78
73
Problems and transactions are logged to <b>syslogd</b>(8).
81
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently
82
does not announce support for AUTH, XCLIENT or XFORWARD.
83
If you need to make these services available on port 25,
84
then do not enable the optional "after 220 server greet-
85
ing" tests, and do not use DNSBLs that reject traffic from
86
dial-up and residential networks.
76
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently does not
77
announce support for AUTH, XCLIENT or XFORWARD. If you need to make
78
these services available on port 25, then do not enable the optional
79
"after 220 server greeting" tests, and do not use DNSBLs that reject
80
traffic from dial-up and residential networks.
88
The optional "after 220 server greeting" tests involve
89
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
90
tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
91
rary whitelist, but it cannot not hand off the "live" con-
92
nection to a Postfix SMTP server process in the middle of
93
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
94
deliver mail with a 4XX status, and waits for the client
95
to disconnect. When the client connects again,
96
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Postfix
97
SMTP server process (provided that the whitelist status
98
has not expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
99
this limitation by giving the "after 220 server greeting"
100
tests a long expiration time.
82
The optional "after 220 server greeting" tests involve <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
83
built-in SMTP protocol engine. When these tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
84
adds the client to the temporary whitelist, but it cannot not hand off
85
the "live" connection to a Postfix SMTP server process in the middle of
86
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with
87
a 4XX status, and waits for the client to disconnect. When the client
88
connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post-
89
fix SMTP server process (provided that the whitelist status has not
90
expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of this limitation by
91
giving the "after 220 server greeting" tests a long expiration time.
102
93
<b>CONFIGURATION PARAMETERS</b>
103
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
104
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for several hours. Use
105
the command "postfix reload" after a configuration change.
107
The text below provides only a parameter summary. See
108
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
110
NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-
111
dependent behavior. This is supported only when the
112
default parameter value is stress-dependent (that is, it
113
looks like ${stress?X}${stress:Y}, or it is the $<i>name</i> of
114
an smtpd parameter with a stress-dependent default).
115
Other parameters always evaluate as if the <b>stress</b> parame-
116
ter value is the empty string.
94
Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
95
processes may run for several hours. Use the command "postfix reload"
96
after a configuration change.
98
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
99
more details including examples.
101
NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
102
ior. This is supported only when the default parameter value is
103
stress-dependent (that is, it looks like ${stress?X}${stress:Y}, or it
104
is the $<i>name</i> of an smtpd parameter with a stress-dependent default).
105
Other parameters always evaluate as if the <b>stress</b> parameter value is
118
108
<b>COMPATIBILITY CONTROLS</b>
119
109
<b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
120
A mechanism to transform commands from remote SMTP
123
<b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
124
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
125
Lookup tables, indexed by the remote SMTP client
126
address, with case insensitive lists of EHLO key-
127
words (pipelining, starttls, auth, etc.) that the
128
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the EHLO
129
response to a remote SMTP client.
131
<b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
132
<b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
133
A case insensitive list of EHLO keywords (pipelin-
134
ing, starttls, auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
135
server will not send in the EHLO response to a
110
A mechanism to transform commands from remote SMTP clients.
112
<b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_key</a>-</b>
113
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">word_address_maps</a>)</b>
114
Lookup tables, indexed by the remote SMTP client address, with
115
case insensitive lists of EHLO keywords (pipelining, starttls,
116
auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
117
EHLO response to a remote SMTP client.
119
<b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b>
120
A case insensitive list of EHLO keywords (pipelining, starttls,
121
auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
122
EHLO response to a remote SMTP client.
138
124
<b>TROUBLE SHOOTING CONTROLS</b>
139
125
<b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
140
List of characters that are permitted in
126
List of characters that are permitted in
141
127
<a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.
143
129
<b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
144
Optional information that is appended after a 4XX
145
or 5XX <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
130
Optional information that is appended after a 4XX or 5XX
131
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
147
133
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
148
Safety net to keep mail queued that would otherwise
149
be returned to the sender.
134
Safety net to keep mail queued that would otherwise be returned
151
137
<b>BEFORE-POSTSCREEN PROXY AGENT</b>
152
138
Available in Postfix version 2.10 and later:
154
140
<b><a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> (empty)</b>
155
The name of the proxy protocol used by an optional
156
before-postscreen proxy agent.
141
The name of the proxy protocol used by an optional before-
142
postscreen proxy agent.
158
144
<b><a href="postconf.5.html#postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> (5s)</b>
159
The time limit for the proxy protocol specified
160
with the <a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parame-
145
The time limit for the proxy protocol specified with the
146
<a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter.
163
148
<b>PERMANENT WHITE/BLACKLIST TEST</b>
164
This test is executed immediately after a remote SMTP
165
client connects. If a client is permanently whitelisted,
166
the client will be handed off immediately to a Postfix
149
This test is executed immediately after a remote SMTP client connects.
150
If a client is permanently whitelisted, the client will be handed off
151
immediately to a Postfix SMTP server process.
169
153
<b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
170
Permanent white/blacklist for remote SMTP client IP
154
Permanent white/blacklist for remote SMTP client IP addresses.
173
156
<b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
174
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
175
SMTP client is permanently blacklisted with the
176
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
157
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client is
158
permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parame-
178
161
<b>MAIL EXCHANGER POLICY TESTS</b>
179
When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to monitor all primary
180
and backup MX addresses, it can refuse to whitelist
181
clients that connect to a backup MX address only. For
182
small sites, this requires configuring primary and backup
183
MX addresses on the same MTA. Larger sites would have to
184
share the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup
185
MTAs, which would introduce a common point of failure.
162
When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to monitor all primary and backup MX
163
addresses, it can refuse to whitelist clients that connect to a backup
164
MX address only. For small sites, this requires configuring primary and
165
backup MX addresses on the same MTA. Larger sites would have to share
166
the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup MTAs, which would
167
introduce a common point of failure.
187
169
<b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
188
A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses
189
where a non-whitelisted remote SMTP client can
190
obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s temporary whitelist status.
170
A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses where a non-
171
whitelisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s tempo-
172
rary whitelist status.
192
<b>BEFORE-GREETING TESTS</b>
193
These tests are executed before the remote SMTP client
194
receives the "220 servername" greeting. If no tests remain
195
after the successful completion of this phase, the client
196
will be handed off immediately to a Postfix SMTP server
174
<b>BEFORE 220 GREETING TESTS</b>
175
These tests are executed before the remote SMTP client receives the
176
"220 servername" greeting. If no tests remain after the successful com-
177
pletion of this phase, the client will be handed off immediately to a
178
Postfix SMTP server process.
199
180
<b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
200
The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
181
The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
203
183
<b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
204
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
205
SMTP client's combined DNSBL score is equal to or
206
greater than a threshold (as defined with the
207
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
208
<a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).
184
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client's
185
combined DNSBL score is equal to or greater than a threshold (as
186
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and
187
<a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> parameters).
210
189
<b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
211
A mapping from actual DNSBL domain name which
212
includes a secret password, to the DNSBL domain
213
name that postscreen will reply with when it
190
A mapping from actual DNSBL domain name which includes a secret
191
password, to the DNSBL domain name that postscreen will reply
192
with when it rejects mail.
216
194
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
217
Optional list of DNS white/blacklist domains, fil-
218
ters and weight factors.
195
Optional list of DNS white/blacklist domains, filters and weight
220
198
<b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
221
The inclusive lower bound for blocking a remote
222
SMTP client, based on its combined DNSBL score as
223
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
199
The inclusive lower bound for blocking a remote SMTP client,
200
based on its combined DNSBL score as defined with the
201
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
225
203
<b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
226
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
227
SMTP client speaks before its turn within the time
228
specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
204
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
205
speaks before its turn within the time specified with the
206
<a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
230
208
<b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
231
The <i>text</i> in the optional "220-<i>text</i>..." server
232
response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
233
Postfix SMTP server's "220 text..." response, in an
234
attempt to confuse bad SMTP clients so that they
235
speak before their turn (pre-greet).
209
The <i>text</i> in the optional "220-<i>text</i>..." server response that
210
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real Postfix SMTP server's "220
211
text..." response, in an attempt to confuse bad SMTP clients so
212
that they speak before their turn (pre-greet).
237
214
<b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
238
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
239
an SMTP client to send a command before its turn,
240
and for DNS blocklist lookup results to arrive
241
(default: up to 2 seconds under stress, up to 6
215
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for an SMTP
216
client to send a command before its turn, and for DNS blocklist
217
lookup results to arrive (default: up to 2 seconds under stress,
218
up to 6 seconds otherwise).
244
220
<b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
245
The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off
246
allowed connections to.
248
<b>AFTER-GREETING TESTS</b>
249
These tests are executed after the remote SMTP client
250
receives the "220 servername" greeting. If a client passes
251
all tests during this phase, it will receive a 4XX
252
response to RCPT TO commands until the client hangs up.
253
After this, the client will be allowed to talk directly to
254
a Postfix SMTP server process.
221
The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off allowed con-
224
Available in Postfix version 2.11 and later:
226
<b><a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> (0)</b>
227
Allow a remote SMTP client to skip "before" and "after 220
228
greeting" protocol tests, based on its combined DNSBL score as
229
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
231
<b>AFTER 220 GREETING TESTS</b>
232
These tests are executed after the remote SMTP client receives the "220
233
servername" greeting. If a client passes all tests during this phase,
234
it will receive a 4XX response to all RCPT TO commands. After the
235
client reconnects, it will be allowed to talk directly to a Postfix
256
238
<b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
257
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
258
SMTP client sends a bare newline character, that
259
is, a newline not preceded by carriage return.
239
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
240
sends a bare newline character, that is, a newline not preceded
261
243
<b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
262
Enable "bare newline" SMTP protocol tests in the
263
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
244
Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
265
247
<b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
266
Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
248
Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
269
250
<b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
270
List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server con-
271
siders in violation of the SMTP protocol.
251
List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server considers in vio-
252
lation of the SMTP protocol.
273
254
<b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
274
Require that a remote SMTP client sends HELO or
275
EHLO before commencing a MAIL transaction.
255
Require that a remote SMTP client sends HELO or EHLO before com-
256
mencing a MAIL transaction.
277
258
<b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
278
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
279
SMTP client sends non-SMTP commands as specified
280
with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.
259
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
260
sends non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbid</a>-
261
<a href="postconf.5.html#postscreen_forbidden_commands">den_commands</a> parameter.
282
263
<b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
283
Enable "non-SMTP command" tests in the
284
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
264
Enable "non-SMTP command" tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
286
266
<b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
287
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
288
SMTP client sends multiple commands instead of
289
sending one command and waiting for the server to
267
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
268
sends multiple commands instead of sending one command and wait-
269
ing for the server to respond.
292
271
<b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
293
Enable "pipelining" SMTP protocol tests in the
294
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
272
Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
296
275
<b>CACHE CONTROLS</b>
297
276
<b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
298
The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
277
The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache cleanup runs.
301
<b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (btree:$data_direc-</b>
302
<b>tory/postscreen_cache)</b>
303
Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
279
<b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (<a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b>
280
Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server decisions.
306
282
<b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
307
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
308
expired temporary whitelist entry before it is
283
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an expired tem-
284
porary whitelist entry before it is removed.
311
286
<b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
312
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
313
result from a successful "bare newline" SMTP proto-
287
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
288
successful "bare newline" SMTP protocol test.
316
290
<b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
317
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
318
result from a successful DNS blocklist test.
291
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
292
successful DNS blocklist test.
320
294
<b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
321
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
322
result from a successful PREGREET test.
295
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
296
successful PREGREET test.
324
298
<b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
325
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
326
result from a successful "non_smtp_command" SMTP
299
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
300
successful "non_smtp_command" SMTP protocol test.
329
302
<b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
330
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
331
result from a successful "pipelining" SMTP protocol
303
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
304
successful "pipelining" SMTP protocol test.
334
306
<b>RESOURCE CONTROLS</b>
335
307
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
336
Upon input, long lines are chopped up into pieces
337
of at most this length; upon delivery, long lines
308
Upon input, long lines are chopped up into pieces of at most
309
this length; upon delivery, long lines are reconstructed.
340
<b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
341
<b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
342
How many simultaneous connections any remote SMTP
343
client is allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
311
<b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connec</a>-</b>
312
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">tion_count_limit</a>)</b>
313
How many simultaneous connections any remote SMTP client is
314
allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
346
316
<b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
347
The limit on the total number of commands per SMTP
348
session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
317
The limit on the total number of commands per SMTP session for
318
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
351
320
<b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
352
The time limit to read an entire command line with
321
The time limit to read an entire command line with
353
322
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
355
324
<b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
356
The number of clients that can be waiting for ser-
357
vice from a real Postfix SMTP server process.
325
The number of clients that can be waiting for service from a
326
real Postfix SMTP server process.
359
328
<b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
360
The number of non-whitelisted clients that can be
361
waiting for a decision whether they will receive
362
service from a real Postfix SMTP server process.
329
The number of non-whitelisted clients that can be waiting for a
330
decision whether they will receive service from a real Postfix
364
333
<b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
365
How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
366
respond to a remote SMTP client command or to per-
367
form a cache operation before it is terminated by a
368
built-in watchdog timer.
334
How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to respond to a
335
remote SMTP client command or to perform a cache operation
336
before it is terminated by a built-in watchdog timer.
370
338
<b>STARTTLS CONTROLS</b>
371
339
<b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
372
The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
373
server; when a non-empty value is specified, this
374
overrides the obsolete parameters
375
<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
340
The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server; when a
341
non-empty value is specified, this overrides the obsolete param-
342
eters <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
377
344
<b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
378
The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
345
The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
381
347
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
382
These parameters are supported for compatibility with
383
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
348
These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
385
351
<b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
386
Opportunistic TLS: announce STARTTLS support to
387
remote SMTP clients, but do not require that
388
clients use TLS encryption.
352
Opportunistic TLS: announce STARTTLS support to remote SMTP
353
clients, but do not require that clients use TLS encryption.
390
355
<b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
391
Mandatory TLS: announce STARTTLS support to remote
392
SMTP clients, and require that clients use TLS
356
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
357
and require that clients use TLS encryption.
395
359
<b>MISCELLANEOUS CONTROLS</b>
396
360
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
397
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
398
<a href="master.5.html">master.cf</a> configuration files.
361
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
400
364
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
401
The maximal number of digits after the decimal
402
point when logging sub-second delay values.
365
The maximal number of digits after the decimal point when log-
366
ging sub-second delay values.
404
368
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
405
The location of all postfix administrative com-
369
The location of all postfix administrative commands.
408
371
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
409
The maximum amount of time that an idle Postfix
410
daemon process waits for an incoming connection
411
before terminating voluntarily.
372
The maximum amount of time that an idle Postfix daemon process
373
waits for an incoming connection before terminating voluntarily.
413
375
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
414
The process ID of a Postfix command or daemon
376
The process ID of a Postfix command or daemon process.
417
378
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
418
The process name of a Postfix command or daemon
379
The process name of a Postfix command or daemon process.
421
381
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
422
382
The syslog facility of Postfix logging.
424
384
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
425
The mail system name that is prepended to the
426
process name in syslog records, so that "smtpd"
427
becomes, for example, "postfix/smtpd".
385
The mail system name that is prepended to the process name in
386
syslog records, so that "smtpd" becomes, for example, "post-
430
390
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server