1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
|
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title> Postfix manual - verify(8) </title>
</head> <body> <pre>
VERIFY(8) VERIFY(8)
<b>NAME</b>
verify - Postfix address verification server
<b>SYNOPSIS</b>
<b>verify</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a record of what
recipient addresses are known to be deliverable or undeliverable.
Addresses are verified by injecting probe messages into the Postfix
queue. Probe messages are run through all the routing and rewriting
machinery except for final delivery, and are discarded rather than
being deferred or bounced.
Address verification relies on the answer from the nearest MTA for the
specified address, and will therefore not detect all undeliverable
addresses.
The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by the Postfix
master server. It maintains an optional persistent database. To avoid
being interrupted by "postfix stop" in the middle of a database update,
the process runs in a separate process group.
The <a href="verify.8.html"><b>verify</b>(8)</a> server implements the following requests:
<b>update</b> <i>address status text</i>
Update the status and text of the specified address.
<b>query</b> <i>address</i>
Look up the <i>status</i> and <i>text</i> for the specified <i>address</i>. If the
status is unknown, a probe is sent and an "in progress" status
is returned.
<b>SECURITY</b>
The address verification server is not security-sensitive. It does not
talk to the network, and it does not talk to local users. The verify
server can run chrooted at fixed low privilege.
The address verification server can be coerced to store unlimited
amounts of garbage. Limiting the cache expiry time trades one problem
(disk space exhaustion) for another one (poor response time to client
requests).
With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server no longer uses
root privileges when opening the <b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The
file should now be stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
migration aid, an attempt to open a cache file under a non-Postfix
directory is redirected to the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a
warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
Address verification probe messages add additional traffic to the mail
queue. Recipient verification may cause an increased load on
down-stream servers in the case of a dictionary attack or a flood of
backscatter bounces. Sender address verification may cause your site
to be denylisted by some providers.
If the persistent database ever gets corrupted then the world comes to
an end and human intervention is needed. This violates a basic Postfix
principle.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> pro-
cesses are long-lived. Use the command "<b>postfix reload</b>" after a config-
uration change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>PROBE MESSAGE CONTROLS</b>
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
The time between changes in the time-dependent portion of
address verification probe sender addresses.
<b>CACHE CONTROLS</b>
<b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
Lookup table for persistent address verification status storage.
<b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b>
The time after which a successful probe expires from the address
verification cache.
<b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b>
The time after which a successful address verification probe
needs to be refreshed.
<b><a href="postconf.5.html#address_verify_negative_cache">address_verify_negative_cache</a> (yes)</b>
Enable caching of failed address verification probe results.
<b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b>
The time after which a failed probe expires from the address
verification cache.
<b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b>
The time after which a failed address verification probe needs
to be refreshed.
Available with Postfix 2.7 and later:
<b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b>
The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address verification data-
base cleanup runs.
<b>PROBE MESSAGE ROUTING CONTROLS</b>
By default, probe messages are delivered via the same route as regular
messages. The following parameters can be used to override specific
message routing mechanisms.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
tion probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
fication probes.
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
verification probes.
Available in Postfix 2.3 and later:
<b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
<b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
for address verification probes.
Available in Postfix 2.7 and later:
<b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
<b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
setting for address verification probes.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
Enable 'transitional' compatibility between IDNA2003 and
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.3 and later:
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
The <a href="master.5.html">master.cf</a> service name of a Postfix daemon process.
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="cleanup.8.html">cleanup(8)</a>, enqueue Postfix message
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.1.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
Wietse Venema
Google, Inc.
111 8th Avenue
New York, NY 10011, USA
VERIFY(8)
</pre> </body> </html>
|
