« back to all changes in this revision
Viewing changes to html/smtpd.8.html
- browse files at revision 60
- compare with another revision
- download diff
- download tarball
- view history from revision 60
- Committer: Package Import Robot
- Author(s): LaMont Jones, LaMont Jones, localization folks
- Date: 2014-02-11 07:44:30 UTC
- mfrom: (58.1.1 sid)
- Revision ID: package-import@ubuntu.com-20140211074430-kwkoxdz0fbajn0fj
Tags: 2.11.0-1
[LaMont Jones]
* New upstream release: 2.11.0
[localization folks]
* l10n: Updated German translations. Closes: #734893 (Helge Kreutzmann)
* New upstream release: 2.11.0
[localization folks]
* l10n: Updated German translations. Closes: #734893 (Helge Kreutzmann)
- files added:
- README_FILES/FORWARD_SECRECY_README
- src/posttls-finger
- src/posttls-finger/.indent.pro
- files removed:
- src/util/read_wait.c
- files modified:
- .indent.pro
added
removed
html/smtpd.8.html
15
15
<b>sendmail -bs</b>
16
16
17
17
<b>DESCRIPTION</b>
18
The SMTP server accepts network connection requests and
19
performs zero or more SMTP transactions per connection.
20
Each received message is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> dae-
21
mon, and is placed into the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single
22
queue file. For this mode of operation, the program
23
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
24
25
Alternatively, the SMTP server be can run in stand-alone
26
mode; this is traditionally obtained with "<b>sendmail -bs</b>".
27
When the SMTP server runs stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
28
privileges, it receives mail even while the mail system is
29
not running, deposits messages directly into the <b>maildrop</b>
30
queue, and disables the SMTP server's access policies. As
31
of Postfix version 2.3, the SMTP server refuses to receive
32
mail from the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
33
privileges.
34
35
The SMTP server implements a variety of policies for con-
36
nection requests, and for parameters given to <b>HELO, ETRN,</b>
37
<b>MAIL FROM, VRFY</b> and <b>RCPT TO</b> commands. They are detailed
38
below and in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
18
The SMTP server accepts network connection requests and performs zero
19
or more SMTP transactions per connection. Each received message is
20
piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
21
queue as one single queue file. For this mode of operation, the pro-
22
gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
23
24
Alternatively, the SMTP server be can run in stand-alone mode; this is
25
traditionally obtained with "<b>sendmail -bs</b>". When the SMTP server runs
26
stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges, it receives mail even
27
while the mail system is not running, deposits messages directly into
28
the <b>maildrop</b> queue, and disables the SMTP server's access policies. As
29
of Postfix version 2.3, the SMTP server refuses to receive mail from
30
the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges.
31
32
The SMTP server implements a variety of policies for connection
33
requests, and for parameters given to <b>HELO, ETRN, MAIL FROM, VRFY</b> and
34
<b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
35
tion file.
39
36
40
37
<b>SECURITY</b>
41
The SMTP server is moderately security-sensitive. It talks
42
to SMTP clients and to DNS servers on the network. The
43
SMTP server can be run chrooted at fixed low privilege.
38
The SMTP server is moderately security-sensitive. It talks to SMTP
39
clients and to DNS servers on the network. The SMTP server can be run
40
chrooted at fixed low privilege.
44
41
45
42
<b>STANDARDS</b>
46
43
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
64
61
<b>DIAGNOSTICS</b>
65
62
Problems and transactions are logged to <b>syslogd</b>(8).
66
63
67
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
68
the postmaster is notified of bounces, protocol problems,
69
policy violations, and of other trouble.
64
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
65
ter is notified of bounces, protocol problems, policy violations, and
66
of other trouble.
70
67
71
68
<b>CONFIGURATION PARAMETERS</b>
72
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
73
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes run for only a limited amount of time.
74
Use the command "<b>postfix reload</b>" to speed up a change.
69
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes
70
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
71
to speed up a change.
75
72
76
The text below provides only a parameter summary. See
77
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
73
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
74
more details including examples.
78
75
79
76
<b>COMPATIBILITY CONTROLS</b>
80
The following parameters work around implementation errors
81
in other software, and/or allow you to override standards
82
in order to prevent undesirable use.
77
The following parameters work around implementation errors in other
78
software, and/or allow you to override standards in order to prevent
79
undesirable use.
83
80
84
81
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
85
Enable inter-operability with remote SMTP clients
86
that implement an obsolete version of the AUTH com-
87
mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
82
Enable inter-operability with remote SMTP clients that implement
83
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
88
84
89
85
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
90
86
Disable the SMTP VRFY command.
91
87
92
88
<b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b>
93
List of commands that the Postfix SMTP server
94
replies to with "250 Ok", without doing any syntax
95
checks and without changing state.
89
List of commands that the Postfix SMTP server replies to with
90
"250 Ok", without doing any syntax checks and without changing
91
state.
96
92
97
93
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
98
Require that addresses received in SMTP MAIL FROM
99
and RCPT TO commands are enclosed with <>, and that
100
those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com-
101
ments or phrases.
94
Require that addresses received in SMTP MAIL FROM and RCPT TO
95
commands are enclosed with <>, and that those addresses do not
96
contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
102
97
103
98
Available in Postfix version 2.1 and later:
104
99
105
<b><a href="postconf.5.html#resolve_null_domain">resolve_null_domain</a> (no)</b>
106
Resolve an address that ends in the "@" null domain
107
as if the local hostname were specified, instead of
108
rejecting the address as invalid.
109
110
100
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
111
Request that the Postfix SMTP server rejects mail
112
from unknown sender addresses, even when no
113
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
114
is specified.
101
Request that the Postfix SMTP server rejects mail from unknown
102
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
103
access restriction is specified.
115
104
116
105
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
117
What remote SMTP clients the Postfix SMTP server
118
will not offer AUTH support to.
106
What remote SMTP clients the Postfix SMTP server will not offer
107
AUTH support to.
119
108
120
109
Available in Postfix version 2.2 and later:
121
110
122
111
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b>
123
Lookup tables, indexed by the remote SMTP client
124
address, with case insensitive lists of EHLO key-
125
words (pipelining, starttls, auth, etc.) that the
126
Postfix SMTP server will not send in the EHLO
127
response to a remote SMTP client.
112
Lookup tables, indexed by the remote SMTP client address, with
113
case insensitive lists of EHLO keywords (pipelining, starttls,
114
auth, etc.) that the Postfix SMTP server will not send in the
115
EHLO response to a remote SMTP client.
128
116
129
117
<b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b>
130
A case insensitive list of EHLO keywords (pipelin-
131
ing, starttls, auth, etc.) that the Postfix SMTP
132
server will not send in the EHLO response to a
133
remote SMTP client.
118
A case insensitive list of EHLO keywords (pipelining, starttls,
119
auth, etc.) that the Postfix SMTP server will not send in the
120
EHLO response to a remote SMTP client.
134
121
135
122
<b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b>
136
Postpone the start of an SMTP mail transaction
137
until a valid RCPT TO command is received.
123
Postpone the start of an SMTP mail transaction until a valid
124
RCPT TO command is received.
138
125
139
126
Available in Postfix version 2.3 and later:
140
127
141
128
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
142
Force the Postfix SMTP server to issue a TLS ses-
143
sion id, even when TLS session caching is turned
144
off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
129
Force the Postfix SMTP server to issue a TLS session id, even
130
when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
131
<a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
145
132
146
133
Available in Postfix version 2.6 and later:
147
134
148
135
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
149
An optional workaround for routers that break TCP
150
window scaling.
136
An optional workaround for routers that break TCP window scal-
137
ing.
151
138
152
139
Available in Postfix version 2.7 and later:
153
140
154
141
<b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b>
155
A mechanism to transform commands from remote SMTP
156
clients.
142
A mechanism to transform commands from remote SMTP clients.
157
143
158
144
Available in Postfix version 2.9 and later:
159
145
160
146
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
161
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
162
limit, from a time limit per read or write system
163
call, to a time limit to send or receive a complete
164
record (an SMTP command line, SMTP response line,
165
SMTP message content line, or TLS protocol mes-
166
sage).
147
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
148
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
149
system call, to a time limit to send or receive a complete
150
record (an SMTP command line, SMTP response line, SMTP message
151
content line, or TLS protocol message).
167
152
168
153
<b>ADDRESS REWRITING CONTROLS</b>
169
See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
170
discussion of Postfix address rewriting.
154
See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
155
Postfix address rewriting.
171
156
172
157
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
173
Enable or disable recipient validation, built-in
174
content filtering, or address mapping.
158
Enable or disable recipient validation, built-in content filter-
159
ing, or address mapping.
175
160
176
161
Available in Postfix version 2.2 and later:
177
162
178
163
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
179
Rewrite message header addresses in mail from these
180
clients and update incomplete addresses with the
181
domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
182
rewrite message headers from other clients at all,
183
or rewrite message headers and update incomplete
184
addresses with the domain specified in the
185
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
164
Rewrite message header addresses in mail from these clients and
165
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
166
$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
167
clients at all, or rewrite message headers and update incomplete
168
addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
169
<a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
186
170
187
171
<b>BEFORE-SMTPD PROXY AGENT</b>
188
172
Available in Postfix version 2.10 and later:
189
173
190
174
<b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
191
The name of the proxy protocol used by an optional
192
before-smtpd proxy agent.
175
The name of the proxy protocol used by an optional before-smtpd
176
proxy agent.
193
177
194
178
<b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b>
195
The time limit for the proxy protocol specified
196
with the <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
179
The time limit for the proxy protocol specified with the
180
<a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
197
181
198
182
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
199
As of version 1.0, Postfix can be configured to send new
200
mail to an external content filter AFTER the mail is
201
queued. This content filter is expected to inject mail
202
back into a (Postfix or other) MTA for further delivery.
203
See the <a href="FILTER_README.html">FILTER_README</a> document for details.
183
As of version 1.0, Postfix can be configured to send new mail to an
184
external content filter AFTER the mail is queued. This content filter
185
is expected to inject mail back into a (Postfix or other) MTA for fur-
186
ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details.
204
187
205
188
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
206
After the message is queued, send the entire mes-
207
sage to the specified <i>transport:destination</i>.
189
After the message is queued, send the entire message to the
190
specified <i>transport:destination</i>.
208
191
209
192
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
210
As of version 2.1, the Postfix SMTP server can be config-
211
ured to send incoming mail to a real-time SMTP-based con-
212
tent filter BEFORE mail is queued. This content filter is
213
expected to inject mail back into Postfix. See the
214
<a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
193
As of version 2.1, the Postfix SMTP server can be configured to send
194
incoming mail to a real-time SMTP-based content filter BEFORE mail is
195
queued. This content filter is expected to inject mail back into Post-
196
fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
215
197
ure and operate this feature.
216
198
217
199
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
218
The hostname and TCP port of the mail filtering
219
proxy server.
200
The hostname and TCP port of the mail filtering proxy server.
220
201
221
202
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
222
How the Postfix SMTP server announces itself to the
223
proxy filter.
203
How the Postfix SMTP server announces itself to the proxy fil-
204
ter.
224
205
225
206
<b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
226
List of options that control how the Postfix SMTP
227
server communicates with a before-queue content
228
filter.
207
List of options that control how the Postfix SMTP server commu-
208
nicates with a before-queue content filter.
229
209
230
210
<b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
231
The time limit for connecting to a proxy filter and
232
for sending or receiving information.
211
The time limit for connecting to a proxy filter and for sending
212
or receiving information.
233
213
234
214
<b>BEFORE QUEUE MILTER CONTROLS</b>
235
As of version 2.3, Postfix supports the Sendmail version 8
236
Milter (mail filter) protocol. These content filters run
237
outside Postfix. They can inspect the SMTP command stream
238
and the message content, and can request modifications
239
before mail is queued. For details see the <a href="MILTER_README.html">MILTER_README</a>
240
document.
215
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
216
filter) protocol. These content filters run outside Postfix. They can
217
inspect the SMTP command stream and the message content, and can
218
request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>-
219
<a href="MILTER_README.html">TER_README</a> document.
241
220
242
221
<b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
243
A list of Milter (mail filter) applications for new
244
mail that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
222
A list of Milter (mail filter) applications for new mail that
223
arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
245
224
246
225
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
247
The mail filter protocol version and optional pro-
248
tocol extensions for communication with a Milter
249
application; prior to Postfix 2.6 the default pro-
250
tocol is 2.
226
The mail filter protocol version and optional protocol exten-
227
sions for communication with a Milter application; prior to
228
Postfix 2.6 the default protocol is 2.
251
229
252
230
<b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
253
The default action when a Milter (mail filter)
254
application is unavailable or mis-configured.
231
The default action when a Milter (mail filter) application is
232
unavailable or mis-configured.
255
233
256
234
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
257
The {daemon_name} macro value for Milter (mail fil-
258
ter) applications.
235
The {daemon_name} macro value for Milter (mail filter) applica-
236
tions.
259
237
260
238
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
261
The {v} macro value for Milter (mail filter) appli-
262
cations.
239
The {v} macro value for Milter (mail filter) applications.
263
240
264
241
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
265
The time limit for connecting to a Milter (mail
266
filter) application, and for negotiating protocol
267
options.
242
The time limit for connecting to a Milter (mail filter) applica-
243
tion, and for negotiating protocol options.
268
244
269
245
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
270
The time limit for sending an SMTP command to a
271
Milter (mail filter) application, and for receiving
272
the response.
246
The time limit for sending an SMTP command to a Milter (mail
247
filter) application, and for receiving the response.
273
248
274
249
<b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
275
The time limit for sending message content to a
276
Milter (mail filter) application, and for receiving
277
the response.
250
The time limit for sending message content to a Milter (mail
251
filter) application, and for receiving the response.
278
252
279
253
<b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
280
The macros that are sent to Milter (mail filter)
281
applications after completion of an SMTP connec-
282
tion.
254
The macros that are sent to Milter (mail filter) applications
255
after completion of an SMTP connection.
283
256
284
257
<b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
285
The macros that are sent to Milter (mail filter)
286
applications after the SMTP HELO or EHLO command.
258
The macros that are sent to Milter (mail filter) applications
259
after the SMTP HELO or EHLO command.
287
260
288
261
<b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
289
The macros that are sent to Milter (mail filter)
290
applications after the SMTP MAIL FROM command.
262
The macros that are sent to Milter (mail filter) applications
263
after the SMTP MAIL FROM command.
291
264
292
265
<b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
293
The macros that are sent to Milter (mail filter)
294
applications after the SMTP RCPT TO command.
266
The macros that are sent to Milter (mail filter) applications
267
after the SMTP RCPT TO command.
295
268
296
269
<b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
297
The macros that are sent to version 4 or higher
298
Milter (mail filter) applications after the SMTP
299
DATA command.
270
The macros that are sent to version 4 or higher Milter (mail
271
filter) applications after the SMTP DATA command.
300
272
301
273
<b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
302
The macros that are sent to version 3 or higher
303
Milter (mail filter) applications after an unknown
304
SMTP command.
274
The macros that are sent to version 3 or higher Milter (mail
275
filter) applications after an unknown SMTP command.
305
276
306
277
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
307
The macros that are sent to Milter (mail filter)
308
applications after the end of the message header.
278
The macros that are sent to Milter (mail filter) applications
279
after the end of the message header.
309
280
310
281
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
311
The macros that are sent to Milter (mail filter)
312
applications after the message end-of-data.
282
The macros that are sent to Milter (mail filter) applications
283
after the message end-of-data.
313
284
314
285
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
315
The following parameters are applicable for both built-in
316
and external content filters.
286
The following parameters are applicable for both built-in and external
287
content filters.
317
288
318
289
Available in Postfix version 2.1 and later:
319
290
320
291
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
321
Enable or disable recipient validation, built-in
322
content filtering, or address mapping.
292
Enable or disable recipient validation, built-in content filter-
293
ing, or address mapping.
323
294
324
295
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
325
The following parameters are applicable for both before-
326
queue and after-queue content filtering.
296
The following parameters are applicable for both before-queue and
297
after-queue content filtering.
327
298
328
299
Available in Postfix version 2.1 and later:
329
300
330
301
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
331
What remote SMTP clients are allowed to use the
332
XFORWARD feature.
302
What remote SMTP clients are allowed to use the XFORWARD fea-
303
ture.
333
304
334
305
<b>SASL AUTHENTICATION CONTROLS</b>
335
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti-
336
cate remote SMTP clients to the Postfix SMTP server, and
337
to authenticate the Postfix SMTP client to a remote SMTP
338
server. See the <a href="SASL_README.html">SASL_README</a> document for details.
306
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
307
clients to the Postfix SMTP server, and to authenticate the Postfix
308
SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
309
details.
339
310
340
311
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
341
Enable inter-operability with remote SMTP clients
342
that implement an obsolete version of the AUTH com-
343
mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
312
Enable inter-operability with remote SMTP clients that implement
313
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
344
314
345
315
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
346
Enable SASL authentication in the Postfix SMTP
347
server.
316
Enable SASL authentication in the Postfix SMTP server.
348
317
349
318
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
350
The name of the Postfix SMTP server's local SASL
351
authentication realm.
319
The name of the Postfix SMTP server's local SASL authentication
320
realm.
352
321
353
322
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
354
Postfix SMTP server SASL security options; as of
355
Postfix 2.3 the list of available features depends
356
on the SASL server implementation that is selected
357
with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
323
Postfix SMTP server SASL security options; as of Postfix 2.3 the
324
list of available features depends on the SASL server implemen-
325
tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
358
326
359
327
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
360
Optional lookup table with the SASL login names
361
that own sender (MAIL FROM) addresses.
328
Optional lookup table with the SASL login names that own sender
329
(MAIL FROM) addresses.
362
330
363
331
Available in Postfix version 2.1 and later:
364
332
365
333
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
366
What remote SMTP clients the Postfix SMTP server
367
will not offer AUTH support to.
334
What remote SMTP clients the Postfix SMTP server will not offer
335
AUTH support to.
368
336
369
337
Available in Postfix version 2.1 and 2.2:
370
338
371
339
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
372
The application name that the Postfix SMTP server
373
uses for SASL server initialization.
340
The application name that the Postfix SMTP server uses for SASL
341
server initialization.
374
342
375
343
Available in Postfix version 2.3 and later:
376
344
377
345
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
378
Report the SASL authenticated user name in the
379
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
346
Report the SASL authenticated user name in the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received
347
message header.
380
348
381
349
<b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
382
Implementation-specific information that the Post-
383
fix SMTP server passes through to the SASL plug-in
384
implementation that is selected with
385
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
350
Implementation-specific information that the Postfix SMTP server
351
passes through to the SASL plug-in implementation that is
352
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
386
353
387
354
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
388
The SASL plug-in type that the Postfix SMTP server
389
should use for authentication.
355
The SASL plug-in type that the Postfix SMTP server should use
356
for authentication.
390
357
391
358
Available in Postfix version 2.5 and later:
392
359
393
360
<b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
394
Search path for Cyrus SASL application configura-
395
tion files, currently used only to locate the
396
$<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
361
Search path for Cyrus SASL application configuration files, cur-
362
rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
363
364
Available in Postfix version 2.11 and later:
365
366
<b>smtpd_sasl_service (smtp)</b>
367
The service name that is passed to the SASL plug-in that is
368
selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> and <b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a></b>.
397
369
398
370
<b>STARTTLS SUPPORT CONTROLS</b>
399
Detailed information about STARTTLS configuration may be
400
found in the <a href="TLS_README.html">TLS_README</a> document.
371
Detailed information about STARTTLS configuration may be found in the
372
<a href="TLS_README.html">TLS_README</a> document.
401
373
402
374
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
403
The SMTP TLS security level for the Postfix SMTP
404
server; when a non-empty value is specified, this
405
overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
406
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
375
The SMTP TLS security level for the Postfix SMTP server; when a
376
non-empty value is specified, this overrides the obsolete param-
377
eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
407
378
408
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
409
<b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
410
The SASL authentication security options that the
411
Postfix SMTP server uses for TLS encrypted SMTP
412
sessions.
379
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b>
380
The SASL authentication security options that the Postfix SMTP
381
server uses for TLS encrypted SMTP sessions.
413
382
414
383
<b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b>
415
The time limit for Postfix SMTP server write and
416
read operations during TLS startup and shutdown
417
handshake procedures.
384
The time limit for Postfix SMTP server write and read operations
385
during TLS startup and shutdown handshake procedures.
418
386
419
387
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
420
A file containing (PEM format) CA certificates of
421
root CAs trusted to sign either remote SMTP client
422
certificates or intermediate CA certificates.
388
A file containing (PEM format) CA certificates of root CAs
389
trusted to sign either remote SMTP client certificates or inter-
390
mediate CA certificates.
423
391
424
392
<b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
425
A directory containing (PEM format) CA certificates
426
of root CAs trusted to sign either remote SMTP
427
client certificates or intermediate CA certifi-
428
cates.
393
A directory containing (PEM format) CA certificates of root CAs
394
trusted to sign either remote SMTP client certificates or inter-
395
mediate CA certificates.
429
396
430
397
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
431
Force the Postfix SMTP server to issue a TLS ses-
432
sion id, even when TLS session caching is turned
433
off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
398
Force the Postfix SMTP server to issue a TLS session id, even
399
when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
400
<a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
434
401
435
402
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
436
Ask a remote SMTP client for a client certificate.
403
Ask a remote SMTP client for a client certificate.
437
404
438
405
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
439
When TLS encryption is optional in the Postfix SMTP
440
server, do not announce or accept SASL authentica-
441
tion over unencrypted connections.
406
When TLS encryption is optional in the Postfix SMTP server, do
407
not announce or accept SASL authentication over unencrypted con-
408
nections.
442
409
443
410
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
444
The verification depth for remote SMTP client cer-
445
tificates.
411
The verification depth for remote SMTP client certificates.
446
412
447
413
<b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
448
File with the Postfix SMTP server RSA certificate
449
in PEM format.
414
File with the Postfix SMTP server RSA certificate in PEM format.
450
415
451
416
<b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
452
List of ciphers or cipher types to exclude from the
453
SMTP server cipher list at all TLS security levels.
417
List of ciphers or cipher types to exclude from the SMTP server
418
cipher list at all TLS security levels.
454
419
455
420
<b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
456
File with the Postfix SMTP server DSA certificate
457
in PEM format.
421
File with the Postfix SMTP server DSA certificate in PEM format.
458
422
459
423
<b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
460
File with DH parameters that the Postfix SMTP
461
server should use with EDH ciphers.
424
File with DH parameters that the Postfix SMTP server should use
425
with non-export EDH ciphers.
462
426
463
427
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
464
File with DH parameters that the Postfix SMTP
465
server should use with EDH ciphers.
428
File with DH parameters that the Postfix SMTP server should use
429
with export-grade EDH ciphers.
466
430
467
431
<b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
468
File with the Postfix SMTP server DSA private key
469
in PEM format.
432
File with the Postfix SMTP server DSA private key in PEM format.
470
433
471
434
<b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
472
File with the Postfix SMTP server RSA private key
473
in PEM format.
435
File with the Postfix SMTP server RSA private key in PEM format.
474
436
475
437
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
476
Enable additional Postfix SMTP server logging of
477
TLS activity.
438
Enable additional Postfix SMTP server logging of TLS activity.
478
439
479
440
<b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
480
The minimum TLS cipher grade that the Postfix SMTP
481
server will use with mandatory TLS encryption.
441
The minimum TLS cipher grade that the Postfix SMTP server will
442
use with mandatory TLS encryption.
482
443
483
444
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
484
Additional list of ciphers or cipher types to
485
exclude from the Postfix SMTP server cipher list at
486
mandatory TLS security levels.
445
Additional list of ciphers or cipher types to exclude from the
446
Postfix SMTP server cipher list at mandatory TLS security lev-
447
els.
487
448
488
449
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2)</b>
489
The SSL/TLS protocols accepted by the Postfix SMTP
490
server with mandatory TLS encryption.
450
The SSL/TLS protocols accepted by the Postfix SMTP server with
451
mandatory TLS encryption.
491
452
492
453
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
493
Request that the Postfix SMTP server produces
494
Received: message headers that include information
495
about the protocol and cipher used, as well as the
496
remote SMTP client CommonName and client certifi-
497
cate issuer CommonName.
454
Request that the Postfix SMTP server produces Received: message
455
headers that include information about the protocol and cipher
456
used, as well as the remote SMTP client CommonName and client
457
certificate issuer CommonName.
498
458
499
459
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
500
With mandatory TLS encryption, require a trusted
501
remote SMTP client certificate in order to allow
502
TLS connections to proceed.
503
504
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
505
Name of the file containing the optional Postfix
506
SMTP server TLS session cache.
507
508
<b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
509
The expiration time of Postfix SMTP server TLS ses-
510
sion cache information.
460
With mandatory TLS encryption, require a trusted remote SMTP
461
client certificate in order to allow TLS connections to proceed.
511
462
512
463
<b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
513
Run the Postfix SMTP server in the non-standard
514
"wrapper" mode, instead of using the STARTTLS com-
515
mand.
464
Run the Postfix SMTP server in the non-standard "wrapper" mode,
465
instead of using the STARTTLS command.
516
466
517
467
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
518
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
519
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
520
server in order to seed its internal pseudo random
521
number generator (PRNG).
468
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
469
process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
470
internal pseudo random number generator (PRNG).
522
471
523
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
524
<b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
472
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
525
473
The OpenSSL cipherlist for "HIGH" grade ciphers.
526
474
527
475
<b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
528
The OpenSSL cipherlist for "MEDIUM" or higher grade
529
ciphers.
476
The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
530
477
531
478
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
532
The OpenSSL cipherlist for "LOW" or higher grade
533
ciphers.
479
The OpenSSL cipherlist for "LOW" or higher grade ciphers.
534
480
535
481
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
536
The OpenSSL cipherlist for "EXPORT" or higher grade
537
ciphers.
482
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
538
483
539
484
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
540
The OpenSSL cipherlist for "NULL" grade ciphers
541
that provide authentication without encryption.
485
The OpenSSL cipherlist for "NULL" grade ciphers that provide
486
authentication without encryption.
542
487
543
488
Available in Postfix version 2.5 and later:
544
489
545
490
<b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b>
546
The message digest algorithm to construct remote
547
SMTP client-certificate fingerprints or public key
548
fingerprints (Postfix 2.9 and later) for
549
<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
491
The message digest algorithm to construct remote SMTP client-
492
certificate fingerprints or public key fingerprints (Postfix 2.9
493
and later) for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
550
494
551
495
Available in Postfix version 2.6 and later:
552
496
553
497
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
554
List of TLS protocols that the Postfix SMTP server
555
will exclude or include with opportunistic TLS
556
encryption.
498
List of TLS protocols that the Postfix SMTP server will exclude
499
or include with opportunistic TLS encryption.
557
500
558
501
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
559
The minimum TLS cipher grade that the Postfix SMTP
560
server will use with opportunistic TLS encryption.
502
The minimum TLS cipher grade that the Postfix SMTP server will
503
use with opportunistic TLS encryption.
561
504
562
505
<b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
563
File with the Postfix SMTP server ECDSA certificate
564
in PEM format.
506
File with the Postfix SMTP server ECDSA certificate in PEM for-
507
mat.
565
508
566
509
<b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
567
File with the Postfix SMTP server ECDSA private key
568
in PEM format.
510
File with the Postfix SMTP server ECDSA private key in PEM for-
511
mat.
569
512
570
513
<b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
571
The Postfix SMTP server security grade for
572
ephemeral elliptic-curve Diffie-Hellman (EECDH) key
573
exchange.
514
The Postfix SMTP server security grade for ephemeral elliptic-
515
curve Diffie-Hellman (EECDH) key exchange.
574
516
575
517
<b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
576
The elliptic curve used by the Postfix SMTP server
577
for sensibly strong ephemeral ECDH key exchange.
518
The elliptic curve used by the Postfix SMTP server for sensibly
519
strong ephemeral ECDH key exchange.
578
520
579
521
<b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
580
The elliptic curve used by the Postfix SMTP server
581
for maximally strong ephemeral ECDH key exchange.
522
The elliptic curve used by the Postfix SMTP server for maximally
523
strong ephemeral ECDH key exchange.
582
524
583
525
Available in Postfix version 2.8 and later:
584
526
585
527
<b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
586
With SSLv3 and later, use the Postfix SMTP server's
587
cipher preference order instead of the remote
588
client's cipher preference order.
528
With SSLv3 and later, use the Postfix SMTP server's cipher pref-
529
erence order instead of the remote client's cipher preference
530
order.
589
531
590
532
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
591
List or bit-mask of OpenSSL bug work-arounds to
592
disable.
533
List or bit-mask of OpenSSL bug work-arounds to disable.
534
535
Available in Postfix version 2.11 and later:
536
537
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
538
The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
593
539
594
540
<b>OBSOLETE STARTTLS CONTROLS</b>
595
The following configuration parameters exist for compati-
596
bility with Postfix versions before 2.3. Support for these
597
will be removed in a future release.
541
The following configuration parameters exist for compatibility with
542
Postfix versions before 2.3. Support for these will be removed in a
543
future release.
598
544
599
545
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
600
Opportunistic TLS: announce STARTTLS support to
601
remote SMTP clients, but do not require that
602
clients use TLS encryption.
546
Opportunistic TLS: announce STARTTLS support to remote SMTP
547
clients, but do not require that clients use TLS encryption.
603
548
604
549
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
605
Mandatory TLS: announce STARTTLS support to remote
606
SMTP clients, and require that clients use TLS
607
encryption.
550
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
551
and require that clients use TLS encryption.
608
552
609
553
<b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
610
Obsolete Postfix < 2.3 control for the Postfix SMTP
611
server TLS cipher list.
554
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
555
cipher list.
612
556
613
557
<b>VERP SUPPORT CONTROLS</b>
614
With VERP style delivery, each recipient of a message
615
receives a customized copy of the message with his/her own
616
recipient address encoded in the envelope sender address.
617
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
618
details of Postfix support for variable envelope return
619
path addresses. VERP style delivery is requested with the
620
SMTP XVERP command or with the "sendmail -V" command-line
621
option and is available in Postfix version 1.1 and later.
558
With VERP style delivery, each recipient of a message receives a cus-
559
tomized copy of the message with his/her own recipient address encoded
560
in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
561
uration and operation details of Postfix support for variable envelope
562
return path addresses. VERP style delivery is requested with the SMTP
563
XVERP command or with the "sendmail -V" command-line option and is
564
available in Postfix version 1.1 and later.
622
565
623
566
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
624
567
The two default VERP delimiter characters.
625
568
626
569
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
627
The characters Postfix accepts as VERP delimiter
628
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
629
and in SMTP commands.
570
The characters Postfix accepts as VERP delimiter characters on
571
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
630
572
631
573
Available in Postfix version 1.1 and 2.0:
632
574
633
575
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
634
What remote SMTP clients are allowed to specify the
635
XVERP command.
576
What remote SMTP clients are allowed to specify the XVERP com-
577
mand.
636
578
637
579
Available in Postfix version 2.1 and later:
638
580
639
581
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
640
What remote SMTP clients are allowed to specify the
641
XVERP command.
582
What remote SMTP clients are allowed to specify the XVERP com-
583
mand.
642
584
643
585
<b>TROUBLE SHOOTING CONTROLS</b>
644
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
645
the Postfix mail system. The methods vary from making the
646
software log a lot of detail, to running some daemon pro-
647
cesses under control of a call tracer or debugger.
586
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
587
mail system. The methods vary from making the software log a lot of
588
detail, to running some daemon processes under control of a call tracer
589
or debugger.
648
590
649
591
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
650
The increment in verbose logging level when a
651
remote client or server matches a pattern in the
652
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
592
The increment in verbose logging level when a remote client or
593
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
653
594
654
595
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
655
Optional list of remote client or server hostname
656
or network address patterns that cause the verbose
657
logging level to increase by the amount specified
658
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
596
Optional list of remote client or server hostname or network
597
address patterns that cause the verbose logging level to
598
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
659
599
660
600
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
661
The recipient of postmaster notifications about
662
mail delivery problems that are caused by policy,
663
resource, software or protocol errors.
601
The recipient of postmaster notifications about mail delivery
602
problems that are caused by policy, resource, software or proto-
603
col errors.
664
604
665
605
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
666
What categories of Postfix-generated mail are sub-
667
ject to before-queue content inspection by
668
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
606
What categories of Postfix-generated mail are subject to before-
607
queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
608
<a href="postconf.5.html#body_checks">body_checks</a>.
669
609
670
610
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
671
The list of error classes that are reported to the
672
postmaster.
611
The list of error classes that are reported to the postmaster.
673
612
674
613
<b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
675
Optional information that is appended after each
676
Postfix SMTP server 4XX or 5XX response.
614
Optional information that is appended after each Postfix SMTP
615
server 4XX or 5XX response.
677
616
678
617
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
679
Safety net to keep mail queued that would otherwise
680
be returned to the sender.
618
Safety net to keep mail queued that would otherwise be returned
619
to the sender.
681
620
682
621
Available in Postfix version 2.1 and later:
683
622
684
623
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
685
What remote SMTP clients are allowed to use the
686
XCLIENT feature.
624
What remote SMTP clients are allowed to use the XCLIENT feature.
687
625
688
626
Available in Postfix version 2.10 and later:
689
627
690
628
<b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b>
691
Enable logging of the named "permit" actions in
692
SMTP server access lists.
629
Enable logging of the named "permit" actions in SMTP server
630
access lists (by default, the SMTP server logs "reject" actions
631
but not "permit" actions).
693
632
694
633
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
695
As of Postfix version 2.0, the SMTP server rejects mail
696
for unknown recipients. This prevents the mail queue from
697
clogging up with undeliverable MAILER-DAEMON messages.
698
Additional information on this topic is in the
699
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
634
As of Postfix version 2.0, the SMTP server rejects mail for unknown
635
recipients. This prevents the mail queue from clogging up with undeliv-
636
erable MAILER-DAEMON messages. Additional information on this topic is
637
in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
700
638
701
639
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
702
Display the name of the recipient table in the
703
"User unknown" responses.
640
Display the name of the recipient table in the "User unknown"
641
responses.
704
642
705
643
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
706
Optional address mapping lookup tables for message
707
headers and envelopes.
644
Optional address mapping lookup tables for message headers and
645
envelopes.
708
646
709
647
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
710
Optional address mapping lookup tables for envelope
711
and header recipient addresses.
648
Optional address mapping lookup tables for envelope and header
649
recipient addresses.
712
650
713
651
Parameters concerning known/unknown local recipients:
714
652
715
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
716
<b>host)</b>
717
The list of domains that are delivered via the
718
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
653
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
654
The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
655
mail delivery transport.
719
656
720
657
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
721
The network interface addresses that this mail sys-
722
tem receives mail on.
658
The network interface addresses that this mail system receives
659
mail on.
723
660
724
661
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
725
The network interface addresses that this mail sys-
726
tem receives mail on by way of a proxy or network
727
address translation unit.
662
The network interface addresses that this mail system receives
663
mail on by way of a proxy or network address translation unit.
728
664
729
665
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
730
The Internet protocols Postfix will attempt to use
731
when making or accepting connections.
666
The Internet protocols Postfix will attempt to use when making
667
or accepting connections.
732
668
733
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
734
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
735
Lookup tables with all names or addresses of local
736
recipients: a recipient address is local when its
737
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
738
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
669
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
670
Lookup tables with all names or addresses of local recipients: a
671
recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
672
<a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
739
673
740
674
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
741
The numerical Postfix SMTP server response code
742
when a recipient address is local, and
743
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
744
tables that does not match the recipient.
675
The numerical Postfix SMTP server response code when a recipient
676
address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
677
lookup tables that does not match the recipient.
745
678
746
Parameters concerning known/unknown recipients of relay
747
destinations:
679
Parameters concerning known/unknown recipients of relay destinations:
748
680
749
681
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
750
What destination domains (and subdomains thereof)
751
this system will relay mail to.
682
What destination domains (and subdomains thereof) this system
683
will relay mail to.
752
684
753
685
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
754
Optional lookup tables with all valid addresses in
755
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
686
Optional lookup tables with all valid addresses in the domains
687
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
756
688
757
689
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
758
The numerical Postfix SMTP server reply code when a
759
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
760
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
761
tables that does not match the recipient address.
690
The numerical Postfix SMTP server reply code when a recipient
691
address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
692
fies a list of lookup tables that does not match the recipient
693
address.
762
694
763
Parameters concerning known/unknown recipients in virtual
764
alias domains:
695
Parameters concerning known/unknown recipients in virtual alias
696
domains:
765
697
766
698
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
767
Postfix is final destination for the specified list
768
of virtual alias domains, that is, domains for
769
which all addresses are aliased to addresses in
770
other local or remote domains.
699
Postfix is final destination for the specified list of virtual
700
alias domains, that is, domains for which all addresses are
701
aliased to addresses in other local or remote domains.
771
702
772
703
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
773
Optional lookup tables that alias specific mail
774
addresses or domains to other local or remote
775
address.
704
Optional lookup tables that alias specific mail addresses or
705
domains to other local or remote address.
776
706
777
707
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
778
The Postfix SMTP server reply code when a recipient
779
address matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
780
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
781
that does not match the recipient address.
708
The Postfix SMTP server reply code when a recipient address
709
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
710
fies a list of lookup tables that does not match the recipient
711
address.
782
712
783
Parameters concerning known/unknown recipients in virtual
784
mailbox domains:
713
Parameters concerning known/unknown recipients in virtual mailbox
714
domains:
785
715
786
716
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
787
Postfix is final destination for the specified list
788
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
789
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
717
Postfix is final destination for the specified list of domains;
718
mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
719
transport.
790
720
791
721
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
792
Optional lookup tables with all valid addresses in
793
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
722
Optional lookup tables with all valid addresses in the domains
723
that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
794
724
795
725
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
796
The Postfix SMTP server reply code when a recipient
797
address matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
798
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
799
that does not match the recipient address.
726
The Postfix SMTP server reply code when a recipient address
727
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
728
specifies a list of lookup tables that does not match the recip-
729
ient address.
800
730
801
731
<b>RESOURCE AND RATE CONTROLS</b>
802
The following parameters limit resource usage by the SMTP
803
server and/or control client request rates.
732
The following parameters limit resource usage by the SMTP server and/or
733
control client request rates.
804
734
805
735
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
806
Upon input, long lines are chopped up into pieces
807
of at most this length; upon delivery, long lines
808
are reconstructed.
736
Upon input, long lines are chopped up into pieces of at most
737
this length; upon delivery, long lines are reconstructed.
809
738
810
739
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
811
The minimal amount of free space in bytes in the
812
queue file system that is needed to receive mail.
740
The minimal amount of free space in bytes in the queue file sys-
741
tem that is needed to receive mail.
813
742
814
743
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
815
The maximal size in bytes of a message, including
816
envelope information.
744
The maximal size in bytes of a message, including envelope
745
information.
817
746
818
747
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
819
The maximal number of recipients that the Postfix
820
SMTP server accepts per message delivery request.
748
The maximal number of recipients that the Postfix SMTP server
749
accepts per message delivery request.
821
750
822
751
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
823
The time limit for sending a Postfix SMTP server
824
response and for receiving a remote SMTP client
825
request.
752
The time limit for sending a Postfix SMTP server response and
753
for receiving a remote SMTP client request.
826
754
827
755
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
828
The maximal number of lines in the Postfix SMTP
829
server command history before it is flushed upon
830
receipt of EHLO, RSET, or end of DATA.
756
The maximal number of lines in the Postfix SMTP server command
757
history before it is flushed upon receipt of EHLO, RSET, or end
758
of DATA.
831
759
832
760
Available in Postfix version 2.3 and later:
833
761
834
762
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
835
Attempt to look up the remote SMTP client hostname,
836
and verify that the name matches the client IP
837
address.
763
Attempt to look up the remote SMTP client hostname, and verify
764
that the name matches the client IP address.
838
765
839
The per SMTP client connection count and request rate lim-
840
its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
841
vice, and are available in Postfix version 2.2 and later.
766
The per SMTP client connection count and request rate limits are imple-
767
mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
768
Postfix version 2.2 and later.
842
769
843
770
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
844
How many simultaneous connections any client is
845
allowed to make to this service.
771
How many simultaneous connections any client is allowed to make
772
to this service.
846
773
847
774
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
848
The maximal number of connection attempts any
849
client is allowed to make to this service per time
850
unit.
775
The maximal number of connection attempts any client is allowed
776
to make to this service per time unit.
851
777
852
778
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
853
The maximal number of message delivery requests
854
that any client is allowed to make to this service
855
per time unit, regardless of whether or not Postfix
856
actually accepts those messages.
779
The maximal number of message delivery requests that any client
780
is allowed to make to this service per time unit, regardless of
781
whether or not Postfix actually accepts those messages.
857
782
858
783
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
859
The maximal number of recipient addresses that any
860
client is allowed to send to this service per time
861
unit, regardless of whether or not Postfix actually
862
accepts those recipients.
784
The maximal number of recipient addresses that any client is
785
allowed to send to this service per time unit, regardless of
786
whether or not Postfix actually accepts those recipients.
863
787
864
788
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
865
Clients that are excluded from
866
smtpd_client_*_count/rate_limit restrictions.
789
Clients that are excluded from smtpd_client_*_count/rate_limit
790
restrictions.
867
791
868
792
Available in Postfix version 2.3 and later:
869
793
870
794
<b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
871
The maximal number of new (i.e., uncached) TLS ses-
872
sions that a remote SMTP client is allowed to nego-
873
tiate with this service per time unit.
795
The maximal number of new (i.e., uncached) TLS sessions that a
796
remote SMTP client is allowed to negotiate with this service per
797
time unit.
874
798
875
799
Available in Postfix version 2.9 and later:
876
800
877
801
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
878
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> time
879
limit, from a time limit per read or write system
880
call, to a time limit to send or receive a complete
881
record (an SMTP command line, SMTP response line,
882
SMTP message content line, or TLS protocol mes-
883
sage).
802
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
803
<a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
804
system call, to a time limit to send or receive a complete
805
record (an SMTP command line, SMTP response line, SMTP message
806
content line, or TLS protocol message).
884
807
885
808
<b>TARPIT CONTROLS</b>
886
When a remote SMTP client makes errors, the Postfix SMTP
887
server can insert delays before responding. This can help
888
to slow down run-away software. The behavior is con-
889
trolled by an error counter that counts the number of
890
errors within an SMTP session that a client makes without
809
When a remote SMTP client makes errors, the Postfix SMTP server can
810
insert delays before responding. This can help to slow down run-away
811
software. The behavior is controlled by an error counter that counts
812
the number of errors within an SMTP session that a client makes without
891
813
delivering mail.
892
814
893
815
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
894
With Postfix version 2.1 and later: the SMTP server
895
response delay after a client has made more than
896
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
897
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
898
mail.
816
With Postfix version 2.1 and later: the SMTP server response
817
delay after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
818
errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
819
delivering mail.
899
820
900
821
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
901
The number of errors a remote SMTP client is
902
allowed to make without delivering mail before the
903
Postfix SMTP server slows down all its responses.
822
The number of errors a remote SMTP client is allowed to make
823
without delivering mail before the Postfix SMTP server slows
824
down all its responses.
904
825
905
826
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
906
The maximal number of errors a remote SMTP client
907
is allowed to make without delivering mail.
827
The maximal number of errors a remote SMTP client is allowed to
828
make without delivering mail.
908
829
909
830
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
910
The number of junk commands (NOOP, VRFY, ETRN or
911
RSET) that a remote SMTP client can send before the
912
Postfix SMTP server starts to increment the error
913
counter with each junk command.
831
The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
832
remote SMTP client can send before the Postfix SMTP server
833
starts to increment the error counter with each junk command.
914
834
915
835
Available in Postfix version 2.1 and later:
916
836
917
837
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
918
The number of recipients that a remote SMTP client
919
can send in excess of the limit specified with
920
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
921
server increments the per-session error count for
922
each excess recipient.
838
The number of recipients that a remote SMTP client can send in
839
excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
840
before the Postfix SMTP server increments the per-session error
841
count for each excess recipient.
923
842
924
843
<b>ACCESS POLICY DELEGATION CONTROLS</b>
925
As of version 2.1, Postfix can be configured to delegate
926
access policy decisions to an external server that runs
927
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
928
more information.
844
As of version 2.1, Postfix can be configured to delegate access policy
845
decisions to an external server that runs outside Postfix. See the
846
file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
929
847
930
848
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
931
The time after which an idle SMTPD policy service
932
connection is closed.
849
The time after which an idle SMTPD policy service connection is
850
closed.
933
851
934
852
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
935
The time after which an active SMTPD policy service
936
connection is closed.
853
The time after which an active SMTPD policy service connection
854
is closed.
937
855
938
856
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
939
The time limit for connecting to, writing to or
940
receiving from a delegated SMTPD policy server.
857
The time limit for connecting to, writing to or receiving from a
858
delegated SMTPD policy server.
941
859
942
860
<b>ACCESS CONTROLS</b>
943
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
944
all the SMTP server access control features.
861
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
862
server access control features.
945
863
946
864
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
947
Wait until the RCPT TO command before evaluating
948
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
949
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
950
the ETRN command before evaluating
951
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
952
tions.
865
Wait until the RCPT TO command before evaluating
866
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
867
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
868
before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
869
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
953
870
954
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
955
<b>put)</b>
956
What Postfix features match subdomains of
957
"domain.tld" automatically, instead of requiring an
958
explicit ".domain.tld" pattern.
871
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
872
What Postfix features match subdomains of "domain.tld" automati-
873
cally, instead of requiring an explicit ".domain.tld" pattern.
959
874
960
875
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
961
Optional restrictions that the Postfix SMTP server
962
applies in the context of a client connection
963
request.
876
Optional restrictions that the Postfix SMTP server applies in
877
the context of a client connection request.
964
878
965
879
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
966
Require that a remote SMTP client introduces itself
967
with the HELO or EHLO command before sending the
968
MAIL command or other commands that require EHLO
969
negotiation.
880
Require that a remote SMTP client introduces itself with the
881
HELO or EHLO command before sending the MAIL command or other
882
commands that require EHLO negotiation.
970
883
971
884
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
972
Optional restrictions that the Postfix SMTP server
973
applies in the context of a client HELO command.
885
Optional restrictions that the Postfix SMTP server applies in
886
the context of a client HELO command.
974
887
975
888
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
976
Optional restrictions that the Postfix SMTP server
977
applies in the context of a client MAIL FROM com-
978
mand.
889
Optional restrictions that the Postfix SMTP server applies in
890
the context of a client MAIL FROM command.
979
891
980
892
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
981
Optional restrictions that the Postfix SMTP server
982
applies in the context of a client RCPT TO command,
983
after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
893
Optional restrictions that the Postfix SMTP server applies in
894
the context of a client RCPT TO command, after
895
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
984
896
985
897
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
986
Optional restrictions that the Postfix SMTP server
987
applies in the context of a client ETRN command.
898
Optional restrictions that the Postfix SMTP server applies in
899
the context of a client ETRN command.
988
900
989
901
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
990
Forward mail with sender-specified routing
991
(user[@%!]remote[@%!]site) from untrusted clients
992
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
902
Forward mail with sender-specified routing
903
(user[@%!]remote[@%!]site) from untrusted clients to destina-
904
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
993
905
994
906
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
995
User-defined aliases for groups of access restric-
996
tions.
907
User-defined aliases for groups of access restrictions.
997
908
998
909
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
999
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
1000
instead of the null sender address.
910
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
911
the null sender address.
1001
912
1002
913
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
1003
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
1004
access feature to only domains whose primary MX
1005
hosts match the listed networks.
914
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
915
only domains whose primary MX hosts match the listed networks.
1006
916
1007
917
Available in Postfix version 2.0 and later:
1008
918
1009
919
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
1010
Optional access restrictions that the Postfix SMTP
1011
server applies in the context of the SMTP DATA com-
1012
mand.
920
Optional access restrictions that the Postfix SMTP server
921
applies in the context of the SMTP DATA command.
1013
922
1014
923
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
1015
What characters are allowed in $name expansions of
1016
RBL reply templates.
924
What characters are allowed in $name expansions of RBL reply
925
templates.
1017
926
1018
927
Available in Postfix version 2.1 and later:
1019
928
1020
929
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
1021
Request that the Postfix SMTP server rejects mail
1022
from unknown sender addresses, even when no
1023
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
1024
is specified.
930
Request that the Postfix SMTP server rejects mail from unknown
931
sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
932
access restriction is specified.
1025
933
1026
934
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
1027
Request that the Postfix SMTP server rejects mail
1028
for unknown recipient addresses, even when no
1029
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
1030
tion is specified.
935
Request that the Postfix SMTP server rejects mail for unknown
936
recipient addresses, even when no explicit
937
<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
1031
938
1032
939
Available in Postfix version 2.2 and later:
1033
940
1034
941
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
1035
Optional access restrictions that the Postfix SMTP
1036
server applies in the context of the SMTP END-OF-
1037
DATA command.
942
Optional access restrictions that the Postfix SMTP server
943
applies in the context of the SMTP END-OF-DATA command.
1038
944
1039
945
Available in Postfix version 2.10 and later:
1040
946
1041
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
1042
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
1043
Access restrictions for mail relay control that the
1044
Postfix SMTP server applies in the context of the
1045
RCPT TO command, before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restric</a>-
1046
<a href="postconf.5.html#smtpd_recipient_restrictions">tions</a>.
947
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
948
<b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
949
Access restrictions for mail relay control that the Postfix SMTP
950
server applies in the context of the RCPT TO command, before
951
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
1047
952
1048
953
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
1049
Postfix version 2.1 introduces sender and recipient
1050
address verification. This feature is implemented by
1051
sending probe email messages that are not actually deliv-
1052
ered. This feature is requested via the reject_unveri-
1053
fied_sender and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
1054
restrictions. The status of verification probes is main-
1055
tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
1056
<a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure
1057
and operate the Postfix sender/recipient address verifica-
1058
tion service.
954
Postfix version 2.1 introduces sender and recipient address verifica-
955
tion. This feature is implemented by sending probe email messages that
956
are not actually delivered. This feature is requested via the
957
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
958
restrictions. The status of verification probes is maintained by the
959
<a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
960
mation about how to configure and operate the Postfix sender/recipient
961
address verification service.
1059
962
1060
963
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
1061
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
1062
the completion of an address verification request
1063
in progress.
964
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion
965
of an address verification request in progress.
1064
966
1065
967
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
1066
The delay between queries for the completion of an
1067
address verification request in progress.
968
The delay between queries for the completion of an address veri-
969
fication request in progress.
1068
970
1069
971
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
1070
The sender address to use in address verification
1071
probes; prior to Postfix 2.5 the default was "post-
1072
master".
972
The sender address to use in address verification probes; prior
973
to Postfix 2.5 the default was "postmaster".
1073
974
1074
975
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
1075
The numerical Postfix SMTP server response code
1076
when a recipient address is rejected by the
1077
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
976
The numerical Postfix SMTP server response code when a recipient
977
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
1078
978
1079
979
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
1080
The numerical Postfix SMTP server response when a
1081
recipient address is rejected by the reject_unveri-
1082
fied_recipient restriction.
980
The numerical Postfix SMTP server response when a recipient
981
address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
982
tion.
1083
983
1084
984
Available in Postfix version 2.6 and later:
1085
985
1086
986
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
1087
The numerical Postfix SMTP server response code
1088
when a sender address probe fails due to a tempo-
1089
rary error condition.
987
The numerical Postfix SMTP server response code when a sender
988
address probe fails due to a temporary error condition.
1090
989
1091
990
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
1092
The numerical Postfix SMTP server response when a
1093
recipient address probe fails due to a temporary
1094
error condition.
991
The numerical Postfix SMTP server response when a recipient
992
address probe fails due to a temporary error condition.
1095
993
1096
994
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
1097
The Postfix SMTP server's reply when rejecting mail
1098
with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
995
The Postfix SMTP server's reply when rejecting mail with
996
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
1099
997
1100
998
<b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b>
1101
The Postfix SMTP server's reply when rejecting mail
1102
with <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
1103
1104
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
1105
<b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
1106
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unver</a>-
1107
<a href="postconf.5.html#reject_unverified_sender">ified_sender</a> fails due to a temporary error condi-
1108
tion.
1109
1110
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
1111
<b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
1112
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unver</a>-
1113
<a href="postconf.5.html#reject_unverified_recipient">ified_recipient</a> fails due to a temporary error con-
1114
dition.
999
The Postfix SMTP server's reply when rejecting mail with
1000
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
1001
1002
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1003
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
1004
fails due to a temporary error condition.
1005
1006
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1007
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
1008
<a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
1115
1009
1116
1010
Available with Postfix 2.9 and later:
1117
1011
1118
1012
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
1119
The time between changes in the time-dependent por-
1120
tion of address verification probe sender
1121
addresses.
1013
The time between changes in the time-dependent portion of
1014
address verification probe sender addresses.
1122
1015
1123
1016
<b>ACCESS CONTROL RESPONSES</b>
1124
The following parameters control numerical SMTP reply
1125
codes and/or text responses.
1017
The following parameters control numerical SMTP reply codes and/or text
1018
responses.
1126
1019
1127
1020
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
1128
The numerical Postfix SMTP server response code for
1129
an <a href="access.5.html"><b>access</b>(5)</a> map "reject" action.
1021
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
1022
map "reject" action.
1130
1023
1131
1024
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
1132
The numerical Postfix SMTP server response code
1133
when a remote SMTP client request is rejected by
1134
the "defer" restriction.
1025
The numerical Postfix SMTP server response code when a remote
1026
SMTP client request is rejected by the "defer" restriction.
1135
1027
1136
1028
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
1137
The numerical Postfix SMTP server response code
1138
when the client HELO or EHLO command parameter is
1139
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
1140
restriction.
1029
The numerical Postfix SMTP server response code when the client
1030
HELO or EHLO command parameter is rejected by the
1031
<a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
1141
1032
1142
1033
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
1143
The numerical Postfix SMTP server response code
1144
when a remote SMTP client request is blocked by the
1145
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
1146
<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
1147
<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
1034
The numerical Postfix SMTP server response code when a remote
1035
SMTP client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
1036
<a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
1037
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
1148
1038
1149
1039
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
1150
The numerical Postfix SMTP server reply code when a
1151
client request is rejected by the
1152
<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
1153
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
1154
restriction.
1040
The numerical Postfix SMTP server reply code when a client
1041
request is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
1042
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
1155
1043
1156
1044
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
1157
The numerical Postfix SMTP server response code
1158
when a request is rejected by the <b>reject_plain-</b>
1159
<b>text_session</b> restriction.
1045
The numerical Postfix SMTP server response code when a request
1046
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
1160
1047
1161
1048
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
1162
The numerical Postfix SMTP server response code
1163
when a remote SMTP client request is rejected by
1164
the "reject" restriction.
1049
The numerical Postfix SMTP server response code when a remote
1050
SMTP client request is rejected by the "reject" restriction.
1165
1051
1166
1052
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
1167
The numerical Postfix SMTP server response code
1168
when a client request is rejected by the
1169
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
1053
The numerical Postfix SMTP server response code when a client
1054
request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
1055
restriction.
1170
1056
1171
1057
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
1172
The numerical Postfix SMTP server response code
1173
when a sender or recipient address is rejected by
1174
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
1175
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
1058
The numerical Postfix SMTP server response code when a sender or
1059
recipient address is rejected by the
1060
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
1061
restriction.
1176
1062
1177
1063
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
1178
The numerical Postfix SMTP server response code
1179
when a client without valid address <=> name map-
1180
ping is rejected by the reject_unknown_client_host-
1181
name restriction.
1064
The numerical Postfix SMTP server response code when a client
1065
without valid address <=> name mapping is rejected by the
1066
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
1182
1067
1183
1068
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
1184
The numerical Postfix SMTP server response code
1185
when the hostname specified with the HELO or EHLO
1186
command is rejected by the
1069
The numerical Postfix SMTP server response code when the host-
1070
name specified with the HELO or EHLO command is rejected by the
1187
1071
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
1188
1072
1189
1073
Available in Postfix version 2.0 and later:
1190
1074
1191
1075
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
1192
The default Postfix SMTP server response template
1193
for a request that is rejected by an RBL-based
1194
restriction.
1076
The default Postfix SMTP server response template for a request
1077
that is rejected by an RBL-based restriction.
1195
1078
1196
1079
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
1197
The numerical Postfix SMTP server response code
1198
when a remote SMTP client request is blocked by the
1199
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
1080
The numerical Postfix SMTP server response code when a remote
1081
SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
1082
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
1200
1083
1201
1084
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
1202
1085
Optional lookup tables with RBL response templates.
1204
1087
Available in Postfix version 2.6 and later:
1205
1088
1206
1089
<b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
1207
The numerical Postfix SMTP server response code for
1208
an <a href="access.5.html"><b>access</b>(5)</a> map "defer" action, including
1209
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
1090
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
1091
map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
1092
"<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
1210
1093
1211
1094
<b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
1212
The Postfix SMTP server's action when a reject-type
1213
restriction fails due to a temporary error condi-
1214
tion.
1095
The Postfix SMTP server's action when a reject-type restriction
1096
fails due to a temporary error condition.
1215
1097
1216
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
1217
<b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
1218
The Postfix SMTP server's action when
1219
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> fails due to an tempo-
1220
rary error condition.
1098
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1099
The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
1100
<a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
1221
1101
1222
1102
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
1223
The Postfix SMTP server's action when
1224
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
1225
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a tem-
1226
porary error condition.
1103
The Postfix SMTP server's action when
1104
<a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
1105
fail due to a temporary error condition.
1227
1106
1228
1107
<b>MISCELLANEOUS CONTROLS</b>
1229
1108
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
1230
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
1231
<a href="master.5.html">master.cf</a> configuration files.
1109
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
1110
figuration files.
1232
1111
1233
1112
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
1234
How much time a Postfix daemon process may take to
1235
handle a request before it is terminated by a
1236
built-in watchdog timer.
1113
How much time a Postfix daemon process may take to handle a
1114
request before it is terminated by a built-in watchdog timer.
1237
1115
1238
1116
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
1239
The location of all postfix administrative com-
1240
mands.
1117
The location of all postfix administrative commands.
1241
1118
1242
1119
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
1243
The sender address of postmaster notifications that
1244
are generated by the mail system.
1120
The sender address of postmaster notifications that are gener-
1121
ated by the mail system.
1245
1122
1246
1123
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
1247
The time limit for sending or receiving information
1248
over an internal communication channel.
1124
The time limit for sending or receiving information over an
1125
internal communication channel.
1249
1126
1250
1127
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
1251
The mail system name that is displayed in Received:
1252
headers, in the SMTP greeting banner, and in
1253
bounced mail.
1128
The mail system name that is displayed in Received: headers, in
1129
the SMTP greeting banner, and in bounced mail.
1254
1130
1255
1131
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
1256
The UNIX system account that owns the Postfix queue
1257
and most Postfix daemon processes.
1132
The UNIX system account that owns the Postfix queue and most
1133
Postfix daemon processes.
1258
1134
1259
1135
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
1260
The maximum amount of time that an idle Postfix
1261
daemon process waits for an incoming connection
1262
before terminating voluntarily.
1136
The maximum amount of time that an idle Postfix daemon process
1137
waits for an incoming connection before terminating voluntarily.
1263
1138
1264
1139
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
1265
The maximal number of incoming connections that a
1266
Postfix daemon process will service before termi-
1267
nating voluntarily.
1140
The maximal number of incoming connections that a Postfix daemon
1141
process will service before terminating voluntarily.
1268
1142
1269
1143
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
1270
1144
The internet hostname of this mail system.
1271
1145
1272
1146
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
1273
The list of "trusted" remote SMTP clients that have
1274
more privileges than "strangers".
1147
The list of "trusted" remote SMTP clients that have more privi-
1148
leges than "strangers".
1275
1149
1276
1150
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
1277
The domain name that locally-posted mail appears to
1278
come from, and that locally posted mail is deliv-
1279
ered to.
1151
The domain name that locally-posted mail appears to come from,
1152
and that locally posted mail is delivered to.
1280
1153
1281
1154
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
1282
The process ID of a Postfix command or daemon
1283
process.
1155
The process ID of a Postfix command or daemon process.
1284
1156
1285
1157
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
1286
The process name of a Postfix command or daemon
1287
process.
1158
The process name of a Postfix command or daemon process.
1288
1159
1289
1160
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
1290
The location of the Postfix top-level queue direc-
1291
tory.
1161
The location of the Postfix top-level queue directory.
1292
1162
1293
1163
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
1294
The separator between user names and address exten-
1295
sions (user+foo).
1164
The set of characters that can separate a user name from its
1165
extension (example: user+foo), or a .forward file name from its
1166
extension (example: .forward+foo).
1296
1167
1297
1168
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
1298
The text that follows the 220 status code in the
1299
SMTP greeting banner.
1169
The text that follows the 220 status code in the SMTP greeting
1170
banner.
1300
1171
1301
1172
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
1302
1173
The syslog facility of Postfix logging.
1303
1174
1304
1175
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
1305
The mail system name that is prepended to the
1306
process name in syslog records, so that "smtpd"
1307
becomes, for example, "postfix/smtpd".
1176
The mail system name that is prepended to the process name in
1177
syslog records, so that "smtpd" becomes, for example, "post-
1178
fix/smtpd".
1308
1179
1309
1180
Available in Postfix version 2.2 and later:
1310
1181
1311
1182
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
1312
List of commands that cause the Postfix SMTP server
1313
to immediately terminate the session with a 221
1314
code.
1183
List of commands that cause the Postfix SMTP server to immedi-
1184
ately terminate the session with a 221 code.
1315
1185
1316
1186
Available in Postfix version 2.5 and later:
1317
1187
1318
1188
<b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b>
1319
Enable logging of the remote SMTP client port in
1320
addition to the hostname and IP address.
1189
Enable logging of the remote SMTP client port in addition to the
1190
hostname and IP address.
1321
1191
1322
1192
<b>SEE ALSO</b>
1323
1193
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
1346
1216
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
1347
1217
1348
1218
<b>LICENSE</b>
1349
The Secure Mailer license must be distributed with this
1350
software.
1219
The Secure Mailer license must be distributed with this software.
1351
1220
1352
1221
<b>AUTHOR(S)</b>
1353
1222
Wietse Venema
Loggerhead is a web-based interface for Breezy
Version: 2.0.1