« back to all changes in this revision
Viewing changes to proto/postconf.proto
- browse files at revision 36
- compare with another revision
- download diff
- download tarball
- view history from revision 36
- Committer: Bazaar Package Importer
- Author(s): LaMont Jones
- Date: 2011-02-22 11:20:43 UTC
- mfrom: (1.1.27 upstream)
- Revision ID: james.westby@ubuntu.com-20110222112043-c34ht219w3ybrilr
Tags: 2.8.0-2
* a little more lintian cleanup
* Fix missing format strings in smtp-sink.c
* Fix missing format strings in smtp-sink.c
- files added:
- README_FILES/POSTSCREEN_README
- debian/source
- src/dnsblog
- src/dnsblog/.indent.pro
- src/postscreen
- src/postscreen/.indent.pro
- src/tlsproxy
- src/tlsproxy/.indent.pro
- files removed:
- src/util/upass_connect.c
- files modified:
- .indent.pro
added
removed
proto/postconf.proto
301
301
302
302
<p> This feature is available in Postfix 2.7. </p>
303
303
304
%PARAM address_verify_poll_count ${stress?1}${stress:3}
304
%PARAM address_verify_poll_count normal: 3, overload: 1
305
305
306
306
<p>
307
307
How many times to query the verify(8) service for the completion
310
310
311
311
<p> By default, the Postfix SMTP server polls the verify(8) service
312
312
up to three times under non-overload conditions, and only once when
313
under overload. With Postfix version 2.6 and earlier, the SMTP
313
under overload. With Postfix version 2.5 and earlier, the SMTP
314
314
server always polls the verify(8) service up to three times by
315
315
default. </p>
316
316
642
642
643
643
<p> Note: automatic BCC recipients are produced only for new mail.
644
644
To avoid mailer loops, automatic BCC recipients are not generated
645
for mail that Postfix forwards internally, nor for mail that Postfix
646
generates itself. </p>
645
after Postfix forwards mail internally, or after Postfix generates
646
mail itself. </p>
647
647
648
648
%PARAM berkeley_db_create_buffer_size 16777216
649
649
2183
2183
<p>
2184
2184
Optional shell program for local(8) delivery to non-Postfix command.
2185
2185
By default, non-Postfix commands are executed directly; commands
2186
are given to given to /bin/sh only when they contain shell meta
2187
characters or shell built-in commands. </p>
2186
are given to given to the default shell (typically, /bin/sh) only
2187
when they contain shell meta characters or shell built-in commands.
2188
</p>
2188
2189
2189
2190
<p> "sendmail's restricted shell" (smrsh) is what most people will
2190
2191
use in order to restrict what programs can be run from e.g. .forward
2200
2201
2201
2202
<pre>
2202
2203
local_command_shell = /some/where/smrsh -c
2204
local_command_shell = /bin/bash -c
2203
2205
</pre>
2204
2206
2205
2207
%PARAM local_destination_concurrency_limit 2
2594
2596
<p>
2595
2597
The numerical Postfix SMTP server response code when a remote SMTP
2596
2598
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
2597
reject_rhsbl_sender or reject_rhsbl_recipient restriction.
2599
reject_rhsbl_reverse_client, reject_rhsbl_sender or
2600
reject_rhsbl_recipient restriction.
2598
2601
</p>
2599
2602
2600
2603
<p>
2881
2884
2882
2885
<p>
2883
2886
The internet domain name of this mail system. The default is to
2884
use $myhostname minus the first component. $mydomain is used as
2887
use $myhostname minus the first component, or "localdomain" (Postfix
2888
2.3 and later). $mydomain is used as
2885
2889
a default value for many other configuration parameters.
2886
2890
</p>
2887
2891
2897
2901
2898
2902
<p>
2899
2903
The internet hostname of this mail system. The default is to use
2900
the fully-qualified domain name from gethostname(). $myhostname is
2901
used as a default value for many other configuration parameters.
2902
</p>
2904
the fully-qualified domain name (FQDN) from gethostname(), or to
2905
use the non-FQDN result from gethostname() and append ".$mydomain".
2906
$myhostname is used as a default value for many other configuration
2907
parameters. </p>
2903
2908
2904
2909
<p>
2905
2910
Example:
3373
3378
3374
3379
<p> Note: automatic BCC recipients are produced only for new mail.
3375
3380
To avoid mailer loops, automatic BCC recipients are not generated
3376
for mail that Postfix forwards internally, nor for mail that Postfix
3377
generates itself. </p>
3381
after Postfix forwards mail internally, or after Postfix generates
3382
mail itself. </p>
3378
3383
3379
3384
<p>
3380
3385
Example:
3653
3658
3654
3659
<p> Note: automatic BCC recipients are produced only for new mail.
3655
3660
To avoid mailer loops, automatic BCC recipients are not generated
3656
for mail that Postfix forwards internally, nor for mail that Postfix
3657
generates itself. </p>
3661
after Postfix forwards mail internally, or after Postfix generates
3662
mail itself. </p>
3658
3663
3659
3664
<p>
3660
3665
Example:
4587
4592
%PARAM smtpd_client_event_limit_exceptions $mynetworks
4588
4593
4589
4594
<p>
4590
Clients that are excluded from connection count, connection rate,
4591
or SMTP request rate restrictions. See the mynetworks parameter
4595
Clients that are excluded from smtpd_client_*_count/rate_limit
4596
restrictions. See the mynetworks parameter
4592
4597
description for the parameter value syntax.
4593
4598
</p>
4594
4599
4855
4860
<dd> Permit the request when the remote SMTP client certificate is
4856
4861
verified successfully. This option must be used only if a special
4857
4862
CA issues the certificates and only this CA is listed as trusted
4858
CA, otherwise all clients with a recognized certificate would be
4859
allowed to relay. This feature is available with Postfix version 2.2.</dd>
4863
CA. Otherwise, clients with a third-party certificate would also
4864
be allowed to relay. Specify "tls_append_default_CA = no" when the
4865
trusted CA is specified with smtpd_tls_CAfile or smtpd_tls_CApath,
4866
to prevent Postfix from appending the system-supplied default CAs.
4867
This feature is available with Postfix version 2.2.</dd>
4860
4868
4861
4869
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
4862
4870
4871
4879
4872
4880
<dd>Reject the request when the reversed client network address is
4873
4881
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
4874
(Postfix version 2.1 and later only). If no "<i>=d.d.d.d</i>" is
4875
specified, reject the request when the reversed client network
4876
address is listed with any A record under <i>rbl_domain</i>. <br>
4882
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
4883
or a pattern inside "[]" that contains one or more ";"-separated
4884
numbers or number..number ranges (Postfix version 2.8 and later).
4885
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
4886
reversed client network address is listed with any A record under
4887
<i>rbl_domain</i>. <br>
4877
4888
The maps_rbl_reject_code parameter specifies the response code for
4878
4889
rejected requests (default: 554), the default_rbl_reply parameter
4879
4890
specifies the default server reply, and the rbl_reply_maps parameter
4880
4891
specifies tables with server replies indexed by <i>rbl_domain</i>.
4881
4892
This feature is available in Postfix 2.0 and later. </dd>
4882
4893
4894
<dt><b><a name="permit_dnswl_client">permit_dnswl_client <i>dnswl_domain=d.d.d.d</i></a></b></dt>
4895
4896
<dd>Accept the request when the reversed client network address is
4897
listed with the A record "<i>d.d.d.d</i>" under <i>dnswl_domain</i>.
4898
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
4899
one or more ";"-separated numbers or number..number ranges.
4900
If no "<i>=d.d.d.d</i>" is specified, accept the request when the
4901
reversed client network address is listed with any A record under
4902
<i>dnswl_domain</i>. <br> For safety, permit_dnswl_client is silently
4903
ignored when it would override reject_unauth_destination. The
4904
result is DEFER_IF_REJECT when whitelist lookup fails. This feature
4905
is available in Postfix 2.8 and later. </dd>
4906
4883
4907
<dt><b><a name="reject_rhsbl_client">reject_rhsbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
4884
4908
4885
4909
<dd>Reject the request when the client hostname is listed with the
4886
4910
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
4887
2.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject
4888
the request when the client hostname is listed with
4911
2.1 and later only). Each "<i>d</i>" is a number, or a pattern
4912
inside "[]" that contains one or more ";"-separated numbers or
4913
number..number ranges (Postfix version 2.8 and later). If no
4914
"<i>=d.d.d.d</i>" is specified, reject the request when the client
4915
hostname is listed with
4889
4916
any A record under <i>rbl_domain</i>. See the reject_rbl_client
4890
4917
description above for additional RBL related configuration parameters.
4891
This feature is available in Postfix 2.0 and later. </dd>
4918
This feature is available in Postfix 2.0 and later; with Postfix
4919
version 2.8 and later, reject_rhsbl_reverse_client will usually
4920
produce better results. </dd>
4921
4922
<dt><b><a name="permit_rhswl_client">permit_rhswl_client <i>rhswl_domain=d.d.d.d</i></a></b></dt>
4923
4924
<dd>Accept the request when the client hostname is listed with the
4925
A record "<i>d.d.d.d</i>" under <i>rhswl_domain</i>. Each "<i>d</i>"
4926
is a number, or a pattern inside "[]" that contains one or more
4927
";"-separated numbers or number..number ranges. If no
4928
"<i>=d.d.d.d</i>" is specified, accept the request when the client
4929
hostname is listed with any A record under <i>rhswl_domain</i>.
4930
<br> Caution: client name whitelisting is fragile, since the client
4931
name lookup can fail due to temporary outages. Client name
4932
whitelisting should be used only to reduce false positives in e.g.
4933
DNS-based blocklists, and not for making access rule exceptions.
4934
<br> For safety, permit_rhswl_client is silently ignored when it
4935
would override reject_unauth_destination. The result is DEFER_IF_REJECT
4936
when whitelist lookup fails. This feature is available in Postfix
4937
2.8 and later. </dd>
4938
4939
<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
4940
4941
<dd>Reject the request when the unverified reverse client hostname
4942
is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
4943
Each "<i>d</i>" is a number, or a pattern inside "[]" that contains
4944
one or more ";"-separated numbers or number..number ranges.
4945
If no "<i>=d.d.d.d</i>" is specified, reject the request when the
4946
unverified reverse client hostname is listed with any A record under
4947
<i>rbl_domain</i>. See the reject_rbl_client description above for
4948
additional RBL related configuration parameters. This feature is
4949
available in Postfix 2.8 and later. </dd>
4892
4950
4893
4951
<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt>
4894
4952
5122
5180
5123
5181
</ul>
5124
5182
5125
%PARAM smtpd_hard_error_limit normal: 20, stress: 1
5183
%PARAM smtpd_hard_error_limit normal: 20, overload: 1
5126
5184
5127
5185
<p>
5128
5186
The maximal number of errors a remote SMTP client is allowed to
5129
5187
make without delivering mail. The Postfix SMTP server disconnects
5130
5188
when the limit is exceeded. Normally the default limit is 20, but
5131
it changes under overload to just 1 with Postfix 2.6 and later.
5189
it changes under overload to just 1. With Postfix 2.5 and earlier,
5190
the SMTP server always allows up to 20 errors by default.
5191
5132
5192
</p>
5133
5193
5134
%PARAM smtpd_junk_command_limit normal: 100, stress: 1
5194
%PARAM smtpd_junk_command_limit normal: 100, overload: 1
5135
5195
5136
5196
<p>
5137
5197
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a remote
5140
5200
command count is reset after mail is delivered. See also the
5141
5201
smtpd_error_sleep_time and smtpd_soft_error_limit configuration
5142
5202
parameters. Normally the default limit is 100, but it changes under
5143
overload to just 1 with Postfix 2.6 and later.
5144
</p>
5203
overload to just 1. With Postfix 2.5 and earlier, the SMTP server
5204
always allows up to 100 junk commands by default. </p>
5145
5205
5146
5206
%PARAM smtpd_recipient_overshoot_limit 1000
5147
5207
5228
5288
%PARAM smtpd_forbidden_commands CONNECT, GET, POST
5229
5289
5230
5290
<p>
5231
List of commands that causes the Postfix SMTP server to immediately
5291
List of commands that cause the Postfix SMTP server to immediately
5232
5292
terminate the session with a 221 code. This can be used to disconnect
5233
5293
clients that obviously attempt to abuse the system. In addition to the
5234
5294
commands listed in this parameter, commands that follow the "Label:"
5268
5328
The default is to permit everything.
5269
5329
</p>
5270
5330
5331
<p> Note: specify "smtpd_helo_required = yes" to fully enforce this
5332
restriction (without "smtpd_helo_required = yes", a client can
5333
simply skip smtpd_helo_restrictions by not sending HELO or EHLO).
5334
</p>
5335
5271
5336
<p>
5272
5337
Specify a list of restrictions, separated by commas and/or whitespace.
5273
5338
Continue long lines by starting the next line with whitespace.
5286
5351
5287
5352
<dd>Search the specified access(5) database for the HELO or EHLO
5288
5353
hostname or parent domains, and execute the corresponding action.
5289
</dd>
5354
Note: specify "smtpd_helo_required = yes" to fully enforce this
5355
restriction (without "smtpd_helo_required = yes", a client can
5356
simply skip check_helo_access by not sending HELO or EHLO). </dd>
5290
5357
5291
5358
<dt><b><a name="check_helo_mx_access">check_helo_mx_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
5292
5359
5293
5360
<dd>Search the specified access(5) database for the MX hosts for
5294
5361
the HELO or EHLO hostname, and execute the corresponding action.
5295
Note: a result of "OK" is not allowed for safety reasons. Instead,
5296
use DUNNO in order to exclude specific hosts from blacklists. This
5297
feature is available in Postfix 2.1 and later. </dd>
5362
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
5363
use DUNNO in order to exclude specific hosts from blacklists. Note
5364
2: specify "smtpd_helo_required = yes" to fully enforce this
5365
restriction (without "smtpd_helo_required = yes", a client can
5366
simply skip check_helo_mx_access by not sending HELO or EHLO). This
5367
feature is available in Postfix 2.1 and later.
5368
</dd>
5298
5369
5299
5370
<dt><b><a name="check_helo_ns_access">check_helo_ns_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
5300
5371
5301
5372
<dd>Search the specified access(5) database for the DNS servers
5302
5373
for the HELO or EHLO hostname, and execute the corresponding action.
5303
Note: a result of "OK" is not allowed for safety reasons. Instead,
5304
use DUNNO in order to exclude specific hosts from blacklists. This
5305
feature is available in Postfix 2.1 and later. </dd>
5374
Note 1: a result of "OK" is not allowed for safety reasons. Instead,
5375
use DUNNO in order to exclude specific hosts from blacklists. Note
5376
2: specify "smtpd_helo_required = yes" to fully enforce this
5377
restriction (without "smtpd_helo_required = yes", a client can
5378
simply skip check_helo_ns_access by not sending HELO or EHLO). This
5379
feature is available in Postfix 2.1 and later.
5380
</dd>
5306
5381
5307
5382
<dt><b><a name="reject_invalid_helo_hostname">reject_invalid_helo_hostname</a></b> (with Postfix < 2.3: reject_invalid_hostname)</dt>
5308
5383
5309
5384
<dd>Reject the request when the HELO or EHLO hostname syntax is
5310
invalid. <br> The invalid_hostname_reject_code specifies the response
5311
code for rejected requests (default: 501).</dd>
5385
invalid. Note: specify "smtpd_helo_required = yes" to fully enforce
5386
this restriction (without "smtpd_helo_required = yes", a client can simply
5387
skip reject_invalid_helo_hostname by not sending HELO or EHLO).
5388
<br> The invalid_hostname_reject_code specifies the response code
5389
for rejected requests (default: 501).</dd>
5312
5390
5313
5391
<dt><b><a name="reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a></b> (with Postfix < 2.3: reject_non_fqdn_hostname)</dt>
5314
5392
5315
5393
<dd>Reject the request when the HELO or EHLO hostname is not in
5316
fully-qualified domain form, as required by the RFC. <br> The
5317
non_fqdn_reject_code parameter specifies the response code for
5394
fully-qualified domain form, as required by the RFC. Note: specify
5395
"smtpd_helo_required = yes" to fully enforce this restriction
5396
(without "smtpd_helo_required = yes", a client can simply skip
5397
reject_non_fqdn_helo_hostname by not sending HELO or EHLO). <br>
5398
The non_fqdn_reject_code parameter specifies the response code for
5318
5399
rejected requests (default: 504).</dd>
5319
5400
5320
5401
<dt><b><a name="reject_rhsbl_helo">reject_rhsbl_helo <i>rbl_domain=d.d.d.d</i></a></b></dt>
5321
5402
5322
5403
<dd>Reject the request when the HELO or EHLO hostname hostname is
5323
5404
listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>
5324
(Postfix version 2.1 and later only). If no "<i>=d.d.d.d</i>" is
5405
(Postfix version 2.1 and later only). Each "<i>d</i>" is a number,
5406
or a pattern inside "[]" that contains one or more ";"-separated
5407
numbers or number..number ranges (Postfix version 2.8 and later).
5408
If no "<i>=d.d.d.d</i>" is
5325
5409
specified, reject the request when the HELO or EHLO hostname is
5326
5410
listed with any A record under <i>rbl_domain</i>. See the
5327
5411
reject_rbl_client description for additional RBL related configuration
5328
parameters. This feature is available in Postfix 2.0 and later.
5329
</dd>
5412
parameters. Note: specify "smtpd_helo_required = yes" to fully
5413
enforce this restriction (without "smtpd_helo_required = yes", a
5414
client can simply skip reject_rhsbl_helo by not sending HELO or
5415
EHLO). This feature is available in Postfix 2.0
5416
and later. </dd>
5330
5417
5331
5418
<dt><b><a name="reject_unknown_helo_hostname">reject_unknown_helo_hostname</a></b> (with Postfix < 2.3: reject_unknown_hostname)</dt>
5332
5419
5335
5422
specifies the numerical response code for rejected requests (default:
5336
5423
450). <br> The unknown_helo_hostname_tempfail_action parameter
5337
5424
specifies the action after a temporary DNS error (default:
5338
defer_if_permit). </dd>
5425
defer_if_permit). Note: specify "smtpd_helo_required = yes" to fully
5426
enforce this restriction (without "smtpd_helo_required = yes", a
5427
client can simply skip reject_unknown_helo_hostname by not sending
5428
HELO or EHLO). </dd>
5339
5429
5340
5430
</dl>
5341
5431
5611
5701
5612
5702
<dd>Reject the request when the RCPT TO domain is listed with the
5613
5703
A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix version
5614
2.1 and later only). If no "<i>=d.d.d.d</i>" is specified, reject
5704
2.1 and later only). Each "<i>d</i>" is a number, or a pattern
5705
inside "[]" that contains one or more ";"-separated numbers or
5706
number..number ranges (Postfix version 2.8 and later). If no
5707
"<i>=d.d.d.d</i>" is specified, reject
5615
5708
the request when the RCPT TO domain is listed with
5616
5709
any A record under <i>rbl_domain</i>. <br> The maps_rbl_reject_code
5617
5710
parameter specifies the response code for rejected requests (default:
5986
6079
5987
6080
<dd>Reject the request when the MAIL FROM domain is listed with
5988
6081
the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i> (Postfix
5989
version 2.1 and later only). If no "<i>=d.d.d.d</i>" is specified,
6082
version 2.1 and later only). Each "<i>d</i>" is a number, or a
6083
pattern inside "[]" that contains one or more ";"-separated numbers
6084
or number..number ranges (Postfix version 2.8 and later). If no
6085
"<i>=d.d.d.d</i>" is specified,
5990
6086
reject the request when the MAIL FROM domain is
5991
6087
listed with any A record under <i>rbl_domain</i>. <br> The
5992
6088
maps_rbl_reject_code parameter specifies the response code for
6076
6172
check_sender_access hash:/etc/postfix/access
6077
6173
</pre>
6078
6174
6079
%PARAM smtpd_timeout normal: 300s, stress: 10s
6175
%PARAM smtpd_timeout normal: 300s, overload: 10s
6080
6176
6081
6177
<p>
6082
6178
The time limit for sending a Postfix SMTP server response and for
6083
6179
receiving a remote SMTP client request. Normally the default limit
6084
is 300s, but it changes under overload to just 10s with Postfix 2.6
6085
and later.
6180
is 300s, but it changes under overload to just 10s. With Postfix
6181
2.5 and earlier, the SMTP server always uses a time limit of 300s
6182
by default.
6086
6183
</p>
6087
6184
6088
6185
<p>
7765
7862
smtpd_client_restrictions, smtpd_helo_restrictions,
7766
7863
smtpd_sender_restrictions or smtpd_recipient_restrictions.
7767
7864
7865
<li>However, no recipient information is available in the case of
7866
multi-recipient mail. Acting on only one recipient would be misleading,
7867
because any decision will affect all recipients equally. Acting on
7868
all recipients would require a possibly very large amount of memory,
7869
and would also be misleading for the reasons mentioned before.
7870
7768
7871
</ul>
7769
7872
7770
7873
<p>
7786
7889
7787
7890
<p> This feature is available in Postfix 2.2 and later. </p>
7788
7891
7789
<p> See smtpd_data_restrictions for syntax details. </p>
7892
<p> See smtpd_data_restrictions for details and limitations. </p>
7790
7893
7791
7894
%PARAM smtpd_delay_reject yes
7792
7895
8047
8150
This feature is available in Postfix 2.1 and later.
8048
8151
</p>
8049
8152
8050
%PARAM undisclosed_recipients_header To: undisclosed-recipients:;
8153
%PARAM undisclosed_recipients_header see "postconf -d" output
8051
8154
8052
8155
<p>
8053
8156
Message header that the Postfix cleanup(8) server inserts when a
8054
message contains no To: or Cc: message header. With Postfix 2.4
8055
and later, specify an empty value to disable this feature. </p>
8157
message contains no To: or Cc: message header. With Postfix 2.8
8158
and later, the default value is empty. With Postfix 2.4-2.7,
8159
specify an empty value to disable this feature. </p>
8160
8161
<p> Example: </p>
8162
8163
<pre>
8164
# Default value before Postfix 2.8.
8165
# Note: the ":" and ";" are both required.
8166
undisclosed_recipients_header = To: undisclosed-recipients:;
8167
</pre>
8056
8168
8057
8169
%PARAM unknown_relay_recipient_reject_code 550
8058
8170
8648
8760
but it is best to include all the required certificates directly in the
8649
8761
server certificate file. </p>
8650
8762
8763
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
8764
appending the system-supplied default CAs and trusting third-party
8765
certificates. </p>
8766
8651
8767
<p> By default (see smtpd_tls_ask_ccert), client certificates are not
8652
8768
requested, and smtpd_tls_CAfile should remain empty. If you do make use
8653
8769
of client certificates, the distinguished names (DNs) of the certificate
8675
8791
smtpd_tls_CApath in chroot mode, this directory (or a copy) must be
8676
8792
inside the chroot jail. </p>
8677
8793
8794
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
8795
appending the system-supplied default CAs and trusting third-party
8796
certificates. </p>
8797
8678
8798
<p> By default (see smtpd_tls_ask_ccert), client certificates are
8679
8799
not requested, and smtpd_tls_CApath should remain empty. In contrast
8680
8800
to smtpd_tls_CAfile, DNs of certificate authorities installed
8952
9072
8953
9073
<p>This feature is available with Postfix version 2.2.</p>
8954
9074
8955
%PARAM smtpd_starttls_timeout 300s
9075
%PARAM smtpd_starttls_timeout see "postconf -d" output
8956
9076
8957
9077
<p> The time limit for Postfix SMTP server write and read operations
8958
during TLS startup and shutdown handshake procedures. </p>
9078
during TLS startup and shutdown handshake procedures. The current
9079
default value is stress-dependent. Before Postfix version 2.8, it
9080
was fixed at 300s. </p>
8959
9081
8960
9082
<p> This feature is available in Postfix 2.2 and later. </p>
8961
9083
9043
9165
but it is best to include all the required certificates directly in
9044
9166
$smtp_tls_cert_file. </p>
9045
9167
9168
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
9169
appending the system-supplied default CAs and trusting third-party
9170
certificates. </p>
9171
9046
9172
<p> Example: </p>
9047
9173
9048
9174
<pre>
9062
9188
<p> To use this option in chroot mode, this directory (or a copy)
9063
9189
must be inside the chroot jail. </p>
9064
9190
9191
<p> Specify "tls_append_default_CA = no" to prevent Postfix from
9192
appending the system-supplied default CAs and trusting third-party
9193
certificates. </p>
9194
9065
9195
<p> Example: </p>
9066
9196
9067
9197
<pre>
9351
9481
9352
9482
<p> This feature is available in Postfix 2.2 and later. </p>
9353
9483
9484
%PARAM tls_append_default_CA no
9485
9486
<p> Append the system-supplied default certificate authority
9487
certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
9488
The default is "no"; this prevents Postfix from trusting third-party
9489
certificates and giving them relay permission with
9490
permit_tls_all_clientcerts. </p>
9491
9492
<p> This feature is available in Postfix 2.4.15, 2.5.11, 2.6.8,
9493
2.7.2 and later versions. Specify "tls_append_default_CA = yes" for
9494
backwards compatibility, to avoid breaking certificate verification
9495
with sites that don't use permit_tls_all_clientcerts. </p>
9496
9354
9497
%PARAM tls_random_exchange_name see "postconf -d" output
9355
9498
9356
9499
<p> Name of the pseudo random number generator (PRNG) state file
11596
11739
<dl>
11597
11740
11598
11741
<dt><b>none</b></dt> <dd> Don't use EECDH. Ciphers based on EECDH key
11599
exchange will be disabled. This is the default in official Postfix
11600
releases (mail_version = major.minor.patchlevel). </dd>
11742
exchange will be disabled. This is the default in Postfix versions
11743
2.6 and 2.7. </dd>
11601
11744
11602
11745
<dt><b>strong</b></dt> <dd> Use EECDH with approximately 128
11603
11746
bits of security at a reasonable computational cost. This is the
11604
11747
current best-practice trade-off between security and computational
11605
efficiency. This is the default in Postfix snapshot releases
11606
(mail_version = major.minor-releasedate). </dd>
11748
efficiency. This is the default in Postfix version 2.8 and later.
11749
</dd>
11607
11750
11608
11751
<dt><b>ultra</b></dt> <dd> Use EECDH with approximately 192 bits of
11609
11752
security at computational cost that is approximately twice as high
12001
12144
name of the message delivery transport.
12002
12145
</p>
12003
12146
12147
<p> NOTE: with a non-zero _destination_rate_delay, specify a
12148
<i>transport</i>_destination_concurrency_failed_cohort_limit of 10
12149
or more to prevent Postfix from deferring all mail for the same
12150
destination after only one connection or handshake error. </p>
12151
12004
12152
<p> This feature is available in Postfix 2.5 and later. </p>
12005
12153
12006
12154
%PARAM transport_destination_rate_delay $default_destination_rate_delay
12449
12597
<p> This feature is available in Postfix 2.7, and as an optional
12450
12598
patch for Postfix 2.6. </p>
12451
12599
12600
%PARAM postscreen_cache_map btree:$data_directory/postscreen_cache
12601
12602
<p> Persistent storage for the postscreen(8) server decisions. </p>
12603
12604
<p> This feature is available in Postfix 2.8. </p>
12605
12606
%PARAM smtpd_service_name smtpd
12607
12608
<p> The internal service that postscreen(8) forwards allowed
12609
connections to. In a future version there may be different
12610
classes of SMTP service. </p>
12611
12612
<p> This feature is available in Postfix 2.8. </p>
12613
12614
%PARAM postscreen_post_queue_limit $default_process_limit
12615
12616
<p> The number of clients that can be waiting for service from a
12617
real SMTP server process. When this queue is full, all clients will
12618
receive a 421 reponse. </p>
12619
12620
<p> This feature is available in Postfix 2.8. </p>
12621
12622
%PARAM postscreen_pre_queue_limit $default_process_limit
12623
12624
<p> The number of non-whitelisted clients that can be waiting for
12625
a decision whether they will receive service from a real SMTP server
12626
process. When this queue is full, all non-whitelisted clients will
12627
receive a 421 reponse. </p>
12628
12629
<p> This feature is available in Postfix 2.8. </p>
12630
12631
%PARAM postscreen_greet_ttl 1d
12632
12633
<p> The amount of time that postscreen(8) will use the result from
12634
a successful PREGREET test. During this time, the client IP address
12635
is excluded from this test. The default is relatively short, because
12636
a good client can immediately talk to a real Postfix SMTP server. </p>
12637
12638
<p> Specify a non-zero time value (an integral value plus an optional
12639
one-letter suffix that specifies the time unit). Time units: s
12640
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
12641
12642
<p> This feature is available in Postfix 2.8. </p>
12643
12644
%PARAM postscreen_cache_retention_time 7d
12645
12646
<p> The amount of time that postscreen(8) will cache an expired
12647
temporary whitelist entry before it is removed. This prevents clients
12648
from being logged as "NEW" just because their cache entry expired
12649
an hour ago. It also prevents the cache from filling up with clients
12650
that passed some deep protocol test once and never came back. </p>
12651
12652
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
12653
(weeks). </p>
12654
12655
<p> This feature is available in Postfix 2.8. </p>
12656
12657
%PARAM postscreen_cache_cleanup_interval 12h
12658
12659
<p> The amount of time between postscreen(8) cache cleanup runs.
12660
Cache cleanup increases the load on the cache database and should
12661
therefore not be run frequently. This feature requires that the
12662
cache database supports the "delete" and "sequence" operators.
12663
Specify a zero interval to disable cache cleanup. </p>
12664
12665
<p> After each cache cleanup run, the postscreen(8) daemon logs the
12666
number of entries that were retained and dropped. A cleanup run is
12667
logged as "partial" when the daemon terminates early after "<b>postfix
12668
reload</b>", "<b>postfix stop</b>", or no requests for $max_idle
12669
seconds. </p>
12670
12671
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
12672
(weeks). </p>
12673
12674
<p> This feature is available in Postfix 2.8. </p>
12675
12676
%PARAM postscreen_greet_wait ${stress?2}${stress:6}s
12677
12678
<p> The amount of time that postscreen(8) will wait for an SMTP
12679
client to send a command before its turn, and for DNS blocklist
12680
lookup results to arrive (default: up to 2 seconds under stress,
12681
up to 6 seconds otherwise). <p>
12682
12683
<p> Specify a non-zero time value (an integral value plus an optional
12684
one-letter suffix that specifies the time unit). </p>
12685
12686
<p> Time units: s (seconds), m (minutes), h (hours), d (days), w
12687
(weeks). </p>
12688
12689
<p> This feature is available in Postfix 2.8. </p>
12690
12691
%PARAM postscreen_dnsbl_sites
12692
12693
<p>Optional list of DNS white/blacklist domains, filters and weight
12694
factors. When the list is non-empty, the dnsblog(8) daemon will
12695
query these domains with the IP addresses of remote SMTP clients,
12696
and postscreen(8) will update an SMTP client's DNSBL score with
12697
each non-error reply. </p>
12698
12699
<p> Caution: when postscreen rejects mail, it replies with the DNSBL
12700
domain name. Use the postscreen_dnsbl_reply_map feature to hide
12701
"password" information in DNSBL domain names. </p>
12702
12703
<p> When a client's score is equal to or greater than the threshold
12704
specified with postscreen_dnsbl_threshold, postscreen(8) can drop
12705
the connection with the SMTP client. </p>
12706
12707
<p> Specify a list of domain=filter*weight entries, separated by
12708
comma or whitespace. </p>
12709
12710
<ul>
12711
12712
<li> <p> When no "=filter" is specified, postscreen(8) will use any
12713
non-error DNSBL reply. Otherwise, postscreen(8) uses only DNSBL
12714
replies that match the filter. The filter has the form d.d.d.d,
12715
where each d is a number, or a pattern inside [] that contains one
12716
or more ";"-separated numbers or number..number ranges. </p>
12717
12718
<li> <p> When no "*weight" is specified, postscreen(8) increments
12719
the SMTP client's DNSBL score by 1. Otherwise, the weight must be
12720
an integral number, and postscreen(8) adds the specified weight to
12721
the SMTP client's DNSBL score. Specify a negative number for
12722
whitelisting. </p>
12723
12724
<li> <p> When one postscreen_dnsbl_sites entry produces multiple
12725
DNSBL responses, postscreen(8) applies the weight at most once.
12726
</p>
12727
12728
</ul>
12729
12730
<p> Examples: </p>
12731
12732
<p> To use example.com as a high-confidence blocklist, and to
12733
block mail with example.net and example.org only when both agree:
12734
</p>
12735
12736
<pre>
12737
postscreen_dnsbl_threshold = 2
12738
postscreen_dnsbl_sites = example.com*2, example.net, example.org
12739
</pre>
12740
12741
<p> To filter only DNSBL replies containing 127.0.0.4: </p>
12742
12743
<pre>
12744
postscreen_dnsbl_sites = example.com=127.0.0.4
12745
</pre>
12746
12747
<p> This feature is available in Postfix 2.8. </p>
12748
12749
%PARAM postscreen_dnsbl_action ignore
12750
12751
<p>The action that postscreen(8) takes when an SMTP client's combined
12752
DNSBL score is equal to or greater than a threshold (as defined
12753
with the postscreen_dnsbl_sites and postscreen_dnsbl_threshold
12754
parameters). Specify one of the following: </p>
12755
12756
<dl>
12757
12758
<dt> <b>ignore</b> (default) </dt>
12759
12760
<dd> Ignore the failure of this test. Allow other tests to complete.
12761
Repeat this test the next time the client connects.
12762
This option is useful for testing and collecting statistics
12763
without blocking mail. </dd>
12764
12765
<dt> <b>enforce</b> </dt>
12766
12767
<dd> Allow other tests to complete. Reject attempts to deliver mail
12768
with a 550 SMTP reply, and log the helo/sender/recipient information.
12769
Repeat this test the next time the client connects. </dd>
12770
12771
<dt> <b>drop</b> </dt>
12772
12773
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
12774
this test the next time the client connects. </dd>
12775
12776
</dl>
12777
12778
<p> This feature is available in Postfix 2.8. </p>
12779
12780
%PARAM postscreen_greet_action ignore
12781
12782
<p>The action that postscreen(8) takes when an SMTP client speaks
12783
before its turn within the time specified with the postscreen_greet_wait
12784
parameter. Specify one of the following: </p>
12785
12786
<dl>
12787
12788
<dt> <b>ignore</b> (default) </dt>
12789
12790
<dd> Ignore the failure of this test. Allow other tests to complete.
12791
Repeat this test the next time the client connects.
12792
This option is useful for testing and collecting statistics
12793
without blocking mail. </dd>
12794
12795
<dt> <b>enforce</b> </dt>
12796
12797
<dd> Allow other tests to complete. Reject attempts to deliver mail
12798
with a 550 SMTP reply, and log the helo/sender/recipient information.
12799
Repeat this test the next time the client connects. </dd>
12800
12801
<dt> <b>drop</b> </dt>
12802
12803
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
12804
this test the next time the client connects. </dd>
12805
12806
</dl>
12807
12808
<p> In either case, postscreen(8) will not whitelist the SMTP client
12809
IP address. </p>
12810
12811
<p> This feature is available in Postfix 2.8. </p>
12812
12813
#%PARAM postscreen_whitelist_networks $mynetworks
12814
#
12815
#<p> Network addresses that are permanently whitelisted, and that
12816
#will not be subjected to postscreen(8) checks. This parameter uses
12817
#the same address syntax as the mynetworks parameter. This feature
12818
#never uses the remote SMTP client hostname. </p>
12819
#
12820
#<p> This feature is available in Postfix 2.8. </p>
12821
#
12822
#%PARAM postscreen_blacklist_networks
12823
#
12824
#<p> Network addresses that are permanently blacklisted; see the
12825
#postscreen_blacklist_action parameter for possible actions. This
12826
#parameter uses the same address syntax as the mynetworks parameter.
12827
#The blacklist has higher precedence than whitelists. This feature
12828
#never uses the remote SMTP client hostname. </p>
12829
#
12830
#<p> This feature is available in Postfix 2.8. </p>
12831
12832
%PARAM postscreen_access_list permit_mynetworks
12833
12834
<p> Permanent white/blacklist for remote SMTP client IP addresses.
12835
postscreen(8) searches this list immediately after a remote SMTP
12836
client connects. Specify a comma- or whitespace-separated list of
12837
commands (in upper or lower case) or lookup tables. The search stops
12838
upon the first command that fires for the client IP address. </p>
12839
12840
<dl>
12841
12842
<dt> <b> permit_mynetworks </b> </dt> <dd> Whitelist the client and
12843
terminate the search if the client IP address matches $mynetworks.
12844
Do not subject the client to any before/after 220 greeting tests.
12845
Pass the connection immediately to a Postfix SMTP server process.
12846
</dd>
12847
12848
<dt> <b> type:table </b> </dt> <dd> Query the specified lookup
12849
table. Each table lookup result is an access list, except that
12850
access lists inside a table cannot specify type:table entries. <br>
12851
To discourage the use of hash, btree, etc. tables, there is no
12852
support for substring matching like smtpd(8). Use CIDR tables
12853
instead. </dd>
12854
12855
<dt> <b> permit </b> </dt> <dd> Whitelist the client and terminate
12856
the search. Do not subject the client to any before/after 220
12857
greeting tests. Pass the connection immediately to a Postfix SMTP
12858
server process. </dd>
12859
12860
<dt> <b> reject </b> </dt> <dd> Blacklist the client and terminate
12861
the search. Subject the client to the action configured with the
12862
postscreen_blacklist_action configuration parameter. </dd>
12863
12864
<dt> <b> dunno </b> </dt> <dd> All postscreen(8) access lists
12865
implicitly have this command at the end. <br> When <b> dunno </b>
12866
is executed inside a lookup table, return from the lookup table and
12867
evaluate the next command. <br> When <b> dunno </b> is executed
12868
outside a lookup table, terminate the search, and subject the client
12869
to the configured before/after 220 greeting tests. </dd>
12870
12871
</dl>
12872
12873
<p> Example: </p>
12874
12875
<pre>
12876
/etc/postfix/main.cf:
12877
postscreen_access_list = permit_mynetworks,
12878
cidr:/etc/postfix/postscreen_access.cidr
12879
</pre>
12880
12881
<pre>
12882
/etc/postfix/postscreen_access.cidr:
12883
# Rules are evaluated in the order as specified.
12884
# Blacklist 192.168.* except 192.168.0.1.
12885
192.168.0.1 dunno
12886
192.168.0.0/16 reject
12887
</pre>
12888
12889
<p> This feature is available in Postfix 2.8. </p>
12890
12891
%PARAM postscreen_greet_banner $smtpd_banner
12892
12893
<p> The <i>text</i> in the optional "220-<i>text</i>..." server
12894
response that
12895
postscreen(8) sends ahead of the real Postfix SMTP server's "220
12896
text..." response, in an attempt to confuse bad SMTP clients so
12897
that they speak before their turn (pre-greet). Specify an empty
12898
value to disable this feature. </p>
12899
12900
<p> This feature is available in Postfix 2.8. </p>
12901
12902
%PARAM postscreen_blacklist_action ignore
12903
12904
<p> The action that postscreen(8) takes when an SMTP client is
12905
permanently blacklisted with the postscreen_access_list parameter.
12906
Specify one of the following: </p>
12907
12908
<dl>
12909
12910
<dt> <b>ignore</b> (default) </dt>
12911
12912
<dd> Ignore this result. Allow other tests to complete. Repeat
12913
this test the next time the client connects.
12914
This option is useful for testing and collecting statistics
12915
without blocking mail. </dd>
12916
12917
<dt> <b>enforce</b> </dt>
12918
12919
<dd> Allow other tests to complete. Reject attempts to deliver mail
12920
with a 550 SMTP reply, and log the helo/sender/recipient information.
12921
Repeat this test the next time the client connects. </dd>
12922
12923
<dt> <b>drop</b> </dt>
12924
12925
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
12926
this test the next time the client connects. </dd>
12927
12928
</dl>
12929
12930
<p> This feature is available in Postfix 2.8. </p>
12931
12452
12932
%PARAM smtpd_command_filter
12453
12933
12454
12934
<p> A mechanism to transform commands from remote SMTP clients.
12463
12943
are removed. The result value is executed by the Postfix SMTP
12464
12944
server. </p>
12465
12945
12466
<p> Postfix already implements a number of workarounds for malformed
12467
client commands. </p>
12946
<p> There is no need to use smtpd_command_filter for the following
12947
cases: </p>
12468
12948
12469
12949
<ul>
12470
12950
12472
12952
"<i>user@ipaddress</i>". </p>
12473
12953
12474
12954
<li> <p> Postfix already accepts the correct form
12475
"<i>user@[ipaddress]</i>". </p>
12955
"<i>user@[ipaddress]</i>". Use virtual_alias_maps or canonical_maps
12956
to translate these into domain names if necessary. </p>
12476
12957
12477
<li> <p> Use "strict_rfc821_envelopes = no" to accept "<i>User Name
12478
<user@example.com></i>". Postfix will ignore the "User Name"
12479
part before delivering the mail. </p>
12958
<li> <p> Use "strict_rfc821_envelopes = no" to accept "RCPT TO:<<i>User
12959
Name <user@example.com>></i>". Postfix will ignore the "<i>User
12960
Name</i>" part and deliver to the <i><user@example.com></i> address.
12961
</p>
12480
12962
12481
12963
</ul>
12482
12964
12483
<p> Examples: </p>
12965
<p> Examples of problems that can be solved with the smtpd_command_filter
12966
feature: </p>
12484
12967
12485
12968
<pre>
12486
12969
/etc/postfix/main.cf:
12504
12987
/^RCPT\s+TO:\s*<'([^[:space:]]+)'>(.*)/ RCPT TO:<$1>$2
12505
12988
</pre>
12506
12989
12990
<pre>
12991
# Bounce-never mail sink. Use notify_classes=bounce,resource,software
12992
# to send bounced mail to the postmaster (with message body removed).
12993
/^(RCPT\s+TO:.*?)\bNOTIFY=\S+\b(.*)/ $1 NOTIFY=NEVER $2
12994
/^(RCPT\s+TO:.*)/ $1 NOTIFY=NEVER
12995
</pre>
12996
12507
12997
<p> This feature is available in Postfix 2.7. </p>
12508
12998
12509
12999
%PARAM smtp_reply_filter
12622
13112
12623
13113
<p> This feature is available in Postfix 2.7 and later. </p>
12624
13114
13115
%PARAM smtp_address_preference ipv6
13116
13117
<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
13118
SMTP client will try first, when a destination has IPv6 and IPv4
13119
addresses with equal MX preference. This feature has no effect
13120
unless the inet_protocols setting enables both IPv4 and IPv6. </p>
13121
13122
<p> This feature is available in Postfix 2.8 and later. </p>
13123
13124
%PARAM lmtp_address_preference ipv6
13125
13126
<p> The LMTP-specific version of the smtp_address_preference
13127
configuration parameter. See there for details. </p>
13128
13129
<p> This feature is available in Postfix 2.8 and later. </p>
13130
13131
%PARAM smtp_dns_resolver_options
13132
13133
<p> DNS Resolver options for the Postfix SMTP client. Specify zero
13134
or more of the following options, separated by comma or whitespace.
13135
Option names are case-sensitive. Some options refer to domain names
13136
that are specified in the file /etc/resolv.conf or equivalent. </p>
13137
13138
<dl>
13139
13140
<dt><b>res_defnames</b></dt>
13141
13142
<dd> Append the current domain name to single-component names (those
13143
that do not contain a "." character). This can produce incorrect
13144
results, and is the hard-coded behavior prior to Postfix 2.8. </dd>
13145
13146
<dt><b>res_dnsrch</b></dt>
13147
13148
<dd> Search for host names in the current domain and in parent
13149
domains. This can produce incorrect results and is therefore not
13150
recommended. </dd>
13151
13152
</dl>
13153
13154
<p> This feature is available in Postfix 2.8 and later. </p>
13155
13156
%PARAM lmtp_dns_resolver_options
13157
13158
<p> The LMTP-specific version of the smtp_dns_resolver_options
13159
configuration parameter. See there for details. </p>
13160
13161
<p> This feature is available in Postfix 2.8 and later. </p>
13162
13163
%PARAM postscreen_dnsbl_threshold 1
13164
13165
<p> The inclusive lower bound for blocking an SMTP client, based on
13166
its combined DNSBL score as defined with the postscreen_dnsbl_sites
13167
parameter. </p>
13168
13169
<p> This feature is available in Postfix 2.8. </p>
13170
13171
%PARAM postscreen_command_count_limit 20
13172
13173
<p> The limit on the total number of commands per SMTP session for
13174
postscreen(8)'s built-in SMTP protocol engine. This SMTP engine
13175
defers or rejects all attempts to deliver mail, therefore there is
13176
no need to enforce separate limits on the number of junk commands
13177
and error commands. </p>
13178
13179
<p> This feature is available in Postfix 2.8. </p>
13180
13181
%PARAM postscreen_command_time_limit ${stress?10}${stress:300}s
13182
13183
<p> The time limit to read an entire command line with postscreen(8)'s
13184
built-in SMTP protocol engine. </p>
13185
13186
<p> This feature is available in Postfix 2.8. </p>
13187
13188
%PARAM postscreen_dnsbl_ttl 1h
13189
13190
<p> The amount of time that postscreen(8) will use the result from
13191
a successful DNS blocklist test. During this time, the client IP address
13192
is excluded from this test. The default is relatively short, because a
13193
good client can immediately talk to a real Postfix SMTP server.
13194
</p>
13195
13196
<p> Specify a non-zero time value (an integral value plus an optional
13197
one-letter suffix that specifies the time unit). Time units: s
13198
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13199
13200
<p> This feature is available in Postfix 2.8. </p>
13201
13202
%PARAM postscreen_pipelining_action enforce
13203
13204
<p> The action that postscreen(8) takes when an SMTP client sends
13205
multiple commands instead of sending one command and waiting for
13206
the server to respond. Specify one of the following: </p>
13207
13208
<dl>
13209
13210
<dt> <b>ignore</b> </dt>
13211
13212
<dd> Ignore the failure of this test. Allow other tests to complete.
13213
Do <i>not</i> repeat this test before some the result from some
13214
other test expires.
13215
This option is useful for testing and collecting statistics
13216
without blocking mail permanently. </dd>
13217
13218
<dt> <b>enforce</b> </dt>
13219
13220
<dd> Allow other tests to complete. Reject attempts to deliver mail
13221
with a 550 SMTP reply, and log the helo/sender/recipient information.
13222
Repeat this test the next time the client connects. </dd>
13223
13224
<dt> <b>drop</b> </dt>
13225
13226
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
13227
this test the next time the client connects. </dd>
13228
13229
</dl>
13230
13231
<p> This feature is available in Postfix 2.8. </p>
13232
13233
%PARAM postscreen_pipelining_ttl 30d
13234
13235
<p> The amount of time that postscreen(8) will use the result from
13236
a successful "pipelining" SMTP protocol test. During this time, the
13237
client IP address is excluded from this test. The default is
13238
long because a good client must disconnect after it passes the test,
13239
before it can talk to a real Postfix SMTP server. </p>
13240
13241
<p> Specify a non-zero time value (an integral value plus an optional
13242
one-letter suffix that specifies the time unit). Time units: s
13243
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13244
13245
<p> This feature is available in Postfix 2.8. </p>
13246
13247
%PARAM postscreen_pipelining_enable no
13248
13249
<p> Enable "pipelining" SMTP protocol tests in the postscreen(8)
13250
server. These tests are expensive: a good client must disconnect
13251
after it passes the test, before it can talk to a real Postfix SMTP
13252
server. </p>
13253
13254
<p> This feature is available in Postfix 2.8. </p>
13255
13256
%PARAM postscreen_watchdog_timeout 10s
13257
13258
<p> How much time a postscreen(8) process may take to respond to
13259
an SMTP client command or to perform a cache operation before it
13260
is terminated by a built-in watchdog timer. This is a safety
13261
mechanism that prevents postscreen(8) from becoming non-responsive
13262
due to a bug in Postfix itself or in system software. To avoid
13263
false alarms and unnecessary cache corruption this limit cannot be
13264
set under 10s. </p>
13265
13266
<p> Specify a non-zero time value (an integral value plus an optional
13267
one-letter suffix that specifies the time unit). Time units: s
13268
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13269
13270
<p> This feature is available in Postfix 2.8. </p>
13271
13272
%PARAM postscreen_helo_required $smtpd_helo_required
13273
13274
<p> Require that a remote SMTP client sends HELO or EHLO before
13275
commencing a MAIL transaction. </p>
13276
13277
<p> This feature is available in Postfix 2.8. </p>
13278
13279
%PARAM postscreen_forbidden_commands $smtpd_forbidden_commands
13280
13281
<p> List of commands that the postscreen(8) server considers in
13282
violation of the SMTP protocol. See smtpd_forbidden_commands for
13283
syntax, and postscreen_non_smtp_command_action for possible actions.
13284
</p>
13285
13286
<p> This feature is available in Postfix 2.8. </p>
13287
13288
%PARAM postscreen_disable_vrfy_command $disable_vrfy_command
13289
13290
<p> Disable the SMTP VRFY command in the postscreen(8) daemon. See
13291
disable_vrfy_command for details. </p>
13292
13293
<p> This feature is available in Postfix 2.8. </p>
13294
13295
%PARAM postscreen_non_smtp_command_action drop
13296
13297
<p> The action that postscreen(8) takes when an SMTP client sends
13298
non-SMTP commands as specified with the postscreen_forbidden_commands
13299
parameter. Specify one of the following: </p>
13300
13301
<dl>
13302
13303
<dt> <b>ignore</b> </dt>
13304
13305
<dd> Ignore the failure of this test. Allow other tests to complete.
13306
Do <i>not</i> repeat this test before some the result from some
13307
other test expires.
13308
This option is useful for testing and collecting statistics
13309
without blocking mail permanently. </dd>
13310
13311
<dt> <b>enforce</b> </dt>
13312
13313
<dd> Allow other tests to complete. Reject attempts to deliver mail
13314
with a 550 SMTP reply, and log the helo/sender/recipient information.
13315
Repeat this test the next time the client connects. </dd>
13316
13317
<dt> <b>drop</b> </dt>
13318
13319
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
13320
this test the next time the client connects. This action is the
13321
same as with the Postfix SMTP server's smtpd_forbidden_commands
13322
feature. </dd>
13323
13324
</dl>
13325
13326
<p> This feature is available in Postfix 2.8. </p>
13327
13328
%PARAM postscreen_non_smtp_command_ttl 30d
13329
13330
<p> The amount of time that postscreen(8) will use the result from
13331
a successful "non_smtp_command" SMTP protocol test. During this
13332
time, the client IP address is excluded from this test. The default
13333
is long because a client must disconnect after it passes the test,
13334
before it can talk to a real Postfix SMTP server. </p>
13335
13336
<p> Specify a non-zero time value (an integral value plus an optional
13337
one-letter suffix that specifies the time unit). Time units: s
13338
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13339
13340
<p> This feature is available in Postfix 2.8. </p>
13341
13342
%PARAM postscreen_non_smtp_command_enable no
13343
13344
<p> Enable "non-SMTP command" tests in the postscreen(8) server. These
13345
tests are expensive: a client must disconnect after it passes the
13346
test, before it can talk to a real Postfix SMTP server. </p>
13347
13348
<p> This feature is available in Postfix 2.8. </p>
13349
13350
%PARAM postscreen_dnsbl_reply_map
13351
13352
<p> A mapping from actual DNSBL domain name which includes a secret
13353
password, to the DNSBL domain name that postscreen will reply with
13354
when it rejects mail. When no mapping is found, the actual DNSBL
13355
domain will be used. </p>
13356
13357
<p> For maximal stability it is best to use a file that is read
13358
into memory such as pcre:, regexp: or texthash: (texthash: is similar
13359
to hash:, except a) there is no need to run postmap(1) before the
13360
file can be used, and b) texthash: does not detect changes after
13361
the file is read). </p>
13362
13363
<p> Example: </p>
13364
13365
<pre>
13366
/etc/postfix/main.cf:
13367
postscreen_dnsbl_reply_map = texthash:/etc/postfix/dnsbl_reply
13368
</pre>
13369
13370
<pre>
13371
/etc/postfix/dnsbl_reply:
13372
secret.zen.spamhaus.org zen.spamhaus.org
13373
</pre>
13374
13375
<p> This feature is available in Postfix 2.8. </p>
13376
13377
%PARAM postscreen_bare_newline_action ignore
13378
13379
<p> The action that postscreen(8) takes when an SMTP client sends
13380
a bare newline character, that is, a newline not preceded by carriage
13381
return. Specify one of the following: </p>
13382
13383
<dl>
13384
13385
<dt> <b>ignore</b> </dt>
13386
13387
<dd> Ignore the failure of this test. Allow other tests to complete.
13388
Do <i>not</i> repeat this test before some the result from some
13389
other test expires.
13390
This option is useful for testing and collecting statistics
13391
without blocking mail permanently. </dd>
13392
13393
<dt> <b>enforce</b> </dt>
13394
13395
<dd> Allow other tests to complete. Reject attempts to deliver mail
13396
with a 550 SMTP reply, and log the helo/sender/recipient information.
13397
Repeat this test the next time the client connects. </dd>
13398
13399
<dt> <b>drop</b> </dt>
13400
13401
<dd> Drop the connection immediately with a 521 SMTP reply. Repeat
13402
this test the next time the client connects. </dd>
13403
13404
</dl>
13405
13406
<p> This feature is available in Postfix 2.8. </p>
13407
13408
%PARAM postscreen_bare_newline_ttl 30d
13409
13410
<p> The amount of time that postscreen(8) will use the result from
13411
a successful "bare newline" SMTP protocol test. During this
13412
time, the client IP address is excluded from this test. The default
13413
is long because a client must disconnect after it passes the test,
13414
before it can talk to a real Postfix SMTP server. </p>
13415
13416
<p> Specify a non-zero time value (an integral value plus an optional
13417
one-letter suffix that specifies the time unit). Time units: s
13418
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13419
13420
<p> This feature is available in Postfix 2.8. </p>
13421
13422
%PARAM postscreen_bare_newline_enable no
13423
13424
<p> Enable "bare newline" SMTP protocol tests in the postscreen(8)
13425
server. These tests are expensive: a client must disconnect after
13426
it passes the test, before it can talk to a real Postfix SMTP server.
13427
</p>
13428
13429
<p> This feature is available in Postfix 2.8. </p>
13430
13431
%PARAM postscreen_client_connection_count_limit $smtpd_client_connection_count_limit
13432
13433
<p> How many simultaneous connections any client is allowed to have
13434
with the postscreen(8) daemon. By default, this limit is the same
13435
as with the Postfix SMTP server. Note that the triage process can
13436
take several seconds, with the time spent in postscreen_greet_wait
13437
delay, and with the time spent talking to the postscreen(8) built-in
13438
dummy SMTP protocol engine. </p>
13439
13440
<p> This feature is available in Postfix 2.8. </p>
13441
13442
%PARAM dnsblog_reply_delay 0s
13443
13444
<p> A debugging aid to artifically delay DNS responses. </p>
13445
13446
<p> This feature is available in Postfix 2.8. </p>
13447
13448
%PARAM reset_owner_alias no
13449
13450
<p> Reset the local(8) delivery agent's idea of the owner-alias
13451
attribute, when delivering mail to a child alias that does not have
13452
its own owner alias. </p>
13453
13454
<p> This feature is available in Postfix 2.8 and later. With older
13455
Postfix releases, the behavior is as if this parameter is set to
13456
"yes". </p>
13457
13458
<p> As documented in aliases(5), when an alias <i>name</i> has a
13459
companion alias named owner-<i>name</i>, delivery errors will be
13460
reported to the owner alias instead of the sender. This configuration
13461
is recommended for mailing lists. <p>
13462
13463
<p> A less known property of the owner alias is that it also forces
13464
the local(8) delivery agent to write local and remote addresses
13465
from alias expansion to a new queue file, instead of attempting to
13466
deliver mail to local addresses as soon as they come out of alias
13467
expansion. </p>
13468
13469
<p> Writing local addresses from alias expansion to a new queue
13470
file allows for robust handling of temporary delivery errors: errors
13471
with one local member have no effect on deliveries to other members
13472
of the list. On the other hand, delivery to local addresses as
13473
soon as they come out of alias expansion is fragile: a temporary
13474
error with one local address from alias expansion will cause the
13475
entire alias to be expanded repeatedly until the error goes away,
13476
or until the message expires in the queue. In that case, a problem
13477
with one list member results in multiple message deliveries to other
13478
list members. </p>
13479
13480
<p> The default behavior of Postfix 2.8 and later is to keep the
13481
owner-alias attribute of the parent alias, when delivering mail to
13482
a child alias that does not have its own owner alias. Then, local
13483
addresses from that child alias will be written to a new queue file,
13484
and a temporary error with one local address will not affect delivery
13485
to other mailing list members. </p>
13486
13487
<p> Unfortunately, older Postfix releases reset the owner-alias
13488
attribute when delivering mail to a child alias that does not have
13489
its own owner alias. The local(8) delivery agent then attempts to
13490
deliver local addresses as soon as they come out of child alias
13491
expansion. If delivery to any address from child alias expansion
13492
fails with a temporary error condition, the entire mailing list may
13493
be expanded repeatedly until the mail expires in the queue, resulting
13494
in multiple deliveries of the same message to mailing list members.
13495
</p>
13496
13497
%PARAM qmgr_ipc_timeout 60s
13498
13499
<p> The time limit for the queue manager to send or receive information
13500
over an internal communication channel. The purpose is to break
13501
out of deadlock situations. If the time limit is exceeded the
13502
software either retries or aborts the operation. </p>
13503
13504
<p>
13505
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
13506
The default time unit is s (seconds).
13507
</p>
13508
13509
%PARAM qmgr_daemon_timeout 1000s
13510
13511
<p> How much time a Postfix queue manager process may take to handle
13512
a request before it is terminated by a built-in watchdog timer.
13513
</p>
13514
13515
<p>
13516
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
13517
The default time unit is s (seconds).
13518
</p>
13519
13520
%PARAM tls_preempt_cipherlist no
13521
13522
<p> With SSLv3 and later, use the server's cipher preference order
13523
instead of the client's cipher preference order. </p>
13524
13525
<p> By default, the OpenSSL server selects the client's most preferred
13526
cipher that the server supports. With SSLv3 and later, the server may
13527
choose its own most preferred cipher that is supported (offered) by
13528
the client. Setting "tls_preempt_cipherlist = yes" enables server cipher
13529
preferences. </p>
13530
13531
<p> While server cipher selection may in some cases lead to a more secure
13532
or performant cipher choice, there is some risk of interoperability
13533
issues. In the past, some SSL clients have listed lower priority ciphers
13534
that they did not implement correctly. If the server chooses a cipher
13535
that the client prefers less, it may select a cipher whose client
13536
implementation is flawed. </p>
13537
13538
<p> This feature is available in Postfix 2.8 and later, in combination
13539
with OpenSSL 0.9.7 and later. </p>
13540
13541
%PARAM tls_disable_workarounds see "postconf -d" output
13542
13543
<p> List or bit-mask of OpenSSL bug work-arounds to disable. </p>
13544
13545
<p> The OpenSSL toolkit includes a set of work-arounds for buggy SSL/TLS
13546
implementations. Applications, such as Postfix, that want to maximize
13547
interoperability ask the OpenSSL library to enable the full set of
13548
recommended work-arounds. </p>
13549
13550
<p> From time to time, it is discovered that a work-around creates a
13551
security issue, and should no longer be used. If upgrading OpenSSL
13552
to a fixed version is not an option or an upgrade is not available
13553
in a timely manner, or in closed environments where no buggy clients
13554
or servers exist, it may be appropriate to disable some or all of the
13555
OpenSSL interoperability work-arounds. This parameter specifies which
13556
bug work-arounds to disable. </p>
13557
13558
<p> If the value of the parameter is a hexadecimal long integer starting
13559
with "0x", the bug work-arounds corresponding to the bits specified in
13560
its value are removed from the <b>SSL_OP_ALL</b> work-around bit-mask
13561
(see openssl/ssl.h and SSL_CTX_set_options(3)). You can specify more
13562
bits than are present in SSL_OP_ALL, excess bits are ignored. Specifying
13563
0xFFFFFFFF disables all bug-workarounds on a 32-bit system. This should
13564
also be sufficient on 64-bit systems, until OpenSSL abandons support
13565
for 32-bit systems and starts using the high 32 bits of a 64-bit
13566
bug-workaround mask. </p>
13567
13568
<p> Otherwise, the parameter is a white-space or comma separated list
13569
of specific named bug work-arounds chosen from the list below. It
13570
is possible that your OpenSSL version includes new bug work-arounds
13571
added after your Postfix source code was last updated, in that case
13572
you can only disable one of these via the hexadecimal syntax above. </p>
13573
13574
<dl>
13575
13576
<dt><b>MICROSOFT_SESS_ID_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
13577
13578
<dt><b>NETSCAPE_CHALLENGE_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
13579
13580
<dt><b>LEGACY_SERVER_CONNECT</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
13581
13582
<dt><b>NETSCAPE_REUSE_CIPHER_CHANGE_BUG</b></dt> <dd> also aliased
13583
as <b>CVE-2010-4180</b>. Postfix 2.8 disables this work-around by
13584
default with OpenSSL versions that may predate the fix. Fixed in
13585
OpenSSL 0.9.8q and OpenSSL 1.0.0c.</dd>
13586
13587
<dt><b>SSLREF2_REUSE_CERT_TYPE_BUG</b></dt> <dd>See
13588
SSL_CTX_set_options(3)</dd>
13589
13590
<dt><b>MICROSOFT_BIG_SSLV3_BUFFER</b></dt> <dd>See
13591
SSL_CTX_set_options(3)</dd>
13592
13593
<dt><b>MSIE_SSLV2_RSA_PADDING</b></dt> <dd> also aliased as
13594
<b>CVE-2005-2969</b>. Postfix 2.8 disables this work-around by
13595
default with OpenSSL versions that may predate the fix. Fixed in
13596
OpenSSL 0.9.7h and OpenSSL 0.9.8a.</dd>
13597
13598
<dt><b>SSLEAY_080_CLIENT_DH_BUG</b></dt> <dd>See
13599
SSL_CTX_set_options(3)</dd>
13600
13601
<dt><b>TLS_D5_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
13602
13603
<dt><b>TLS_BLOCK_PADDING_BUG</b></dt> <dd>See SSL_CTX_set_options(3)</dd>
13604
13605
<dt><b>TLS_ROLLBACK_BUG</b></dt> <dd>See SSL_CTX_set_options(3).
13606
This is disabled in OpenSSL 0.9.7 and later. Nobody should still
13607
be using 0.9.6! </dd>
13608
13609
<dt><b>DONT_INSERT_EMPTY_FRAGMENTS</b></dt> <dd>See
13610
SSL_CTX_set_options(3)</dd>
13611
13612
<dt><b>CRYPTOPRO_TLSEXT_BUG</b></dt> <dd>New with GOST support in
13613
OpenSSL 1.0.0.</dd>
13614
13615
</dl>
13616
13617
<p> This feature is available in Postfix 2.8 and later. </p>
13618
13619
%PARAM tlsproxy_watchdog_timeout 10s
13620
13621
<p> How much time a tlsproxy(8) process may take to process local
13622
or remote I/O before it is terminated by a built-in watchdog timer.
13623
This is a safety mechanism that prevents tlsproxy(8) from becoming
13624
non-responsive due to a bug in Postfix itself or in system software.
13625
To avoid false alarms and unnecessary cache corruption this limit
13626
cannot be set under 10s. </p>
13627
13628
<p> Specify a non-zero time value (an integral value plus an optional
13629
one-letter suffix that specifies the time unit). Time units: s
13630
(seconds), m (minutes), h (hours), d (days), w (weeks). </p>
13631
13632
<p> This feature is available in Postfix 2.8. </p>
13633
13634
%PARAM postscreen_discard_ehlo_keywords $smtpd_discard_ehlo_keywords
13635
13636
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
13637
auth, etc.) that the postscreen(8) server will not send in the EHLO
13638
response to a remote SMTP client. See smtpd_discard_ehlo_keywords
13639
for details. </p>
13640
13641
<p> This feature is available in Postfix 2.8 and later. </p>
13642
13643
%PARAM postscreen_discard_ehlo_keyword_address_maps $smtpd_discard_ehlo_keyword_address_maps
13644
13645
<p> Lookup tables, indexed by the remote SMTP client address, with
13646
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
13647
etc.) that the postscreen(8) server will not send in the EHLO response
13648
to a remote SMTP client. See smtpd_discard_ehlo_keywords for details.
13649
The table is not searched by hostname for robustness reasons. </p>
13650
13651
<p> This feature is available in Postfix 2.8 and later. </p>
13652
13653
%PARAM postscreen_use_tls $smtpd_use_tls
13654
13655
<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
13656
but do not require that clients use TLS encryption. </p>
13657
13658
<p> This feature is available in Postfix 2.8 and later.
13659
Preferably, use postscreen_tls_security_level instead. </p>
13660
13661
%PARAM postscreen_enforce_tls $smtpd_enforce_tls
13662
13663
<p> Mandatory TLS: announce STARTTLS support to SMTP clients, and
13664
require that clients use TLS encryption. See smtpd_postscreen_enforce_tls
13665
for details. </p>
13666
13667
<p> This feature is available in Postfix 2.8 and later.
13668
Preferably, use postscreen_tls_security_level instead. </p>
13669
13670
%PARAM postscreen_tls_security_level $smtpd_tls_security_level
13671
13672
<p> The SMTP TLS security level for the postscreen(8) server; when
13673
a non-empty value is specified, this overrides the obsolete parameters
13674
postscreen_use_tls and postscreen_enforce_tls. See smtpd_tls_security_level
13675
for details. </p>
13676
13677
<p> This feature is available in Postfix 2.8 and later. </p>
13678
13679
%PARAM tlsproxy_enforce_tls $smtpd_enforce_tls
13680
13681
<p> Mandatory TLS: announce STARTTLS support to SMTP clients, and
13682
require that clients use TLS encryption. See smtpd_enforce_tls for
13683
further details. </p>
13684
13685
<p> This feature is available in Postfix 2.8 and later. </p>
13686
13687
%PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile
13688
13689
<p> A file containing (PEM format) CA certificates of root CAs
13690
trusted to sign either remote SMTP client certificates or intermediate
13691
CA certificates. See smtpd_tls_CAfile for further details. </p>
13692
13693
<p> This feature is available in Postfix 2.8 and later. </p>
13694
13695
%PARAM tlsproxy_tls_CApath $smtpd_tls_CApath
13696
13697
<p> A directory containing (PEM format) CA certificates of root CAs
13698
trusted to sign either remote SMTP client certificates or intermediate
13699
CA certificates. See smtpd_tls_CApath for further details. </p>
13700
13701
<p> This feature is available in Postfix 2.8 and later. </p>
13702
13703
%PARAM tlsproxy_tls_always_issue_session_ids $smtpd_tls_always_issue_session_ids
13704
13705
<p> Force the Postfix tlsproxy(8) server to issue a TLS session id,
13706
even when TLS session caching is turned off. See
13707
smtpd_tls_always_issue_session_ids for further details. </p>
13708
13709
<p> This feature is available in Postfix 2.8 and later. </p>
13710
13711
%PARAM tlsproxy_tls_ask_ccert $smtpd_tls_ask_ccert
13712
13713
<p> Ask a remote SMTP client for a client certificate. See
13714
smtpd_tls_ask_ccert for further details. </p>
13715
13716
<p> This feature is available in Postfix 2.8 and later. </p>
13717
13718
%PARAM tlsproxy_tls_ccert_verifydepth $smtpd_tls_ccert_verifydepth
13719
13720
<p> The verification depth for remote SMTP client certificates. A
13721
depth of 1 is sufficient if the issuing CA is listed in a local CA
13722
file. See smtpd_tls_ccert_verifydepth for further details. </p>
13723
13724
<p> This feature is available in Postfix 2.8 and later. </p>
13725
13726
%PARAM tlsproxy_tls_cert_file $smtpd_tls_cert_file
13727
13728
<p> File with the Postfix tlsproxy(8) server RSA certificate in PEM
13729
format. This file may also contain the Postfix tlsproxy(8) server
13730
private RSA key. See smtpd_tls_cert_file for further details. </p>
13731
13732
<p> This feature is available in Postfix 2.8 and later. </p>
13733
13734
%PARAM tlsproxy_tls_ciphers $smtpd_tls_ciphers
13735
13736
<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server
13737
will use with opportunistic TLS encryption. See smtpd_tls_ciphers
13738
for further details. </p>
13739
13740
<p> This feature is available in Postfix 2.8 and later. </p>
13741
13742
%PARAM tlsproxy_tls_dcert_file $smtpd_tls_dcert_file
13743
13744
<p> File with the Postfix tlsproxy(8) server DSA certificate in PEM
13745
format. This file may also contain the Postfix tlsproxy(8) server
13746
private DSA key. See smtpd_tls_dcert_file for further details.
13747
</p>
13748
13749
<p> This feature is available in Postfix 2.8 and later. </p>
13750
13751
%PARAM tlsproxy_tls_dh1024_param_file $smtpd_tls_dh1024_param_file
13752
13753
<p> File with DH parameters that the Postfix tlsproxy(8) server
13754
should use with EDH ciphers. See smtpd_tls_dh1024_param_file for
13755
further details. </p>
13756
13757
<p> This feature is available in Postfix 2.8 and later. </p>
13758
13759
%PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file
13760
13761
<p> File with DH parameters that the Postfix tlsproxy(8) server
13762
should use with EDH ciphers. See smtpd_tls_dh512_param_file for
13763
further details. </p>
13764
13765
<p> This feature is available in Postfix 2.8 and later. </p>
13766
13767
%PARAM tlsproxy_tls_dkey_file $smtpd_tls_dkey_file
13768
13769
<p> File with the Postfix tlsproxy(8) server DSA private key in PEM
13770
format. This file may be combined with the Postfix tlsproxy(8)
13771
server DSA certificate file specified with $smtpd_tls_dcert_file.
13772
See smtpd_tls_dkey_file for further details. </p>
13773
13774
<p> This feature is available in Postfix 2.8 and later. </p>
13775
13776
%PARAM tlsproxy_tls_eccert_file $smtpd_tls_eccert_file
13777
13778
<p> File with the Postfix tlsproxy(8) server ECDSA certificate in
13779
PEM format. This file may also contain the Postfix tlsproxy(8)
13780
server private ECDSA key. See smtpd_tls_eccert_file for further
13781
details. </p>
13782
13783
<p> This feature is available in Postfix 2.8 and later. </p>
13784
13785
%PARAM tlsproxy_tls_eckey_file $smtpd_tls_eckey_file
13786
13787
<p> File with the Postfix tlsproxy(8) server ECDSA private key in
13788
PEM format. This file may be combined with the Postfix tlsproxy(8)
13789
server ECDSA certificate file specified with $smtpd_tls_eccert_file.
13790
See smtpd_tls_eckey_file for further details. </p>
13791
13792
<p> This feature is available in Postfix 2.8 and later. </p>
13793
13794
%PARAM tlsproxy_tls_eecdh_grade $smtpd_tls_eecdh_grade
13795
13796
<p> The Postfix tlsproxy(8) server security grade for ephemeral
13797
elliptic-curve Diffie-Hellman (EECDH) key exchange. See
13798
smtpd_tls_eecdh_grade for further details. </p>
13799
13800
<p> This feature is available in Postfix 2.8 and later. </p>
13801
13802
%PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers
13803
13804
<p> List of ciphers or cipher types to exclude from the tlsproxy(8)
13805
server cipher list at all TLS security levels. See
13806
smtpd_tls_exclude_ciphers for further details. </p>
13807
13808
<p> This feature is available in Postfix 2.8 and later. </p>
13809
13810
%PARAM tlsproxy_tls_fingerprint_digest $smtpd_tls_fingerprint_digest
13811
13812
<p> The message digest algorithm used to construct client-certificate
13813
fingerprints. See smtpd_tls_fingerprint_digest for further details.
13814
</p>
13815
13816
<p> This feature is available in Postfix 2.8 and later. </p>
13817
13818
%PARAM tlsproxy_tls_key_file $smtpd_tls_key_file
13819
13820
<p> File with the Postfix tlsproxy(8) server RSA private key in PEM
13821
format. This file may be combined with the Postfix tlsproxy(8)
13822
server RSA certificate file specified with $smtpd_tls_cert_file.
13823
See smtpd_tls_key_file for further details. </p>
13824
13825
<p> This feature is available in Postfix 2.8 and later. </p>
13826
13827
%PARAM tlsproxy_tls_loglevel $smtpd_tls_loglevel
13828
13829
<p> Enable additional Postfix tlsproxy(8) server logging of TLS
13830
activity. Each logging level also includes the information that
13831
is logged at a lower logging level. See smtpd_tls_loglevel for
13832
further details. </p>
13833
13834
<p> This feature is available in Postfix 2.8 and later. </p>
13835
13836
%PARAM tlsproxy_tls_mandatory_ciphers $smtpd_tls_mandatory_ciphers
13837
13838
<p> The minimum TLS cipher grade that the Postfix tlsproxy(8) server
13839
will use with mandatory TLS encryption. See smtpd_tls_mandatory_ciphers
13840
for further details. </p>
13841
13842
<p> This feature is available in Postfix 2.8 and later. </p>
13843
13844
%PARAM tlsproxy_tls_mandatory_exclude_ciphers $smtpd_tls_mandatory_exclude_ciphers
13845
13846
<p> Additional list of ciphers or cipher types to exclude from the
13847
tlsproxy(8) server cipher list at mandatory TLS security levels.
13848
See smtpd_tls_mandatory_exclude_ciphers for further details. </p>
13849
13850
<p> This feature is available in Postfix 2.8 and later. </p>
13851
13852
%PARAM tlsproxy_tls_mandatory_protocols $smtpd_tls_mandatory_protocols
13853
13854
<p> The SSL/TLS protocols accepted by the Postfix tlsproxy(8) server
13855
with mandatory TLS encryption. If the list is empty, the server
13856
supports all available SSL/TLS protocol versions. See
13857
smtpd_tls_mandatory_protocols for further details. </p>
13858
13859
<p> This feature is available in Postfix 2.8 and later. </p>
13860
13861
%PARAM tlsproxy_tls_protocols $smtpd_tls_protocols
13862
13863
<p> List of TLS protocols that the Postfix tlsproxy(8) server will
13864
exclude or include with opportunistic TLS encryption. See
13865
smtpd_tls_protocols for further details. </p>
13866
13867
<p> This feature is available in Postfix 2.8 and later. </p>
13868
13869
%PARAM tlsproxy_tls_req_ccert $smtpd_tls_req_ccert
13870
13871
<p> With mandatory TLS encryption, require a trusted remote SMTP
13872
client certificate in order to allow TLS connections to proceed.
13873
See smtpd_tls_req_ccert for further details. </p>
13874
13875
<p> This feature is available in Postfix 2.8 and later. </p>
13876
13877
%PARAM tlsproxy_tls_security_level $smtpd_tls_security_level
13878
13879
<p> The SMTP TLS security level for the Postfix tlsproxy(8) server;
13880
when a non-empty value is specified, this overrides the obsolete
13881
parameters smtpd_use_tls and smtpd_enforce_tls. See
13882
smtpd_tls_security_level for further details. </p>
13883
13884
<p> This feature is available in Postfix 2.8 and later. </p>
13885
13886
%PARAM tlsproxy_tls_session_cache_timeout $smtpd_tls_session_cache_timeout
13887
13888
<p> The expiration time of Postfix tlsproxy(8) server TLS session
13889
cache information. A cache cleanup is performed periodically every
13890
$smtpd_tls_session_cache_timeout seconds. See
13891
smtpd_tls_session_cache_timeout for further details. </p>
13892
13893
<p> This feature is available in Postfix 2.8 and later. </p>
13894
13895
%PARAM tlsproxy_use_tls $smtpd_use_tls
13896
13897
<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
13898
but do not require that clients use TLS encryption. See smtpd_use_tls
13899
for further details. </p>
13900
13901
<p> This feature is available in Postfix 2.8 and later. </p>
13902
13903
%PARAM smtpd_reject_footer
13904
13905
<p> Optional information that is appended after each SMTP server
13906
4XX or 5XX response. </p>
13907
13908
<p> Example: </p>
13909
13910
<pre>
13911
/etc/postfix/main.cf:
13912
smtpd_reject_footer = For assistance, call 800-555-0101.
13913
Please provide the following information in your problem report:
13914
time ($localtime), client ($client_address) and server
13915
($server_name).
13916
</pre>
13917
13918
<p> Server response: </p>
13919
13920
<pre>
13921
550-5.5.1 <user@example> Recipient address rejected: User unknown
13922
550 5.5.1 For assistance, call 800-555-0101. Please provide the
13923
following information in your problem report: time (Jan 4 15:42:00),
13924
client (192.168.1.248) and server (mail1.example.com).
13925
</pre>
13926
13927
<p> Note: the above text is meant to make it easier to find the
13928
Postfix logfile records for a failed SMTP session. The text itself
13929
is not logged to the Postfix SMTP server's maillog file. </p>
13930
13931
<p> Be sure to keep the text as short as possible. Long text may
13932
be truncated before it is logged to the remote SMTP client's maillog
13933
file, or before it is returned to the sender in a delivery status
13934
notification. </p>
13935
13936
<p> This feature supports a limited number of $name attributes in
13937
the footer text. These are replaced by their current value for the
13938
SMTP session: </p>
13939
13940
<dl>
13941
13942
<dt> <b>client_address</b> </dt> <dd> The Client IP address that
13943
is logged in the maillog file. </dd>
13944
13945
<dt> <b>client_port</b> </dt> <dd> The client TCP port that is
13946
logged in the maillog file. </dd>
13947
13948
<dt> <b>localtime</b> </dt> <dd> The server local time (Mmm dd
13949
hh:mm:ss) that is logged in the maillog file. </dd>
13950
13951
<dt> <b>server_name</b> </dt> <dd> The server's myhostname value.
13952
This attribute is made available for sites with multiple MTAs
13953
(perhaps behind a load-balancer), where the server name can help
13954
the server support team to quickly find the right log files. </dd>
13955
13956
</dl>
13957
13958
<p> Notes: </p>
13959
13960
<ul>
13961
13962
<li> <p> NOT SUPPORTED are other attributes such as sender, recipient,
13963
or main.cf parameters. </p>
13964
13965
<li> <p> For safety reasons, text that does not match
13966
$smtpd_expansion_filter is censored. </p>
13967
13968
</ul>
13969
13970
<p> This feature supports the two-character sequence \n as a request
13971
for a line break in the footer text. Postfix automatically inserts
13972
after each line break the three-digit SMTP reply code (and optional
13973
enhanced status code) from the original Postfix reject message.
13974
</p>
13975
13976
<p> This feature is available in Postfix 2.8 and later. </p>
13977
13978
%PARAM postscreen_expansion_filter see "postconf -d" output
13979
13980
<p> List of characters that are permitted in postscreen_reject_footer
13981
attribute expansions. See smtpd_expansion_filter for further
13982
details. </p>
13983
13984
<p> This feature is available in Postfix 2.8 and later. </p>
13985
13986
%PARAM postscreen_reject_footer $smtpd_reject_footer
13987
13988
<p> Optional information that is appended after a 4XX or 5XX server
13989
response. See smtpd_reject_footer for further details. </p>
13990
13991
<p> This feature is available in Postfix 2.8 and later. </p>
13992
13993
%PARAM postscreen_command_filter $smtpd_command_filter
13994
13995
<p> A mechanism to transform commands from remote SMTP clients.
13996
See smtpd_command_filter for further details. </p>
13997
13998
<p> This feature is available in Postfix 2.8 and later. </p>
13999
14000
%PARAM dnsblog_service_name dnsblog
14001
14002
<p> The name of the dnsblog(8) service entry in master.cf. This
14003
service performs DNS white/blacklist lookups. </p>
14004
14005
<p> This feature is available in Postfix 2.8 and later. </p>
14006
14007
%PARAM tlsproxy_service_name tlsproxy
14008
14009
<p> The name of the tlsproxy(8) service entry in master.cf. This
14010
service performs plaintext <=> TLS ciphertext conversion. <p>
14011
14012
<p> This feature is available in Postfix 2.8 and later. </p>
14013
Loggerhead is a web-based interface for Breezy
Version: 2.0.1