +be allowed to relay. Specify "tls_append_default_CA = no" when the +trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath, +to prevent Postfix from appending the system\-supplied default CAs. +This feature requires "smtpd_tls_ask_ccert = yes" and is available +with Postfix version 2.2 and later. +.br +.IP "\fBpermit_tls_clientcerts\fR" +Permit the request when the remote SMTP client certificate +fingerprint or public key fingerprint (Postfix 2.9 and later) is +listed in $relay_clientcerts. +The fingerprint digest algorithm is configurable via the +smtpd_tls_fingerprint_digest parameter (hard\-coded as md5 prior to +Postfix version 2.5). This feature requires "smtpd_tls_ask_ccert += yes" and is available with Postfix version 2.2 and later. +.br +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. The best\-practice +algorithm is now \fBsha256\fR. Recent advances in hash function +cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" +attacks against the older algorithms, their use in this context, though +not recommended, is still likely safe. +.br +.IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the reversed client network address is +listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR +(Postfix version 2.1 and later only). Each "\fId\fR" is a number, +or a pattern inside "[]" that contains one or more ";"\-separated +numbers or number..number ranges (Postfix version 2.8 and later). +If no "\fI=d.d.d.d\fR" is specified, reject the request when the +reversed client network address is listed with any A record under +\fIrbl_domain\fR. +.br +The maps_rbl_reject_code parameter specifies the response code for +rejected requests (default: 554), the default_rbl_reply parameter +specifies the default server reply, and the rbl_reply_maps parameter +specifies tables with server replies indexed by \fIrbl_domain\fR. +This feature is available in Postfix 2.0 and later. +.br +.IP "\fBpermit_dnswl_client \fIdnswl_domain=d.d.d.d\fR\fR" +Accept the request when the reversed client network address is +listed with the A record "\fId.d.d.d\fR" under \fIdnswl_domain\fR. +Each "\fId\fR" is a number, or a pattern inside "[]" that contains +one or more ";"\-separated numbers or number..number ranges. +If no "\fI=d.d.d.d\fR" is specified, accept the request when the +reversed client network address is listed with any A record under +\fIdnswl_domain\fR. +.br +For safety, permit_dnswl_client is silently +ignored when it would override reject_unauth_destination. The +result is DEFER_IF_REJECT when allowlist lookup fails. This feature +is available in Postfix 2.8 and later. +.br +.IP "\fBreject_rhsbl_client \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the client hostname is listed with the +A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version +2.1 and later only). Each "\fId\fR" is a number, or a pattern +inside "[]" that contains one or more ";"\-separated numbers or +number..number ranges (Postfix version 2.8 and later). If no +"\fI=d.d.d.d\fR" is specified, reject the request when the client +hostname is listed with +any A record under \fIrbl_domain\fR. See the reject_rbl_client +description above for additional RBL related configuration parameters. +This feature is available in Postfix 2.0 and later; with Postfix +version 2.8 and later, reject_rhsbl_reverse_client will usually +produce better results. +.br +.IP "\fBpermit_rhswl_client \fIrhswl_domain=d.d.d.d\fR\fR" +Accept the request when the client hostname is listed with the +A record "\fId.d.d.d\fR" under \fIrhswl_domain\fR. Each "\fId\fR" +is a number, or a pattern inside "[]" that contains one or more +";"\-separated numbers or number..number ranges. If no +"\fI=d.d.d.d\fR" is specified, accept the request when the client +hostname is listed with any A record under \fIrhswl_domain\fR. +.br +Caution: client name allowlisting is fragile, since the client +name lookup can fail due to temporary outages. Client name +allowlisting should be used only to reduce false positives in e.g. +DNS\-based blocklists, and not for making access rule exceptions. +.br +For safety, permit_rhswl_client is silently ignored when it +would override reject_unauth_destination. The result is DEFER_IF_REJECT +when allowlist lookup fails. This feature is available in Postfix +2.8 and later. +.br +.IP "\fBreject_rhsbl_reverse_client \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the unverified reverse client hostname +is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR. +Each "\fId\fR" is a number, or a pattern inside "[]" that contains +one or more ";"\-separated numbers or number..number ranges. +If no "\fI=d.d.d.d\fR" is specified, reject the request when the +unverified reverse client hostname is listed with any A record under +\fIrbl_domain\fR. See the reject_rbl_client description above for +additional RBL related configuration parameters. This feature is +available in Postfix 2.8 and later. +.br +.IP "\fBreject_unknown_client_hostname\fR (with Postfix < 2.3: reject_unknown_client)" +Reject the request when 1) the client IP address\->name mapping +fails, or 2) the name\->address mapping fails, or 3) the name\->address +mapping does not match the client IP address. +.br +This is a +stronger restriction than the reject_unknown_reverse_client_hostname +feature, which triggers only under condition 1) above. +.br +The +unknown_client_reject_code parameter specifies the response code +for rejected requests (default: 450). The reply is always 450 in +case the address\->name or name\->address lookup failed due to +a temporary problem. +.br +.IP "\fBreject_unknown_reverse_client_hostname\fR" +Reject the request when the client IP address has no address\->name +mapping. +.br +This is a weaker restriction than the +reject_unknown_client_hostname feature, which requires not only +that the address\->name and name\->address mappings exist, but +also that the two mappings reproduce the client IP address. +.br +The unknown_client_reject_code parameter specifies the response +code for rejected requests (default: 450). The reply is always 450 +in case the address\->name lookup failed due to a temporary +problem. +.br +This feature is available in Postfix 2.3 and +later. +.br +.br +.PP +In addition, you can use any of the following +generic restrictions. These restrictions are applicable in +any SMTP command context. +.IP "\fBcheck_policy_service \fIservername\fR\fR" +Query the specified policy server. See the SMTPD_POLICY_README +document for details. This feature is available in Postfix 2.1 +and later. +.br +.IP "\fBdefer\fR" +Defer the request. The client is told to try again later. This +restriction is useful at the end of a restriction list, to make +the default policy explicit. +.br +The defer_code parameter specifies +the SMTP server reply code (default: 450). +.br +.IP "\fBdefer_if_permit\fR" +Defer the request if some later restriction would result in an +explicit or implicit PERMIT action. This is useful when a denylisting +feature fails due to a temporary problem. This feature is available +in Postfix version 2.1 and later. +.br +.IP "\fBdefer_if_reject\fR" +Defer the request if some later restriction would result in a +REJECT action. This is useful when an allowlisting feature fails +due to a temporary problem. This feature is available in Postfix +version 2.1 and later. +.br +.IP "\fBpermit\fR" +Permit the request. This restriction is useful at the end of +a restriction list, to make the default policy explicit. +.br +.IP "\fBreject_multi_recipient_bounce\fR" +Reject the request when the envelope sender is the null address, +and the message has multiple envelope recipients. This usage has +rare but legitimate applications: under certain conditions, +multi\-recipient mail that was posted with the DSN option NOTIFY=NEVER +may be forwarded with the null sender address. +.br +Note: this restriction can only work reliably +when used in smtpd_data_restrictions or +smtpd_end_of_data_restrictions, because the total number of +recipients is not known at an earlier stage of the SMTP conversation. +Use at the RCPT stage will only reject the second etc. recipient. +.br +The multi_recipient_bounce_reject_code parameter specifies the +response code for rejected requests (default: 550). This feature +is available in Postfix 2.1 and later. +.br +.IP "\fBreject_plaintext_session\fR" +Reject the request when the connection is not encrypted. This +restriction should not be used before the client has had a chance +to negotiate encryption with the AUTH or STARTTLS commands. +.br +The plaintext_reject_code parameter specifies the response +code for rejected requests (default: 450). This feature is available +in Postfix 2.3 and later. +.br +.IP "\fBreject_unauth_pipelining\fR" +Reject the request when the client sends SMTP commands ahead +of time where it is not allowed, or when the client sends SMTP +commands ahead of time without knowing that Postfix actually supports +ESMTP command pipelining. This stops mail from bulk mail software +that improperly uses ESMTP command pipelining in order to speed up +deliveries. +.br +With Postfix 2.6 and later, the SMTP server sets a per\-session +flag whenever it detects illegal pipelining, including pipelined +HELO or EHLO commands. The reject_unauth_pipelining feature simply +tests whether the flag was set at any point in time during the +session. +.br +With older Postfix versions, reject_unauth_pipelining checks +the current status of the input read queue, and its usage is not +recommended in contexts other than smtpd_data_restrictions. +.br +.IP "\fBreject\fR" +Reject the request. This restriction is useful at the end of +a restriction list, to make the default policy explicit. The +reject_code configuration parameter specifies the response code for +rejected requests (default: 554). +.br +.IP "\fBsleep \fIseconds\fR\fR" +Pause for the specified number of seconds and proceed with +the next restriction in the list, if any. This may stop zombie +mail when used as: +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_client_restrictions = + sleep 1, reject_unauth_pipelining + smtpd_delay_reject = no +.fi +.ad +.ft R +This feature is available in Postfix 2.3. +.br +.IP "\fBwarn_if_reject\fR" +A safety net for testing. When "warn_if_reject" is placed +before a reject\-type restriction, access table query, or +check_policy_service query, this logs a "reject_warning" message +instead of rejecting a request (when a reject\-type restriction fails +due to a temporary error, this logs a "reject_warning" message for +any implicit "defer_if_permit" actions that would normally prevent +mail from being accepted by some later access restriction). This +feature has no effect on defer_if_reject restrictions. +.br +.br +.PP +Other restrictions that are valid in this context: +.IP \(bu +SMTP command specific restrictions that are described under +the smtpd_helo_restrictions, smtpd_sender_restrictions or +smtpd_recipient_restrictions parameters. When helo, sender or +recipient restrictions are listed under smtpd_client_restrictions, +they have effect only with "smtpd_delay_reject = yes", so that +$smtpd_client_restrictions is evaluated at the time of the RCPT TO +command. +.br +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_client_restrictions = permit_mynetworks, reject_unknown_client_hostname +.fi +.ad +.ft R +.SH smtpd_command_filter (default: empty) +A mechanism to transform commands from remote SMTP clients. +This is a last\-resort tool to work around client commands that break +interoperability with the Postfix SMTP server. Other uses involve +fault injection to test Postfix's handling of invalid commands. +.PP +Specify the name of a "type:table" lookup table. The search +string is the SMTP command as received from the remote SMTP client, +except that initial whitespace and the trailing <CR><LF> +are removed. The result value is executed by the Postfix SMTP +server. +.PP +There is no need to use smtpd_command_filter for the following +cases: +.IP \(bu +Use "resolve_numeric_domain = yes" to accept +"\fIuser@ipaddress\fR". +.IP \(bu +Postfix already accepts the correct form +"\fIuser@[ipaddress]\fR". Use virtual_alias_maps or canonical_maps +to translate these into domain names if necessary. +.IP \(bu +Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<\fIUser +Name <user@example.com>>\fR". Postfix will ignore the "\fIUser +Name\fR" part and deliver to the \fI<user@example.com>\fR address. +.br +.PP +Examples of problems that can be solved with the smtpd_command_filter +feature: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_command_filter = pcre:/etc/postfix/command_filter +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/command_filter: + # Work around clients that send malformed HELO commands. + /^HELO\es*$/ HELO domain.invalid +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + # Work around clients that send empty lines. + /^\es*$/ NOOP +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + # Work around clients that send RCPT TO:<'user@domain'>. + # WARNING: do not lose the parameters that follow the address. + /^(RCPT\es+TO:\es*<)'([^[:space:]]+)'(>.*)/ $1$2$3 +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + # Append XVERP to MAIL FROM commands to request VERP\-style delivery. + # See VERP_README for more information on how to use Postfix VERP. + /^(MAIL\es+FROM:\es*<listname@example\e.com>.*)/ $1 XVERP +.fi +.ad +.ft R +.PP +.nf +.na +.ft C + # Bounce\-never mail sink. Use notify_classes=bounce,resource,software + # to send bounced mail to the postmaster (with message body removed). + /^(RCPT\es+TO:\es*<.*>.*)\es+NOTIFY=\eS+(.*)/ $1 NOTIFY=NEVER$2 + /^(RCPT\es+TO:.*)/ $1 NOTIFY=NEVER +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.7. +.SH smtpd_data_restrictions (default: empty) +Optional access restrictions that the Postfix SMTP server applies +in the context of the SMTP DATA command. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +This feature is available in Postfix 2.0 and later. +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are valid in this context: +.IP \(bu +Generic restrictions that can be used +in any SMTP command context, described under smtpd_client_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_client_restrictions, smtpd_helo_restrictions, +smtpd_sender_restrictions or smtpd_recipient_restrictions. +.IP \(bu +However, no recipient information is available in the case of +multi\-recipient mail. Acting on only one recipient would be misleading, +because any decision will affect all recipients equally. Acting on +all recipients would require a possibly very large amount of memory, +and would also be misleading for the reasons mentioned before. +.br +.PP +Examples: +.PP +.nf +.na +.ft C +smtpd_data_restrictions = reject_unauth_pipelining +smtpd_data_restrictions = reject_multi_recipient_bounce +.fi +.ad +.ft R +.SH smtpd_delay_open_until_valid_rcpt (default: yes) +Postpone the start of an SMTP mail transaction until a valid +RCPT TO command is received. Specify "no" to create a mail transaction +as soon as the Postfix SMTP server receives a valid MAIL FROM +command. +.PP +With sites that reject lots of mail, the default setting reduces +the use of +disk, CPU and memory resources. The downside is that rejected +recipients are logged with NOQUEUE instead of a mail transaction +ID. This complicates the logfile analysis of multi\-recipient mail. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_delay_reject (default: yes) +Wait until the RCPT TO command before evaluating +$smtpd_client_restrictions, $smtpd_helo_restrictions and +$smtpd_sender_restrictions, or wait until the ETRN command before +evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. +.PP +This feature is turned on by default because some clients apparently +mis\-behave when the Postfix SMTP server rejects commands before +RCPT TO. +.PP +The default setting has one major benefit: it allows Postfix to log +recipient address information when rejecting a client name/address +or sender address, so that it is possible to find out whose mail +is being rejected. +.SH smtpd_discard_ehlo_keyword_address_maps (default: empty) +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP server will not send in the EHLO response +to a +remote SMTP client. See smtpd_discard_ehlo_keywords for details. +The tables are not searched by hostname for robustness reasons. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_discard_ehlo_keywords (default: empty) +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP server will not send in the EHLO +response +to a remote SMTP client. +.PP +This feature is available in Postfix 2.2 and later. +.PP +Notes: +.IP \(bu +Specify the \fBsilent\-discard\fR pseudo keyword to prevent +this action from being logged. +.IP \(bu +Use the smtpd_discard_ehlo_keyword_address_maps feature +to discard EHLO keywords selectively. +.br +.SH smtpd_dns_reply_filter (default: empty) +Optional filter for Postfix SMTP server DNS lookup results. +See smtp_dns_reply_filter for details including an example. +.PP +This feature is available in Postfix 3.0 and later. +.SH smtpd_end_of_data_restrictions (default: empty) +Optional access restrictions that the Postfix SMTP server +applies in the context of the SMTP END\-OF\-DATA command. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +This feature is available in Postfix 2.2 and later. +.PP +See smtpd_data_restrictions for details and limitations. +.SH smtpd_enforce_tls (default: no) +Mandatory TLS: announce STARTTLS support to remote SMTP clients, +and require that clients use TLS encryption. According to RFC 2487 +this MUST NOT be applied in case of a publicly\-referenced SMTP +server. This option is therefore off by default. +.PP +Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". +.PP +Note 2: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer +STARTTLS due to insufficient privileges to access the server private +key. This is intended behavior. +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtpd_tls_security_level instead. +.SH smtpd_error_sleep_time (default: 1s) +With Postfix version 2.1 and later: the SMTP server response delay after +a client has made more than $smtpd_soft_error_limit errors, and +fewer than $smtpd_hard_error_limit errors, without delivering mail. +.PP +With Postfix version 2.0 and earlier: the SMTP server delay +before sending a reject (4xx or 5xx) response, when the client has +made fewer than $smtpd_soft_error_limit errors without delivering +mail. When the client has made $smtpd_soft_error_limit or more errors, +delay all responses with the larger of (number of errors) seconds +or $smtpd_error_sleep_time. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtpd_etrn_restrictions (default: empty) +Optional restrictions that the Postfix SMTP server applies in the +context of a client ETRN command. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +The Postfix ETRN implementation accepts only destinations that are +eligible for the Postfix "fast flush" service. See the ETRN_README +file for details. +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are specific to the domain name information +received with the ETRN command. +.IP "\fBcheck_etrn_access \fItype:table\fR\fR" +Search the specified access database for the ETRN domain name +or its parent domains. See the \fBaccess\fR(5) manual page for details. +.br +.br +.PP +Other restrictions that are valid in this context: +.IP \(bu +Generic restrictions that can be used +in any SMTP command context, described under smtpd_client_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_client_restrictions and smtpd_helo_restrictions. +.br +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_etrn_restrictions = permit_mynetworks, reject +.fi +.ad +.ft R +.SH smtpd_expansion_filter (default: see "postconf \-d" output) +What characters are allowed in $name expansions of RBL reply +templates. Characters not in the allowed set are replaced by "_". +Use C like escapes to specify special characters such as whitespace. +.PP +The smtpd_expansion_filter value is not subject to Postfix configuration +parameter $name expansion. +.PP +This feature is available in Postfix 2.0 and later. +.SH smtpd_forbid_bare_newline (default: Postfix < 3.9: no) +Reject or restrict input lines from an SMTP client that end in +<LF> instead of the standard <CR><LF>. Such line +endings are commonly allowed with UNIX\-based SMTP servers, but they +violate RFC 5321, and allowing such line endings can make a server +vulnerable to +SMTP smuggling. +.PP +Specify one of the following values (case does not matter): +.IP "\fBnormalize\fR" +Require the standard +End\-of\-DATA sequence <CR><LF>.<CR><LF>. +Otherwise, allow command or message content lines ending in the +non\-standard <LF>, and process them as if the client sent the +standard <CR><LF>. +.br +.br +This maintains compatibility +with many legitimate SMTP client applications that send a mix of +standard and non\-standard line endings, but will fail to receive +email from client implementations that do not terminate DATA content +with the standard End\-of\-DATA sequence +<CR><LF>.<CR><LF>. +.br +.br +Such clients +can be excluded with smtpd_forbid_bare_newline_exclusions. +.br +.IP "\fByes\fR" +Compatibility alias for \fBnormalize\fR. +.br +.IP "\fBreject\fR" +Require the standard End\-of\-DATA +sequence <CR><LF>.<CR><LF>. Reject a command +or message content when a line contains bare <LF>, log a "bare +<LF> received" error, and reply with the SMTP status code in +$smtpd_forbid_bare_newline_reject_code. +.br +.br +This will reject +email from SMTP clients that send any non\-standard line endings +such as web applications, netcat, or load balancer health checks. +.br +.br +This will also reject email from services that use BDAT +to send MIME text containing a bare newline (RFC 3030 Section 3 +requires canonical MIME format for text message types, defined in +RFC 2045 Sections 2.7 and 2.8). +.br +.br +Such clients can be +excluded with smtpd_forbid_bare_newline_exclusions (or, in the case +of BDAT violations, BDAT can be selectively disabled with +smtpd_discard_ehlo_keyword_address_maps, or globally disabled with +smtpd_discard_ehlo_keywords). +.br +.IP "\fBno\fR (default)" +Do not require the standard +End\-of\-DATA +sequence <CR><LF>.<CR><LF>. Always process +a bare <LF> as if the client sent <CR><LF>. This +option is fully backwards compatible, but is not recommended for +an Internet\-facing SMTP server, because it is vulnerable to SMTP smuggling. +.br +.br +.PP +Recommended settings: +.sp +.in +4 +.nf +.na +.ft C +# Require the standard End\-of\-DATA sequence <CR><LF>.<CR><LF>. +# Otherwise, allow bare <LF> and process it as if the client sent +# <CR><LF>. +# +# This maintains compatibility with many legitimate SMTP client +# applications that send a mix of standard and non\-standard line +# endings, but will fail to receive email from client implementations +# that do not terminate DATA content with the standard End\-of\-DATA +# sequence <CR><LF>.<CR><LF>. +# +# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. +# The example below allowlists SMTP clients in trusted networks. +# +smtpd_forbid_bare_newline = normalize +smtpd_forbid_bare_newline_exclusions = $mynetworks +.fi +.ad +.ft R +.in -4 +.PP +Alternative: +.sp +.in +4 +.nf +.na +.ft C +# Reject input lines that contain <LF> and log a "bare <LF> received" +# error. Require that input lines end in <CR><LF>, and require the +# standard End\-of\-DATA sequence <CR><LF>.<CR><LF>. +# +# This will reject email from SMTP clients that send any non\-standard +# line endings such as web applications, netcat, or load balancer +# health checks. +# +# This will also reject email from services that use BDAT to send +# MIME text containing a bare newline (RFC 3030 Section 3 requires +# canonical MIME format for text message types, defined in RFC 2045 +# Sections 2.7 and 2.8). +# +# Such clients can be allowlisted with smtpd_forbid_bare_newline_exclusions. +# The example below allowlists SMTP clients in trusted networks. +# +smtpd_forbid_bare_newline = reject +smtpd_forbid_bare_newline_exclusions = $mynetworks +# +# Alternatively, in the case of BDAT violations, BDAT can be selectively +# disabled with smtpd_discard_ehlo_keyword_address_maps, or globally +# disabled with smtpd_discard_ehlo_keywords. +# +# smtpd_discard_ehlo_keyword_address_maps = cidr:/path/to/file +# /path/to/file: +# 10.0.0.0/24 chunking, silent\-discard +# smtpd_discard_ehlo_keywords = chunking, silent\-discard +.fi +.ad +.ft R +.in -4 +.PP +This feature with settings \fByes\fR and \fBno\fR is available +in Postfix 3.8.4, 3.7.9, 3.6.13, and 3.5.23. Additionally, the +settings \fBreject\fR, and \fBnormalize\fR are available with +Postfix >= 3.9, 3.8.5, 3.7.10, 3.6.14, and 3.5.24. +.SH smtpd_forbid_bare_newline_exclusions (default: $mynetworks) +Exclude the specified clients from smtpd_forbid_bare_newline +enforcement. This setting uses the same syntax and parent\-domain +matching behavior as mynetworks. +.PP +This feature is available in Postfix >= 3.9, 3.8.4, 3.7.9, +3.6.13, and 3.5.23. +.SH smtpd_forbid_bare_newline_reject_code (default: 550) +The numerical Postfix SMTP server response code when rejecting a +request with "smtpd_forbid_bare_newline = reject". +Specify a 5XX status code (521 to disconnect). +.PP +This feature is available in Postfix >= 3.9, 3.8.5, 3.7.10, +3.6.14, and 3.5.24. +.SH smtpd_forbid_unauth_pipelining (default: Postfix >= 3.9: yes) +Disconnect remote SMTP clients that violate RFC 2920 (or 5321) +command pipelining constraints. The server replies with "554 5.5.0 +Error: SMTP protocol synchronization" and logs the unexpected remote +SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" +to enable. This feature is enabled by default with Postfix >= +3.9. +.PP +This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20. +.SH smtpd_forbidden_commands (default: CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}}) +List of commands that cause the Postfix SMTP server to immediately +terminate the session with a 221 code. This can be used to disconnect +clients that obviously attempt to abuse the system. In addition to the +commands listed in this parameter, commands that follow the "Label:" +format of message headers will also cause a disconnect. With Postfix +versions 3.6 and earlier, the default value is "CONNECT GET POST". +.PP +This feature is available in Postfix 2.2 and later. +.PP +Support for inline regular expressions was added in Postfix version +3.7. See \fBregexp_table\fR(5) for a description of the syntax and features. +.SH smtpd_hard_error_limit (default: normal: 20, overload: 1) +The maximal number of errors a remote SMTP client is allowed to +make without delivering mail. The Postfix SMTP server disconnects +when the limit is reached. Normally the default limit is 20, but +it changes under overload to just 1. With Postfix 2.5 and earlier, +the SMTP server always allows up to 20 errors by default. +Valid values are greater than zero. +.SH smtpd_helo_required (default: no) +Require that a remote SMTP client introduces itself with the HELO +or EHLO command before sending the MAIL command or other commands +that require EHLO negotiation. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_helo_required = yes +.fi +.ad +.ft R +.SH smtpd_helo_restrictions (default: empty) +Optional restrictions that the Postfix SMTP server applies in the +context of a client HELO command. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +The default is to permit everything. +.PP +Note: specify "smtpd_helo_required = yes" to fully enforce this +restriction (without "smtpd_helo_required = yes", a client can +simply skip smtpd_helo_restrictions by not sending HELO or EHLO). +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are specific to the hostname information +received with the HELO or EHLO command. +.IP "\fBcheck_helo_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the HELO or EHLO +hostname or parent domains, and execute the corresponding action. +Note: specify "smtpd_helo_required = yes" to fully enforce this +restriction (without "smtpd_helo_required = yes", a client can +simply skip check_helo_access by not sending HELO or EHLO). +.br +.IP "\fBcheck_helo_a_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the IP addresses for +the HELO or EHLO hostname, and execute the corresponding action. +Note 1: a result of "OK" is not allowed for safety reasons. Instead, +use DUNNO in order to exclude specific hosts from denylists. Note +2: specify "smtpd_helo_required = yes" to fully enforce this +restriction (without "smtpd_helo_required = yes", a client can +simply skip check_helo_a_access by not sending HELO or EHLO). This +feature is available in Postfix 3.0 and later. +.br +.IP "\fBcheck_helo_mx_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MX hosts for +the HELO or EHLO hostname, and execute the corresponding action. +If no MX record is found, look up A or AAAA records, just like the +Postfix SMTP client would. +Note 1: a result of "OK" is not allowed for safety reasons. Instead, +use DUNNO in order to exclude specific hosts from denylists. Note +2: specify "smtpd_helo_required = yes" to fully enforce this +restriction (without "smtpd_helo_required = yes", a client can +simply skip check_helo_mx_access by not sending HELO or EHLO). This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBcheck_helo_ns_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the DNS servers +for the HELO or EHLO hostname, and execute the corresponding action. +Note 1: a result of "OK" is not allowed for safety reasons. Instead, +use DUNNO in order to exclude specific hosts from denylists. Note +2: specify "smtpd_helo_required = yes" to fully enforce this +restriction (without "smtpd_helo_required = yes", a client can +simply skip check_helo_ns_access by not sending HELO or EHLO). This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBreject_invalid_helo_hostname\fR (with Postfix < 2.3: reject_invalid_hostname)" +Reject the request when the HELO or EHLO hostname is malformed. +Note: specify "smtpd_helo_required = yes" to fully enforce +this restriction (without "smtpd_helo_required = yes", a client can simply +skip reject_invalid_helo_hostname by not sending HELO or EHLO). +.br +The invalid_hostname_reject_code specifies the response code +for rejected requests (default: 501). +.br +.IP "\fBreject_non_fqdn_helo_hostname\fR (with Postfix < 2.3: reject_non_fqdn_hostname)" +Reject the request when the HELO or EHLO hostname is not in +fully\-qualified domain or address literal form, as required by the +RFC. Note: specify +"smtpd_helo_required = yes" to fully enforce this restriction +(without "smtpd_helo_required = yes", a client can simply skip +reject_non_fqdn_helo_hostname by not sending HELO or EHLO). +.br +The non_fqdn_reject_code parameter specifies the response code for +rejected requests (default: 504). +.br +.IP "\fBreject_rhsbl_helo \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the HELO or EHLO hostname is +listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR +(Postfix version 2.1 and later only). Each "\fId\fR" is a number, +or a pattern inside "[]" that contains one or more ";"\-separated +numbers or number..number ranges (Postfix version 2.8 and later). +If no "\fI=d.d.d.d\fR" is +specified, reject the request when the HELO or EHLO hostname is +listed with any A record under \fIrbl_domain\fR. See the +reject_rbl_client description for additional RBL related configuration +parameters. Note: specify "smtpd_helo_required = yes" to fully +enforce this restriction (without "smtpd_helo_required = yes", a +client can simply skip reject_rhsbl_helo by not sending HELO or +EHLO). This feature is available in Postfix 2.0 +and later. +.br +.IP "\fBreject_unknown_helo_hostname\fR (with Postfix < 2.3: reject_unknown_hostname)" +Reject the request when the HELO or EHLO hostname has no DNS A +or MX record. +.br +The reply is specified with the +unknown_hostname_reject_code parameter (default: 450) or +unknown_helo_hostname_tempfail_action (default: defer_if_permit). +See the respective parameter descriptions for details. +.br +Note: specify "smtpd_helo_required = yes" to fully +enforce this restriction (without "smtpd_helo_required = yes", a +client can simply skip reject_unknown_helo_hostname by not sending +HELO or EHLO). +.br +.br +.PP +Other restrictions that are valid in this context: +.IP \(bu +Generic restrictions that can be used +in any SMTP command context, described under smtpd_client_restrictions. +.IP \(bu +Client hostname or network address specific restrictions +described under smtpd_client_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_sender_restrictions or smtpd_recipient_restrictions. When +sender or recipient restrictions are listed under smtpd_helo_restrictions, +they have effect only with "smtpd_delay_reject = yes", so that +$smtpd_helo_restrictions is evaluated at the time of the RCPT TO +command. +.br +.PP +Examples: +.PP +.nf +.na +.ft C +smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname +smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname +.fi +.ad +.ft R +.SH smtpd_history_flush_threshold (default: 100) +The maximal number of lines in the Postfix SMTP server command history +before it is flushed upon receipt of EHLO, RSET, or end of DATA. +.SH smtpd_junk_command_limit (default: normal: 100, overload: 1) +The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote +SMTP client can send before the Postfix SMTP server starts to +increment the error counter with each junk command. The junk +command count is reset after mail is delivered. See also the +smtpd_error_sleep_time and smtpd_soft_error_limit configuration +parameters. Normally the default limit is 100, but it changes under +overload to just 1. With Postfix 2.5 and earlier, the SMTP server +always allows up to 100 junk commands by default. +.SH smtpd_log_access_permit_actions (default: empty) +Enable logging of the named "permit" actions in SMTP server +access lists (by default, the SMTP server logs "reject" actions but +not "permit" actions). This feature does not affect conditional +actions such as "defer_if_permit". +.PP +Specify a list of "permit" action names, "/file/name" or +"type:table" patterns, separated by commas and/or whitespace. The +list is matched left to right, and the search stops on the first +match. A "/file/name" pattern is replaced by its contents; a +"type:table" lookup table is matched when a name matches a lookup +key (the lookup result is ignored). Continue long lines by starting +the next line with whitespace. Specify "!pattern" to exclude a name +from the list. +.PP +Examples: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Log all "permit" actions. + smtpd_log_access_permit_actions = static:all +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + # Log "permit_dnswl_client" only. + smtpd_log_access_permit_actions = permit_dnswl_client +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.10 and later. +.SH smtpd_milter_maps (default: empty) +Lookup tables with Milter settings per remote SMTP client IP +address. The lookup result overrides the smtpd_milters setting, +and has the same syntax. +.PP +Note: lookup tables cannot return empty responses. Specify a +lookup result of DISABLE (case does not matter) to indicate that +Milter support should be disabled. +.PP +Example to disable Milters for local clients: +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_milter_maps = cidr:/etc/postfix/smtpd_milter_map + smtpd_milters = inet:host:port, { inet:host:port, ... }, ... +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +/etc/postfix/smtpd_milter_map: + # Disable Milters for local clients. + 127.0.0.0/8 DISABLE + 192.168.0.0/16 DISABLE + ::/64 DISABLE + 2001:db8::/32 DISABLE +.fi +.ad +.ft R +.PP +This feature is available in Postfix 3.2 and later. +.SH smtpd_milters (default: empty) +A list of Milter (mail filter) applications for new mail that +arrives via the Postfix \fBsmtpd\fR(8) server. Specify space or comma as +separator. See the MILTER_README document for details. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_min_data_rate (default: 500) +The minimum plaintext data transfer rate in bytes/second for +DATA and BDAT requests, when deadlines are enabled with +smtpd_per_request_deadline. After a read operation transfers N +plaintext message bytes (possibly after TLS decryption), and after +the DATA or BDAT request deadline is decremented by the elapsed +time of that read operation, the DATA or BDAT request deadline is +incremented by N/smtpd_min_data_rate seconds. However, the deadline +will never be incremented beyond the time limit specified with +smtpd_timeout. +.PP +This feature is available in Postfix 3.7 and later. +.SH smtpd_noop_commands (default: empty) +List of commands that the Postfix SMTP server replies to with "250 +Ok", without doing any syntax checks and without changing state. +This list overrides any commands built into the Postfix SMTP server. +.SH smtpd_null_access_lookup_key (default: <>) +The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the +null sender address. +.SH smtpd_peername_lookup (default: yes) +Attempt to look up the remote SMTP client hostname, and verify that +the name matches the client IP address. A client name is set to +"unknown" when it cannot be looked up or verified, or when name +lookup is disabled. Turning off name lookup reduces delays due to +DNS lookup and increases the maximal inbound delivery rate. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_per_record_deadline (default: normal: no, overload: yes) +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). This +limits the impact from hostile peers that trickle data one byte at +a time. +.PP +Note: when per\-record deadlines are enabled, a short timeout +may cause problems with TLS over very slow network connections. +The reasons are that a TLS protocol message can be up to 16 kbytes +long (with TLSv1), and that an entire TLS protocol message must be +sent or received within the per\-record deadline. +.PP +This feature is available in Postfix 2.9\-3.6. With older +Postfix releases, the behavior is as if this parameter is set to +"no". Postfix 3.7 and later use smtpd_per_request_deadline. +.SH smtpd_per_request_deadline (default: normal: no, overload: yes) +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a time limit per plaintext or TLS read or write +call, to a combined time limit for receiving a complete SMTP request +and for sending a complete SMTP response. The deadline limits only +the time spent waiting for plaintext or TLS read or write calls, +not time spent elsewhere. The per\-request deadline limits the impact +from hostile peers that trickle data one byte at a time. +.PP +See smtpd_min_data_rate for how the per\-request deadline is +managed during the DATA and BDAT phase. +.PP +Note: when per\-request deadlines are enabled, a short time limit +may cause problems with TLS over very slow network connections. The +reason is that a TLS protocol message can be up to 16 kbytes long +(with TLSv1), and that an entire TLS protocol message must be +transferred within the per\-request deadline. +.PP +This feature is available in Postfix 3.7 and later. A weaker +feature, called smtpd_per_record_deadline, is available with Postfix +2.9\-3.6. With older Postfix releases, the behavior is as if this +parameter is set to "no". +.PP +This feature is available in Postfix 3.7 and later. +.SH smtpd_policy_service_default_action (default: 451 4.3.5 Server configuration problem) +The default action when an SMTPD policy service request fails. +Specify "DUNNO" to behave as if the failed SMTPD policy service +request was not sent, and to continue processing other access +restrictions, if any. +.PP +Limitations: +.IP \(bu +This parameter may specify any value that would be a valid +SMTPD policy server response (or \fBaccess\fR(5) map lookup result). An +\fBaccess\fR(5) map or policy server in this parameter value may need to +be declared in advance with a restriction_class setting. +.IP \(bu +If the specified action invokes another check_policy_service +request, that request will have the built\-in default action. +.br +.PP +This feature is available in Postfix 3.0 and later. +.SH smtpd_policy_service_max_idle (default: 300s) +The time after which an idle SMTPD policy service connection is +closed. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_policy_service_max_ttl (default: 1000s) +The time after which an active SMTPD policy service connection is +closed. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_policy_service_policy_context (default: empty) +Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients). +.PP +This feature is available in Postfix 3.1 and later. +.SH smtpd_policy_service_request_limit (default: 0) +The maximal number of requests per SMTPD policy service connection, +or zero (no limit). Once a connection reaches this limit, the +connection is closed and the next request will be sent over a new +connection. This is a workaround to avoid error\-recovery delays +with policy servers that cannot maintain a persistent connection. +.PP +This feature is available in Postfix 3.0 and later. +.SH smtpd_policy_service_retry_delay (default: 1s) +The delay between attempts to resend a failed SMTPD policy +service request. Specify a value greater than zero. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 3.0 and later. +.SH smtpd_policy_service_timeout (default: 100s) +The time limit for connecting to, writing to, or receiving from a +delegated SMTPD policy server. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_policy_service_try_limit (default: 2) +The maximal number of attempts to send an SMTPD policy service +request before giving up. Specify a value greater than zero. +.PP +This feature is available in Postfix 3.0 and later. +.SH smtpd_proxy_ehlo (default: $myhostname) +How the Postfix SMTP server announces itself to the proxy filter. +By default, the Postfix hostname is used. +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_proxy_filter (default: empty) +The hostname and TCP port of the mail filtering proxy server. +The proxy receives all mail from the Postfix SMTP server, and is +supposed to give the result to another Postfix SMTP server process. +.PP +Specify "host:port" or "inet:host:port" for a TCP endpoint, or +"unix:pathname" for a UNIX\-domain endpoint. The host can be specified +as an IP address or as a symbolic name; no MX lookups are done. +When no "host" or "host:" is specified, the local machine is +assumed. Pathname interpretation is relative to the Postfix queue +directory. +.PP +This feature is available in Postfix 2.1 and later. +.PP +The "inet:" and "unix:" prefixes are available in Postfix 2.3 +and later. +.SH smtpd_proxy_options (default: empty) +List of options that control how the Postfix SMTP server +communicates with a before\-queue content filter. Specify zero or +more of the following, separated by comma or whitespace. +.IP "\fBspeed_adjust\fR" +Do not connect to a before\-queue content filter until an entire +message has been received. This reduces the number of simultaneous +before\-queue content filter processes. +.PP +NOTE 1: A filter must not \fIselectively\fR reject recipients +of a multi\-recipient message. Rejecting all recipients is OK, as +is accepting all recipients. +.PP +NOTE 2: This feature increases the minimum amount of free queue +space by $message_size_limit. The extra space is needed to save the +message to a temporary file. +.br +.br +.PP +This feature is available in Postfix 2.7 and later. +.SH smtpd_proxy_timeout (default: 100s) +The time limit for connecting to a proxy filter and for sending or +receiving information. When a connection fails the client gets a +generic error message while more detailed information is logged to +the maillog file. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_recipient_limit (default: 1000) +The maximal number of recipients that the Postfix SMTP server +accepts per message delivery request. +.SH smtpd_recipient_overshoot_limit (default: 1000) +The number of recipients that a remote SMTP client can send in +excess of the limit specified with $smtpd_recipient_limit, before +the Postfix SMTP server increments the per\-session error count +for each excess recipient. +.SH smtpd_recipient_restrictions (default: see "postconf \-d" output) +Optional restrictions that the Postfix SMTP server applies in the +context of a client RCPT TO command, after smtpd_relay_restrictions. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +With Postfix versions before 2.10, the rules for relay permission +and spam blocking were combined under smtpd_recipient_restrictions, +resulting in error\-prone configuration. As of Postfix 2.10, relay +permission rules are preferably implemented with smtpd_relay_restrictions, +so that a permissive spam blocking policy under +smtpd_recipient_restrictions will no longer result in a permissive +mail relay policy. +.PP +For backwards compatibility, sites that migrate from Postfix +versions before 2.10 can set smtpd_relay_restrictions to the empty +value, and use smtpd_recipient_restrictions exactly as before. +.PP +IMPORTANT: Either the smtpd_relay_restrictions or the +smtpd_recipient_restrictions parameter must specify +at least one of the following restrictions. Otherwise Postfix will +refuse to receive mail: +.sp +.in +4 +.nf +.na +.ft C +reject, reject_unauth_destination +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +defer, defer_if_permit, defer_unauth_destination +.fi +.ad +.ft R +.in -4 +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are specific to the recipient address +that is received with the RCPT TO command. +.IP "\fBcheck_recipient_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the resolved RCPT +TO address, domain, parent domains, or localpart@, and execute the +corresponding action. +.br +.IP "\fBcheck_recipient_a_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the IP addresses for +the RCPT TO domain, and execute the corresponding action. Note: +a result of "OK" is not allowed for safety reasons. Instead, use +DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 3.0 and later. +.br +.IP "\fBcheck_recipient_mx_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MX hosts for +the RCPT TO domain, and execute the corresponding action. If no +MX record is found, look up A or AAAA records, just like the Postfix +SMTP client would. Note: +a result of "OK" is not allowed for safety reasons. Instead, use +DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBcheck_recipient_ns_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the DNS servers +for the RCPT TO domain, and execute the corresponding action. +Note: a result of "OK" is not allowed for safety reasons. Instead, +use DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBpermit_auth_destination\fR" +Permit the request when one of the following is true: +.IP \(bu +Postfix is a mail forwarder: the resolved RCPT TO domain matches +$relay_domains or a subdomain thereof, and the address contains no +sender\-specified routing (user@elsewhere@domain), +.IP \(bu +Postfix is the final destination: the resolved RCPT TO domain +matches $mydestination, $inet_interfaces, $proxy_interfaces, +$virtual_alias_domains, or $virtual_mailbox_domains, and the address +contains no sender\-specified routing (user@elsewhere@domain). +.br +.br +.IP "\fBpermit_mx_backup\fR" +Permit the request when the local mail system is a backup MX for +the RCPT TO domain, or when the domain is an authorized destination +(see permit_auth_destination for definition). +.IP \(bu +Safety: permit_mx_backup does not accept addresses that have +sender\-specified routing information (example: user@elsewhere@domain). +.IP \(bu +Safety: permit_mx_backup can be vulnerable to mis\-use when +access is not restricted with permit_mx_backup_networks. +.IP \(bu +Safety: as of Postfix version 2.3, permit_mx_backup no longer +accepts the address when the local mail system is a primary MX for +the recipient domain. Exception: permit_mx_backup accepts the address +when it specifies an authorized destination (see permit_auth_destination +for definition). +.IP \(bu +Limitation: mail may be rejected in case of a temporary DNS +lookup problem with Postfix prior to version 2.0. +.br +.br +.IP "\fBreject_non_fqdn_recipient\fR" +Reject the request when the RCPT TO address specifies a +domain that is not in +fully\-qualified domain form, as required by the RFC. +.br +The +non_fqdn_reject_code parameter specifies the response code for +rejected requests (default: 504). +.br +.IP "\fBreject_rhsbl_recipient \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the RCPT TO domain is listed with the +A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix version +2.1 and later only). Each "\fId\fR" is a number, or a pattern +inside "[]" that contains one or more ";"\-separated numbers or +number..number ranges (Postfix version 2.8 and later). If no +"\fI=d.d.d.d\fR" is specified, reject +the request when the RCPT TO domain is listed with +any A record under \fIrbl_domain\fR. +.br +The maps_rbl_reject_code +parameter specifies the response code for rejected requests (default: +554); the default_rbl_reply parameter specifies the default server +reply; and the rbl_reply_maps parameter specifies tables with server +replies indexed by \fIrbl_domain\fR. This feature is available +in Postfix version 2.0 and later. +.br +.IP "\fBreject_unauth_destination\fR" +Reject the request unless one of the following is true: +.IP \(bu +Postfix is a mail forwarder: the resolved RCPT TO domain matches +$relay_domains or a subdomain thereof, and contains no sender\-specified +routing (user@elsewhere@domain), +.IP \(bu +Postfix is the final destination: the resolved RCPT TO domain +matches $mydestination, $inet_interfaces, $proxy_interfaces, +$virtual_alias_domains, or $virtual_mailbox_domains, and contains +no sender\-specified routing (user@elsewhere@domain). +.br +The relay_domains_reject_code parameter specifies the response +code for rejected requests (default: 554). +.br +.IP "\fBdefer_unauth_destination\fR" +Reject the same requests as reject_unauth_destination, with a +non\-permanent error code. This feature is available in Postfix +2.10 and later. +.br +.IP "\fBreject_unknown_recipient_domain\fR" +Reject the request when Postfix is not final destination for +the recipient domain, and the RCPT TO domain has 1) no DNS MX and +no DNS A +record or 2) a malformed MX record such as a record with +a zero\-length MX hostname (Postfix version 2.3 and later). +.br +The +reply is specified with the unknown_address_reject_code parameter +(default: 450), unknown_address_tempfail_action (default: +defer_if_permit), or 556 (nullmx, Postfix 3.0 and +later). See the respective parameter descriptions for details. +.br +.IP "\fBreject_unlisted_recipient\fR (with Postfix version 2.0: check_recipient_maps)" +Reject the request when the RCPT TO address is not listed in +the list of valid recipients for its domain class. See the +smtpd_reject_unlisted_recipient parameter description for details. +This feature is available in Postfix 2.1 and later. +.br +.IP "\fBreject_unverified_recipient\fR" +Reject the request when mail to the RCPT TO address is known +to bounce, or when the recipient address destination is not reachable. +Address verification information is managed by the \fBverify\fR(8) server; +see the ADDRESS_VERIFICATION_README file for details. +.br +The +unverified_recipient_reject_code parameter specifies the numerical +response code when an address is known to bounce (default: 450, +change it to 550 when you are confident that it is safe to do so). +.br +The unverified_recipient_defer_code parameter specifies the +numerical response code when an address probe failed due to a +temporary problem (default: 450). +.br +The +unverified_recipient_tempfail_action parameter specifies the action +after address probe failure due to a temporary problem (default: +defer_if_permit). +.br +This feature breaks for aliased addresses +with "enable_original_recipient = no" (Postfix <= 3.2). +.br +This feature is available in Postfix 2.1 and later. +.br +.br +.PP +Other restrictions that are valid in this context: +.IP \(bu +Generic restrictions that can be used +in any SMTP command context, described under smtpd_client_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_client_restrictions, smtpd_helo_restrictions and +smtpd_sender_restrictions. +.br +.PP +Example: +.PP +.nf +.na +.ft C +# The Postfix before 2.10 default mail relay policy. Later Postfix +# versions implement this preferably with smtpd_relay_restrictions. +smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination +.fi +.ad +.ft R +.SH smtpd_reject_footer (default: empty) +Optional information that is appended after each Postfix SMTP +server +4XX or 5XX response. +.PP +The following example uses "\ec" at the start of the template +(supported in Postfix 2.10 and later) to suppress the line break +between the reply text and the footer text. With earlier Postfix +versions, the footer text always begins on a new line, and the "\ec" +is output literally. +.PP +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_reject_footer = \ec. For assistance, call 800\-555\-0101. + Please provide the following information in your problem report: + time ($localtime), client ($client_address) and server + ($server_name). +.fi +.ad +.ft R +.PP +Server response: +.PP +.nf +.na +.ft C + 550\-5.5.1 <user@example> Recipient address rejected: User + unknown. For assistance, call 800\-555\-0101. Please provide the + following information in your problem report: time (Jan 4 15:42:00), + client (192.168.1.248) and server (mail1.example.com). +.fi +.ad +.ft R +.PP +Note: the above text is meant to make it easier to find the +Postfix logfile records for a failed SMTP session. The text itself +is not logged to the Postfix SMTP server's maillog file. +.PP +Be sure to keep the text as short as possible. Long text may +be truncated before it is logged to the remote SMTP client's maillog +file, or before it is returned to the sender in a delivery status +notification. +.PP +The template text is not subject to Postfix configuration +parameter $name expansion. Instead, this feature supports a limited +number of $name attributes in the footer text. These attributes are +replaced with their current value for the SMTP session. +.PP +Note: specify $$name in footer text that is looked up from +regexp: or pcre:\-based smtpd_reject_footer_maps, otherwise the +Postfix server will not use the footer text and will log a warning +instead. +.IP "\fBclient_address\fR" +The Client IP address that +is logged in the maillog file. +.br +.IP "\fBclient_port\fR" +The client TCP port that is +logged in the maillog file. +.br +.IP "\fBlocaltime\fR" +The server local time (Mmm dd +hh:mm:ss) that is logged in the maillog file. +.br +.IP "\fBserver_name\fR" +The server's myhostname value. +This attribute is made available for sites with multiple MTAs +(perhaps behind a load\-balancer), where the server name can help +the server support team to quickly find the right log files. +.br +.br +.PP +Notes: +.IP \(bu +NOT SUPPORTED are other attributes such as sender, recipient, +or main.cf parameters. +.IP \(bu +For safety reasons, text that does not match +$smtpd_expansion_filter is censored. +.br +.PP +This feature supports the two\-character sequence \en as a request +for a line break in the footer text. Postfix automatically inserts +after each line break the three\-digit SMTP reply code (and optional +enhanced status code) from the original Postfix reject message. +.PP +To work around mail software that mis\-handles multi\-line replies, +specify the two\-character sequence \ec at the start of the template. +This suppresses the line break between the reply text and the footer +text (Postfix 2.10 and later). +.PP +This feature is available in Postfix 2.8 and later. +.SH smtpd_reject_footer_maps (default: empty) +Lookup tables, indexed by the complete Postfix SMTP server 4xx or +5xx response, with reject footer templates. See smtpd_reject_footer +for details. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +This feature is available in Postfix 3.4 and later. +.SH smtpd_reject_unlisted_recipient (default: yes) +Request that the Postfix SMTP server rejects mail for unknown +recipient addresses, even when no explicit reject_unlisted_recipient +access restriction is specified. This prevents the Postfix queue +from filling up with undeliverable MAILER\-DAEMON messages. +.PP +An address is always considered "known" when it matches a +\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping. +.IP \(bu +The recipient domain matches $mydestination, $inet_interfaces +or $proxy_interfaces, but the recipient is not listed in +$local_recipient_maps, and $local_recipient_maps is not null. +.IP \(bu +The recipient domain matches $virtual_alias_domains but the +recipient is not listed in $virtual_alias_maps. +.IP \(bu +The recipient domain matches $virtual_mailbox_domains but the +recipient is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps +is not null. +.IP \(bu +The recipient domain matches $relay_domains but the recipient +is not listed in $relay_recipient_maps, and $relay_recipient_maps +is not null. +.br +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_reject_unlisted_sender (default: no) +Request that the Postfix SMTP server rejects mail from unknown +sender addresses, even when no explicit reject_unlisted_sender +access restriction is specified. This can slow down an explosion +of forged mail from worms or viruses. +.PP +An address is always considered "known" when it matches a +\fBvirtual\fR(5) alias or a \fBcanonical\fR(5) mapping. +.IP \(bu +The sender domain matches $mydestination, $inet_interfaces or +$proxy_interfaces, but the sender is not listed in +$local_recipient_maps, and $local_recipient_maps is not null. +.IP \(bu +The sender domain matches $virtual_alias_domains but the sender +is not listed in $virtual_alias_maps. +.IP \(bu +The sender domain matches $virtual_mailbox_domains but the +sender is not listed in $virtual_mailbox_maps, and $virtual_mailbox_maps +is not null. +.IP \(bu +The sender domain matches $relay_domains but the sender is +not listed in $relay_recipient_maps, and $relay_recipient_maps is +not null. +.br +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_relay_before_recipient_restrictions (default: see "postconf \-d" output) +Evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions. +Historically, smtpd_relay_restrictions was evaluated after +smtpd_recipient_restrictions, contradicting documented behavior. +.PP +Background: the smtpd_relay_restrictions feature is primarily +designed to enforce a mail relaying policy, while +smtpd_recipient_restrictions is primarily designed to enforce spam +blocking policy. Both are evaluated while replying to the RCPT TO +command, and both support the same features. +.PP +This feature is available in Postfix 3.6 and later. +.SH smtpd_relay_restrictions (default: permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) +Access restrictions for mail relay control that the Postfix +SMTP server applies in the context of the RCPT TO command, before +smtpd_recipient_restrictions. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +With Postfix versions before 2.10, the rules for relay permission +and spam blocking were combined under smtpd_recipient_restrictions, +resulting in error\-prone configuration. As of Postfix 2.10, relay +permission rules are preferably implemented with smtpd_relay_restrictions, +so that a permissive spam blocking policy under +smtpd_recipient_restrictions will no longer result in a permissive +mail relay policy. +.PP +For backwards compatibility, sites that migrate from Postfix +versions before 2.10 can set smtpd_relay_restrictions to the empty +value, and use smtpd_recipient_restrictions exactly as before. +.PP +By default, the Postfix SMTP server accepts: +.IP \(bu +Mail from clients whose IP address matches $mynetworks, or: +.IP \(bu +Mail from clients who are SASL authenticated, or: +.IP \(bu +Mail to remote destinations that match $relay_domains, except +for addresses that contain sender\-specified routing +(user@elsewhere@domain), or: +.IP \(bu +Mail to local destinations that match $inet_interfaces +or $proxy_interfaces, $mydestination, $virtual_alias_domains, or +$virtual_mailbox_domains. +.br +.PP +IMPORTANT: Either the smtpd_relay_restrictions or the +smtpd_recipient_restrictions parameter must specify +at least one of the following restrictions. Otherwise Postfix will +refuse to receive mail: +.sp +.in +4 +.nf +.na +.ft C +reject, reject_unauth_destination +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +defer, defer_if_permit, defer_unauth_destination +.fi +.ad +.ft R +.in -4 +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +The same restrictions are available as documented under +smtpd_recipient_restrictions. +.PP +This feature is available in Postix 2.10 and later. +.SH smtpd_restriction_classes (default: empty) +User\-defined aliases for groups of access restrictions. The aliases +can be specified in smtpd_recipient_restrictions etc., and on the +right\-hand side of a Postfix \fBaccess\fR(5) table. +.PP +One major application is for implementing per\-recipient UCE control. +See the RESTRICTION_CLASS_README document for other examples. +.SH smtpd_sasl_application_name (default: smtpd) +The application name that the Postfix SMTP server uses for SASL +server initialization. This +controls the name of the SASL configuration file. The default value +is \fBsmtpd\fR, corresponding to a SASL configuration file named +\fBsmtpd.conf\fR. +.PP +This feature is available in Postfix 2.1 and 2.2. With Postfix 2.3 +it was renamed to smtpd_sasl_path. +.SH smtpd_sasl_auth_enable (default: no) +Enable SASL authentication in the Postfix SMTP server. By default, +the Postfix SMTP server does not use authentication. +.PP +If a remote SMTP client is authenticated, the permit_sasl_authenticated +access restriction can be used to permit relay access, like this: +.sp +.in +4 +.nf +.na +.ft C +# With Postfix 2.10 and later, the mail relay policy is +# preferably specified under smtpd_relay_restrictions. +smtpd_relay_restrictions = + permit_mynetworks, permit_sasl_authenticated, ... +.fi +.ad +.ft R +.PP +.nf +.na +.ft C +# With Postfix before 2.10, the relay policy can be +# specified only under smtpd_recipient_restrictions. +smtpd_recipient_restrictions = + permit_mynetworks, permit_sasl_authenticated, ... +.fi +.ad +.ft R +.in -4 +.PP +To reject all SMTP connections from unauthenticated clients, +specify "smtpd_delay_reject = yes" (which is the default) and use: +.sp +.in +4 +.nf +.na +.ft C +smtpd_client_restrictions = permit_sasl_authenticated, reject +.fi +.ad +.ft R +.in -4 +.PP +See the SASL_README file for SASL configuration and operation details. +.SH smtpd_sasl_authenticated_header (default: no) +Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received +message header. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_sasl_exceptions_networks (default: empty) +What remote SMTP clients the Postfix SMTP server will not offer +AUTH support to. +.PP +Some clients (Netscape 4 at least) have a bug that causes them to +require a login and password whenever AUTH is offered, whether it's +necessary or not. To work around this, specify, for example, +$mynetworks to prevent Postfix from offering AUTH to local clients. +.PP +Specify a list of network/netmask patterns, separated by commas +and/or whitespace. The mask specifies the number of bits in the +network part of a host address. You can also specify "/file/name" or +"type:table" patterns. A "/file/name" pattern is replaced by its +contents; a "type:table" lookup table is matched when a table entry +matches a lookup string (the lookup result is ignored). Continue +long lines by starting the next line with whitespace. Specify +"!pattern" to exclude an address or network block from the list. +The form "!/file/name" is supported only in Postfix version 2.4 and +later. +.PP +Note: IP version 6 address information must be specified inside +[] in the smtpd_sasl_exceptions_networks value, and in +files specified with "/file/name". IP version 6 addresses contain +the ":" character, and would otherwise be confused with a "type:table" +pattern. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_sasl_exceptions_networks = $mynetworks +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.1 and later. +.SH smtpd_sasl_local_domain (default: empty) +The name of the Postfix SMTP server's local SASL authentication +realm. +.PP +By default, the local authentication realm name is the null string. +.PP +Examples: +.PP +.nf +.na +.ft C +smtpd_sasl_local_domain = $mydomain +smtpd_sasl_local_domain = $myhostname +.fi +.ad +.ft R +.SH smtpd_sasl_mechanism_filter (default: !external, static:rest) +If non\-empty, a filter for the SASL mechanism names that the +Postfix SMTP server will announce in the EHLO response. By default, +the Postfix SMTP server will not announce the EXTERNAL mechanism, +because Postfix support for that is not implemented. +.PP +Specify mechanism names, "/file/name" patterns, or "type:table" +lookup tables, separated by comma or whitespace. The right\-hand +side result from "type:table" lookups is ignored. Specify "!pattern" +to exclude a mechanism name from the list. +.PP +Examples: +.PP +.nf +.na +.ft C +smtpd_sasl_mechanism_filter = !external, !gssapi, static:rest +smtpd_sasl_mechanism_filter = login, plain +smtpd_sasl_mechanism_filter = /etc/postfix/smtpd_mechs +.fi +.ad +.ft R +.PP +This feature is available in Postfix 3.6 and later. +.SH smtpd_sasl_path (default: smtpd) +Implementation\-specific information that the Postfix SMTP server +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtpd_sasl_type\fR. Typically this specifies the name of a +configuration file or rendezvous point. +.PP +This feature is available in Postfix 2.3 and later. In earlier +releases it was called \fBsmtpd_sasl_application_name\fR. +.SH smtpd_sasl_response_limit (default: 12288) +The maximum length of a SASL client's response to a server challenge. +When the client's "initial response" is longer than the normal limit for +SMTP commands, the client must omit its initial response, and wait for an +empty server challenge; it can then send what would have been its "initial +response" as a response to the empty server challenge. RFC4954 requires the +server to accept client responses up to at least 12288 octets of +base64\-encoded text. The default value is therefore also the minimum value +accepted for this parameter. +.PP +This feature is available in Postfix 3.4 and later. Prior versions use +"line_length_limit", which may need to be raised to accommodate larger client +responses, as may be needed with GSSAPI authentication of Windows AD users +who are members of many groups. +.SH smtpd_sasl_security_options (default: noanonymous) +Postfix SMTP server SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL server implementation that is selected +with \fBsmtpd_sasl_type\fR. +.PP +The following security features are defined for the \fBcyrus\fR +server SASL implementation: +.PP +Restrict what authentication mechanisms the Postfix SMTP server +will offer to the client. The list of available authentication +mechanisms is system dependent. +.PP +Specify zero or more of the following: +.IP "\fBnoplaintext\fR" +Disallow methods that use plaintext passwords. +.br +.IP "\fBnoactive\fR" +Disallow methods subject to active (non\-dictionary) attack. +.br +.IP "\fBnodictionary\fR" +Disallow methods subject to passive (dictionary) attack. +.br +.IP "\fBnoanonymous\fR" +Disallow methods that allow anonymous authentication. +.br +.IP "\fBforward_secrecy\fR" +Only allow methods that support forward secrecy (Dovecot only). +.br +.IP "\fBmutual_auth\fR" +Only allow methods that provide mutual authentication (not available +with Cyrus SASL version 1). +.br +.br +.PP +By default, the Postfix SMTP server accepts plaintext passwords but +not anonymous logins. +.PP +Warning: it appears that clients try authentication methods in the +order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM\-MD5) +which means that if you disable plaintext passwords, clients will +log in anonymously, even when they should be able to use CRAM\-MD5. +So, if you disable plaintext logins, disable anonymous logins too. +Postfix treats anonymous login as no authentication. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_sasl_security_options = noanonymous, noplaintext +.fi +.ad +.ft R +.SH smtpd_sasl_service (default: smtp) +The service name that is passed to the SASL plug\-in that is +selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. +.PP +This feature is available in Postfix 2.11 and later. Prior +versions behave as if "\fBsmtp\fR" is specified. +.SH smtpd_sasl_tls_security_options (default: $smtpd_sasl_security_options) +The SASL authentication security options that the Postfix SMTP +server uses for TLS encrypted SMTP sessions. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_sasl_type (default: cyrus) +The SASL plug\-in type that the Postfix SMTP server should use +for authentication. The available types are listed with the +"\fBpostconf \-a\fR" command. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_sender_login_maps (default: empty) +Optional lookup table with the SASL login names that own the sender +(MAIL FROM) addresses. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. With lookups from +indexed files such as DB or DBM, or from networked tables such as +NIS, LDAP or SQL, the following search operations are done with a +sender address of \fIuser@domain\fR: +.IP "1) \fIuser@domain\fR" +This table lookup is always done and has the highest precedence. +.br +.IP "2) \fIuser\fR" +This table lookup is done only when the \fIdomain\fR part of the +sender address matches $myorigin, $mydestination, $inet_interfaces +or $proxy_interfaces. +.br +.IP "3) \fI@domain\fR" +This table lookup is done last and has the lowest precedence. +.br +.br +.PP +In all cases the result of table lookup must be either "not found" +or a list of SASL login names separated by comma and/or whitespace. +.SH smtpd_sender_restrictions (default: empty) +Optional restrictions that the Postfix SMTP server applies in the +context of a client MAIL FROM command. +See SMTPD_ACCESS_README, section "Delayed evaluation of SMTP access +restriction lists" for a discussion of evaluation context and time. +.PP +The default is to permit everything. +.PP +Specify a list of restrictions, separated by commas and/or whitespace. +Continue long lines by starting the next line with whitespace. +Restrictions are applied in the order as specified; the first +restriction that matches wins. +.PP +The following restrictions are specific to the sender address +received with the MAIL FROM command. +.IP "\fBcheck_sender_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MAIL FROM +address, domain, parent domains, or localpart@, and execute the +corresponding action. +.br +.IP "\fBcheck_sender_a_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the IP addresses for +the MAIL FROM domain, and execute the corresponding action. Note: +a result of "OK" is not allowed for safety reasons. Instead, use +DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 3.0 and later. +.br +.IP "\fBcheck_sender_mx_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the MX hosts for +the MAIL FROM domain, and execute the corresponding action. If no +MX record is found, look up A or AAAA records, just like the Postfix +SMTP client would. Note: +a result of "OK" is not allowed for safety reasons. Instead, use +DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBcheck_sender_ns_access \fItype:table\fR\fR" +Search the specified \fBaccess\fR(5) database for the DNS servers +for the MAIL FROM domain, and execute the corresponding action. +Note: a result of "OK" is not allowed for safety reasons. Instead, +use DUNNO in order to exclude specific hosts from denylists. This +feature is available in Postfix 2.1 and later. +.br +.IP "\fBreject_authenticated_sender_login_mismatch\fR" +Enforces the reject_sender_login_mismatch restriction for +authenticated clients only. This feature is available in +Postfix version 2.1 and later. +.br +.IP "\fBreject_known_sender_login_mismatch\fR" +Apply the reject_sender_login_mismatch restriction only to MAIL +FROM addresses that are known in $smtpd_sender_login_maps. This +feature is available in Postfix version 2.11 and later. +.br +.IP "\fBreject_non_fqdn_sender\fR" +Reject the request when the MAIL FROM address specifies a +domain that is not in +fully\-qualified domain form as required by the RFC. +.br +The +non_fqdn_reject_code parameter specifies the response code for +rejected requests (default: 504). +.br +.IP "\fBreject_rhsbl_sender \fIrbl_domain=d.d.d.d\fR\fR" +Reject the request when the MAIL FROM domain is listed with +the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR (Postfix +version 2.1 and later only). Each "\fId\fR" is a number, or a +pattern inside "[]" that contains one or more ";"\-separated numbers +or number..number ranges (Postfix version 2.8 and later). If no +"\fI=d.d.d.d\fR" is specified, +reject the request when the MAIL FROM domain is +listed with any A record under \fIrbl_domain\fR. +.br +The +maps_rbl_reject_code parameter specifies the response code for +rejected requests (default: 554); the default_rbl_reply parameter +specifies the default server reply; and the rbl_reply_maps parameter +specifies tables with server replies indexed by \fIrbl_domain\fR. +This feature is available in Postfix 2.0 and later. +.br +.IP "\fBreject_sender_login_mismatch\fR" +Reject the request when $smtpd_sender_login_maps specifies an +owner for the MAIL FROM address, but the client is not (SASL) logged +in as that MAIL FROM address owner; or when the client is (SASL) +logged in, but the client login name doesn't own the MAIL FROM +address according to $smtpd_sender_login_maps. +.br +.IP "\fBreject_unauthenticated_sender_login_mismatch\fR" +Enforces the reject_sender_login_mismatch restriction for +unauthenticated clients only. This feature is available in +Postfix version 2.1 and later. +.br +.IP "\fBreject_unknown_sender_domain\fR" +Reject the request when Postfix is not the final destination for +the sender address, and the MAIL FROM domain has 1) no DNS MX and +no DNS A +record, or 2) a malformed MX record such as a record with +a zero\-length MX hostname (Postfix version 2.3 and later). +.br +The +reply is specified with the unknown_address_reject_code parameter +(default: 450), unknown_address_tempfail_action (default: +defer_if_permit), or 550 (nullmx, Postfix 3.0 and +later). See the respective parameter descriptions for details. +.br +.IP "\fBreject_unlisted_sender\fR" +Reject the request when the MAIL FROM address is not listed in +the list of valid recipients for its domain class. See the +smtpd_reject_unlisted_sender parameter description for details. +This feature is available in Postfix 2.1 and later. +.br +.IP "\fBreject_unverified_sender\fR" +Reject the request when mail to the MAIL FROM address is known to +bounce, or when the sender address destination is not reachable. +Address verification information is managed by the \fBverify\fR(8) server; +see the ADDRESS_VERIFICATION_README file for details. +.br +The +unverified_sender_reject_code parameter specifies the numerical +response code when an address is known to bounce (default: 450, +change into 550 when you are confident that it is safe to do so). +.br +The unverified_sender_defer_code specifies the numerical response +code when an address probe failed due to a temporary problem +(default: 450). +.br +The unverified_sender_tempfail_action parameter +specifies the action after address probe failure due to a temporary +problem (default: defer_if_permit). +.br +This feature breaks for +aliased addresses with "enable_original_recipient = no" (Postfix +<= 3.2). +.br +This feature is available in Postfix 2.1 and later. +.br +.br +.PP +Other restrictions that are valid in this context: +.IP \(bu +Generic restrictions that can be used +in any SMTP command context, described under smtpd_client_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_client_restrictions and smtpd_helo_restrictions. +.IP \(bu +SMTP command specific restrictions described under +smtpd_recipient_restrictions. When recipient restrictions are listed +under smtpd_sender_restrictions, they have effect only with +"smtpd_delay_reject = yes", so that $smtpd_sender_restrictions is +evaluated at the time of the RCPT TO command. +.br +.PP +Examples: +.PP +.nf +.na +.ft C +smtpd_sender_restrictions = reject_unknown_sender_domain +smtpd_sender_restrictions = reject_unknown_sender_domain, + check_sender_access hash:/etc/postfix/access +.fi +.ad +.ft R +.SH smtpd_service_name (default: smtpd) +The internal service that \fBpostscreen\fR(8) hands off allowed +connections to. In a future version there may be different +classes of SMTP service. +.PP +This feature is available in Postfix 2.8. +.SH smtpd_soft_error_limit (default: 10) +The number of errors a remote SMTP client is allowed to make without +delivering mail before the Postfix SMTP server slows down all its +responses. +.IP \(bu +With Postfix version 2.1 and later, when the error count +is > $smtpd_soft_error_limit, the Postfix SMTP server +delays all responses by $smtpd_error_sleep_time. +.IP \(bu +With Postfix versions 2.0 and earlier, when the error count +is > $smtpd_soft_error_limit, the Postfix SMTP server delays all +responses by the larger of (number of errors) seconds or +$smtpd_error_sleep_time. +.IP \(bu +With Postfix versions 2.0 and earlier, when the error count +is <= $smtpd_soft_error_limit, the Postfix SMTP server delays 4XX +and 5XX responses by $smtpd_error_sleep_time. +.br +.SH smtpd_starttls_timeout (default: see "postconf \-d" output) +The time limit for Postfix SMTP server write and read operations +during TLS startup and shutdown handshake procedures. The current +default value is stress\-dependent. Before Postfix version 2.8, it +was fixed at 300s. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_timeout (default: normal: 300s, overload: 10s) +When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. See the smtpd_per_request_deadline for how +this time limit may be enforced (with Postfix 2.9\-3.6 see +smtpd_per_record_deadline). +.PP +Normally the default limit +is 300s, but it changes under overload to just 10s. With Postfix +2.5 and earlier, the SMTP server always uses a time limit of 300s +by default. +.PP +Note: if you set SMTP time limits to very large values you may have +to update the global ipc_timeout parameter. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH smtpd_tls_CAfile (default: empty) +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. These are loaded into memory before the \fBsmtpd\fR(8) server +enters the chroot jail. If the number of trusted roots is large, consider +using smtpd_tls_CApath instead, but note that the latter directory must +be present in the chroot jail if the \fBsmtpd\fR(8) server is chrooted. This +file may also be used to augment the server certificate trust chain, +but it is best to include all the required certificates directly in the +server certificate file. +.PP +Specify "smtpd_tls_CAfile = /path/to/system_CA_file" to use ONLY +the system\-supplied default Certification Authority certificates. +.PP +Specify "tls_append_default_CA = no" to prevent Postfix from +appending the system\-supplied default CAs and trusting third\-party +certificates. +.PP +By default (see smtpd_tls_ask_ccert), client certificates are not +requested, and smtpd_tls_CAfile should remain empty. If you do make use +of client certificates, the distinguished names (DNs) of the Certification +Authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +in the client certificate request message. MUAs with multiple client +certificates may use the list of preferred Certification Authorities +to select the correct client certificate. You may want to put your +"preferred" CA or CAs in this file, and install other trusted CAs in +$smtpd_tls_CApath. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_CAfile = /etc/postfix/CAcert.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_CApath (default: empty) +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. Do not forget to create the necessary "hash" links with, +for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use +smtpd_tls_CApath in chroot mode, this directory (or a copy) must be +inside the chroot jail. +.PP +Specify "smtpd_tls_CApath = /path/to/system_CA_directory" to +use ONLY the system\-supplied default Certification Authority certificates. +.PP +Specify "tls_append_default_CA = no" to prevent Postfix from +appending the system\-supplied default CAs and trusting third\-party +certificates. +.PP +By default (see smtpd_tls_ask_ccert), client certificates are +not requested, and smtpd_tls_CApath should remain empty. In contrast +to smtpd_tls_CAfile, DNs of Certification Authorities installed +in $smtpd_tls_CApath are not included in the client certificate +request message. MUAs with multiple client certificates may use the +list of preferred Certification Authorities to select the correct +client certificate. You may want to put your "preferred" CA or +CAs in $smtpd_tls_CAfile, and install the remaining trusted CAs in +$smtpd_tls_CApath. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_CApath = /etc/postfix/certs +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_always_issue_session_ids (default: yes) +Force the Postfix SMTP server to issue a TLS session id, even +when TLS session caching is turned off (smtpd_tls_session_cache_database +is empty). This behavior is compatible with Postfix < 2.3. +.PP +With Postfix 2.3 and later the Postfix SMTP server can disable +session id generation when TLS session caching is turned off. This +keeps remote SMTP clients from caching sessions that almost certainly cannot +be re\-used. +.PP +By default, the Postfix SMTP server always generates TLS session +ids. This works around a known defect in mail client applications +such as MS Outlook, and may also prevent interoperability issues +with other MTAs. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_always_issue_session_ids = no +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_ask_ccert (default: no) +Ask a remote SMTP client for a client certificate. This +information is needed for certificate based mail relaying with, +for example, the permit_tls_clientcerts feature. +.PP +Some clients such as Netscape will either complain if no +certificate is available (for the list of CAs in $smtpd_tls_CAfile) +or will offer multiple client certificates to choose from. This +may be annoying, so this option is "off" by default. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_auth_only (default: no) +When TLS encryption is optional in the Postfix SMTP server, do +not announce or accept SASL authentication over unencrypted +connections. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_ccert_verifydepth (default: 9) +The verification depth for remote SMTP client certificates. A +depth of 1 is sufficient if the issuing CA is listed in a local CA +file. +.PP +The default verification depth is 9 (the OpenSSL default) for +compatibility with earlier Postfix behavior. Prior to Postfix 2.5, +the default value was 5, but the limit was not actually enforced. If +you have set this to a lower non\-default value, certificates with longer +trust chains may now fail to verify. Certificate chains with 1 or 2 +CAs are common, deeper chains are more rare and any number between 5 +and 9 should suffice in practice. You can choose a lower number if, +for example, you trust certificates directly signed by an issuing CA +but not any CAs it delegates to. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_cert_file (default: empty) +File with the Postfix SMTP server RSA certificate in PEM format. +This file may also contain the Postfix SMTP server private RSA key. +With Postfix >= 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter. +.PP +Public Internet MX hosts without certificates signed by a "reputable" +CA must generate, and be prepared to present to most clients, a +self\-signed or private\-CA signed certificate. The client will not be +able to authenticate the server, but unless it is running Postfix 2.3 or +similar software, it will still insist on a server certificate. +.PP +For servers that are \fBnot\fR public Internet MX hosts, Postfix +supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate\-less Postfix SMTP server will be unable +to receive email from some TLS\-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate\-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates. +.PP +Note that server certificates are not optional in TLS 1.3. To run +without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate\-less operation is not +recommended. +.PP +Both RSA and DSA certificates are supported. When both types +are present, the cipher used determines which certificate will be +presented to the client. For Netscape and OpenSSL clients without +special cipher choices the RSA certificate is preferred. +.PP +To enable a remote SMTP client to verify the Postfix SMTP server +certificate, the issuing CA certificates must be made available to the +client. You should include the required certificates in the server +certificate file, the server certificate first, then the issuing +CA(s) (bottom\-up order). +.PP +Example: the certificate for "server.example.com" was issued by +"intermediate CA" which itself has a certificate of "root CA". +Create the server.pem file with "cat server_cert.pem intermediate_CA.pem +root_CA.pem > server.pem". +.PP +If you also want to verify client certificates issued by these +CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which +case it is not necessary to have them in the smtpd_tls_cert_file, +smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file. +.PP +A certificate supplied here must be usable as an SSL server certificate +and hence pass the "openssl verify \-purpose sslserver ..." test. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_cert_file = /etc/postfix/server.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_chain_files (default: empty) +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm\-specific key and certificate file settings. When this +parameter is non\-empty, the legacy parameters are ignored, and a warning +is logged if any are also non\-empty. +.PP +With the proliferation of multiple private key algorithms-which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448-it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. +.PP +Each key must appear \fBimmediately before\fR the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: \fIkey1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR +.PP +Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key. +.PP +The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or a configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve. +.PP +RSA is still the most widely supported algorithm. Presently (late +2018), ECDSA support is common, but not yet universal, and Ed25519 and +Ed448 support is mostly absent. Therefore, an RSA key should generally +be configured, along with any additional keys for the other algorithms +when desired. +.PP +Example (separate files for each key and corresponding certificate chain): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_tls_chain_files = + ${config_directory}/ed25519.pem, + ${config_directory}/ed448.pem, + ${config_directory}/rsa.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed25519.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed448.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/rsa.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +Example (all keys and certificates in a single file): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_tls_chain_files = ${config_directory}/chains.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/chains.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.4 and later. +.SH smtpd_tls_cipherlist (default: empty) +Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS +cipher list. It is easy to create interoperability problems by choosing +a non\-default cipher list. Do not use a non\-default TLS cipherlist for +MX hosts on the public Internet. Clients that begin the TLS handshake, +but are unable to agree on a common cipher, may not be able to send any +email to the SMTP server. Using a restricted cipher list may be more +appropriate for a dedicated MSA or an internal mailhub, where one can +exert some control over the TLS software and settings of the connecting +clients. +.PP +\fBNote:\fR do not use "" quotes around the parameter value. +.PP +This feature is available with Postfix version 2.2. It is not used with +Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. +.SH smtpd_tls_ciphers (default: medium) +The minimum TLS cipher grade that the Postfix SMTP server +will use with opportunistic TLS encryption. Cipher types listed in +smtpd_tls_exclude_ciphers are excluded from the base definition of +the selected cipher grade. The default value is "medium" for Postfix +releases after the middle of 2015, "export" for older releases. +.PP +When TLS is mandatory the cipher grade is chosen via the +smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax +details. +.PP +This feature is available in Postfix 2.6 and later. With earlier Postfix +releases only the smtpd_tls_mandatory_ciphers parameter is implemented, +and opportunistic TLS always uses "export" or better (i.e. all) ciphers. +.SH smtpd_tls_dcert_file (default: empty) +File with the Postfix SMTP server DSA certificate in PEM format. +This file may also contain the Postfix SMTP server private DSA key. +The DSA algorithm is obsolete and should not be used. +.PP +See the discussion under smtpd_tls_cert_file for more details. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_dcert_file = /etc/postfix/server\-dsa.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_dh1024_param_file (default: empty) +File with DH parameters that the Postfix SMTP server should +use with non\-export EDH ciphers. +.PP +With Postfix >= 3.7, built with OpenSSL version is 3.0.0 or later, if the +parameter value is either empty or "\fBauto\fR", then the DH parameter +selection is delegated to the OpenSSL library, which selects appropriate +parameters based on the TLS handshake. This choice is likely to be the most +interoperable with SMTP clients using various TLS libraries, and custom local +parameters are no longer recommended when using Postfix >= 3.7 built against +OpenSSL 3.0.0. +.PP +The best\-practice choice of parameters uses a 2048\-bit prime. This is fine, +despite the historical "1024" in the parameter name. Do not be tempted to use +much larger values, performance degrades quickly, and you may also cease to +interoperate with some mainstream SMTP clients. As of Postfix 3.1, the +compiled\-in default prime is 2048\-bits, and it is not strictly necessary, +though perhaps somewhat beneficial to generate custom DH parameters. +.PP +Instead of using the exact same parameter sets as distributed +with other TLS packages, it is more secure to generate your own +set of parameters with something like the following commands: +.sp +.in +4 +.nf +.na +.ft C +openssl dhparam \-out /etc/postfix/dh2048.pem 2048 +openssl dhparam \-out /etc/postfix/dh1024.pem 1024 +# As of Postfix 3.6, export\-grade 512\-bit DH parameters are no longer +# supported or needed. +openssl dhparam \-out /etc/postfix/dh512.pem 512 +.fi +.ad +.ft R +.in -4 +.PP +It is safe to share the same DH parameters between multiple +Postfix instances. If you prefer, you can generate separate +parameters for each instance. +.PP +If you want to take maximal advantage of ciphers that offer forward secrecy see +the Getting +started section of FORWARD_SECRECY_README. The +full document conveniently presents all information about Postfix +"perfect" forward secrecy support in one place: what forward secrecy +is, how to tweak settings, and what you can expect to see when +Postfix uses ciphers with forward secrecy. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_dh512_param_file (default: empty) +File with DH parameters that the Postfix SMTP server should +use with export\-grade EDH ciphers. The default SMTP server cipher +grade is "medium" with Postfix releases after the middle of 2015, +and as a result export\-grade cipher suites are by default not used. +.PP +With Postfix >= 3.6 export\-grade Diffie\-Hellman key exchange +is no longer supported, and this parameter is silently ignored. +.PP +See also the discussion under the smtpd_tls_dh1024_param_file +configuration parameter. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later, +but is ignored in Postfix 3.6 and later. +.SH smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file) +File with the Postfix SMTP server DSA private key in PEM format. +This file may be combined with the Postfix SMTP server DSA certificate +file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete +and should not be used. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_eccert_file (default: empty) +File with the Postfix SMTP server ECDSA certificate in PEM format. +This file may also contain the Postfix SMTP server private ECDSA key. +With Postfix >= 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter. +.PP +See the discussion under smtpd_tls_cert_file for more details. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_eccert_file = /etc/postfix/ecdsa\-scert.pem +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file) +File with the Postfix SMTP server ECDSA private key in PEM format. +This file may be combined with the Postfix SMTP server ECDSA certificate +file specified with $smtpd_tls_eccert_file. With Postfix >= 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.PP +This feature is available in Postfix 2.6 and later, when Postfix is +compiled and linked with OpenSSL 1.0.0 or later. +.SH smtpd_tls_eecdh_grade (default: see "postconf \-d" output) +The Postfix SMTP server security grade for ephemeral elliptic\-curve +Diffie\-Hellman (EECDH) key exchange. As of Postfix 3.6, the value of +this parameter is always ignored, and Postfix behaves as though the +\fBauto\fR value (described below) was chosen. +.PP +The available choices are: +.IP "\fBauto\fR" +Use the most preferred curve that is +supported by both the client and the server. This setting requires +Postfix >= 3.2 compiled and linked with OpenSSL >= 1.0.2. This +is the default setting under the above conditions (and the only +setting used with Postfix >= 3.6). +.br +.IP "\fBnone\fR" +Don't use EECDH. Ciphers based on EECDH key +exchange will be disabled. This is the default in Postfix versions +2.6 and 2.7. +.br +.IP "\fBstrong\fR" +Use EECDH with approximately 128 bits of +security at a reasonable computational cost. This is the default in +Postfix versions 2.8-3.5. +.br +.IP "\fBultra\fR" +Use EECDH with approximately 192 bits of +security at computational cost that is approximately twice as high +as 128 bit strength ECC. +.br +.br +.PP +If you want to take maximal advantage of ciphers that offer forward secrecy see +the Getting +started section of FORWARD_SECRECY_README. The +full document conveniently presents all information about Postfix +"perfect" forward secrecy support in one place: what forward secrecy +is, how to tweak settings, and what you can expect to see when +Postfix uses ciphers with forward secrecy. +.PP +This feature is available in Postfix 2.6 and later, when it is +compiled and linked with OpenSSL 1.0.0 or later on platforms +where EC algorithms have not been disabled by the vendor. +.SH smtpd_tls_exclude_ciphers (default: empty) +List of ciphers or cipher types to exclude from the SMTP server +cipher list at all TLS security levels. Excluding valid ciphers +can create interoperability problems. DO NOT exclude ciphers unless it +is essential to do so. This is not an OpenSSL cipherlist; it is a simple +list separated by whitespace and/or commas. The elements are a single +cipher, or one or more "+" separated cipher properties, in which case +only ciphers matching \fBall\fR the properties are excluded. +.PP +Examples (some of these will cause problems): +.sp +.in +4 +.nf +.na +.ft C +smtpd_tls_exclude_ciphers = aNULL +smtpd_tls_exclude_ciphers = MD5, DES +smtpd_tls_exclude_ciphers = DES+MD5 +smtpd_tls_exclude_ciphers = AES256\-SHA, DES\-CBC3\-MD5 +smtpd_tls_exclude_ciphers = kEDH+aRSA +.fi +.ad +.ft R +.in -4 +.PP +The first setting disables anonymous ciphers. The next setting +disables ciphers that use the MD5 digest algorithm or the (single) DES +encryption algorithm. The next setting disables ciphers that use MD5 and +DES together. The next setting disables the two ciphers "AES256\-SHA" +and "DES\-CBC3\-MD5". The last setting disables ciphers that use "EDH" +key exchange with RSA authentication. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_fingerprint_digest (default: see "postconf \-d" output) +The message digest algorithm to construct remote SMTP client\-certificate +fingerprints or public key fingerprints (Postfix 2.9 and later) for +\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR. +.PP +The default algorithm is \fBsha256\fR with Postfix >= 3.6 +and the \fBcompatibility_level\fR set to 3.6 or higher. With Postfix +<= 3.5, the default algorithm is \fBmd5\fR. +.PP +The best\-practice algorithm is now \fBsha256\fR. Recent advances in hash +function cryptanalysis have led to md5 and sha1 being deprecated in favor of +sha256. However, as long as there are no known "second pre\-image" attacks +against the older algorithms, their use in this context, though not +recommended, is still likely safe. +.PP +While additional digest algorithms are often available with OpenSSL's +libcrypto, only those used by libssl in SSL cipher suites are available to +Postfix. You'll likely find support for md5, sha1, sha256 and sha512. +.PP +To find the fingerprint of a specific certificate file, with a +specific digest algorithm, run: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-noout \-fingerprint \-\fIdigest\fR \-in \fIcertfile\fR.pem +.fi +.ad +.ft R +.in -4 +.PP +The text to the right of "=" sign is the desired fingerprint. +For example: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-noout \-fingerprint \-sha256 \-in cert.pem +SHA256 Fingerprint=D4:6A:AB:19:24:...:A6:CB:66:82:C0:8E:9B:EE:29:A8:1A +.fi +.ad +.ft R +.in -4 +.PP +To extract the public key fingerprint from an X.509 certificate, +you need to extract the public key from the certificate and compute +the appropriate digest of its DER (ASN.1) encoding. With OpenSSL +the "\-pubkey" option of the "x509" command extracts the public +key always in "PEM" format. We pipe the result to another OpenSSL +command that converts the key to DER and then to the "dgst" command +to compute the fingerprint. +.PP +Example: +.sp +.in +4 +.nf +.na +.ft C +$ openssl x509 \-in cert.pem \-noout \-pubkey | + openssl pkey \-pubin \-outform DER | + openssl dgst \-sha256 \-c +(stdin)= 64:3f:1f:f6:e5:1e:d4:2a:56:8b:fc:09:1a:61:98:b5:bc:7c:60:58 +.fi +.ad +.ft R +.in -4 +.PP +The Postfix SMTP server and client log the peer (leaf) certificate +fingerprint and public key fingerprint when the TLS loglevel is 2 or +higher. +.PP +Example: client\-certificate access table, with sha256 fingerprints: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_tls_fingerprint_digest = sha256 + smtpd_client_restrictions = + check_ccert_access hash:/etc/postfix/access, + reject +.fi +.ad +.ft R +.nf +.na +.ft C +/etc/postfix/access: + # Action folded to next line... + AF:88:7C:AD:51:95:6F:36:96:...:01:FB:2E:48:CD:AB:49:25:A2:3B + OK + 85:16:78:FD:73:6E:CE:70:E0:...:5F:0D:3C:C8:6D:C4:2C:24:59:E1 + permit_auth_destination +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 2.5 and later. +.SH smtpd_tls_key_file (default: $smtpd_tls_cert_file) +File with the Postfix SMTP server RSA private key in PEM format. +This file may be combined with the Postfix SMTP server RSA certificate +file specified with $smtpd_tls_cert_file. With Postfix >= 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter. +.PP +The private key must be accessible without a pass\-phrase, i.e. it +must not be encrypted. File permissions should grant read\-only +access to the system superuser account ("root"), and no access +to anyone else. +.SH smtpd_tls_loglevel (default: 0) +Enable additional Postfix SMTP server logging of TLS activity. +Each logging level also includes the information that is logged at +a lower logging level. +.IP "" +0 Disable logging of TLS activity. +.br +.IP "" +1 Log only a summary message on TLS handshake completion +- no logging of client certificate trust\-chain verification errors +if client certificate verification is not required. With Postfix 2.8 and +earlier, log the summary message, peer certificate summary information +and unconditionally log trust\-chain verification errors. +.br +.IP "" +2 Also log levels during TLS negotiation. +.br +.IP "" +3 Also log hexadecimal and ASCII dump of TLS negotiation +process. +.br +.IP "" +4 Also log hexadecimal and ASCII dump of complete +transmission after STARTTLS. +.br +.br +.PP +Do not use "smtpd_tls_loglevel = 2" or higher except in case +of problems. Use of loglevel 4 is strongly discouraged. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_mandatory_ciphers (default: medium) +The minimum TLS cipher grade that the Postfix SMTP server will +use with mandatory TLS encryption. The default grade ("medium") is +sufficiently strong that any benefit from globally restricting TLS +sessions to a more stringent grade is likely negligible, especially +given the fact that many implementations still do not offer any stronger +("high" grade) ciphers, while those that do, will always use "high" +grade ciphers. So insisting on "high" grade ciphers is generally +counter\-productive. Allowing "export" or "low" ciphers is typically +not a good idea, as systems limited to just these are limited to +obsolete browsers. No known SMTP clients fail to support at least +one "medium" or "high" grade cipher. +.PP +The following cipher grades are supported: +.IP "\fBexport\fR" +Enable "EXPORT" grade or stronger OpenSSL ciphers. The +underlying cipherlist is specified via the tls_export_cipherlist +configuration parameter, which you are strongly encouraged not to +change. This choice is insecure and SHOULD NOT be used. +.br +.IP "\fBlow\fR" +Enable "LOW" grade or stronger OpenSSL ciphers. The underlying +cipherlist is specified via the tls_low_cipherlist configuration +parameter, which you are strongly encouraged not to change. This +choice is insecure and SHOULD NOT be used. +.br +.IP "\fBmedium\fR" +Enable "MEDIUM" grade or stronger OpenSSL ciphers. These use 128\-bit +or longer symmetric bulk\-encryption keys. This is the default minimum +strength for mandatory TLS encryption. The underlying cipherlist is +specified via the tls_medium_cipherlist configuration parameter, which +you are strongly encouraged not to change. +.br +.IP "\fBhigh\fR" +Enable only "HIGH" grade OpenSSL ciphers. The +underlying cipherlist is specified via the tls_high_cipherlist +configuration parameter, which you are strongly encouraged to +not change. +.br +.IP "\fBnull\fR" +Enable only the "NULL" OpenSSL ciphers, these provide authentication +without encryption. This setting is only appropriate in the rare +case that all clients are prepared to use NULL ciphers (not normally +enabled in TLS clients). The underlying cipherlist is specified via the +tls_null_cipherlist configuration parameter, which you are strongly +encouraged not to change. +.br +.br +.PP +Cipher types listed in +smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are +excluded from the base definition of the selected cipher grade. See +smtpd_tls_ciphers for cipher controls that apply to opportunistic +TLS. +.PP +The underlying cipherlists for grades other than "null" include +anonymous ciphers, but these are automatically filtered out if the +server is configured to ask for remote SMTP client certificates. You are very +unlikely to need to take any steps to exclude anonymous ciphers, they +are excluded automatically as required. If you must exclude anonymous +ciphers even when Postfix does not need or use peer certificates, set +"smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers only +when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers = aNULL". +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_mandatory_exclude_ciphers (default: empty) +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP server cipher list at mandatory TLS security levels. +This list +works in addition to the exclusions listed with smtpd_tls_exclude_ciphers +(see there for syntax details). +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_mandatory_protocols (default: see "postconf \-d" output) +TLS protocols accepted by the Postfix SMTP server with mandatory TLS +encryption. If the list is empty, the server supports all available TLS +protocol versions. A non\-empty value is a list of protocol names to +include or exclude, separated by whitespace, commas or colons. +.PP +The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2", +"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with +Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as +the lowest supported TLS protocol version (see below). Older releases +use the "!" exclusion syntax, also described below. +.PP +As of Postfix 3.6, the preferred way to limit the range of +acceptable protocols is to set the lowest acceptable TLS protocol +version and/or the highest acceptable TLS protocol version. To set the +lower bound include an element of the form: ">=\fIversion\fR" where +\fIversion\fR is a either one of the TLS protocol names listed above, +or a hexadecimal number corresponding to the desired TLS protocol +version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper +bound, use "<=\fIversion\fR". There must be no whitespace between +the ">=" or "<=" symbols and the protocol name or number. +.PP +Hexadecimal protocol numbers make it possible to specify protocol +bounds for TLS versions that are known to OpenSSL, but might not be +known to Postfix. They cannot be used with the legacy exclusion syntax. +Leading "0" or "0x" prefixes are supported, but not required. +Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to +"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the +upper or lower bound, and a warning will be logged. Hexadecimal +versions should only be used when Postfix is linked with some future +version of OpenSSL that supports TLS 1.4 or later, but Postfix does not +yet support a symbolic name for that protocol version. +.PP +Hexadecimal example (Postfix >= 3.6): +.sp +.in +4 +.nf +.na +.ft C +# Allow only TLS 1.2 through (hypothetical) TLS 1.4, once supported +# in some future version of OpenSSL (presently a warning is logged). +smtpd_tls_mandatory_protocols = >=TLSv1.2, <=0305 +# Allow only TLS 1.2 and up: +smtpd_tls_mandatory_protocols = >=0x0303 +.fi +.ad +.ft R +.in -4 +.PP +With Postfix < 3.6 there is no support for a minimum or maximum +version, and the protocol range is configured via protocol exclusions. +To require at least TLS 1.0, set "smtpd_tls_mandatory_protocols = +!SSLv2, !SSLv3". Listing the protocols to include, rather than +protocols to exclude, is supported, but not recommended. The exclusion +form more accurately matches the underlying OpenSSL interface. +.PP +Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling +this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch +releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2). +.PP +Example: +.PP +.nf +.na +.ft C +# Preferred syntax with Postfix >= 3.6: +smtpd_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3 +# Legacy syntax: +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_protocols (default: see postconf \-d output) +TLS protocols accepted by the Postfix SMTP server with opportunistic +TLS encryption. If the list is empty, the server supports all available +TLS protocol versions. A non\-empty value is a list of protocol names to +include or exclude, separated by whitespace, commas or colons. +.PP +The valid protocol names (see \fBSSL_get_version\fR(3)) are "SSLv2", +"SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" and "TLSv1.3". Starting with +Postfix 3.6, the default value is ">=TLSv1", which sets TLS 1.0 as +the lowest supported TLS protocol version (see below). Older releases +use the "!" exclusion syntax, also described below. +.PP +As of Postfix 3.6, the preferred way to limit the range of +acceptable protocols is to set the lowest acceptable TLS protocol +version and/or the highest acceptable TLS protocol version. To set the +lower bound include an element of the form: ">=\fIversion\fR" where +\fIversion\fR is a either one of the TLS protocol names listed above, +or a hexadecimal number corresponding to the desired TLS protocol +version (0301 for TLS 1.0, 0302 for TLS 1.1, etc.). For the upper +bound, use "<=\fIversion\fR". There must be no whitespace between +the ">=" or "<=" symbols and the protocol name or number. +.PP +Hexadecimal protocol numbers make it possible to specify protocol +bounds for TLS versions that are known to OpenSSL, but might not be +known to Postfix. They cannot be used with the legacy exclusion syntax. +Leading "0" or "0x" prefixes are supported, but not required. +Therefore, "301", "0301", "0x301" and "0x0301" are all equivalent to +"TLSv1". Hexadecimal versions unknown to OpenSSL will fail to set the +upper or lower bound, and a warning will be logged. Hexadecimal +versions should only be used when Postfix is linked with some future +version of OpenSSL that supports TLS 1.4 or later, but Postfix does not +yet support a symbolic name for that protocol version. +.PP +Hexadecimal example (Postfix >= 3.6): +.sp +.in +4 +.nf +.na +.ft C +# Allow only TLS 1.0 through (hypothetical) TLS 1.4, once supported +# in some future version of OpenSSL (presently a warning is logged). +smtpd_tls_protocols = >=TLSv1, <=0305 +# Allow only TLS 1.0 and up: +smtpd_tls_protocols = >=0x0301 +.fi +.ad +.ft R +.in -4 +.PP +With Postfix < 3.6 there is no support for a minimum or maximum +version, and the protocol range is configured via protocol exclusions. +To require at least TLS 1.0, set "smtpd_tls_protocols = !SSLv2, !SSLv3". +Listing the protocols to include, rather than protocols to exclude, is +supported, but not recommended. The exclusion form more accurately +matches the underlying OpenSSL interface. +.PP +Support for "TLSv1.3" was introduced in OpenSSL 1.1.1. Disabling +this protocol via "!TLSv1.3" is supported since Postfix 3.4 (or patch +releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2). +.PP +Example: +.nf +.na +.ft C +# Preferred syntax with Postfix >= 3.6: +smtpd_tls_protocols = >=TLSv1, <=TLSv1.3 +# Legacy syntax: +smtpd_tls_protocols = !SSLv2, !SSLv3 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later. +.SH smtpd_tls_received_header (default: no) +Request that the Postfix SMTP server produces Received: message +headers that include information about the protocol and cipher used, +as well as the remote SMTP client CommonName and client certificate issuer +CommonName. This is disabled by default, as the information may +be modified in transit through other mail servers. Only information +that was recorded by the final destination can be trusted. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_req_ccert (default: no) +With mandatory TLS encryption, require a trusted remote SMTP client +certificate in order to allow TLS connections to proceed. This +option implies "smtpd_tls_ask_ccert = yes". +.PP +When TLS encryption is optional, this setting is ignored with +a warning written to the mail log. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_security_level (default: empty) +The SMTP TLS security level for the Postfix SMTP server; when +a non\-empty value is specified, this overrides the obsolete parameters +smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with +"smtpd_tls_wrappermode = yes". +.PP +Specify one of the following security levels: +.IP "\fBnone\fR" +TLS will not be used. +.br +.IP "\fBmay\fR" +Opportunistic TLS: announce STARTTLS support +to remote SMTP clients, but do not require that clients use TLS encryption. +.br +.IP "\fBencrypt\fR" +Mandatory TLS encryption: announce +STARTTLS support to remote SMTP clients, and require that clients use TLS +encryption. According to RFC 2487 this MUST NOT be applied in case +of a publicly\-referenced SMTP server. Instead, this option should +be used only on dedicated servers. +.br +.br +.PP +Note 1: the "fingerprint", "verify" and "secure" levels are not +supported here. +The Postfix SMTP server logs a warning and uses "encrypt" instead. +To verify remote SMTP client certificates, see TLS_README for a discussion +of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts +features. +.PP +Note 2: The parameter setting "smtpd_tls_security_level = +encrypt" implies "smtpd_tls_auth_only = yes". +.PP +Note 3: when invoked via "sendmail \-bs", Postfix will never +offer STARTTLS due to insufficient privileges to access the server +private key. This is intended behavior. +.PP +This feature is available in Postfix 2.3 and later. +.SH smtpd_tls_session_cache_database (default: empty) +Name of the file containing the optional Postfix SMTP server +TLS session cache. Specify a database type that supports enumeration, +such as \fBbtree\fR or \fBsdbm\fR; there is no need to support +concurrent access. The file is created if it does not exist. The \fBsmtpd\fR(8) +daemon does not use this parameter directly, rather the cache is +implemented indirectly in the \fBtlsmgr\fR(8) daemon. This means that +per\-smtpd\-instance master.cf overrides of this parameter are not +effective. Note that each of the cache databases supported by \fBtlsmgr\fR(8) +daemon: $smtpd_tls_session_cache_database, $smtp_tls_session_cache_database +(and with Postfix 2.3 and later $lmtp_tls_session_cache_database), needs to be +stored separately. It is not at this time possible to store multiple +caches in a single database. +.PP +Note: \fBdbm\fR databases are not suitable. TLS +session objects are too large. +.PP +As of version 2.5, Postfix no longer uses root privileges when +opening this file. The file should now be stored under the Postfix\-owned +data_directory. As a migration aid, an attempt to open the file +under a non\-Postfix directory is redirected to the Postfix\-owned +data_directory, and a warning is logged. +.PP +As of Postfix 2.11 the preferred mechanism for session resumption +is RFC 5077 TLS session tickets, which don't require server\-side +storage. Consequently, for Postfix >= 2.11 this parameter should +generally be left empty. TLS session tickets require an OpenSSL +library (at least version 0.9.8h) that provides full support for +this TLS extension. See also smtpd_tls_session_cache_timeout. +.PP +Example: +.PP +.nf +.na +.ft C +smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_session_cache_timeout (default: 3600s) +The expiration time of Postfix SMTP server TLS session cache +information. A cache cleanup is performed periodically +every $smtpd_tls_session_cache_timeout seconds. As with +$smtpd_tls_session_cache_database, this parameter is implemented in the +\fBtlsmgr\fR(8) daemon and therefore per\-smtpd\-instance master.cf overrides +are not possible. +.PP +As of Postfix 2.11 this setting cannot exceed 100 days. If set +<= 0, session caching is disabled, not just via the database, but +also via RFC 5077 TLS session tickets, which don't require server\-side +storage. If set to a positive value less than 2 minutes, the minimum +value of 2 minutes is used instead. TLS session tickets require +an OpenSSL library (at least version 0.9.8h) that provides full +support for this TLS extension. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later, and updated +for TLS session ticket support in Postfix 2.11. +.SH smtpd_tls_wrappermode (default: no) +Run the Postfix SMTP server in TLS "wrapper" mode, +instead of using the STARTTLS command. +.PP +If you want to support this service, enable a special port in +master.cf, and specify "\-o smtpd_tls_wrappermode=yes" on the SMTP +server's command line. Port 465 (submissions/smtps) is reserved for +this purpose. +.PP +This feature is available in Postfix 2.2 and later. +.SH smtpd_upstream_proxy_protocol (default: empty) +The name of the proxy protocol used by an optional before\-smtpd +proxy agent. When a proxy agent is used, this protocol conveys local +and remote address and port information. Specify +"smtpd_upstream_proxy_protocol = haproxy" to enable the haproxy +protocol; version 2 is supported with Postfix 3.5 and later. +.PP +NOTE: To use the nginx proxy with \fBsmtpd\fR(8), enable the XCLIENT +protocol with smtpd_authorized_xclient_hosts. This supports SASL +authentication in the proxy agent (Postfix 2.9 and later). +.PP +This feature is available in Postfix 2.10 and later. +.SH smtpd_upstream_proxy_timeout (default: 5s) +The time limit for the proxy protocol specified with the +smtpd_upstream_proxy_protocol parameter. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.10 and later. +.SH smtpd_use_tls (default: no) +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.PP +Note: when invoked via "\fBsendmail \-bs\fR", Postfix will never offer +STARTTLS due to insufficient privileges to access the server private +key. This is intended behavior. +.PP +This feature is available in Postfix 2.2 and later. With +Postfix 2.3 and later use smtpd_tls_security_level instead. +.SH smtputf8_autodetect_classes (default: sendmail, verify) +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. This is a workaround to avoid chicken\-and\-egg +problems during the initial SMTPUTF8 roll\-out in environments with +pre\-existing mail flows that contain UTF8. Those mail flows should +not break because Postfix suddenly refuses to deliver such mail +to down\-stream MTAs that don't announce SMTPUTF8 support. +.PP +The problem is that Postfix cannot rely solely on the sender's +declaration that a message requires SMTPUTF8 support, because UTF8 +may be introduced during local processing (for example, the client +hostname in Postfix's Received: header, adding @$myorigin or +\&.$mydomain to an incomplete address, address rewriting, alias +expansion, automatic BCC recipients, local forwarding, and changes +made by header checks or Milter applications). +.PP +For now, the default is to enable "SMTPUTF8 required" autodetection +only for Postfix sendmail command\-line submissions and address +verification probes. This may change once SMTPUTF8 support achieves +world domination. However, sites that add UTF8 content via local +processing (see above) should autodetect the need for SMTPUTF8 +support for all email. +.PP +Specify one or more of the following: +.IP "\fB sendmail \fR" +Submission with the Postfix +\fBsendmail\fR(1) command. +.br +.IP "\fB smtpd \fR" +Mail received with the \fBsmtpd\fR(8) +daemon. +.br +.IP "\fB qmqpd \fR" +Mail received with the \fBqmqpd\fR(8) +daemon. +.br +.IP "\fB forward \fR" +Local forwarding or aliasing. When +a message is received with "SMTPUTF8 required", then the forwarded +(aliased) message always has "SMTPUTF8 required". +.br +.IP "\fB bounce \fR" +Submission by the \fBbounce\fR(8) daemon. +When a message is received with "SMTPUTF8 required", then the +delivery status notification always has "SMTPUTF8 required". +.br +.IP "\fB notify \fR" +Postmaster notification from the +\fBsmtp\fR(8) or \fBsmtpd\fR(8) daemon. +.br +.IP "\fB verify \fR" +Address verification probe from the +\fBverify\fR(8) daemon. +.br +.IP "\fB all \fR" +Enable SMTPUTF8 autodetection for all +mail. +.br +.br +.PP +This feature is available in Postfix 3.0 and later. +.SH smtputf8_enable (default: yes) +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531, RFC 6532, and RFC 6533. This requires that Postfix is +built to support these protocols. +.PP +This feature is available in Postfix 3.0 and later. +.SH soft_bounce (default: no) +Safety net to keep mail queued that would otherwise be returned to +the sender. This parameter disables locally\-generated bounces, +changes the handling of negative responses from remote servers, +content filters or plugins, +and prevents the Postfix SMTP server from rejecting mail permanently +by changing 5xx reply codes into 4xx. However, soft_bounce is no +cure for address rewriting mistakes or mail routing mistakes. +.PP +Note: "soft_bounce = yes" is in some cases implemented by modifying +server responses. Therefore, the response that Postfix logs may +differ from the response that Postfix actually sends or receives. +.PP +Example: +.PP +.nf +.na +.ft C +soft_bounce = yes +.fi +.ad +.ft R +.SH stale_lock_time (default: 500s) +The time after which a stale exclusive mailbox lockfile is removed. +This is used for delivery to file or mailbox. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH stress (default: empty) +This feature is documented in the STRESS_README document. +.PP +This feature is available in Postfix 2.5 and later. +.SH strict_7bit_headers (default: no) +Reject mail with 8\-bit text in message headers. This blocks mail +from poorly written applications. +.PP +This feature should not be enabled on a general purpose mail server, +because it is likely to reject legitimate email. +.PP +This feature is available in Postfix 2.0 and later. +.SH strict_8bitmime (default: no) +Enable both strict_7bit_headers and strict_8bitmime_body. +.PP +This feature should not be enabled on a general purpose mail server, +because it is likely to reject legitimate email. +.PP +This feature is available in Postfix 2.0 and later. +.SH strict_8bitmime_body (default: no) +Reject 8\-bit message body text without 8\-bit MIME content encoding +information. This blocks mail from poorly written applications. +.PP +Unfortunately, this also rejects majordomo approval requests when +the included request contains valid 8\-bit MIME mail, and it rejects +bounces from mailers that do not MIME encapsulate 8\-bit content +(for example, bounces from qmail or from old versions of Postfix). +.PP +This feature should not be enabled on a general purpose mail server, +because it is likely to reject legitimate email. +.PP +This feature is available in Postfix 2.0 and later. +.SH strict_mailbox_ownership (default: yes) +Defer delivery when a mailbox file is not owned by its recipient. +The default setting is not backwards compatible. +.PP +This feature is available in Postfix 2.5.3 and later. +.SH strict_mime_encoding_domain (default: no) +Reject mail with invalid Content\-Transfer\-Encoding: information +for the message/* or multipart/* MIME content types. This blocks +mail from poorly written software. +.PP +This feature should not be enabled on a general purpose mail server, +because it will reject mail after a single violation. +.PP +This feature is available in Postfix 2.0 and later. +.SH strict_rfc821_envelopes (default: no) +Require that addresses received in SMTP MAIL FROM and RCPT TO +commands are enclosed with <>, and that those addresses do +not contain RFC 822 style comments or phrases. This stops mail +from poorly written software. +.PP +By default, the Postfix SMTP server accepts RFC 822 syntax in MAIL +FROM and RCPT TO addresses. +.SH strict_smtputf8 (default: no) +Enable stricter enforcement of the SMTPUTF8 protocol. The Postfix +SMTP server accepts UTF8 sender or recipient addresses only when +the client requests an SMTPUTF8 mail transaction. +.PP +This feature is available in Postfix 3.0 and later. +.SH sun_mailtool_compatibility (default: no) +Obsolete SUN mailtool compatibility feature. Instead, use +"mailbox_delivery_lock = dotlock". +.SH swap_bangpath (default: yes) +Enable the rewriting of "site!user" into "user@site". This is +necessary if your machine is connected to UUCP networks. It is +enabled by default. +.PP +Note: with Postfix version 2.2, message header address rewriting +happens only when one of the following conditions is true: +.IP \(bu +The message is received with the Postfix \fBsendmail\fR(1) command, +.IP \(bu +The message is received from a network client that matches +$local_header_rewrite_clients, +.IP \(bu +The message is received from the network, and the +remote_header_rewrite_domain parameter specifies a non\-empty value. +.br +.PP +To get the behavior before Postfix version 2.2, specify +"local_header_rewrite_clients = static:all". +.PP +Example: +.PP +.nf +.na +.ft C +swap_bangpath = no +.fi +.ad +.ft R +.SH syslog_facility (default: mail) +The syslog facility of Postfix logging. Specify a facility as +defined in syslog.\fBconf\fR(5). The default facility is "mail". +.PP +Warning: a non\-default syslog_facility setting takes effect only +after a Postfix process has completed initialization. Errors during +process initialization will be logged with the default facility. +Examples are errors while parsing the command line arguments, and +errors while accessing the Postfix main.cf configuration file. +.SH syslog_name (default: see "postconf \-d" output) +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Warning: a non\-default syslog_name setting takes effect only after +a Postfix process has completed initialization. Errors during +process initialization will be logged with the default name. Examples +are errors while parsing the command line arguments, and errors +while accessing the Postfix main.cf configuration file. +.SH tcp_windowsize (default: 0) +An optional workaround for routers that break TCP window scaling. +Specify a value > 0 and < 65536 to enable this feature. With +Postfix TCP servers (\fBsmtpd\fR(8), \fBqmqpd\fR(8)), this feature is implemented +by the Postfix \fBmaster\fR(8) daemon. +.PP +To change this parameter without stopping Postfix, you need to +first terminate all Postfix TCP servers: +.sp +.in +4 +.nf +.na +.ft C +# postconf \-e master_service_disable=inet +# postfix reload +.fi +.ad +.ft R +.in -4 +.PP +This immediately terminates all processes that accept network +connections. Next, you enable Postfix TCP servers with the updated +tcp_windowsize setting: +.sp +.in +4 +.nf +.na +.ft C +# postconf \-e tcp_windowsize=65535 master_service_disable= +# postfix reload +.fi +.ad +.ft R +.in -4 +.PP +If you skip these steps with a running Postfix system, then the +tcp_windowsize change will work only for Postfix TCP clients (\fBsmtp\fR(8), +\fBlmtp\fR(8)). +.PP +This feature is available in Postfix 2.6 and later. +.SH tls_append_default_CA (default: no) +Append the system\-supplied default Certification Authority +certificates to the ones specified with *_tls_CApath or *_tls_CAfile. +The default is "no"; this prevents Postfix from trusting third\-party +certificates and giving them relay permission with +permit_tls_all_clientcerts. +.PP +This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8, +2.7.2 and later versions. Specify "tls_append_default_CA = yes" for +backwards compatibility, to avoid breaking certificate verification +with sites that don't use permit_tls_all_clientcerts. +.SH tls_config_file (default: default) +Optional configuration file with baseline OpenSSL settings. +OpenSSL loads any SSL settings found in the configuration file for +the selected application name (see tls_config_name) or else the +built\-in application name "openssl_conf" when no application name is +specified, or no corresponding configuration section is present. +.PP +With OpenSSL releases 1.1.1 and 1.1.1a, applications (including +Postfix) can neither specify an alternative configuration file, nor +avoid loading the default configuration file. +.PP +With OpenSSL 1.1.1b or later, this parameter may be set to one of: +.IP "\fBdefault\fR (default)" +Load the system\-wide +"openssl.cnf" configuration file. +.br +.IP "\fBnone\fR (recommended, OpenSSL 1.1.1b or later only)" +This setting disables loading of the system\-wide "openssl.cnf" +file. +.br +.IP "\fB\fI/absolute\-path\fR\fR (OpenSSL 1.1.1b or later only)" +Load the configuration file specified by \fI/absolute\-path\fR. +With this setting it is an error for the file to not contain any +settings for the selected tls_config_name. There is no fallback to +the default "openssl_conf" name. +.br +.br +.PP +Failures in processing of the built\-in default configuration file, +are silently ignored. Any errors in loading a non\-default configuration +file are detected by Postfix, and cause TLS support to be disabled. +.PP +The OpenSSL configuration file format is not documented here, +beyond giving two examples. +.PP +Example: Default settings for all applications. +.sp +.in +4 +.nf +.na +.ft C +# The name 'openssl_conf' is the default application name +# The section name to the right of the '=' sign is arbitrary, +# any name will do, so long as it refers to the desired section. +# +# The name 'system_default' selects the settings applied internally +# by the SSL library as part of SSL object creation. Applications +# can then apply any additional settings of their choice. +# +# In this example, TLS versions prior to 1.2 are disabled by default. +# +openssl_conf = system_wide_settings +[system_wide_settings] +ssl_conf = ssl_library_settings +[ssl_library_settings] +system_default = initial_ssl_settings +[initial_ssl_settings] +MinProtocol = TLSv1.2 +.fi +.ad +.ft R +.in -4 +.PP +Example: Custom settings for an application named "postfix". +.sp +.in +4 +.nf +.na +.ft C +# The mapping from an application name to the corresponding configuration +# section must appear near the top of the file, (in what is sometimes called +# the "default section") prior to the start of any explicitly named +# "[sections]". The named sections can appear in any order and don't nest. +# +postfix = postfix_settings +[postfix_settings] +ssl_conf = postfix_ssl_settings +[postfix_ssl_settings] +system_default = baseline_postfix_settings +[baseline_postfix_settings] +MinProtocol = TLSv1 +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20. +.SH tls_config_name (default: empty) +The application name passed by Postfix to OpenSSL library +initialization functions. This name is used to select the desired +configuration "section" in the OpenSSL configuration file specified +via the tls_config_file parameter. When empty, or when the +selected name is not present in the configuration file, the default +application name ("openssl_conf") is used as a fallback. +.PP +This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20. +.SH tls_daemon_random_bytes (default: 32) +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). The default of 32 +bytes (equivalent to 256 bits) is sufficient to generate a 128bit +(or 168bit) session key. +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_dane_digest_agility (default: on) +Configure RFC7671 DANE TLSA digest algorithm agility. +Do not change this setting from its default value. +.PP +See Section 8 of RFC7671 for correct key rotation procedures. +.PP +This feature is available in Postfix 2.11 through 3.1. Postfix +3.2 and later ignore this configuration parameter and behave as +though it were set to "on". +.SH tls_dane_digests (default: sha512 sha256) +DANE TLSA (RFC 6698, RFC 7671, RFC 7672) resource\-record "matching +type" digest algorithms in descending preference order. All the +specified algorithms must be supported by the underlying OpenSSL +library, otherwise the Postfix SMTP client will not support DANE +TLSA security. +.PP +Specify a list of digest names separated by commas and/or +whitespace. Each digest name may be followed by an optional +"=<number>" suffix. For example, "sha512" may instead be specified +as "sha512=2" and "sha256" may instead be specified as "sha256=1". +The optional number must match the <a +href="https://www.iana.org/assignments/dane\-parameters/dane\-parameters.xhtml#matching\-types" +>IANA assigned TLSA matching type number the algorithm in question. +Postfix will check this constraint for the algorithms it knows about. +Additional matching type algorithms registered with IANA can be added +with explicit numbers provided they are supported by OpenSSL. +.PP +Invalid list elements are logged with a warning and disable DANE +support. TLSA RRs that specify digests not included in the list are +ignored with a warning. +.PP +Note: It is unwise to omit sha256 from the digest list. This +digest algorithm is the only mandatory to implement digest algorithm +in RFC 6698, and many servers are expected to publish TLSA records +with just sha256 digests. Unless one of the standard digests is +seriously compromised and servers have had ample time to update their +TLSA records you should not omit any standard digests, just arrange +them in order from strongest to weakest. +.PP +This feature is available in Postfix 2.11 and later. +.SH tls_dane_trust_anchor_digest_enable (default: yes) +Enable support for RFC 6698 (DANE TLSA) DNS records that contain +digests of trust\-anchors with certificate usage "2". Do not change +this setting from its default value. +.PP +This feature is available in Postfix 2.11 through 3.1. It has +been withdrawn in Postfix 3.2, as trust\-anchor TLSA records are now +widely used and have proved sufficiently reliable. Postfix 3.2 and +later ignore this configuration parameter and behaves as though it +were set to "yes". +.SH tls_disable_workarounds (default: see "postconf \-d" output) +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.PP +The OpenSSL toolkit includes a set of work\-arounds for buggy SSL/TLS +implementations. Applications, such as Postfix, that want to maximize +interoperability ask the OpenSSL library to enable the full set of +recommended work\-arounds. +.PP +From time to time, it is discovered that a work\-around creates a +security issue, and should no longer be used. If upgrading OpenSSL +to a fixed version is not an option or an upgrade is not available +in a timely manner, or in closed environments where no buggy clients +or servers exist, it may be appropriate to disable some or all of the +OpenSSL interoperability work\-arounds. This parameter specifies which +bug work\-arounds to disable. +.PP +If the value of the parameter is a hexadecimal long integer starting +with "0x", the bug work\-arounds corresponding to the bits specified in +its value are removed from the \fBSSL_OP_ALL\fR work\-around bit\-mask +(see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). You can specify more +bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying +0xFFFFFFFF disables all bug\-workarounds on a 32\-bit system. This should +also be sufficient on 64\-bit systems, until OpenSSL abandons support +for 32\-bit systems and starts using the high 32 bits of a 64\-bit +bug\-workaround mask. +.PP +Otherwise, the parameter is a white\-space or comma separated list +of specific named bug work\-arounds chosen from the list below. It +is possible that your OpenSSL version includes new bug work\-arounds +added after your Postfix source code was last updated, in that case +you can only disable one of these via the hexadecimal syntax above. +.IP "\fBCRYPTOPRO_TLSEXT_BUG\fR" +New with GOST support in +OpenSSL 1.0.0. +.br +.IP "\fBDONT_INSERT_EMPTY_FRAGMENTS\fR" +See +\fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBLEGACY_SERVER_CONNECT\fR" +See \fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBMICROSOFT_BIG_SSLV3_BUFFER\fR" +See +\fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBMICROSOFT_SESS_ID_BUG\fR" +See \fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBMSIE_SSLV2_RSA_PADDING\fR" +also aliased as +\fBCVE\-2005\-2969\fR. Postfix 2.8 disables this work\-around by +default with OpenSSL versions that may predate the fix. Fixed in +OpenSSL 0.9.7h and OpenSSL 0.9.8a. +.br +.IP "\fBNETSCAPE_CHALLENGE_BUG\fR" +See \fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBNETSCAPE_REUSE_CIPHER_CHANGE_BUG\fR" +also aliased +as \fBCVE\-2010\-4180\fR. Postfix 2.8 disables this work\-around by +default with OpenSSL versions that may predate the fix. Fixed in +OpenSSL 0.9.8q and OpenSSL 1.0.0c. +.br +.IP "\fBSSLEAY_080_CLIENT_DH_BUG\fR" +See +\fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBSSLREF2_REUSE_CERT_TYPE_BUG\fR" +See +\fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBTLS_BLOCK_PADDING_BUG\fR" +See \fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBTLS_D5_BUG\fR" +See \fBSSL_CTX_set_options\fR(3) +.br +.IP "\fBTLS_ROLLBACK_BUG\fR" +See \fBSSL_CTX_set_options\fR(3). +This is disabled in OpenSSL 0.9.7 and later. Nobody should still +be using 0.9.6! +.br +.IP "\fBTLSEXT_PADDING\fR" +Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3). +.br +.br +.PP +This feature is available in Postfix 2.8 and later. +.SH tls_eecdh_auto_curves (default: see "postconf \-d" output) +The prioritized list of elliptic curves supported by the Postfix +SMTP client and server. These curves are used by the Postfix SMTP +server when "smtpd_tls_eecdh_grade = auto". The selected curves +must be implemented by OpenSSL and be standardized for use in TLS +(RFC 8422). It is unwise to list only +"bleeding\-edge" curves supported by a small subset of clients. The +default list is suitable for most users. +.PP +Postfix skips curve names that are unknown to OpenSSL, or that +are known but not yet implemented. This makes it possible to +"anticipate" support for curves that should be used once they become +available. In particular, in some OpenSSL versions, the new RFC +8031 curves "X25519" and "X448" may be known by name, but ECDH +support for either or both may be missing. These curves may appear +in the default value of this parameter, even though they'll only +be usable with later versions of OpenSSL. +.PP +This feature is available in Postfix 3.2 and later, when it is +compiled and linked with OpenSSL 1.0.2 or later on platforms where +EC algorithms have not been disabled by the vendor. +.SH tls_eecdh_strong_curve (default: prime256v1) +The elliptic curve used by the Postfix SMTP server for sensibly +strong +ephemeral ECDH key exchange. This curve is used by the Postfix SMTP +server when "smtpd_tls_eecdh_grade = strong". The phrase "sensibly +strong" means approximately 128\-bit security based on best known +attacks. The selected curve must be implemented by OpenSSL (as +reported by \fBecparam\fR(1) with the "\-list_curves" option) and be one +of the curves listed in Section 5.1.1 of RFC 8422. You should not +generally change this setting. Remote SMTP client implementations +must support this curve for EECDH key exchange to take place. It +is unwise to choose only "bleeding\-edge" curves supported by only a +small subset of clients. +.PP +The default "strong" curve is rated in NSA Suite +B for information classified up to SECRET. +.PP +Note: elliptic curve names are poorly standardized; different +standards groups are assigning different names to the same underlying +curves. The curve with the X9.62 name "prime256v1" is also known +under the SECG name "secp256r1", but OpenSSL does not recognize the +latter name. +.PP +If you want to take maximal advantage of ciphers that offer forward secrecy see +the Getting +started section of FORWARD_SECRECY_README. The +full document conveniently presents all information about Postfix +"perfect" forward secrecy support in one place: what forward secrecy +is, how to tweak settings, and what you can expect to see when +Postfix uses ciphers with forward secrecy. +.PP +This feature is available in Postfix 2.6 and later, when it is +compiled and linked with OpenSSL 1.0.0 or later on platforms where +EC algorithms have not been disabled by the vendor. +.SH tls_eecdh_ultra_curve (default: secp384r1) +The elliptic curve used by the Postfix SMTP server for maximally +strong +ephemeral ECDH key exchange. This curve is used by the Postfix SMTP +server when "smtpd_tls_eecdh_grade = ultra". The phrase "maximally +strong" means approximately 192\-bit security based on best known attacks. +This additional strength comes at a significant computational cost, most +users should instead set "smtpd_tls_eecdh_grade = strong". The selected +curve must be implemented by OpenSSL (as reported by \fBecparam\fR(1) with the +"\-list_curves" option) and be one of the curves listed in Section 5.1.1 +of RFC 8422. You should not generally change this setting. Remote SMTP +client implementations must support this curve for EECDH key exchange +to take place. It is unwise to choose only "bleeding\-edge" curves +supported by only a small subset of clients. +.PP +This default "ultra" curve is rated in NSA Suite +B for information classified up to TOP SECRET. +.PP +If you want to take maximal advantage of ciphers that offer forward secrecy see +the Getting +started section of FORWARD_SECRECY_README. The +full document conveniently presents all information about Postfix +"perfect" forward secrecy support in one place: what forward secrecy +is, how to tweak settings, and what you can expect to see when +Postfix uses ciphers with forward secrecy. +.PP +This feature is available in Postfix 2.6 and later, when it is +compiled and linked with OpenSSL 1.0.0 or later on platforms where +EC algorithms have not been disabled by the vendor. +.SH tls_export_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "export" or higher grade ciphers. This +defines the meaning of the "export" setting in smtpd_tls_ciphers, +smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, +lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. With Postfix +releases before the middle of 2015 this is the default cipherlist +for the opportunistic ("may") TLS client security level and also +the default cipherlist for the SMTP server. You are strongly +encouraged not to change this setting. +.PP +This feature is available in Postfix 2.3 and later. +.SH tls_fast_shutdown_enable (default: yes) +A workaround for implementations that hang Postfix while shutting +down a TLS session, until Postfix times out. With this enabled, +Postfix will not wait for the remote TLS peer to respond to a TLS +\&'close' notification. This behavior is recommended for TLSv1.0 and +later. +.SH tls_high_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "high" grade ciphers. This defines +the meaning of the "high" setting in smtpd_tls_ciphers, +smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, +lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly +encouraged not to change this setting. +.PP +This feature is available in Postfix 2.3 and later. +.SH tls_legacy_public_key_fingerprints (default: no) +A temporary migration aid for sites that use certificate +\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use +an incorrect algorithm. This parameter has no effect on the certificate +fingerprint support that is available since Postfix 2.2. +.PP +Specify "tls_legacy_public_key_fingerprints = yes" temporarily, +pending a migration from configuration files with incorrect Postfix +2.9.0..2.9.5 certificate public\-key finger prints, to the correct +fingerprints used by Postfix 2.9.6 and later. To compute the correct +certificate public\-key fingerprints, see TLS_README. +.PP +This feature is available in Postfix 2.9.6 and later. +.SH tls_low_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "low" or higher grade ciphers. This defines +the meaning of the "low" setting in smtpd_tls_ciphers, +smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, +lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. You are strongly +encouraged not to change this setting. +.PP +This feature is available in Postfix 2.3 and later. +.SH tls_medium_cipherlist (default: see "postconf \-d" output) +The OpenSSL cipherlist for "medium" or higher grade ciphers. This +defines the meaning of the "medium" setting in smtpd_tls_ciphers, +smtpd_tls_mandatory_ciphers, smtp_tls_ciphers, smtp_tls_mandatory_ciphers, +lmtp_tls_ciphers, and lmtp_tls_mandatory_ciphers. This is the +default cipherlist for mandatory TLS encryption in the TLS client +(with anonymous ciphers disabled when verifying server certificates). +This is the default cipherlist for opportunistic TLS with Postfix +releases after the middle of 2015. You are strongly encouraged not +to change this setting. +.PP +This feature is available in Postfix 2.3 and later. +.SH tls_null_cipherlist (default: eNULL:!aNULL) +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. This defines the meaning of the "null" +setting in smtpd_tls_mandatory_ciphers, smtp_tls_mandatory_ciphers and +lmtp_tls_mandatory_ciphers. You are strongly encouraged not to +change this setting. +.PP +This feature is available in Postfix 2.3 and later. +.SH tls_preempt_cipherlist (default: no) +With SSLv3 and later, use the Postfix SMTP server's cipher +preference order instead of the remote client's cipher preference +order. +.PP +By default, the OpenSSL server selects the client's most preferred +cipher that the server supports. With SSLv3 and later, the server may +choose its own most preferred cipher that is supported (offered) by +the client. Setting "tls_preempt_cipherlist = yes" enables server cipher +preferences. +.PP +While server cipher selection may in some cases lead to a more secure +or performant cipher choice, there is some risk of interoperability +issues. In the past, some SSL clients have listed lower priority ciphers +that they did not implement correctly. If the server chooses a cipher +that the client prefers less, it may select a cipher whose client +implementation is flawed. Most notably Windows 2003 Microsoft +Exchange servers have flawed implementations of DES\-CBC3\-SHA, which +OpenSSL considers stronger than RC4\-SHA. Enabling server cipher\-suite +selection may create interoperability issues with Windows 2003 +Microsoft Exchange clients. +.PP +This feature is available in Postfix 2.8 and later, in combination +with OpenSSL 0.9.7 and later. +.SH tls_random_bytes (default: 32) +The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source +when (re)seeding the in\-memory pseudo random number generator (PRNG) +pool. The default of 32 bytes (256 bits) is good enough for 128bit +symmetric keys. If using EGD or a device file, a maximum of 255 +bytes is read. +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_random_exchange_name (default: see "postconf \-d" output) +Name of the pseudo random number generator (PRNG) state file +that is maintained by \fBtlsmgr\fR(8). The file is created when it does +not exist, and its length is fixed at 1024 bytes. +.PP +As of version 2.5, Postfix no longer uses root privileges when +opening this file, and the default file location was changed from +${config_directory}/prng_exch to ${data_directory}/prng_exch. As +a migration aid, an attempt to open the file under a non\-Postfix +directory is redirected to the Postfix\-owned data_directory, and a +warning is logged. +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_random_prng_update_period (default: 3600s) +The time between attempts by \fBtlsmgr\fR(8) to save the state of +the pseudo random number generator (PRNG) to the file specified +with $tls_random_exchange_name. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_random_reseed_period (default: 3600s) +The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the +in\-memory pseudo random number generator (PRNG) pool from external +sources. The actual time between re\-seeding attempts is calculated +using the PRNG, and is between 0 and the time specified. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_random_source (default: see "postconf \-d" output) +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. Be sure to specify a non\-blocking +source. If this source is not a regular file, the entropy source +type must be prepended: egd:/path/to/egd_socket for a source with +EGD compatible socket interface, or dev:/path/to/device for a +device file. +.PP +Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom +gives timeout errors. +.PP +This feature is available in Postfix 2.2 and later. +.SH tls_server_sni_maps (default: empty) +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. This parameter is implemented +in the Postfix TLS library, and applies to both \fBsmtpd\fR(8) and the SMTP +server mode of \fBtlsproxy\fR(8). +.PP +When this parameter is non\-empty, the Postfix SMTP server enables +SNI extension processing, and logs SNI values that are invalid or +don't match an entry in the specified tables. When an entry +does match, the SNI name is logged as part of the connection summary +at log levels 1 and higher. +.PP +The lookup key is either the verbatim SNI domain name or an +ancestor domain prefixed with a leading dot. For internationalized +domains, the lookup key must be in IDNA 2008 A\-label form (as +required in the TLS SNI extension). +.PP +The syntax of the lookup value is the same as with the +smtp_tls_chain_files parameter (see there for additional details), +but here scoped to just TLS connections in which the client sends +a matching SNI domain name. +.PP +Example: +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + # + # The indexed SNI table must be created with "postmap \-F" + # + indexed = ${default_database_type}:${config_directory}/ + tls_server_sni_maps = ${indexed}sni +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/sni: + # + # The example.com domain has both an RSA and ECDSA certificate + # chain. The chain files MUST start with the private key, + # with the certificate chain next, starting with the leaf + # (server) certificate, and then the issuer certificates. + # + example.com /etc/postfix/sni\-chains/rsa2048.example.com.pem, + /etc/postfix/sni\-chains/ecdsa\-p256.example.com.pem + # + # The example.net domain has a wildcard certificate, and two + # additional DNS names. So its certificate chain is also used + # with any subdomain, plus the additional names. + # + example.net /etc/postfix/sni\-chains/example.net.pem + .example.net /etc/postfix/sni\-chains/example.net.pem + example.info /etc/postfix/sni\-chains/example.net.pem + example.org /etc/postfix/sni\-chains/example.net.pem +.fi +.ad +.ft R +.in -4 +.PP +Note that the SNI lookup tables should also have entries for +the domains that correspond to the Postfix SMTP server's default +certificate(s). This ensures that the remote SMTP client's TLS SNI +extension gets a positive response when it specifies one of the +Postfix SMTP server's default domains, and ensures that the Postfix +SMTP server will not log an SNI name mismatch for such a domain. +The Postfix SMTP server's default certificates are then only used +when the client sends no SNI or when it sends SNI with a domain +that the server knows no certificate(s) for. +.PP +The mapping from an SNI domain name to a certificate chain is indirect. In +the input source files for "cdb", "hash", "btree" or other tables that are +converted to on\-disk indexed files via \fBpostmap\fR(1), the value specified for each +key is a list of filenames. When \fBpostmap\fR(1) is used with the \fB\-F\fR option, +the generated table stores for each lookup key the base64\-encoded contents of +the associated files. When querying tables via \fBpostmap \-Fq\fR, the table +value is decoded from base64, yielding the original file content, plus a new +line. +.PP +With "regexp", "pcre", "inline", "texthash", "static" and similar +tables that are interpreted at run\-time, and don't have a separate +source format, the table value is again a list files, that are loaded +into memory when the table is opened. +.PP +With tables whose content is managed outside of Postfix, such +as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a +concatenation of the desired PEM keys and certificate chains, that +is then further encoded to yield a single\-line base64 string. +Creation of such tables and secure storage (the value includes +private key material) are outside the responsibility of Postfix. +.PP +With "socketmap" and "tcp" the data will be transmitted in the clear, and +there is no query access control, so these are generally unsuitable for storing +SNI chains. With LDAP and SQL, you should restrict read access and use TLS to +protect the sensitive data in transit. +.PP +Typically there is only one private key and its chain of certificates +starting with the "leaf" certificate corresponding to that key, and +continuing with the appropriate intermediate issuer CA certificates, +with each certificate ideally followed by its issuer. Servers +that have keys and certificates for more than one algorithm (e.g. +both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519) +can use multiple chains concatenated together, with the key always +listed before the corresponding certificates. +.PP +This feature is available in Postfix 3.4 and later. +.SH tls_session_ticket_cipher (default: Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc) +Algorithm used to encrypt RFC5077 TLS session tickets. This +algorithm must use CBC mode, have a 128\-bit block size, and must +have a key length between 128 and 256 bits. The default is +aes\-256\-cbc. Overriding the default to choose a different algorithm +is discouraged. +.PP +Setting this parameter empty disables session ticket support +in the Postfix SMTP server. Another way to disable session ticket +support is via the tls_ssl_options parameter. +.PP +This feature is available in Postfix 3.0 and later. +.SH tls_ssl_options (default: empty) +List or bit\-mask of OpenSSL options to enable. +.PP +The OpenSSL toolkit provides a set of options that applications +can enable to tune the OpenSSL behavior. Some of these work around +bugs in other implementations and are on by default. You can use +the tls_disable_workarounds parameter to selectively disable some +or all of the bug work\-arounds, making OpenSSL more strict at the +cost of non\-interoperability with SSL clients or servers that exhibit +the bugs. +.PP +Other options are off by default, and typically enable or disable +features rather than bug work\-arounds. These may be turned on (with +care) via the tls_ssl_options parameter. The value is a white\-space +or comma separated list of named options chosen from the list below. +The names are not case\-sensitive, you can use lower\-case if you +prefer. The upper case values below match the corresponding macro +name in the ssl.h header file with the SSL_OP_ prefix removed. It +is possible that your OpenSSL version includes new options added +after your Postfix source code was last updated, in that case you +can only enable one of these via the hexadecimal syntax below. +.PP +You should only enable features via the hexadecimal mask when +the need to control the feature is critical (to deal with a new +vulnerability or a serious interoperability problem). Postfix DOES +NOT promise backwards compatible behavior with respect to the mask +bits. A feature enabled via the mask in one release may be enabled +by other means in a later release, and the mask bit will then be +ignored. Therefore, use of the hexadecimal mask is only a temporary +measure until a new Postfix or OpenSSL release provides a better +solution. +.PP +If the value of the parameter is a hexadecimal long integer +starting with "0x", the options corresponding to the bits specified +in its value are enabled (see openssl/ssl.h and \fBSSL_CTX_set_options\fR(3)). +You can only enable options not already controlled by other Postfix +settings. For example, you cannot disable protocols or enable +server cipher preference. Do not attempt to enable all features by +specifying 0xFFFFFFFF, this is unlikely to be a good idea. Some +bug work\-arounds are also valid here, allowing them to be re\-enabled +if/when they're no longer enabled by default. The supported values +include: +.IP "\fBENABLE_MIDDLEBOX_COMPAT\fR" +Postfix >= 3.4. See +\fBSSL_CTX_set_options\fR(3). +.br +.IP "\fBLEGACY_SERVER_CONNECT\fR" +See \fBSSL_CTX_set_options\fR(3). +.br +.IP "\fBNO_TICKET\fR" +Enabled by default when needed in +fully\-patched Postfix >= 2.7. Not needed at all for Postfix >= +2.11, unless for some reason you do not want to support TLS session +resumption. Best not set explicitly. See \fBSSL_CTX_set_options\fR(3). +.br +.IP "\fBNO_COMPRESSION\fR" +Disable SSL compression even if +supported by the OpenSSL library. Compression is CPU\-intensive, +and compression before encryption does not always improve security. +.br +.IP "\fBNO_RENEGOTIATION\fR" +Postfix >= 3.4. This can +reduce opportunities for a potential CPU exhaustion attack. See +\fBSSL_CTX_set_options\fR(3). +.br +.IP "\fBNO_SESSION_RESUMPTION_ON_RENEGOTIATION\fR" +Postfix +>= 3.4. See \fBSSL_CTX_set_options\fR(3). +.br +.IP "\fBPRIORITIZE_CHACHA\fR" +Postfix >= 3.4. See \fBSSL_CTX_set_options\fR(3). +.br +.br +.PP +This feature is available in Postfix 2.11 and later. +.SH tls_wildcard_matches_multiple_labels (default: yes) +Match multiple DNS labels with "*" in wildcard certificates. +.PP +Some mail service providers prepend the customer domain name +to a base domain for which they have a wildcard TLS certificate. +For example, the MX records for example.com hosted by example.net +may be: +.sp +.in +4 +.nf +.na +.ft C +example.com. IN MX 0 example.com.mx1.example.net. +example.com. IN MX 0 example.com.mx2.example.net. +.fi +.ad +.ft R +.in -4 +.PP +and the TLS certificate may be for "*.example.net". The "*" +then corresponds with multiple labels in the mail server domain +name. While multi\-label wildcards are not widely supported, and +are not blessed by any standard, there is little to be gained by +disallowing their use in this context. +.PP +Notes: +.IP \(bu +In a certificate name, the "*" is special only when it is +used as the first label. +.IP \(bu +While Postfix (2.11 or later) can match "*" with multiple +domain name labels, other implementations likely will not. +.IP \(bu +Earlier Postfix implementations behave as if +"tls_wildcard_matches_multiple_labels = no". +.br +.PP +This feature is available in Postfix 2.11 and later. +.SH tlsmgr_service_name (default: tlsmgr) +The name of the \fBtlsmgr\fR(8) service entry in master.cf. This +service maintains TLS session caches and other information in support +of TLS. +.PP +This feature is available in Postfix 2.11 and later. +.SH tlsproxy_client_CAfile (default: $smtp_tls_CAfile) +A file containing CA certificates of root CAs trusted to sign +either remote TLS server certificates or intermediate CA certificates. +See smtp_tls_CAfile for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_CApath (default: $smtp_tls_CApath) +Directory with PEM format Certification Authority certificates +that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS +server certificate. See smtp_tls_CApath for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_cert_file (default: $smtp_tls_cert_file) +File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM +format. See smtp_tls_cert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_chain_files (default: $smtp_tls_chain_files) +Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +chains in PEM format. See smtp_tls_chain_files for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_dcert_file (default: $smtp_tls_dcert_file) +File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM +format. See smtp_tls_dcert_file for further details. DSA is obsolete and +should not be used. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_dkey_file (default: $smtp_tls_dkey_file) +File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM +format. See smtp_tls_dkey_file for further details. DSA is obsolete and +should not be used. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_eccert_file (default: $smtp_tls_eccert_file) +File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +format. See smtp_tls_eccert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_eckey_file (default: $smtp_tls_eckey_file) +File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +format. See smtp_tls_eckey_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_enforce_tls (default: $smtp_enforce_tls) +Enforcement mode: require that SMTP servers use TLS encryption. +See smtp_enforce_tls for further details. Use +tlsproxy_client_security_level instead. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_fingerprint_digest (default: $smtp_tls_fingerprint_digest) +The message digest algorithm used to construct remote TLS server +certificate fingerprints. See smtp_tls_fingerprint_digest for +further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_key_file (default: $smtp_tls_key_file) +File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM +format. See smtp_tls_key_file for further details. The preferred way to +configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_level (default: $smtp_tls_security_level) +The default TLS security level for the Postfix \fBtlsproxy\fR(8) +client. See smtp_tls_security_level for further details. +.PP +This feature is available in Postfix 3.4 \- 3.6. It was +renamed to tlsproxy_client_security_level in Postfix 3.7. +.SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel) +Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS +activity. See smtp_tls_loglevel for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_loglevel_parameter (default: smtp_tls_loglevel) +The name of the parameter that provides the tlsproxy_client_loglevel +value. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_per_site (default: $smtp_tls_per_site) +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +usage policy by next\-hop destination and by remote TLS server +hostname. See smtp_tls_per_site for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_policy (default: $smtp_tls_policy_maps) +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +security policy by next\-hop destination. See smtp_tls_policy_maps +for further details. +.PP +This feature is available in Postfix 3.4 \- 3.6. It was +renamed to tlsproxy_client_policy_maps in Postfix 3.7. +.SH tlsproxy_client_policy_maps (default: $smtp_tls_policy_maps) +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +security policy by next\-hop destination. See smtp_tls_policy_maps +for further details. +.PP +This feature is available in Postfix 3.7 and later. It +was previously called tlsproxy_client_policy. +.SH tlsproxy_client_scert_verifydepth (default: $smtp_tls_scert_verifydepth) +The verification depth for remote TLS server certificates. +See smtp_tls_scert_verifydepth for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_security_level (default: $smtp_tls_security_level) +The default TLS security level for the Postfix \fBtlsproxy\fR(8) +client. See smtp_tls_security_level for further details. +.PP +This feature is available in Postfix 3.7 and later. It +was previously called tlsproxy_client_level. +.SH tlsproxy_client_use_tls (default: $smtp_use_tls) +Opportunistic mode: use TLS when a remote server announces TLS +support. See smtp_use_tls for further details. Use +tlsproxy_client_security_level instead. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_enforce_tls (default: $smtpd_enforce_tls) +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. See smtpd_enforce_tls for +further details. Use tlsproxy_tls_security_level instead. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_service_name (default: tlsproxy) +The name of the \fBtlsproxy\fR(8) service entry in master.cf. This +service performs plaintext <=> TLS ciphertext conversion. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_CAfile (default: $smtpd_tls_CAfile) +A file containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. See smtpd_tls_CAfile for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_CApath (default: $smtpd_tls_CApath) +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. See smtpd_tls_CApath for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_always_issue_session_ids (default: $smtpd_tls_always_issue_session_ids) +Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id, +even when TLS session caching is turned off. See +smtpd_tls_always_issue_session_ids for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_ask_ccert (default: $smtpd_tls_ask_ccert) +Ask a remote SMTP client for a client certificate. See +smtpd_tls_ask_ccert for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_ccert_verifydepth (default: $smtpd_tls_ccert_verifydepth) +The verification depth for remote SMTP client certificates. A +depth of 1 is sufficient if the issuing CA is listed in a local CA +file. See smtpd_tls_ccert_verifydepth for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_cert_file (default: $smtpd_tls_cert_file) +File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM +format. This file may also contain the Postfix \fBtlsproxy\fR(8) server +private RSA key. See smtpd_tls_cert_file for further details. With +Postfix >= 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_chain_files (default: $smtpd_tls_chain_files) +Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +chains in PEM format. See smtpd_tls_chain_files for further details. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_tls_ciphers (default: $smtpd_tls_ciphers) +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with opportunistic TLS encryption. See smtpd_tls_ciphers +for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_dcert_file (default: $smtpd_tls_dcert_file) +File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM +format. This file may also contain the Postfix \fBtlsproxy\fR(8) server +private DSA key. DSA is obsolete and should not be used. See +smtpd_tls_dcert_file for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file) +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with non\-export EDH ciphers. See smtpd_tls_dh1024_param_file +for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_dh512_param_file (default: $smtpd_tls_dh512_param_file) +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with export\-grade EDH ciphers. See smtpd_tls_dh512_param_file +for further details. The default SMTP server cipher grade is +"medium" with Postfix releases after the middle of 2015, and as a +result export\-grade cipher suites are by default not used. +.PP +With Postfix >= 3.6 export\-grade Diffie\-Hellman key exchange +is no longer supported, and this parameter is silently ignored. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file) +File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +DSA certificate file specified with $smtpd_tls_dcert_file. DSA is +obsolete and should not be used. See smtpd_tls_dkey_file for further +details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_eccert_file (default: $smtpd_tls_eccert_file) +File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +format. This file may also contain the Postfix \fBtlsproxy\fR(8) server +private ECDSA key. See smtpd_tls_eccert_file for further details. With +Postfix >= 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_eckey_file (default: $smtpd_tls_eckey_file) +File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +ECDSA certificate file specified with $smtpd_tls_eccert_file. See +smtpd_tls_eckey_file for further details. With Postfix >= 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_eecdh_grade (default: $smtpd_tls_eecdh_grade) +The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral +elliptic\-curve Diffie\-Hellman (EECDH) key exchange. See +smtpd_tls_eecdh_grade for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_exclude_ciphers (default: $smtpd_tls_exclude_ciphers) +List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) +server cipher list at all TLS security levels. See +smtpd_tls_exclude_ciphers for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_fingerprint_digest (default: $smtpd_tls_fingerprint_digest) +The message digest algorithm to construct remote SMTP +client\-certificate +fingerprints. See smtpd_tls_fingerprint_digest for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_key_file (default: $smtpd_tls_key_file) +File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +RSA certificate file specified with $smtpd_tls_cert_file. See +smtpd_tls_key_file for further details. With Postfix >= 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_loglevel (default: $smtpd_tls_loglevel) +Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS +activity. Each logging level also includes the information that +is logged at a lower logging level. See smtpd_tls_loglevel for +further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_mandatory_ciphers (default: $smtpd_tls_mandatory_ciphers) +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with mandatory TLS encryption. See smtpd_tls_mandatory_ciphers +for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_mandatory_exclude_ciphers (default: $smtpd_tls_mandatory_exclude_ciphers) +Additional list of ciphers or cipher types to exclude from the +\fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels. +See smtpd_tls_mandatory_exclude_ciphers for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_mandatory_protocols (default: $smtpd_tls_mandatory_protocols) +The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server +with mandatory TLS encryption. If the list is empty, the server +supports all available SSL/TLS protocol versions. See +smtpd_tls_mandatory_protocols for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_protocols (default: $smtpd_tls_protocols) +List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will +exclude or include with opportunistic TLS encryption. See +smtpd_tls_protocols for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_req_ccert (default: $smtpd_tls_req_ccert) +With mandatory TLS encryption, require a trusted remote SMTP +client certificate in order to allow TLS connections to proceed. +See smtpd_tls_req_ccert for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_security_level (default: $smtpd_tls_security_level) +The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; +when a non\-empty value is specified, this overrides the obsolete +parameters smtpd_use_tls and smtpd_enforce_tls. See +smtpd_tls_security_level for further details. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_session_cache_timeout (default: $smtpd_tls_session_cache_timeout) +Obsolete expiration time of Postfix \fBtlsproxy\fR(8) server TLS session +cache information. Since the cache is shared with \fBsmtpd\fR(8) and managed +by \fBtlsmgr\fR(8), there is only one expiration time for the SMTP server cache +shared by all three services, namely smtpd_tls_session_cache_timeout. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_use_tls (default: $smtpd_use_tls) +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. See smtpd_use_tls +for further details. Use tlsproxy_tls_security_level instead. +.PP +This feature is available in Postfix 2.8 and later. +.SH tlsproxy_watchdog_timeout (default: 10s) +How much time a \fBtlsproxy\fR(8) process may take to process local +or remote I/O before it is terminated by a built\-in watchdog timer. +This is a safety mechanism that prevents \fBtlsproxy\fR(8) from becoming +non\-responsive due to a bug in Postfix itself or in system software. +To avoid false alarms and unnecessary cache corruption this limit +cannot be set under 10s. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +This feature is available in Postfix 2.8 and later +.SH trace_service_name (default: trace) +The name of the trace service. This service is implemented by the +\fBbounce\fR(8) daemon and maintains a record +of mail deliveries and produces a mail delivery report when verbose +delivery is requested with "\fBsendmail \-v\fR". +.PP +This feature is available in Postfix 2.1 and later. +.SH transport_delivery_slot_cost (default: $default_delivery_slot_cost) +A transport\-specific override for the default_delivery_slot_cost +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_delivery_slot_cost parameters will not +show up in "postconf" command output before Postfix version 2.9. +This limitation applies to many parameters whose name is a combination +of a master.cf service name and a built\-in suffix (in this case: +"_delivery_slot_cost"). +.SH transport_delivery_slot_discount (default: $default_delivery_slot_discount) +A transport\-specific override for the default_delivery_slot_discount +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_delivery_slot_discount parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_delivery_slot_discount"). +.SH transport_delivery_slot_loan (default: $default_delivery_slot_loan) +A transport\-specific override for the default_delivery_slot_loan +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_delivery_slot_loan parameters will not +show up in "postconf" command output before Postfix version 2.9. +This limitation applies to many parameters whose name is a combination +of a master.cf service name and a built\-in suffix (in this case: +"_delivery_slot_loan"). +.SH transport_destination_concurrency_failed_cohort_limit (default: $default_destination_concurrency_failed_cohort_limit) +A transport\-specific override for the +default_destination_concurrency_failed_cohort_limit parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Note: some \fItransport\fR_destination_concurrency_failed_cohort_limit +parameters will not show up in "postconf" command output before +Postfix version 2.9. This limitation applies to many parameters +whose name is a combination of a master.cf service name and a +built\-in suffix (in this case: +"_destination_concurrency_failed_cohort_limit"). +.PP +This feature is available in Postfix 2.5 and later. +.SH transport_destination_concurrency_limit (default: $default_destination_concurrency_limit) +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Note: some \fItransport\fR_destination_concurrency_limit +parameters will not show up in "postconf" command output before +Postfix version 2.9. This limitation applies to many parameters +whose name is a combination of a master.cf service name and a +built\-in suffix (in this case: "_destination_concurrency_limit"). +.SH transport_destination_concurrency_negative_feedback (default: $default_destination_concurrency_negative_feedback) +A transport\-specific override for the +default_destination_concurrency_negative_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Note: some \fItransport\fR_destination_concurrency_negative_feedback +parameters will not show up in "postconf" command output before +Postfix version 2.9. This limitation applies to many parameters +whose name is a combination of a master.cf service name and a +built\-in suffix (in this case: +"_destination_concurrency_negative_feedback"). +.PP +This feature is available in Postfix 2.5 and later. +.SH transport_destination_concurrency_positive_feedback (default: $default_destination_concurrency_positive_feedback) +A transport\-specific override for the +default_destination_concurrency_positive_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Note: some \fItransport\fR_destination_concurrency_positive_feedback +parameters will not show up in "postconf" command output before +Postfix version 2.9. This limitation applies to many parameters +whose name is a combination of a master.cf service name and a +built\-in suffix (in this case: +"_destination_concurrency_positive_feedback"). +.PP +This feature is available in Postfix 2.5 and later. +.SH transport_destination_rate_delay (default: $default_destination_rate_delay) +A transport\-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: some \fItransport\fR_destination_rate_delay parameters +will not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_destination_rate_delay"). +.PP +This feature is available in Postfix 2.5 and later. +.SH transport_destination_recipient_limit (default: $default_destination_recipient_limit) +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Note: some \fItransport\fR_destination_recipient_limit parameters +will not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_destination_recipient_limit"). +.SH transport_extra_recipient_limit (default: $default_extra_recipient_limit) +A transport\-specific override for the default_extra_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_extra_recipient_limit parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_extra_recipient_limit"). +.SH transport_initial_destination_concurrency (default: $initial_destination_concurrency) +A transport\-specific override for the initial_destination_concurrency +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: some \fItransport\fR_initial_destination_concurrency +parameters will not show up in "postconf" command output before +Postfix version 2.9. This limitation applies to many parameters +whose name is a combination of a master.cf service name and a +built\-in suffix (in this case: "_initial_destination_concurrency"). +.PP +This feature is available in Postfix 2.5 and later. +.SH transport_maps (default: empty) +Optional lookup tables with mappings from recipient address to +(message delivery transport, next\-hop destination). See \fBtransport\fR(5) +for details. +.PP +Specify zero or more "type:table" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. If you use this +feature with local files, run "\fBpostmap /etc/postfix/transport\fR" +after making a change. +.PP +Pattern matching of domain names is controlled by the presence +or absence of "transport_maps" in the parent_domain_matches_subdomains +parameter value. +.PP +For safety reasons, as of Postfix 2.3 this feature does not +allow $number substitutions in regular expression maps. +.PP +Examples: +.PP +.nf +.na +.ft C +transport_maps = dbm:/etc/postfix/transport +transport_maps = hash:/etc/postfix/transport +.fi +.ad +.ft R +.SH transport_minimum_delivery_slots (default: $default_minimum_delivery_slots) +A transport\-specific override for the default_minimum_delivery_slots +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_minimum_delivery_slots parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_minimum_delivery_slots"). +.SH transport_recipient_limit (default: $default_recipient_limit) +A transport\-specific override for the default_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: some \fItransport\fR_recipient_limit parameters will not +show up in "postconf" command output before Postfix version 2.9. +This limitation applies to many parameters whose name is a combination +of a master.cf service name and a built\-in suffix (in this case: +"_recipient_limit"). +.SH transport_recipient_refill_delay (default: $default_recipient_refill_delay) +A transport\-specific override for the default_recipient_refill_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_recipient_refill_delay parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_recipient_refill_delay"). +.PP +This feature is available in Postfix 2.4 and later. +.SH transport_recipient_refill_limit (default: $default_recipient_refill_limit) +A transport\-specific override for the default_recipient_refill_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Note: \fItransport\fR_recipient_refill_limit parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_recipient_refill_limit"). +.PP +This feature is available in Postfix 2.4 and later. +.SH transport_retry_time (default: 60s) +The time between attempts by the Postfix queue manager to contact +a malfunctioning message delivery transport. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH transport_time_limit (default: $command_time_limit) +A transport\-specific override for the command_time_limit parameter +value, where \fItransport\fR is the master.cf name of the message +delivery transport. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +Note: \fItransport\fR_time_limit parameters will not show up +in "postconf" command output before Postfix version 2.9. This +limitation applies to many parameters whose name is a combination +of a master.cf service name and a built\-in suffix (in this case: +"_time_limit"). +.SH transport_transport_rate_delay (default: $default_transport_rate_delay) +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. +.PP +Specify a non\-negative time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.PP +Note: \fItransport\fR_transport_rate_delay parameters will +not show up in "postconf" command output before Postfix version +2.9. This limitation applies to many parameters whose name is a +combination of a master.cf service name and a built\-in suffix (in +this case: "_transport_rate_delay"). +.SH trigger_timeout (default: 10s) +The time limit for sending a trigger to a Postfix daemon (for +example, the \fBpickup\fR(8) or \fBqmgr\fR(8) daemon). This time limit prevents +programs from getting stuck when the mail system is under heavy +load. +.PP +Specify a non\-zero time value (an integral value plus an optional +one\-letter suffix that specifies the time unit). Time units: s +(seconds), m (minutes), h (hours), d (days), w (weeks). +The default time unit is s (seconds). +.SH undisclosed_recipients_header (default: see "postconf \-d" output) +Message header that the Postfix \fBcleanup\fR(8) server inserts when a +message contains no To: or Cc: message header. With Postfix 2.8 +and later, the default value is empty. With Postfix 2.4\-2.7, +specify an empty value to disable this feature. +.PP +Example: +.PP +.nf +.na +.ft C +# Default value before Postfix 2.8. +# Note: the ":" and ";" are both required. +undisclosed_recipients_header = To: undisclosed\-recipients:; +.fi +.ad +.ft R +.SH unknown_address_reject_code (default: 450) +The numerical response code when the Postfix SMTP server rejects a +sender or recipient address because its domain is unknown. This +is one of the possible replies from the restrictions +reject_unknown_sender_domain and reject_unknown_recipient_domain. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH unknown_address_tempfail_action (default: $reject_tempfail_action) +The Postfix SMTP server's action when reject_unknown_sender_domain +or reject_unknown_recipient_domain fail due to a temporary error +condition. Specify "defer" to defer the remote SMTP client request +immediately. With the default "defer_if_permit" action, the Postfix +SMTP server continues to look for opportunities to reject mail, and +defers the client request only if it would otherwise be accepted. +.PP +This feature is available in Postfix 2.6 and later. +.SH unknown_client_reject_code (default: 450) +The numerical Postfix SMTP server response code when a client +without valid address <=> name mapping is rejected by the +reject_unknown_client_hostname restriction. The SMTP server always replies +with 450 when the mapping failed due to a temporary error condition. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action) +The Postfix SMTP server's action when reject_unknown_helo_hostname +fails due to a temporary error condition. Specify "defer" to defer +the remote SMTP client request immediately. With the default +"defer_if_permit" action, the Postfix SMTP server continues to look +for opportunities to reject mail, and defers the client request +only if it would otherwise be accepted. +.PP +This feature is available in Postfix 2.6 and later. +.SH unknown_hostname_reject_code (default: 450) +The numerical Postfix SMTP server response code when the hostname +specified with the HELO or EHLO command is rejected by the +reject_unknown_helo_hostname restriction. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.SH unknown_local_recipient_reject_code (default: 550) +The numerical Postfix SMTP server response code when a recipient +address is local, and $local_recipient_maps specifies a list of +lookup tables that does not match the recipient. A recipient +address is local when its domain matches $mydestination, +$proxy_interfaces or $inet_interfaces. +.PP +The default setting is 550 (reject mail) but it is safer to initially +use 450 (try again later) so you have time to find out if your +local_recipient_maps settings are OK. +.PP +Example: +.PP +.nf +.na +.ft C +unknown_local_recipient_reject_code = 450 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.0 and later. +.SH unknown_relay_recipient_reject_code (default: 550) +The numerical Postfix SMTP server reply code when a recipient +address matches $relay_domains, and relay_recipient_maps specifies +a list of lookup tables that does not match the recipient address. +.PP +This feature is available in Postfix 2.0 and later. +.SH unknown_virtual_alias_reject_code (default: 550) +The Postfix SMTP server reply code when a recipient address matches +$virtual_alias_domains, and $virtual_alias_maps specifies a list +of lookup tables that does not match the recipient address. +.PP +This feature is available in Postfix 2.0 and later. +.SH unknown_virtual_mailbox_reject_code (default: 550) +The Postfix SMTP server reply code when a recipient address matches +$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list +of lookup tables that does not match the recipient address. +.PP +This feature is available in Postfix 2.0 and later. +.SH unverified_recipient_defer_code (default: 450) +The numerical Postfix SMTP server response when a recipient address +probe fails due to a temporary error condition. +.PP +Unlike elsewhere in Postfix, you can specify 250 in order to +accept the address anyway. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.6 and later. +.SH unverified_recipient_reject_code (default: 450) +The numerical Postfix SMTP server response when a recipient address +is rejected by the reject_unverified_recipient restriction. +.PP +Unlike elsewhere in Postfix, you can specify 250 in order to +accept the address anyway. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.1 and later. +.SH unverified_recipient_reject_reason (default: empty) +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_recipient. Do not include the numeric SMTP reply +code or the enhanced status code. By default, the response includes +actual address verification details. +.PP +Example: +.PP +.nf +.na +.ft C +unverified_recipient_reject_reason = Recipient address lookup failed +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later. +.SH unverified_recipient_tempfail_action (default: $reject_tempfail_action) +The Postfix SMTP server's action when reject_unverified_recipient +fails due to a temporary error condition. Specify "defer" to defer +the remote SMTP client request immediately. With the default +"defer_if_permit" action, the Postfix SMTP server continues to look +for opportunities to reject mail, and defers the client request +only if it would otherwise be accepted. +.PP +This feature is available in Postfix 2.6 and later. +.SH unverified_sender_defer_code (default: 450) +The numerical Postfix SMTP server response code when a sender address +probe fails due to a temporary error condition. +.PP +Unlike elsewhere in Postfix, you can specify 250 in order to +accept the address anyway. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.6 and later. +.SH unverified_sender_reject_code (default: 450) +The numerical Postfix SMTP server response code when a recipient +address is rejected by the reject_unverified_sender restriction. +.PP +Unlike elsewhere in Postfix, you can specify 250 in order to +accept the address anyway. +.PP +Do not change this unless you have a complete understanding of RFC 5321. +.PP +This feature is available in Postfix 2.1 and later. +.SH unverified_sender_reject_reason (default: empty) +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_sender. Do not include the numeric SMTP reply +code or the enhanced status code. By default, the response includes +actual address verification details. +.PP +Example: +.PP +.nf +.na +.ft C +unverified_sender_reject_reason = Sender address lookup failed +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.6 and later. +.SH unverified_sender_tempfail_action (default: $reject_tempfail_action) +The Postfix SMTP server's action when reject_unverified_sender +fails due to a temporary error condition. Specify "defer" to defer +the remote SMTP client request immediately. With the default +"defer_if_permit" action, the Postfix SMTP server continues to look +for opportunities to reject mail, and defers the client request +only if it would otherwise be accepted. +.PP +This feature is available in Postfix 2.6 and later. +.SH verp_delimiter_filter (default: \-=+) +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +This feature is available in Postfix 1.1 and later. +.SH virtual_alias_address_length_limit (default: 1000) +The maximal length of an email address after virtual alias expansion. +This stops virtual aliasing loops that increase the address length +exponentially. +.PP +This feature is available in Postfix 3.0 and later. +.SH virtual_alias_domains (default: $virtual_alias_maps) +Postfix is the final destination for the specified list of virtual +alias domains, that is, domains for which all addresses are aliased +to addresses in other local or remote domains. The SMTP server +validates recipient addresses with $virtual_alias_maps and rejects +non\-existent recipients. See also the virtual alias domain class +in the ADDRESS_CLASS_README file +.PP +This feature is available in Postfix 2.0 and later. The default +value is backwards compatible with Postfix version 1.1. +.PP +The default value is $virtual_alias_maps so that you can keep all +information about virtual alias domains in one place. If you have +many users, it is better to separate information that changes more +frequently (virtual address \-> local or remote address mapping) +from information that changes less frequently (the list of virtual +domain names). +.PP +Specify a list of host or domain names, "/file/name" or +"type:table" patterns, separated by commas and/or whitespace. A +"/file/name" pattern is replaced by its contents; a "type:table" +lookup table is matched when a table entry matches a host or domain name +(the lookup result is ignored). Continue long lines by starting +the next line with whitespace. Specify "!pattern" to exclude a host +or domain name from the list. The form "!/file/name" is supported +only in Postfix version 2.4 and later. +.PP +See also the VIRTUAL_README and ADDRESS_CLASS_README documents +for further information. +.PP +Example: +.PP +.nf +.na +.ft C +virtual_alias_domains = virtual1.tld virtual2.tld +.fi +.ad +.ft R +.SH virtual_alias_expansion_limit (default: 1000) +The maximal number of addresses that virtual alias expansion produces +from each original recipient. +.PP +This feature is available in Postfix 2.1 and later. +.SH virtual_alias_maps (default: $virtual_maps) +Optional lookup tables that alias specific mail addresses or domains +to other local or remote addresses. The table format and lookups +are documented in \fBvirtual\fR(5). For an overview of Postfix address +manipulations see the ADDRESS_REWRITING_README document. +.PP +This feature is available in Postfix 2.0 and later. The default +value is backwards compatible with Postfix version 1.1. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +Note: these lookups are recursive. +.PP +If you use this feature with indexed files, run "\fBpostmap +/etc/postfix/virtual\fR" after changing the file. +.PP +Examples: +.PP +.nf +.na +.ft C +virtual_alias_maps = dbm:/etc/postfix/virtual +virtual_alias_maps = hash:/etc/postfix/virtual +.fi +.ad +.ft R +.SH virtual_alias_recursion_limit (default: 1000) +The maximal nesting depth of virtual alias expansion. Currently +the recursion limit is applied only to the left branch of the +expansion graph, so the depth of the tree can in the worst case +reach the sum of the expansion and recursion limits. This may +change in the future. +.PP +This feature is available in Postfix 2.1 and later. +.SH virtual_delivery_status_filter (default: $default_delivery_status_filter) +Optional filter for the \fBvirtual\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. See default_delivery_status_filter for details. +.PP +This feature is available in Postfix 3.0 and later. +.SH virtual_destination_concurrency_limit (default: $default_destination_concurrency_limit) +The maximal number of parallel deliveries to the same destination +via the virtual message delivery transport. This limit is enforced +by the queue manager. The message delivery transport name is the +first field in the entry in the master.cf file. +.SH virtual_destination_recipient_limit (default: $default_destination_recipient_limit) +The maximal number of recipients per message for the virtual +message delivery transport. This limit is enforced by the queue +manager. The message delivery transport name is the first field in +the entry in the master.cf file. +.PP +Setting this parameter to a value of 1 changes the meaning of +virtual_destination_concurrency_limit from concurrency per domain +into concurrency per recipient. +.SH virtual_gid_maps (default: empty) +Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox +delivery. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +In a lookup table, specify a left\-hand side of "@domain.tld" to +match any user in the specified domain that does not have a specific +"user@domain.tld" entry. +.PP +When a recipient address has an optional address extension +(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up +the full address first, and when the lookup fails, it looks up the +unextended address (user@domain.tld). +.PP +Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows +regular expression substitution of $1 etc. in regular expression +lookup tables, because that would open a security hole. +.PP +Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will +silently ignore requests to use the \fBproxymap\fR(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +\fBvirtual\fR(8) delivery agent will terminate with a fatal error. +.SH virtual_mailbox_base (default: empty) +A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname +results from $virtual_mailbox_maps table lookups. This is a safety +measure to ensure that an out of control map doesn't litter the +file system with mailboxes. While virtual_mailbox_base could be +set to "/", this setting isn't recommended. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP +Example: +.PP +.nf +.na +.ft C +virtual_mailbox_base = /var/mail +.fi +.ad +.ft R +.SH virtual_mailbox_domains (default: $virtual_mailbox_maps) +Postfix is the final destination for the specified list of domains; +mail is delivered via the $virtual_transport mail delivery transport. +By default this is the Postfix \fBvirtual\fR(8) delivery agent. The SMTP +server validates recipient addresses with $virtual_mailbox_maps +and rejects mail for non\-existent recipients. See also the virtual +mailbox domain class in the ADDRESS_CLASS_README file. +.PP +This parameter expects the same syntax as the mydestination +configuration parameter. +.PP +This feature is available in Postfix 2.0 and later. The default +value is backwards compatible with Postfix version 1.1. +.SH virtual_mailbox_limit (default: 51200000) +The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or +maildir file, or zero (no limit). +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.SH virtual_mailbox_lock (default: see "postconf \-d" output) +How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting +delivery. For a list of available file locking methods, use the +"\fBpostconf \-l\fR" command. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP +This setting is ignored with \fBmaildir\fR style delivery, because +such deliveries are safe without application\-level locks. +.PP +Note 1: the \fBdotlock\fR method requires that the recipient UID +or GID has write access to the parent directory of the recipient's +mailbox file. +.PP +Note 2: the default setting of this parameter is system dependent. +.SH virtual_mailbox_maps (default: empty) +Optional lookup tables with all valid addresses in the domains that +match $virtual_mailbox_domains. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +In a lookup table, specify a left\-hand side of "@domain.tld" to +match any user in the specified domain that does not have a specific +"user@domain.tld" entry. +.PP +With the default "virtual_mailbox_domains = $virtual_mailbox_maps", +lookup tables also need entries with a left\-hand side of "domain.tld" +to satisfy virtual_mailbox_domain lookups (the right\-hand side is +required but will not be used). +.PP +The remainder of this text is specific to the \fBvirtual\fR(8) delivery +agent. It does not apply when mail is delivered with a different +mail delivery program. +.PP +The \fBvirtual\fR(8) delivery agent uses this table to look up the +per\-recipient mailbox or maildir pathname. If the lookup result +ends in a slash ("/"), maildir\-style delivery is carried out, +otherwise the path is assumed to specify a UNIX\-style mailbox file. +Note that $virtual_mailbox_base is unconditionally prepended to +this path. +.PP +When a recipient address has an optional address extension +(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up +the full address first, and when the lookup fails, it looks up the +unextended address (user@domain.tld). +.PP +Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows +regular expression substitution of $1 etc. in regular expression +lookup tables, because that would open a security hole. +.PP +Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will +silently ignore requests to use the \fBproxymap\fR(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +\fBvirtual\fR(8) delivery agent will terminate with a fatal error. +.SH virtual_maps (default: empty) +Optional lookup tables with a) names of domains for which all +addresses are aliased to addresses in other local or remote domains, +and b) addresses that are aliased to addresses in other local or +remote domains. Available before Postfix version 2.0. With Postfix +version 2.0 and later, this is replaced by separate controls: virtual_alias_domains +and virtual_alias_maps. +.SH virtual_minimum_uid (default: 100) +The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts +as a result from $virtual_uid_maps table lookup. Returned +values less than this will be rejected, and the message will be +deferred. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.SH virtual_transport (default: virtual) +The default mail delivery transport and next\-hop destination for +final delivery to domains listed with $virtual_mailbox_domains. +This information can be overruled with the \fBtransport\fR(5) table. +.PP +Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR +is the name of a mail delivery transport defined in master.cf. +The \fI:nexthop\fR destination is optional; its syntax is documented +in the manual page of the corresponding delivery agent. +.PP +This feature is available in Postfix 2.0 and later. +.SH virtual_uid_maps (default: empty) +Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8) +delivery agent uses while writing to the recipient's mailbox. +.PP +This parameter is specific to the \fBvirtual\fR(8) delivery agent. +It does not apply when mail is delivered with a different mail +delivery program. +.PP +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +.PP +In a lookup table, specify a left\-hand side of "@domain.tld" +to match any user in the specified domain that does not have a +specific "user@domain.tld" entry. +.PP +When a recipient address has an optional address extension +(user+foo@domain.tld), the \fBvirtual\fR(8) delivery agent looks up +the full address first, and when the lookup fails, it looks up the +unextended address (user@domain.tld). +.PP +Note 1: for security reasons, the \fBvirtual\fR(8) delivery agent disallows +regular expression substitution of $1 etc. in regular expression +lookup tables, because that would open a security hole. +.PP +Note 2: for security reasons, the \fBvirtual\fR(8) delivery agent will +silently ignore requests to use the \fBproxymap\fR(8) server. Instead +it will open the table directly. Before Postfix version 2.2, the +\fBvirtual\fR(8) delivery agent will terminate with a fatal error. +.SH SEE ALSO +.na +.nf +postconf(1), Postfix configuration parameter maintenance +master(5), Postfix daemon configuration maintenance +.SH LICENSE +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH AUTHOR(S) +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA +.sp +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA +.sp +Viktor Dukhovni diff --git a/man/man5/postfix-wrapper.5 b/man/man5/postfix-wrapper.5 new file mode 100644 index 0000000..3f4ee9c --- /dev/null +++ b/man/man5/postfix-wrapper.5 @@ -0,0 +1,317 @@ +.TH POSTFIX-WRAPPER 5 +.ad +.fi +.SH NAME +postfix-wrapper +\- +Postfix multi\-instance API +.SH DESCRIPTION +.ad +.fi +Support for managing multiple Postfix instances is available +as of version 2.6. Instances share executable files and +documentation, but have their own directories for configuration, +queue and data files. + +This document describes how the familiar "postfix start" +etc. user interface can be used to manage one or multiple +Postfix instances, and gives details of an API to coordinate +activities between the postfix(1) command and a multi\-instance +manager program. + +With multi\-instance support, the default Postfix instance +is always required. This instance is identified by the +config_directory parameter's default value. +.SH "GENERAL OPERATION" +.na +.nf +.ad +.fi +Multi\-instance support is backwards compatible: when you +run only one Postfix instance, commands such as "postfix +start" will not change behavior at all. + +Even with multiple Postfix instances, you can keep using +the same postfix commands in boot scripts, upgrade procedures, +and other places. The commands do more work, but humans are +not forced to learn new tricks. + +For example, to start all Postfix instances, use: +.IP +# postfix start +.PP +Other postfix(1) commands also work as expected. For example, +to find out what Postfix instances exist in a multi\-instance +configuration, use: +.IP +# postfix status +.PP +This enumerates the status of all Postfix instances within +a multi\-instance configuration. +.SH "MANAGING AN INDIVIDUAL POSTFIX INSTANCE" +.na +.nf +.ad +.fi +To manage a specific Postfix instance, specify its configuration +directory on the postfix(1) command line: +.IP +# postfix \-c \fI/path/to/config_directory command\fR +.PP +Alternatively, the postfix(1) command accepts the instance's +configuration directory via the MAIL_CONFIG environment +variable (the \-c command\-line option has higher precedence). + +Otherwise, the postfix(1) command will operate on all Postfix +instances. +.SH "ENABLING POSTFIX(1) MULTI-INSTANCE MODE" +.na +.nf +.ad +.fi +By default, the postfix(1) command operates in single\-instance +mode. In this mode the command invokes the postfix\-script +file directly (currently installed in the daemon directory). +This file contains the commands that start or stop one +Postfix instance, that upgrade the configuration of one +Postfix instance, and so on. + +When the postfix(1) command operates in multi\-instance mode +as discussed below, the command needs to execute start, +stop, etc. commands for each Postfix instance. This +multiplication of commands is handled by a multi\-instance +manager program. + +Turning on postfix(1) multi\-instance mode goes as follows: +in the default Postfix instance's main.cf file, 1) specify +the pathname of a multi\-instance manager program with the +multi_instance_wrapper parameter; 2) populate the +multi_instance_directories parameter with the configuration +directory pathnames of additional Postfix instances. For +example: +.IP +.nf +/etc/postfix/main.cf: + multi_instance_wrapper = $daemon_directory/postfix\-wrapper + multi_instance_directories = /etc/postfix\-test +.fi +.PP +The $daemon_directory/postfix\-wrapper file implements a +simple manager and contains instructions for creating Postfix +instances by hand. The postmulti(1) command provides a +more extensive implementation including support for life\-cycle +management. + +The multi_instance_directories and other main.cf parameters +are listed below in the CONFIGURATION PARAMETERS section. + +In multi\-instance mode, the postfix(1) command invokes the +$multi_instance_wrapper command instead of the postfix\-script +file. This multi\-instance manager in turn executes the +postfix(1) command in single\-instance mode for each Postfix +instance. + +To illustrate the main ideas behind multi\-instance operation, +below is an example of a simple but useful multi\-instance +manager implementation: +.IP +.nf +#!/bin/sh + +: ${command_directory?"do not invoke this command directly"} + +POSTCONF=$command_directory/postconf +POSTFIX=$command_directory/postfix +instance_dirs=\`$POSTCONF \-h multi_instance_directories | + sed 's/,/ /'\` || exit 1 + +err=0 +for dir in $config_directory $instance_dirs +do + case "$1" in + stop|abort|flush|reload|drain) + test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e + = yes || continue;; + start) + test "\`$POSTCONF \-c $dir \-h multi_instance_enable\`" \e + = yes || { + $POSTFIX \-c $dir check || err=$? + continue + };; + esac + $POSTFIX \-c $dir "$@" || err=$? +done + +exit $err +.fi +.SH "PER-INSTANCE MULTI-INSTANCE MANAGER CONTROLS" +.na +.nf +.ad +.fi +Each Postfix instance has its own main.cf file with parameters +that control how the multi\-instance manager operates on +that instance. This section discusses the most important +settings. + +The setting "multi_instance_enable = yes" allows the +multi\-instance manager to start (stop, etc.) the corresponding +Postfix instance. For safety reasons, this setting is not +the default. + +The default setting "multi_instance_enable = no" is useful +for manual testing with "postfix \-c \fI/path/name\fR start" +etc. The multi\-instance manager will not start such an +instance, and it will skip commands such as "stop" or "flush" +that require a running Postfix instance. The multi\-instance +manager will execute commands such as "check", "set\-permissions" +or "upgrade\-configuration", and it will replace "start" by +"check" so that problems will be reported even when the +instance is disabled. +.SH "MAINTAINING SHARED AND NON-SHARED FILES" +.na +.nf +.ad +.fi +Some files are shared between Postfix instances, such as +executables and manpages, and some files are per\-instance, +such as configuration files, mail queue files, and data +files. See the NON\-SHARED FILES section below for a list +of per\-instance files. + +Before Postfix multi\-instance support was implemented, the +executables, manpages, etc., have always been maintained +as part of the default Postfix instance. + +With multi\-instance support, we simply continue to do this. +Specifically, a Postfix instance will not check or update +shared files when that instance's config_directory value is +listed with the default main.cf file's multi_instance_directories +parameter. + +The consequence of this approach is that the default Postfix +instance should be checked and updated before any other +instances. +.SH "MULTI-INSTANCE API SUMMARY" +.na +.nf +.ad +.fi +Only the multi\-instance manager implements support for the +multi_instance_enable configuration parameter. The +multi\-instance manager will start only Postfix instances +whose main.cf file has "multi_instance_enable = yes". A +setting of "no" allows a Postfix instance to be tested by +hand. + +The postfix(1) command operates on only one Postfix instance +when the \-c option is specified, or when MAIL_CONFIG is +present in the process environment. This is necessary to +terminate recursion. + +Otherwise, when the multi_instance_directories parameter +value is non\-empty, the postfix(1) command executes the +command specified with the multi_instance_wrapper parameter, +instead of executing the commands in postfix\-script. + +The multi\-instance manager skips commands such as "stop" +or "reload" that require a running Postfix instance, when +an instance does not have "multi_instance_enable = yes". +This avoids false error messages. + +The multi\-instance manager replaces a "start" command by +"check" when a Postfix instance's main.cf file does not +have "multi_instance_enable = yes". This substitution ensures +that problems will be reported even when the instance is +disabled. + +No Postfix command or script will update or check shared +files when its config_directory value is listed in the +default main.cf's multi_instance_directories parameter +value. Therefore, the default instance should be checked +and updated before any Postfix instances that depend on it. + +Set\-gid commands such as postdrop(1) and postqueue(1) +effectively append the multi_instance_directories parameter +value to the legacy alternate_config_directories parameter +value. The commands use this information to determine whether +a \-c option or MAIL_CONFIG environment setting specifies a +legitimate value. + +The legacy alternate_config_directories parameter remains +necessary for non\-default Postfix instances that are running +different versions of Postfix, or that are not managed +together with the default Postfix instance. +.SH "ENVIRONMENT VARIABLES" +.na +.nf +.ad +.fi +.IP MAIL_CONFIG +When present, this forces the postfix(1) command to operate +only on the specified Postfix instance. This environment +variable is exported by the postfix(1) \-c option, so that +postfix(1) commands in descendant processes will work +correctly. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The text below provides only a parameter summary. See +postconf(5) for more details. +.IP "\fBmulti_instance_directories (empty)\fR" +An optional list of non\-default Postfix configuration directories; +these directories belong to additional Postfix instances that share +the Postfix executable files and documentation with the default +Postfix instance, and that are started, stopped, etc., together +with the default Postfix instance. +.IP "\fBmulti_instance_wrapper (empty)\fR" +The pathname of a multi\-instance manager command that the +\fBpostfix\fR(1) command invokes when the multi_instance_directories +parameter value is non\-empty. +.IP "\fBmulti_instance_name (empty)\fR" +The optional instance name of this Postfix instance. +.IP "\fBmulti_instance_group (empty)\fR" +The optional instance group name of this Postfix instance. +.IP "\fBmulti_instance_enable (no)\fR" +Allow this Postfix instance to be started, stopped, etc., by a +multi\-instance manager. +.SH "NON-SHARED FILES" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.SH "SEE ALSO" +.na +.nf +postfix(1) Postfix control program +postmulti(1) full\-blown multi\-instance manager +$daemon_directory/postfix\-wrapper simple multi\-instance manager +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this +software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/regexp_table.5 b/man/man5/regexp_table.5 new file mode 100644 index 0000000..9eeefe4 --- /dev/null +++ b/man/man5/regexp_table.5 @@ -0,0 +1,236 @@ +.TH REGEXP_TABLE 5 +.ad +.fi +.SH NAME +regexp_table +\- +format of Postfix regular expression tables +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- regexp:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting, mail routing, or access control. These tables +are usually in \fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified in POSIX regular +expression form. In this case, each input is compared against a +list of patterns. When a match is found, the corresponding +result is returned and the search is terminated. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command +as described in the SYNOPSIS above. Use "\fBpostmap \-hmq +\-\fR <\fIfile\fR" for header_checks(5) patterns, and +"\fBpostmap \-bmq \-\fR <\fIfile\fR" for body_checks(5) +(Postfix 2.6 and later). +.SH "COMPATIBILITY" +.na +.nf +.ad +.fi +With Postfix version 2.2 and earlier specify "\fBpostmap +\-fq\fR" to query a table that contains case sensitive +patterns. Patterns are case insensitive by default. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The general form of a Postfix regular expression table is: +.IP "\fB/\fIpattern\fB/\fIflags result\fR" +When \fIpattern\fR matches the input string, +use the corresponding \fIresult\fR value. +.IP "\fB!/\fIpattern\fB/\fIflags result\fR" +When \fIpattern\fR does \fBnot\fR match the input string, +use the corresponding \fIresult\fR value. +.IP "\fBif /\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string matches /\fIpattern\fR/, then match that +input string against the patterns between \fBif\fR and +\fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to patterns inside +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "\fBif !/\fIpattern\fB/\fIflags\fR" +.IP "\fBendif\fR" +If the input string does not match /\fIpattern\fR/, then +match that input string against the patterns between \fBif\fR +and \fBendif\fR. The \fBif\fR..\fBendif\fR can nest. +.sp +Note: do not prepend whitespace to patterns inside +\fBif\fR..\fBendif\fR. +.sp +This feature is available in Postfix 2.1 and later. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.PP +Each pattern is a POSIX regular expression enclosed by a pair of +delimiters. The regular expression syntax is documented in +\fBre_format\fR(7) with 4.4BSD, in \fBregex\fR(5) with Solaris, and in +\fBregex\fR(7) with Linux. Other systems may use other document names. + +The expression delimiter can be any non\-alphanumerical +character, except whitespace +or characters that have special meaning (traditionally the forward +slash is used). The regular expression can contain whitespace. + +By default, matching is case\-insensitive, and newlines are not +treated as special characters. The behavior is controlled by flags, +which are toggled by appending one or more of the following +characters after the pattern: +.IP "\fBi\fR (default: on)" +Toggles the case sensitivity flag. By default, matching is case +insensitive. +.IP "\fBm\fR (default: off)" +Toggle the multi\-line mode flag. When this flag is on, the \fB^\fR +and \fB$\fR metacharacters match immediately after and immediately +before a newline character, respectively, in addition to +matching at the start and end of the input string. +.IP "\fBx\fR (default: on)" +Toggles the extended expression syntax flag. By default, support +for extended expression syntax is enabled. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the input string. + +Each pattern is applied to the entire input string. +Depending on the application, that string is an entire client +hostname, an entire client IP address, or an entire mail address. +Thus, no parent domain or parent network search is done, and +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR +broken up into \fIuser\fR and \fIfoo\fR. +.SH "TEXT SUBSTITUTION" +.na +.nf +.ad +.fi +Substitution of substrings (text that matches patterns +inside "()") from the matched expression into the result +string is requested with $1, $2, etc.; specify $$ to produce +a $ character as output. +The macros in the result string may need to be written as +${n} or $(n) if they aren't followed by whitespace. + +Note: since negated patterns (those preceded by \fB!\fR) return a +result when the expression does not match, substitutions are not +available for negated patterns. +.SH "INLINE SPECIFICATION" +.na +.nf +.ad +.fi +The contents of a table may be specified in the table name +(Postfix 3.7 and later). +The basic syntax is: + +.nf +main.cf: + \fIparameter\fR \fB= .. regexp:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } ..\fR + +master.cf: + \fB.. \-o { \fIparameter\fR \fB= .. regexp:{ { \fIrule\-1\fB }, { \fIrule\-2\fB } .. } .. } ..\fR +.fi + +Postfix ignores whitespace after '{' and before '}', and +writes each \fIrule\fR as one text line to an in\-memory +file: + +.nf +in\-memory file: + rule\-1 + rule\-2 + .. +.fi + +Postfix parses the result as if it is a file in /etc/postfix. + +Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep +Postfix from trying to do \fI$name\fR expansion as it +evaluates a parameter value. +.SH "EXAMPLE SMTPD ACCESS MAP" +.na +.nf +# Disallow sender\-specified routing. This is a must if you relay mail +# for other domains. +/[%!@].*[%!@]/ 550 Sender\-specified routing rejected + +# Postmaster is OK, that way they can talk to us about how to fix +# their problem. +/^postmaster@/ OK + +# Protect your outgoing majordomo exploders +if !/^owner\-/ +/^(.*)\-outgoing@(.*)$/ 550 Use ${1}@${2} instead +endif +.SH "EXAMPLE HEADER FILTER MAP" +.na +.nf +# These were once common in junk mail. +/^Subject: make money fast/ REJECT +/^To: friend@public\\.com/ REJECT +.SH "EXAMPLE BODY FILTER MAP" +.na +.nf +# First skip over base 64 encoded text to save CPU cycles. +~^[[:alnum:]+/]{60,}$~ OK + +# Put your own body patterns here. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +pcre_table(5), format of PCRE tables +cidr_table(5), format of CIDR tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "AUTHOR(S)" +.na +.nf +The regexp table lookup code was originally written by: +LaMont Jones +lamont@hp.com + +That code was based on the PCRE dictionary contributed by: +Andrew McNamara +andrewm@connect.com.au +connect.com.au Pty. Ltd. +Level 3, 213 Miller St +North Sydney, NSW, Australia + +Adopted and adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/relocated.5 b/man/man5/relocated.5 new file mode 100644 index 0000000..fbc85a3 --- /dev/null +++ b/man/man5/relocated.5 @@ -0,0 +1,195 @@ +.TH RELOCATED 5 +.ad +.fi +.SH NAME +relocated +\- +Postfix relocated table format +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/relocated\fR +.SH DESCRIPTION +.ad +.fi +The optional \fBrelocated\fR(5) table provides the information that is +used in "user has moved to \fInew_location\fR" bounce messages. + +Normally, the \fBrelocated\fR(5) table is specified as a text file +that serves as input to the \fBpostmap\fR(1) command. +The result, an indexed file in \fBdbm\fR or \fBdb\fR format, +is used for fast searching by the mail system. Execute the command +"\fBpostmap /etc/postfix/relocated\fR" to rebuild an indexed +file after changing the corresponding relocated table. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those case, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". + +Table lookups are case insensitive. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP \(bu +An entry has one of the following form: + +.nf + \fIpattern new_location\fR +.fi + +Where \fInew_location\fR specifies contact information such as +an email address, or perhaps a street address or telephone number. +.IP \(bu +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP \(bu +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, patterns are tried in the order as +listed below: +.IP \fIuser\fR@\fIdomain\fR +Matches \fIuser\fR@\fIdomain\fR. This form has precedence over all +other forms. +.IP \fIuser\fR +Matches \fIuser\fR@\fIsite\fR when \fIsite\fR is $\fBmyorigin\fR, +when \fIsite\fR is listed in $\fBmydestination\fR, or when \fIsite\fR +is listed in $\fBinet_interfaces\fR or $\fBproxy_interfaces\fR. +.IP @\fIdomain\fR +Matches other addresses in \fIdomain\fR. This form has the lowest +precedence. +.SH "ADDRESS EXTENSION" +.na +.nf +.fi +.ad +When a mail address localpart contains the optional recipient delimiter +(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, +\fIuser\fR, and @\fIdomain\fR. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions or when lookups are +directed to a TCP\-based server. For a description of regular +expression lookup table syntax, see \fBregexp_table\fR(5) or +\fBpcre_table\fR(5). For a description of the TCP client/server +table lookup protocol, see \fBtcp_table\fR(5). +This feature is available in Postfix 2.5 and later. + +Each pattern is a regular expression that is applied to the entire +address being looked up. Thus, \fIuser@domain\fR mail addresses are not +broken up into their \fIuser\fR and \fI@domain\fR constituent parts, +nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +Results are the same as with indexed file lookups, with +the additional feature that parenthesized substrings from the +pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is available in Postfix 2.5 and later. + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. +.SH BUGS +.ad +.fi +The table format does not understand quoting conventions. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBrelocated_maps (empty)\fR" +Optional lookup tables with new contact information for users or +domains that no longer exist. +.PP +Other parameters of interest: +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address resolver +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +ADDRESS_REWRITING_README, address rewriting guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/socketmap_table.5 b/man/man5/socketmap_table.5 new file mode 100644 index 0000000..c53db3d --- /dev/null +++ b/man/man5/socketmap_table.5 @@ -0,0 +1,120 @@ +.TH SOCKETMAP_TABLE 5 +.ad +.fi +.SH NAME +socketmap_table +\- +Postfix socketmap table lookup client +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fR +.br +\fBpostmap \-q "\fIstring\fB" socketmap:unix:\fIpathname\fB:\fIname\fR + +\fBpostmap \-q \- socketmap:inet:\fIhost\fB:\fIport\fB:\fIname\fB <\fIinputfile\fR +.br +\fBpostmap \-q \- socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting. mail routing or policy lookup. + +The Postfix socketmap client expects TCP endpoint names of +the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or +UNIX\-domain endpoints of the form \fBunix:\fIpathname\fB:\fIname\fR. +In both cases, \fIname\fR specifies the name field in a +socketmap client request (see "REQUEST FORMAT" below). +.SH "PROTOCOL" +.na +.nf +.ad +.fi +Socketmaps use a simple protocol: the client sends one +request, and the server sends one reply. Each request and +each reply are sent as one netstring object. +.SH "REQUEST FORMAT" +.na +.nf +.ad +.fi +The socketmap protocol supports only the lookup request. +The request has the following form: + +.IP "\fB\fIname\fB <space> \fIkey\fR" +Search the named socketmap for the specified key. +.PP +Postfix will not generate partial search keys such as domain +names without one or more subdomains, network addresses +without one or more least\-significant octets, or email +addresses without the localpart, address extension or domain +portion. This behavior is also found with cidr:, pcre:, and +regexp: tables. +.SH "REPLY FORMAT" +.na +.nf +.ad +.fi +The Postfix socketmap client requires that replies are not +longer than 100000 characters (not including the netstring +encapsulation). Replies must have the following form: +.IP "\fBOK <space> \fIdata\fR" +The requested data was found. +.IP "\fBNOTFOUND <space>" +The requested data was not found. +.IP "\fBTEMP <space> \fIreason\fR" +.IP "\fBTIMEOUT <space> \fIreason\fR" +.IP "\fBPERM <space> \fIreason\fR" +The request failed. The reason, if non\-empty, is descriptive +text. +.SH "SECURITY" +.na +.nf +This map cannot be used for security\-sensitive information, +because neither the connection nor the server are authenticated. +.SH "SEE ALSO" +.na +.nf +http://cr.yp.to/proto/netstrings.txt, netstring definition +postconf(1), Postfix supported lookup tables +postmap(1), Postfix lookup table manager +regexp_table(5), format of regular expression tables +pcre_table(5), format of PCRE tables +cidr_table(5), format of CIDR tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH BUGS +.ad +.fi +The protocol limits are not yet configurable. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +Socketmap support was introduced with Postfix version 2.10. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/sqlite_table.5 b/man/man5/sqlite_table.5 new file mode 100644 index 0000000..c065597 --- /dev/null +++ b/man/man5/sqlite_table.5 @@ -0,0 +1,284 @@ +.TH SQLITE_TABLE 5 +.ad +.fi +.SH NAME +sqlite_table +\- +Postfix SQLite configuration +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" sqlite:/etc/postfix/\fIfilename\fR + +\fBpostmap \-q \- sqlite:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. + +Alternatively, lookup tables can be specified as SQLite databases. +In order to use SQLite lookups, define an SQLite source as a lookup +table in main.cf, for example: +.nf + alias_maps = sqlite:/etc/postfix/sqlite\-aliases.cf +.fi + +The file /etc/postfix/sqlite\-aliases.cf has the same format as +the Postfix main.cf file, and can specify the parameters +described below. +.SH "LIST MEMBERSHIP" +.na +.nf +.ad +.fi +When using SQL to store lists such as $mynetworks, +$mydestination, $relay_domains, $local_recipient_maps, +etc., it is important to understand that the table must +store each list member as a separate key. The table lookup +verifies the *existence* of the key. See "Postfix lists +versus tables" in the DATABASE_README document for a +discussion. + +Do NOT create tables that return the full list of domains +in $mydestination or $relay_domains etc., or IP addresses +in $mynetworks. + +DO create tables with each matching item as a key and with +an arbitrary value. With SQL databases it is not uncommon to +return the key itself or a constant value. +.SH "SQLITE PARAMETERS" +.na +.nf +.ad +.fi +.IP "\fBdbpath\fR" +The SQLite database file location. Example: +.nf + dbpath = customer_database +.fi +.IP "\fBquery\fR" +The SQL query template used to search the database, where \fB%s\fR +is a substitute for the address Postfix is trying to resolve, +e.g. +.nf + query = SELECT replacement FROM aliases WHERE mailbox = '%s' +.fi + +This parameter supports the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the input key. +SQL quoting is used to make sure that the input key does not +add unexpected metacharacters. +.IP "\fB%u\fR" +When the input key is an address of the form user@domain, \fB%u\fR +is replaced by the SQL quoted local part of the address. +Otherwise, \fB%u\fR is replaced by the entire search string. +If the localpart is empty, the query is suppressed and returns +no results. +.IP "\fB%d\fR" +When the input key is an address of the form user@domain, \fB%d\fR +is replaced by the SQL quoted domain part of the address. +Otherwise, the query is suppressed and returns no results. +.IP "\fB%[SUD]\fR" +The upper\-case equivalents of the above expansions behave in the +\fBquery\fR parameter identically to their lower\-case counter\-parts. +With the \fBresult_format\fR parameter (see below), they expand the +input key rather than the result value. +.IP "\fB%[1\-9]\fR" +The patterns %1, %2, ... %9 are replaced by the corresponding +most significant component of the input key's domain. If the +input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR, +%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is +unqualified or does not have enough domain components to satisfy +all the specified patterns, the query is suppressed and returns +no results. +.RE +.IP +The \fBdomain\fR parameter described below limits the input +keys to addresses in matching domains. When the \fBdomain\fR +parameter is non\-empty, SQL queries for unqualified addresses +or addresses in non\-matching domains are suppressed +and return no results. + +This parameter is available with Postfix 2.2. In prior releases +the SQL query was built from the separate parameters: +\fBselect_field\fR, \fBtable\fR, \fBwhere_field\fR and +\fBadditional_conditions\fR. The mapping from the old parameters +to the equivalent query is: + +.nf + SELECT [\fBselect_field\fR] + FROM [\fBtable\fR] + WHERE [\fBwhere_field\fR] = '%s' + [\fBadditional_conditions\fR] +.fi + +The '%s' in the \fBWHERE\fR clause expands to the escaped search string. +With Postfix 2.2 these legacy parameters are used if the \fBquery\fR +parameter is not specified. + +NOTE: DO NOT put quotes around the query parameter. +.IP "\fBresult_format (default: \fB%s\fR)\fR" +Format template applied to result attributes. Most commonly used +to append (or prepend) text to the result. This parameter supports +the following '%' expansions: +.RS +.IP "\fB%%\fR" +This is replaced by a literal '%' character. +.IP "\fB%s\fR" +This is replaced by the value of the result attribute. When +result is empty it is skipped. +.IP "\fB%u\fR +When the result attribute value is an address of the form +user@domain, \fB%u\fR is replaced by the local part of the +address. When the result has an empty localpart it is skipped. +.IP "\fB%d\fR" +When a result attribute value is an address of the form +user@domain, \fB%d\fR is replaced by the domain part of +the attribute value. When the result is unqualified it +is skipped. +.IP "\fB%[SUD1\-9]\fR" +The upper\-case and decimal digit expansions interpolate +the parts of the input key rather than the result. Their +behavior is identical to that described with \fBquery\fR, +and in fact because the input key is known in advance, queries +whose key does not contain all the information specified in +the result template are suppressed and return no results. +.RE +.IP +For example, using "result_format = smtp:[%s]" allows one +to use a mailHost attribute as the basis of a transport(5) +table. After applying the result format, multiple values +are concatenated as comma separated strings. The expansion_limit +and parameter explained below allows one to restrict the number +of values in the result, which is especially useful for maps that +must return at most one value. + +The default value \fB%s\fR specifies that each result value should +be used as is. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT put quotes around the result format! +.IP "\fBdomain (default: no domain list)\fR" +This is a list of domain names, paths to files, or "type:table" +databases. When specified, only fully qualified search +keys with a *non\-empty* localpart and a matching domain +are eligible for lookup: 'user' lookups, bare domain lookups +and "@domain" lookups are not performed. This can significantly +reduce the query load on the SQLite server. +.nf + domain = postfix.org, hash:/etc/postfix/searchdomains +.fi + +It is best not to use SQL to store the domains eligible +for SQL lookups. + +This parameter is available with Postfix 2.2 and later. + +NOTE: DO NOT define this parameter for local(8) aliases, +because the input keys are always unqualified. +.IP "\fBexpansion_limit (default: 0)\fR" +A limit on the total number of result elements returned +(as a comma separated list) by a lookup against the map. +A setting of zero disables the limit. Lookups fail with a +temporary error if the limit is exceeded. Setting the +limit to 1 ensures that lookups do not return multiple +values. +.SH "OBSOLETE MAIN.CF PARAMETERS" +.na +.nf +.ad +.fi +For compatibility with other Postfix lookup tables, SQLite +parameters can also be defined in main.cf. In order to do that, +specify as SQLite source a name that doesn't begin with a slash +or a dot. The SQLite parameters will then be accessible as the +name you've given the source in its definition, an underscore, +and the name of the parameter. For example, if the map is +specified as "sqlite:\fIsqlitename\fR", the parameter "query" +would be defined in main.cf as "\fIsqlitename\fR_query". +.SH "OBSOLETE QUERY INTERFACE" +.na +.nf +.ad +.fi +This section describes an interface that is deprecated as +of Postfix 2.2. It is replaced by the more general \fBquery\fR +interface described above. If the \fBquery\fR parameter +is defined, the legacy parameters described here ignored. +Please migrate to the new interface as the legacy interface +may be removed in a future release. + +The following parameters can be used to fill in a +SELECT template statement of the form: + +.nf + SELECT [\fBselect_field\fR] + FROM [\fBtable\fR] + WHERE [\fBwhere_field\fR] = '%s' + [\fBadditional_conditions\fR] +.fi + +The specifier %s is replaced by the search string, and is +escaped so if it contains single quotes or other odd characters, +it will not cause a parse error, or worse, a security problem. +.IP "\fBselect_field\fR" +The SQL "select" parameter. Example: +.nf + \fBselect_field\fR = forw_addr +.fi +.IP "\fBtable\fR" +The SQL "select .. from" table name. Example: +.nf + \fBtable\fR = mxaliases +.fi +.IP "\fBwhere_field\fR +The SQL "select .. where" parameter. Example: +.nf + \fBwhere_field\fR = alias +.fi +.IP "\fBadditional_conditions\fR +Additional conditions to the SQL query. Example: +.nf + \fBadditional_conditions\fR = AND status = 'paid' +.fi +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table maintenance +postconf(5), configuration parameters +ldap_table(5), LDAP lookup tables +mysql_table(5), MySQL lookup tables +pgsql_table(5), PostgreSQL lookup tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +SQLITE_README, Postfix SQLITE howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +SQLite support was introduced with Postfix version 2.8. +.SH "AUTHOR(S)" +.na +.nf +Original implementation by: +Axel Steiner diff --git a/man/man5/tcp_table.5 b/man/man5/tcp_table.5 new file mode 100644 index 0000000..02a7989 --- /dev/null +++ b/man/man5/tcp_table.5 @@ -0,0 +1,133 @@ +.TH TCP_TABLE 5 +.ad +.fi +.SH NAME +tcp_table +\- +Postfix client/server table lookup protocol +.SH "SYNOPSIS" +.na +.nf +\fBpostmap \-q "\fIstring\fB" tcp:\fIhost:port\fR + +\fBpostmap \-q \- tcp:\fIhost:port\fB <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The Postfix mail system uses optional tables for address +rewriting or mail routing. These tables are usually in +\fBdbm\fR or \fBdb\fR format. Alternatively, table lookups +can be directed to a TCP server. + +To find out what types of lookup tables your Postfix system +supports use the "\fBpostconf \-m\fR" command. + +To test lookup tables, use the "\fBpostmap \-q\fR" command as +described in the SYNOPSIS above. +.SH "PROTOCOL DESCRIPTION" +.na +.nf +.ad +.fi +The TCP map class implements a very simple protocol: the client +sends a request, and the server sends one reply. Requests and +replies are sent as one line of ASCII text, terminated by the +ASCII newline character. Request and reply parameters (see below) +are separated by whitespace. + +Send and receive operations must complete in 100 seconds. +.SH "REQUEST FORMAT" +.na +.nf +.ad +.fi +The tcp_table protocol supports only the lookup request. +The request has the following form: +.IP "\fBget\fR SPACE \fIkey\fR NEWLINE" +Look up data under the specified key. +.PP +Postfix will not generate partial search keys such as domain +names without one or more subdomains, network addresses +without one or more least\-significant octets, or email +addresses without the localpart, address extension or domain +portion. This behavior is also found with cidr:, pcre:, and +regexp: tables. +.SH "REPLY FORMAT" +.na +.nf +.ad +.fi +Each reply specifies a status code and text. Replies must be no +longer than 4096 characters including the newline terminator. +.IP "\fB500\fR SPACE \fItext\fR NEWLINE" +In case of a lookup request, the requested data does not exist. +The text describes the nature of the problem. +.IP "\fB400\fR SPACE \fItext\fR NEWLINE" +This indicates an error condition. The text describes the nature of +the problem. The client should retry the request later. +.IP "\fB200\fR SPACE \fItext\fR NEWLINE" +The request was successful. In the case of a lookup request, +the text contains an encoded version of the requested data. +.SH "ENCODING" +.na +.nf +.ad +.fi +In request and reply parameters, the character %, each non\-printing +character, and each whitespace character must be replaced by %XX, +where XX is the corresponding ASCII hexadecimal character value. The +hexadecimal codes can be specified in any case (upper, lower, mixed). + +The Postfix client always encodes a request. +The server may omit the encoding as long as the reply +is guaranteed to not contain the % or NEWLINE character. +.SH "SECURITY" +.na +.nf +.ad +.fi +Do not use TCP lookup tables for security critical purposes. +The client\-server connection is not protected and the server +is not authenticated. +.SH BUGS +.ad +.fi +Only the lookup method is currently implemented. + +The client does not hang up when the connection is idle for +a long time. +.SH "SEE ALSO" +.na +.nf +postmap(1), Postfix lookup table manager +regexp_table(5), format of regular expression tables +pcre_table(5), format of PCRE tables +cidr_table(5), format of CIDR tables +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/transport.5 b/man/man5/transport.5 new file mode 100644 index 0000000..223b958 --- /dev/null +++ b/man/man5/transport.5 @@ -0,0 +1,335 @@ +.TH TRANSPORT 5 +.ad +.fi +.SH NAME +transport +\- +Postfix transport table format +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/transport\fR + +\fBpostmap \-q "\fIstring\fB" /etc/postfix/transport\fR + +\fBpostmap \-q \- /etc/postfix/transport <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The optional \fBtransport\fR(5) table specifies a mapping from email +addresses to message delivery transports and next\-hop destinations. +Message delivery transports such as \fBlocal\fR or \fBsmtp\fR +are defined in the \fBmaster.cf\fR file, and next\-hop +destinations are typically hosts or domain names. The +table is searched by the \fBtrivial\-rewrite\fR(8) daemon. + +This mapping overrides the default \fItransport\fR:\fInexthop\fR +selection that is built into Postfix: +.IP "\fBlocal_transport (default: local:$myhostname)\fR" +This is the default for final delivery to domains listed +with \fBmydestination\fR, and for [\fIipaddress\fR] +destinations that match \fB$inet_interfaces\fR or +\fB$proxy_interfaces\fR. The default \fInexthop\fR destination +is the MTA hostname. +.IP "\fBvirtual_transport (default: virtual:)\fR" +This is the default for final delivery to domains listed +with \fBvirtual_mailbox_domains\fR. The default \fInexthop\fR +destination is the recipient domain. +.IP "\fBrelay_transport (default: relay:)\fR" +This is the default for remote delivery to domains listed +with \fBrelay_domains\fR. In order of decreasing precedence, +the \fInexthop\fR destination is taken from \fBrelay_transport\fR, +\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the +recipient domain. +.IP "\fBdefault_transport (default: smtp:)\fR" +This is the default for remote delivery to other destinations. +In order of decreasing precedence, the \fInexthop\fR +destination is taken from \fBsender_dependent_default_transport_maps, +\fBdefault_transport\fR, \fBsender_dependent_relayhost_maps\fR, +\fBrelayhost\fR, or from the recipient domain. +.PP +Normally, the \fBtransport\fR(5) table is specified as a text file +that serves as input to the \fBpostmap\fR(1) command. +The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used +for fast searching by the mail system. Execute the command +"\fBpostmap /etc/postfix/transport\fR" to rebuild an indexed +file after changing the corresponding transport table. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those case, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP "\fIpattern result\fR" +When \fIpattern\fR matches the recipient address or domain, use the +corresponding \fIresult\fR. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.PP +The \fIpattern\fR specifies an email address, a domain name, or +a domain name hierarchy, as described in section "TABLE +SEARCH ORDER". + +The \fIresult\fR is of the form \fItransport:nexthop\fR and +specifies how or where to deliver mail. This is described in +section "RESULT FORMAT". +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, patterns are tried in the order as +listed below: +.IP "\fIuser+extension@domain transport\fR:\fInexthop\fR" +Deliver mail for \fIuser+extension@domain\fR through +\fItransport\fR to +\fInexthop\fR. +.IP "\fIuser@domain transport\fR:\fInexthop\fR" +Deliver mail for \fIuser@domain\fR through \fItransport\fR to +\fInexthop\fR. +.IP "\fIdomain transport\fR:\fInexthop\fR" +Deliver mail for \fIdomain\fR through \fItransport\fR to +\fInexthop\fR. +.IP "\fI.domain transport\fR:\fInexthop\fR" +Deliver mail for any subdomain of \fIdomain\fR through +\fItransport\fR to \fInexthop\fR. This applies only when the +string \fBtransport_maps\fR is not listed in the +\fBparent_domain_matches_subdomains\fR configuration setting. +Otherwise, a domain name matches itself and its subdomains. +.IP "\fB*\fI transport\fR:\fInexthop\fR" +The special pattern \fB*\fR represents any address (i.e. it +functions as the wild\-card pattern, and is unique to Postfix +transport tables). +.PP +Note 1: the null recipient address is looked up as +\fB$empty_address_recipient\fR@\fB$myhostname\fR (default: +mailer\-daemon@hostname). + +Note 2: \fIuser@domain\fR or \fIuser+extension@domain\fR +lookup is available in Postfix 2.0 and later. +.SH "RESULT FORMAT" +.na +.nf +.ad +.fi +The lookup result is of the form \fItransport\fB:\fInexthop\fR. +The \fItransport\fR field specifies a mail delivery transport +such as \fBsmtp\fR or \fBlocal\fR. The \fInexthop\fR field +specifies where and how to deliver mail. + +The transport field specifies the name of a mail delivery transport +(the first name of a mail delivery service entry in the Postfix +\fBmaster.cf\fR file). + +The nexthop field usually specifies one recipient domain +or hostname. In the case of the Postfix SMTP/LMTP client, +the nexthop field may contain a list of nexthop destinations +separated by comma or whitespace (Postfix 3.5 and later). + +The syntax of a nexthop destination is transport dependent. +With SMTP, specify a service on a non\-default +port as \fIhost\fR:\fIservice\fR, and disable MX (mail exchanger) +DNS lookups with [\fIhost\fR] or [\fIhost\fR]:\fIport\fR. The [] form +is required when you specify an IP address instead of a hostname. + +A null \fItransport\fR and null \fInexthop\fR field means "do +not change": use the delivery transport and nexthop information +that would be used when the entire transport table did not exist. + +A non\-null \fItransport\fR field with a null \fInexthop\fR field +resets the nexthop information to the recipient domain. + +A null \fItransport\fR field with non\-null \fInexthop\fR field +does not modify the transport information. +.SH "EXAMPLES" +.na +.nf +.ad +.fi +In order to deliver internal mail directly, while using a +mail relay for all other mail, specify a null entry for +internal destinations (do not change the delivery transport or +the nexthop information) and specify a wildcard for all other +destinations. + +.nf + \fB\&my.domain :\fR + \fB\&.my.domain :\fR + \fB* smtp:outbound\-relay.my.domain\fR +.fi + +In order to send mail for \fBexample.com\fR and its subdomains +via the \fBuucp\fR transport to the UUCP host named \fBexample\fR: + +.nf + \fBexample.com uucp:example\fR + \fB\&.example.com uucp:example\fR +.fi + +When no nexthop host name is specified, the destination domain +name is used instead. For example, the following directs mail for +\fIuser\fR@\fBexample.com\fR via the \fBslow\fR transport to a mail +exchanger for \fBexample.com\fR. The \fBslow\fR transport could be +configured to run at most one delivery process at a time: + +.nf + \fBexample.com slow:\fR +.fi + +When no transport is specified, Postfix uses the transport that +matches the address domain class (see DESCRIPTION +above). The following sends all mail for \fBexample.com\fR and its +subdomains to host \fBgateway.example.com\fR: + +.nf + \fBexample.com :[gateway.example.com]\fR + \fB\&.example.com :[gateway.example.com]\fR +.fi + +In the above example, the [] suppress MX lookups. +This prevents mail routing loops when your machine is primary MX +host for \fBexample.com\fR. + +In the case of delivery via SMTP or LMTP, one may specify +\fIhost\fR:\fIservice\fR instead of just a host: + +.nf + \fBexample.com smtp:bar.example:2025\fR +.fi + +This directs mail for \fIuser\fR@\fBexample.com\fR to host \fBbar.example\fR +port \fB2025\fR. Instead of a numerical port a symbolic name may be +used. Specify [] around the hostname if MX lookups must be disabled. + +Deliveries via SMTP or LMTP support multiple destinations +(Postfix >= 3.5): + +.nf + \fBexample.com smtp:bar.example, foo.example\fR +.fi + +This tries to deliver to \fBbar.example\fR before trying +to deliver to \fBfoo.example\fR. + +The error mailer can be used to bounce mail: + +.nf + \fB\&.example.com error:mail for *.example.com is not deliverable\fR +.fi + +This causes all mail for \fIuser\fR@\fIanything\fB.example.com\fR +to be bounced. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). + +Each pattern is a regular expression that is applied to the entire +address being looked up. Thus, \fIsome.domain.hierarchy\fR is not +looked up via its parent domains, +nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +The \fBtrivial\-rewrite\fR(8) server disallows regular +expression substitution of $1 etc. in regular expression +lookup tables, because that could open a security hole +(Postfix version 2.3 and later). +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is not available up to and including Postfix version 2.4. + +Each lookup operation uses the entire recipient address once. Thus, +\fIsome.domain.hierarchy\fR is not looked up via its parent domains, +nor is \fIuser+foo@domain\fR looked up as \fIuser@domain\fR. + +Results are the same as with indexed file lookups. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant. +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBtransport_maps (empty)\fR" +Optional lookup tables with mappings from recipient address to +(message delivery transport, next\-hop destination). +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), rewrite and resolve addresses +master(5), master.cf file format +postconf(5), configuration parameters +postmap(1), Postfix lookup table manager +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_REWRITING_README, address rewriting guide +DATABASE_README, Postfix lookup table overview +FILTER_README, external content filter +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man5/virtual.5 b/man/man5/virtual.5 new file mode 100644 index 0000000..702f060 --- /dev/null +++ b/man/man5/virtual.5 @@ -0,0 +1,335 @@ +.TH VIRTUAL 5 +.ad +.fi +.SH NAME +virtual +\- +Postfix virtual alias table format +.SH "SYNOPSIS" +.na +.nf +\fBpostmap /etc/postfix/virtual\fR + +\fBpostmap \-q "\fIstring\fB" /etc/postfix/virtual\fR + +\fBpostmap \-q \- /etc/postfix/virtual <\fIinputfile\fR +.SH DESCRIPTION +.ad +.fi +The optional \fBvirtual\fR(5) alias table rewrites recipient +addresses for all local, all virtual, and all remote mail +destinations. +This is unlike the \fBaliases\fR(5) table which is used +only for \fBlocal\fR(8) delivery. Virtual aliasing is +recursive, and is implemented by the Postfix \fBcleanup\fR(8) +daemon before mail is queued. + +The main applications of virtual aliasing are: +.IP \(bu +To redirect mail for one address to one or more addresses. +.IP \(bu +To implement virtual alias domains where all addresses are aliased +to addresses in other domains. +.sp +Virtual alias domains are not to be confused with the virtual mailbox +domains that are implemented with the Postfix \fBvirtual\fR(8) mail +delivery agent. With virtual mailbox domains, each recipient address +can have its own mailbox. +.PP +Virtual aliasing is applied only to recipient +envelope addresses, and does not affect message headers. +Use \fBcanonical\fR(5) +mapping to rewrite header and envelope addresses in general. + +Normally, the \fBvirtual\fR(5) alias table is specified as a text file +that serves as input to the \fBpostmap\fR(1) command. +The result, an indexed file in \fBdbm\fR or \fBdb\fR format, +is used for fast searching by the mail system. Execute the command +"\fBpostmap /etc/postfix/virtual\fR" to rebuild an indexed +file after changing the corresponding text file. + +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, the table can be provided as a regular\-expression +map where patterns are given as regular expressions, or lookups +can be directed to a TCP\-based server. In those case, the lookups +are done in a slightly different way as described below under +"REGULAR EXPRESSION TABLES" or "TCP\-BASED TABLES". +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +The search string is folded to lowercase before database +lookup. As of Postfix 2.3, the search string is not case +folded with database types such as regexp: or pcre: whose +lookup fields can match both upper and lower case. +.SH "TABLE FORMAT" +.na +.nf +.ad +.fi +The input format for the \fBpostmap\fR(1) command is as follows: +.IP "\fIpattern address, address, ...\fR" +When \fIpattern\fR matches a mail address, replace it by the +corresponding \fIaddress\fR. +.IP "blank lines and comments" +Empty lines and whitespace\-only lines are ignored, as +are lines whose first non\-whitespace character is a `#'. +.IP "multi\-line text" +A logical line starts with non\-whitespace text. A line that +starts with whitespace continues a logical line. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +With lookups from indexed files such as DB or DBM, or from networked +tables such as NIS, LDAP or SQL, each \fIuser\fR@\fIdomain\fR +query produces a sequence of query patterns as described below. + +Each query pattern is sent to each specified lookup table +before trying the next query pattern, until a match is +found. +.IP "\fIuser\fR@\fIdomain address, address, ...\fR" +Redirect mail for \fIuser\fR@\fIdomain\fR to \fIaddress\fR. +This form has the highest precedence. +.IP "\fIuser address, address, ...\fR" +Redirect mail for \fIuser\fR@\fIsite\fR to \fIaddress\fR when +\fIsite\fR is equal to $\fBmyorigin\fR, when \fIsite\fR is listed in +$\fBmydestination\fR, or when it is listed in $\fBinet_interfaces\fR +or $\fBproxy_interfaces\fR. +.sp +This functionality overlaps with the functionality of the local +\fIaliases\fR(5) database. The difference is that \fBvirtual\fR(5) +mapping can be applied to non\-local addresses. +.IP "@\fIdomain address, address, ...\fR" +Redirect mail for other users in \fIdomain\fR to \fIaddress\fR. +This form has the lowest precedence. +.sp +Note: @\fIdomain\fR is a wild\-card. With this form, the +Postfix SMTP server accepts +mail for any recipient in \fIdomain\fR, regardless of whether +that recipient exists. This may turn your mail system into +a backscatter source: Postfix first accepts mail for +non\-existent recipients and then tries to return that mail +as "undeliverable" to the often forged sender address. +.sp +To avoid backscatter with mail for a wild\-card domain, +replace the wild\-card mapping with explicit 1:1 mappings, +or add a reject_unverified_recipient restriction for that +domain: + +.nf + smtpd_recipient_restrictions = + ... + reject_unauth_destination + check_recipient_access + inline:{example.com=reject_unverified_recipient} + unverified_recipient_reject_code = 550 +.fi + +In the above example, Postfix may contact a remote server +if the recipient is aliased to a remote address. +.SH "RESULT ADDRESS REWRITING" +.na +.nf +.ad +.fi +The lookup result is subject to address rewriting: +.IP \(bu +When the result has the form @\fIotherdomain\fR, the +result becomes the same \fIuser\fR in \fIotherdomain\fR. +This works only for the first address in a multi\-address +lookup result. +.IP \(bu +When "\fBappend_at_myorigin=yes\fR", append "\fB@$myorigin\fR" +to addresses without "@domain". +.IP \(bu +When "\fBappend_dot_mydomain=yes\fR", append +"\fB.$mydomain\fR" to addresses without ".domain". +.SH "ADDRESS EXTENSION" +.na +.nf +.fi +.ad +When a mail address localpart contains the optional recipient delimiter +(e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: +\fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIuser+foo\fR, +\fIuser\fR, and @\fIdomain\fR. + +The \fBpropagate_unmatched_extensions\fR parameter controls whether +an unmatched address extension (\fI+foo\fR) is propagated to the +result of a table lookup. +.SH "VIRTUAL ALIAS DOMAINS" +.na +.nf +.ad +.fi +Besides virtual aliases, the virtual alias table can also be used +to implement virtual alias domains. With a virtual alias domain, all +recipient addresses are aliased to addresses in other domains. + +Virtual alias domains are not to be confused with the virtual mailbox +domains that are implemented with the Postfix \fBvirtual\fR(8) mail +delivery agent. With virtual mailbox domains, each recipient address +can have its own mailbox. + +With a virtual alias domain, the virtual domain has its +own user name space. Local (i.e. non\-virtual) usernames are not +visible in a virtual alias domain. In particular, local +\fBaliases\fR(5) and local mailing lists are not visible as +\fIlocalname@virtual\-alias.domain\fR. + +Support for a virtual alias domain looks like: + +.nf +/etc/postfix/main.cf: + virtual_alias_maps = hash:/etc/postfix/virtual +.fi + +Note: some systems use \fBdbm\fR databases instead of \fBhash\fR. +See the output from "\fBpostconf \-m\fR" for available database types. + +.nf +/etc/postfix/virtual: + \fIvirtual\-alias.domain anything\fR (right\-hand content does not matter) + \fIpostmaster@virtual\-alias.domain postmaster\fR + \fIuser1@virtual\-alias.domain address1\fR + \fIuser2@virtual\-alias.domain address2, address3\fR +.fi +.sp +The \fIvirtual\-alias.domain anything\fR entry is required for a +virtual alias domain. \fBWithout this entry, mail is rejected +with "relay access denied", or bounces with +"mail loops back to myself".\fR + +Do not specify virtual alias domain names in the \fBmain.cf +mydestination\fR or \fBrelay_domains\fR configuration parameters. + +With a virtual alias domain, the Postfix SMTP server +accepts mail for \fIknown\-user@virtual\-alias.domain\fR, and rejects +mail for \fIunknown\-user\fR@\fIvirtual\-alias.domain\fR as undeliverable. + +Instead of specifying the virtual alias domain name via +the \fBvirtual_alias_maps\fR table, you may also specify it via +the \fBmain.cf virtual_alias_domains\fR configuration parameter. +This latter parameter uses the same syntax as the \fBmain.cf +mydestination\fR configuration parameter. +.SH "REGULAR EXPRESSION TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when the table +is given in the form of regular expressions. For a description of +regular expression lookup table syntax, see \fBregexp_table\fR(5) +or \fBpcre_table\fR(5). + +Each pattern is a regular expression that is applied to the entire +address being looked up. Thus, \fIuser@domain\fR mail addresses are not +broken up into their \fIuser\fR and \fI@domain\fR constituent parts, +nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Patterns are applied in the order as specified in the table, until a +pattern is found that matches the search string. + +Results are the same as with indexed file lookups, with +the additional feature that parenthesized substrings from the +pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on. +.SH "TCP-BASED TABLES" +.na +.nf +.ad +.fi +This section describes how the table lookups change when lookups +are directed to a TCP\-based server. For a description of the TCP +client/server lookup protocol, see \fBtcp_table\fR(5). +This feature is available in Postfix 2.5 and later. + +Each lookup operation uses the entire address once. Thus, +\fIuser@domain\fR mail addresses are not broken up into their +\fIuser\fR and \fI@domain\fR constituent parts, nor is +\fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR. + +Results are the same as with indexed file lookups. +.SH BUGS +.ad +.fi +The table format does not understand quoting conventions. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +The following \fBmain.cf\fR parameters are especially relevant to +this topic. See the Postfix \fBmain.cf\fR file for syntax details +and for default values. Use the "\fBpostfix reload\fR" command after +a configuration change. +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote addresses. +.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" +Postfix is the final destination for the specified list of virtual +alias domains, that is, domains for which all addresses are aliased +to addresses in other local or remote domains. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +Other parameters of interest: +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.SH "SEE ALSO" +.na +.nf +cleanup(8), canonicalize and enqueue mail +postmap(1), Postfix lookup table manager +postconf(5), configuration parameters +canonical(5), canonical address mapping +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_REWRITING_README, address rewriting guide +DATABASE_README, Postfix lookup table overview +VIRTUAL_README, domain hosting guide +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/anvil.8 b/man/man8/anvil.8 new file mode 100644 index 0000000..89ea9a6 --- /dev/null +++ b/man/man8/anvil.8 @@ -0,0 +1,302 @@ +.TH ANVIL 8 +.ad +.fi +.SH NAME +anvil +\- +Postfix session count and request rate control +.SH "SYNOPSIS" +.na +.nf +\fBanvil\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBanvil\fR(8) server maintains statistics about +client connection counts or client request rates. This +information can be used to defend against clients that +hammer a server with either too many simultaneous sessions, +or with too many successive requests within a configurable +time interval. This server is designed to run under control +by the Postfix \fBmaster\fR(8) server. + +In the following text, \fBident\fR specifies a (service, +client) combination. The exact syntax of that information +is application\-dependent; the \fBanvil\fR(8) server does +not care. +.SH "CONNECTION COUNT/RATE CONTROL" +.na +.nf +.ad +.fi +To register a new connection send the following request to +the \fBanvil\fR(8) server: + +.nf + \fBrequest=connect\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of +simultaneous connections and the number of connections per +unit time for the (service, client) combination specified +with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBcount=\fInumber\fR + \fBrate=\fInumber\fR +.fi + +To register a disconnect event send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=disconnect\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server replies with: + +.nf + \fBstatus=0\fR +.fi +.SH "MESSAGE RATE CONTROL" +.na +.nf +.ad +.fi +To register a message delivery request send the following +request to the \fBanvil\fR(8) server: + +.nf + \fBrequest=message\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of message +delivery requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "RECIPIENT RATE CONTROL" +.na +.nf +.ad +.fi +To register a recipient request send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=recipient\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of recipient +addresses per unit time for the (service, client) combination +specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "TLS SESSION NEGOTIATION RATE CONTROL" +.na +.nf +.ad +.fi +The features described in this section are available with +Postfix 2.3 and later. + +To register a request for a new (i.e. not cached) TLS session +send the following request to the \fBanvil\fR(8) server: + +.nf + \fBrequest=newtls\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of new +TLS session requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi + +To retrieve new TLS session request rate information without +updating the counter information, send: + +.nf + \fBrequest=newtls_report\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of new +TLS session requests per unit time for the (service, client) +combination specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "AUTH RATE CONTROL" +.na +.nf +.ad +.fi +To register an AUTH request send the following request +to the \fBanvil\fR(8) server: + +.nf + \fBrequest=auth\fR + \fBident=\fIstring\fR +.fi + +The \fBanvil\fR(8) server answers with the number of auth +requests per unit time for the (service, client) combination +specified with \fBident\fR: + +.nf + \fBstatus=0\fR + \fBrate=\fInumber\fR +.fi +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBanvil\fR(8) server does not talk to the network or to local +users, and can run chrooted at fixed low privilege. + +The \fBanvil\fR(8) server maintains an in\-memory table with +information about recent clients requests. No persistent +state is kept because standard system library routines are +not sufficiently robust for update\-intensive applications. + +Although the in\-memory state is kept only temporarily, this +may require a lot of memory on systems that handle connections +from many remote clients. To reduce memory usage, reduce +the time unit over which state is kept. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Upon exit, and every \fBanvil_status_update_time\fR +seconds, the server logs the maximal count and rate values measured, +together with (service, client) information and the time of day +associated with those events. +In order to avoid unnecessary overhead, no measurements +are done for activity that isn't concurrency limited or +rate limited. +.SH BUGS +.ad +.fi +Systems behind network address translating routers or proxies +appear to have the same client address and can run into connection +count and/or rate limits falsely. + +In this preliminary implementation, a count (or rate) limited server +process can have only one remote client at a time. If a +server process reports +multiple simultaneous clients, state is kept only for the last +reported client. + +The \fBanvil\fR(8) server automatically discards client +request information after it expires. To prevent the +\fBanvil\fR(8) server from discarding client request rate +information too early or too late, a rate limited service +should always register connect/disconnect events even when +it does not explicitly limit them. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On low\-traffic mail systems, changes to \fBmain.cf\fR are +picked up automatically as \fBanvil\fR(8) processes run for +only a limited amount of time. On other mail systems, use +the command "\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBanvil_rate_time_unit (60s)\fR" +The time unit over which client connection rates and other rates +are calculated. +.IP "\fBanvil_status_update_time (600s)\fR" +How frequently the \fBanvil\fR(8) connection and rate limiting server +logs peak usage information. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +master(5), generic daemon options +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TUNING_README, performance tuning +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The anvil service is available in Postfix 2.2 and later. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/bounce.8 b/man/man8/bounce.8 new file mode 100644 index 0000000..007ffdc --- /dev/null +++ b/man/man8/bounce.8 @@ -0,0 +1,182 @@ +.TH BOUNCE 8 +.ad +.fi +.SH NAME +bounce +\- +Postfix delivery status reports +.SH "SYNOPSIS" +.na +.nf +\fBbounce\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBbounce\fR(8) daemon maintains per\-message log files with +delivery status information. Each log file is named after the +queue file that it corresponds to, and is kept in a queue subdirectory +named after the service name in the \fBmaster.cf\fR file (either +\fBbounce\fR, \fBdefer\fR or \fBtrace\fR). +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBbounce\fR(8) daemon processes two types of service requests: +.IP \(bu +Append a recipient (non\-)delivery status record to a per\-message +log file. +.IP \(bu +Enqueue a delivery status notification message, with a copy +of a per\-message log file and of the corresponding message. +When the delivery status notification message is +enqueued successfully, the per\-message log file is deleted. +.PP +The software does a best notification effort. A non\-delivery +notification is sent even when the log file or the original +message cannot be read. + +Optionally, a bounce (defer, trace) client can request that the +per\-message log file be deleted when the requested operation fails. +This is used by clients that cannot retry transactions by +themselves, and that depend on retry logic in their own client. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 2045 (Format of Internet Message Bodies) +RFC 2822 (Internet Message Format) +RFC 3462 (Delivery Status Notifications) +RFC 3464 (Delivery Status Notifications) +RFC 3834 (Auto\-Submitted: message header) +RFC 5322 (Internet Message Format) +RFC 6531 (Internationalized SMTP) +RFC 6532 (Internationalized Message Format) +RFC 6533 (Internationalized Delivery Status Notifications) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBbounce\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fB2bounce_notice_recipient (postmaster)\fR" +The recipient of undeliverable mail that cannot be returned to +the sender. +.IP "\fBbackwards_bounce_logfile_compatibility (yes)\fR" +Produce additional \fBbounce\fR(8) logfile records that can be read by +Postfix versions before 2.0. +.IP "\fBbounce_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that Postfix did not deliver and of SMTP conversation +transcripts of mail that Postfix did not receive. +.IP "\fBbounce_size_limit (50000)\fR" +The maximal amount of original message text that is sent in a +non\-delivery notification. +.IP "\fBbounce_template_file (empty)\fR" +Pathname of a configuration file with bounce message templates. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that cannot be delivered within $delay_warning_time time +units. +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBmail_name (Postfix)\fR" +The mail system name that is displayed in Received: headers, in +the SMTP greeting banner, and in bounced mail. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.0 and later: +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.6 and later: +.IP "\fBenable_threaded_bounces (no)\fR" +Enable non\-delivery, success, and delay notifications that link +to the original message by including a References: and In\-Reply\-To: +header with the original Message\-ID value. +.PP +Available in Postfix 3.7 and later: +.IP "\fBheader_from_format (standard)\fR" +The format of the Postfix\-generated \fBFrom:\fR header. +.SH "FILES" +.na +.nf +/var/spool/postfix/bounce/* non\-delivery records +/var/spool/postfix/defer/* non\-delivery records +/var/spool/postfix/trace/* delivery status records +.SH "SEE ALSO" +.na +.nf +bounce(5), bounce message template format +qmgr(8), queue manager +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/cleanup.8 b/man/man8/cleanup.8 new file mode 100644 index 0000000..bc51c31 --- /dev/null +++ b/man/man8/cleanup.8 @@ -0,0 +1,515 @@ +.TH CLEANUP 8 +.ad +.fi +.SH NAME +cleanup +\- +canonicalize and enqueue Postfix message +.SH "SYNOPSIS" +.na +.nf +\fBcleanup\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBcleanup\fR(8) daemon processes inbound mail, inserts it +into the \fBincoming\fR mail queue, and informs the queue +manager of its arrival. + +The \fBcleanup\fR(8) daemon performs the following transformations: +.IP \(bu +Insert missing message headers: (\fBResent\-\fR) \fBFrom:\fR, +\fBTo:\fR, \fBMessage\-Id:\fR, and \fBDate:\fR. +.br +This is enabled with the \fBlocal_header_rewrite_clients\fR and +\fBalways_add_missing_headers\fR parameter settings. +.IP \(bu +Transform envelope and header addresses to the standard +\fIuser@fully\-qualified\-domain\fR form that is expected by other +Postfix programs. +This task depends on the \fBtrivial\-rewrite\fR(8) daemon. +.br +The header transformation is enabled with the +\fBlocal_header_rewrite_clients\fR parameter setting. +.IP \(bu +Eliminate duplicate envelope recipient addresses. +.br +This is enabled with the \fBduplicate_filter_limit\fR +parameter setting. +.IP \(bu +Remove message headers: \fBBcc\fR, \fBContent\-Length\fR, +\fBResent\-Bcc\fR, \fBReturn\-Path\fR. +.br +This is enabled with the message_drop_headers parameter +setting. +.IP \(bu +Optionally, rewrite all envelope and header addresses according +to the mappings specified in the \fBcanonical\fR(5) lookup tables. +.br +The header transformation is enabled with the +\fBlocal_header_rewrite_clients\fR parameter setting. +.IP \(bu +Optionally, masquerade envelope sender addresses and message +header addresses (i.e. strip host or domain information below +all domains listed in the \fBmasquerade_domains\fR parameter, +except for user names listed in \fBmasquerade_exceptions\fR). +By default, address masquerading does not affect envelope recipients. +.br +The header transformation is enabled with the +\fBlocal_header_rewrite_clients\fR parameter setting. +.IP \(bu +Optionally, expand envelope recipients according to information +found in the \fBvirtual_alias_maps\fR lookup tables. +.PP +The \fBcleanup\fR(8) daemon performs sanity checks on the content of +each message. When it finds a problem, by default it returns a +diagnostic status to the cleanup service client, and leaves +it up to the client +to deal with the problem. Alternatively, the client can request +the \fBcleanup\fR(8) daemon to bounce the message back to the sender +in case of trouble. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 2045 (MIME: Format of Internet Message Bodies) +RFC 2046 (MIME: Media Types) +RFC 2822 (Internet Message Format) +RFC 3463 (Enhanced Status Codes) +RFC 3464 (Delivery status notifications) +RFC 5322 (Internet Message Format) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Table\-driven rewriting rules make it hard to express \fBif then +else\fR and other logical relationships. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBcleanup\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBundisclosed_recipients_header (see 'postconf -d' output)\fR" +Message header that the Postfix \fBcleanup\fR(8) server inserts when a +message contains no To: or Cc: message header. +.PP +Available in Postfix version 2.1 only: +.IP "\fBenable_errors_to (no)\fR" +Report mail delivery errors to the address specified with the +non\-standard Errors\-To: message header, instead of the envelope +sender address (this feature is removed with Postfix version 2.2, is +turned off by default with Postfix version 2.1, and is always turned on +with older Postfix versions). +.PP +Available in Postfix version 2.6 and later: +.IP "\fBalways_add_missing_headers (no)\fR" +Always add (Resent\-) From:, To:, Date: or Message\-ID: headers +when not present. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBenable_long_queue_ids (no)\fR" +Enable long, non\-repeating, queue IDs (queue file names). +.PP +Available in Postfix version 3.0 and later: +.IP "\fBmessage_drop_headers (bcc, content\-length, resent\-bcc, return\-path)\fR" +Names of message headers that the \fBcleanup\fR(8) daemon will remove +after applying \fBheader_checks\fR(5) and before invoking Milter applications. +.IP "\fBheader_from_format (standard)\fR" +The format of the Postfix\-generated \fBFrom:\fR header. +.SH "BUILT-IN CONTENT FILTERING CONTROLS" +.na +.nf +.ad +.fi +Postfix built\-in content filtering is meant to stop a flood of +worms or viruses. It is not a general content filter. +.IP "\fBbody_checks (empty)\fR" +Optional lookup tables for content inspection as specified in +the \fBbody_checks\fR(5) manual page. +.IP "\fBheader_checks (empty)\fR" +Optional lookup tables for content inspection of primary non\-MIME +message headers, as specified in the \fBheader_checks\fR(5) manual page. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBbody_checks_size_limit (51200)\fR" +How much text in a message body segment (or attachment, if you +prefer to use that term) is subjected to body_checks inspection. +.IP "\fBmime_header_checks ($header_checks)\fR" +Optional lookup tables for content inspection of MIME related +message headers, as described in the \fBheader_checks\fR(5) manual page. +.IP "\fBnested_header_checks ($header_checks)\fR" +Optional lookup tables for content inspection of non\-MIME message +headers in attached messages, as described in the \fBheader_checks\fR(5) +manual page. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBmessage_reject_characters (empty)\fR" +The set of characters that Postfix will reject in message +content. +.IP "\fBmessage_strip_characters (empty)\fR" +The set of characters that Postfix will remove from message +content. +.PP +Available in Postfix version 3.9, 3.8.5, 3.7.10, 3.6.14, +3.5.24, and later: +.IP "\fBcleanup_replace_stray_cr_lf (yes)\fR" +Replace each stray <CR> or <LF> character in message +content with a space character, to prevent outbound SMTP smuggling, +and to make the evaluation of Postfix\-added DKIM or other signatures +independent from how a remote mail server handles such characters. +.SH "BEFORE QUEUE MILTER CONTROLS" +.na +.nf +.ad +.fi +As of version 2.3, Postfix supports the Sendmail version 8 +Milter (mail filter) protocol. When mail is not received via +the smtpd(8) server, the cleanup(8) server will simulate +SMTP events to the extent that this is possible. For details +see the MILTER_README document. +.IP "\fBnon_smtpd_milters (empty)\fR" +A list of Milter (mail filter) applications for new mail that +does not arrive via the Postfix \fBsmtpd\fR(8) server. +.IP "\fBmilter_protocol (6)\fR" +The mail filter protocol version and optional protocol extensions +for communication with a Milter application; prior to Postfix 2.6 +the default protocol is 2. +.IP "\fBmilter_default_action (tempfail)\fR" +The default action when a Milter (mail filter) response is +unavailable (for example, bad Postfix configuration or Milter +failure). +.IP "\fBmilter_macro_daemon_name ($myhostname)\fR" +The {daemon_name} macro value for Milter (mail filter) applications. +.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" +The {v} macro value for Milter (mail filter) applications. +.IP "\fBmilter_connect_timeout (30s)\fR" +The time limit for connecting to a Milter (mail filter) +application, and for negotiating protocol options. +.IP "\fBmilter_command_timeout (30s)\fR" +The time limit for sending an SMTP command to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_content_timeout (300s)\fR" +The time limit for sending message content to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after completion of an SMTP connection. +.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP HELO or EHLO command. +.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP MAIL FROM command. +.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP RCPT TO command. +.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 4 or higher Milter (mail +filter) applications after the SMTP DATA command. +.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 3 or higher Milter (mail +filter) applications after an unknown SMTP command. +.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the message end\-of\-data. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the end of the message header. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBmilter_header_checks (empty)\fR" +Optional lookup tables for content inspection of message headers +that are produced by Milter applications. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. +.SH "MIME PROCESSING CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.0 and later: +.IP "\fBdisable_mime_input_processing (no)\fR" +Turn off MIME processing while receiving mail. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.IP "\fBstrict_8bitmime (no)\fR" +Enable both strict_7bit_headers and strict_8bitmime_body. +.IP "\fBstrict_7bit_headers (no)\fR" +Reject mail with 8\-bit text in message headers. +.IP "\fBstrict_8bitmime_body (no)\fR" +Reject 8\-bit message body text without 8\-bit MIME content encoding +information. +.IP "\fBstrict_mime_encoding_domain (no)\fR" +Reject mail with invalid Content\-Transfer\-Encoding: information +for the message/* or multipart/* MIME content types. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdetect_8bit_encoding_header (yes)\fR" +Automatically detect 8BITMIME body content by looking at +Content\-Transfer\-Encoding: message headers; historically, this +behavior was hard\-coded to be "always on". +.SH "AUTOMATIC BCC RECIPIENT CONTROLS" +.na +.nf +.ad +.fi +Postfix can automatically add BCC (blind carbon copy) +when mail enters the mail system: +.IP "\fBalways_bcc (empty)\fR" +Optional address that receives a "blind carbon copy" of each message +that is received by the Postfix mail system. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsender_bcc_maps (empty)\fR" +Optional BCC (blind carbon\-copy) address lookup tables, indexed +by sender address. +.IP "\fBrecipient_bcc_maps (empty)\fR" +Optional BCC (blind carbon\-copy) address lookup tables, indexed by +recipient address. +.SH "ADDRESS TRANSFORMATION CONTROLS" +.na +.nf +.ad +.fi +Address rewriting is delegated to the \fBtrivial\-rewrite\fR(8) daemon. +The \fBcleanup\fR(8) server implements table driven address mapping. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" +What addresses are subject to address masquerading. +.IP "\fBmasquerade_domains (empty)\fR" +Optional list of domains whose subdomain structure will be stripped +off in email addresses. +.IP "\fBmasquerade_exceptions (empty)\fR" +Optional list of user names that are not subjected to address +masquerading, even when their addresses match $masquerade_domains. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.PP +Available before Postfix version 2.0: +.IP "\fBvirtual_maps (empty)\fR" +Optional lookup tables with a) names of domains for which all +addresses are aliased to addresses in other local or remote domains, +and b) addresses that are aliased to addresses in other local or +remote domains. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote address. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBcanonical_classes (envelope_sender, envelope_recipient, header_sender, header_recipient)\fR" +What addresses are subject to canonical_maps address mapping. +.IP "\fBrecipient_canonical_classes (envelope_recipient, header_recipient)\fR" +What addresses are subject to recipient_canonical_maps address +mapping. +.IP "\fBsender_canonical_classes (envelope_sender, header_sender)\fR" +What addresses are subject to sender_canonical_maps address +mapping. +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBheader_size_limit (102400)\fR" +The maximal amount of memory in bytes for storing a message header. +.IP "\fBhopcount_limit (50)\fR" +The maximal number of Received: message headers that is allowed +in the primary message headers. +.IP "\fBin_flow_delay (1s)\fR" +Time to pause before accepting a new message, when the message +arrival rate exceeds the message delivery rate. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBheader_address_token_limit (10240)\fR" +The maximal number of address tokens are allowed in an address +message header. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.IP "\fBqueue_file_attribute_count_limit (100)\fR" +The maximal number of (name=value) attributes that may be stored +in a Postfix queue file. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBvirtual_alias_expansion_limit (1000)\fR" +The maximal number of addresses that virtual alias expansion produces +from each original recipient. +.IP "\fBvirtual_alias_recursion_limit (1000)\fR" +The maximal nesting depth of virtual alias expansion. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBvirtual_alias_address_length_limit (1000)\fR" +The maximal length of an email address after virtual alias expansion. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdelay_warning_time (0h)\fR" +The time after which the sender receives a copy of the message +headers of mail that is still queued. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBmyhostname (see 'postconf -d' output)\fR" +The internet hostname of this mail system. +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.1 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "FILES" +.na +.nf +/etc/postfix/canonical*, canonical mapping table +/etc/postfix/virtual*, virtual mapping table +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address rewriting +qmgr(8), queue manager +header_checks(5), message header content inspection +body_checks(5), body parts content inspection +canonical(5), canonical address lookup table format +virtual(5), virtual alias lookup table format +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_REWRITING_README Postfix address manipulation +CONTENT_INSPECTION_README content inspection +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/defer.8 b/man/man8/defer.8 new file mode 100644 index 0000000..411dfa1 --- /dev/null +++ b/man/man8/defer.8 @@ -0,0 +1 @@ +.so man8/bounce.8 diff --git a/man/man8/discard.8 b/man/man8/discard.8 new file mode 100644 index 0000000..7823891 --- /dev/null +++ b/man/man8/discard.8 @@ -0,0 +1,134 @@ +.TH DISCARD 8 +.ad +.fi +.SH NAME +discard +\- +Postfix discard mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBdiscard\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBdiscard\fR(8) delivery agent processes +delivery requests from +the queue manager. Each request specifies a queue file, a sender +address, a next\-hop destination that is treated as the reason for +discarding the mail, and recipient information. +The reason may be prefixed with an RFC 3463\-compatible detail code. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBdiscard\fR(8) delivery agent pretends to deliver all recipients +in the delivery request, logs the "next\-hop" destination +as the reason for discarding the mail, updates the +queue file, and either marks recipients as finished or informs the +queue manager that delivery should be tried again at a later time. + +Delivery status reports are sent to the \fBtrace\fR(8) +daemon as appropriate. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBdiscard\fR(8) mailer is not security\-sensitive. It does not talk +to the network, and can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced Status Codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBdiscard\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +error(8), Postfix error delivery agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Victor Duchovni +Morgan Stanley + +Based on code by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/dnsblog.8 b/man/man8/dnsblog.8 new file mode 100644 index 0000000..bf55548 --- /dev/null +++ b/man/man8/dnsblog.8 @@ -0,0 +1,108 @@ +.TH DNSBLOG 8 +.ad +.fi +.SH NAME +dnsblog +\- +Postfix DNS allow/denylist logger +.SH "SYNOPSIS" +.na +.nf +\fBdnsblog\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBdnsblog\fR(8) server implements an ad\-hoc DNS +allow/denylist lookup service. This may eventually be +replaced by an UDP client that is built directly into the +\fBpostscreen\fR(8) server. +.SH "PROTOCOL" +.na +.nf +.ad +.fi +With each connection, the \fBdnsblog\fR(8) server receives +a DNS allow/denylist domain name, an IP address, and an ID. +If the IP address is listed under the DNS allow/denylist, the +\fBdnsblog\fR(8) server logs the match and replies with the +query arguments plus an address list with the resulting IP +addresses, separated by whitespace, and the reply TTL. +Otherwise it replies with the query arguments plus an empty +address list and the reply TTL; the reply TTL is \-1 if there +is no reply, or a negative reply that contains no SOA record. +Finally, the \fBdnsblog\fR(8) server closes the connection. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBdnsblog\fR(8) processes run for only a limited amount +of time. Use the command "\fBpostfix reload\fR" to speed +up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBpostscreen_dnsbl_sites (empty)\fR" +Optional list of DNS allow/denylist domains, filters and weight +factors. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/error.8 b/man/man8/error.8 new file mode 100644 index 0000000..f0dae3b --- /dev/null +++ b/man/man8/error.8 @@ -0,0 +1,136 @@ +.TH ERROR 8 +.ad +.fi +.SH NAME +error +\- +Postfix error/retry mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBerror\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBerror\fR(8) delivery agent processes delivery +requests from +the queue manager. Each request specifies a queue file, a sender +address, the reason for non\-delivery (specified as the +next\-hop destination), and recipient information. +The reason may be prefixed with an RFC 3463\-compatible detail code; +if none is specified a default 4.0.0 or 5.0.0 code is used instead. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Depending on the service name in master.cf, \fBerror\fR +or \fBretry\fR, the server bounces or defers all recipients +in the delivery request using the "next\-hop" information +as the reason for non\-delivery. The \fBretry\fR service name is +supported as of Postfix 2.4. + +Delivery status reports are sent to the \fBbounce\fR(8), +\fBdefer\fR(8) or \fBtrace\fR(8) daemon as appropriate. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBerror\fR(8) mailer is not security\-sensitive. It does not talk +to the network, and can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced Status Codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBerror\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fB2bounce_notice_recipient (postmaster)\fR" +The recipient of undeliverable mail that cannot be returned to +the sender. +.IP "\fBbounce_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications with the message headers +of mail that Postfix did not deliver and of SMTP conversation +transcripts of mail that Postfix did not receive. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +discard(8), Postfix discard delivery agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/flush.8 b/man/man8/flush.8 new file mode 100644 index 0000000..b1fdf05 --- /dev/null +++ b/man/man8/flush.8 @@ -0,0 +1,183 @@ +.TH FLUSH 8 +.ad +.fi +.SH NAME +flush +\- +Postfix fast flush server +.SH "SYNOPSIS" +.na +.nf +\fBflush\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBflush\fR(8) server maintains a record of deferred +mail by destination. +This information is used to improve the performance of the SMTP +\fBETRN\fR request, and of its command\-line equivalent, +"\fBsendmail \-qR\fR" or "\fBpostqueue \-f\fR". +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The record is implemented as a per\-destination logfile with +as contents the queue IDs of deferred mail. A logfile is +append\-only, and is truncated when delivery is requested +for the corresponding destination. A destination is the +part on the right\-hand side of the right\-most \fB@\fR in +an email address. + +Per\-destination logfiles of deferred mail are maintained only for +eligible destinations. The list of eligible destinations is +specified with the \fBfast_flush_domains\fR configuration parameter, +which defaults to \fB$relay_domains\fR. + +This server implements the following requests: +.IP "\fBadd\fI sitename queueid\fR" +Inform the \fBflush\fR(8) server that the message with the specified +queue ID is queued for the specified destination. +.IP "\fBsend_site\fI sitename\fR" +Request delivery of mail that is queued for the specified +destination. +.IP "\fBsend_file\fI queueid\fR" +Request delivery of the specified deferred message. +.IP \fBrefresh\fR +Refresh non\-empty per\-destination logfiles that were not read in +\fB$fast_flush_refresh_time\fR hours, by simulating +send requests (see above) for the corresponding destinations. +.sp +Delete empty per\-destination logfiles that were not updated in +\fB$fast_flush_purge_time\fR days. +.sp +This request completes in the background. +.IP \fBpurge\fR +Do a \fBrefresh\fR for all per\-destination logfiles. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBflush\fR(8) server is not security\-sensitive. It does not +talk to the network, and it does not talk to local users. +The fast flush server can run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Fast flush logfiles are truncated only after a "send" +request, not when mail is actually delivered, and therefore can +accumulate outdated or redundant data. In order to maintain sanity, +"refresh" must be executed periodically. This can +be automated with a suitable wakeup timer setting in the +\fBmaster.cf\fR configuration file. + +Upon receipt of a request to deliver mail for an eligible +destination, the \fBflush\fR(8) server requests delivery of all messages +that are listed in that destination's logfile, regardless of the +recipients of those messages. This is not an issue for mail +that is sent to a \fBrelay_domains\fR destination because +such mail typically only has recipients in one domain. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBflush\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBfast_flush_domains ($relay_domains)\fR" +Optional list of destinations that are eligible for per\-destination +logfiles with mail that is queued to those destinations. +.IP "\fBfast_flush_refresh_time (12h)\fR" +The time after which a non\-empty but unread per\-destination "fast +flush" logfile needs to be refreshed. +.IP "\fBfast_flush_purge_time (7d)\fR" +The time after which an empty per\-destination "fast flush" logfile +is deleted. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix/flush, "fast flush" logfiles. +.SH "SEE ALSO" +.na +.nf +smtpd(8), SMTP server +qmgr(8), queue manager +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ETRN_README, Postfix ETRN howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 1.0. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/lmtp.8 b/man/man8/lmtp.8 new file mode 100644 index 0000000..966d301 --- /dev/null +++ b/man/man8/lmtp.8 @@ -0,0 +1 @@ +.so man8/smtp.8 diff --git a/man/man8/local.8 b/man/man8/local.8 new file mode 100644 index 0000000..ca9c6c8 --- /dev/null +++ b/man/man8/local.8 @@ -0,0 +1,668 @@ +.TH LOCAL 8 +.ad +.fi +.SH NAME +local +\- +Postfix local mail delivery +.SH "SYNOPSIS" +.na +.nf +\fBlocal\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBlocal\fR(8) daemon processes delivery requests from the +Postfix queue manager to deliver mail to local recipients. +Each delivery request specifies a queue file, a sender address, +a domain or host to deliver to, and one or more recipients. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The \fBlocal\fR(8) daemon updates queue files and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +All delivery decisions are made using the bare recipient +name (i.e. the address localpart), folded to lower case. +See also under ADDRESS EXTENSION below for a few exceptions. +.SH "SYSTEM-WIDE AND USER-LEVEL ALIASING" +.na +.nf +.ad +.fi +The system administrator can set up one or more system\-wide +\fBsendmail\fR\-style alias databases. +Users can have \fBsendmail\fR\-style ~/.\fBforward\fR files. +Mail for \fIname\fR is delivered to the alias \fIname\fR, to +destinations in ~\fIname\fR/.\fBforward\fR, to the mailbox owned +by the user \fIname\fR, or it is sent back as undeliverable. + +The system administrator can specify a comma/space separated list +of ~\fR/.\fBforward\fR like files through the \fBforward_path\fR +configuration parameter. Upon delivery, the local delivery agent +tries each pathname in the list until a file is found. + +Delivery via ~/.\fBforward\fR files is done with the privileges +of the recipient. +Thus, ~/.\fBforward\fR like files must be readable by the +recipient, and their parent directory needs to have "execute" +permission for the recipient. + +The \fBforward_path\fR parameter is subject to interpolation of +\fB$user\fR (recipient username), \fB$home\fR (recipient home +directory), \fB$shell\fR (recipient shell), \fB$recipient\fR +(complete recipient address), \fB$extension\fR (recipient address +extension), \fB$domain\fR (recipient domain), \fB$local\fR +(entire recipient address localpart) and +\fB$recipient_delimiter.\fR The forms \fI${name?value}\fR +and \fI${name?{value}}\fR (Postfix 3.0 and later) expand +conditionally to \fIvalue\fR when \fI$name\fR is defined, +and the forms \fI${name:value}\fR \fI${name:{value}}\fR +(Postfix 3.0 and later) expand conditionally to \fIvalue\fR +when \fI$name\fR is not defined. The form +\fI${name?{value1}:{value2}}\fR (Postfix 3.0 and later) +expands conditionally to \fIvalue1\fR when \fI$name\fR is +defined, or \fIvalue2\fR otherwise. Characters that may +have special meaning to the shell or file system are replaced +with underscores. The list of acceptable characters is +specified with the \fBforward_expansion_filter\fR configuration +parameter. + +An alias or ~/.\fBforward\fR file may list any combination of external +commands, destination file names, \fB:include:\fR directives, or +mail addresses. +See \fBaliases\fR(5) for a precise description. Each line in a +user's .\fBforward\fR file has the same syntax as the right\-hand part +of an alias. + +When an address is found in its own alias expansion, delivery is +made to the user instead. When a user is listed in the user's own +~/.\fBforward\fR file, delivery is made to the user's mailbox instead. +An empty ~/.\fBforward\fR file means do not forward mail. + +In order to prevent the mail system from using up unreasonable +amounts of memory, input records read from \fB:include:\fR or from +~/.\fBforward\fR files are broken up into chunks of length +\fBline_length_limit\fR. + +While expanding aliases, ~/.\fBforward\fR files, and so on, the +program attempts to avoid duplicate deliveries. The +\fBduplicate_filter_limit\fR configuration parameter limits the +number of remembered recipients. +.SH "MAIL FORWARDING" +.na +.nf +.ad +.fi +For the sake of reliability, forwarded mail is re\-submitted as +a new message, so that each recipient has a separate on\-file +delivery status record. + +In order to stop mail forwarding loops early, the software adds an +optional +\fBDelivered\-To:\fR header with the final envelope recipient address. If +mail arrives for a recipient that is already listed in a +\fBDelivered\-To:\fR header, the message is bounced. +.SH "MAILBOX DELIVERY" +.na +.nf +.ad +.fi +The default per\-user mailbox is a file in the UNIX mail spool +directory (\fB/var/mail/\fIuser\fR or \fB/var/spool/mail/\fIuser\fR); +the location can be specified with the \fBmail_spool_directory\fR +configuration parameter. Specify a name ending in \fB/\fR for +\fBqmail\fR\-compatible \fBmaildir\fR delivery. + +Alternatively, the per\-user mailbox can be a file in the user's home +directory with a name specified via the \fBhome_mailbox\fR +configuration parameter. Specify a relative path name. Specify a name +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. + +Mailbox delivery can be delegated to an external command specified +with the \fBmailbox_command_maps\fR and \fBmailbox_command\fR +configuration parameters. The command +executes with the privileges of the recipient user (exceptions: +secondary groups are not enabled; in case of delivery as root, +the command executes with the privileges of \fBdefault_privs\fR). + +Mailbox delivery can be delegated to alternative message transports +specified in the \fBmaster.cf\fR file. +The \fBmailbox_transport_maps\fR and \fBmailbox_transport\fR +configuration parameters specify an optional +message transport that is to be used for all local recipients, +regardless of whether they are found in the UNIX passwd database. +The \fBfallback_transport_maps\fR and +\fBfallback_transport\fR parameters specify an optional +message transport +for recipients that are not found in the aliases(5) or UNIX +passwd database. + +In the case of UNIX\-style mailbox delivery, +the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR header +with the final envelope recipient address, prepends a \fBReturn\-Path:\fR +header with the envelope sender address, prepends a \fB>\fR character +to lines beginning with "\fBFrom \fR", and appends an empty line. +The mailbox is locked for exclusive access while delivery is in +progress. In case of problems, an attempt is made to truncate the +mailbox to its original length. + +In the case of \fBmaildir\fR delivery, the local daemon prepends +an optional +\fBDelivered\-To:\fR header with the final envelope recipient address, +prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, +and prepends a \fBReturn\-Path:\fR header with the envelope sender +address. +.SH "EXTERNAL COMMAND DELIVERY" +.na +.nf +.ad +.fi +The \fBallow_mail_to_commands\fR configuration parameter restricts +delivery to external commands. The default setting (\fBalias, +forward\fR) forbids command destinations in \fB:include:\fR files. + +Optionally, the process working directory is changed to the path +specified with \fBcommand_execution_directory\fR (Postfix 2.2 and +later). Failure to change directory causes mail to be deferred. + +The \fBcommand_execution_directory\fR parameter value is subject +to interpolation of \fB$user\fR (recipient username), +\fB$home\fR (recipient home directory), \fB$shell\fR +(recipient shell), \fB$recipient\fR (complete recipient +address), \fB$extension\fR (recipient address extension), +\fB$domain\fR (recipient domain), \fB$local\fR (entire +recipient address localpart) and \fB$recipient_delimiter.\fR +The forms \fI${name?value}\fR and \fI${name?{value}}\fR +(Postfix 3.0 and later) expand conditionally to \fIvalue\fR +when \fI$name\fR is defined, and the forms \fI${name:value}\fR +and \fI${name:{value}}\fR (Postfix 3.0 and later) expand +conditionally to \fIvalue\fR when \fI$name\fR is not defined. +The form \fI${name?{value1}:{value2}}\fR (Postfix 3.0 and +later) expands conditionally to \fIvalue1\fR when \fI$name\fR +is defined, or \fIvalue2\fR otherwise. Characters that may +have special meaning to the shell or file system are replaced +with underscores. The list of acceptable characters +is specified with the \fBexecution_directory_expansion_filter\fR +configuration parameter. + +The command is executed directly where possible. Assistance by the +shell (\fB/bin/sh\fR on UNIX systems) is used only when the command +contains shell magic characters, or when the command invokes a shell +built\-in command. + +A limited amount of command output (standard output and standard +error) is captured for inclusion with non\-delivery status reports. +A command is forcibly terminated if it does not complete within +\fBcommand_time_limit\fR seconds. Command exit status codes are +expected to follow the conventions defined in <\fBsysexits.h\fR>. +Exit status 0 means normal successful completion. + +Postfix version 2.3 and later support RFC 3463\-style enhanced +status codes. If a command terminates with a non\-zero exit +status, and the command output begins with an enhanced +status code, this status code takes precedence over the +non\-zero exit status. + +A limited amount of message context is exported via environment +variables. Characters that may have special meaning to the shell +are replaced with underscores. The list of acceptable characters +is specified with the \fBcommand_expansion_filter\fR configuration +parameter. +.IP \fBSHELL\fR +The recipient user's login shell. +.IP \fBHOME\fR +The recipient user's home directory. +.IP \fBUSER\fR +The bare recipient name. +.IP \fBEXTENSION\fR +The optional recipient address extension. +.IP \fBDOMAIN\fR +The recipient address domain part. +.IP \fBLOGNAME\fR +The bare recipient name. +.IP \fBLOCAL\fR +The entire recipient address localpart (text to the left of the +rightmost @ character). +.IP \fBORIGINAL_RECIPIENT\fR +The entire recipient address, before any address rewriting +or aliasing (Postfix 2.5 and later). +.IP \fBRECIPIENT\fR +The entire recipient address. +.IP \fBSENDER\fR +The entire sender address. +.PP +Additional remote client information is made available via +the following environment variables: +.IP \fBCLIENT_ADDRESS\fR +Remote client network address. Available as of Postfix 2.2. +.IP \fBCLIENT_HELO\fR +Remote client EHLO command parameter. Available as of Postfix 2.2. +.IP \fBCLIENT_HOSTNAME\fR +Remote client hostname. Available as of Postfix 2.2. +.IP \fBCLIENT_PROTOCOL\fR +Remote client protocol. Available as of Postfix 2.2. +.IP \fBSASL_METHOD\fR +SASL authentication method specified in the +remote client AUTH command. Available as of Postfix 2.2. +.IP \fBSASL_SENDER\fR +SASL sender address specified in the remote client MAIL +FROM command. Available as of Postfix 2.2. +.IP \fBSASL_USERNAME\fR +SASL username specified in the remote client AUTH command. +Available as of Postfix 2.2. +.PP +The \fBPATH\fR environment variable is always reset to a +system\-dependent default path, and environment variables +whose names are blessed by the \fBexport_environment\fR +configuration parameter are exported unchanged. + +The current working directory is the mail queue directory. + +The \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR +header with the final recipient envelope address, prepends a +\fBReturn\-Path:\fR header with the sender envelope address, +and appends no empty line. +.SH "EXTERNAL FILE DELIVERY" +.na +.nf +.ad +.fi +The delivery format depends on the destination filename syntax. +The default is to use UNIX\-style mailbox format. Specify a name +ending in \fB/\fR for \fBqmail\fR\-compatible \fBmaildir\fR delivery. + +The \fBallow_mail_to_files\fR configuration parameter restricts +delivery to external files. The default setting (\fBalias, +forward\fR) forbids file destinations in \fB:include:\fR files. + +In the case of UNIX\-style mailbox delivery, +the \fBlocal\fR(8) daemon prepends a "\fBFrom \fIsender time_stamp\fR" +envelope header to each message, prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix, prepends an +optional \fBDelivered\-To:\fR +header with the final recipient envelope address, prepends a \fB>\fR +character to lines beginning with "\fBFrom \fR", and appends an +empty line. +The envelope sender address is available in the \fBReturn\-Path:\fR +header. +When the destination is a regular file, it is locked for exclusive +access while delivery is in progress. In case of problems, an attempt +is made to truncate a regular file to its original length. + +In the case of \fBmaildir\fR delivery, the local daemon prepends +an optional +\fBDelivered\-To:\fR header with the final envelope recipient address, +and prepends an +\fBX\-Original\-To:\fR header with the recipient address as given to +Postfix. +The envelope sender address is available in the \fBReturn\-Path:\fR +header. +.SH "ADDRESS EXTENSION" +.na +.nf +.ad +.fi +The optional \fBrecipient_delimiter\fR configuration parameter +specifies how to separate address extensions from local recipient +names. + +For example, with "\fBrecipient_delimiter = +\fR", mail for +\fIname\fR+\fIfoo\fR is delivered to the alias \fIname\fR+\fIfoo\fR +or to the alias \fIname\fR, to the destinations listed in +~\fIname\fR/.\fBforward\fR+\fIfoo\fR or in ~\fIname\fR/.\fBforward\fR, +to the mailbox owned by the user \fIname\fR, or it is sent back as +undeliverable. +.SH "DELIVERY RIGHTS" +.na +.nf +.ad +.fi +Deliveries to external files and external commands are made with +the rights of the receiving user on whose behalf the delivery is made. +In the absence of a user context, the \fBlocal\fR(8) daemon uses the +owner rights of the \fB:include:\fR file or alias database. +When those files are owned by the superuser, delivery is made with +the rights specified with the \fBdefault_privs\fR configuration +parameter. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +RFC 3463 (Enhanced status codes) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue +manager can move them to the \fBcorrupt\fR queue afterwards. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBlocal\fR(8) delivery agent needs a dual personality +1) to access the private Postfix queue and IPC mechanisms, +2) to impersonate the recipient and deliver to recipient\-specified +files or commands. It is therefore security sensitive. + +The \fBlocal\fR(8) delivery agent disallows regular expression +substitution of $1 etc. in \fBalias_maps\fR, because that +would open a security hole. + +The \fBlocal\fR(8) delivery agent will silently ignore +requests to use the \fBproxymap\fR(8) server within +\fBalias_maps\fR. Instead it will open the table directly. +Before Postfix version 2.2, the \fBlocal\fR(8) delivery +agent will terminate with a fatal error. +.SH BUGS +.ad +.fi +For security reasons, the message delivery status of external commands +or of external files is never checkpointed to file. As a result, +the program may occasionally deliver more than once to a command or +external file. Better safe than sorry. + +Mutually\-recursive aliases or ~/.\fBforward\fR files are not detected +early. The resulting mail forwarding loop is broken by the use of the +\fBDelivered\-To:\fR message header. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBlocal\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBbiff (yes)\fR" +Whether or not to use the local biff service. +.IP "\fBexpand_owner_alias (no)\fR" +When delivering to an alias "\fIaliasname\fR" that has an +"owner\-\fIaliasname\fR" companion alias, set the envelope sender +address to the expansion of the "owner\-\fIaliasname\fR" alias. +.IP "\fBowner_request_special (yes)\fR" +Enable special treatment for owner\-\fIlistname\fR entries in the +\fBaliases\fR(5) file, and don't split owner\-\fIlistname\fR and +\fIlistname\fR\-request address localparts when the recipient_delimiter +is set to "\-". +.IP "\fBsun_mailtool_compatibility (no)\fR" +Obsolete SUN mailtool compatibility feature. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBfrozen_delivered_to (yes)\fR" +Update the \fBlocal\fR(8) delivery agent's idea of the Delivered\-To: +address (see prepend_delivered_header) only once, at the start of +a delivery attempt; do not update the Delivered\-To: address while +expanding aliases or .forward files. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.IP "\fBreset_owner_alias (no)\fR" +Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias +attribute, when delivering mail to a child alias that does not have +its own owner alias. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBlocal_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBlocal\fR(8) delivery agent to change the +status code or explanatory text of successful or unsuccessful +deliveries. +.SH "DELIVERY METHOD CONTROLS" +.na +.nf +.ad +.fi +The precedence of \fBlocal\fR(8) delivery methods from high to low is: +aliases, .forward files, mailbox_transport_maps, +mailbox_transport, mailbox_command_maps, mailbox_command, +home_mailbox, mail_spool_directory, fallback_transport_maps, +fallback_transport, and luser_relay. +.IP "\fBalias_maps (see 'postconf -d' output)\fR" +The alias databases that are used for \fBlocal\fR(8) delivery. +.IP "\fBforward_path (see 'postconf -d' output)\fR" +The \fBlocal\fR(8) delivery agent search list for finding a .forward +file with user\-specified delivery methods. +.IP "\fBmailbox_transport_maps (empty)\fR" +Optional lookup tables with per\-recipient message delivery +transports to use for \fBlocal\fR(8) mailbox delivery, whether or not the +recipients are found in the UNIX passwd database. +.IP "\fBmailbox_transport (empty)\fR" +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for mailbox delivery to all local recipients, +whether or not they are found in the UNIX passwd database. +.IP "\fBmailbox_command_maps (empty)\fR" +Optional lookup tables with per\-recipient external commands to use +for \fBlocal\fR(8) mailbox delivery. +.IP "\fBmailbox_command (empty)\fR" +Optional external command that the \fBlocal\fR(8) delivery agent should +use for mailbox delivery. +.IP "\fBhome_mailbox (empty)\fR" +Optional pathname of a mailbox file relative to a \fBlocal\fR(8) user's +home directory. +.IP "\fBmail_spool_directory (see 'postconf -d' output)\fR" +The directory where \fBlocal\fR(8) UNIX\-style mailboxes are kept. +.IP "\fBfallback_transport_maps (empty)\fR" +Optional lookup tables with per\-recipient message delivery +transports for recipients that the \fBlocal\fR(8) delivery agent could +not find in the \fBaliases\fR(5) or UNIX password database. +.IP "\fBfallback_transport (empty)\fR" +Optional message delivery transport that the \fBlocal\fR(8) delivery +agent should use for names that are not found in the \fBaliases\fR(5) +or UNIX password database. +.IP "\fBluser_relay (empty)\fR" +Optional catch\-all destination for unknown \fBlocal\fR(8) recipients. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBcommand_execution_directory (empty)\fR" +The \fBlocal\fR(8) delivery agent working directory for delivery to +external commands. +.SH "MAILBOX LOCKING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBstale_lock_time (500s)\fR" +The time after which a stale exclusive mailbox lockfile is removed. +.IP "\fBmailbox_delivery_lock (see 'postconf -d' output)\fR" +How to lock a UNIX\-style \fBlocal\fR(8) mailbox before attempting delivery. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcommand_time_limit (1000s)\fR" +Time limit for delivery to external commands. +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBmailbox_size_limit (51200000)\fR" +The maximal size of any \fBlocal\fR(8) individual mailbox or maildir +file, or zero (no limit). +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBlocal_destination_concurrency_limit (2)\fR" +The maximal number of parallel deliveries via the local mail +delivery transport to the same recipient (when +"local_destination_recipient_limit = 1") or the maximal number of +parallel deliveries to the same local domain (when +"local_destination_recipient_limit > 1"). +.IP "\fBlocal_destination_recipient_limit (1)\fR" +The maximal number of recipients per message delivery via the +local mail delivery transport. +.SH "SECURITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBallow_mail_to_commands (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external commands. +.IP "\fBallow_mail_to_files (alias, forward)\fR" +Restrict \fBlocal\fR(8) mail delivery to external files. +.IP "\fBcommand_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $mailbox_command and $command_execution_directory. +.IP "\fBdefault_privs (nobody)\fR" +The default rights used by the \fBlocal\fR(8) delivery agent for delivery +to an external file or command. +.IP "\fBforward_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows in +$name expansions of $forward_path. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBexecution_directory_expansion_filter (see 'postconf -d' output)\fR" +Restrict the characters that the \fBlocal\fR(8) delivery agent allows +in $name expansions of $command_execution_directory. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBlocal_command_shell (empty)\fR" +Optional shell program for \fBlocal\fR(8) delivery to non\-Postfix commands. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprepend_delivered_header (command, file, forward)\fR" +The message delivery contexts where the Postfix \fBlocal\fR(8) delivery +agent prepends a Delivered\-To: message header with the address +that the mail was delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR" +What address lookup tables copy an address extension from the lookup +key to the lookup result. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.IP "\fBrequire_home_directory (no)\fR" +Require that a \fBlocal\fR(8) recipient's home directory exists +before mail delivery is attempted. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "FILES" +.na +.nf +The following are examples; details differ between systems. +$HOME/.forward, per\-user aliasing +/etc/aliases, system\-wide alias database +/var/spool/mail, system mailboxes +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +newaliases(1), create/update alias database +postalias(1), create/update alias database +aliases(5), format of alias database +postconf(5), configuration parameters +master(5), generic daemon options +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR +system by Daniel Bernstein. + +The \fImaildir\fR structure appears in the \fBqmail\fR system +by Daniel Bernstein. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/master.8 b/man/man8/master.8 new file mode 100644 index 0000000..8c37de4 --- /dev/null +++ b/man/man8/master.8 @@ -0,0 +1,225 @@ +.TH MASTER 8 +.ad +.fi +.SH NAME +master +\- +Postfix master process +.SH "SYNOPSIS" +.na +.nf +\fBmaster\fR [\fB\-Dditvw\fR] [\fB\-c \fIconfig_dir\fR] [\fB\-e \fIexit_time\fR] +.SH DESCRIPTION +.ad +.fi +The \fBmaster\fR(8) daemon is the resident process that runs Postfix +daemons on demand: daemons to send or receive messages via the +network, daemons to deliver mail locally, etc. These daemons are +created on demand up to a configurable maximum number per service. + +Postfix daemons terminate voluntarily, either after being idle for +a configurable amount of time, or after having serviced a +configurable number of requests. Exceptions to this rule are the +resident queue manager, address verification server, and the TLS +session cache and pseudo\-random number server. + +The behavior of the \fBmaster\fR(8) daemon is controlled by the +\fBmaster.cf\fR configuration file, as described in \fBmaster\fR(5). + +Options: +.IP "\fB\-c \fIconfig_dir\fR" +Read the \fBmain.cf\fR and \fBmaster.cf\fR configuration files in +the named directory instead of the default configuration directory. +This also overrides the configuration files for other Postfix +daemon processes. +.IP \fB\-D\fR +After initialization, run a debugger on the master process. The +debugging command is specified with the \fBdebugger_command\fR in +the \fBmain.cf\fR global configuration file. +.IP \fB\-d\fR +Do not redirect stdin, stdout or stderr to /dev/null, and +do not discard the controlling terminal. This must be used +for debugging only. +.IP "\fB\-e \fIexit_time\fR" +Terminate the master process after \fIexit_time\fR seconds. Child +processes terminate at their convenience. +.IP \fB\-i\fR +Enable \fBinit\fR mode: do not become a session or process +group leader; and similar to \fB\-s\fR, do not redirect stdout +to /dev/null, so that "maillog_file = /dev/stdout" works. +This mode is allowed only if the process ID equals 1. +.sp +This feature is available in Postfix 3.3 and later. +.IP \fB\-s\fR +Do not redirect stdout to /dev/null, so that "maillog_file += /dev/stdout" works. +.sp +This feature is available in Postfix 3.4 and later. +.IP \fB\-t\fR +Test mode. Return a zero exit status when the \fBmaster.pid\fR lock +file does not exist or when that file is not locked. This is evidence +that the \fBmaster\fR(8) daemon is not running. +.IP \fB\-v\fR +Enable verbose logging for debugging purposes. This option +is passed on to child processes. Multiple \fB\-v\fR options +make the software increasingly verbose. +.IP \fB\-w\fR +Wait in a dummy foreground process, while the real master +daemon initializes in a background process. The dummy +foreground process returns a zero exit status only if the +master daemon initialization is successful, and if it +completes in a reasonable amount of time. +.sp +This feature is available in Postfix 2.10 and later. +.PP +Signals: +.IP \fBSIGHUP\fR +Upon receipt of a \fBHUP\fR signal (e.g., after "\fBpostfix reload\fR"), +the master process re\-reads its configuration files. If a service has +been removed from the \fBmaster.cf\fR file, its running processes +are terminated immediately. +Otherwise, running processes are allowed to terminate as soon +as is convenient, so that changes in configuration settings +affect only new service requests. +.IP \fBSIGTERM\fR +Upon receipt of a \fBTERM\fR signal (e.g., after "\fBpostfix abort\fR"), +the master process passes the signal on to its child processes and +terminates. +This is useful for an emergency shutdown. Normally one would +terminate only the master ("\fBpostfix stop\fR") and allow running +processes to finish what they are doing. +.SH DIAGNOSTICS +.ad +.fi +Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +The exit status +is non\-zero in case of problems, including problems while +initializing as a master daemon process in the background. +.SH "ENVIRONMENT" +.na +.nf +.ad +.fi +.IP \fBMAIL_DEBUG\fR +After initialization, start a debugger as specified with the +\fBdebugger_command\fR configuration parameter in the \fBmain.cf\fR +configuration file. +.IP \fBMAIL_CONFIG\fR +Directory with Postfix configuration files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Unlike most Postfix daemon processes, the \fBmaster\fR(8) server does +not automatically pick up changes to \fBmain.cf\fR. Changes +to \fBmaster.cf\fR are never picked up automatically. +Use the "\fBpostfix reload\fR" command after a configuration change. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_process_limit (100)\fR" +The default maximal number of Postfix child processes that provide +a given service. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBservice_throttle_time (60s)\fR" +How long the Postfix \fBmaster\fR(8) waits before forking a server that +appears to be malfunctioning. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBmaster_service_disable (empty)\fR" +Selectively disable \fBmaster\fR(8) listener ports by service type +or by service name and type. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_directory (see 'postconf -d' output)\fR" +The directory with Postfix support programs and daemon programs. +.IP "\fBdebugger_command (empty)\fR" +The external command to execute when a Postfix daemon program is +invoked with the \-D option. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBinet_protocols (see 'postconf -d output')\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBimport_environment (see 'postconf -d' output)\fR" +The list of environment parameters that a privileged Postfix +process will import from a non\-Postfix parent process, or name=value +environment overrides. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.6 and later: +.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR" +Optional setting that avoids lookups in the \fBservices\fR(5) database. +.SH "FILES" +.na +.nf +.ad +.fi +To expand the directory names below into their actual values, +use the command "\fBpostconf config_directory\fR" etc. +.na +.nf + +$config_directory/main.cf, global configuration file. +$config_directory/master.cf, master server configuration file. +$queue_directory/pid/master.pid, master lock file. +$data_directory/master.lock, master lock file. +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +verify(8), address verification +master(5), master.cf configuration file syntax +postconf(5), main.cf configuration file syntax +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/oqmgr.8 b/man/man8/oqmgr.8 new file mode 100644 index 0000000..61b4299 --- /dev/null +++ b/man/man8/oqmgr.8 @@ -0,0 +1,425 @@ +.TH OQMGR 8 +.ad +.fi +.SH NAME +oqmgr +\- +old Postfix queue manager +.SH "SYNOPSIS" +.na +.nf +\fBoqmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBoqmgr\fR(8) daemon awaits the arrival of incoming mail +and arranges for its delivery via Postfix delivery processes. +The actual mail routing strategy is delegated to the +\fBtrivial\-rewrite\fR(8) daemon. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Mail addressed to the local \fBdouble\-bounce\fR address is +logged and discarded. This stops potential loops caused by +undeliverable bounce notifications. +.SH "MAIL QUEUES" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon maintains the following queues: +.IP \fBincoming\fR +Inbound mail from the network, or mail picked up by the +local \fBpickup\fR(8) agent from the \fBmaildrop\fR directory. +.IP \fBactive\fR +Messages that the queue manager has opened for delivery. Only +a limited number of messages is allowed to enter the \fBactive\fR +queue (leaky bucket strategy, for a fixed delivery rate). +.IP \fBdeferred\fR +Mail that could not be delivered upon the first attempt. The queue +manager implements exponential backoff by doubling the time between +delivery attempts. +.IP \fBcorrupt\fR +Unreadable or damaged queue files are moved here for inspection. +.IP \fBhold\fR +Messages that are kept "on hold" are kept here until someone +sets them free. +.SH "DELIVERY STATUS REPORTS" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon keeps an eye on per\-message delivery status +reports in the following directories. Each status report file has +the same name as the corresponding message file: +.IP \fBbounce\fR +Per\-recipient status information about why mail is bounced. +These files are maintained by the \fBbounce\fR(8) daemon. +.IP \fBdefer\fR +Per\-recipient status information about why mail is delayed. +These files are maintained by the \fBdefer\fR(8) daemon. +.IP \fBtrace\fR +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. +These files are maintained by the \fBtrace\fR(8) daemon. +.PP +The \fBoqmgr\fR(8) daemon is responsible for asking the +\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to +send delivery reports. +.SH "STRATEGIES" +.na +.nf +.ad +.fi +The queue manager implements a variety of strategies for +either opening queue files (input) or for message delivery (output). +.IP "\fBleaky bucket\fR" +This strategy limits the number of messages in the \fBactive\fR queue +and prevents the queue manager from running out of memory under +heavy load. +.IP \fBfairness\fR +When the \fBactive\fR queue has room, the queue manager takes one +message from the \fBincoming\fR queue and one from the \fBdeferred\fR +queue. This prevents a large mail backlog from blocking the delivery +of new mail. +.IP "\fBslow start\fR" +This strategy eliminates "thundering herd" problems by slowly +adjusting the number of parallel deliveries to the same destination. +.IP "\fBround robin\fR" +The queue manager sorts delivery requests by destination. +Round\-robin selection prevents one destination from dominating +deliveries to other destinations. +.IP "\fBexponential backoff\fR" +Mail that cannot be delivered upon the first attempt is deferred. +The time interval between delivery attempts is doubled after each +attempt. +.IP "\fBdestination status cache\fR" +The queue manager avoids unnecessary delivery attempts by +maintaining a short\-term, in\-memory list of unreachable destinations. +.SH "TRIGGERS" +.na +.nf +.ad +.fi +On an idle system, the queue manager waits for the arrival of +trigger events, or it waits for a timer to go off. A trigger +is a one\-byte message. +Depending on the message received, the queue manager performs +one of the following actions (the message is followed by the +symbolic constant used internally by the software): +.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" +Start a deferred queue scan. If a deferred queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" +Start an incoming queue scan. If an incoming queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" +Ignore deferred queue file time stamps. The request affects +the next deferred queue scan. +.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" +Purge all information about dead transports and destinations. +.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" +Wakeup call, This is used by the master server to instantiate +servers that should not go away forever. The action is to start +an incoming queue scan. +.PP +The \fBoqmgr\fR(8) daemon reads an entire buffer worth of triggers. +Multiple identical trigger requests are collapsed into one, and +trigger requests are sorted so that \fBA\fR and \fBF\fR precede +\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, +one would request \fBA F D\fR; in order to notify the queue manager +of the arrival of new mail one would request \fBI\fR. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +RFC 3464 (Delivery status notifications) +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBoqmgr\fR(8) daemon is not security sensitive. It reads +single\-character messages from untrusted local users, and thus may +be susceptible to denial of service attacks. The \fBoqmgr\fR(8) daemon +does not talk to the outside world, and it can be run at fixed low +privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to the \fBsyslogd\fR(8) +or \fBpostlogd\fR(8) daemon. +Corrupted message files are saved to the \fBcorrupt\fR queue +for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +A single queue manager process has to compete for disk access with +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of +inbound mail can negatively impact outbound delivery rates. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBoqmgr\fR(8) +is a persistent process. Use the command "\fBpostfix reload\fR" after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +Available before Postfix version 2.5: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.PP +Available with Postfix version 2.7 and later: +.IP "\fBdefault_filter_nexthop (empty)\fR" +When a content_filter or FILTER request specifies no explicit +next\-hop destination, use $default_filter_nexthop instead; when +that value is empty, use the domain in the recipient address. +.SH "ACTIVE QUEUE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_clog_warn_time (300s)\fR" +The minimal delay between warnings that a specific destination is +clogging up the Postfix active queue. +.IP "\fBqmgr_message_active_limit (20000)\fR" +The maximal number of messages in the active queue. +.IP "\fBqmgr_message_recipient_limit (20000)\fR" +The maximal number of recipients held in memory by the Postfix +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. +.SH "DELIVERY CONCURRENCY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_fudge_factor (100)\fR" +Obsolete feature: the percentage of delivery resources that a busy +mail system will use up for delivery of a large mailing list +message. +.IP "\fBinitial_destination_concurrency (5)\fR" +The initial per\-destination concurrency level for parallel delivery +to the same destination. +.IP "\fBdefault_destination_concurrency_limit (20)\fR" +The default maximal number of parallel deliveries to the same +destination. +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR" +A transport\-specific override for the initial_destination_concurrency +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" +How many pseudo\-cohorts must suffer connection or handshake +failure before a specific destination is considered unavailable +(and further delivery is suspended). +.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_failed_cohort_limit parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" +The per\-destination amount of delivery concurrency negative +feedback, after a delivery completes with a connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_negative_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" +The per\-destination amount of delivery concurrency positive +feedback, after a delivery completes without connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_positive_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdestination_concurrency_feedback_debug (no)\fR" +Make the queue manager's feedback algorithm verbose for performance +analysis purposes. +.SH "RECIPIENT SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_destination_recipient_limit (50)\fR" +The default maximal number of recipients per message delivery. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "OTHER RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBminimal_backoff_time (300s)\fR" +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBmaximal_backoff_time (4000s)\fR" +The maximal time between attempts to deliver a deferred message. +.IP "\fBmaximal_queue_lifetime (5d)\fR" +Consider a message as undeliverable, when delivery fails with a +temporary error, and the time in the queue has reached the +maximal_queue_lifetime limit. +.IP "\fBqueue_run_delay (300s)\fR" +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBtransport_retry_time (60s)\fR" +The time between attempts by the Postfix queue manager to contact +a malfunctioning message delivery transport. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBbounce_queue_lifetime (5d)\fR" +Consider a bounce message as undeliverable, when delivery fails +with a temporary error, and the time in the queue has reached the +bounce_queue_lifetime limit. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdefault_destination_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries to the same destination and over the same message +delivery transport. +.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" +A transport\-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries over the same message delivery transport, +regardless of destination. +.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. +.SH "SAFETY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_daemon_timeout (1000s)\fR" +How much time a Postfix queue manager process may take to handle +a request before it is terminated by a built\-in watchdog timer. +.IP "\fBqmgr_ipc_timeout (60s)\fR" +The time limit for the queue manager to send or receive information +over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdefer_transports (empty)\fR" +The names of message delivery transports that should not deliver mail +unless someone issues "\fBsendmail \-q\fR" or equivalent. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBconfirm_delay_cleared (no)\fR" +After sending a "your message is delayed" notification, inform +the sender when the delay clears up. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "FILES" +.na +.nf +/var/spool/postfix/incoming, incoming queue +/var/spool/postfix/active, active queue +/var/spool/postfix/deferred, deferred queue +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status +/var/spool/postfix/trace, delivery status +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address routing +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +QSHAPE_README, Postfix queue analysis +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/pickup.8 b/man/man8/pickup.8 new file mode 100644 index 0000000..fd5d922 --- /dev/null +++ b/man/man8/pickup.8 @@ -0,0 +1,141 @@ +.TH PICKUP 8 +.ad +.fi +.SH NAME +pickup +\- +Postfix local mail pickup +.SH "SYNOPSIS" +.na +.nf +\fBpickup\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBpickup\fR(8) daemon waits for hints that new mail has been +dropped into the \fBmaildrop\fR directory, and feeds it into the +\fBcleanup\fR(8) daemon. +Ill\-formatted files are deleted without notifying the originator. +This program expects to be run from the \fBmaster\fR(8) process +manager. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The \fBpickup\fR(8) daemon does not interact with +the outside world. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBpickup\fR(8) daemon is moderately security sensitive. It runs +with fixed low privilege and can run in a chrooted environment. +However, the program reads files from potentially hostile users. +The \fBpickup\fR(8) daemon opens no files for writing, is careful about +what files it opens for reading, and does not actually touch any data +that is sent to its public service endpoint. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBpickup\fR(8) daemon copies mail from file to the \fBcleanup\fR(8) +daemon. It could avoid message copying overhead by sending a file +descriptor instead of file data, but then the already complex +\fBcleanup\fR(8) daemon would have to deal with unfiltered user data. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +As the \fBpickup\fR(8) daemon is a relatively long\-running process, up +to an hour may pass before a \fBmain.cf\fR change takes effect. +Use the command "\fBpostfix reload\fR" command to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "SEE ALSO" +.na +.nf +cleanup(8), message canonicalization +sendmail(1), Sendmail\-compatible interface +postdrop(1), mail posting agent +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/pipe.8 b/man/man8/pipe.8 new file mode 100644 index 0000000..8e54eaf --- /dev/null +++ b/man/man8/pipe.8 @@ -0,0 +1,484 @@ +.TH PIPE 8 +.ad +.fi +.SH NAME +pipe +\- +Postfix delivery to external command +.SH "SYNOPSIS" +.na +.nf +\fBpipe\fR [generic Postfix daemon options] command_attributes... +.SH DESCRIPTION +.ad +.fi +The \fBpipe\fR(8) daemon processes requests from the Postfix queue +manager to deliver messages to external commands. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Message attributes such as sender address, recipient address and +next\-hop host name can be specified as command\-line macros that are +expanded before the external command is executed. + +The \fBpipe\fR(8) daemon updates queue files and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. +.SH "SINGLE-RECIPIENT DELIVERY" +.na +.nf +.ad +.fi +Some destinations cannot handle more than one recipient per +delivery request. Examples are pagers or fax machines. +In addition, multi\-recipient delivery is undesirable when +prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR +message header. + +To prevent Postfix from sending multiple recipients per delivery +request, specify +.sp +.nf + \fItransport\fB_destination_recipient_limit = 1\fR +.fi + +in the Postfix \fBmain.cf\fR file, where \fItransport\fR +is the name in the first column of the Postfix \fBmaster.cf\fR +entry for the pipe\-based delivery transport. +.SH "COMMAND ATTRIBUTE SYNTAX" +.na +.nf +.ad +.fi +The external command attributes are given in the \fBmaster.cf\fR +file at the end of a service definition. The syntax is as follows: +.IP "\fBchroot=\fIpathname\fR (optional)" +Change the process root directory and working directory to +the named directory. This happens before switching to the +privileges specified with the \fBuser\fR attribute, and +before executing the optional \fBdirectory=\fIpathname\fR +directive. Delivery is deferred in case of failure. +.sp +This feature is available as of Postfix 2.3. +.IP "\fBdirectory=\fIpathname\fR (optional)" +Change to the named directory before executing the external command. +The directory must be accessible for the user specified with the +\fBuser\fR attribute (see below). +The default working directory is \fB$queue_directory\fR. +Delivery is deferred in case of failure. +.sp +This feature is available as of Postfix 2.2. +.IP "\fBeol=\fIstring\fR (optional, default: \fB\en\fR)" +The output record delimiter. Typically one would use either +\fB\er\en\fR or \fB\en\fR. The usual C\-style backslash escape +sequences are recognized: \fB\ea \eb \ef \en \er \et \ev +\e\fIddd\fR (up to three octal digits) and \fB\e\e\fR. +.IP "\fBflags=BDFORXhqu.>\fR (optional)" +Optional message processing flags. By default, a message is +copied unchanged. +.RS +.IP \fBB\fR +Append a blank line at the end of each message. This is required +by some mail user agents that recognize "\fBFrom \fR" lines only +when preceded by a blank line. +.IP \fBD\fR +Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header with the +envelope recipient address. Note: for this to work, the +\fItransport\fB_destination_recipient_limit\fR must be 1 +(see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +The \fBD\fR flag also enforces loop detection (Postfix 2.5 and later): +if a message already contains a \fBDelivered\-To:\fR header +with the same recipient address, then the message is +returned as undeliverable. The address comparison is case +insensitive. +.sp +This feature is available as of Postfix 2.0. +.IP \fBF\fR +Prepend a "\fBFrom \fIsender time_stamp\fR" envelope header to +the message content. +This is expected by, for example, \fBUUCP\fR software. +.IP \fBO\fR +Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message header +with the recipient address as given to Postfix. Note: for this to +work, the \fItransport\fB_destination_recipient_limit\fR must be 1 +(see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +This feature is available as of Postfix 2.0. +.IP \fBR\fR +Prepend a \fBReturn\-Path:\fR message header with the envelope sender +address. +.IP \fBX\fR +Indicate that the external command performs final delivery. +This flag affects the status reported in "success" DSN +(delivery status notification) messages, and changes it +from "relayed" into "delivered". +.sp +This feature is available as of Postfix 2.5. +.IP \fBh\fR +Fold the command\-line \fB$original_recipient\fR and +\fB$recipient\fR address domain part +(text to the right of the right\-most \fB@\fR character) to +lower case; fold the entire command\-line \fB$domain\fR and +\fB$nexthop\fR host or domain information to lower case. +This is recommended for delivery via \fBUUCP\fR. +.IP \fBq\fR +Quote white space and other special characters in the command\-line +\fB$sender\fR, \fB$original_recipient\fR and \fB$recipient\fR +address localparts (text to the +left of the right\-most \fB@\fR character), according to an 8\-bit +transparent version of RFC 822. +This is recommended for delivery via \fBUUCP\fR or \fBBSMTP\fR. +.sp +The result is compatible with the address parsing of command\-line +recipients by the Postfix \fBsendmail\fR(1) mail submission command. +.sp +The \fBq\fR flag affects only entire addresses, not the partial +address information from the \fB$user\fR, \fB$extension\fR or +\fB$mailbox\fR command\-line macros. +.IP \fBu\fR +Fold the command\-line \fB$original_recipient\fR and +\fB$recipient\fR address localpart (text to +the left of the right\-most \fB@\fR character) to lower case. +This is recommended for delivery via \fBUUCP\fR. +.IP \fB.\fR +Prepend "\fB.\fR" to lines starting with "\fB.\fR". This is needed +by, for example, \fBBSMTP\fR software. +.IP \fB>\fR +Prepend "\fB>\fR" to lines starting with "\fBFrom \fR". This is expected +by, for example, \fBUUCP\fR software. +.RE +.IP "\fBnull_sender\fR=\fIreplacement\fR (default: MAILER\-DAEMON)" +Replace the null sender address (typically used for delivery +status notifications) with the specified text +when expanding the \fB$sender\fR command\-line macro, and +when generating a From_ or Return\-Path: message header. + +If the null sender replacement text is a non\-empty string +then it is affected by the \fBq\fR flag for address quoting +in command\-line arguments. + +The null sender replacement text may be empty; this form +is recommended for content filters that feed mail back into +Postfix. The empty sender address is not affected by the +\fBq\fR flag for address quoting in command\-line arguments. +.sp +Caution: a null sender address is easily mis\-parsed by +naive software. For example, when the \fBpipe\fR(8) daemon +executes a command such as: +.sp +.nf + \fIWrong\fR: command \-f$sender \-\- $recipient +.fi +.IP +the command will mis\-parse the \-f option value when the +sender address is a null string. For correct parsing, +specify \fB$sender\fR as an argument by itself: +.sp +.nf + \fIRight\fR: command \-f $sender \-\- $recipient +.fi +NOTE: DO NOT put quotes around the command, $sender, or $recipient. +.IP +This feature is available as of Postfix 2.3. +.IP "\fBsize\fR=\fIsize_limit\fR (optional)" +Don't deliver messages that exceed this size limit (in +bytes); return them to the sender instead. +.IP "\fBuser\fR=\fIusername\fR (required)" +.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" +Execute the external command with the user ID and group ID of the +specified \fIusername\fR. The software refuses to execute +commands with root privileges, or with the privileges of the +mail system owner. If \fIgroupname\fR is specified, the +corresponding group ID is used instead of the group ID of +\fIusername\fR. +.IP "\fBargv\fR=\fIcommand\fR... (required)" +The command to be executed. This must be specified as the +last command attribute. +The command is executed directly, i.e. without interpretation of +shell meta characters by a shell command interpreter. +.sp +Specify "{" and "}" around command arguments that contain +whitespace (Postfix 3.0 and later). Whitespace +after the opening "{" and before the closing "}" is ignored. +.sp +In the command argument vector, the following macros are recognized +and replaced with corresponding information from the Postfix queue +manager delivery request. +.sp +In addition to the form ${\fIname\fR}, the forms $\fIname\fR and +the deprecated form $(\fIname\fR) are also recognized. +Specify \fB$$\fR where a single \fB$\fR is wanted. +.RS +.IP \fB${client_address}\fR +This macro expands to the remote client network address. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_helo}\fR +This macro expands to the remote client HELO command parameter. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_hostname}\fR +This macro expands to the remote client hostname. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${client_port}\fR +This macro expands to the remote client TCP port number. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${client_protocol}\fR +This macro expands to the remote client protocol. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${domain}\fR +This macro expands to the domain portion of the recipient +address. For example, with an address \fIuser+foo@domain\fR +the domain is \fIdomain\fR. +.sp +This information is modified by the \fBh\fR flag for case folding. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${extension}\fR +This macro expands to the extension part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the extension is +\fIfoo\fR. +.sp +A command\-line argument that contains \fB${extension}\fR expands +into as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.IP \fB${mailbox}\fR +This macro expands to the complete local part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the mailbox is +\fIuser+foo\fR. +.sp +A command\-line argument that contains \fB${mailbox}\fR +expands to as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.IP \fB${nexthop}\fR +This macro expands to the next\-hop hostname. +.sp +This information is modified by the \fBh\fR flag for case folding. +.IP \fB${original_recipient}\fR +This macro expands to the complete recipient address before any +address rewriting or aliasing. +.sp +A command\-line argument that contains +\fB${original_recipient}\fR expands to as many +command\-line arguments as there are recipients. +.sp +This information is modified by the \fBhqu\fR flags for quoting +and case folding. +.sp +This feature is available as of Postfix 2.5. +.IP \fB${queue_id}\fR +This macro expands to the queue id. +.sp +This feature is available as of Postfix 2.11. +.IP \fB${recipient}\fR +This macro expands to the complete recipient address. +.sp +A command\-line argument that contains \fB${recipient}\fR +expands to as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBhqu\fR flags for quoting +and case folding. +.IP \fB${sasl_method}\fR +This macro expands to the name of the SASL authentication +mechanism in the AUTH command when the Postfix SMTP server +received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sasl_sender}\fR +This macro expands to the SASL sender name (i.e. the original +submitter as per RFC 4954) in the MAIL FROM command when +the Postfix SMTP server received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sasl_username}\fR +This macro expands to the SASL user name in the AUTH command +when the Postfix SMTP server received the message. +.sp +This feature is available as of Postfix 2.2. +.IP \fB${sender}\fR +This macro expands to the envelope sender address. By default, +the null sender address expands to MAILER\-DAEMON; this can +be changed with the \fBnull_sender\fR attribute, as described +above. +.sp +This information is modified by the \fBq\fR flag for quoting. +.IP \fB${size}\fR +This macro expands to Postfix's idea of the message size, which +is an approximation of the size of the message as delivered. +.IP \fB${user}\fR +This macro expands to the username part of a recipient address. +For example, with an address \fIuser+foo@domain\fR the username +part is \fIuser\fR. +.sp +A command\-line argument that contains \fB${user}\fR expands +into as many command\-line arguments as there are recipients. +.sp +This information is modified by the \fBu\fR flag for case folding. +.RE +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +.SH DIAGNOSTICS +.ad +.fi +Command exit status codes are expected to +follow the conventions defined in <\fBsysexits.h\fR>. +Exit status 0 means normal successful completion. + +In the case of a non\-zero exit status, a limited amount of +command output is logged, and reported in a delivery status +notification. When the output begins with a 4.X.X or 5.X.X +enhanced status code, the status code takes precedence over +the non\-zero exit status (Postfix version 2.3 and later). + +After successful delivery (zero exit status) a limited +amount of command output is logged, and reported in "success" +delivery status notifications (Postfix 3.0 and later). +This command output is not examined for the presence of an +enhanced status code. + +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue manager +can move them to the \fBcorrupt\fR queue for further inspection. +.SH "SECURITY" +.na +.nf +.fi +.ad +This program needs a dual personality 1) to access the private +Postfix queue and IPC mechanisms, and 2) to execute external +commands as the specified user. It is therefore security sensitive. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBpipe\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.IP "\fBtransport_time_limit ($command_time_limit)\fR" +A transport\-specific override for the command_time_limit parameter +value, where \fItransport\fR is the master.cf name of the message +delivery transport. +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBpipe_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBpipe\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/postlogd.8 b/man/man8/postlogd.8 new file mode 100644 index 0000000..9168a34 --- /dev/null +++ b/man/man8/postlogd.8 @@ -0,0 +1,102 @@ +.TH POSTLOGD 8 +.ad +.fi +.SH NAME +postlogd +\- +Postfix internal log server +.SH "SYNOPSIS" +.na +.nf +\fBpostlogd\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +This program logs events on behalf of Postfix programs +when the maillog configuration parameter specifies a non\-empty +value. +.SH BUGS +.ad +.fi +Non\-daemon Postfix programs don't know that they should log +to the internal logging service before they have processed +command\-line options and main.cf parameters. These programs +still log earlier events to the syslog service. + +If Postfix is down, the non\-daemon programs \fBpostfix\fR(1), +\fBpostsuper\fR(1), \fBpostmulti\fR(1), and \fBpostlog\fR(1), +will log directly to \fB$maillog_file\fR. These programs +expect to run with root privileges, for example during +Postfix start\-up, reload, or shutdown. + +Other non\-daemon Postfix programs will never write directly to +\fB$maillog_file\fR (also, logging to stdout would interfere +with the operation of some of these programs). These programs +can log to \fBpostlogd\fR(8) if they are run by the super\-user, +or if their executable file has set\-gid permission. Do not +set this permission on programs other than \fBpostdrop\fR(1), +\fBpostqueue\fR(1) and (Postfix >= 3.7) \fBpostlog\fR(1). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBpostlogd\fR(8) processes run for only a limited amount +of time. Use the command "\fBpostfix reload\fR" to speed +up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBmaillog_file (empty)\fR" +The name of an optional logfile that is written by the Postfix +\fBpostlogd\fR(8) service. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.IP "\fBpostlogd_watchdog_timeout (10s)\fR" +How much time a \fBpostlogd\fR(8) process may take to process a request +before it is terminated by a built\-in watchdog timer. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +MAILLOG_README, Postfix logging to file or stdout +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 3.4. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/postscreen.8 b/man/man8/postscreen.8 new file mode 100644 index 0000000..dbe2481 --- /dev/null +++ b/man/man8/postscreen.8 @@ -0,0 +1,475 @@ +.TH POSTSCREEN 8 +.ad +.fi +.SH NAME +postscreen +\- +Postfix zombie blocker +.SH "SYNOPSIS" +.na +.nf +\fBpostscreen\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix \fBpostscreen\fR(8) server provides additional +protection against mail server overload. One \fBpostscreen\fR(8) +process handles multiple inbound SMTP connections, and decides +which clients may talk to a Postfix SMTP server process. +By keeping spambots away, \fBpostscreen\fR(8) leaves more +SMTP server processes available for legitimate clients, and +delays the onset of server overload conditions. + +This program should not be used on SMTP ports that receive +mail from end\-user clients (MUAs). In a typical deployment, +\fBpostscreen\fR(8) handles the MX service on TCP port 25, and +\fBsmtpd\fR(8) receives mail from MUAs on the \fBsubmission\fR +service (TCP port 587) which requires client authentication. +Alternatively, a site could set up a dedicated, non\-postscreen, +"port 25" server that provides \fBsubmission\fR service and +client authentication, but no MX service. + +\fBpostscreen\fR(8) maintains a temporary allowlist for +clients that have passed a number of tests. When an SMTP +client IP address is allowlisted, \fBpostscreen\fR(8) hands +off the connection immediately to a Postfix SMTP server +process. This minimizes the overhead for legitimate mail. + +By default, \fBpostscreen\fR(8) logs statistics and hands +off each connection to a Postfix SMTP server process, while +excluding clients in mynetworks from all tests (primarily, +to avoid problems with non\-standard SMTP implementations +in network appliances). This default mode blocks no clients, +and is useful for non\-destructive testing. + +In a typical production setting, \fBpostscreen\fR(8) is +configured to reject mail from clients that fail one or +more tests. \fBpostscreen\fR(8) logs rejected mail with the +client address, helo, sender and recipient information. + +\fBpostscreen\fR(8) is not an SMTP proxy; this is intentional. +The purpose is to keep spambots away from Postfix SMTP +server processes, while minimizing overhead for legitimate +traffic. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBpostscreen\fR(8) server is moderately security\-sensitive. +It talks to untrusted clients on the network. The process +can be run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 1123 (Host requirements) +RFC 1652 (8bit\-MIME transport) +RFC 1869 (SMTP service extensions) +RFC 1870 (Message Size Declaration) +RFC 1985 (ETRN command) +RFC 2034 (SMTP Enhanced Status Codes) +RFC 2821 (SMTP protocol) +Not: RFC 2920 (SMTP Pipelining) +RFC 3030 (CHUNKING without BINARYMIME) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN Extension) +RFC 3463 (Enhanced Status Codes) +RFC 5321 (SMTP protocol, including multi\-line 220 banners) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBpostscreen\fR(8) built\-in SMTP protocol engine +currently does not announce support for AUTH, XCLIENT or +XFORWARD. +If you need to make these services available +on port 25, then do not enable the optional "after 220 +server greeting" tests. + +The optional "after 220 server greeting" tests may result in +unexpected delivery delays from senders that retry email delivery +from a different IP address. Reason: after passing these tests a +new client must disconnect, and reconnect from the same IP +address before it can deliver mail. See POSTSCREEN_README, section +"Tests after the 220 SMTP server greeting", for a discussion. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to main.cf are not picked up automatically, as +\fBpostscreen\fR(8) processes may run for several hours. +Use the command "postfix reload" after a configuration +change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +NOTE: Some \fBpostscreen\fR(8) parameters implement +stress\-dependent behavior. This is supported only when the +default parameter value is stress\-dependent (that is, it +looks like ${stress?{X}:{Y}}, or it is the $\fIname\fR +of an smtpd parameter with a stress\-dependent default). +Other parameters always evaluate as if the \fBstress\fR +parameter value is the empty string. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_command_filter ($smtpd_command_filter)\fR" +A mechanism to transform commands from remote SMTP clients. +.IP "\fBpostscreen_discard_ehlo_keyword_address_maps ($smtpd_discard_ehlo_keyword_address_maps)\fR" +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO response +to a remote SMTP client. +.IP "\fBpostscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the \fBpostscreen\fR(8) server will not send in the EHLO +response to a remote SMTP client. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdns_ncache_ttl_fix_enable (no)\fR" +Enable a workaround for future libc incompatibility. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBpostscreen_reject_footer_maps ($smtpd_reject_footer_maps)\fR" +Optional lookup table for information that is appended after a 4XX +or 5XX \fBpostscreen\fR(8) server response. +.PP +Available in Postfix 3.6 and later: +.IP "\fBrespectful_logging (see 'postconf -d' output)\fR" +Avoid logging that implies white is better than black. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_expansion_filter (see 'postconf -d' output)\fR" +List of characters that are permitted in postscreen_reject_footer +attribute expansions. +.IP "\fBpostscreen_reject_footer ($smtpd_reject_footer)\fR" +Optional information that is appended after a 4XX or 5XX +\fBpostscreen\fR(8) server +response. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.SH "BEFORE-POSTSCREEN PROXY AGENT" +.na +.nf +.ad +.fi +Available in Postfix version 2.10 and later: +.IP "\fBpostscreen_upstream_proxy_protocol (empty)\fR" +The name of the proxy protocol used by an optional before\-postscreen +proxy agent. +.IP "\fBpostscreen_upstream_proxy_timeout (5s)\fR" +The time limit for the proxy protocol specified with the +postscreen_upstream_proxy_protocol parameter. +.SH "PERMANENT ALLOW/DENYLIST TEST" +.na +.nf +.ad +.fi +This test is executed immediately after a remote SMTP client +connects. If a client is permanently allowlisted, the client +will be handed off immediately to a Postfix SMTP server +process. +.IP "\fBpostscreen_access_list (permit_mynetworks)\fR" +Permanent allow/denylist for remote SMTP client IP addresses. +.IP "\fBpostscreen_blacklist_action (ignore)\fR" +Renamed to postscreen_denylist_action in Postfix 3.6. +.SH "MAIL EXCHANGER POLICY TESTS" +.na +.nf +.ad +.fi +When \fBpostscreen\fR(8) is configured to monitor all primary +and backup MX addresses, it can refuse to allowlist clients +that connect to a backup MX address only. For small sites, +this requires configuring primary and backup MX addresses +on the same MTA. Larger sites would have to share the +\fBpostscreen\fR(8) cache between primary and backup MTAs, +which would introduce a common point of failure. +.IP "\fBpostscreen_whitelist_interfaces (static:all)\fR" +Renamed to postscreen_allowlist_interfaces in Postfix 3.6. +.SH "BEFORE 220 GREETING TESTS" +.na +.nf +.ad +.fi +These tests are executed before the remote SMTP client +receives the "220 servername" greeting. If no tests remain +after the successful completion of this phase, the client +will be handed off immediately to a Postfix SMTP server +process. +.IP "\fBdnsblog_service_name (dnsblog)\fR" +The name of the \fBdnsblog\fR(8) service entry in master.cf. +.IP "\fBpostscreen_dnsbl_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client's combined +DNSBL score is equal to or greater than a threshold (as defined +with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold +parameters). +.IP "\fBpostscreen_dnsbl_reply_map (empty)\fR" +A mapping from actual DNSBL domain name which includes a secret +password, to the DNSBL domain name that postscreen will reply with +when it rejects mail. +.IP "\fBpostscreen_dnsbl_sites (empty)\fR" +Optional list of DNS allow/denylist domains, filters and weight +factors. +.IP "\fBpostscreen_dnsbl_threshold (1)\fR" +The inclusive lower bound for blocking a remote SMTP client, based on +its combined DNSBL score as defined with the postscreen_dnsbl_sites +parameter. +.IP "\fBpostscreen_greet_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client speaks +before its turn within the time specified with the postscreen_greet_wait +parameter. +.IP "\fBpostscreen_greet_banner ($smtpd_banner)\fR" +The \fItext\fR in the optional "220\-\fItext\fR..." server +response that +\fBpostscreen\fR(8) sends ahead of the real Postfix SMTP server's "220 +text..." response, in an attempt to confuse bad SMTP clients so +that they speak before their turn (pre\-greet). +.IP "\fBpostscreen_greet_wait (normal: 6s, overload: 2s)\fR" +The amount of time that \fBpostscreen\fR(8) will wait for an SMTP +client to send a command before its turn, and for DNS blocklist +lookup results to arrive (default: up to 2 seconds under stress, +up to 6 seconds otherwise). +.IP "\fBsmtpd_service_name (smtpd)\fR" +The internal service that \fBpostscreen\fR(8) hands off allowed +connections to. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBpostscreen_dnsbl_whitelist_threshold (0)\fR" +Renamed to postscreen_dnsbl_allowlist_threshold in Postfix 3.6. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBpostscreen_dnsbl_timeout (10s)\fR" +The time limit for DNSBL or DNSWL lookups. +.PP +Available in Postfix version 3.6 and later: +.IP "\fBpostscreen_denylist_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client is +permanently denylisted with the postscreen_access_list parameter. +.IP "\fBpostscreen_allowlist_interfaces (static:all)\fR" +A list of local \fBpostscreen\fR(8) server IP addresses where a +non\-allowlisted remote SMTP client can obtain \fBpostscreen\fR(8)'s temporary +allowlist status. +.IP "\fBpostscreen_dnsbl_allowlist_threshold (0)\fR" +Allow a remote SMTP client to skip "before" and "after 220 +greeting" protocol tests, based on its combined DNSBL score as +defined with the postscreen_dnsbl_sites parameter. +.SH "AFTER 220 GREETING TESTS" +.na +.nf +.ad +.fi +These tests are executed after the remote SMTP client +receives the "220 servername" greeting. If a client passes +all tests during this phase, it will receive a 4XX response +to all RCPT TO commands. After the client reconnects, it +will be allowed to talk directly to a Postfix SMTP server +process. +.IP "\fBpostscreen_bare_newline_action (ignore)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +a bare newline character, that is, a newline not preceded by carriage +return. +.IP "\fBpostscreen_bare_newline_enable (no)\fR" +Enable "bare newline" SMTP protocol tests in the \fBpostscreen\fR(8) +server. +.IP "\fBpostscreen_disable_vrfy_command ($disable_vrfy_command)\fR" +Disable the SMTP VRFY command in the \fBpostscreen\fR(8) daemon. +.IP "\fBpostscreen_forbidden_commands ($smtpd_forbidden_commands)\fR" +List of commands that the \fBpostscreen\fR(8) server considers in +violation of the SMTP protocol. +.IP "\fBpostscreen_helo_required ($smtpd_helo_required)\fR" +Require that a remote SMTP client sends HELO or EHLO before +commencing a MAIL transaction. +.IP "\fBpostscreen_non_smtp_command_action (drop)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client sends +non\-SMTP commands as specified with the postscreen_forbidden_commands +parameter. +.IP "\fBpostscreen_non_smtp_command_enable (no)\fR" +Enable "non\-SMTP command" tests in the \fBpostscreen\fR(8) server. +.IP "\fBpostscreen_pipelining_action (enforce)\fR" +The action that \fBpostscreen\fR(8) takes when a remote SMTP client +sends +multiple commands instead of sending one command and waiting for +the server to respond. +.IP "\fBpostscreen_pipelining_enable (no)\fR" +Enable "pipelining" SMTP protocol tests in the \fBpostscreen\fR(8) +server. +.SH "CACHE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_cache_cleanup_interval (12h)\fR" +The amount of time between \fBpostscreen\fR(8) cache cleanup runs. +.IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR" +Persistent storage for the \fBpostscreen\fR(8) server decisions. +.IP "\fBpostscreen_cache_retention_time (7d)\fR" +The amount of time that \fBpostscreen\fR(8) will cache an expired +temporary allowlist entry before it is removed. +.IP "\fBpostscreen_bare_newline_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "bare newline" SMTP protocol test. +.IP "\fBpostscreen_dnsbl_max_ttl (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)\fR" +The maximum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. +.IP "\fBpostscreen_dnsbl_min_ttl (60s)\fR" +The minimum amount of time that \fBpostscreen\fR(8) will use the +result from a successful DNS\-based reputation test before a +client IP address is required to pass that test again. +.IP "\fBpostscreen_greet_ttl (1d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful PREGREET test. +.IP "\fBpostscreen_non_smtp_command_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "non_smtp_command" SMTP protocol test. +.IP "\fBpostscreen_pipelining_ttl (30d)\fR" +The amount of time that \fBpostscreen\fR(8) will use the result from +a successful "pipelining" SMTP protocol test. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBpostscreen_client_connection_count_limit ($smtpd_client_connection_count_limit)\fR" +How many simultaneous connections any remote SMTP client is +allowed to have +with the \fBpostscreen\fR(8) daemon. +.IP "\fBpostscreen_command_count_limit (20)\fR" +The limit on the total number of commands per SMTP session for +\fBpostscreen\fR(8)'s built\-in SMTP protocol engine. +.IP "\fBpostscreen_command_time_limit (normal: 300s, overload: 10s)\fR" +The time limit to read an entire command line with \fBpostscreen\fR(8)'s +built\-in SMTP protocol engine. +.IP "\fBpostscreen_post_queue_limit ($default_process_limit)\fR" +The number of clients that can be waiting for service from a +real Postfix SMTP server process. +.IP "\fBpostscreen_pre_queue_limit ($default_process_limit)\fR" +The number of non\-allowlisted clients that can be waiting for +a decision whether they will receive service from a real Postfix +SMTP server +process. +.IP "\fBpostscreen_watchdog_timeout (10s)\fR" +How much time a \fBpostscreen\fR(8) process may take to respond to +a remote SMTP client command or to perform a cache operation before it +is terminated by a built\-in watchdog timer. +.SH "STARTTLS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBpostscreen_tls_security_level ($smtpd_tls_security_level)\fR" +The SMTP TLS security level for the \fBpostscreen\fR(8) server; when +a non\-empty value is specified, this overrides the obsolete parameters +postscreen_use_tls and postscreen_enforce_tls. +.IP "\fBtlsproxy_service_name (tlsproxy)\fR" +The name of the \fBtlsproxy\fR(8) service entry in master.cf. +.SH "OBSOLETE STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +These parameters are supported for compatibility with +\fBsmtpd\fR(8) legacy parameters. +.IP "\fBpostscreen_use_tls ($smtpd_use_tls)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBpostscreen_enforce_tls ($smtpd_enforce_tls)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +tlsproxy(8), Postfix TLS proxy server +dnsblog(8), DNS allow/denylist logger +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or "\fBpostconf +html_directory\fR" to locate this information. +.nf +.na +POSTSCREEN_README, Postfix Postscreen Howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. + +Many ideas in \fBpostscreen\fR(8) were explored in earlier +work by Michael Tokarev, in OpenBSD spamd, and in MailChannels +Traffic Control. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/proxymap.8 b/man/man8/proxymap.8 new file mode 100644 index 0000000..e734a2b --- /dev/null +++ b/man/man8/proxymap.8 @@ -0,0 +1,243 @@ +.TH PROXYMAP 8 +.ad +.fi +.SH NAME +proxymap +\- +Postfix lookup table proxy server +.SH "SYNOPSIS" +.na +.nf +\fBproxymap\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBproxymap\fR(8) server provides read\-only or read\-write +table lookup service to Postfix processes. These services are +implemented with distinct service names: \fBproxymap\fR and +\fBproxywrite\fR, respectively. The purpose of these services is: +.IP \(bu +To overcome chroot restrictions. For example, a chrooted SMTP +server needs access to the system passwd file in order to +reject mail for non\-existent local addresses, but it is not +practical to maintain a copy of the passwd file in the chroot +jail. The solution: +.sp +.nf +local_recipient_maps = + proxy:unix:passwd.byname $alias_maps +.fi +.IP \(bu +To consolidate the number of open lookup tables by sharing +one open table among multiple processes. For example, making +mysql connections from every Postfix daemon process results +in "too many connections" errors. The solution: +.sp +.nf +virtual_alias_maps = + proxy:mysql:/etc/postfix/virtual_alias.cf +.fi +.sp +The total number of connections is limited by the number of +proxymap server processes. +.IP \(bu +To provide single\-updater functionality for lookup tables +that do not reliably support multiple writers (i.e. all +file\-based tables). +.PP +The \fBproxymap\fR(8) server implements the following requests: +.IP "\fBopen\fR \fImaptype:mapname flags\fR" +Open the table with type \fImaptype\fR and name \fImapname\fR, +as controlled by \fIflags\fR. The reply includes the \fImaptype\fR +dependent flags (to distinguish a fixed string table from a regular +expression table). +.IP "\fBlookup\fR \fImaptype:mapname flags key\fR" +Look up the data stored under the requested key. +The reply is the request completion status code and +the lookup result value. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.IP "\fBupdate\fR \fImaptype:mapname flags key value\fR" +Update the data stored under the requested key. +The reply is the request completion status code. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.sp +To implement single\-updater maps, specify a process limit +of 1 in the master.cf file entry for the \fBproxywrite\fR +service. +.sp +This request is supported in Postfix 2.5 and later. +.IP "\fBdelete\fR \fImaptype:mapname flags key\fR" +Delete the data stored under the requested key. +The reply is the request completion status code. +The \fImaptype:mapname\fR and \fIflags\fR are the same +as with the \fBopen\fR request. +.sp +This request is supported in Postfix 2.5 and later. +.IP "\fBsequence\fR \fImaptype:mapname flags function\fR" +Iterate over the specified database. The \fIfunction\fR +is one of DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. +The reply is the request completion status code and +a lookup key and result value, if found. +.sp +This request is supported in Postfix 2.9 and later. +.PP +The request completion status is one of OK, RETRY, NOKEY +(lookup failed because the key was not found), BAD (malformed +request) or DENY (the table is not approved for proxy read +or update access). + +There is no \fBclose\fR command, nor are tables implicitly closed +when a client disconnects. The purpose is to share tables among +multiple client processes. +.SH "SERVER PROCESS MANAGEMENT" +.na +.nf +.ad +.fi +\fBproxymap\fR(8) servers run under control by the Postfix +\fBmaster\fR(8) +server. Each server can handle multiple simultaneous connections. +When all servers are busy while a client connects, the \fBmaster\fR(8) +creates a new \fBproxymap\fR(8) server process, provided that the +process limit is not exceeded. +Each server terminates after serving at least \fB$max_use\fR clients +or after \fB$max_idle\fR seconds of idle time. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBproxymap\fR(8) server opens only tables that are +approved via the \fBproxy_read_maps\fR or \fBproxy_write_maps\fR +configuration parameters, does not talk to +users, and can run at fixed low privilege, chrooted or not. +However, running the proxymap server chrooted severely limits +usability, because it can open only chrooted tables. + +The \fBproxymap\fR(8) server is not a trusted daemon process, and must +not be used to look up sensitive information such as UNIX user or +group IDs, mailbox file/directory names or external commands. + +In Postfix version 2.2 and later, the proxymap client recognizes +requests to access a table for security\-sensitive purposes, +and opens the table directly. This allows the same main.cf +setting to be used by sensitive and non\-sensitive processes. + +Postfix\-writable data files should be stored under a dedicated +directory that is writable only by the Postfix mail system, +such as the Postfix\-owned \fBdata_directory\fR. + +In particular, Postfix\-writable files should never exist +in root\-owned directories. That would open up a particular +type of security hole where ownership of a file or directory +does not match the provider of its content. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The \fBproxymap\fR(8) server provides service to multiple clients, +and must therefore not be used for tables that have high\-latency +lookups. + +The \fBproxymap\fR(8) read\-write service does not explicitly +close lookup tables (even if it did, this could not be relied on, +because the process may be terminated between table updates). +The read\-write service should therefore not be used with tables that +leave persistent storage in an inconsistent state between +updates (for example, CDB). Tables that support "sync on +update" should be safe (for example, Berkeley DB) as should +tables that are implemented by a real DBMS. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On busy mail systems a long time may pass before +\fBproxymap\fR(8) relevant +changes to \fBmain.cf\fR are picked up. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBproxy_read_maps (see 'postconf -d' output)\fR" +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-only service. +.PP +Available in Postfix 2.5 and later: +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBproxy_write_maps (see 'postconf -d' output)\fR" +The lookup tables that the \fBproxymap\fR(8) server is allowed to +access for the read\-write service. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +master(5), generic daemon options +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +DATABASE_README, Postfix lookup table overview +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The proxymap service was introduced with Postfix 2.0. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/qmgr.8 b/man/man8/qmgr.8 new file mode 100644 index 0000000..a24af71 --- /dev/null +++ b/man/man8/qmgr.8 @@ -0,0 +1,495 @@ +.TH QMGR 8 +.ad +.fi +.SH NAME +qmgr +\- +Postfix queue manager +.SH "SYNOPSIS" +.na +.nf +\fBqmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBqmgr\fR(8) daemon awaits the arrival of incoming mail +and arranges for its delivery via Postfix delivery processes. +The actual mail routing strategy is delegated to the +\fBtrivial\-rewrite\fR(8) daemon. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +Mail addressed to the local \fBdouble\-bounce\fR address is +logged and discarded. This stops potential loops caused by +undeliverable bounce notifications. +.SH "MAIL QUEUES" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon maintains the following queues: +.IP \fBincoming\fR +Inbound mail from the network, or mail picked up by the +local \fBpickup\fR(8) daemon from the \fBmaildrop\fR directory. +.IP \fBactive\fR +Messages that the queue manager has opened for delivery. Only +a limited number of messages is allowed to enter the \fBactive\fR +queue (leaky bucket strategy, for a fixed delivery rate). +.IP \fBdeferred\fR +Mail that could not be delivered upon the first attempt. The queue +manager implements exponential backoff by doubling the time between +delivery attempts. +.IP \fBcorrupt\fR +Unreadable or damaged queue files are moved here for inspection. +.IP \fBhold\fR +Messages that are kept "on hold" are kept here until someone +sets them free. +.SH "DELIVERY STATUS REPORTS" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon keeps an eye on per\-message delivery status +reports in the following directories. Each status report file has +the same name as the corresponding message file: +.IP \fBbounce\fR +Per\-recipient status information about why mail is bounced. +These files are maintained by the \fBbounce\fR(8) daemon. +.IP \fBdefer\fR +Per\-recipient status information about why mail is delayed. +These files are maintained by the \fBdefer\fR(8) daemon. +.IP \fBtrace\fR +Per\-recipient status information as requested with the +Postfix "\fBsendmail \-v\fR" or "\fBsendmail \-bv\fR" command. +These files are maintained by the \fBtrace\fR(8) daemon. +.PP +The \fBqmgr\fR(8) daemon is responsible for asking the +\fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemons to +send delivery reports. +.SH "STRATEGIES" +.na +.nf +.ad +.fi +The queue manager implements a variety of strategies for +either opening queue files (input) or for message delivery (output). +.IP "\fBleaky bucket\fR" +This strategy limits the number of messages in the \fBactive\fR queue +and prevents the queue manager from running out of memory under +heavy load. +.IP \fBfairness\fR +When the \fBactive\fR queue has room, the queue manager takes one +message from the \fBincoming\fR queue and one from the \fBdeferred\fR +queue. This prevents a large mail backlog from blocking the delivery +of new mail. +.IP "\fBslow start\fR" +This strategy eliminates "thundering herd" problems by slowly +adjusting the number of parallel deliveries to the same destination. +.IP "\fBround robin\fR" +The queue manager sorts delivery requests by destination. +Round\-robin selection prevents one destination from dominating +deliveries to other destinations. +.IP "\fBexponential backoff\fR" +Mail that cannot be delivered upon the first attempt is deferred. +The time interval between delivery attempts is doubled after each +attempt. +.IP "\fBdestination status cache\fR" +The queue manager avoids unnecessary delivery attempts by +maintaining a short\-term, in\-memory list of unreachable destinations. +.IP "\fBpreemptive message scheduling\fR" +The queue manager attempts to minimize the average per\-recipient delay +while still preserving the correct per\-message delays, using +a sophisticated preemptive message scheduling. +.SH "TRIGGERS" +.na +.nf +.ad +.fi +On an idle system, the queue manager waits for the arrival of +trigger events, or it waits for a timer to go off. A trigger +is a one\-byte message. +Depending on the message received, the queue manager performs +one of the following actions (the message is followed by the +symbolic constant used internally by the software): +.IP "\fBD (QMGR_REQ_SCAN_DEFERRED)\fR" +Start a deferred queue scan. If a deferred queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBI (QMGR_REQ_SCAN_INCOMING)\fR" +Start an incoming queue scan. If an incoming queue scan is already +in progress, that scan will be restarted as soon as it finishes. +.IP "\fBA (QMGR_REQ_SCAN_ALL)\fR" +Ignore deferred queue file time stamps. The request affects +the next deferred queue scan. +.IP "\fBF (QMGR_REQ_FLUSH_DEAD)\fR" +Purge all information about dead transports and destinations. +.IP "\fBW (TRIGGER_REQ_WAKEUP)\fR" +Wakeup call, This is used by the master server to instantiate +servers that should not go away forever. The action is to start +an incoming queue scan. +.PP +The \fBqmgr\fR(8) daemon reads an entire buffer worth of triggers. +Multiple identical trigger requests are collapsed into one, and +trigger requests are sorted so that \fBA\fR and \fBF\fR precede +\fBD\fR and \fBI\fR. Thus, in order to force a deferred queue run, +one would request \fBA F D\fR; in order to notify the queue manager +of the arrival of new mail one would request \fBI\fR. +.SH "STANDARDS" +.na +.nf +RFC 3463 (Enhanced status codes) +RFC 3464 (Delivery status notifications) +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBqmgr\fR(8) daemon is not security sensitive. It reads +single\-character messages from untrusted local users, and thus may +be susceptible to denial of service attacks. The \fBqmgr\fR(8) daemon +does not talk to the outside world, and it can be run at fixed low +privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are saved to the \fBcorrupt\fR queue +for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +A single queue manager process has to compete for disk access with +multiple front\-end processes such as \fBcleanup\fR(8). A sudden burst of +inbound mail can negatively impact outbound delivery rates. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically +as \fBqmgr\fR(8) +is a persistent process. Use the "\fBpostfix reload\fR" command after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field in a +\fBmaster.cf\fR entry. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +Available before Postfix version 2.5: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.PP +Available with Postfix version 2.7 and later: +.IP "\fBdefault_filter_nexthop (empty)\fR" +When a content_filter or FILTER request specifies no explicit +next\-hop destination, use $default_filter_nexthop instead; when +that value is empty, use the domain in the recipient address. +.SH "ACTIVE QUEUE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_clog_warn_time (300s)\fR" +The minimal delay between warnings that a specific destination is +clogging up the Postfix active queue. +.IP "\fBqmgr_message_active_limit (20000)\fR" +The maximal number of messages in the active queue. +.IP "\fBqmgr_message_recipient_limit (20000)\fR" +The maximal number of recipients held in memory by the Postfix +queue manager, and the maximal size of the short\-term, +in\-memory "dead" destination status cache. +.IP "\fBqmgr_message_recipient_minimum (10)\fR" +The minimal number of in\-memory recipients for any message. +.IP "\fBdefault_recipient_limit (20000)\fR" +The default per\-transport upper limit on the number of in\-memory +recipients. +.IP "\fBtransport_recipient_limit ($default_recipient_limit)\fR" +A transport\-specific override for the default_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_extra_recipient_limit (1000)\fR" +The default value for the extra per\-transport limit imposed on the +number of in\-memory recipients. +.IP "\fBtransport_extra_recipient_limit ($default_extra_recipient_limit)\fR" +A transport\-specific override for the default_extra_recipient_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 2.4 and later: +.IP "\fBdefault_recipient_refill_limit (100)\fR" +The default per\-transport limit on the number of recipients refilled at +once. +.IP "\fBtransport_recipient_refill_limit ($default_recipient_refill_limit)\fR" +A transport\-specific override for the default_recipient_refill_limit +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_recipient_refill_delay (5s)\fR" +The default per\-transport maximum delay between recipients refills. +.IP "\fBtransport_recipient_refill_delay ($default_recipient_refill_delay)\fR" +A transport\-specific override for the default_recipient_refill_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.SH "DELIVERY CONCURRENCY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBinitial_destination_concurrency (5)\fR" +The initial per\-destination concurrency level for parallel delivery +to the same destination. +.IP "\fBdefault_destination_concurrency_limit (20)\fR" +The default maximal number of parallel deliveries to the same +destination. +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBtransport_initial_destination_concurrency ($initial_destination_concurrency)\fR" +A transport\-specific override for the initial_destination_concurrency +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_destination_concurrency_failed_cohort_limit (1)\fR" +How many pseudo\-cohorts must suffer connection or handshake +failure before a specific destination is considered unavailable +(and further delivery is suspended). +.IP "\fBtransport_destination_concurrency_failed_cohort_limit ($default_destination_concurrency_failed_cohort_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_failed_cohort_limit parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_negative_feedback (1)\fR" +The per\-destination amount of delivery concurrency negative +feedback, after a delivery completes with a connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_negative_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdefault_destination_concurrency_positive_feedback (1)\fR" +The per\-destination amount of delivery concurrency positive +feedback, after a delivery completes without connection or handshake +failure. +.IP "\fBtransport_destination_concurrency_positive_feedback ($default_destination_concurrency_positive_feedback)\fR" +A transport\-specific override for the +default_destination_concurrency_positive_feedback parameter value, +where \fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBdestination_concurrency_feedback_debug (no)\fR" +Make the queue manager's feedback algorithm verbose for performance +analysis purposes. +.SH "RECIPIENT SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_destination_recipient_limit (50)\fR" +The default maximal number of recipients per message delivery. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "MESSAGE SCHEDULING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdefault_delivery_slot_cost (5)\fR" +How often the Postfix queue manager's scheduler is allowed to +preempt delivery of one message with another. +.IP "\fBtransport_delivery_slot_cost ($default_delivery_slot_cost)\fR" +A transport\-specific override for the default_delivery_slot_cost +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_minimum_delivery_slots (3)\fR" +How many recipients a message must have in order to invoke the +Postfix queue manager's scheduling algorithm at all. +.IP "\fBtransport_minimum_delivery_slots ($default_minimum_delivery_slots)\fR" +A transport\-specific override for the default_minimum_delivery_slots +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_delivery_slot_discount (50)\fR" +The default value for transport\-specific _delivery_slot_discount +settings. +.IP "\fBtransport_delivery_slot_discount ($default_delivery_slot_discount)\fR" +A transport\-specific override for the default_delivery_slot_discount +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.IP "\fBdefault_delivery_slot_loan (3)\fR" +The default value for transport\-specific _delivery_slot_loan +settings. +.IP "\fBtransport_delivery_slot_loan ($default_delivery_slot_loan)\fR" +A transport\-specific override for the default_delivery_slot_loan +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.SH "OTHER RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBminimal_backoff_time (300s)\fR" +The minimal time between attempts to deliver a deferred message; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBmaximal_backoff_time (4000s)\fR" +The maximal time between attempts to deliver a deferred message. +.IP "\fBmaximal_queue_lifetime (5d)\fR" +Consider a message as undeliverable, when delivery fails with a +temporary error, and the time in the queue has reached the +maximal_queue_lifetime limit. +.IP "\fBqueue_run_delay (300s)\fR" +The time between deferred queue scans by the queue manager; +prior to Postfix 2.4 the default value was 1000s. +.IP "\fBtransport_retry_time (60s)\fR" +The time between attempts by the Postfix queue manager to contact +a malfunctioning message delivery transport. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBbounce_queue_lifetime (5d)\fR" +Consider a bounce message as undeliverable, when delivery fails +with a temporary error, and the time in the queue has reached the +bounce_queue_lifetime limit. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBdefault_destination_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries to the same destination and over the same message +delivery transport. +.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR" +A transport\-specific override for the default_destination_rate_delay +parameter value, where \fItransport\fR is the master.cf name of +the message delivery transport. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBdefault_transport_rate_delay (0s)\fR" +The default amount of delay that is inserted between individual +message deliveries over the same message delivery transport, +regardless of destination. +.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR" +A transport\-specific override for the default_transport_rate_delay +parameter value, where the initial \fItransport\fR in the parameter +name is the master.cf name of the message delivery transport. +.SH "SAFETY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmgr_daemon_timeout (1000s)\fR" +How much time a Postfix queue manager process may take to handle +a request before it is terminated by a built\-in watchdog timer. +.IP "\fBqmgr_ipc_timeout (60s)\fR" +The time limit for the queue manager to send or receive information +over an internal communication channel. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBaddress_verify_pending_request_limit (see 'postconf -d' output)\fR" +A safety limit that prevents address verification requests from +overwhelming the Postfix queue. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdefer_transports (empty)\fR" +The names of message delivery transports that should not deliver mail +unless someone issues "\fBsendmail \-q\fR" or equivalent. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBconfirm_delay_cleared (no)\fR" +After sending a "your message is delayed" notification, inform +the sender when the delay clears up. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "FILES" +.na +.nf +/var/spool/postfix/incoming, incoming queue +/var/spool/postfix/active, active queue +/var/spool/postfix/deferred, deferred queue +/var/spool/postfix/bounce, non\-delivery status +/var/spool/postfix/defer, non\-delivery status +/var/spool/postfix/trace, delivery status +.SH "SEE ALSO" +.na +.nf +trivial\-rewrite(8), address routing +bounce(8), delivery status reports +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +SCHEDULER_README, scheduling algorithm +QSHAPE_README, Postfix queue analysis +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Preemptive scheduler enhancements: +Patrik Rak +Modra 6 +155 00, Prague, Czech Republic + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/qmqpd.8 b/man/man8/qmqpd.8 new file mode 100644 index 0000000..9ee6267 --- /dev/null +++ b/man/man8/qmqpd.8 @@ -0,0 +1,214 @@ +.TH QMQPD 8 +.ad +.fi +.SH NAME +qmqpd +\- +Postfix QMQP server +.SH "SYNOPSIS" +.na +.nf +\fBqmqpd\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The Postfix QMQP server receives one message per connection. +Each message is piped through the \fBcleanup\fR(8) +daemon, and is placed into the \fBincoming\fR queue as one +single queue file. The program expects to be run from the +\fBmaster\fR(8) process manager. + +The QMQP server implements one access policy: only explicitly +authorized client hosts are allowed to use the service. +.SH "SECURITY" +.na +.nf +.ad +.fi +The QMQP server is moderately security\-sensitive. It talks to QMQP +clients and to DNS servers on the network. The QMQP server can be +run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The QMQP protocol provides only one server reply per message +delivery. It is therefore not possible to reject individual +recipients. + +The QMQP protocol requires the server to receive the entire +message before replying. If a message is malformed, or if any +netstring component is longer than acceptable, Postfix replies +immediately and closes the connection. It is left up to the +client to handle the situation. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBqmqpd\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBhopcount_limit (50)\fR" +The maximal number of Received: message headers that is allowed +in the primary message headers. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.IP "\fBqmqpd_timeout (300s)\fR" +The time limit for sending or receiving information over the network. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a nexthop destination, +remote client or server name or network address matches a pattern +given with the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of nexthop destination, remote client or server +name or network address patterns that, if matched, cause the verbose +logging level to increase by the amount specified in $debug_peer_level. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.SH "TARPIT CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBqmqpd_error_delay (1s)\fR" +How long the Postfix QMQP server will pause before sending a negative +reply to the remote QMQP client. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqmqpd_authorized_clients (empty)\fR" +What remote QMQP clients are allowed to connect to the Postfix QMQP +server port. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.IP "\fBverp_delimiter_filter (\-=+)\fR" +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBqmqpd_client_port_logging (no)\fR" +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +http://cr.yp.to/proto/qmqp.html, QMQP protocol +cleanup(8), message canonicalization +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +QMQP_README, Postfix ezmlm\-idx howto. +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +The qmqpd service was introduced with Postfix version 1.1. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/scache.8 b/man/man8/scache.8 new file mode 100644 index 0000000..7f9fe49 --- /dev/null +++ b/man/man8/scache.8 @@ -0,0 +1,178 @@ +.TH SCACHE 8 +.ad +.fi +.SH NAME +scache +\- +Postfix shared connection cache server +.SH "SYNOPSIS" +.na +.nf +\fBscache\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBscache\fR(8) server maintains a shared multi\-connection +cache. This information can be used by, for example, Postfix +SMTP clients or other Postfix delivery agents. + +The connection cache is organized into logical destination +names, physical endpoint names, and connections. + +As a specific example, logical SMTP destinations specify +(transport, domain, port), and physical SMTP endpoints +specify (transport, IP address, port). An SMTP connection +may be saved after a successful mail transaction. + +In the general case, one logical destination may refer to +zero or more physical endpoints, one physical endpoint may +be referenced by zero or more logical destinations, and +one endpoint may refer to zero or more connections. + +The exact syntax of a logical destination or endpoint name +is application dependent; the \fBscache\fR(8) server does +not care. A connection is stored as a file descriptor together +with application\-dependent information that is needed to +re\-activate a connection object. Again, the \fBscache\fR(8) +server is completely unaware of the details of that +information. + +All information is stored with a finite time to live (ttl). +The connection cache daemon terminates when no client is +connected for \fBmax_idle\fR time units. + +This server implements the following requests: +.IP "\fBsave_endp\fI ttl endpoint endpoint_properties file_descriptor\fR" +Save the specified file descriptor and connection property data +under the specified endpoint name. The endpoint properties +are used by the client to re\-activate a passivated connection +object. +.IP "\fBfind_endp\fI endpoint\fR" +Look up cached properties and a cached file descriptor for the +specified endpoint. +.IP "\fBsave_dest\fI ttl destination destination_properties endpoint\fR" +Save the binding between a logical destination and an +endpoint under the destination name, together with destination +specific connection properties. The destination properties +are used by the client to re\-activate a passivated connection +object. +.IP "\fBfind_dest\fI destination\fR" +Look up cached destination properties, cached endpoint properties, +and a cached file descriptor for the specified logical destination. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBscache\fR(8) server is not security\-sensitive. It does not +talk to the network, and it does not talk to local users. +The \fBscache\fR(8) server can run chrooted at fixed low privilege. + +The \fBscache\fR(8) server is not a trusted process. It must +not be used to store information that is security sensitive. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +The session cache cannot be shared among multiple machines. + +When a connection expires from the cache, it is closed without +the appropriate protocol specific handshake. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBscache\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconnection_cache_ttl_limit (2s)\fR" +The maximal time\-to\-live value that the \fBscache\fR(8) connection +cache server +allows. +.IP "\fBconnection_cache_status_update_time (600s)\fR" +How frequently the \fBscache\fR(8) server logs usage statistics with +connection cache hit and miss rates for logical destinations and for +physical endpoints. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtp(8), SMTP client +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +CONNECTION_CACHE_README, Postfix connection cache +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/showq.8 b/man/man8/showq.8 new file mode 100644 index 0000000..624ae74 --- /dev/null +++ b/man/man8/showq.8 @@ -0,0 +1,125 @@ +.TH SHOWQ 8 +.ad +.fi +.SH NAME +showq +\- +list the Postfix mail queue +.SH "SYNOPSIS" +.na +.nf +\fBshowq\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBshowq\fR(8) daemon reports the Postfix mail queue status. +The output is meant to be formatted by the postqueue(1) command, +as it emulates the Sendmail `mailq' command. + +The \fBshowq\fR(8) daemon can also be run in stand\-alone mode +by the superuser. This mode of operation is used to emulate +the `mailq' command while the Postfix mail system is down. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBshowq\fR(8) daemon can run in a chroot jail at fixed low +privilege, and takes no input from the client. Its service port +is accessible to local untrusted users, so the service can be +susceptible to denial of service attacks. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The \fBshowq\fR(8) daemon does not interact with the +outside world. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBshowq\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBduplicate_filter_limit (1000)\fR" +The maximal number of addresses remembered by the address +duplicate filter for \fBaliases\fR(5) or \fBvirtual\fR(5) alias expansion, or +for \fBshowq\fR(8) queue displays. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.9 and later: +.IP "\fBenable_long_queue_ids (no)\fR" +Enable long, non\-repeating, queue IDs (queue file names). +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "FILES" +.na +.nf +/var/spool/postfix, queue directories +.SH "SEE ALSO" +.na +.nf +pickup(8), local mail pickup service +cleanup(8), canonicalize and enqueue mail +qmgr(8), queue manager +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/smtp.8 b/man/man8/smtp.8 new file mode 100644 index 0000000..543ef78 --- /dev/null +++ b/man/man8/smtp.8 @@ -0,0 +1,975 @@ +.TH SMTP 8 +.ad +.fi +.SH NAME +smtp +\- +Postfix SMTP+LMTP client +.SH "SYNOPSIS" +.na +.nf +\fBsmtp\fR [generic Postfix daemon options] [flags=DORX] +.SH DESCRIPTION +.ad +.fi +The Postfix SMTP+LMTP client implements the SMTP and LMTP mail +delivery protocols. It processes message delivery requests from +the queue manager. Each request specifies a queue file, a sender +address, a domain or host to deliver to, and recipient information. +This program expects to be run from the \fBmaster\fR(8) process +manager. + +The SMTP+LMTP client updates the queue file and marks recipients +as finished, or it informs the queue manager that delivery should +be tried again at a later time. Delivery status reports are sent +to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as +appropriate. + +The SMTP+LMTP client looks up a list of mail exchanger addresses for +the destination host, sorts the list by preference, and connects +to each listed address until it finds a server that responds. + +When a server is not reachable, or when mail delivery fails due +to a recoverable error condition, the SMTP+LMTP client will try to +deliver the mail to an alternate host. + +After a successful mail transaction, a connection may be saved +to the \fBscache\fR(8) connection cache server, so that it +may be used by any SMTP+LMTP client for a subsequent transaction. + +By default, connection caching is enabled temporarily for +destinations that have a high volume of mail in the active +queue. Connection caching can be enabled permanently for +specific destinations. +.SH "SMTP DESTINATION SYNTAX" +.na +.nf +.ad +.fi +The Postfix SMTP+LMTP client supports multiple destinations +separated by comma or whitespace (Postfix 3.5 and later). +SMTP destinations have the following form: +.IP \fIdomainname\fR +.IP \fIdomainname\fR:\fIport\fR +Look up the mail exchangers for the specified domain, and +connect to the specified port (default: \fBsmtp\fR). +.IP [\fIhostname\fR] +.IP [\fIhostname\fR]:\fIport\fR +Look up the address(es) of the specified host, and connect to +the specified port (default: \fBsmtp\fR). +.IP [\fIaddress\fR] +.IP [\fIaddress\fR]:\fIport\fR +Connect to the host at the specified address, and connect +to the specified port (default: \fBsmtp\fR). An IPv6 address +must be formatted as [\fBipv6\fR:\fIaddress\fR]. +.SH "LMTP DESTINATION SYNTAX" +.na +.nf +.ad +.fi +The Postfix SMTP+LMTP client supports multiple destinations +separated by comma or whitespace (Postfix 3.5 and later). +LMTP destinations have the following form: +.IP \fBunix\fR:\fIpathname\fR +Connect to the local UNIX\-domain server that is bound to the specified +\fIpathname\fR. If the process runs chrooted, an absolute pathname +is interpreted relative to the Postfix queue directory. +.IP \fBinet\fR:\fIhostname\fR +.IP \fBinet\fR:\fIhostname\fR:\fIport\fR +.IP \fBinet\fR:[\fIaddress\fR] +.IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR +Connect to the specified TCP port on the specified local or +remote host. If no port is specified, connect to the port defined as +\fBlmtp\fR in \fBservices\fR(4). +If no such service is found, the \fBlmtp_tcp_port\fR configuration +parameter (default value of 24) will be used. +An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. +.SH "SINGLE-RECIPIENT DELIVERY" +.na +.nf +.ad +.fi +By default, the Postfix SMTP+LMTP client delivers mail to +multiple recipients per delivery request. This is undesirable +when prepending a \fBDelivered\-to:\fR or \fBX\-Original\-To:\fR +message header. To prevent Postfix from sending multiple +recipients per delivery request, specify +.sp +.nf + \fItransport\fB_destination_recipient_limit = 1\fR +.fi + +in the Postfix \fBmain.cf\fR file, where \fItransport\fR +is the name in the first column of the Postfix \fBmaster.cf\fR +entry for this mail delivery service. +.SH "COMMAND ATTRIBUTE SYNTAX" +.na +.nf +.ad +.fi +.IP "\fBflags=DORX\fR (optional)" +Optional message processing flags. +.RS +.IP \fBD\fR +Prepend a "\fBDelivered\-To: \fIrecipient\fR" message header +with the envelope recipient address. Note: for this to work, +the \fItransport\fB_destination_recipient_limit\fR must be +1 (see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +The \fBD\fR flag also enforces loop detection: if a message +already contains a \fBDelivered\-To:\fR header with the same +recipient address, then the message is returned as +undeliverable. The address comparison is case insensitive. +.sp +This feature is available as of Postfix 3.5. +.IP \fBO\fR +Prepend an "\fBX\-Original\-To: \fIrecipient\fR" message +header with the recipient address as given to Postfix. Note: +for this to work, the +\fItransport\fB_destination_recipient_limit\fR must be 1 +(see SINGLE\-RECIPIENT DELIVERY above for details). +.sp +This feature is available as of Postfix 3.5. +.IP \fBR\fR +Prepend a "\fBReturn\-Path: <\fIsender\fB>\fR" message header +with the envelope sender address. +.sp +This feature is available as of Postfix 3.5. +.IP \fBX\fR +Indicates that the delivery is final. This flag affects +the status reported in "success" DSN (delivery status +notification) messages, and changes it from "relayed" into +"delivered". +.sp +This feature is available as of Postfix 3.5. +.RE +.SH "SECURITY" +.na +.nf +The SMTP+LMTP client is moderately security\-sensitive. It +talks to SMTP or LMTP servers and to DNS servers on the +network. The SMTP+LMTP client can be run chrooted at fixed +low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 822 (ARPA Internet Text Messages) +RFC 1651 (SMTP service extensions) +RFC 1652 (8bit\-MIME transport) +RFC 1870 (Message Size Declaration) +RFC 2033 (LMTP protocol) +RFC 2034 (SMTP Enhanced Error Codes) +RFC 2045 (MIME: Format of Internet Message Bodies) +RFC 2046 (MIME: Media Types) +RFC 2554 (AUTH command) +RFC 2821 (SMTP protocol) +RFC 2920 (SMTP Pipelining) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN Extension) +RFC 3463 (Enhanced Status Codes) +RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) +RFC 6531 (Internationalized SMTP) +RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7672 (SMTP security via opportunistic DANE TLS) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue manager can +move them to the \fBcorrupt\fR queue for further inspection. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces, protocol problems, and of +other trouble. +.SH BUGS +.ad +.fi +SMTP and LMTP connection reuse for TLS (without closing the +SMTP or LMTP connection) is not supported before Postfix 3.4. + +SMTP and LMTP connection reuse assumes that SASL credentials +are valid for all destinations that map onto the same IP +address and TCP port. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Before Postfix version 2.3, the LMTP client is a separate +program that implements only a subset of the functionality +available with SMTP: there is no support for TLS, and +connections are cached in\-process, making it ineffective +when the client is used for multiple domains. + +Most smtp_\fIxxx\fR configuration parameters have an +lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP +feature. This document describes only those LMTP\-related +parameters that aren't simply "mirror" parameters. + +Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBignore_mx_lookup_error (no)\fR" +Ignore DNS MX lookups that produce no response. +.IP "\fBsmtp_always_send_ehlo (yes)\fR" +Always send EHLO at the start of an SMTP session. +.IP "\fBsmtp_never_send_ehlo (no)\fR" +Never send EHLO at the start of an SMTP session. +.IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" +Defer mail delivery when no MX record resolves to an IP address. +.IP "\fBsmtp_line_length_limit (998)\fR" +The maximal length of message header and body lines that Postfix +will send via SMTP. +.IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" +How long the Postfix SMTP client pauses before sending +".<CR><LF>" in order to work around the PIX firewall +"<CR><LF>.<CR><LF>" bug. +.IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" +How long a message must be queued before the Postfix SMTP client +turns on the PIX firewall "<CR><LF>.<CR><LF>" +bug workaround for delivery through firewalls with "smtp fixup" +mode turned on. +.IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" +A list that specifies zero or more workarounds for CISCO PIX +firewall bugs. +.IP "\fBsmtp_pix_workaround_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP server address, with +per\-destination workarounds for CISCO PIX firewall bugs. +.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" +Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands +as required +by RFC 5321. +.IP "\fBsmtp_reply_filter (empty)\fR" +A mechanism to transform replies from remote SMTP servers one +line at a time. +.IP "\fBsmtp_skip_5xx_greeting (yes)\fR" +Skip remote SMTP servers that greet with a 5XX status code. +.IP "\fBsmtp_skip_quit_response (yes)\fR" +Do not wait for the response to the SMTP QUIT command. +.PP +Available in Postfix version 2.0 and earlier: +.IP "\fBsmtp_skip_4xx_greeting (yes)\fR" +Skip SMTP servers that greet with a 4XX status code (go away, try +again later). +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP server address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP client will ignore in the EHLO response from a +remote SMTP server. +.IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP client will ignore in the EHLO +response from a remote SMTP server. +.IP "\fBsmtp_generic_maps (empty)\fR" +Optional lookup tables that perform address rewriting in the +Postfix SMTP client, typically to transform a locally valid address into +a globally valid address when sending mail across the Internet. +.PP +Available in Postfix version 2.2.9 and later: +.IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" +When the remote SMTP servername is a DNS CNAME, replace the +servername with the result from CNAME expansion for the purpose of +logging, SASL password lookup, TLS +policy decisions, or TLS certificate verification. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote LMTP server address, with +case insensitive lists of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. +.IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" +A case insensitive list of LHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix LMTP client will ignore in the LHLO +response +from a remote LMTP server. +.PP +Available in Postfix version 2.4.4 and later: +.IP "\fBsend_cyrus_sasl_authzid (no)\fR" +When authenticating to a remote SMTP or LMTP server with the +default setting "no", send no SASL authoriZation ID (authzid); send +only the SASL authentiCation ID (authcid) plus the authcid's password. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_header_checks (empty)\fR" +Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. +.IP "\fBsmtp_mime_header_checks (empty)\fR" +Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP +client. +.IP "\fBsmtp_nested_header_checks (empty)\fR" +Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP +client. +.IP "\fBsmtp_body_checks (empty)\fR" +Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBtcp_windowsize (0)\fR" +An optional workaround for routers that break TCP window scaling. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBsmtp_dns_resolver_options (empty)\fR" +DNS Resolver options for the Postfix SMTP client. +.PP +Available in Postfix version 2.9 \- 3.6: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_send_dummy_mail_auth (no)\fR" +Whether or not to append the "AUTH=<>" option to the MAIL +FROM command in SASL\-authenticated SMTP sessions. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_dns_support_level (empty)\fR" +Level of DNS support in the Postfix SMTP client. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBsmtp\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.IP "\fBsmtp_dns_reply_filter (empty)\fR" +Optional filter for Postfix SMTP client DNS lookup results. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBsmtp_balance_inet_protocols (yes)\fR" +When a remote destination resolves to a combination of IPv4 and +IPv6 addresses, ensure that the Postfix SMTP client can try both +address types before it runs into the smtp_mx_address_limit. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.PP +Available in Postfix 3.6 and later: +.IP "\fBdnssec_probe (ns:.)\fR" +The DNS query type (default: "ns") and DNS query name (default: +".") that Postfix may use to determine whether DNSSEC validation +is available. +.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR" +Optional setting that avoids lookups in the \fBservices\fR(5) database. +.PP +Available in Postfix version 3.7 and later: +.IP "\fBsmtp_per_request_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per plaintext or TLS read or write call, to a combined +time limit for sending a complete SMTP request and for receiving a +complete SMTP response. +.IP "\fBsmtp_min_data_rate (500)\fR" +The minimum plaintext data transfer rate in bytes/second for +DATA requests, when deadlines are enabled with smtp_per_request_deadline. +.IP "\fBheader_from_format (standard)\fR" +The format of the Postfix\-generated \fBFrom:\fR header. +.SH "MIME PROCESSING CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.0 and later: +.IP "\fBdisable_mime_output_conversion (no)\fR" +Disable the conversion of 8BITMIME format to 7BIT format. +.IP "\fBmime_boundary_length_limit (2048)\fR" +The maximal length of MIME multipart boundary strings. +.IP "\fBmime_nesting_limit (100)\fR" +The maximal recursion level that the MIME processor will handle. +.SH "EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +Available in Postfix version 2.1 and later: +.IP "\fBsmtp_send_xforward_command (no)\fR" +Send the non\-standard XFORWARD command when the Postfix SMTP server +EHLO response announces XFORWARD support. +.SH "SASL AUTHENTICATION CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBsmtp_sasl_auth_enable (no)\fR" +Enable SASL authentication in the Postfix SMTP client. +.IP "\fBsmtp_sasl_password_maps (empty)\fR" +Optional Postfix SMTP client lookup tables with one username:password +entry per sender, remote hostname or next\-hop domain. +.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" +Postfix SMTP client SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL client implementation that is selected +with \fBsmtp_sasl_type\fR. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" +If non\-empty, a Postfix SMTP client filter for the remote SMTP +server's list of offered SASL mechanisms. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtp_sender_dependent_authentication (no)\fR" +Enable sender\-dependent authentication in the Postfix SMTP client; this is +available only with SASL authentication, and disables SMTP connection +caching to ensure that mail from different senders will use the +appropriate credentials. +.IP "\fBsmtp_sasl_path (empty)\fR" +Implementation\-specific information that the Postfix SMTP client +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtp_sasl_type\fR. +.IP "\fBsmtp_sasl_type (cyrus)\fR" +The SASL plug\-in type that the Postfix SMTP client should use +for authentication. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" +An optional table to prevent repeated SASL authentication +failures with the same remote SMTP server hostname, username and +password. +.IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" +The maximal age of an smtp_sasl_auth_cache_name entry before it +is removed. +.IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" +When a remote SMTP server rejects a SASL authentication request +with a 535 reply code, defer mail delivery instead of returning +mail as undeliverable. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBsmtp_send_dummy_mail_auth (no)\fR" +Whether or not to append the "AUTH=<>" option to the MAIL +FROM command in SASL\-authenticated SMTP sessions. +.SH "STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +Detailed information about STARTTLS configuration may be found +in the TLS_README document. +.IP "\fBsmtp_tls_security_level (empty)\fR" +The default SMTP TLS security level for the Postfix SMTP client; +when a non\-empty value is specified, this overrides the obsolete +parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. +.IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions. +.IP "\fBsmtp_starttls_timeout (300s)\fR" +Time limit for Postfix SMTP client write and read operations +during TLS startup and shutdown handshake procedures. +.IP "\fBsmtp_tls_CAfile (empty)\fR" +A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +.IP "\fBsmtp_tls_CApath (empty)\fR" +Directory with PEM format Certification Authority certificates +that the Postfix SMTP client uses to verify a remote SMTP server +certificate. +.IP "\fBsmtp_tls_cert_file (empty)\fR" +File with the Postfix SMTP client RSA certificate in PEM format. +.IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP client will +use with +mandatory TLS encryption. +.IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" +List of ciphers or cipher types to exclude from the Postfix +SMTP client cipher +list at all TLS security levels. +.IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP client cipher list at mandatory TLS security levels. +.IP "\fBsmtp_tls_dcert_file (empty)\fR" +File with the Postfix SMTP client DSA certificate in PEM format. +.IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" +File with the Postfix SMTP client DSA private key in PEM format. +.IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" +File with the Postfix SMTP client RSA private key in PEM format. +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_note_starttls_offer (no)\fR" +Log the hostname of a remote SMTP server that offers STARTTLS, +when TLS is not already enabled for that server. +.IP "\fBsmtp_tls_policy_maps (empty)\fR" +Optional lookup tables with the Postfix SMTP client TLS security +policy by next\-hop destination; when a non\-empty value is specified, +this overrides the obsolete smtp_tls_per_site parameter. +.IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR" +TLS protocols that the Postfix SMTP client will use with mandatory +TLS encryption. +.IP "\fBsmtp_tls_scert_verifydepth (9)\fR" +The verification depth for remote SMTP server certificates. +.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot\-nexthop)\fR" +How the Postfix SMTP client verifies the server certificate +peername for the "secure" TLS security level. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP client TLS session cache +information. +.IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" +How the Postfix SMTP client verifies the server certificate +peername for the +"verify" TLS security level. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.PP +Available in Postfix version 2.4 and later: +.IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +client uses for TLS encrypted SMTP sessions with a verified server +certificate. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" +List of acceptable remote SMTP server certificate fingerprints for +the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = +fingerprint). +.IP "\fBsmtp_tls_fingerprint_digest (see 'postconf -d' output)\fR" +The message digest algorithm used to construct remote SMTP server +certificate fingerprints. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBsmtp_tls_protocols (see postconf -d output)\fR" +TLS protocols that the Postfix SMTP client will use with +opportunistic TLS encryption. +.IP "\fBsmtp_tls_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP client +will use with opportunistic TLS encryption. +.IP "\fBsmtp_tls_eccert_file (empty)\fR" +File with the Postfix SMTP client ECDSA certificate in PEM format. +.IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" +File with the Postfix SMTP client ECDSA private key in PEM format. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" +Try to detect a mail hijacking attack based on a TLS protocol +vulnerability (CVE\-2009\-3555), where an attacker prepends malicious +HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.PP +Available in Postfix version 2.11\-3.1: +.IP "\fBtls_dane_digest_agility (on)\fR" +Configure RFC7671 DANE TLSA digest algorithm agility. +.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" +Enable support for RFC 6698 (DANE TLSA) DNS records that contain +digests of trust\-anchors with certificate usage "2". +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" +Zero or more PEM\-format files with trust\-anchor certificates +and/or public keys. +.IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" +Lookup the associated DANE TLSA RRset even when a hostname is +not an alias and its address records lie in an unsigned zone. +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtp_tls_wrappermode (no)\fR" +Request that the Postfix SMTP client connects using the +legacy SMTPS protocol instead of using the STARTTLS command. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" +The TLS policy for MX hosts with "secure" TLSA records when the +nexthop destination security level is \fBdane\fR, but the MX +record was found via an "insecure" MX lookup. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtp_tls_connection_reuse (no)\fR" +Try to make multiple deliveries per TLS\-encrypted connection. +.IP "\fBsmtp_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBsmtp_tls_servername (empty)\fR" +Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. +.PP +Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shutting +down a TLS session, until Postfix times out. +.PP +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: +.IP "\fBtls_config_file (default)\fR" +Optional configuration file with baseline OpenSSL settings. +.IP "\fBtls_config_name (empty)\fR" +The application name passed by Postfix to OpenSSL library +initialization functions. +.SH "OBSOLETE STARTTLS CONTROLS" +.na +.nf +.ad +.fi +The following configuration parameters exist for compatibility +with Postfix versions before 2.3. Support for these will +be removed in a future release. +.IP "\fBsmtp_use_tls (no)\fR" +Opportunistic mode: use TLS when a remote SMTP server announces +STARTTLS support, otherwise send the mail in the clear. +.IP "\fBsmtp_enforce_tls (no)\fR" +Enforcement mode: require that remote SMTP servers use TLS +encryption, and never send mail in the clear. +.IP "\fBsmtp_tls_enforce_peername (yes)\fR" +With mandatory TLS encryption, require that the remote SMTP +server hostname matches the information in the remote SMTP server +certificate. +.IP "\fBsmtp_tls_per_site (empty)\fR" +Optional lookup tables with the Postfix SMTP client TLS usage +policy by next\-hop destination and by remote SMTP server hostname. +.IP "\fBsmtp_tls_cipherlist (empty)\fR" +Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS +cipher list. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBsmtp_connect_timeout (30s)\fR" +The Postfix SMTP client time limit for completing a TCP connection, or +zero (use the operating system built\-in time limit). +.IP "\fBsmtp_helo_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the HELO or EHLO command, +and for receiving the initial remote SMTP server response. +.IP "\fBlmtp_lhlo_timeout (300s)\fR" +The Postfix LMTP client time limit for sending the LHLO command, +and for receiving the initial remote LMTP server response. +.IP "\fBsmtp_xforward_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the XFORWARD command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_mail_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the MAIL FROM command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_rcpt_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the SMTP RCPT TO +command, and for receiving the remote SMTP server response. +.IP "\fBsmtp_data_init_timeout (120s)\fR" +The Postfix SMTP client time limit for sending the SMTP DATA command, +and for receiving the remote SMTP server response. +.IP "\fBsmtp_data_xfer_timeout (180s)\fR" +The Postfix SMTP client time limit for sending the SMTP message content. +.IP "\fBsmtp_data_done_timeout (600s)\fR" +The Postfix SMTP client time limit for sending the SMTP ".", and +for receiving the remote SMTP server response. +.IP "\fBsmtp_quit_timeout (300s)\fR" +The Postfix SMTP client time limit for sending the QUIT command, +and for receiving the remote SMTP server response. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtp_mx_address_limit (5)\fR" +The maximal number of MX (mail exchanger) IP addresses that can +result from Postfix SMTP client mail exchanger lookups, or zero (no +limit). +.IP "\fBsmtp_mx_session_limit (2)\fR" +The maximal number of SMTP sessions per delivery request before +the Postfix SMTP client +gives up or delivers to a fall\-back relay host, or zero (no +limit). +.IP "\fBsmtp_rset_timeout (20s)\fR" +The Postfix SMTP client time limit for sending the RSET command, +and for receiving the remote SMTP server response. +.PP +Available in Postfix version 2.2 and earlier: +.IP "\fBlmtp_cache_connection (yes)\fR" +Keep Postfix LMTP client connections open for up to $max_idle +seconds. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtp_connection_cache_destinations (empty)\fR" +Permanently enable SMTP connection caching for the specified +destinations. +.IP "\fBsmtp_connection_cache_on_demand (yes)\fR" +Temporarily enable SMTP connection caching while a destination +has a high volume of mail in the active queue. +.IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" +The amount of time during which Postfix will use an SMTP +connection repeatedly. +.IP "\fBsmtp_connection_cache_time_limit (2s)\fR" +When SMTP connection caching is enabled, the amount of time that +an unused SMTP client socket is kept open before it is closed. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBconnection_cache_protocol_timeout (5s)\fR" +Time limit for connection cache connect, send or receive +operations. +.PP +Available in Postfix version 2.9 \- 3.6: +.IP "\fBsmtp_per_record_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtp_connection_reuse_count_limit (0)\fR" +When SMTP connection caching is enabled, the number of times +that an SMTP session may be reused before it is closed, or zero (no +limit). +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtp_tls_connection_reuse (no)\fR" +Try to make multiple deliveries per TLS\-encrypted connection. +.PP +Available in Postfix version 3.7 and later: +.IP "\fBsmtp_per_request_deadline (no)\fR" +Change the behavior of the smtp_*_timeout time limits, from a +time limit per plaintext or TLS read or write call, to a combined +time limit for sending a complete SMTP request and for receiving a +complete SMTP response. +.IP "\fBsmtp_min_data_rate (500)\fR" +The minimum plaintext data transfer rate in bytes/second for +DATA requests, when deadlines are enabled with smtp_per_request_deadline. +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +A transport\-specific override for the +default_destination_concurrency_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" +A transport\-specific override for the +default_destination_recipient_limit parameter value, where +\fItransport\fR is the master.cf name of the message delivery +transport. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a nexthop destination, +remote client or server name or network address matches a pattern +given with the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of nexthop destination, remote client or server +name or network address patterns that, if matched, cause the verbose +logging level to increase by the amount specified in $debug_peer_level. +.IP "\fBerror_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications about mail delivery +problems that are caused by policy, resource, software or protocol +errors. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBbest_mx_transport (empty)\fR" +Where the Postfix SMTP client should deliver mail when it detects +a "mail loops back to myself" error condition. +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBdisable_dns_lookups (no)\fR" +Disable DNS lookups in the Postfix SMTP and LMTP clients. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBinet_protocols (see 'postconf -d output')\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBlmtp_assume_final (no)\fR" +When a remote LMTP server announces no DSN support, assume that +the +server performs final delivery, and send "delivered" delivery status +notifications instead of "relayed". +.IP "\fBlmtp_tcp_port (24)\fR" +The default TCP port that the Postfix LMTP client connects to. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBsmtp_address_preference (any)\fR" +The address type ("ipv6", "ipv4" or "any") that the Postfix +SMTP client will try first, when a destination has IPv6 and IPv4 +addresses with equal MX preference. +.IP "\fBsmtp_bind_address (empty)\fR" +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv4 connection. +.IP "\fBsmtp_bind_address6 (empty)\fR" +An optional numerical network address that the Postfix SMTP client +should bind to when making an IPv6 connection. +.IP "\fBsmtp_helo_name ($myhostname)\fR" +The hostname to send in the SMTP HELO or EHLO command. +.IP "\fBlmtp_lhlo_name ($myhostname)\fR" +The hostname to send in the LMTP LHLO command. +.IP "\fBsmtp_host_lookup (dns)\fR" +What mechanisms the Postfix SMTP client uses to look up a host's +IP address. +.IP "\fBsmtp_randomize_addresses (yes)\fR" +Randomize the order of equal\-preference MX host addresses. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available with Postfix 2.2 and earlier: +.IP "\fBfallback_relay (empty)\fR" +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 2.3 and later: +.IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" +Optional list of relay hosts for SMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 3.0 and later: +.IP "\fBsmtp_address_verify_target (rcpt)\fR" +In the context of email address verification, the SMTP protocol +stage that determines whether an email address is deliverable. +.PP +Available with Postfix 3.1 and later: +.IP "\fBlmtp_fallback_relay (empty)\fR" +Optional list of relay hosts for LMTP destinations that can't be +found or that are unreachable. +.PP +Available with Postfix 3.2 and later: +.IP "\fBsmtp_tcp_port (smtp)\fR" +The default TCP port that the Postfix SMTP client connects to. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.7 and later: +.IP "\fBsmtp_bind_address_enforce (no)\fR" +Defer delivery when the Postfix SMTP client cannot apply the +smtp_bind_address or smtp_bind_address6 setting. +.SH "SEE ALSO" +.na +.nf +generic(5), output address rewriting +header_checks(5), message header content inspection +body_checks(5), body parts content inspection +qmgr(8), queue manager +bounce(8), delivery status reports +scache(8), connection cache server +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +tlsmgr(8), TLS session and PRNG management +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +SASL_README, Postfix SASL howto +TLS_README, Postfix STARTTLS howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +Command pipelining in cooperation with: +Jon Ribbens +Oaktree Internet Solutions Ltd., +Internet House, +Canal Basin, +Coventry, +CV1 4LY, United Kingdom. + +SASL support originally by: +Till Franke +SuSE Rhein/Main AG +65760 Eschborn, Germany + +TLS support originally by: +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Revised TLS and SMTP connection cache support by: +Victor Duchovni +Morgan Stanley diff --git a/man/man8/smtpd.8 b/man/man8/smtpd.8 new file mode 100644 index 0000000..4401396 --- /dev/null +++ b/man/man8/smtpd.8 @@ -0,0 +1,1281 @@ +.TH SMTPD 8 +.ad +.fi +.SH NAME +smtpd +\- +Postfix SMTP server +.SH "SYNOPSIS" +.na +.nf +\fBsmtpd\fR [generic Postfix daemon options] + +\fBsendmail \-bs\fR +.SH DESCRIPTION +.ad +.fi +The SMTP server accepts network connection requests +and performs zero or more SMTP transactions per connection. +Each received message is piped through the \fBcleanup\fR(8) +daemon, and is placed into the \fBincoming\fR queue as one +single queue file. For this mode of operation, the program +expects to be run from the \fBmaster\fR(8) process manager. + +Alternatively, the SMTP server be can run in stand\-alone +mode; this is traditionally obtained with "\fBsendmail +\-bs\fR". When the SMTP server runs stand\-alone with non +$\fBmail_owner\fR privileges, it receives mail even while +the mail system is not running, deposits messages directly +into the \fBmaildrop\fR queue, and disables the SMTP server's +access policies. As of Postfix version 2.3, the SMTP server +refuses to receive mail from the network when it runs with +non $\fBmail_owner\fR privileges. + +The SMTP server implements a variety of policies for connection +requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR +and \fBRCPT TO\fR commands. They are detailed below and in the +\fBmain.cf\fR configuration file. +.SH "SECURITY" +.na +.nf +.ad +.fi +The SMTP server is moderately security\-sensitive. It talks to SMTP +clients and to DNS servers on the network. The SMTP server can be +run chrooted at fixed low privilege. +.SH "STANDARDS" +.na +.nf +RFC 821 (SMTP protocol) +RFC 1123 (Host requirements) +RFC 1652 (8bit\-MIME transport) +RFC 1869 (SMTP service extensions) +RFC 1870 (Message size declaration) +RFC 1985 (ETRN command) +RFC 2034 (SMTP enhanced status codes) +RFC 2554 (AUTH command) +RFC 2821 (SMTP protocol) +RFC 2920 (SMTP pipelining) +RFC 3030 (CHUNKING without BINARYMIME) +RFC 3207 (STARTTLS command) +RFC 3461 (SMTP DSN extension) +RFC 3463 (Enhanced status codes) +RFC 3848 (ESMTP transmission types) +RFC 4409 (Message submission) +RFC 4954 (AUTH command) +RFC 5321 (SMTP protocol) +RFC 6531 (Internationalized SMTP) +RFC 6533 (Internationalized Delivery Status Notifications) +RFC 7505 ("Null MX" No Service Resource Record) +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces, protocol problems, +policy violations, and of other trouble. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtpd\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +The following parameters work around implementation errors in other +software, and/or allow you to override standards in order to prevent +undesirable use. +.ad +.fi +.IP "\fBbroken_sasl_auth_clients (no)\fR" +Enable interoperability with remote SMTP clients that implement an obsolete +version of the AUTH command (RFC 4954). +.IP "\fBdisable_vrfy_command (no)\fR" +Disable the SMTP VRFY command. +.IP "\fBsmtpd_noop_commands (empty)\fR" +List of commands that the Postfix SMTP server replies to with "250 +Ok", without doing any syntax checks and without changing state. +.IP "\fBstrict_rfc821_envelopes (no)\fR" +Require that addresses received in SMTP MAIL FROM and RCPT TO +commands are enclosed with <>, and that those addresses do +not contain RFC 822 style comments or phrases. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_reject_unlisted_sender (no)\fR" +Request that the Postfix SMTP server rejects mail from unknown +sender addresses, even when no explicit reject_unlisted_sender +access restriction is specified. +.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" +What remote SMTP clients the Postfix SMTP server will not offer +AUTH support to. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_discard_ehlo_keyword_address_maps (empty)\fR" +Lookup tables, indexed by the remote SMTP client address, with +case insensitive lists of EHLO keywords (pipelining, starttls, auth, +etc.) that the Postfix SMTP server will not send in the EHLO response +to a +remote SMTP client. +.IP "\fBsmtpd_discard_ehlo_keywords (empty)\fR" +A case insensitive list of EHLO keywords (pipelining, starttls, +auth, etc.) that the Postfix SMTP server will not send in the EHLO +response +to a remote SMTP client. +.IP "\fBsmtpd_delay_open_until_valid_rcpt (yes)\fR" +Postpone the start of an SMTP mail transaction until a valid +RCPT TO command is received. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" +Force the Postfix SMTP server to issue a TLS session id, even +when TLS session caching is turned off (smtpd_tls_session_cache_database +is empty). +.PP +Available in Postfix version 2.6 and later: +.IP "\fBtcp_windowsize (0)\fR" +An optional workaround for routers that break TCP window scaling. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBsmtpd_command_filter (empty)\fR" +A mechanism to transform commands from remote SMTP clients. +.PP +Available in Postfix version 2.9 \- 3.6: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtpd_dns_reply_filter (empty)\fR" +Optional filter for Postfix SMTP server DNS lookup results. +.PP +Available in Postfix version 3.6 and later: +.IP "\fBsmtpd_relay_before_recipient_restrictions (see 'postconf -d' output)\fR" +Evaluate smtpd_relay_restrictions before smtpd_recipient_restrictions. +.IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR" +Optional setting that avoids lookups in the \fBservices\fR(5) database. +.PP +Available in Postfix version 3.7 and later: +.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a time limit per plaintext or TLS read or write +call, to a combined time limit for receiving a complete SMTP request +and for sending a complete SMTP response. +.IP "\fBsmtpd_min_data_rate (500)\fR" +The minimum plaintext data transfer rate in bytes/second for +DATA and BDAT requests, when deadlines are enabled with +smtpd_per_request_deadline. +.SH "ADDRESS REWRITING CONTROLS" +.na +.nf +.ad +.fi +See the ADDRESS_REWRITING_README document for a detailed +discussion of Postfix address rewriting. +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" +Rewrite message header addresses in mail from these clients and +update incomplete addresses with the domain name in $myorigin or +$mydomain; either don't rewrite message headers from other clients +at all, or rewrite message headers and update incomplete addresses +with the domain specified in the remote_header_rewrite_domain +parameter. +.SH "BEFORE-SMTPD PROXY AGENT" +.na +.nf +.ad +.fi +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_upstream_proxy_protocol (empty)\fR" +The name of the proxy protocol used by an optional before\-smtpd +proxy agent. +.IP "\fBsmtpd_upstream_proxy_timeout (5s)\fR" +The time limit for the proxy protocol specified with the +smtpd_upstream_proxy_protocol parameter. +.SH "AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +As of version 1.0, Postfix can be configured to send new mail to +an external content filter AFTER the mail is queued. This content +filter is expected to inject mail back into a (Postfix or other) +MTA for further delivery. See the FILTER_README document for details. +.IP "\fBcontent_filter (empty)\fR" +After the message is queued, send the entire message to the +specified \fItransport:destination\fR. +.SH "BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +As of version 2.1, the Postfix SMTP server can be configured +to send incoming mail to a real\-time SMTP\-based content filter +BEFORE mail is queued. This content filter is expected to inject +mail back into Postfix. See the SMTPD_PROXY_README document for +details on how to configure and operate this feature. +.IP "\fBsmtpd_proxy_filter (empty)\fR" +The hostname and TCP port of the mail filtering proxy server. +.IP "\fBsmtpd_proxy_ehlo ($myhostname)\fR" +How the Postfix SMTP server announces itself to the proxy filter. +.IP "\fBsmtpd_proxy_options (empty)\fR" +List of options that control how the Postfix SMTP server +communicates with a before\-queue content filter. +.IP "\fBsmtpd_proxy_timeout (100s)\fR" +The time limit for connecting to a proxy filter and for sending or +receiving information. +.SH "BEFORE QUEUE MILTER CONTROLS" +.na +.nf +.ad +.fi +As of version 2.3, Postfix supports the Sendmail version 8 +Milter (mail filter) protocol. These content filters run +outside Postfix. They can inspect the SMTP command stream +and the message content, and can request modifications before +mail is queued. For details see the MILTER_README document. +.IP "\fBsmtpd_milters (empty)\fR" +A list of Milter (mail filter) applications for new mail that +arrives via the Postfix \fBsmtpd\fR(8) server. +.IP "\fBmilter_protocol (6)\fR" +The mail filter protocol version and optional protocol extensions +for communication with a Milter application; prior to Postfix 2.6 +the default protocol is 2. +.IP "\fBmilter_default_action (tempfail)\fR" +The default action when a Milter (mail filter) response is +unavailable (for example, bad Postfix configuration or Milter +failure). +.IP "\fBmilter_macro_daemon_name ($myhostname)\fR" +The {daemon_name} macro value for Milter (mail filter) applications. +.IP "\fBmilter_macro_v ($mail_name $mail_version)\fR" +The {v} macro value for Milter (mail filter) applications. +.IP "\fBmilter_connect_timeout (30s)\fR" +The time limit for connecting to a Milter (mail filter) +application, and for negotiating protocol options. +.IP "\fBmilter_command_timeout (30s)\fR" +The time limit for sending an SMTP command to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_content_timeout (300s)\fR" +The time limit for sending message content to a Milter (mail +filter) application, and for receiving the response. +.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after completion of an SMTP connection. +.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP HELO or EHLO command. +.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP MAIL FROM command. +.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the SMTP RCPT TO command. +.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 4 or higher Milter (mail +filter) applications after the SMTP DATA command. +.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR" +The macros that are sent to version 3 or higher Milter (mail +filter) applications after an unknown SMTP command. +.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the end of the message header. +.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR" +The macros that are sent to Milter (mail filter) applications +after the message end\-of\-data. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBmilter_macro_defaults (empty)\fR" +Optional list of \fIname=value\fR pairs that specify default +values for arbitrary macros that Postfix may send to Milter +applications. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBsmtpd_milter_maps (empty)\fR" +Lookup tables with Milter settings per remote SMTP client IP +address. +.SH "GENERAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +The following parameters are applicable for both built\-in +and external content filters. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBreceive_override_options (empty)\fR" +Enable or disable recipient validation, built\-in content +filtering, or address mapping. +.SH "EXTERNAL CONTENT INSPECTION CONTROLS" +.na +.nf +.ad +.fi +The following parameters are applicable for both before\-queue +and after\-queue content filtering. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_xforward_hosts (empty)\fR" +What remote SMTP clients are allowed to use the XFORWARD feature. +.SH "SASL AUTHENTICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix SASL support (RFC 4954) can be used to authenticate remote +SMTP clients to the Postfix SMTP server, and to authenticate the +Postfix SMTP client to a remote SMTP server. +See the SASL_README document for details. +.IP "\fBbroken_sasl_auth_clients (no)\fR" +Enable interoperability with remote SMTP clients that implement an obsolete +version of the AUTH command (RFC 4954). +.IP "\fBsmtpd_sasl_auth_enable (no)\fR" +Enable SASL authentication in the Postfix SMTP server. +.IP "\fBsmtpd_sasl_local_domain (empty)\fR" +The name of the Postfix SMTP server's local SASL authentication +realm. +.IP "\fBsmtpd_sasl_security_options (noanonymous)\fR" +Postfix SMTP server SASL security options; as of Postfix 2.3 +the list of available +features depends on the SASL server implementation that is selected +with \fBsmtpd_sasl_type\fR. +.IP "\fBsmtpd_sender_login_maps (empty)\fR" +Optional lookup table with the SASL login names that own the sender +(MAIL FROM) addresses. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_sasl_exceptions_networks (empty)\fR" +What remote SMTP clients the Postfix SMTP server will not offer +AUTH support to. +.PP +Available in Postfix version 2.1 and 2.2: +.IP "\fBsmtpd_sasl_application_name (smtpd)\fR" +The application name that the Postfix SMTP server uses for SASL +server initialization. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_sasl_authenticated_header (no)\fR" +Report the SASL authenticated user name in the \fBsmtpd\fR(8) Received +message header. +.IP "\fBsmtpd_sasl_path (smtpd)\fR" +Implementation\-specific information that the Postfix SMTP server +passes through to +the SASL plug\-in implementation that is selected with +\fBsmtpd_sasl_type\fR. +.IP "\fBsmtpd_sasl_type (cyrus)\fR" +The SASL plug\-in type that the Postfix SMTP server should use +for authentication. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBcyrus_sasl_config_path (empty)\fR" +Search path for Cyrus SASL application configuration files, +currently used only to locate the $smtpd_sasl_path.conf file. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBsmtpd_sasl_service (smtp)\fR" +The service name that is passed to the SASL plug\-in that is +selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtpd_sasl_response_limit (12288)\fR" +The maximum length of a SASL client's response to a server challenge. +.PP +Available in Postfix 3.6 and later: +.IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR" +If non\-empty, a filter for the SASL mechanism names that the +Postfix SMTP server will announce in the EHLO response. +.SH "STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +Detailed information about STARTTLS configuration may be +found in the TLS_README document. +.IP "\fBsmtpd_tls_security_level (empty)\fR" +The SMTP TLS security level for the Postfix SMTP server; when +a non\-empty value is specified, this overrides the obsolete parameters +smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR" +The SASL authentication security options that the Postfix SMTP +server uses for TLS encrypted SMTP sessions. +.IP "\fBsmtpd_starttls_timeout (see 'postconf -d' output)\fR" +The time limit for Postfix SMTP server write and read operations +during TLS startup and shutdown handshake procedures. +.IP "\fBsmtpd_tls_CAfile (empty)\fR" +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. +.IP "\fBsmtpd_tls_CApath (empty)\fR" +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. +.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" +Force the Postfix SMTP server to issue a TLS session id, even +when TLS session caching is turned off (smtpd_tls_session_cache_database +is empty). +.IP "\fBsmtpd_tls_ask_ccert (no)\fR" +Ask a remote SMTP client for a client certificate. +.IP "\fBsmtpd_tls_auth_only (no)\fR" +When TLS encryption is optional in the Postfix SMTP server, do +not announce or accept SASL authentication over unencrypted +connections. +.IP "\fBsmtpd_tls_ccert_verifydepth (9)\fR" +The verification depth for remote SMTP client certificates. +.IP "\fBsmtpd_tls_cert_file (empty)\fR" +File with the Postfix SMTP server RSA certificate in PEM format. +.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR" +List of ciphers or cipher types to exclude from the SMTP server +cipher list at all TLS security levels. +.IP "\fBsmtpd_tls_dcert_file (empty)\fR" +File with the Postfix SMTP server DSA certificate in PEM format. +.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR" +File with DH parameters that the Postfix SMTP server should +use with non\-export EDH ciphers. +.IP "\fBsmtpd_tls_dh512_param_file (empty)\fR" +File with DH parameters that the Postfix SMTP server should +use with export\-grade EDH ciphers. +.IP "\fBsmtpd_tls_dkey_file ($smtpd_tls_dcert_file)\fR" +File with the Postfix SMTP server DSA private key in PEM format. +.IP "\fBsmtpd_tls_key_file ($smtpd_tls_cert_file)\fR" +File with the Postfix SMTP server RSA private key in PEM format. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP server will +use with mandatory TLS encryption. +.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR" +Additional list of ciphers or cipher types to exclude from the +Postfix SMTP server cipher list at mandatory TLS security levels. +.IP "\fBsmtpd_tls_mandatory_protocols (see 'postconf -d' output)\fR" +TLS protocols accepted by the Postfix SMTP server with mandatory TLS +encryption. +.IP "\fBsmtpd_tls_received_header (no)\fR" +Request that the Postfix SMTP server produces Received: message +headers that include information about the protocol and cipher used, +as well as the remote SMTP client CommonName and client certificate issuer +CommonName. +.IP "\fBsmtpd_tls_req_ccert (no)\fR" +With mandatory TLS encryption, require a trusted remote SMTP client +certificate in order to allow TLS connections to proceed. +.IP "\fBsmtpd_tls_wrappermode (no)\fR" +Run the Postfix SMTP server in the non\-standard "wrapper" mode, +instead of using the STARTTLS command. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtpd_tls_fingerprint_digest (see 'postconf -d' output)\fR" +The message digest algorithm to construct remote SMTP client\-certificate +fingerprints or public key fingerprints (Postfix 2.9 and later) for +\fBcheck_ccert_access\fR and \fBpermit_tls_clientcerts\fR. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBsmtpd_tls_protocols (see postconf -d output)\fR" +TLS protocols accepted by the Postfix SMTP server with opportunistic +TLS encryption. +.IP "\fBsmtpd_tls_ciphers (medium)\fR" +The minimum TLS cipher grade that the Postfix SMTP server +will use with opportunistic TLS encryption. +.IP "\fBsmtpd_tls_eccert_file (empty)\fR" +File with the Postfix SMTP server ECDSA certificate in PEM format. +.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix SMTP server ECDSA private key in PEM format. +.IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR" +The Postfix SMTP server security grade for ephemeral elliptic\-curve +Diffie\-Hellman (EECDH) key exchange. +.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" +The elliptic curve used by the Postfix SMTP server for sensibly +strong +ephemeral ECDH key exchange. +.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR" +The elliptic curve used by the Postfix SMTP server for maximally +strong +ephemeral ECDH key exchange. +.PP +Available in Postfix version 2.8 and later: +.IP "\fBtls_preempt_cipherlist (no)\fR" +With SSLv3 and later, use the Postfix SMTP server's cipher +preference order instead of the remote client's cipher preference +order. +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.PP +Available in Postfix version 2.11 and later: +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" +Algorithm used to encrypt RFC5077 TLS session tickets. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" +The prioritized list of elliptic curves supported by the Postfix +SMTP client and server. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtpd_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. +.PP +Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shutting +down a TLS session, until Postfix times out. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.PP +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: +.IP "\fBtls_config_file (default)\fR" +Optional configuration file with baseline OpenSSL settings. +.IP "\fBtls_config_name (empty)\fR" +The application name passed by Postfix to OpenSSL library +initialization functions. +.SH "OBSOLETE STARTTLS CONTROLS" +.na +.nf +.ad +.fi +The following configuration parameters exist for compatibility +with Postfix versions before 2.3. Support for these will +be removed in a future release. +.IP "\fBsmtpd_use_tls (no)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBsmtpd_enforce_tls (no)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, +and require that clients use TLS encryption. +.IP "\fBsmtpd_tls_cipherlist (empty)\fR" +Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS +cipher list. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_enable (yes)\fR" +Enable preliminary SMTPUTF8 support for the protocols described +in RFC 6531..6533. +.IP "\fBstrict_smtputf8 (no)\fR" +Enable stricter enforcement of the SMTPUTF8 protocol. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "VERP SUPPORT CONTROLS" +.na +.nf +.ad +.fi +With VERP style delivery, each recipient of a message receives a +customized copy of the message with his/her own recipient address +encoded in the envelope sender address. The VERP_README file +describes configuration and operation details of Postfix support +for variable envelope return path addresses. VERP style delivery +is requested with the SMTP XVERP command or with the "sendmail +\-V" command\-line option and is available in Postfix version 1.1 +and later. +.IP "\fBdefault_verp_delimiters (+=)\fR" +The two default VERP delimiter characters. +.IP "\fBverp_delimiter_filter (\-=+)\fR" +The characters Postfix accepts as VERP delimiter characters on the +Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +Available in Postfix version 1.1 and 2.0: +.IP "\fBauthorized_verp_clients ($mynetworks)\fR" +What remote SMTP clients are allowed to specify the XVERP command. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_verp_clients ($authorized_verp_clients)\fR" +What remote SMTP clients are allowed to specify the XVERP command. +.SH "TROUBLE SHOOTING CONTROLS" +.na +.nf +.ad +.fi +The DEBUG_README document describes how to debug parts of the +Postfix mail system. The methods vary from making the software log +a lot of detail, to running some daemon processes under control of +a call tracer or debugger. +.IP "\fBdebug_peer_level (2)\fR" +The increment in verbose logging level when a nexthop destination, +remote client or server name or network address matches a pattern +given with the debug_peer_list parameter. +.IP "\fBdebug_peer_list (empty)\fR" +Optional list of nexthop destination, remote client or server +name or network address patterns that, if matched, cause the verbose +logging level to increase by the amount specified in $debug_peer_level. +.IP "\fBerror_notice_recipient (postmaster)\fR" +The recipient of postmaster notifications about mail delivery +problems that are caused by policy, resource, software or protocol +errors. +.IP "\fBinternal_mail_filter_classes (empty)\fR" +What categories of Postfix\-generated mail are subject to +before\-queue content inspection by non_smtpd_milters, header_checks +and body_checks. +.IP "\fBnotify_classes (resource, software)\fR" +The list of error classes that are reported to the postmaster. +.IP "\fBsmtpd_reject_footer (empty)\fR" +Optional information that is appended after each Postfix SMTP +server +4XX or 5XX response. +.IP "\fBsoft_bounce (no)\fR" +Safety net to keep mail queued that would otherwise be returned to +the sender. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_authorized_xclient_hosts (empty)\fR" +What remote SMTP clients are allowed to use the XCLIENT feature. +.PP +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_log_access_permit_actions (empty)\fR" +Enable logging of the named "permit" actions in SMTP server +access lists (by default, the SMTP server logs "reject" actions but +not "permit" actions). +.SH "KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS" +.na +.nf +.ad +.fi +As of Postfix version 2.0, the SMTP server rejects mail for +unknown recipients. This prevents the mail queue from clogging up +with undeliverable MAILER\-DAEMON messages. Additional information +on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README +documents. +.IP "\fBshow_user_unknown_table_name (yes)\fR" +Display the name of the recipient table in the "User unknown" +responses. +.IP "\fBcanonical_maps (empty)\fR" +Optional address mapping lookup tables for message headers and +envelopes. +.IP "\fBrecipient_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +recipient addresses. +.IP "\fBsender_canonical_maps (empty)\fR" +Optional address mapping lookup tables for envelope and header +sender addresses. +.PP +Parameters concerning known/unknown local recipients: +.IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" +The list of domains that are delivered via the $local_transport +mail delivery transport. +.IP "\fBinet_interfaces (all)\fR" +The network interface addresses that this mail system receives +mail on. +.IP "\fBproxy_interfaces (empty)\fR" +The network interface addresses that this mail system receives mail +on by way of a proxy or network address translation unit. +.IP "\fBinet_protocols (see 'postconf -d output')\fR" +The Internet protocols Postfix will attempt to use when making +or accepting connections. +.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" +Lookup tables with all names or addresses of local recipients: +a recipient address is local when its domain matches $mydestination, +$inet_interfaces or $proxy_interfaces. +.IP "\fBunknown_local_recipient_reject_code (550)\fR" +The numerical Postfix SMTP server response code when a recipient +address is local, and $local_recipient_maps specifies a list of +lookup tables that does not match the recipient. +.PP +Parameters concerning known/unknown recipients of relay destinations: +.IP "\fBrelay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination)\fR" +What destination domains (and subdomains thereof) this system +will relay mail to. +.IP "\fBrelay_recipient_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains +that match $relay_domains. +.IP "\fBunknown_relay_recipient_reject_code (550)\fR" +The numerical Postfix SMTP server reply code when a recipient +address matches $relay_domains, and relay_recipient_maps specifies +a list of lookup tables that does not match the recipient address. +.PP +Parameters concerning known/unknown recipients in virtual alias +domains: +.IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" +Postfix is final destination for the specified list of virtual +alias domains, that is, domains for which all addresses are aliased +to addresses in other local or remote domains. +.IP "\fBvirtual_alias_maps ($virtual_maps)\fR" +Optional lookup tables that alias specific mail addresses or domains +to other local or remote address. +.IP "\fBunknown_virtual_alias_reject_code (550)\fR" +The Postfix SMTP server reply code when a recipient address matches +$virtual_alias_domains, and $virtual_alias_maps specifies a list +of lookup tables that does not match the recipient address. +.PP +Parameters concerning known/unknown recipients in virtual mailbox +domains: +.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" +Postfix is final destination for the specified list of domains; +mail is delivered via the $virtual_transport mail delivery transport. +.IP "\fBvirtual_mailbox_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains that +match $virtual_mailbox_domains. +.IP "\fBunknown_virtual_mailbox_reject_code (550)\fR" +The Postfix SMTP server reply code when a recipient address matches +$virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list +of lookup tables that does not match the recipient address. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +The following parameters limit resource usage by the SMTP +server and/or control client request rates. +.IP "\fBline_length_limit (2048)\fR" +Upon input, long lines are chopped up into pieces of at most +this length; upon delivery, long lines are reconstructed. +.IP "\fBqueue_minfree (0)\fR" +The minimal amount of free space in bytes in the queue file system +that is needed to receive mail. +.IP "\fBmessage_size_limit (10240000)\fR" +The maximal size in bytes of a message, including envelope information. +.IP "\fBsmtpd_recipient_limit (1000)\fR" +The maximal number of recipients that the Postfix SMTP server +accepts per message delivery request. +.IP "\fBsmtpd_timeout (normal: 300s, overload: 10s)\fR" +When the Postfix SMTP server wants to send an SMTP server +response, how long the Postfix SMTP server will wait for an underlying +network write operation to complete; and when the Postfix SMTP +server Postfix wants to receive an SMTP client request, how long +the Postfix SMTP server will wait for an underlying network read +operation to complete. +.IP "\fBsmtpd_history_flush_threshold (100)\fR" +The maximal number of lines in the Postfix SMTP server command history +before it is flushed upon receipt of EHLO, RSET, or end of DATA. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_peername_lookup (yes)\fR" +Attempt to look up the remote SMTP client hostname, and verify that +the name matches the client IP address. +.PP +The per SMTP client connection count and request rate limits are +implemented in co\-operation with the \fBanvil\fR(8) service, and +are available in Postfix version 2.2 and later. +.IP "\fBsmtpd_client_connection_count_limit (50)\fR" +How many simultaneous connections any client is allowed to +make to this service. +.IP "\fBsmtpd_client_connection_rate_limit (0)\fR" +The maximal number of connection attempts any client is allowed to +make to this service per time unit. +.IP "\fBsmtpd_client_message_rate_limit (0)\fR" +The maximal number of message delivery requests that any client is +allowed to make to this service per time unit, regardless of whether +or not Postfix actually accepts those messages. +.IP "\fBsmtpd_client_recipient_rate_limit (0)\fR" +The maximal number of recipient addresses that any client is allowed +to send to this service per time unit, regardless of whether or not +Postfix actually accepts those recipients. +.IP "\fBsmtpd_client_event_limit_exceptions ($mynetworks)\fR" +Clients that are excluded from smtpd_client_*_count/rate_limit +restrictions. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsmtpd_client_new_tls_session_rate_limit (0)\fR" +The maximal number of new (i.e., uncached) TLS sessions that a +remote SMTP client is allowed to negotiate with this service per +time unit. +.PP +Available in Postfix version 2.9 \- 3.6: +.IP "\fBsmtpd_per_record_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a +time limit per read or write system call, to a time limit to send +or receive a complete record (an SMTP command line, SMTP response +line, SMTP message content line, or TLS protocol message). +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_client_auth_rate_limit (0)\fR" +The maximal number of AUTH commands that any client is allowed to +send to this service per time unit, regardless of whether or not +Postfix actually accepts those commands. +.PP +Available in Postfix version 3.7 and later: +.IP "\fBsmtpd_per_request_deadline (normal: no, overload: yes)\fR" +Change the behavior of the smtpd_timeout and smtpd_starttls_timeout +time limits, from a time limit per plaintext or TLS read or write +call, to a combined time limit for receiving a complete SMTP request +and for sending a complete SMTP response. +.IP "\fBsmtpd_min_data_rate (500)\fR" +The minimum plaintext data transfer rate in bytes/second for +DATA and BDAT requests, when deadlines are enabled with +smtpd_per_request_deadline. +.IP "\fBheader_from_format (standard)\fR" +The format of the Postfix\-generated \fBFrom:\fR header. +.PP +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: +.IP "\fBsmtpd_forbid_unauth_pipelining (Postfix >= 3.9: yes)\fR" +Disconnect remote SMTP clients that violate RFC 2920 (or 5321) +command pipelining constraints. +.PP +Available in Postfix 3.9, 3.8.4, 3.7.9, 3.6.13, 3.5.23 and later: +.IP "\fBsmtpd_forbid_bare_newline (Postfix < 3.9: no)\fR" +Reject or restrict input lines from an SMTP client that end in +<LF> instead of the standard <CR><LF>. +.IP "\fBsmtpd_forbid_bare_newline_exclusions ($mynetworks)\fR" +Exclude the specified clients from smtpd_forbid_bare_newline +enforcement. +.PP +Available in Postfix 3.9, 3.8.5, 3.7.10, 3.6.14, 3.5.24 and +later: +.IP "\fBsmtpd_forbid_bare_newline_reject_code (550)\fR" +The numerical Postfix SMTP server response code when rejecting a +request with "smtpd_forbid_bare_newline = reject". +.SH "TARPIT CONTROLS" +.na +.nf +.ad +.fi +When a remote SMTP client makes errors, the Postfix SMTP server +can insert delays before responding. This can help to slow down +run\-away software. The behavior is controlled by an error counter +that counts the number of errors within an SMTP session that a +client makes without delivering mail. +.IP "\fBsmtpd_error_sleep_time (1s)\fR" +With Postfix version 2.1 and later: the SMTP server response delay after +a client has made more than $smtpd_soft_error_limit errors, and +fewer than $smtpd_hard_error_limit errors, without delivering mail. +.IP "\fBsmtpd_soft_error_limit (10)\fR" +The number of errors a remote SMTP client is allowed to make without +delivering mail before the Postfix SMTP server slows down all its +responses. +.IP "\fBsmtpd_hard_error_limit (normal: 20, overload: 1)\fR" +The maximal number of errors a remote SMTP client is allowed to +make without delivering mail. +.IP "\fBsmtpd_junk_command_limit (normal: 100, overload: 1)\fR" +The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote +SMTP client can send before the Postfix SMTP server starts to +increment the error counter with each junk command. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_recipient_overshoot_limit (1000)\fR" +The number of recipients that a remote SMTP client can send in +excess of the limit specified with $smtpd_recipient_limit, before +the Postfix SMTP server increments the per\-session error count +for each excess recipient. +.SH "ACCESS POLICY DELEGATION CONTROLS" +.na +.nf +.ad +.fi +As of version 2.1, Postfix can be configured to delegate access +policy decisions to an external server that runs outside Postfix. +See the file SMTPD_POLICY_README for more information. +.IP "\fBsmtpd_policy_service_max_idle (300s)\fR" +The time after which an idle SMTPD policy service connection is +closed. +.IP "\fBsmtpd_policy_service_max_ttl (1000s)\fR" +The time after which an active SMTPD policy service connection is +closed. +.IP "\fBsmtpd_policy_service_timeout (100s)\fR" +The time limit for connecting to, writing to, or receiving from a +delegated SMTPD policy server. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBsmtpd_policy_service_default_action (451 4.3.5 Server configuration problem)\fR" +The default action when an SMTPD policy service request fails. +.IP "\fBsmtpd_policy_service_request_limit (0)\fR" +The maximal number of requests per SMTPD policy service connection, +or zero (no limit). +.IP "\fBsmtpd_policy_service_try_limit (2)\fR" +The maximal number of attempts to send an SMTPD policy service +request before giving up. +.IP "\fBsmtpd_policy_service_retry_delay (1s)\fR" +The delay between attempts to resend a failed SMTPD policy +service request. +.PP +Available in Postfix version 3.1 and later: +.IP "\fBsmtpd_policy_service_policy_context (empty)\fR" +Optional information that the Postfix SMTP server specifies in +the "policy_context" attribute of a policy service request (originally, +to share the same service endpoint among multiple check_policy_service +clients). +.SH "ACCESS CONTROLS" +.na +.nf +.ad +.fi +The SMTPD_ACCESS_README document gives an introduction to all the +SMTP server access control features. +.IP "\fBsmtpd_delay_reject (yes)\fR" +Wait until the RCPT TO command before evaluating +$smtpd_client_restrictions, $smtpd_helo_restrictions and +$smtpd_sender_restrictions, or wait until the ETRN command before +evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBsmtpd_client_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client connection request. +.IP "\fBsmtpd_helo_required (no)\fR" +Require that a remote SMTP client introduces itself with the HELO +or EHLO command before sending the MAIL command or other commands +that require EHLO negotiation. +.IP "\fBsmtpd_helo_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client HELO command. +.IP "\fBsmtpd_sender_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client MAIL FROM command. +.IP "\fBsmtpd_recipient_restrictions (see 'postconf -d' output)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client RCPT TO command, after smtpd_relay_restrictions. +.IP "\fBsmtpd_etrn_restrictions (empty)\fR" +Optional restrictions that the Postfix SMTP server applies in the +context of a client ETRN command. +.IP "\fBallow_untrusted_routing (no)\fR" +Forward mail with sender\-specified routing (user[@%!]remote[@%!]site) +from untrusted clients to destinations matching $relay_domains. +.IP "\fBsmtpd_restriction_classes (empty)\fR" +User\-defined aliases for groups of access restrictions. +.IP "\fBsmtpd_null_access_lookup_key (<>)\fR" +The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the +null sender address. +.IP "\fBpermit_mx_backup_networks (empty)\fR" +Restrict the use of the permit_mx_backup SMTP access feature to +only domains whose primary MX hosts match the listed networks. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBsmtpd_data_restrictions (empty)\fR" +Optional access restrictions that the Postfix SMTP server applies +in the context of the SMTP DATA command. +.IP "\fBsmtpd_expansion_filter (see 'postconf -d' output)\fR" +What characters are allowed in $name expansions of RBL reply +templates. +.PP +Available in Postfix version 2.1 and later: +.IP "\fBsmtpd_reject_unlisted_sender (no)\fR" +Request that the Postfix SMTP server rejects mail from unknown +sender addresses, even when no explicit reject_unlisted_sender +access restriction is specified. +.IP "\fBsmtpd_reject_unlisted_recipient (yes)\fR" +Request that the Postfix SMTP server rejects mail for unknown +recipient addresses, even when no explicit reject_unlisted_recipient +access restriction is specified. +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_end_of_data_restrictions (empty)\fR" +Optional access restrictions that the Postfix SMTP server +applies in the context of the SMTP END\-OF\-DATA command. +.PP +Available in Postfix version 2.10 and later: +.IP "\fBsmtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination)\fR" +Access restrictions for mail relay control that the Postfix +SMTP server applies in the context of the RCPT TO command, before +smtpd_recipient_restrictions. +.SH "SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix version 2.1 introduces sender and recipient address verification. +This feature is implemented by sending probe email messages that +are not actually delivered. +This feature is requested via the reject_unverified_sender and +reject_unverified_recipient access restrictions. The status of +verification probes is maintained by the \fBverify\fR(8) server. +See the file ADDRESS_VERIFICATION_README for information +about how to configure and operate the Postfix sender/recipient +address verification service. +.IP "\fBaddress_verify_poll_count (normal: 3, overload: 1)\fR" +How many times to query the \fBverify\fR(8) service for the completion +of an address verification request in progress. +.IP "\fBaddress_verify_poll_delay (3s)\fR" +The delay between queries for the completion of an address +verification request in progress. +.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR" +The sender address to use in address verification probes; prior +to Postfix 2.5 the default was "postmaster". +.IP "\fBunverified_sender_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a recipient +address is rejected by the reject_unverified_sender restriction. +.IP "\fBunverified_recipient_reject_code (450)\fR" +The numerical Postfix SMTP server response when a recipient address +is rejected by the reject_unverified_recipient restriction. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBunverified_sender_defer_code (450)\fR" +The numerical Postfix SMTP server response code when a sender address +probe fails due to a temporary error condition. +.IP "\fBunverified_recipient_defer_code (450)\fR" +The numerical Postfix SMTP server response when a recipient address +probe fails due to a temporary error condition. +.IP "\fBunverified_sender_reject_reason (empty)\fR" +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_sender. +.IP "\fBunverified_recipient_reject_reason (empty)\fR" +The Postfix SMTP server's reply when rejecting mail with +reject_unverified_recipient. +.IP "\fBunverified_sender_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unverified_sender +fails due to a temporary error condition. +.IP "\fBunverified_recipient_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unverified_recipient +fails due to a temporary error condition. +.PP +Available with Postfix 2.9 and later: +.IP "\fBaddress_verify_sender_ttl (0s)\fR" +The time between changes in the time\-dependent portion of address +verification probe sender addresses. +.SH "ACCESS CONTROL RESPONSES" +.na +.nf +.ad +.fi +The following parameters control numerical SMTP reply codes +and/or text responses. +.IP "\fBaccess_map_reject_code (554)\fR" +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "reject" action. +.IP "\fBdefer_code (450)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "defer" restriction. +.IP "\fBinvalid_hostname_reject_code (501)\fR" +The numerical Postfix SMTP server response code when the client +HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname +restriction. +.IP "\fBmaps_rbl_reject_code (554)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_rbl_client, reject_rhsbl_client, +reject_rhsbl_reverse_client, reject_rhsbl_sender or +reject_rhsbl_recipient restriction. +.IP "\fBnon_fqdn_reject_code (504)\fR" +The numerical Postfix SMTP server reply code when a client request +is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender +or reject_non_fqdn_recipient restriction. +.IP "\fBplaintext_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a request +is rejected by the \fBreject_plaintext_session\fR restriction. +.IP "\fBreject_code (554)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is rejected by the "reject" restriction. +.IP "\fBrelay_domains_reject_code (554)\fR" +The numerical Postfix SMTP server response code when a client +request is rejected by the reject_unauth_destination recipient +restriction. +.IP "\fBunknown_address_reject_code (450)\fR" +The numerical response code when the Postfix SMTP server rejects a +sender or recipient address because its domain is unknown. +.IP "\fBunknown_client_reject_code (450)\fR" +The numerical Postfix SMTP server response code when a client +without valid address <=> name mapping is rejected by the +reject_unknown_client_hostname restriction. +.IP "\fBunknown_hostname_reject_code (450)\fR" +The numerical Postfix SMTP server response code when the hostname +specified with the HELO or EHLO command is rejected by the +reject_unknown_helo_hostname restriction. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBdefault_rbl_reply (see 'postconf -d' output)\fR" +The default Postfix SMTP server response template for a request that is +rejected by an RBL\-based restriction. +.IP "\fBmulti_recipient_bounce_reject_code (550)\fR" +The numerical Postfix SMTP server response code when a remote SMTP +client request is blocked by the reject_multi_recipient_bounce +restriction. +.IP "\fBrbl_reply_maps (empty)\fR" +Optional lookup tables with RBL response templates. +.PP +Available in Postfix version 2.6 and later: +.IP "\fBaccess_map_defer_code (450)\fR" +The numerical Postfix SMTP server response code for +an \fBaccess\fR(5) map "defer" action, including "defer_if_permit" +or "defer_if_reject". +.IP "\fBreject_tempfail_action (defer_if_permit)\fR" +The Postfix SMTP server's action when a reject\-type restriction +fails due to a temporary error condition. +.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unknown_helo_hostname +fails due to a temporary error condition. +.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR" +The Postfix SMTP server's action when reject_unknown_sender_domain +or reject_unknown_recipient_domain fail due to a temporary error +condition. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBcommand_directory (see 'postconf -d' output)\fR" +The location of all postfix administrative commands. +.IP "\fBdouble_bounce_sender (double\-bounce)\fR" +The sender address of postmaster notifications that are generated +by the mail system. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_name (Postfix)\fR" +The mail system name that is displayed in Received: headers, in +the SMTP greeting banner, and in bounced mail. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBmyhostname (see 'postconf -d' output)\fR" +The internet hostname of this mail system. +.IP "\fBmynetworks (see 'postconf -d' output)\fR" +The list of "trusted" remote SMTP clients that have more privileges than +"strangers". +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.IP "\fBsmtpd_banner ($myhostname ESMTP $mail_name)\fR" +The text that follows the 220 status code in the SMTP greeting +banner. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.2 and later: +.IP "\fBsmtpd_forbidden_commands (CONNECT GET POST regexp:{{/^[^A\-Z]/ Bogus}})\fR" +List of commands that cause the Postfix SMTP server to immediately +terminate the session with a 221 code. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBsmtpd_client_port_logging (no)\fR" +Enable logging of the remote SMTP client port in addition to +the hostname and IP address. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.4 and later: +.IP "\fBsmtpd_reject_footer_maps (empty)\fR" +Lookup tables, indexed by the complete Postfix SMTP server 4xx or +5xx response, with reject footer templates. +.SH "SEE ALSO" +.na +.nf +anvil(8), connection/rate limiting +cleanup(8), message canonicalization +tlsmgr(8), TLS session and PRNG management +trivial\-rewrite(8), address resolver +verify(8), address verification service +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_CLASS_README, blocking unknown hosted or relay recipients +ADDRESS_REWRITING_README, Postfix address manipulation +BDAT_README, Postfix CHUNKING support +FILTER_README, external after\-queue content filter +LOCAL_RECIPIENT_README, blocking unknown local recipients +MILTER_README, before\-queue mail filter applications +SMTPD_ACCESS_README, built\-in access policies +SMTPD_POLICY_README, external policy server +SMTPD_PROXY_README, external before\-queue content filter +SASL_README, Postfix SASL howto +TLS_README, Postfix STARTTLS howto +VERP_README, Postfix XVERP extension +XCLIENT_README, Postfix XCLIENT extension +XFORWARD_README, Postfix XFORWARD extension +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +SASL support originally by: +Till Franke +SuSE Rhein/Main AG +65760 Eschborn, Germany + +TLS support originally by: +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Revised TLS support by: +Victor Duchovni +Morgan Stanley diff --git a/man/man8/spawn.8 b/man/man8/spawn.8 new file mode 100644 index 0000000..8baa440 --- /dev/null +++ b/man/man8/spawn.8 @@ -0,0 +1,156 @@ +.TH SPAWN 8 +.ad +.fi +.SH NAME +spawn +\- +Postfix external command spawner +.SH "SYNOPSIS" +.na +.nf +\fBspawn\fR [generic Postfix daemon options] command_attributes... +.SH DESCRIPTION +.ad +.fi +The \fBspawn\fR(8) daemon provides the Postfix equivalent +of \fBinetd\fR. +It listens on a port as specified in the Postfix \fBmaster.cf\fR file +and spawns an external command whenever a connection is established. +The connection can be made over local IPC (such as UNIX\-domain +sockets) or over non\-local IPC (such as TCP sockets). +The command's standard input, output and error streams are connected +directly to the communication endpoint. + +This daemon expects to be run from the \fBmaster\fR(8) process +manager. +.SH "COMMAND ATTRIBUTE SYNTAX" +.na +.nf +.ad +.fi +The external command attributes are given in the \fBmaster.cf\fR +file at the end of a service definition. The syntax is as follows: +.IP "\fBuser\fR=\fIusername\fR (required)" +.IP "\fBuser\fR=\fIusername\fR:\fIgroupname\fR" +The external command is executed with the rights of the +specified \fIusername\fR. The software refuses to execute +commands with root privileges, or with the privileges of the +mail system owner. If \fIgroupname\fR is specified, the +corresponding group ID is used instead of the group ID +of \fIusername\fR. +.IP "\fBargv\fR=\fIcommand\fR... (required)" +The command to be executed. This must be specified as the +last command attribute. +The command is executed directly, i.e. without interpretation of +shell meta characters by a shell command interpreter. +.SH BUGS +.ad +.fi +In order to enforce standard Postfix process resource controls, +the \fBspawn\fR(8) daemon runs only one external command at a time. +As such, it presents a noticeable overhead by wasting precious +process resources. The \fBspawn\fR(8) daemon is expected to be +replaced by a more structural solution. +.SH DIAGNOSTICS +.ad +.fi +The \fBspawn\fR(8) daemon reports abnormal child exits. +Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8). +.SH "SECURITY" +.na +.nf +.fi +.ad +This program needs root privilege in order to execute external +commands as the specified user. It is therefore security sensitive. +However the \fBspawn\fR(8) daemon does not talk to the external command +and thus is not vulnerable to data\-driven attacks. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically as \fBspawn\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. + +In the text below, \fItransport\fR is the first field of the entry +in the \fBmaster.cf\fR file. +.SH "RESOURCE AND RATE CONTROL" +.na +.nf +.ad +.fi +.IP "\fBtransport_time_limit ($command_time_limit)\fR" +A transport\-specific override for the command_time_limit parameter +value, where \fItransport\fR is the master.cf name of the message +delivery transport. +.SH "MISCELLANEOUS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBexport_environment (see 'postconf -d' output)\fR" +The list of environment variables that a Postfix process will export +to non\-Postfix processes. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmail_owner (postfix)\fR" +The UNIX system account that owns the Postfix queue and most Postfix +daemon processes. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/tlsmgr.8 b/man/man8/tlsmgr.8 new file mode 100644 index 0000000..c4e594c --- /dev/null +++ b/man/man8/tlsmgr.8 @@ -0,0 +1,208 @@ +.TH TLSMGR 8 +.ad +.fi +.SH NAME +tlsmgr +\- +Postfix TLS session cache and PRNG manager +.SH "SYNOPSIS" +.na +.nf +\fBtlsmgr\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtlsmgr\fR(8) manages the Postfix TLS session caches. +It stores and retrieves cache entries on request by +\fBsmtpd\fR(8) and \fBsmtp\fR(8) processes, and periodically +removes entries that have expired. + +The \fBtlsmgr\fR(8) also manages the PRNG (pseudo random number +generator) pool. It answers queries by the \fBsmtpd\fR(8) +and \fBsmtp\fR(8) +processes to seed their internal PRNG pools. + +The \fBtlsmgr\fR(8)'s PRNG pool is initially seeded from +an external source (EGD, /dev/urandom, or regular file). +It is updated at configurable pseudo\-random intervals with +data from the external source. It is updated periodically +with data from TLS session cache entries and with the time +of day, and is updated with the time of day whenever a +process requests \fBtlsmgr\fR(8) service. + +The \fBtlsmgr\fR(8) saves the PRNG state to an exchange file +periodically and when the process terminates, and reads +the exchange file when initializing its PRNG. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtlsmgr\fR(8) is not security\-sensitive. The code that maintains +the external and internal PRNG pools does not "trust" the +data that it manipulates, and the code that maintains the +TLS session cache does not touch the contents of the cached +entries, except for seeding its internal PRNG pool. + +The \fBtlsmgr\fR(8) can be run chrooted and with reduced privileges. +At process startup it connects to the entropy source and +exchange file, and creates or truncates the optional TLS +session cache files. + +With Postfix version 2.5 and later, the \fBtlsmgr\fR(8) no +longer uses root privileges when opening cache files. These +files should now be stored under the Postfix\-owned +\fBdata_directory\fR. As a migration aid, an attempt to +open a cache file under a non\-Postfix directory is redirected +to the Postfix\-owned \fBdata_directory\fR, and a warning +is logged. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +There is no automatic means to limit the number of entries in the +TLS session caches and/or the size of the TLS cache files. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +because \fBtlsmgr\fR(8) is a persistent processes. Use the +command "\fBpostfix reload\fR" after a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "TLS SESSION CACHE" +.na +.nf +.ad +.fi +.IP "\fBlmtp_tls_loglevel (0)\fR" +The LMTP\-specific version of the smtp_tls_loglevel +configuration parameter. +.IP "\fBlmtp_tls_session_cache_database (empty)\fR" +The LMTP\-specific version of the smtp_tls_session_cache_database +configuration parameter. +.IP "\fBlmtp_tls_session_cache_timeout (3600s)\fR" +The LMTP\-specific version of the smtp_tls_session_cache_timeout +configuration parameter. +.IP "\fBsmtp_tls_loglevel (0)\fR" +Enable additional Postfix SMTP client logging of TLS activity. +.IP "\fBsmtp_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP client +TLS session cache. +.IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP client TLS session cache +information. +.IP "\fBsmtpd_tls_loglevel (0)\fR" +Enable additional Postfix SMTP server logging of TLS activity. +.IP "\fBsmtpd_tls_session_cache_database (empty)\fR" +Name of the file containing the optional Postfix SMTP server +TLS session cache. +.IP "\fBsmtpd_tls_session_cache_timeout (3600s)\fR" +The expiration time of Postfix SMTP server TLS session cache +information. +.SH "PSEUDO RANDOM NUMBER GENERATOR" +.na +.nf +.ad +.fi +.IP "\fBtls_random_source (see 'postconf -d' output)\fR" +The external entropy source for the in\-memory \fBtlsmgr\fR(8) pseudo +random number generator (PRNG) pool. +.IP "\fBtls_random_bytes (32)\fR" +The number of bytes that \fBtlsmgr\fR(8) reads from $tls_random_source +when (re)seeding the in\-memory pseudo random number generator (PRNG) +pool. +.IP "\fBtls_random_exchange_name (see 'postconf -d' output)\fR" +Name of the pseudo random number generator (PRNG) state file +that is maintained by \fBtlsmgr\fR(8). +.IP "\fBtls_random_prng_update_period (3600s)\fR" +The time between attempts by \fBtlsmgr\fR(8) to save the state of +the pseudo random number generator (PRNG) to the file specified +with $tls_random_exchange_name. +.IP "\fBtls_random_reseed_period (3600s)\fR" +The maximal time between attempts by \fBtlsmgr\fR(8) to re\-seed the +in\-memory pseudo random number generator (PRNG) pool from external +sources. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdata_directory (see 'postconf -d' output)\fR" +The directory with Postfix\-writable data files (for example: +caches, pseudo\-random numbers). +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtp(8), Postfix SMTP client +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +master(5), generic daemon options +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +TLS_README, Postfix TLS configuration and operation +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +This service was introduced with Postfix version 2.2. +.SH "AUTHOR(S)" +.na +.nf +Lutz Jaenicke +BTU Cottbus +Allgemeine Elektrotechnik +Universitaetsplatz 3\-4 +D\-03044 Cottbus, Germany + +Adapted by: +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/tlsproxy.8 b/man/man8/tlsproxy.8 new file mode 100644 index 0000000..ba242a3 --- /dev/null +++ b/man/man8/tlsproxy.8 @@ -0,0 +1,405 @@ +.TH TLSPROXY 8 +.ad +.fi +.SH NAME +tlsproxy +\- +Postfix TLS proxy +.SH "SYNOPSIS" +.na +.nf +\fBtlsproxy\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtlsproxy\fR(8) server implements a two\-way TLS proxy. It +is used by the \fBpostscreen\fR(8) server to talk SMTP\-over\-TLS +with remote SMTP clients that are not allowlisted (including +clients whose allowlist status has expired), and by the +\fBsmtp\fR(8) client to support TLS connection reuse, but it +should also work for non\-SMTP protocols. + +Although one \fBtlsproxy\fR(8) process can serve multiple +sessions at the same time, it is a good idea to allow the +number of processes to increase with load, so that the +service remains responsive. +.SH "PROTOCOL EXAMPLE" +.na +.nf +.ad +.fi +The example below concerns \fBpostscreen\fR(8). However, +the \fBtlsproxy\fR(8) server is agnostic of the application +protocol, and the example is easily adapted to other +applications. + +After receiving a valid remote SMTP client STARTTLS command, +the \fBpostscreen\fR(8) server sends the remote SMTP client +endpoint string, the requested role (server), and the +requested timeout to \fBtlsproxy\fR(8). \fBpostscreen\fR(8) +then receives a "TLS available" indication from \fBtlsproxy\fR(8). +If the TLS service is available, \fBpostscreen\fR(8) sends +the remote SMTP client file descriptor to \fBtlsproxy\fR(8), +and sends the plaintext 220 greeting to the remote SMTP +client. This triggers TLS negotiations between the remote +SMTP client and \fBtlsproxy\fR(8). Upon completion of the +TLS\-level handshake, \fBtlsproxy\fR(8) translates between +plaintext from/to \fBpostscreen\fR(8) and ciphertext to/from +the remote SMTP client. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtlsproxy\fR(8) server is moderately security\-sensitive. +It talks to untrusted clients on the network. The process +can be run chrooted at fixed low privilege. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBtlsproxy\fR(8) processes may run for a long time +depending on mail server load. Use the command "\fBpostfix +reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "STARTTLS GLOBAL CONTROLS" +.na +.nf +.ad +.fi +The following settings are global and therefore cannot be +overruled by information specified in a \fBtlsproxy\fR(8) +client request. +.IP "\fBtls_append_default_CA (no)\fR" +Append the system\-supplied default Certification Authority +certificates to the ones specified with *_tls_CApath or *_tls_CAfile. +.IP "\fBtls_daemon_random_bytes (32)\fR" +The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) +process requests from the \fBtlsmgr\fR(8) server in order to seed its +internal pseudo random number generator (PRNG). +.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "high" grade ciphers. +.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "medium" or higher grade ciphers. +.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "low" or higher grade ciphers. +.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" +The OpenSSL cipherlist for "export" or higher grade ciphers. +.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" +The OpenSSL cipherlist for "NULL" grade ciphers that provide +authentication without encryption. +.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR" +The elliptic curve used by the Postfix SMTP server for sensibly +strong +ephemeral ECDH key exchange. +.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR" +The elliptic curve used by the Postfix SMTP server for maximally +strong +ephemeral ECDH key exchange. +.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" +List or bit\-mask of OpenSSL bug work\-arounds to disable. +.IP "\fBtls_preempt_cipherlist (no)\fR" +With SSLv3 and later, use the Postfix SMTP server's cipher +preference order instead of the remote client's cipher preference +order. +.PP +Available in Postfix version 2.9 and later: +.IP "\fBtls_legacy_public_key_fingerprints (no)\fR" +A temporary migration aid for sites that use certificate +\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use +an incorrect algorithm. +.PP +Available in Postfix version 2.11\-3.1: +.IP "\fBtls_dane_digest_agility (on)\fR" +Configure RFC7671 DANE TLSA digest algorithm agility. +.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" +Enable support for RFC 6698 (DANE TLSA) DNS records that contain +digests of trust\-anchors with certificate usage "2". +.PP +Available in Postfix version 2.11 and later: +.IP "\fBtlsmgr_service_name (tlsmgr)\fR" +The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.0 and later: +.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR" +Algorithm used to encrypt RFC5077 TLS session tickets. +.IP "\fBopenssl_path (openssl)\fR" +The location of the OpenSSL command line program \fBopenssl\fR(1). +.PP +Available in Postfix version 3.2 and later: +.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" +The prioritized list of elliptic curves supported by the Postfix +SMTP client and server. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. +.PP +Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: +.IP "\fBtls_fast_shutdown_enable (yes)\fR" +A workaround for implementations that hang Postfix while shutting +down a TLS session, until Postfix times out. +.PP +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: +.IP "\fBtls_config_file (default)\fR" +Optional configuration file with baseline OpenSSL settings. +.IP "\fBtls_config_name (empty)\fR" +The application name passed by Postfix to OpenSSL library +initialization functions. +.SH "STARTTLS SERVER CONTROLS" +.na +.nf +.ad +.fi +These settings are clones of Postfix SMTP server settings. +They allow \fBtlsproxy\fR(8) to load the same certificate +and private key information as the Postfix SMTP server, +before dropping privileges, so that the key files can be +kept read\-only for root. These settings can currently not +be overruled by information in a \fBtlsproxy\fR(8) client +request, but that limitation may be removed in a future +version. +.IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR" +A file containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. +.IP "\fBtlsproxy_tls_CApath ($smtpd_tls_CApath)\fR" +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate +CA certificates. +.IP "\fBtlsproxy_tls_always_issue_session_ids ($smtpd_tls_always_issue_session_ids)\fR" +Force the Postfix \fBtlsproxy\fR(8) server to issue a TLS session id, +even when TLS session caching is turned off. +.IP "\fBtlsproxy_tls_ask_ccert ($smtpd_tls_ask_ccert)\fR" +Ask a remote SMTP client for a client certificate. +.IP "\fBtlsproxy_tls_ccert_verifydepth ($smtpd_tls_ccert_verifydepth)\fR" +The verification depth for remote SMTP client certificates. +.IP "\fBtlsproxy_tls_cert_file ($smtpd_tls_cert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_ciphers ($smtpd_tls_ciphers)\fR" +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with opportunistic TLS encryption. +.IP "\fBtlsproxy_tls_dcert_file ($smtpd_tls_dcert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_dh1024_param_file ($smtpd_tls_dh1024_param_file)\fR" +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with non\-export EDH ciphers. +.IP "\fBtlsproxy_tls_dh512_param_file ($smtpd_tls_dh512_param_file)\fR" +File with DH parameters that the Postfix \fBtlsproxy\fR(8) server +should use with export\-grade EDH ciphers. +.IP "\fBtlsproxy_tls_dkey_file ($smtpd_tls_dkey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM +format. +.IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +format. +.IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +format. +.IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" +The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral +elliptic\-curve Diffie\-Hellman (EECDH) key exchange. +.IP "\fBtlsproxy_tls_exclude_ciphers ($smtpd_tls_exclude_ciphers)\fR" +List of ciphers or cipher types to exclude from the \fBtlsproxy\fR(8) +server cipher list at all TLS security levels. +.IP "\fBtlsproxy_tls_fingerprint_digest ($smtpd_tls_fingerprint_digest)\fR" +The message digest algorithm to construct remote SMTP +client\-certificate +fingerprints. +.IP "\fBtlsproxy_tls_key_file ($smtpd_tls_key_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM +format. +.IP "\fBtlsproxy_tls_loglevel ($smtpd_tls_loglevel)\fR" +Enable additional Postfix \fBtlsproxy\fR(8) server logging of TLS +activity. +.IP "\fBtlsproxy_tls_mandatory_ciphers ($smtpd_tls_mandatory_ciphers)\fR" +The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server +will use with mandatory TLS encryption. +.IP "\fBtlsproxy_tls_mandatory_exclude_ciphers ($smtpd_tls_mandatory_exclude_ciphers)\fR" +Additional list of ciphers or cipher types to exclude from the +\fBtlsproxy\fR(8) server cipher list at mandatory TLS security levels. +.IP "\fBtlsproxy_tls_mandatory_protocols ($smtpd_tls_mandatory_protocols)\fR" +The SSL/TLS protocols accepted by the Postfix \fBtlsproxy\fR(8) server +with mandatory TLS encryption. +.IP "\fBtlsproxy_tls_protocols ($smtpd_tls_protocols)\fR" +List of TLS protocols that the Postfix \fBtlsproxy\fR(8) server will +exclude or include with opportunistic TLS encryption. +.IP "\fBtlsproxy_tls_req_ccert ($smtpd_tls_req_ccert)\fR" +With mandatory TLS encryption, require a trusted remote SMTP +client certificate in order to allow TLS connections to proceed. +.IP "\fBtlsproxy_tls_security_level ($smtpd_tls_security_level)\fR" +The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server; +when a non\-empty value is specified, this overrides the obsolete +parameters smtpd_use_tls and smtpd_enforce_tls. +.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +chains in PEM format. +.SH "STARTTLS CLIENT CONTROLS" +.na +.nf +.ad +.fi +These settings are clones of Postfix SMTP client settings. +They allow \fBtlsproxy\fR(8) to load the same certificate +and private key information as the Postfix SMTP client, +before dropping privileges, so that the key files can be +kept read\-only for root. Some settings may be overruled by +information in a \fBtlsproxy\fR(8) client request. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR" +A file containing CA certificates of root CAs trusted to sign +either remote TLS server certificates or intermediate CA certificates. +.IP "\fBtlsproxy_client_CApath ($smtp_tls_CApath)\fR" +Directory with PEM format Certification Authority certificates +that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS +server certificate. +.IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +chains in PEM format. +.IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM +format. +.IP "\fBtlsproxy_client_key_file ($smtp_tls_key_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM +format. +.IP "\fBtlsproxy_client_dcert_file ($smtp_tls_dcert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM +format. +.IP "\fBtlsproxy_client_dkey_file ($smtp_tls_dkey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM +format. +.IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +format. +.IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR" +File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +format. +.IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR" +The message digest algorithm used to construct remote TLS server +certificate fingerprints. +.IP "\fBtlsproxy_client_loglevel ($smtp_tls_loglevel)\fR" +Enable additional Postfix \fBtlsproxy\fR(8) client logging of TLS +activity. +.IP "\fBtlsproxy_client_loglevel_parameter (smtp_tls_loglevel)\fR" +The name of the parameter that provides the tlsproxy_client_loglevel +value. +.IP "\fBtlsproxy_client_scert_verifydepth ($smtp_tls_scert_verifydepth)\fR" +The verification depth for remote TLS server certificates. +.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR" +Opportunistic mode: use TLS when a remote server announces TLS +support. +.IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR" +Enforcement mode: require that SMTP servers use TLS encryption. +.IP "\fBtlsproxy_client_per_site ($smtp_tls_per_site)\fR" +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +usage policy by next\-hop destination and by remote TLS server +hostname. +.PP +Available in Postfix version 3.4\-3.6: +.IP "\fBtlsproxy_client_level ($smtp_tls_security_level)\fR" +The default TLS security level for the Postfix \fBtlsproxy\fR(8) +client. +.IP "\fBtlsproxy_client_policy ($smtp_tls_policy_maps)\fR" +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +security policy by next\-hop destination. +.PP +Available in Postfix version 3.7 and later: +.IP "\fBtlsproxy_client_security_level ($smtp_tls_security_level)\fR" +The default TLS security level for the Postfix \fBtlsproxy\fR(8) +client. +.IP "\fBtlsproxy_client_policy_maps ($smtp_tls_policy_maps)\fR" +Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS +security policy by next\-hop destination. +.SH "OBSOLETE STARTTLS SUPPORT CONTROLS" +.na +.nf +.ad +.fi +These parameters are supported for compatibility with +\fBsmtpd\fR(8) legacy parameters. +.IP "\fBtlsproxy_use_tls ($smtpd_use_tls)\fR" +Opportunistic TLS: announce STARTTLS support to remote SMTP clients, +but do not require that clients use TLS encryption. +.IP "\fBtlsproxy_enforce_tls ($smtpd_enforce_tls)\fR" +Mandatory TLS: announce STARTTLS support to remote SMTP clients, and +require that clients use TLS encryption. +.IP "\fBtlsproxy_client_use_tls ($smtp_use_tls)\fR" +Opportunistic mode: use TLS when a remote server announces TLS +support. +.IP "\fBtlsproxy_client_enforce_tls ($smtp_enforce_tls)\fR" +Enforcement mode: require that SMTP servers use TLS encryption. +.SH "RESOURCE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBtlsproxy_watchdog_timeout (10s)\fR" +How much time a \fBtlsproxy\fR(8) process may take to process local +or remote I/O before it is terminated by a built\-in watchdog timer. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postscreen(8), Postfix zombie blocker +smtpd(8), Postfix SMTP server +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.8. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/trace.8 b/man/man8/trace.8 new file mode 100644 index 0000000..411dfa1 --- /dev/null +++ b/man/man8/trace.8 @@ -0,0 +1 @@ +.so man8/bounce.8 diff --git a/man/man8/trivial-rewrite.8 b/man/man8/trivial-rewrite.8 new file mode 100644 index 0000000..e41da71 --- /dev/null +++ b/man/man8/trivial-rewrite.8 @@ -0,0 +1,325 @@ +.TH TRIVIAL-REWRITE 8 +.ad +.fi +.SH NAME +trivial-rewrite +\- +Postfix address rewriting and resolving daemon +.SH "SYNOPSIS" +.na +.nf +\fBtrivial\-rewrite\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBtrivial\-rewrite\fR(8) daemon processes three types of client +service requests: +.IP "\fBrewrite \fIcontext address\fR" +Rewrite an address to standard form, according to the +address rewriting context: +.RS +.IP \fBlocal\fR +Append the domain names specified with \fB$myorigin\fR or +\fB$mydomain\fR to incomplete addresses; do \fBswap_bangpath\fR +and \fBallow_percent_hack\fR processing as described below, and +strip source routed addresses (\fI@site,@site:user@domain\fR) +to \fIuser@domain\fR form. +.IP \fBremote\fR +Append the domain name specified with +\fB$remote_header_rewrite_domain\fR to incomplete +addresses. Otherwise the result is identical to that of +the \fBlocal\fR address rewriting context. This prevents +Postfix from appending the local domain to spam from poorly +written remote clients. +.RE +.IP "\fBresolve \fIsender\fR \fIaddress\fR" +Resolve the address to a (\fItransport\fR, \fInexthop\fR, +\fIrecipient\fR, \fIflags\fR) quadruple. The meaning of +the results is as follows: +.RS +.IP \fItransport\fR +The delivery agent to use. This is the first field of an entry +in the \fBmaster.cf\fR file. +.IP \fInexthop\fR +The host to send to and optional delivery method information. +.IP \fIrecipient\fR +The envelope recipient address that is passed on to \fInexthop\fR. +.IP \fIflags\fR +The address class, whether the address requires relaying, +whether the address has problems, and whether the request failed. +.RE +.IP "\fBverify \fIsender\fR \fIaddress\fR" +Resolve the address for address verification purposes. +.SH "SERVER PROCESS MANAGEMENT" +.na +.nf +.ad +.fi +The \fBtrivial\-rewrite\fR(8) servers run under control by +the Postfix master(8) +server. Each server can handle multiple simultaneous connections. +When all servers are busy while a client connects, the master +creates a new server process, provided that the trivial\-rewrite +server process limit is not exceeded. +Each trivial\-rewrite server terminates after +serving at least \fB$max_use\fR clients of after \fB$max_idle\fR +seconds of idle time. +.SH "STANDARDS" +.na +.nf +.ad +.fi +None. The command does not interact with the outside world. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBtrivial\-rewrite\fR(8) daemon is not security sensitive. +By default, this daemon does not talk to remote or local users. +It can run at a fixed low privilege in a chrooted environment. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +On busy mail systems a long time may pass before a \fBmain.cf\fR +change affecting \fBtrivial\-rewrite\fR(8) is picked up. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "COMPATIBILITY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBresolve_dequoted_address (yes)\fR" +Resolve a recipient address safely instead of correctly, by +looking inside quotes. +.PP +Available with Postfix version 2.1 and later: +.IP "\fBresolve_null_domain (no)\fR" +Resolve an address that ends in the "@" null domain as if the +local hostname were specified, instead of rejecting the address as +invalid. +.PP +Available with Postfix version 2.3 and later: +.IP "\fBresolve_numeric_domain (no)\fR" +Resolve "user@ipaddress" as "user@[ipaddress]", instead of +rejecting the address as invalid. +.PP +Available with Postfix version 2.5 and later: +.IP "\fBallow_min_user (no)\fR" +Allow a sender or recipient address to have `\-' as the first +character. +.SH "ADDRESS REWRITING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBmyorigin ($myhostname)\fR" +The domain name that locally\-posted mail appears to come +from, and that locally posted mail is delivered to. +.IP "\fBallow_percent_hack (yes)\fR" +Enable the rewriting of the form "user%domain" to "user@domain". +.IP "\fBappend_at_myorigin (yes)\fR" +With locally submitted mail, append the string "@$myorigin" to mail +addresses without domain information. +.IP "\fBappend_dot_mydomain (Postfix >= 3.0: no, Postfix < 3.0: yes)\fR" +With locally submitted mail, append the string ".$mydomain" to +addresses that have no ".domain" information. +.IP "\fBrecipient_delimiter (empty)\fR" +The set of characters that can separate an email address +localpart, user name, or a .forward file name from its extension. +.IP "\fBswap_bangpath (yes)\fR" +Enable the rewriting of "site!user" into "user@site". +.PP +Available in Postfix 2.2 and later: +.IP "\fBremote_header_rewrite_domain (empty)\fR" +Don't rewrite message headers from remote clients at all when +this parameter is empty; otherwise, rewrite message headers and +append the specified domain name to incomplete addresses. +.SH "ROUTING CONTROLS" +.na +.nf +.ad +.fi +The following is applicable to Postfix version 2.0 and later. +Earlier versions do not have support for: virtual_transport, +relay_transport, virtual_alias_domains, virtual_mailbox_domains +or proxy_interfaces. +.IP "\fBlocal_transport (local:$myhostname)\fR" +The default mail delivery transport and next\-hop destination +for final delivery to domains listed with mydestination, and for +[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces. +.IP "\fBvirtual_transport (virtual)\fR" +The default mail delivery transport and next\-hop destination for +final delivery to domains listed with $virtual_mailbox_domains. +.IP "\fBrelay_transport (relay)\fR" +The default mail delivery transport and next\-hop destination for +remote delivery to domains listed with $relay_domains. +.IP "\fBdefault_transport (smtp)\fR" +The default mail delivery transport and next\-hop destination for +destinations that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains. +.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR" +A list of Postfix features where the pattern "example.com" also +matches subdomains of example.com, +instead of requiring an explicit ".example.com" pattern. +.IP "\fBrelayhost (empty)\fR" +The next\-hop destination(s) for non\-local mail; overrides non\-local +domains in recipient addresses. +.IP "\fBtransport_maps (empty)\fR" +Optional lookup tables with mappings from recipient address to +(message delivery transport, next\-hop destination). +.PP +Available in Postfix version 2.3 and later: +.IP "\fBsender_dependent_relayhost_maps (empty)\fR" +A sender\-dependent override for the global relayhost parameter +setting. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBempty_address_relayhost_maps_lookup_key (<>)\fR" +The sender_dependent_relayhost_maps search string that will be +used instead of the null sender address. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBempty_address_default_transport_maps_lookup_key (<>)\fR" +The sender_dependent_default_transport_maps search string that +will be used instead of the null sender address. +.IP "\fBsender_dependent_default_transport_maps (empty)\fR" +A sender\-dependent override for the global default_transport +parameter setting. +.SH "ADDRESS VERIFICATION CONTROLS" +.na +.nf +.ad +.fi +Postfix version 2.1 introduces sender and recipient address verification. +This feature is implemented by sending probe email messages that +are not actually delivered. +By default, address verification probes use the same route +as regular mail. To override specific aspects of message +routing for address verification probes, specify one or more +of the following: +.IP "\fBaddress_verify_local_transport ($local_transport)\fR" +Overrides the local_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR" +Overrides the virtual_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR" +Overrides the relay_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_default_transport ($default_transport)\fR" +Overrides the default_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relayhost ($relayhost)\fR" +Overrides the relayhost parameter setting for address verification +probes. +.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" +Overrides the transport_maps parameter setting for address verification +probes. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. +.PP +Available in Postfix version 2.7 and later: +.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBempty_address_recipient (MAILER\-DAEMON)\fR" +The recipient of mail addressed to the null address. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBrelocated_maps (empty)\fR" +Optional lookup tables with new contact information for users or +domains that no longer exist. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBshow_user_unknown_table_name (yes)\fR" +Display the name of the recipient table in the "User unknown" +responses. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 2.0 and later: +.IP "\fBhelpful_warnings (yes)\fR" +Log warnings about problematic configuration settings, and provide +helpful suggestions. +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +postconf(5), configuration parameters +transport(5), transport table format +relocated(5), format of the "user has moved" table +master(8), process manager +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_CLASS_README, Postfix address classes howto +ADDRESS_VERIFICATION_README, Postfix address verification +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/verify.8 b/man/man8/verify.8 new file mode 100644 index 0000000..7aece00 --- /dev/null +++ b/man/man8/verify.8 @@ -0,0 +1,257 @@ +.TH VERIFY 8 +.ad +.fi +.SH NAME +verify +\- +Postfix address verification server +.SH "SYNOPSIS" +.na +.nf +\fBverify\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBverify\fR(8) address verification server maintains a record +of what recipient addresses are known to be deliverable or +undeliverable. + +Addresses are verified by injecting probe messages into the +Postfix queue. Probe messages are run through all the routing +and rewriting machinery except for final delivery, and are +discarded rather than being deferred or bounced. + +Address verification relies on the answer from the nearest +MTA for the specified address, and will therefore not detect +all undeliverable addresses. + +The \fBverify\fR(8) server is designed to run under control +by the Postfix +master server. It maintains an optional persistent database. +To avoid being interrupted by "postfix stop" in the middle +of a database update, the process runs in a separate process +group. + +The \fBverify\fR(8) server implements the following requests: +.IP "\fBupdate\fI address status text\fR" +Update the status and text of the specified address. +.IP "\fBquery\fI address\fR" +Look up the \fIstatus\fR and \fItext\fR for the specified +\fIaddress\fR. +If the status is unknown, a probe is sent and an "in progress" +status is returned. +.SH "SECURITY" +.na +.nf +.ad +.fi +The address verification server is not security\-sensitive. It does +not talk to the network, and it does not talk to local users. +The verify server can run chrooted at fixed low privilege. + +The address verification server can be coerced to store +unlimited amounts of garbage. Limiting the cache expiry +time +trades one problem (disk space exhaustion) for another +one (poor response time to client requests). + +With Postfix version 2.5 and later, the \fBverify\fR(8) +server no longer uses root privileges when opening the +\fBaddress_verify_map\fR cache file. The file should now +be stored under the Postfix\-owned \fBdata_directory\fR. As +a migration aid, an attempt to open a cache file under a +non\-Postfix directory is redirected to the Postfix\-owned +\fBdata_directory\fR, and a warning is logged. +.SH DIAGNOSTICS +.ad +.fi +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +.SH BUGS +.ad +.fi +Address verification probe messages add additional traffic +to the mail queue. +Recipient verification may cause an increased load on +down\-stream servers in the case of a dictionary attack or +a flood of backscatter bounces. +Sender address verification may cause your site to be +denylisted by some providers. + +If the persistent database ever gets corrupted then the world +comes to an end and human intervention is needed. This violates +a basic Postfix principle. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are not picked up automatically, +as \fBverify\fR(8) +processes are long\-lived. Use the command "\fBpostfix reload\fR" after +a configuration change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "PROBE MESSAGE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBaddress_verify_sender ($double_bounce_sender)\fR" +The sender address to use in address verification probes; prior +to Postfix 2.5 the default was "postmaster". +.PP +Available with Postfix 2.9 and later: +.IP "\fBaddress_verify_sender_ttl (0s)\fR" +The time between changes in the time\-dependent portion of address +verification probe sender addresses. +.SH "CACHE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBaddress_verify_map (see 'postconf -d' output)\fR" +Lookup table for persistent address verification status +storage. +.IP "\fBaddress_verify_positive_expire_time (31d)\fR" +The time after which a successful probe expires from the address +verification cache. +.IP "\fBaddress_verify_positive_refresh_time (7d)\fR" +The time after which a successful address verification probe needs +to be refreshed. +.IP "\fBaddress_verify_negative_cache (yes)\fR" +Enable caching of failed address verification probe results. +.IP "\fBaddress_verify_negative_expire_time (3d)\fR" +The time after which a failed probe expires from the address +verification cache. +.IP "\fBaddress_verify_negative_refresh_time (3h)\fR" +The time after which a failed address verification probe needs to +be refreshed. +.PP +Available with Postfix 2.7 and later: +.IP "\fBaddress_verify_cache_cleanup_interval (12h)\fR" +The amount of time between \fBverify\fR(8) address verification +database cleanup runs. +.SH "PROBE MESSAGE ROUTING CONTROLS" +.na +.nf +.ad +.fi +By default, probe messages are delivered via the same route +as regular messages. The following parameters can be used to +override specific message routing mechanisms. +.IP "\fBaddress_verify_relayhost ($relayhost)\fR" +Overrides the relayhost parameter setting for address verification +probes. +.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR" +Overrides the transport_maps parameter setting for address verification +probes. +.IP "\fBaddress_verify_local_transport ($local_transport)\fR" +Overrides the local_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_virtual_transport ($virtual_transport)\fR" +Overrides the virtual_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_relay_transport ($relay_transport)\fR" +Overrides the relay_transport parameter setting for address +verification probes. +.IP "\fBaddress_verify_default_transport ($default_transport)\fR" +Overrides the default_transport parameter setting for address +verification probes. +.PP +Available in Postfix 2.3 and later: +.IP "\fBaddress_verify_sender_dependent_relayhost_maps ($sender_dependent_relayhost_maps)\fR" +Overrides the sender_dependent_relayhost_maps parameter setting for address +verification probes. +.PP +Available in Postfix 2.7 and later: +.IP "\fBaddress_verify_sender_dependent_default_transport_maps ($sender_dependent_default_transport_maps)\fR" +Overrides the sender_dependent_default_transport_maps parameter +setting for address verification probes. +.SH "SMTPUTF8 CONTROLS" +.na +.nf +.ad +.fi +Preliminary SMTPUTF8 support is introduced with Postfix 3.0. +.IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" +Detect that a message requires SMTPUTF8 support for the specified +mail origin classes. +.PP +Available in Postfix version 3.2 and later: +.IP "\fBenable_idna2003_compatibility (no)\fR" +Enable 'transitional' compatibility between IDNA2003 and IDNA2008, +when converting UTF\-8 domain names to/from the ASCII form that is +used for DNS lookups. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix 3.3 and later: +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.SH "SEE ALSO" +.na +.nf +smtpd(8), Postfix SMTP server +cleanup(8), enqueue Postfix message +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README FILES" +.na +.nf +.ad +.fi +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +.na +.nf +ADDRESS_VERIFICATION_README, address verification howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This service was introduced with Postfix version 2.1. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA diff --git a/man/man8/virtual.8 b/man/man8/virtual.8 new file mode 100644 index 0000000..746fc0d --- /dev/null +++ b/man/man8/virtual.8 @@ -0,0 +1,358 @@ +.TH VIRTUAL 8 +.ad +.fi +.SH NAME +virtual +\- +Postfix virtual domain mail delivery agent +.SH "SYNOPSIS" +.na +.nf +\fBvirtual\fR [generic Postfix daemon options] +.SH DESCRIPTION +.ad +.fi +The \fBvirtual\fR(8) delivery agent is designed for virtual mail +hosting services. Originally based on the Postfix \fBlocal\fR(8) +delivery +agent, this agent looks up recipients with map lookups of their +full recipient address, instead of using hard\-coded unix password +file lookups of the address local part only. + +This delivery agent only delivers mail. Other features such as +mail forwarding, out\-of\-office notifications, etc., must be +configured via virtual_alias maps or via similar lookup mechanisms. +.SH "MAILBOX LOCATION" +.na +.nf +.ad +.fi +The mailbox location is controlled by the \fBvirtual_mailbox_base\fR +and \fBvirtual_mailbox_maps\fR configuration parameters (see below). +The \fBvirtual_mailbox_maps\fR table is indexed by the recipient +address as described under TABLE SEARCH ORDER below. + +The mailbox pathname is constructed as follows: + +.nf + \fB$virtual_mailbox_base/$virtual_mailbox_maps(\fIrecipient\fB)\fR +.fi + +where \fIrecipient\fR is the full recipient address. +.SH "UNIX MAILBOX FORMAT" +.na +.nf +.ad +.fi +When the mailbox location does not end in \fB/\fR, the message +is delivered in UNIX mailbox format. This format stores multiple +messages in one textfile. + +The \fBvirtual\fR(8) delivery agent prepends a "\fBFrom \fIsender +time_stamp\fR" envelope header to each message, prepends a +\fBDelivered\-To:\fR message header with the envelope recipient +address, +prepends an \fBX\-Original\-To:\fR header with the recipient address as +given to Postfix, +prepends a \fBReturn\-Path:\fR message header with the +envelope sender address, prepends a \fB>\fR character to lines +beginning with "\fBFrom \fR", and appends an empty line. + +The mailbox is locked for exclusive access while delivery is in +progress. In case of problems, an attempt is made to truncate the +mailbox to its original length. +.SH "QMAIL MAILDIR FORMAT" +.na +.nf +.ad +.fi +When the mailbox location ends in \fB/\fR, the message is delivered +in qmail \fBmaildir\fR format. This format stores one message per file. + +The \fBvirtual\fR(8) delivery agent prepends a \fBDelivered\-To:\fR +message header with the final envelope recipient address, +prepends an \fBX\-Original\-To:\fR header with the recipient address as +given to Postfix, and prepends a +\fBReturn\-Path:\fR message header with the envelope sender address. + +By definition, \fBmaildir\fR format does not require application\-level +file locking during mail delivery or retrieval. +.SH "MAILBOX OWNERSHIP" +.na +.nf +.ad +.fi +Mailbox ownership is controlled by the \fBvirtual_uid_maps\fR +and \fBvirtual_gid_maps\fR lookup tables, which are indexed +with the full recipient address. Each table provides +a string with the numerical user and group ID, respectively. + +The \fBvirtual_minimum_uid\fR parameter imposes a lower bound on +numerical user ID values that may be specified in any +\fBvirtual_uid_maps\fR. +.SH "CASE FOLDING" +.na +.nf +.ad +.fi +All delivery decisions are made using the full recipient +address, folded to lower case. See also the next section +for a few exceptions with optional address extensions. +.SH "TABLE SEARCH ORDER" +.na +.nf +.ad +.fi +Normally, a lookup table is specified as a text file that +serves as input to the \fBpostmap\fR(1) command. The result, an +indexed file in \fBdbm\fR or \fBdb\fR format, is used for fast +searching by the mail system. + +The search order is as follows. The search stops +upon the first successful lookup. +.IP \(bu +When the recipient has an optional address extension the +\fIuser+extension@domain.tld\fR address is looked up first. +.sp +With Postfix versions before 2.1, the optional address extension +is always ignored. +.IP \(bu +The \fIuser@domain.tld\fR address, without address extension, +is looked up next. +.IP \(bu +Finally, the recipient \fI@domain\fR is looked up. +.PP +When the table is provided via other means such as NIS, LDAP +or SQL, the same lookups are done as for ordinary indexed files. + +Alternatively, a table can be provided as a regular\-expression +map where patterns are given as regular expressions. In that case, +only the full recipient address is given to the regular\-expression +map. +.SH "SECURITY" +.na +.nf +.ad +.fi +The \fBvirtual\fR(8) delivery agent is not security sensitive, provided +that the lookup tables with recipient user/group ID information are +adequately protected. This program is not designed to run chrooted. + +The \fBvirtual\fR(8) delivery agent disallows regular expression +substitution of $1 etc. in regular expression lookup tables, +because that would open a security hole. + +The \fBvirtual\fR(8) delivery agent will silently ignore requests +to use the \fBproxymap\fR(8) server. Instead it will open the +table directly. Before Postfix version 2.2, the virtual +delivery agent will terminate with a fatal error. +.SH "STANDARDS" +.na +.nf +RFC 822 (ARPA Internet Text Messages) +.SH DIAGNOSTICS +.ad +.fi +Mail bounces when the recipient has no mailbox or when the +recipient is over disk quota. In all other problem cases, mail for +an existing recipient is deferred and a warning is logged. + +Problems and transactions are logged to \fBsyslogd\fR(8) +or \fBpostlogd\fR(8). +Corrupted message files are marked so that the queue +manager can move them to the \fBcorrupt\fR queue afterwards. + +Depending on the setting of the \fBnotify_classes\fR parameter, +the postmaster is notified of bounces and of other trouble. +.SH BUGS +.ad +.fi +This delivery agent supports address extensions in email +addresses and in lookup table keys, but does not propagate +address extension information to the result of table lookup. + +Postfix should have lookup tables that can return multiple result +attributes. In order to avoid the inconvenience of maintaining +three tables, use an LDAP or MYSQL database. +.SH "CONFIGURATION PARAMETERS" +.na +.nf +.ad +.fi +Changes to \fBmain.cf\fR are picked up automatically, as +\fBvirtual\fR(8) +processes run for only a limited amount of time. Use the command +"\fBpostfix reload\fR" to speed up a change. + +The text below provides only a parameter summary. See +\fBpostconf\fR(5) for more details including examples. +.SH "MAILBOX DELIVERY CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_base (empty)\fR" +A prefix that the \fBvirtual\fR(8) delivery agent prepends to all pathname +results from $virtual_mailbox_maps table lookups. +.IP "\fBvirtual_mailbox_maps (empty)\fR" +Optional lookup tables with all valid addresses in the domains that +match $virtual_mailbox_domains. +.IP "\fBvirtual_minimum_uid (100)\fR" +The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts +as a result from $virtual_uid_maps table lookup. +.IP "\fBvirtual_uid_maps (empty)\fR" +Lookup tables with the per\-recipient user ID that the \fBvirtual\fR(8) +delivery agent uses while writing to the recipient's mailbox. +.IP "\fBvirtual_gid_maps (empty)\fR" +Lookup tables with the per\-recipient group ID for \fBvirtual\fR(8) mailbox +delivery. +.PP +Available in Postfix version 2.0 and later: +.IP "\fBvirtual_mailbox_domains ($virtual_mailbox_maps)\fR" +Postfix is the final destination for the specified list of domains; +mail is delivered via the $virtual_transport mail delivery transport. +.IP "\fBvirtual_transport (virtual)\fR" +The default mail delivery transport and next\-hop destination for +final delivery to domains listed with $virtual_mailbox_domains. +.PP +Available in Postfix version 2.5.3 and later: +.IP "\fBstrict_mailbox_ownership (yes)\fR" +Defer delivery when a mailbox file is not owned by its recipient. +.SH "LOCKING CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_lock (see 'postconf -d' output)\fR" +How to lock a UNIX\-style \fBvirtual\fR(8) mailbox before attempting +delivery. +.IP "\fBdeliver_lock_attempts (20)\fR" +The maximal number of attempts to acquire an exclusive lock on a +mailbox file or \fBbounce\fR(8) logfile. +.IP "\fBdeliver_lock_delay (1s)\fR" +The time between attempts to acquire an exclusive lock on a mailbox +file or \fBbounce\fR(8) logfile. +.IP "\fBstale_lock_time (500s)\fR" +The time after which a stale exclusive mailbox lockfile is removed. +.SH "RESOURCE AND RATE CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBvirtual_mailbox_limit (51200000)\fR" +The maximal size in bytes of an individual \fBvirtual\fR(8) mailbox or +maildir file, or zero (no limit). +.PP +Implemented in the qmgr(8) daemon: +.IP "\fBvirtual_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" +The maximal number of parallel deliveries to the same destination +via the virtual message delivery transport. +.IP "\fBvirtual_destination_recipient_limit ($default_destination_recipient_limit)\fR" +The maximal number of recipients per message for the virtual +message delivery transport. +.SH "MISCELLANEOUS CONTROLS" +.na +.nf +.ad +.fi +.IP "\fBconfig_directory (see 'postconf -d' output)\fR" +The default location of the Postfix main.cf and master.cf +configuration files. +.IP "\fBdaemon_timeout (18000s)\fR" +How much time a Postfix daemon process may take to handle a +request before it is terminated by a built\-in watchdog timer. +.IP "\fBdelay_logging_resolution_limit (2)\fR" +The maximal number of digits after the decimal point when logging +sub\-second delay values. +.IP "\fBipc_timeout (3600s)\fR" +The time limit for sending or receiving information over an internal +communication channel. +.IP "\fBmax_idle (100s)\fR" +The maximum amount of time that an idle Postfix daemon process waits +for an incoming connection before terminating voluntarily. +.IP "\fBmax_use (100)\fR" +The maximal number of incoming connections that a Postfix daemon +process will service before terminating voluntarily. +.IP "\fBprocess_id (read\-only)\fR" +The process ID of a Postfix command or daemon process. +.IP "\fBprocess_name (read\-only)\fR" +The process name of a Postfix command or daemon process. +.IP "\fBqueue_directory (see 'postconf -d' output)\fR" +The location of the Postfix top\-level queue directory. +.IP "\fBsyslog_facility (mail)\fR" +The syslog facility of Postfix logging. +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" +A prefix that is prepended to the process name in syslog +records, so that, for example, "smtpd" becomes "prefix/smtpd". +.PP +Available in Postfix version 3.0 and later: +.IP "\fBvirtual_delivery_status_filter ($default_delivery_status_filter)\fR" +Optional filter for the \fBvirtual\fR(8) delivery agent to change the +delivery status code or explanatory text of successful or unsuccessful +deliveries. +.PP +Available in Postfix version 3.3 and later: +.IP "\fBenable_original_recipient (yes)\fR" +Enable support for the original recipient address after an +address is rewritten to a different address (for example with +aliasing or with canonical mapping). +.IP "\fBservice_name (read\-only)\fR" +The master.cf service name of a Postfix daemon process. +.PP +Available in Postfix 3.5 and later: +.IP "\fBinfo_log_address_format (external)\fR" +The email address form that will be used in non\-debug logging +(info, warning, etc.). +.SH "SEE ALSO" +.na +.nf +qmgr(8), queue manager +bounce(8), delivery status reports +postconf(5), configuration parameters +postlogd(8), Postfix logging +syslogd(8), system logging +.SH "README_FILES" +.na +.nf +Use "\fBpostconf readme_directory\fR" or +"\fBpostconf html_directory\fR" to locate this information. +VIRTUAL_README, domain hosting howto +.SH "LICENSE" +.na +.nf +.ad +.fi +The Secure Mailer license must be distributed with this software. +.SH HISTORY +.ad +.fi +.ad +.fi +This delivery agent was originally based on the Postfix local delivery +agent. Modifications mainly consisted of removing code that either +was not applicable or that was not safe in this context: aliases, +~user/.forward files, delivery to "|command" or to /file/name. + +The \fBDelivered\-To:\fR message header appears in the \fBqmail\fR +system by Daniel Bernstein. + +The \fBmaildir\fR structure appears in the \fBqmail\fR system +by Daniel Bernstein. +.SH "AUTHOR(S)" +.na +.nf +Wietse Venema +IBM T.J. Watson Research +P.O. Box 704 +Yorktown Heights, NY 10598, USA + +Wietse Venema +Google, Inc. +111 8th Avenue +New York, NY 10011, USA + +Andrew McNamara +andrewm@connect.com.au +connect.com.au Pty. Ltd. +Level 3, 213 Miller St +North Sydney 2060, NSW, Australia |