From b7c15c31519dc44c1f691e0466badd556ffe9423 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:18:56 +0200 Subject: Adding upstream version 3.7.10. Signed-off-by: Daniel Baumann --- html/postscreen.8.html | 465 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 465 insertions(+) create mode 100644 html/postscreen.8.html (limited to 'html/postscreen.8.html') diff --git a/html/postscreen.8.html b/html/postscreen.8.html new file mode 100644 index 0000000..c60e113 --- /dev/null +++ b/html/postscreen.8.html @@ -0,0 +1,465 @@ + + + + Postfix manual - postscreen(8) +
+POSTSCREEN(8)                                                    POSTSCREEN(8)
+
+NAME
+       postscreen - Postfix zombie blocker
+
+SYNOPSIS
+       postscreen [generic Postfix daemon options]
+
+DESCRIPTION
+       The Postfix postscreen(8) server provides additional protection against
+       mail  server  overload.  One  postscreen(8)  process  handles  multiple
+       inbound SMTP connections, and decides which clients may talk to a Post-
+       fix SMTP server  process.   By  keeping  spambots  away,  postscreen(8)
+       leaves more SMTP server processes available for legitimate clients, and
+       delays the onset of server overload conditions.
+
+       This program should not be used on SMTP ports that  receive  mail  from
+       end-user clients (MUAs). In a typical deployment, postscreen(8) handles
+       the MX service on TCP port 25, and smtpd(8) receives mail from MUAs  on
+       the submission service (TCP port 587) which requires client authentica-
+       tion.  Alternatively, a site could set up a dedicated,  non-postscreen,
+       "port  25" server that provides submission service and client authenti-
+       cation, but no MX service.
+
+       postscreen(8) maintains a temporary allowlist  for  clients  that  have
+       passed  a  number  of  tests.   When  an  SMTP  client  IP  address  is
+       allowlisted, postscreen(8) hands off the connection  immediately  to  a
+       Postfix SMTP server process. This minimizes the overhead for legitimate
+       mail.
+
+       By default, postscreen(8) logs statistics and hands off each connection
+       to a Postfix SMTP server process, while excluding clients in mynetworks
+       from all tests (primarily, to avoid  problems  with  non-standard  SMTP
+       implementations  in  network  appliances).  This default mode blocks no
+       clients, and is useful for non-destructive testing.
+
+       In a typical production setting, postscreen(8) is configured to  reject
+       mail  from  clients  that  fail  one  or more tests. postscreen(8) logs
+       rejected mail with the  client  address,  helo,  sender  and  recipient
+       information.
+
+       postscreen(8)  is  not an SMTP proxy; this is intentional.  The purpose
+       is to keep spambots away from Postfix SMTP server processes, while min-
+       imizing overhead for legitimate traffic.
+
+SECURITY
+       The postscreen(8) server is moderately security-sensitive.  It talks to
+       untrusted clients on the network. The process can be  run  chrooted  at
+       fixed low privilege.
+
+STANDARDS
+       RFC 821 (SMTP protocol)
+       RFC 1123 (Host requirements)
+       RFC 1652 (8bit-MIME transport)
+       RFC 1869 (SMTP service extensions)
+       RFC 1870 (Message Size Declaration)
+       RFC 1985 (ETRN command)
+       RFC 2034 (SMTP Enhanced Status Codes)
+       RFC 2821 (SMTP protocol)
+       Not: RFC 2920 (SMTP Pipelining)
+       RFC 3030 (CHUNKING without BINARYMIME)
+       RFC 3207 (STARTTLS command)
+       RFC 3461 (SMTP DSN Extension)
+       RFC 3463 (Enhanced Status Codes)
+       RFC 5321 (SMTP protocol, including multi-line 220 banners)
+
+DIAGNOSTICS
+       Problems and transactions are logged to syslogd(8) or postlogd(8).
+
+BUGS
+       The  postscreen(8)  built-in  SMTP  protocol  engine currently does not
+       announce support for AUTH, XCLIENT or XFORWARD.  If you  need  to  make
+       these  services  available  on port 25, then do not enable the optional
+       "after 220 server greeting" tests.
+
+       The optional "after 220 server greeting" tests may result in unexpected
+       delivery delays from senders that retry email delivery from a different
+       IP address.  Reason: after passing these tests a new client  must  dis-
+       connect,  and  reconnect from the same IP address before it can deliver
+       mail. See POSTSCREEN_README, section "Tests after the 220  SMTP  server
+       greeting", for a discussion.
+
+CONFIGURATION PARAMETERS
+       Changes  to  main.cf  are not picked up automatically, as postscreen(8)
+       processes may run for several hours.  Use the command "postfix  reload"
+       after a configuration change.
+
+       The  text  below provides only a parameter summary. See postconf(5) for
+       more details including examples.
+
+       NOTE: Some postscreen(8) parameters implement  stress-dependent  behav-
+       ior.   This  is  supported  only  when  the  default parameter value is
+       stress-dependent (that is, it looks like ${stress?{X}:{Y}},  or  it  is
+       the  $name  of  an  smtpd  parameter  with a stress-dependent default).
+       Other parameters always evaluate as if the stress  parameter  value  is
+       the empty string.
+
+COMPATIBILITY CONTROLS
+       postscreen_command_filter ($smtpd_command_filter)
+              A mechanism to transform commands from remote SMTP clients.
+
+       postscreen_discard_ehlo_keyword_address_maps  ($smtpd_discard_ehlo_key-
+       word_address_maps)
+              Lookup  tables,  indexed by the remote SMTP client address, with
+              case insensitive lists of EHLO keywords  (pipelining,  starttls,
+              auth,  etc.)  that the postscreen(8) server will not send in the
+              EHLO response to a remote SMTP client.
+
+       postscreen_discard_ehlo_keywords ($smtpd_discard_ehlo_keywords)
+              A case insensitive list of EHLO keywords (pipelining,  starttls,
+              auth,  etc.)  that the postscreen(8) server will not send in the
+              EHLO response to a remote SMTP client.
+
+       Available in Postfix version 3.1 and later:
+
+       dns_ncache_ttl_fix_enable (no)
+              Enable a workaround for future libc incompatibility.
+
+       Available in Postfix version 3.4 and later:
+
+       postscreen_reject_footer_maps ($smtpd_reject_footer_maps)
+              Optional lookup table for information that is appended  after  a
+              4XX or 5XX postscreen(8) server response.
+
+       Available in Postfix 3.6 and later:
+
+       respectful_logging (see 'postconf -d' output)
+              Avoid logging that implies white is better than black.
+
+TROUBLE SHOOTING CONTROLS
+       postscreen_expansion_filter (see 'postconf -d' output)
+              List     of     characters     that     are     permitted     in
+              postscreen_reject_footer attribute expansions.
+
+       postscreen_reject_footer ($smtpd_reject_footer)
+              Optional information  that  is  appended  after  a  4XX  or  5XX
+              postscreen(8) server response.
+
+       soft_bounce (no)
+              Safety  net to keep mail queued that would otherwise be returned
+              to the sender.
+
+BEFORE-POSTSCREEN PROXY AGENT
+       Available in Postfix version 2.10 and later:
+
+       postscreen_upstream_proxy_protocol (empty)
+              The  name  of  the  proxy   protocol   used   by   an   optional
+              before-postscreen proxy agent.
+
+       postscreen_upstream_proxy_timeout (5s)
+              The  time  limit  for  the  proxy  protocol  specified  with the
+              postscreen_upstream_proxy_protocol parameter.
+
+PERMANENT ALLOW/DENYLIST TEST
+       This test is executed immediately after a remote SMTP client  connects.
+       If  a  client is permanently allowlisted, the client will be handed off
+       immediately to a Postfix SMTP server process.
+
+       postscreen_access_list (permit_mynetworks)
+              Permanent allow/denylist for remote SMTP client IP addresses.
+
+       postscreen_blacklist_action (ignore)
+              Renamed to postscreen_denylist_action in Postfix 3.6.
+
+MAIL EXCHANGER POLICY TESTS
+       When postscreen(8) is configured to monitor all primary and  backup  MX
+       addresses,  it can refuse to allowlist clients that connect to a backup
+       MX address only. For small sites, this requires configuring primary and
+       backup  MX  addresses on the same MTA. Larger sites would have to share
+       the postscreen(8) cache between primary and backup  MTAs,  which  would
+       introduce a common point of failure.
+
+       postscreen_whitelist_interfaces (static:all)
+              Renamed to postscreen_allowlist_interfaces in Postfix 3.6.
+
+BEFORE 220 GREETING TESTS
+       These  tests  are  executed  before the remote SMTP client receives the
+       "220 servername" greeting. If no tests remain after the successful com-
+       pletion  of  this phase, the client will be handed off immediately to a
+       Postfix SMTP server process.
+
+       dnsblog_service_name (dnsblog)
+              The name of the dnsblog(8) service entry in master.cf.
+
+       postscreen_dnsbl_action (ignore)
+              The action that postscreen(8) takes when a remote SMTP  client's
+              combined DNSBL score is equal to or greater than a threshold (as
+              defined      with      the      postscreen_dnsbl_sites       and
+              postscreen_dnsbl_threshold parameters).
+
+       postscreen_dnsbl_reply_map (empty)
+              A  mapping from actual DNSBL domain name which includes a secret
+              password, to the DNSBL domain name that  postscreen  will  reply
+              with when it rejects mail.
+
+       postscreen_dnsbl_sites (empty)
+              Optional  list of DNS allow/denylist domains, filters and weight
+              factors.
+
+       postscreen_dnsbl_threshold (1)
+              The inclusive lower bound for blocking  a  remote  SMTP  client,
+              based   on   its  combined  DNSBL  score  as  defined  with  the
+              postscreen_dnsbl_sites parameter.
+
+       postscreen_greet_action (ignore)
+              The action that postscreen(8) takes when a  remote  SMTP  client
+              speaks  before  its  turn  within  the  time  specified with the
+              postscreen_greet_wait parameter.
+
+       postscreen_greet_banner ($smtpd_banner)
+              The text in the  optional  "220-text..."  server  response  that
+              postscreen(8) sends ahead of the real Postfix SMTP server's "220
+              text..." response, in an attempt to confuse bad SMTP clients  so
+              that they speak before their turn (pre-greet).
+
+       postscreen_greet_wait (normal: 6s, overload: 2s)
+              The  amount  of  time  that  postscreen(8) will wait for an SMTP
+              client to send a command before its turn, and for DNS  blocklist
+              lookup results to arrive (default: up to 2 seconds under stress,
+              up to 6 seconds otherwise).
+
+       smtpd_service_name (smtpd)
+              The internal service that postscreen(8) hands off  allowed  con-
+              nections to.
+
+       Available in Postfix version 2.11 and later:
+
+       postscreen_dnsbl_whitelist_threshold (0)
+              Renamed  to postscreen_dnsbl_allowlist_threshold in Postfix 3.6.
+
+       Available in Postfix version 3.0 and later:
+
+       postscreen_dnsbl_timeout (10s)
+              The time limit for DNSBL or DNSWL lookups.
+
+       Available in Postfix version 3.6 and later:
+
+       postscreen_denylist_action (ignore)
+              The action that postscreen(8) takes when a remote SMTP client is
+              permanently  denylisted  with the postscreen_access_list parame-
+              ter.
+
+       postscreen_allowlist_interfaces (static:all)
+              A list of  local  postscreen(8)  server  IP  addresses  where  a
+              non-allowlisted  remote  SMTP  client can obtain postscreen(8)'s
+              temporary allowlist status.
+
+       postscreen_dnsbl_allowlist_threshold (0)
+              Allow a remote SMTP client  to  skip  "before"  and  "after  220
+              greeting"  protocol  tests, based on its combined DNSBL score as
+              defined with the postscreen_dnsbl_sites parameter.
+
+AFTER 220 GREETING TESTS
+       These tests are executed after the remote SMTP client receives the "220
+       servername"  greeting.  If a client passes all tests during this phase,
+       it will receive a 4XX response to  all  RCPT  TO  commands.  After  the
+       client  reconnects,  it  will  be allowed to talk directly to a Postfix
+       SMTP server process.
+
+       postscreen_bare_newline_action (ignore)
+              The action that postscreen(8) takes when a  remote  SMTP  client
+              sends  a bare newline character, that is, a newline not preceded
+              by carriage return.
+
+       postscreen_bare_newline_enable (no)
+              Enable "bare newline" SMTP protocol tests in  the  postscreen(8)
+              server.
+
+       postscreen_disable_vrfy_command ($disable_vrfy_command)
+              Disable the SMTP VRFY command in the postscreen(8) daemon.
+
+       postscreen_forbidden_commands ($smtpd_forbidden_commands)
+              List of commands that the postscreen(8) server considers in vio-
+              lation of the SMTP protocol.
+
+       postscreen_helo_required ($smtpd_helo_required)
+              Require that a remote SMTP client sends HELO or EHLO before com-
+              mencing a MAIL transaction.
+
+       postscreen_non_smtp_command_action (drop)
+              The  action  that  postscreen(8) takes when a remote SMTP client
+              sends non-SMTP commands as specified with the postscreen_forbid-
+              den_commands parameter.
+
+       postscreen_non_smtp_command_enable (no)
+              Enable "non-SMTP command" tests in the postscreen(8) server.
+
+       postscreen_pipelining_action (enforce)
+              The  action  that  postscreen(8) takes when a remote SMTP client
+              sends multiple commands instead of sending one command and wait-
+              ing for the server to respond.
+
+       postscreen_pipelining_enable (no)
+              Enable  "pipelining"  SMTP  protocol  tests in the postscreen(8)
+              server.
+
+CACHE CONTROLS
+       postscreen_cache_cleanup_interval (12h)
+              The amount of time between postscreen(8) cache cleanup runs.
+
+       postscreen_cache_map (btree:$data_directory/postscreen_cache)
+              Persistent storage for the postscreen(8) server decisions.
+
+       postscreen_cache_retention_time (7d)
+              The amount of time that postscreen(8) will cache an expired tem-
+              porary allowlist entry before it is removed.
+
+       postscreen_bare_newline_ttl (30d)
+              The amount of time that postscreen(8) will use the result from a
+              successful "bare newline" SMTP protocol test.
+
+       postscreen_dnsbl_max_ttl
+       (${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h)
+              The maximum amount of  time  that  postscreen(8)  will  use  the
+              result  from  a  successful  DNS-based  reputation test before a
+              client IP address is required to pass that test again.
+
+       postscreen_dnsbl_min_ttl (60s)
+              The minimum amount of  time  that  postscreen(8)  will  use  the
+              result  from  a  successful  DNS-based  reputation test before a
+              client IP address is required to pass that test again.
+
+       postscreen_greet_ttl (1d)
+              The amount of time that postscreen(8) will use the result from a
+              successful PREGREET test.
+
+       postscreen_non_smtp_command_ttl (30d)
+              The amount of time that postscreen(8) will use the result from a
+              successful "non_smtp_command" SMTP protocol test.
+
+       postscreen_pipelining_ttl (30d)
+              The amount of time that postscreen(8) will use the result from a
+              successful "pipelining" SMTP protocol test.
+
+RESOURCE CONTROLS
+       line_length_limit (2048)
+              Upon  input,  long  lines  are chopped up into pieces of at most
+              this length; upon delivery, long lines are reconstructed.
+
+       postscreen_client_connection_count_limit         ($smtpd_client_connec-
+       tion_count_limit)
+              How many simultaneous connections  any  remote  SMTP  client  is
+              allowed to have with the postscreen(8) daemon.
+
+       postscreen_command_count_limit (20)
+              The  limit  on the total number of commands per SMTP session for
+              postscreen(8)'s built-in SMTP protocol engine.
+
+       postscreen_command_time_limit (normal: 300s, overload: 10s)
+              The  time  limit  to  read   an   entire   command   line   with
+              postscreen(8)'s built-in SMTP protocol engine.
+
+       postscreen_post_queue_limit ($default_process_limit)
+              The  number  of  clients  that can be waiting for service from a
+              real Postfix SMTP server process.
+
+       postscreen_pre_queue_limit ($default_process_limit)
+              The number of non-allowlisted clients that can be waiting for  a
+              decision  whether  they will receive service from a real Postfix
+              SMTP server process.
+
+       postscreen_watchdog_timeout (10s)
+              How much time a postscreen(8) process may take to respond  to  a
+              remote  SMTP  client  command  or  to  perform a cache operation
+              before it is terminated by a built-in watchdog timer.
+
+STARTTLS CONTROLS
+       postscreen_tls_security_level ($smtpd_tls_security_level)
+              The SMTP TLS security level for the postscreen(8) server; when a
+              non-empty value is specified, this overrides the obsolete param-
+              eters postscreen_use_tls and postscreen_enforce_tls.
+
+       tlsproxy_service_name (tlsproxy)
+              The name of the tlsproxy(8) service entry in master.cf.
+
+OBSOLETE STARTTLS SUPPORT CONTROLS
+       These parameters are supported for compatibility with  smtpd(8)  legacy
+       parameters.
+
+       postscreen_use_tls ($smtpd_use_tls)
+              Opportunistic  TLS:  announce  STARTTLS  support  to remote SMTP
+              clients, but do not require that clients use TLS encryption.
+
+       postscreen_enforce_tls ($smtpd_enforce_tls)
+              Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+              and require that clients use TLS encryption.
+
+MISCELLANEOUS CONTROLS
+       config_directory (see 'postconf -d' output)
+              The  default  location of the Postfix main.cf and master.cf con-
+              figuration files.
+
+       delay_logging_resolution_limit (2)
+              The maximal number of digits after the decimal point  when  log-
+              ging sub-second delay values.
+
+       command_directory (see 'postconf -d' output)
+              The location of all postfix administrative commands.
+
+       max_idle (100s)
+              The  maximum  amount of time that an idle Postfix daemon process
+              waits for an incoming connection before terminating voluntarily.
+
+       process_id (read-only)
+              The process ID of a Postfix command or daemon process.
+
+       process_name (read-only)
+              The process name of a Postfix command or daemon process.
+
+       syslog_facility (mail)
+              The syslog facility of Postfix logging.
+
+       syslog_name (see 'postconf -d' output)
+              A  prefix  that  is  prepended  to  the  process  name in syslog
+              records, so that, for example, "smtpd" becomes "prefix/smtpd".
+
+       Available in Postfix 3.3 and later:
+
+       service_name (read-only)
+              The master.cf service name of a Postfix daemon process.
+
+       Available in Postfix 3.5 and later:
+
+       info_log_address_format (external)
+              The email address form that will be used  in  non-debug  logging
+              (info, warning, etc.).
+
+SEE ALSO
+       smtpd(8), Postfix SMTP server
+       tlsproxy(8), Postfix TLS proxy server
+       dnsblog(8), DNS allow/denylist logger
+       postlogd(8), Postfix logging
+       syslogd(8), system logging
+
+README FILES
+       POSTSCREEN_README, Postfix Postscreen Howto
+
+LICENSE
+       The Secure Mailer license must be distributed with this software.
+
+HISTORY
+       This service was introduced with Postfix version 2.8.
+
+       Many ideas in postscreen(8) were explored in earlier  work  by  Michael
+       Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control.
+
+AUTHOR(S)
+       Wietse Venema
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
+
+       Wietse Venema
+       Google, Inc.
+       111 8th Avenue
+       New York, NY 10011, USA
+
+                                                                 POSTSCREEN(8)
+
-- cgit v1.2.3