« back to all changes in this revision
Viewing changes to html/postscreen.8.html
- browse files at revision 37
- compare with another revision
- download diff
- download tarball
- view history from revision 37
- Committer: Bazaar Package Importer
- Author(s): LaMont Jones, Wietse Venema, Kees Cook
- Date: 2011-02-23 02:04:21 UTC
- mfrom: (1.1.28 upstream)
- Revision ID: james.westby@ubuntu.com-20110223020421-1hxhntwr0fvyzucd
[Wietse Venema]
* new upstream version
[Kees Cook]
* debian/init.d: fix relative path problem in CA bundle chroot copying.
Closes: #614748, #614750 LP: #723312
* new upstream version
[Kees Cook]
* debian/init.d: fix relative path problem in CA bundle chroot copying.
Closes: #614748, #614750 LP: #723312
- files modified:
- HISTORY
added
removed
html/postscreen.8.html
61
61
<a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
62
62
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
63
63
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
64
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
64
Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
65
65
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
66
66
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
67
67
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
76
76
Support for AUTH may be added in the future. In the mean
77
77
time, if you need to make these services available on port
78
78
25, then do not enable the optional "after 220 server
79
greeting" tests.
79
greeting" tests, and do not use DNSBLs that reject traffic
80
from dial-up and residential networks.
80
81
81
The optional "after 220 server greeting" tests involve
82
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
82
The optional "after 220 server greeting" tests involve
83
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
83
84
tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
84
rary whitelist but it cannot not hand off the "live" con-
85
nection to a Postfix SMTP server process in the middle of
86
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
87
deliver mail with a 4XX status, and waits for the client
88
to disconnect. The next time a good client connects, it
89
will be allowed to talk to a Postfix SMTP server process
90
to deliver mail. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
91
this limitation by giving such tests a long expiration
85
rary whitelist but it cannot not hand off the "live" con-
86
nection to a Postfix SMTP server process in the middle of
87
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
88
deliver mail with a 4XX status, and waits for the client
89
to disconnect. The next time a good client connects, it
90
will be allowed to talk to a Postfix SMTP server process
91
to deliver mail. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
92
this limitation by giving such tests a long expiration
92
93
time.
93
94
94
95
<b>CONFIGURATION PARAMETERS</b>
95
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
96
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for several hours. Use
96
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
97
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for several hours. Use
97
98
the command "postfix reload" after a configuration change.
98
99
99
The text below provides only a parameter summary. See
100
The text below provides only a parameter summary. See
100
101
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
101
102
102
103
NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-
103
dependent behavior. This is supported only when the
104
default parameter value is stress-dependent (that is, it
105
looks like ${stress?X}${stress:Y}, or it is the $<i>name</i> of
104
dependent behavior. This is supported only when the
105
default parameter value is stress-dependent (that is, it
106
looks like ${stress?X}${stress:Y}, or it is the $<i>name</i> of
106
107
an smtpd parameter with a stress-dependent default).
107
Other parameters always evaluate as if the <b>stress</b> parame-
108
Other parameters always evaluate as if the <b>stress</b> parame-
108
109
ter value is the empty string.
109
110
110
111
<b>COMPATIBILITY CONTROLS</b>
111
112
<b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
112
A mechanism to transform commands from remote SMTP
113
A mechanism to transform commands from remote SMTP
113
114
clients.
114
115
115
116
<b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
116
117
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
117
Lookup tables, indexed by the remote SMTP client
118
address, with case insensitive lists of EHLO key-
119
words (pipelining, starttls, auth, etc.) that the
120
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the EHLO
118
Lookup tables, indexed by the remote SMTP client
119
address, with case insensitive lists of EHLO key-
120
words (pipelining, starttls, auth, etc.) that the
121
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the EHLO
121
122
response to a remote SMTP client.
122
123
123
124
<b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
124
125
<b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
125
A case insensitive list of EHLO keywords (pipelin-
126
ing, starttls, auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
127
server will not send in the EHLO response to a
126
A case insensitive list of EHLO keywords (pipelin-
127
ing, starttls, auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
128
server will not send in the EHLO response to a
128
129
remote SMTP client.
129
130
130
131
<b>TROUBLE SHOOTING CONTROLS</b>
131
132
<b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
132
List of characters that are permitted in
133
List of characters that are permitted in
133
134
<a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.
134
135
135
136
<b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
136
Optional information that is appended after a 4XX
137
Optional information that is appended after a 4XX
137
138
or 5XX server response.
138
139
139
140
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
141
142
be returned to the sender.
142
143
143
144
<b>PERMANENT WHITE/BLACKLIST TEST</b>
144
This test is executed immediately after a remote SMTP
145
client connects. If a client is permanently whitelisted,
146
the client will be handed off immediately to a Postfix
145
This test is executed immediately after a remote SMTP
146
client connects. If a client is permanently whitelisted,
147
the client will be handed off immediately to a Postfix
147
148
SMTP server process.
148
149
149
150
<b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
151
152
addresses.
152
153
153
154
<b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
154
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
155
client is permanently blacklisted with the
155
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
156
client is permanently blacklisted with the
156
157
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
157
158
158
159
<b>BEFORE-GREETING TESTS</b>
159
These tests are executed before the remote SMTP client
160
These tests are executed before the remote SMTP client
160
161
receives the "220 servername" greeting. If no tests remain
161
after the successful completion of this phase, the client
162
will be handed off immediately to a Postfix SMTP server
162
after the successful completion of this phase, the client
163
will be handed off immediately to a Postfix SMTP server
163
164
process.
164
165
165
166
<b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
166
The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
167
The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
167
168
ter.cf.
168
169
169
170
<b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
170
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
171
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
171
172
client's combined DNSBL score is equal to or
172
greater than a threshold (as defined with the
173
greater than a threshold (as defined with the
173
174
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
174
175
<a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).
175
176
176
177
<b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
177
A mapping from actual DNSBL domain name which
178
includes a secret password, to the DNSBL domain
178
A mapping from actual DNSBL domain name which
179
includes a secret password, to the DNSBL domain
179
180
name that postscreen will reply with when it
180
181
rejects mail.
181
182
182
183
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
183
Optional list of DNS white/blacklist domains, fil-
184
Optional list of DNS white/blacklist domains, fil-
184
185
ters and weight factors.
185
186
186
187
<b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
187
The inclusive lower bound for blocking an SMTP
188
The inclusive lower bound for blocking an SMTP
188
189
client, based on its combined DNSBL score as
189
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
190
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
190
191
191
192
<b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
192
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
193
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
193
194
client speaks before its turn within the time spec-
194
195
ified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
195
196
197
198
The <i>text</i> in the optional "220-<i>text</i>..." server
198
199
response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
199
200
Postfix SMTP server's "220 text..." response, in an
200
attempt to confuse bad SMTP clients so that they
201
attempt to confuse bad SMTP clients so that they
201
202
speak before their turn (pre-greet).
202
203
203
204
<b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
204
205
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
205
an SMTP client to send a command before its turn,
206
and for DNS blocklist lookup results to arrive
207
(default: up to 2 seconds under stress, up to 6
206
an SMTP client to send a command before its turn,
207
and for DNS blocklist lookup results to arrive
208
(default: up to 2 seconds under stress, up to 6
208
209
seconds otherwise).
209
210
210
211
<b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
211
The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> forwards
212
The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> forwards
212
213
allowed connections to.
213
214
214
215
<b>AFTER-GREETING TESTS</b>
215
These tests are executed after the remote SMTP client
216
These tests are executed after the remote SMTP client
216
217
receives the "220 servername" greeting. If a client passes
217
all tests during this phase, it will receive a 4XX
218
response to RCPT TO commands until the client hangs up.
218
all tests during this phase, it will receive a 4XX
219
response to RCPT TO commands until the client hangs up.
219
220
After this, the client will be allowed to talk directly to
220
221
a Postfix SMTP server process.
221
222
222
223
<b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
223
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
224
client sends a bare newline character, that is, a
224
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
225
client sends a bare newline character, that is, a
225
226
newline not preceded by carriage return.
226
227
227
228
<b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
228
Enable "bare newline" SMTP protocol tests in the
229
Enable "bare newline" SMTP protocol tests in the
229
230
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
230
231
231
232
<b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
232
Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
233
Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
233
234
daemon.
234
235
235
236
<b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
237
238
siders in violation of the SMTP protocol.
238
239
239
240
<b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
240
Require that a remote SMTP client sends HELO or
241
Require that a remote SMTP client sends HELO or
241
242
EHLO before commencing a MAIL transaction.
242
243
243
244
<b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
244
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
245
client sends non-SMTP commands as specified with
245
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
246
client sends non-SMTP commands as specified with
246
247
the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.
247
248
248
249
<b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
249
Enable "non-SMTP command" tests in the
250
Enable "non-SMTP command" tests in the
250
251
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
251
252
252
253
<b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
253
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
254
client sends multiple commands instead of sending
255
one command and waiting for the server to respond.
254
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
255
client sends multiple commands instead of sending
256
one command and waiting for the server to respond.
256
257
257
258
<b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
258
Enable "pipelining" SMTP protocol tests in the
259
Enable "pipelining" SMTP protocol tests in the
259
260
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
260
261
261
262
<b>CACHE CONTROLS</b>
262
263
<b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
263
The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
264
The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
264
265
cleanup runs.
265
266
266
267
<b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (btree:$data_direc-</b>
267
268
<b>tory/postscreen_cache)</b>
268
Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
269
Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
269
270
decisions.
270
271
271
272
<b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
272
273
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
273
expired temporary whitelist entry before it is
274
expired temporary whitelist entry before it is
274
275
removed.
275
276
276
277
<b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
277
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
278
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
278
279
result from a successful "bare newline" SMTP proto-
279
280
col test.
280
281
281
282
<b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
282
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
283
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
283
284
result from a successful DNS blocklist test.
284
285
285
286
<b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
286
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
287
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
287
288
result from a successful PREGREET test.
288
289
289
290
<b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
290
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
291
result from a successful "non_smtp_command" SMTP
291
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
292
result from a successful "non_smtp_command" SMTP
292
293
protocol test.
293
294
294
295
<b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
295
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
296
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
296
297
result from a successful "pipelining" SMTP protocol
297
298
test.
298
299
299
300
<b>RESOURCE CONTROLS</b>
300
301
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
301
Upon input, long lines are chopped up into pieces
302
of at most this length; upon delivery, long lines
302
Upon input, long lines are chopped up into pieces
303
of at most this length; upon delivery, long lines
303
304
are reconstructed.
304
305
305
306
<b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
306
307
<b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
307
How many simultaneous connections any client is
308
How many simultaneous connections any client is
308
309
allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
309
310
310
311
<b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
311
The limit on the total number of commands per SMTP
312
session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
312
The limit on the total number of commands per SMTP
313
session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
313
314
engine.
314
315
315
316
<b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
316
The time limit to read an entire command line with
317
The time limit to read an entire command line with
317
318
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
318
319
319
320
<b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
320
The number of clients that can be waiting for ser-
321
The number of clients that can be waiting for ser-
321
322
vice from a real SMTP server process.
322
323
323
324
<b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
324
The number of non-whitelisted clients that can be
325
waiting for a decision whether they will receive
325
The number of non-whitelisted clients that can be
326
waiting for a decision whether they will receive
326
327
service from a real SMTP server process.
327
328
328
329
<b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
329
How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
330
respond to an SMTP client command or to perform a
330
How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
331
respond to an SMTP client command or to perform a
331
332
cache operation before it is terminated by a built-
332
333
in watchdog timer.
333
334
334
335
<b>STARTTLS CONTROLS</b>
335
336
<b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
336
The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
337
server; when a non-empty value is specified, this
337
The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
338
server; when a non-empty value is specified, this
338
339
overrides the obsolete parameters
339
340
<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
340
341
341
342
<b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
342
The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
343
The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
343
344
ter.cf.
344
345
345
346
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
346
These parameters are supported for compatibility with
347
These parameters are supported for compatibility with
347
348
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
348
349
349
350
<b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
350
Opportunistic TLS: announce STARTTLS support to
351
SMTP clients, but do not require that clients use
351
Opportunistic TLS: announce STARTTLS support to
352
SMTP clients, but do not require that clients use
352
353
TLS encryption.
353
354
354
355
<b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
355
Mandatory TLS: announce STARTTLS support to SMTP
356
clients, and require that clients use TLS encryp-
356
Mandatory TLS: announce STARTTLS support to SMTP
357
clients, and require that clients use TLS encryp-
357
358
tion.
358
359
359
360
<b>MISCELLANEOUS CONTROLS</b>
360
361
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
361
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
362
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
362
363
<a href="master.5.html">master.cf</a> configuration files.
363
364
364
365
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
365
The maximal number of digits after the decimal
366
The maximal number of digits after the decimal
366
367
point when logging sub-second delay values.
367
368
368
369
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
369
The location of all postfix administrative com-
370
The location of all postfix administrative com-
370
371
mands.
371
372
372
373
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
373
The maximum amount of time that an idle Postfix
374
daemon process waits for an incoming connection
374
The maximum amount of time that an idle Postfix
375
daemon process waits for an incoming connection
375
376
before terminating voluntarily.
376
377
377
378
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
378
The process ID of a Postfix command or daemon
379
The process ID of a Postfix command or daemon
379
380
process.
380
381
381
382
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
382
The process name of a Postfix command or daemon
383
The process name of a Postfix command or daemon
383
384
process.
384
385
385
386
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
386
387
The syslog facility of Postfix logging.
387
388
388
389
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
389
The mail system name that is prepended to the
390
process name in syslog records, so that "smtpd"
390
The mail system name that is prepended to the
391
process name in syslog records, so that "smtpd"
391
392
becomes, for example, "postfix/smtpd".
392
393
393
394
<b>SEE ALSO</b>
400
401
<a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto
401
402
402
403
<b>LICENSE</b>
403
The Secure Mailer license must be distributed with this
404
The Secure Mailer license must be distributed with this
404
405
software.
405
406
406
407
<b>HISTORY</b>
407
408
This service was introduced with Postfix version 2.8.
408
409
409
Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
410
by Michael Tokarev, in OpenBSD spamd, and in MailChannels
410
Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
411
by Michael Tokarev, in OpenBSD spamd, and in MailChannels
411
412
Traffic Control.
412
413
413
414
<b>AUTHOR(S)</b>
Loggerhead is a web-based interface for Breezy
Version: 2.0.1