135
135
Force the Postfix SMTP server to issue a TLS session id, even
136
136
when TLS session caching is turned off (smtpd_tls_session_cache_database
139
Available in Postfix version 2.6 and later:
140
.IP "\fBtcp_windowsize (0)\fR"
141
An optional workaround for routers that break TCP window scaling.
138
142
.SH "ADDRESS REWRITING CONTROLS"
196
200
.IP "\fBsmtpd_milters (empty)\fR"
197
201
A list of Milter (mail filter) applications for new mail that
198
202
arrives via the Postfix \fBsmtpd\fR(8) server.
199
.IP "\fBmilter_protocol (2)\fR"
203
.IP "\fBmilter_protocol (6)\fR"
200
204
The mail filter protocol version and optional protocol extensions
201
for communication with a Milter (mail filter) application.
205
for communication with a Milter application; prior to Postfix 2.6
206
the default protocol is 2.
202
207
.IP "\fBmilter_default_action (tempfail)\fR"
203
208
The default action when a Milter (mail filter) application is
204
209
unavailable or mis-configured.
215
220
.IP "\fBmilter_content_timeout (300s)\fR"
216
221
The time limit for sending message content to a Milter (mail
217
222
filter) application, and for receiving the response.
218
.IP "\fBmilter_connect_macros (see postconf -n output)\fR"
223
.IP "\fBmilter_connect_macros (see 'postconf -d' output)\fR"
219
224
The macros that are sent to Milter (mail filter) applications
220
225
after completion of an SMTP connection.
221
.IP "\fBmilter_helo_macros (see postconf -n output)\fR"
226
.IP "\fBmilter_helo_macros (see 'postconf -d' output)\fR"
222
227
The macros that are sent to Milter (mail filter) applications
223
228
after the SMTP HELO or EHLO command.
224
.IP "\fBmilter_mail_macros (see postconf -n output)\fR"
229
.IP "\fBmilter_mail_macros (see 'postconf -d' output)\fR"
225
230
The macros that are sent to Milter (mail filter) applications
226
231
after the SMTP MAIL FROM command.
227
.IP "\fBmilter_rcpt_macros (see postconf -n output)\fR"
232
.IP "\fBmilter_rcpt_macros (see 'postconf -d' output)\fR"
228
233
The macros that are sent to Milter (mail filter) applications
229
234
after the SMTP RCPT TO command.
230
.IP "\fBmilter_data_macros (see postconf -n output)\fR"
235
.IP "\fBmilter_data_macros (see 'postconf -d' output)\fR"
231
236
The macros that are sent to version 4 or higher Milter (mail
232
237
filter) applications after the SMTP DATA command.
233
.IP "\fBmilter_unknown_command_macros (see postconf -n output)\fR"
238
.IP "\fBmilter_unknown_command_macros (see 'postconf -d' output)\fR"
234
239
The macros that are sent to version 3 or higher Milter (mail
235
240
filter) applications after an unknown SMTP command.
236
.IP "\fBmilter_end_of_header_macros (see postconf -n output)\fR"
241
.IP "\fBmilter_end_of_header_macros (see 'postconf -d' output)\fR"
237
242
The macros that are sent to Milter (mail filter) applications
238
243
after the end of the message header.
239
.IP "\fBmilter_end_of_data_macros (see postconf -n output)\fR"
244
.IP "\fBmilter_end_of_data_macros (see 'postconf -d' output)\fR"
240
245
The macros that are sent to Milter (mail filter) applications
241
246
after the message end-of-data.
242
247
.SH "GENERAL CONTENT INSPECTION CONTROLS"
333
338
The time limit for Postfix SMTP server write and read operations
334
339
during TLS startup and shutdown handshake procedures.
335
340
.IP "\fBsmtpd_tls_CAfile (empty)\fR"
336
The file with the certificate of the certification authority
337
(CA) that issued the Postfix SMTP server certificate.
338
.IP "\fBsmtpd_tls_CAfile (empty)\fR"
339
The file with the certificate of the certification authority
340
(CA) that issued the Postfix SMTP server certificate.
341
A file containing (PEM format) CA certificates of root CAs trusted
342
to sign either remote SMTP client certificates or intermediate CA
344
.IP "\fBsmtpd_tls_CApath (empty)\fR"
345
A directory containing (PEM format) CA certificates of root CAs
346
trusted to sign either remote SMTP client certificates or intermediate CA
341
348
.IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR"
342
349
Force the Postfix SMTP server to issue a TLS session id, even
343
350
when TLS session caching is turned off (smtpd_tls_session_cache_database
370
377
.IP "\fBsmtpd_tls_loglevel (0)\fR"
371
378
Enable additional Postfix SMTP server logging of TLS activity.
372
379
.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
373
The minimum TLS cipher grade that the Postfix SMTP server will
380
The minimum TLS cipher grade that the Postfix SMTP server
381
will use with mandatory TLS encryption.
376
382
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
377
383
Additional list of ciphers or cipher types to exclude from the
378
384
SMTP server cipher list at mandatory TLS security levels.
417
423
The message digest algorithm used to construct client-certificate
418
424
fingerprints for \fBcheck_ccert_access\fR and
419
425
\fBpermit_tls_clientcerts\fR.
427
Available in Postfix version 2.6 and later:
428
.IP "\fBsmtpd_tls_protocols (empty)\fR"
429
List of TLS protocols that the Postfix SMTP server will exclude
430
or include with opportunistic TLS encryption.
431
.IP "\fBsmtpd_tls_ciphers (export)\fR"
432
The minimum TLS cipher grade that the Postfix SMTP server
433
will use with opportunistic TLS encryption.
434
.IP "\fBsmtpd_tls_eccert_file (empty)\fR"
435
File with the Postfix SMTP server ECDSA certificate in PEM format.
436
.IP "\fBsmtpd_tls_eckey_file ($smtpd_tls_eccert_file)\fR"
437
File with the Postfix SMTP server ECDSA private key in PEM format.
438
.IP "\fBsmtpd_tls_eecdh_grade (see 'postconf -d' output)\fR"
439
The Postfix SMTP server security grade for ephemeral elliptic-curve
440
Diffie-Hellman (EECDH) key exchange.
441
.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
442
The elliptic curve used by the SMTP server for sensibly strong
443
ephemeral ECDH key exchange.
444
.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
445
The elliptic curve used by the SMTP server for maximally strong
446
ephemeral ECDH key exchange.
420
447
.SH "OBSOLETE STARTTLS CONTROLS"
591
618
.IP "\fBsmtpd_recipient_limit (1000)\fR"
592
619
The maximal number of recipients that the Postfix SMTP server
593
620
accepts per message delivery request.
594
.IP "\fBsmtpd_timeout (300s)\fR"
621
.IP "\fBsmtpd_timeout (normal: 300s, stress: 10s)\fR"
595
622
The time limit for sending a Postfix SMTP server response and for
596
623
receiving a remote SMTP client request.
597
624
.IP "\fBsmtpd_history_flush_threshold (100)\fR"
647
674
The number of errors a remote SMTP client is allowed to make without
648
675
delivering mail before the Postfix SMTP server slows down all its
650
.IP "\fBsmtpd_hard_error_limit (20)\fR"
677
.IP "\fBsmtpd_hard_error_limit (normal: 20, stress: 1)\fR"
651
678
The maximal number of errors a remote SMTP client is allowed to
652
679
make without delivering mail.
653
.IP "\fBsmtpd_junk_command_limit (100)\fR"
680
.IP "\fBsmtpd_junk_command_limit (normal: 100, stress: 1)\fR"
654
681
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
655
682
SMTP client can send before the Postfix SMTP server starts to
656
683
increment the error counter with each junk command.
769
796
The sender address to use in address verification probes; prior
770
797
to Postfix 2.5 the default was "postmaster".
771
798
.IP "\fBunverified_sender_reject_code (450)\fR"
772
The numerical Postfix SMTP server response code when a sender
799
The numerical Postfix SMTP server response code when a recipient
773
800
address is rejected by the reject_unverified_sender restriction.
774
801
.IP "\fBunverified_recipient_reject_code (450)\fR"
775
802
The numerical Postfix SMTP server response when a recipient address
776
803
is rejected by the reject_unverified_recipient restriction.
805
Available in Postfix version 2.6 and later:
806
.IP "\fBunverified_sender_defer_code (450)\fR"
807
The numerical Postfix SMTP server response code when a sender address
808
probe fails due to a temporary error condition.
809
.IP "\fBunverified_recipient_defer_code (450)\fR"
810
The numerical Postfix SMTP server response when a recipient address
811
probe fails due to a temporary error condition.
812
.IP "\fBunverified_sender_reject_reason (empty)\fR"
813
The Postfix SMTP server's reply when rejecting mail with
814
reject_unverified_sender.
815
.IP "\fBunverified_recipient_reject_reason (empty)\fR"
816
The Postfix SMTP server's reply when rejecting mail with
817
reject_unverified_recipient.
818
.IP "\fBunverified_sender_tempfail_action ($reject_tempfail_action)\fR"
819
The Postfix SMTP server's action when reject_unverified_sender
820
fails due to a temporary error condition.
821
.IP "\fBunverified_recipient_tempfail_action ($reject_tempfail_action)\fR"
822
The Postfix SMTP server's action when reject_unverified_recipient
823
fails due to a temporary error condition.
777
824
.SH "ACCESS CONTROL RESPONSES"
782
829
The following parameters control numerical SMTP reply codes
783
830
and/or text responses.
784
831
.IP "\fBaccess_map_reject_code (554)\fR"
785
The numerical Postfix SMTP server response code when a client
786
is rejected by an \fBaccess\fR(5) map restriction.
832
The numerical Postfix SMTP server response code for
833
an \fBaccess\fR(5) map "reject" action.
787
834
.IP "\fBdefer_code (450)\fR"
788
835
The numerical Postfix SMTP server response code when a remote SMTP
789
836
client request is rejected by the "defer" restriction.
833
880
.IP "\fBrbl_reply_maps (empty)\fR"
834
881
Optional lookup tables with RBL response templates.
883
Available in Postfix version 2.6 and later:
884
.IP "\fBaccess_map_defer_code (450)\fR"
885
The numerical Postfix SMTP server response code for
886
an \fBaccess\fR(5) map "defer" action, including "defer_if_permit"
887
or "defer_if_reject".
888
.IP "\fBreject_tempfail_action (defer_if_permit)\fR"
889
The Postfix SMTP server's action when a reject-type restriction
890
fails due to a temporary error condition.
891
.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR"
892
The Postfix SMTP server's action when reject_unknown_helo_hostname
893
fails due to an temporary error condition.
894
.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR"
895
The Postfix SMTP server's action when reject_unknown_sender_domain
896
or reject_unknown_recipient_domain fail due to a temporary error
835
898
.SH "MISCELLANEOUS CONTROLS"
885
948
.IP "\fBsyslog_facility (mail)\fR"
886
949
The syslog facility of Postfix logging.
887
.IP "\fBsyslog_name (postfix)\fR"
950
.IP "\fBsyslog_name (see 'postconf -d' output)\fR"
888
951
The mail system name that is prepended to the process name in syslog
889
952
records, so that "smtpd" becomes, for example, "postfix/smtpd".
added
removed
man/man8/smtpd.8
