175
182
<i>all-numerical</i>
176
183
An all-numerical result is treated as OK. This for-
177
mat is generated by address-based relay authoriza-
184
mat is generated by address-based relay authoriza-
178
185
tion schemes such as pop-before-smtp.
180
187
<b>REJECT ACTIONS</b>
181
Postfix version 2.3 and later support enhanced status
182
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified
183
at the beginning of the <i>text</i> below, Postfix inserts a
184
default enhanced status code of "5.7.1" in the case of
185
reject actions, and "4.7.1" in the case of defer actions.
188
Postfix version 2.3 and later support enhanced status
189
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified
190
at the beginning of the <i>text</i> below, Postfix inserts a
191
default enhanced status code of "5.7.1" in the case of
192
reject actions, and "4.7.1" in the case of defer actions.
186
193
See "ENHANCED STATUS CODES" below.
188
195
<b>4</b><i>NN text</i>
190
197
<b>5</b><i>NN text</i>
191
Reject the address etc. that matches the pattern,
198
Reject the address etc. that matches the pattern,
192
199
and respond with the numerical three-digit code and
193
text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
200
text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
194
201
"do not try again".
196
The following responses have special meaning for
203
The following responses have special meaning for
197
204
the Postfix SMTP server:
199
206
<b>421</b> <i>text</i> (Postfix 2.3 and later)
201
208
<b>521</b> <i>text</i> (Postfix 2.6 and later)
202
After responding with the numerical three-
203
digit code and text, disconnect immediately
204
from the SMTP client. This frees up SMTP
205
server resources so that they can be made
209
After responding with the numerical three-
210
digit code and text, disconnect immediately
211
from the SMTP client. This frees up SMTP
212
server resources so that they can be made
206
213
available to another SMTP client.
208
215
Note: The "521" response should be used only
209
with botnets and other malware where inter-
216
with botnets and other malware where inter-
210
217
operability is of no concern. The "send 521
211
and disconnect" behavior is NOT defined in
218
and disconnect" behavior is NOT defined in
212
219
the SMTP standard.
214
221
<b>REJECT</b> <i>optional text...</i>
215
Reject the address etc. that matches the pattern.
216
Reply with "<b>$<a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a></b> <i>optional</i>
217
<i>text...</i>" when the optional text is specified, oth-
222
Reject the address etc. that matches the pattern.
223
Reply with "<b>$<a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a></b> <i>optional</i>
224
<i>text...</i>" when the optional text is specified, oth-
218
225
erwise reply with a generic error response message.
220
227
<b>DEFER</b> <i>optional text...</i>
221
Reject the address etc. that matches the pattern.
222
Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a></b> <i>optional</i>
223
<i>text...</i>" when the optional text is specified, oth-
228
Reject the address etc. that matches the pattern.
229
Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a></b> <i>optional</i>
230
<i>text...</i>" when the optional text is specified, oth-
224
231
erwise reply with a generic error response message.
226
233
This feature is available in Postfix 2.6 and later.
228
235
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
229
Defer the request if some later restriction would
230
result in a REJECT action. Reply with
231
"<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>"
232
when the optional text is specified, otherwise
236
Defer the request if some later restriction would
237
result in a REJECT action. Reply with
238
"<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>"
239
when the optional text is specified, otherwise
233
240
reply with a generic error response message.
235
242
Prior to Postfix 2.6, the SMTP reply code is 450.
253
260
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
255
262
<b>BCC</b> <i>user@domain</i>
256
Send one copy of the message to the specified
263
Send one copy of the message to the specified
259
If multiple BCC actions are specified within the
260
same SMTP MAIL transaction, only the last action
266
If multiple BCC actions are specified within the
267
same SMTP MAIL transaction, only the last action
263
This feature is not part of the stable Postfix
270
This feature is not part of the stable Postfix
266
273
<b>DISCARD</b> <i>optional text...</i>
267
Claim successful delivery and silently discard the
268
message. Log the optional text if specified, oth-
274
Claim successful delivery and silently discard the
275
message. Log the optional text if specified, oth-
269
276
erwise log a generic message.
271
Note: this action currently affects all recipients
272
of the message. To discard only one recipient
273
without discarding the entire message, use the
278
Note: this action currently affects all recipients
279
of the message. To discard only one recipient
280
without discarding the entire message, use the
274
281
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
277
284
This feature is available in Postfix 2.0 and later.
279
<b>DUNNO</b> Pretend that the lookup key was not found. This
280
prevents Postfix from trying substrings of the
281
lookup key (such as a subdomain name, or a network
286
<b>DUNNO</b> Pretend that the lookup key was not found. This
287
prevents Postfix from trying substrings of the
288
lookup key (such as a subdomain name, or a network
282
289
address subnetwork).
284
291
This feature is available in Postfix 2.0 and later.
286
293
<b>FILTER</b> <i>transport:destination</i>
287
After the message is queued, send the entire mes-
294
After the message is queued, send the entire mes-
288
295
sage through the specified external content filter.
289
The <i>transport</i> name specifies the first field of a
290
mail delivery agent definition in <a href="master.5.html">master.cf</a>; the
291
syntax of the next-hop <i>destination</i> is described in
296
The <i>transport</i> name specifies the first field of a
297
mail delivery agent definition in <a href="master.5.html">master.cf</a>; the
298
syntax of the next-hop <i>destination</i> is described in
292
299
the manual page of the corresponding delivery
293
agent. More information about external content
300
agent. More information about external content
294
301
filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
296
Note 1: do not use $<i>number</i> regular expression sub-
297
stitutions for <i>transport</i> or <i>destination</i> unless you
303
Note 1: do not use $<i>number</i> regular expression sub-
304
stitutions for <i>transport</i> or <i>destination</i> unless you
298
305
know that the information has a trusted origin.
300
Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">con</a>-</b>
301
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
302
the message. In the case that multiple <b>FILTER</b>
307
Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">con</a>-</b>
308
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
309
the message. In the case that multiple <b>FILTER</b>
303
310
actions fire, only the last one is executed.
305
Note 3: the purpose of the FILTER command is to
306
override message routing. To override the recipi-
307
ent's <i>transport</i> but not the next-hop <i>destination</i>,
308
specify an empty filter <i>destination</i> (Postfix 2.7
312
Note 3: the purpose of the FILTER command is to
313
override message routing. To override the recipi-
314
ent's <i>transport</i> but not the next-hop <i>destination</i>,
315
specify an empty filter <i>destination</i> (Postfix 2.7
309
316
and later), or specify a <i>transport:destination</i> that
310
delivers through a different Postfix instance
311
(Postfix 2.6 and earlier). Other options are using
312
the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen-
317
delivers through a different Postfix instance
318
(Postfix 2.6 and earlier). Other options are using
319
the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen-
313
320
der-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b>
314
321
<b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features.
316
323
This feature is available in Postfix 2.0 and later.
318
325
<b>HOLD</b> <i>optional text...</i>
319
Place the message on the <b>hold</b> queue, where it will
320
sit until someone either deletes it or releases it
321
for delivery. Log the optional text if specified,
326
Place the message on the <b>hold</b> queue, where it will
327
sit until someone either deletes it or releases it
328
for delivery. Log the optional text if specified,
322
329
otherwise log a generic message.
324
Mail that is placed on hold can be examined with
325
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
331
Mail that is placed on hold can be examined with
332
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
326
333
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
328
Note: use "<b>postsuper -r</b>" to release mail that was
329
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
335
Note: use "<b>postsuper -r</b>" to release mail that was
336
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
330
337
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
331
longer. Use "<b>postsuper -H</b>" only for mail that will
338
longer. Use "<b>postsuper -H</b>" only for mail that will
332
339
not expire within a few delivery attempts.
334
Note: this action currently affects all recipients
341
Note: this action currently affects all recipients
337
344
This feature is available in Postfix 2.0 and later.
339
346
<b>PREPEND</b> <i>headername: headervalue</i>
340
Prepend the specified message header to the mes-
341
sage. When more than one PREPEND action executes,
342
the first prepended header appears before the sec-
347
Prepend the specified message header to the mes-
348
sage. When more than one PREPEND action executes,
349
the first prepended header appears before the sec-
343
350
ond etc. prepended header.
345
Note: this action must execute before the message
346
content is received; it cannot execute in the con-
352
Note: this action must execute before the message
353
content is received; it cannot execute in the con-
347
354
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
349
356
This feature is available in Postfix 2.1 and later.
351
358
<b>REDIRECT</b> <i>user@domain</i>
352
After the message is queued, send the message to
359
After the message is queued, send the message to
353
360
the specified address instead of the intended
356
Note: this action overrides the FILTER action, and
363
Note: this action overrides the FILTER action, and
357
364
currently affects all recipients of the message.
359
366
This feature is available in Postfix 2.1 and later.
361
368
<b>WARN</b> <i>optional text...</i>
362
369
Log a warning with the optional text, together with
363
client information and if available, with helo,
370
client information and if available, with helo,
364
371
sender, recipient and protocol information.
366
373
This feature is available in Postfix 2.1 and later.
368
375
<b>ENHANCED STATUS CODES</b>
369
Postfix version 2.3 and later support enhanced status
370
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
371
code is specified in an access table, it is subject to
372
modification. The following transformations are needed
373
when the same access table is used for client, helo,
374
sender, or recipient access restrictions; they happen
376
Postfix version 2.3 and later support enhanced status
377
codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
378
code is specified in an access table, it is subject to
379
modification. The following transformations are needed
380
when the same access table is used for client, helo,
381
sender, or recipient access restrictions; they happen
375
382
regardless of whether Postfix replies to a MAIL FROM, RCPT
376
383
TO or other SMTP command.
378
<b>o</b> When a sender address matches a REJECT action, the
379
Postfix SMTP server will transform a recipient DSN
380
status (e.g., 4.1.1-4.1.6) into the corresponding
385
<b>o</b> When a sender address matches a REJECT action, the
386
Postfix SMTP server will transform a recipient DSN
387
status (e.g., 4.1.1-4.1.6) into the corresponding
381
388
sender DSN status, and vice versa.
383
<b>o</b> When non-address information matches a REJECT
384
action (such as the HELO command argument or the
385
client hostname/address), the Postfix SMTP server
386
will transform a sender or recipient DSN status
387
into a generic non-address DSN status (e.g.,
390
<b>o</b> When non-address information matches a REJECT
391
action (such as the HELO command argument or the
392
client hostname/address), the Postfix SMTP server
393
will transform a sender or recipient DSN status
394
into a generic non-address DSN status (e.g.,
390
397
<b>REGULAR EXPRESSION TABLES</b>
391
This section describes how the table lookups change when
398
This section describes how the table lookups change when
392
399
the table is given in the form of regular expressions. For
393
a description of regular expression lookup table syntax,
400
a description of regular expression lookup table syntax,
394
401
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
396
Each pattern is a regular expression that is applied to
403
Each pattern is a regular expression that is applied to
397
404
the entire string being looked up. Depending on the appli-
398
cation, that string is an entire client hostname, an
405
cation, that string is an entire client hostname, an
399
406
entire client IP address, or an entire mail address. Thus,
400
407
no parent domain or parent network search is done,
401
<i>user@domain</i> mail addresses are not broken up into their
408
<i>user@domain</i> mail addresses are not broken up into their
402
409
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
403
410
up into <i>user</i> and <i>foo</i>.
405
Patterns are applied in the order as specified in the ta-
406
ble, until a pattern is found that matches the search
412
Patterns are applied in the order as specified in the ta-
413
ble, until a pattern is found that matches the search
409
Actions are the same as with indexed file lookups, with
410
the additional feature that parenthesized substrings from
416
Actions are the same as with indexed file lookups, with
417
the additional feature that parenthesized substrings from
411
418
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
413
420
<b>TCP-BASED TABLES</b>
414
This section describes how the table lookups change when
421
This section describes how the table lookups change when
415
422
lookups are directed to a TCP-based server. For a descrip-
416
423
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
417
424
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
418
425
Postfix version 2.4.
420
Each lookup operation uses the entire query string once.
421
Depending on the application, that string is an entire
427
Each lookup operation uses the entire query string once.
428
Depending on the application, that string is an entire
422
429
client hostname, an entire client IP address, or an entire
423
mail address. Thus, no parent domain or parent network
424
search is done, <i>user@domain</i> mail addresses are not broken
425
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
430
mail address. Thus, no parent domain or parent network
431
search is done, <i>user@domain</i> mail addresses are not broken
432
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
426
433
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
428
435
Actions are the same as with indexed file lookups.
431
The following example uses an indexed file, so that the
432
order of table entries does not matter. The example per-
433
mits access by the client at address 1.2.3.4 but rejects
434
all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
435
tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
436
<b>-m</b>" to find out what lookup tables Postfix supports on
438
The following example uses an indexed file, so that the
439
order of table entries does not matter. The example per-
440
mits access by the client at address 1.2.3.4 but rejects
441
all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
442
tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
443
<b>-m</b>" to find out what lookup tables Postfix supports on
439
446
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
added
removed
html/access.5.html
