65
62
Problems and transactions are logged to <b>syslogd</b>(8).
67
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
68
the postmaster is notified of bounces, protocol problems,
69
policy violations, and of other trouble.
64
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
65
ter is notified of bounces, protocol problems, policy violations, and
71
68
<b>CONFIGURATION PARAMETERS</b>
72
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
73
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes run for only a limited amount of time.
74
Use the command "<b>postfix reload</b>" to speed up a change.
69
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes
70
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
76
The text below provides only a parameter summary. See
77
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
73
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
74
more details including examples.
79
76
<b>COMPATIBILITY CONTROLS</b>
80
The following parameters work around implementation errors
81
in other software, and/or allow you to override standards
82
in order to prevent undesirable use.
77
The following parameters work around implementation errors in other
78
software, and/or allow you to override standards in order to prevent
84
81
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
85
Enable inter-operability with remote SMTP clients
86
that implement an obsolete version of the AUTH com-
87
mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
82
Enable inter-operability with remote SMTP clients that implement
83
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
89
85
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
90
86
Disable the SMTP VRFY command.
92
88
<b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b>
93
List of commands that the Postfix SMTP server
94
replies to with "250 Ok", without doing any syntax
95
checks and without changing state.
89
List of commands that the Postfix SMTP server replies to with
90
"250 Ok", without doing any syntax checks and without changing
97
93
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
98
Require that addresses received in SMTP MAIL FROM
99
and RCPT TO commands are enclosed with <>, and that
100
those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com-
94
Require that addresses received in SMTP MAIL FROM and RCPT TO
95
commands are enclosed with <>, and that those addresses do not
96
contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
103
98
Available in Postfix version 2.1 and later:
105
<b><a href="postconf.5.html#resolve_null_domain">resolve_null_domain</a> (no)</b>
106
Resolve an address that ends in the "@" null domain
107
as if the local hostname were specified, instead of
108
rejecting the address as invalid.
110
100
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
111
Request that the Postfix SMTP server rejects mail
112
from unknown sender addresses, even when no
113
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
101
Request that the Postfix SMTP server rejects mail from unknown
102
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
103
access restriction is specified.
116
105
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
117
What remote SMTP clients the Postfix SMTP server
118
will not offer AUTH support to.
106
What remote SMTP clients the Postfix SMTP server will not offer
120
109
Available in Postfix version 2.2 and later:
122
111
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b>
123
Lookup tables, indexed by the remote SMTP client
124
address, with case insensitive lists of EHLO key-
125
words (pipelining, starttls, auth, etc.) that the
126
Postfix SMTP server will not send in the EHLO
127
response to a remote SMTP client.
112
Lookup tables, indexed by the remote SMTP client address, with
113
case insensitive lists of EHLO keywords (pipelining, starttls,
114
auth, etc.) that the Postfix SMTP server will not send in the
115
EHLO response to a remote SMTP client.
129
117
<b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b>
130
A case insensitive list of EHLO keywords (pipelin-
131
ing, starttls, auth, etc.) that the Postfix SMTP
132
server will not send in the EHLO response to a
118
A case insensitive list of EHLO keywords (pipelining, starttls,
119
auth, etc.) that the Postfix SMTP server will not send in the
120
EHLO response to a remote SMTP client.
135
122
<b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b>
136
Postpone the start of an SMTP mail transaction
137
until a valid RCPT TO command is received.
123
Postpone the start of an SMTP mail transaction until a valid
124
RCPT TO command is received.
139
126
Available in Postfix version 2.3 and later:
141
128
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
142
Force the Postfix SMTP server to issue a TLS ses-
143
sion id, even when TLS session caching is turned
144
off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
129
Force the Postfix SMTP server to issue a TLS session id, even
130
when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
131
<a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
146
133
Available in Postfix version 2.6 and later:
148
135
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
149
An optional workaround for routers that break TCP
136
An optional workaround for routers that break TCP window scal-
152
139
Available in Postfix version 2.7 and later:
154
141
<b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b>
155
A mechanism to transform commands from remote SMTP
142
A mechanism to transform commands from remote SMTP clients.
158
144
Available in Postfix version 2.9 and later:
160
146
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
161
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
162
limit, from a time limit per read or write system
163
call, to a time limit to send or receive a complete
164
record (an SMTP command line, SMTP response line,
165
SMTP message content line, or TLS protocol mes-
147
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
148
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
149
system call, to a time limit to send or receive a complete
150
record (an SMTP command line, SMTP response line, SMTP message
151
content line, or TLS protocol message).
168
153
<b>ADDRESS REWRITING CONTROLS</b>
169
See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
170
discussion of Postfix address rewriting.
154
See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
155
Postfix address rewriting.
172
157
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
173
Enable or disable recipient validation, built-in
174
content filtering, or address mapping.
158
Enable or disable recipient validation, built-in content filter-
159
ing, or address mapping.
176
161
Available in Postfix version 2.2 and later:
178
163
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
179
Rewrite message header addresses in mail from these
180
clients and update incomplete addresses with the
181
domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
182
rewrite message headers from other clients at all,
183
or rewrite message headers and update incomplete
184
addresses with the domain specified in the
185
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
164
Rewrite message header addresses in mail from these clients and
165
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
166
$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
167
clients at all, or rewrite message headers and update incomplete
168
addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
169
<a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
187
171
<b>BEFORE-SMTPD PROXY AGENT</b>
188
172
Available in Postfix version 2.10 and later:
190
174
<b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
191
The name of the proxy protocol used by an optional
192
before-smtpd proxy agent.
175
The name of the proxy protocol used by an optional before-smtpd
194
178
<b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b>
195
The time limit for the proxy protocol specified
196
with the <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
179
The time limit for the proxy protocol specified with the
180
<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
198
182
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
199
As of version 1.0, Postfix can be configured to send new
200
mail to an external content filter AFTER the mail is
201
queued. This content filter is expected to inject mail
202
back into a (Postfix or other) MTA for further delivery.
203
See the <a href="FILTER_README.html">FILTER_README</a> document for details.
183
As of version 1.0, Postfix can be configured to send new mail to an
184
external content filter AFTER the mail is queued. This content filter
185
is expected to inject mail back into a (Postfix or other) MTA for fur-
186
ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details.
205
188
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
206
After the message is queued, send the entire mes-
207
sage to the specified <i>transport:destination</i>.
189
After the message is queued, send the entire message to the
190
specified <i>transport:destination</i>.
209
192
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
210
As of version 2.1, the Postfix SMTP server can be config-
211
ured to send incoming mail to a real-time SMTP-based con-
212
tent filter BEFORE mail is queued. This content filter is
213
expected to inject mail back into Postfix. See the
214
<a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
193
As of version 2.1, the Postfix SMTP server can be configured to send
194
incoming mail to a real-time SMTP-based content filter BEFORE mail is
195
queued. This content filter is expected to inject mail back into Post-
196
fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
215
197
ure and operate this feature.
217
199
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
218
The hostname and TCP port of the mail filtering
200
The hostname and TCP port of the mail filtering proxy server.
221
202
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
222
How the Postfix SMTP server announces itself to the
203
How the Postfix SMTP server announces itself to the proxy fil-
225
206
<b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
226
List of options that control how the Postfix SMTP
227
server communicates with a before-queue content
207
List of options that control how the Postfix SMTP server commu-
208
nicates with a before-queue content filter.
230
210
<b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
231
The time limit for connecting to a proxy filter and
232
for sending or receiving information.
211
The time limit for connecting to a proxy filter and for sending
212
or receiving information.
234
214
<b>BEFORE QUEUE MILTER CONTROLS</b>
235
As of version 2.3, Postfix supports the Sendmail version 8
236
Milter (mail filter) protocol. These content filters run
237
outside Postfix. They can inspect the SMTP command stream
238
and the message content, and can request modifications
239
before mail is queued. For details see the <a href="MILTER_README.html">MILTER_README</a>
215
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
216
filter) protocol. These content filters run outside Postfix. They can
217
inspect the SMTP command stream and the message content, and can
218
request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>-
219
<a href="MILTER_README.html">TER_README</a> document.
242
221
<b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
243
A list of Milter (mail filter) applications for new
244
mail that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
222
A list of Milter (mail filter) applications for new mail that
223
arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
246
225
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
247
The mail filter protocol version and optional pro-
248
tocol extensions for communication with a Milter
249
application; prior to Postfix 2.6 the default pro-
226
The mail filter protocol version and optional protocol exten-
227
sions for communication with a Milter application; prior to
228
Postfix 2.6 the default protocol is 2.
252
230
<b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
253
The default action when a Milter (mail filter)
254
application is unavailable or mis-configured.
231
The default action when a Milter (mail filter) application is
232
unavailable or mis-configured.
256
234
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
257
The {daemon_name} macro value for Milter (mail fil-
235
The {daemon_name} macro value for Milter (mail filter) applica-
260
238
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
261
The {v} macro value for Milter (mail filter) appli-
239
The {v} macro value for Milter (mail filter) applications.
264
241
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
265
The time limit for connecting to a Milter (mail
266
filter) application, and for negotiating protocol
242
The time limit for connecting to a Milter (mail filter) applica-
243
tion, and for negotiating protocol options.
269
245
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
270
The time limit for sending an SMTP command to a
271
Milter (mail filter) application, and for receiving
246
The time limit for sending an SMTP command to a Milter (mail
247
filter) application, and for receiving the response.
274
249
<b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
275
The time limit for sending message content to a
276
Milter (mail filter) application, and for receiving
250
The time limit for sending message content to a Milter (mail
251
filter) application, and for receiving the response.
279
253
<b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
280
The macros that are sent to Milter (mail filter)
281
applications after completion of an SMTP connec-
254
The macros that are sent to Milter (mail filter) applications
255
after completion of an SMTP connection.
284
257
<b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
285
The macros that are sent to Milter (mail filter)
286
applications after the SMTP HELO or EHLO command.
258
The macros that are sent to Milter (mail filter) applications
259
after the SMTP HELO or EHLO command.
288
261
<b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
289
The macros that are sent to Milter (mail filter)
290
applications after the SMTP MAIL FROM command.
262
The macros that are sent to Milter (mail filter) applications
263
after the SMTP MAIL FROM command.
292
265
<b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
293
The macros that are sent to Milter (mail filter)
294
applications after the SMTP RCPT TO command.
266
The macros that are sent to Milter (mail filter) applications
267
after the SMTP RCPT TO command.
296
269
<b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
297
The macros that are sent to version 4 or higher
298
Milter (mail filter) applications after the SMTP
270
The macros that are sent to version 4 or higher Milter (mail
271
filter) applications after the SMTP DATA command.
301
273
<b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
302
The macros that are sent to version 3 or higher
303
Milter (mail filter) applications after an unknown
274
The macros that are sent to version 3 or higher Milter (mail
275
filter) applications after an unknown SMTP command.
306
277
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
307
The macros that are sent to Milter (mail filter)
308
applications after the end of the message header.
278
The macros that are sent to Milter (mail filter) applications
279
after the end of the message header.
310
281
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
311
The macros that are sent to Milter (mail filter)
312
applications after the message end-of-data.
282
The macros that are sent to Milter (mail filter) applications
283
after the message end-of-data.
314
285
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
315
The following parameters are applicable for both built-in
316
and external content filters.
286
The following parameters are applicable for both built-in and external
318
289
Available in Postfix version 2.1 and later:
320
291
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
321
Enable or disable recipient validation, built-in
322
content filtering, or address mapping.
292
Enable or disable recipient validation, built-in content filter-
293
ing, or address mapping.
324
295
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
325
The following parameters are applicable for both before-
326
queue and after-queue content filtering.
296
The following parameters are applicable for both before-queue and
297
after-queue content filtering.
328
299
Available in Postfix version 2.1 and later:
330
301
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
331
What remote SMTP clients are allowed to use the
302
What remote SMTP clients are allowed to use the XFORWARD fea-
334
305
<b>SASL AUTHENTICATION CONTROLS</b>
335
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti-
336
cate remote SMTP clients to the Postfix SMTP server, and
337
to authenticate the Postfix SMTP client to a remote SMTP
338
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
306
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
307
clients to the Postfix SMTP server, and to authenticate the Postfix
308
SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
340
311
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
341
Enable inter-operability with remote SMTP clients
342
that implement an obsolete version of the AUTH com-
343
mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
312
Enable inter-operability with remote SMTP clients that implement
313
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
345
315
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
346
Enable SASL authentication in the Postfix SMTP
316
Enable SASL authentication in the Postfix SMTP server.
349
318
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
350
The name of the Postfix SMTP server's local SASL
351
authentication realm.
319
The name of the Postfix SMTP server's local SASL authentication
353
322
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
354
Postfix SMTP server SASL security options; as of
355
Postfix 2.3 the list of available features depends
356
on the SASL server implementation that is selected
357
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
323
Postfix SMTP server SASL security options; as of Postfix 2.3 the
324
list of available features depends on the SASL server implemen-
325
tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
359
327
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
360
Optional lookup table with the SASL login names
361
that own sender (MAIL FROM) addresses.
328
Optional lookup table with the SASL login names that own sender
329
(MAIL FROM) addresses.
363
331
Available in Postfix version 2.1 and later:
365
333
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
366
What remote SMTP clients the Postfix SMTP server
367
will not offer AUTH support to.
334
What remote SMTP clients the Postfix SMTP server will not offer
369
337
Available in Postfix version 2.1 and 2.2:
371
339
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
372
The application name that the Postfix SMTP server
373
uses for SASL server initialization.
340
The application name that the Postfix SMTP server uses for SASL
341
server initialization.
375
343
Available in Postfix version 2.3 and later:
377
345
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
378
Report the SASL authenticated user name in the
379
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
346
Report the SASL authenticated user name in the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received
381
349
<b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
382
Implementation-specific information that the Post-
383
fix SMTP server passes through to the SASL plug-in
384
implementation that is selected with
385
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
350
Implementation-specific information that the Postfix SMTP server
351
passes through to the SASL plug-in implementation that is
352
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
387
354
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
388
The SASL plug-in type that the Postfix SMTP server
389
should use for authentication.
355
The SASL plug-in type that the Postfix SMTP server should use
391
358
Available in Postfix version 2.5 and later:
393
360
<b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
394
Search path for Cyrus SASL application configura-
395
tion files, currently used only to locate the
396
$<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
361
Search path for Cyrus SASL application configuration files, cur-
362
rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
364
Available in Postfix version 2.11 and later:
366
<b>smtpd_sasl_service (smtp)</b>
367
The service name that is passed to the SASL plug-in that is
368
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>.
398
370
<b>STARTTLS SUPPORT CONTROLS</b>
399
Detailed information about STARTTLS configuration may be
400
found in the <a href="TLS_README.html">TLS_README</a> document.
371
Detailed information about STARTTLS configuration may be found in the
372
<a href="TLS_README.html">TLS_README</a> document.
402
374
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
403
The SMTP TLS security level for the Postfix SMTP
404
server; when a non-empty value is specified, this
405
overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
406
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
375
The SMTP TLS security level for the Postfix SMTP server; when a
376
non-empty value is specified, this overrides the obsolete param-
377
eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
408
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
409
<b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
410
The SASL authentication security options that the
411
Postfix SMTP server uses for TLS encrypted SMTP
379
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b>
380
The SASL authentication security options that the Postfix SMTP
381
server uses for TLS encrypted SMTP sessions.
414
383
<b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b>
415
The time limit for Postfix SMTP server write and
416
read operations during TLS startup and shutdown
417
handshake procedures.
384
The time limit for Postfix SMTP server write and read operations
385
during TLS startup and shutdown handshake procedures.
419
387
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
420
A file containing (PEM format) CA certificates of
421
root CAs trusted to sign either remote SMTP client
422
certificates or intermediate CA certificates.
388
A file containing (PEM format) CA certificates of root CAs
389
trusted to sign either remote SMTP client certificates or inter-
390
mediate CA certificates.
424
392
<b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
425
A directory containing (PEM format) CA certificates
426
of root CAs trusted to sign either remote SMTP
427
client certificates or intermediate CA certifi-
393
A directory containing (PEM format) CA certificates of root CAs
394
trusted to sign either remote SMTP client certificates or inter-
395
mediate CA certificates.
430
397
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
431
Force the Postfix SMTP server to issue a TLS ses-
432
sion id, even when TLS session caching is turned
433
off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
398
Force the Postfix SMTP server to issue a TLS session id, even
399
when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
400
<a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
435
402
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
436
Ask a remote SMTP client for a client certificate.
403
Ask a remote SMTP client for a client certificate.
438
405
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
439
When TLS encryption is optional in the Postfix SMTP
440
server, do not announce or accept SASL authentica-
441
tion over unencrypted connections.
406
When TLS encryption is optional in the Postfix SMTP server, do
407
not announce or accept SASL authentication over unencrypted con-
443
410
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
444
The verification depth for remote SMTP client cer-
411
The verification depth for remote SMTP client certificates.
447
413
<b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
448
File with the Postfix SMTP server RSA certificate
414
File with the Postfix SMTP server RSA certificate in PEM format.
451
416
<b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
452
List of ciphers or cipher types to exclude from the
453
SMTP server cipher list at all TLS security levels.
417
List of ciphers or cipher types to exclude from the SMTP server
418
cipher list at all TLS security levels.
455
420
<b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
456
File with the Postfix SMTP server DSA certificate
421
File with the Postfix SMTP server DSA certificate in PEM format.
459
423
<b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
460
File with DH parameters that the Postfix SMTP
461
server should use with EDH ciphers.
424
File with DH parameters that the Postfix SMTP server should use
425
with non-export EDH ciphers.
463
427
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
464
File with DH parameters that the Postfix SMTP
465
server should use with EDH ciphers.
428
File with DH parameters that the Postfix SMTP server should use
429
with export-grade EDH ciphers.
467
431
<b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
468
File with the Postfix SMTP server DSA private key
432
File with the Postfix SMTP server DSA private key in PEM format.
471
434
<b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
472
File with the Postfix SMTP server RSA private key
435
File with the Postfix SMTP server RSA private key in PEM format.
475
437
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
476
Enable additional Postfix SMTP server logging of
438
Enable additional Postfix SMTP server logging of TLS activity.
479
440
<b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
480
The minimum TLS cipher grade that the Postfix SMTP
481
server will use with mandatory TLS encryption.
441
The minimum TLS cipher grade that the Postfix SMTP server will
442
use with mandatory TLS encryption.
483
444
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
484
Additional list of ciphers or cipher types to
485
exclude from the Postfix SMTP server cipher list at
486
mandatory TLS security levels.
445
Additional list of ciphers or cipher types to exclude from the
446
Postfix SMTP server cipher list at mandatory TLS security lev-
488
449
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2)</b>
489
The SSL/TLS protocols accepted by the Postfix SMTP
490
server with mandatory TLS encryption.
450
The SSL/TLS protocols accepted by the Postfix SMTP server with
451
mandatory TLS encryption.
492
453
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
493
Request that the Postfix SMTP server produces
494
Received: message headers that include information
495
about the protocol and cipher used, as well as the
496
remote SMTP client CommonName and client certifi-
497
cate issuer CommonName.
454
Request that the Postfix SMTP server produces Received: message
455
headers that include information about the protocol and cipher
456
used, as well as the remote SMTP client CommonName and client
457
certificate issuer CommonName.
499
459
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
500
With mandatory TLS encryption, require a trusted
501
remote SMTP client certificate in order to allow
502
TLS connections to proceed.
504
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
505
Name of the file containing the optional Postfix
506
SMTP server TLS session cache.
508
<b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
509
The expiration time of Postfix SMTP server TLS ses-
510
sion cache information.
460
With mandatory TLS encryption, require a trusted remote SMTP
461
client certificate in order to allow TLS connections to proceed.
512
463
<b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
513
Run the Postfix SMTP server in the non-standard
514
"wrapper" mode, instead of using the STARTTLS com-
464
Run the Postfix SMTP server in the non-standard "wrapper" mode,
465
instead of using the STARTTLS command.
517
467
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
518
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
519
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
520
server in order to seed its internal pseudo random
521
number generator (PRNG).
468
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
469
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
470
internal pseudo random number generator (PRNG).
523
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
524
<b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
472
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
525
473
The OpenSSL cipherlist for "HIGH" grade ciphers.
527
475
<b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
528
The OpenSSL cipherlist for "MEDIUM" or higher grade
476
The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
531
478
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
532
The OpenSSL cipherlist for "LOW" or higher grade
479
The OpenSSL cipherlist for "LOW" or higher grade ciphers.
535
481
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
536
The OpenSSL cipherlist for "EXPORT" or higher grade
482
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
539
484
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
540
The OpenSSL cipherlist for "NULL" grade ciphers
541
that provide authentication without encryption.
485
The OpenSSL cipherlist for "NULL" grade ciphers that provide
486
authentication without encryption.
543
488
Available in Postfix version 2.5 and later:
545
490
<b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b>
546
The message digest algorithm to construct remote
547
SMTP client-certificate fingerprints or public key
548
fingerprints (Postfix 2.9 and later) for
549
<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
491
The message digest algorithm to construct remote SMTP client-
492
certificate fingerprints or public key fingerprints (Postfix 2.9
493
and later) for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
551
495
Available in Postfix version 2.6 and later:
553
497
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
554
List of TLS protocols that the Postfix SMTP server
555
will exclude or include with opportunistic TLS
498
List of TLS protocols that the Postfix SMTP server will exclude
499
or include with opportunistic TLS encryption.
558
501
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
559
The minimum TLS cipher grade that the Postfix SMTP
560
server will use with opportunistic TLS encryption.
502
The minimum TLS cipher grade that the Postfix SMTP server will
503
use with opportunistic TLS encryption.
562
505
<b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
563
File with the Postfix SMTP server ECDSA certificate
506
File with the Postfix SMTP server ECDSA certificate in PEM for-
566
509
<b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
567
File with the Postfix SMTP server ECDSA private key
510
File with the Postfix SMTP server ECDSA private key in PEM for-
570
513
<b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
571
The Postfix SMTP server security grade for
572
ephemeral elliptic-curve Diffie-Hellman (EECDH) key
514
The Postfix SMTP server security grade for ephemeral elliptic-
515
curve Diffie-Hellman (EECDH) key exchange.
575
517
<b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
576
The elliptic curve used by the Postfix SMTP server
577
for sensibly strong ephemeral ECDH key exchange.
518
The elliptic curve used by the Postfix SMTP server for sensibly
519
strong ephemeral ECDH key exchange.
579
521
<b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
580
The elliptic curve used by the Postfix SMTP server
581
for maximally strong ephemeral ECDH key exchange.
522
The elliptic curve used by the Postfix SMTP server for maximally
523
strong ephemeral ECDH key exchange.
583
525
Available in Postfix version 2.8 and later:
585
527
<b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
586
With SSLv3 and later, use the Postfix SMTP server's
587
cipher preference order instead of the remote
588
client's cipher preference order.
528
With SSLv3 and later, use the Postfix SMTP server's cipher pref-
529
erence order instead of the remote client's cipher preference
590
532
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
591
List or bit-mask of OpenSSL bug work-arounds to
533
List or bit-mask of OpenSSL bug work-arounds to disable.
535
Available in Postfix version 2.11 and later:
537
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
538
The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
594
540
<b>OBSOLETE STARTTLS CONTROLS</b>
595
The following configuration parameters exist for compati-
596
bility with Postfix versions before 2.3. Support for these
597
will be removed in a future release.
541
The following configuration parameters exist for compatibility with
542
Postfix versions before 2.3. Support for these will be removed in a
599
545
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
600
Opportunistic TLS: announce STARTTLS support to
601
remote SMTP clients, but do not require that
602
clients use TLS encryption.
546
Opportunistic TLS: announce STARTTLS support to remote SMTP
547
clients, but do not require that clients use TLS encryption.
604
549
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
605
Mandatory TLS: announce STARTTLS support to remote
606
SMTP clients, and require that clients use TLS
550
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
551
and require that clients use TLS encryption.
609
553
<b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
610
Obsolete Postfix < 2.3 control for the Postfix SMTP
611
server TLS cipher list.
554
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
613
557
<b>VERP SUPPORT CONTROLS</b>
614
With VERP style delivery, each recipient of a message
615
receives a customized copy of the message with his/her own
616
recipient address encoded in the envelope sender address.
617
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
618
details of Postfix support for variable envelope return
619
path addresses. VERP style delivery is requested with the
620
SMTP XVERP command or with the "sendmail -V" command-line
621
option and is available in Postfix version 1.1 and later.
558
With VERP style delivery, each recipient of a message receives a cus-
559
tomized copy of the message with his/her own recipient address encoded
560
in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
561
uration and operation details of Postfix support for variable envelope
562
return path addresses. VERP style delivery is requested with the SMTP
563
XVERP command or with the "sendmail -V" command-line option and is
564
available in Postfix version 1.1 and later.
623
566
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
624
567
The two default VERP delimiter characters.
626
569
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
627
The characters Postfix accepts as VERP delimiter
628
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
629
and in SMTP commands.
570
The characters Postfix accepts as VERP delimiter characters on
571
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
631
573
Available in Postfix version 1.1 and 2.0:
633
575
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
634
What remote SMTP clients are allowed to specify the
576
What remote SMTP clients are allowed to specify the XVERP com-
637
579
Available in Postfix version 2.1 and later:
639
581
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
640
What remote SMTP clients are allowed to specify the
582
What remote SMTP clients are allowed to specify the XVERP com-
643
585
<b>TROUBLE SHOOTING CONTROLS</b>
644
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
645
the Postfix mail system. The methods vary from making the
646
software log a lot of detail, to running some daemon pro-
647
cesses under control of a call tracer or debugger.
586
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
587
mail system. The methods vary from making the software log a lot of
588
detail, to running some daemon processes under control of a call tracer
649
591
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
650
The increment in verbose logging level when a
651
remote client or server matches a pattern in the
652
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
592
The increment in verbose logging level when a remote client or
593
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
654
595
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
655
Optional list of remote client or server hostname
656
or network address patterns that cause the verbose
657
logging level to increase by the amount specified
658
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
596
Optional list of remote client or server hostname or network
597
address patterns that cause the verbose logging level to
598
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
660
600
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
661
The recipient of postmaster notifications about
662
mail delivery problems that are caused by policy,
663
resource, software or protocol errors.
601
The recipient of postmaster notifications about mail delivery
602
problems that are caused by policy, resource, software or proto-
665
605
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
666
What categories of Postfix-generated mail are sub-
667
ject to before-queue content inspection by
668
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
606
What categories of Postfix-generated mail are subject to before-
607
queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
608
<a href="postconf.5.html#body_checks">body_checks</a>.
670
610
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
671
The list of error classes that are reported to the
611
The list of error classes that are reported to the postmaster.
674
613
<b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
675
Optional information that is appended after each
676
Postfix SMTP server 4XX or 5XX response.
614
Optional information that is appended after each Postfix SMTP
615
server 4XX or 5XX response.
678
617
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
679
Safety net to keep mail queued that would otherwise
680
be returned to the sender.
618
Safety net to keep mail queued that would otherwise be returned
682
621
Available in Postfix version 2.1 and later:
684
623
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
685
What remote SMTP clients are allowed to use the
624
What remote SMTP clients are allowed to use the XCLIENT feature.
688
626
Available in Postfix version 2.10 and later:
690
628
<b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b>
691
Enable logging of the named "permit" actions in
692
SMTP server access lists.
629
Enable logging of the named "permit" actions in SMTP server
630
access lists (by default, the SMTP server logs "reject" actions
631
but not "permit" actions).
694
633
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
695
As of Postfix version 2.0, the SMTP server rejects mail
696
for unknown recipients. This prevents the mail queue from
697
clogging up with undeliverable MAILER-DAEMON messages.
698
Additional information on this topic is in the
699
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
634
As of Postfix version 2.0, the SMTP server rejects mail for unknown
635
recipients. This prevents the mail queue from clogging up with undeliv-
636
erable MAILER-DAEMON messages. Additional information on this topic is
637
in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
701
639
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
702
Display the name of the recipient table in the
703
"User unknown" responses.
640
Display the name of the recipient table in the "User unknown"
705
643
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
706
Optional address mapping lookup tables for message
707
headers and envelopes.
644
Optional address mapping lookup tables for message headers and
709
647
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
710
Optional address mapping lookup tables for envelope
711
and header recipient addresses.
648
Optional address mapping lookup tables for envelope and header
713
651
Parameters concerning known/unknown local recipients:
715
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
717
The list of domains that are delivered via the
718
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
653
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
654
The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
655
mail delivery transport.
720
657
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
721
The network interface addresses that this mail sys-
722
tem receives mail on.
658
The network interface addresses that this mail system receives
724
661
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
725
The network interface addresses that this mail sys-
726
tem receives mail on by way of a proxy or network
727
address translation unit.
662
The network interface addresses that this mail system receives
663
mail on by way of a proxy or network address translation unit.
729
665
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
730
The Internet protocols Postfix will attempt to use
731
when making or accepting connections.
666
The Internet protocols Postfix will attempt to use when making
667
or accepting connections.
733
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
734
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
735
Lookup tables with all names or addresses of local
736
recipients: a recipient address is local when its
737
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
738
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
669
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
670
Lookup tables with all names or addresses of local recipients: a
671
recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
672
<a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
740
674
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
741
The numerical Postfix SMTP server response code
742
when a recipient address is local, and
743
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
744
tables that does not match the recipient.
675
The numerical Postfix SMTP server response code when a recipient
676
address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
677
lookup tables that does not match the recipient.
746
Parameters concerning known/unknown recipients of relay
679
Parameters concerning known/unknown recipients of relay destinations:
749
681
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
750
What destination domains (and subdomains thereof)
751
this system will relay mail to.
682
What destination domains (and subdomains thereof) this system
753
685
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
754
Optional lookup tables with all valid addresses in
755
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
686
Optional lookup tables with all valid addresses in the domains
687
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
757
689
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
758
The numerical Postfix SMTP server reply code when a
759
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
760
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
761
tables that does not match the recipient address.
690
The numerical Postfix SMTP server reply code when a recipient
691
address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
692
fies a list of lookup tables that does not match the recipient
763
Parameters concerning known/unknown recipients in virtual
695
Parameters concerning known/unknown recipients in virtual alias
766
698
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
767
Postfix is final destination for the specified list
768
of virtual alias domains, that is, domains for
769
which all addresses are aliased to addresses in
770
other local or remote domains.
699
Postfix is final destination for the specified list of virtual
700
alias domains, that is, domains for which all addresses are
701
aliased to addresses in other local or remote domains.
772
703
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
773
Optional lookup tables that alias specific mail
774
addresses or domains to other local or remote
704
Optional lookup tables that alias specific mail addresses or
705
domains to other local or remote address.
777
707
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
778
The Postfix SMTP server reply code when a recipient
779
address matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
780
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
781
that does not match the recipient address.
708
The Postfix SMTP server reply code when a recipient address
709
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
710
fies a list of lookup tables that does not match the recipient
783
Parameters concerning known/unknown recipients in virtual
713
Parameters concerning known/unknown recipients in virtual mailbox
786
716
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
787
Postfix is final destination for the specified list
788
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
789
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
717
Postfix is final destination for the specified list of domains;
718
mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
791
721
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
792
Optional lookup tables with all valid addresses in
793
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
722
Optional lookup tables with all valid addresses in the domains
723
that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
795
725
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
796
The Postfix SMTP server reply code when a recipient
797
address matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
798
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
799
that does not match the recipient address.
726
The Postfix SMTP server reply code when a recipient address
727
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
728
specifies a list of lookup tables that does not match the recip-
801
731
<b>RESOURCE AND RATE CONTROLS</b>
802
The following parameters limit resource usage by the SMTP
803
server and/or control client request rates.
732
The following parameters limit resource usage by the SMTP server and/or
733
control client request rates.
805
735
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
806
Upon input, long lines are chopped up into pieces
807
of at most this length; upon delivery, long lines
736
Upon input, long lines are chopped up into pieces of at most
737
this length; upon delivery, long lines are reconstructed.
810
739
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
811
The minimal amount of free space in bytes in the
812
queue file system that is needed to receive mail.
740
The minimal amount of free space in bytes in the queue file sys-
741
tem that is needed to receive mail.
814
743
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
815
The maximal size in bytes of a message, including
816
envelope information.
744
The maximal size in bytes of a message, including envelope
818
747
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
819
The maximal number of recipients that the Postfix
820
SMTP server accepts per message delivery request.
748
The maximal number of recipients that the Postfix SMTP server
749
accepts per message delivery request.
822
751
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
823
The time limit for sending a Postfix SMTP server
824
response and for receiving a remote SMTP client
752
The time limit for sending a Postfix SMTP server response and
753
for receiving a remote SMTP client request.
827
755
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
828
The maximal number of lines in the Postfix SMTP
829
server command history before it is flushed upon
830
receipt of EHLO, RSET, or end of DATA.
756
The maximal number of lines in the Postfix SMTP server command
757
history before it is flushed upon receipt of EHLO, RSET, or end
832
760
Available in Postfix version 2.3 and later:
834
762
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
835
Attempt to look up the remote SMTP client hostname,
836
and verify that the name matches the client IP
763
Attempt to look up the remote SMTP client hostname, and verify
764
that the name matches the client IP address.
839
The per SMTP client connection count and request rate lim-
840
its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
841
vice, and are available in Postfix version 2.2 and later.
766
The per SMTP client connection count and request rate limits are imple-
767
mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
768
Postfix version 2.2 and later.
843
770
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
844
How many simultaneous connections any client is
845
allowed to make to this service.
771
How many simultaneous connections any client is allowed to make
847
774
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
848
The maximal number of connection attempts any
849
client is allowed to make to this service per time
775
The maximal number of connection attempts any client is allowed
776
to make to this service per time unit.
852
778
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
853
The maximal number of message delivery requests
854
that any client is allowed to make to this service
855
per time unit, regardless of whether or not Postfix
856
actually accepts those messages.
779
The maximal number of message delivery requests that any client
780
is allowed to make to this service per time unit, regardless of
781
whether or not Postfix actually accepts those messages.
858
783
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
859
The maximal number of recipient addresses that any
860
client is allowed to send to this service per time
861
unit, regardless of whether or not Postfix actually
862
accepts those recipients.
784
The maximal number of recipient addresses that any client is
785
allowed to send to this service per time unit, regardless of
786
whether or not Postfix actually accepts those recipients.
864
788
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
865
Clients that are excluded from
866
smtpd_client_*_count/rate_limit restrictions.
789
Clients that are excluded from smtpd_client_*_count/rate_limit
868
792
Available in Postfix version 2.3 and later:
870
794
<b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
871
The maximal number of new (i.e., uncached) TLS ses-
872
sions that a remote SMTP client is allowed to nego-
873
tiate with this service per time unit.
795
The maximal number of new (i.e., uncached) TLS sessions that a
796
remote SMTP client is allowed to negotiate with this service per
875
799
Available in Postfix version 2.9 and later:
877
801
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
878
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
879
limit, from a time limit per read or write system
880
call, to a time limit to send or receive a complete
881
record (an SMTP command line, SMTP response line,
882
SMTP message content line, or TLS protocol mes-
802
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
803
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
804
system call, to a time limit to send or receive a complete
805
record (an SMTP command line, SMTP response line, SMTP message
806
content line, or TLS protocol message).
885
808
<b>TARPIT CONTROLS</b>
886
When a remote SMTP client makes errors, the Postfix SMTP
887
server can insert delays before responding. This can help
888
to slow down run-away software. The behavior is con-
889
trolled by an error counter that counts the number of
890
errors within an SMTP session that a client makes without
809
When a remote SMTP client makes errors, the Postfix SMTP server can
810
insert delays before responding. This can help to slow down run-away
811
software. The behavior is controlled by an error counter that counts
812
the number of errors within an SMTP session that a client makes without
893
815
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
894
With Postfix version 2.1 and later: the SMTP server
895
response delay after a client has made more than
896
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
897
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
816
With Postfix version 2.1 and later: the SMTP server response
817
delay after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
818
errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
900
821
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
901
The number of errors a remote SMTP client is
902
allowed to make without delivering mail before the
903
Postfix SMTP server slows down all its responses.
822
The number of errors a remote SMTP client is allowed to make
823
without delivering mail before the Postfix SMTP server slows
824
down all its responses.
905
826
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
906
The maximal number of errors a remote SMTP client
907
is allowed to make without delivering mail.
827
The maximal number of errors a remote SMTP client is allowed to
828
make without delivering mail.
909
830
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
910
The number of junk commands (NOOP, VRFY, ETRN or
911
RSET) that a remote SMTP client can send before the
912
Postfix SMTP server starts to increment the error
913
counter with each junk command.
831
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
832
remote SMTP client can send before the Postfix SMTP server
833
starts to increment the error counter with each junk command.
915
835
Available in Postfix version 2.1 and later:
917
837
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
918
The number of recipients that a remote SMTP client
919
can send in excess of the limit specified with
920
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
921
server increments the per-session error count for
922
each excess recipient.
838
The number of recipients that a remote SMTP client can send in
839
excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
840
before the Postfix SMTP server increments the per-session error
841
count for each excess recipient.
924
843
<b>ACCESS POLICY DELEGATION CONTROLS</b>
925
As of version 2.1, Postfix can be configured to delegate
926
access policy decisions to an external server that runs
927
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
844
As of version 2.1, Postfix can be configured to delegate access policy
845
decisions to an external server that runs outside Postfix. See the
846
file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
930
848
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
931
The time after which an idle SMTPD policy service
932
connection is closed.
849
The time after which an idle SMTPD policy service connection is
934
852
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
935
The time after which an active SMTPD policy service
936
connection is closed.
853
The time after which an active SMTPD policy service connection
938
856
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
939
The time limit for connecting to, writing to or
940
receiving from a delegated SMTPD policy server.
857
The time limit for connecting to, writing to or receiving from a
858
delegated SMTPD policy server.
942
860
<b>ACCESS CONTROLS</b>
943
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
944
all the SMTP server access control features.
861
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
862
server access control features.
946
864
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
947
Wait until the RCPT TO command before evaluating
948
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
949
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
950
the ETRN command before evaluating
951
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
865
Wait until the RCPT TO command before evaluating
866
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
867
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
868
before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
869
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
954
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
956
What Postfix features match subdomains of
957
"domain.tld" automatically, instead of requiring an
958
explicit ".domain.tld" pattern.
871
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
872
What Postfix features match subdomains of "domain.tld" automati-
873
cally, instead of requiring an explicit ".domain.tld" pattern.
960
875
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
961
Optional restrictions that the Postfix SMTP server
962
applies in the context of a client connection
876
Optional restrictions that the Postfix SMTP server applies in
877
the context of a client connection request.
965
879
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
966
Require that a remote SMTP client introduces itself
967
with the HELO or EHLO command before sending the
968
MAIL command or other commands that require EHLO
880
Require that a remote SMTP client introduces itself with the
881
HELO or EHLO command before sending the MAIL command or other
882
commands that require EHLO negotiation.
971
884
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
972
Optional restrictions that the Postfix SMTP server
973
applies in the context of a client HELO command.
885
Optional restrictions that the Postfix SMTP server applies in
886
the context of a client HELO command.
975
888
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
976
Optional restrictions that the Postfix SMTP server
977
applies in the context of a client MAIL FROM com-
889
Optional restrictions that the Postfix SMTP server applies in
890
the context of a client MAIL FROM command.
980
892
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
981
Optional restrictions that the Postfix SMTP server
982
applies in the context of a client RCPT TO command,
983
after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
893
Optional restrictions that the Postfix SMTP server applies in
894
the context of a client RCPT TO command, after
895
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
985
897
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
986
Optional restrictions that the Postfix SMTP server
987
applies in the context of a client ETRN command.
898
Optional restrictions that the Postfix SMTP server applies in
899
the context of a client ETRN command.
989
901
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
990
Forward mail with sender-specified routing
991
(user[@%!]remote[@%!]site) from untrusted clients
992
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
902
Forward mail with sender-specified routing
903
(user[@%!]remote[@%!]site) from untrusted clients to destina-
904
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
994
906
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
995
User-defined aliases for groups of access restric-
907
User-defined aliases for groups of access restrictions.
998
909
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
999
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
1000
instead of the null sender address.
910
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
911
the null sender address.
1002
913
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
1003
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
1004
access feature to only domains whose primary MX
1005
hosts match the listed networks.
914
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
915
only domains whose primary MX hosts match the listed networks.
1007
917
Available in Postfix version 2.0 and later:
1009
919
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
1010
Optional access restrictions that the Postfix SMTP
1011
server applies in the context of the SMTP DATA com-
920
Optional access restrictions that the Postfix SMTP server
921
applies in the context of the SMTP DATA command.
1014
923
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
1015
What characters are allowed in $name expansions of
1016
RBL reply templates.
924
What characters are allowed in $name expansions of RBL reply
1018
927
Available in Postfix version 2.1 and later:
1020
929
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
1021
Request that the Postfix SMTP server rejects mail
1022
from unknown sender addresses, even when no
1023
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
930
Request that the Postfix SMTP server rejects mail from unknown
931
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
932
access restriction is specified.
1026
934
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
1027
Request that the Postfix SMTP server rejects mail
1028
for unknown recipient addresses, even when no
1029
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
935
Request that the Postfix SMTP server rejects mail for unknown
936
recipient addresses, even when no explicit
937
<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
1032
939
Available in Postfix version 2.2 and later:
1034
941
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
1035
Optional access restrictions that the Postfix SMTP
1036
server applies in the context of the SMTP END-OF-
942
Optional access restrictions that the Postfix SMTP server
943
applies in the context of the SMTP END-OF-DATA command.
1039
945
Available in Postfix version 2.10 and later:
1041
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
1042
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
1043
Access restrictions for mail relay control that the
1044
Postfix SMTP server applies in the context of the
1045
RCPT TO command, before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restric</a>-
1046
<a href="postconf.5.html#smtpd_recipient_restrictions">tions</a>.
947
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
948
<b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
949
Access restrictions for mail relay control that the Postfix SMTP
950
server applies in the context of the RCPT TO command, before
951
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
1048
953
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
1049
Postfix version 2.1 introduces sender and recipient
1050
address verification. This feature is implemented by
1051
sending probe email messages that are not actually deliv-
1052
ered. This feature is requested via the reject_unveri-
1053
fied_sender and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
1054
restrictions. The status of verification probes is main-
1055
tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
1056
<a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure
1057
and operate the Postfix sender/recipient address verifica-
954
Postfix version 2.1 introduces sender and recipient address verifica-
955
tion. This feature is implemented by sending probe email messages that
956
are not actually delivered. This feature is requested via the
957
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
958
restrictions. The status of verification probes is maintained by the
959
<a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
960
mation about how to configure and operate the Postfix sender/recipient
961
address verification service.
1060
963
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
1061
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
1062
the completion of an address verification request
964
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion
965
of an address verification request in progress.
1065
967
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
1066
The delay between queries for the completion of an
1067
address verification request in progress.
968
The delay between queries for the completion of an address veri-
969
fication request in progress.
1069
971
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
1070
The sender address to use in address verification
1071
probes; prior to Postfix 2.5 the default was "post-
972
The sender address to use in address verification probes; prior
973
to Postfix 2.5 the default was "postmaster".
1074
975
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
1075
The numerical Postfix SMTP server response code
1076
when a recipient address is rejected by the
1077
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
976
The numerical Postfix SMTP server response code when a recipient
977
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
1079
979
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
1080
The numerical Postfix SMTP server response when a
1081
recipient address is rejected by the reject_unveri-
1082
fied_recipient restriction.
980
The numerical Postfix SMTP server response when a recipient
981
address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
1084
984
Available in Postfix version 2.6 and later:
1086
986
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
1087
The numerical Postfix SMTP server response code
1088
when a sender address probe fails due to a tempo-
1089
rary error condition.
987
The numerical Postfix SMTP server response code when a sender
988
address probe fails due to a temporary error condition.
1091
990
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
1092
The numerical Postfix SMTP server response when a
1093
recipient address probe fails due to a temporary
991
The numerical Postfix SMTP server response when a recipient
992
address probe fails due to a temporary error condition.
1096
994
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
1097
The Postfix SMTP server's reply when rejecting mail
1098
with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
995
The Postfix SMTP server's reply when rejecting mail with
996
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
1100
998
<b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b>
1101
The Postfix SMTP server's reply when rejecting mail
1102
with <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
1104
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
1105
<b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
1106
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unver</a>-
1107
<a href="postconf.5.html#reject_unverified_sender">ified_sender</a> fails due to a temporary error condi-
1110
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
1111
<b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
1112
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unver</a>-
1113
<a href="postconf.5.html#reject_unverified_recipient">ified_recipient</a> fails due to a temporary error con-
999
The Postfix SMTP server's reply when rejecting mail with
1000
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
1002
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1003
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
1004
fails due to a temporary error condition.
1006
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1007
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
1008
<a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
1116
1010
Available with Postfix 2.9 and later:
1118
1012
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
1119
The time between changes in the time-dependent por-
1120
tion of address verification probe sender
1013
The time between changes in the time-dependent portion of
1014
address verification probe sender addresses.
1123
1016
<b>ACCESS CONTROL RESPONSES</b>
1124
The following parameters control numerical SMTP reply
1125
codes and/or text responses.
1017
The following parameters control numerical SMTP reply codes and/or text
1127
1020
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
1128
The numerical Postfix SMTP server response code for
1129
an <a href="access.5.html"><b>access</b>(5)</a> map "reject" action.
1021
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
1022
map "reject" action.
1131
1024
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
1132
The numerical Postfix SMTP server response code
1133
when a remote SMTP client request is rejected by
1134
the "defer" restriction.
1025
The numerical Postfix SMTP server response code when a remote
1026
SMTP client request is rejected by the "defer" restriction.
1136
1028
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
1137
The numerical Postfix SMTP server response code
1138
when the client HELO or EHLO command parameter is
1139
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
1029
The numerical Postfix SMTP server response code when the client
1030
HELO or EHLO command parameter is rejected by the
1031
<a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
1142
1033
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
1143
The numerical Postfix SMTP server response code
1144
when a remote SMTP client request is blocked by the
1145
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
1146
<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
1147
<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
1034
The numerical Postfix SMTP server response code when a remote
1035
SMTP client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
1036
<a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
1037
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
1149
1039
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
1150
The numerical Postfix SMTP server reply code when a
1151
client request is rejected by the
1152
<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
1153
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
1040
The numerical Postfix SMTP server reply code when a client
1041
request is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
1042
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
1156
1044
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
1157
The numerical Postfix SMTP server response code
1158
when a request is rejected by the <b>reject_plain-</b>
1159
<b>text_session</b> restriction.
1045
The numerical Postfix SMTP server response code when a request
1046
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
1161
1048
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
1162
The numerical Postfix SMTP server response code
1163
when a remote SMTP client request is rejected by
1164
the "reject" restriction.
1049
The numerical Postfix SMTP server response code when a remote
1050
SMTP client request is rejected by the "reject" restriction.
1166
1052
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
1167
The numerical Postfix SMTP server response code
1168
when a client request is rejected by the
1169
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
1053
The numerical Postfix SMTP server response code when a client
1054
request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
1171
1057
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
1172
The numerical Postfix SMTP server response code
1173
when a sender or recipient address is rejected by
1174
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
1175
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
1058
The numerical Postfix SMTP server response code when a sender or
1059
recipient address is rejected by the
1060
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
1177
1063
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
1178
The numerical Postfix SMTP server response code
1179
when a client without valid address <=> name map-
1180
ping is rejected by the reject_unknown_client_host-
1064
The numerical Postfix SMTP server response code when a client
1065
without valid address <=> name mapping is rejected by the
1066
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
1183
1068
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
1184
The numerical Postfix SMTP server response code
1185
when the hostname specified with the HELO or EHLO
1186
command is rejected by the
1069
The numerical Postfix SMTP server response code when the host-
1070
name specified with the HELO or EHLO command is rejected by the
1187
1071
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
1189
1073
Available in Postfix version 2.0 and later:
1191
1075
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
1192
The default Postfix SMTP server response template
1193
for a request that is rejected by an RBL-based
1076
The default Postfix SMTP server response template for a request
1077
that is rejected by an RBL-based restriction.
1196
1079
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
1197
The numerical Postfix SMTP server response code
1198
when a remote SMTP client request is blocked by the
1199
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
1080
The numerical Postfix SMTP server response code when a remote
1081
SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
1082
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
1201
1084
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
1202
1085
Optional lookup tables with RBL response templates.