--TDICT_UNION
-TABOUNCE
-TADDR_MATCH_LIST
-TADDR_PATTERN
-TASN1_INTEGER
-TASN1_OBJECT
-TATTR_CLNT
+-TATTR_OVER_INT
+-TATTR_OVER_STR
+-TATTR_OVER_TIME
-TATTR_TABLE
-TAUTHORITY_KEYID
-TAUTO_CLNT
-TCONFIG_STR_TABLE
-TCONFIG_TIME_FN_TABLE
-TCONFIG_TIME_TABLE
+-TCONST_CHAR_STAR
-TCRYPTO_EX_DATA
-TCTABLE
-TCTABLE_ENTRY
-TDICT_TCP
-TDICT_TEXT
-TDICT_THASH
+-TDICT_UNION
-TDICT_UNIX
-TDNS_FIXED
-TDNS_REPLY
-TSMTPD_CMD
-TSMTPD_DEFER
-TSMTPD_ENDPT_LOOKUP_INFO
+-TSMTPD_POLICY_CLNT
-TSMTPD_PROXY
-TSMTPD_RBL_EXPAND_CONTEXT
-TSMTPD_RBL_STATE
domain names in permit_mx_backup, check_mumble_{a,mx,ns}_access
and reject_unknown_{sender,recipient}_domain. Mark Martinec.
File: smtpd/smtpd_check.c.
+
+20140925
+
+ Cleanup: support for per-Milter settings, for example:
+ smtpd_milters = {inet:host:port, default_action=accept,
+ ...}. Specify the Milter endpoint address followed by zero
+ or more attribute=value pairs separated by comma or space.
+ The supported attributes are command_timeout, connect_timeout,
+ content_timeout, default_action, and protocol. These have
+ the same names as the corresponding main.cf parameters,
+ minus the "milter_" prefix. Files: global/mail_conf_over.c,
+ global/mail_conf_str.c, global/mail_conf_time.c,
+ global/mail_conf.h, milter/milters.c.
+
+20140927
+
+ Cleanup: specify { name = value } in per-Milter settings, to support
+ space around the "=" or comma/space within the value. Files:
+ global/attr_over.[hc].
+
+ Cleanup: "postconf -n" now only shows config_directory when
+ an override is in effect (environment, -c or -o).
+
+ Cleanup: support for master.cf arguments inside {}, to
+ protect arguments that contain whitespace. File:
+ master/master_ent.c, postconf/postconf_master.c,
+ postconf/test59.ref.
+
+ Cleanup: support for per-policy client settings, for example:
+ check_policy_service {inet:host:port, default_action=dunno,
+ timeout=50s, ...}. Specify the policy server endpoint address
+ followed by zero or more attribute=value pairs separated
+ by comma or space. Specify { name = value } for attributes
+ that contain whitespace; otherwise, space is not allowed
+ around the "=". The supported attributes are default_action,
+ max_idle, max_ttl, request_limit, retry_delay, timeout, and
+ try_limit. These have the same names as the corresponding
+ main.cf parameters, minus the "smtpd_policy_service_" prefix.
+ Files: global/mail_conf_int.c, global/mail_conf.h,
+ global/attr_override.[hc], smtpd/smtpd_check.c.
+
+20140928
+
+ Cleanup: extpar.c module to reduce code duplication. Files:
+ global/attr_override.c, master/master_ent.c, milter/milter.c,
+ postconf/postconf_dbms.c, postconf/postconf_master.c,
+ smtpd/smtpd_check.c, util/extpar.c, util/stringops.h.
+
+ Cleanup: the table-driven code for per-Milter and per-policy
+ overrides now updates stack-based variables, instead of
+ (ugh) statically-allocated variables. Files:
+ global/attr_override.[hc], smtpd/smtpd_check.c, milter/milter.c.
+
+ Documentation: added advanced configuration sections for
+ how to use per-Milter and per-policy settings. Files:
+ proto/SMTPD_POLICY_README.html, proto/MILTER_README.html.
+
+ Cleanup: force LANG=C to prevent groff from outputting
+ non-ASCII cruft into the HTML-ized manpages. Files:
+ html/Makefile.in, proto/Makefile.in, many HTML output
+ files.
SHELL = /bin/sh
WARN = -Wmissing-prototypes -Wformat -Wno-comment
OPTS = 'WARN=$(WARN)'
-DIRS = src/util src/global src/dns src/tls src/xsasl src/milter src/master \
+DIRS = src/util src/global src/dns src/tls src/xsasl src/master src/milter \
src/postfix src/fsstone src/smtpstone \
src/sendmail src/error src/pickup src/cleanup src/smtpd src/local \
src/trivial-rewrite src/qmgr src/oqmgr src/smtp src/bounce \
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx
Like Sendmail, Postfix has a lot of configuration options that control how it
-talks to Milter applications. With the initial Postfix Milter protocol
-implementation, many options are global, that is, they apply to all Milter
-applications. Future Postfix versions may support per-Milter timeouts, per-
-Milter error handling, etc.
+talks to Milter applications. Besides global options that apply to all Milter
+applications, Postfix 2.12 and later support per-Milter timeouts, per-Milter
+error handling, etc.
Information in this section:
* Milter error handling
* Milter protocol version
* Milter protocol timeouts
+ * Different settings for different Milter applications
* Sendmail macro emulation
S\bSM\bMT\bTP\bP-\b-O\bOn\bnl\bly\by M\bMi\bil\blt\bte\ber\br a\bap\bpp\bpl\bli\bic\bca\bat\bti\bio\bon\bns\bs
# or quarantine (Postfix 2.6 or later).
milter_default_action = tempfail
+See "Different settings for different Milter applications" for advanced
+configuration options.
+
M\bMi\bil\blt\bte\ber\br p\bpr\bro\bot\bto\boc\bco\bol\bl v\bve\ber\brs\bsi\bio\bon\bn
As Postfix is not built with the Sendmail libmilter library, you may need to
and later will automatically turn off protocol features that the application's
libmilter library does not expect.
+See "Different settings for different Milter applications" for advanced
+configuration options.
+
M\bMi\bil\blt\bte\ber\br p\bpr\bro\bot\bto\boc\bco\bol\bl t\bti\bim\bme\beo\bou\but\bts\bs
Postfix uses different time limits at different Milter protocol stages. The
clients may hang up and mail may be delivered multiple times. This is an
inherent problem with before-queue filtering.
+See "Different settings for different Milter applications" for advanced
+configuration options.
+
+D\bDi\bif\bff\bfe\ber\bre\ben\bnt\bt s\bse\bet\btt\bti\bin\bng\bgs\bs f\bfo\bor\br d\bdi\bif\bff\bfe\ber\bre\ben\bnt\bt M\bMi\bil\blt\bte\ber\br a\bap\bpp\bpl\bli\bic\bca\bat\bti\bio\bon\bns\bs
+
+The previous sections list a number of Postfix main.cf parameters that control
+time limits and other settings for all Postfix Milter clients. This is
+sufficient for simple configurations. With more complex configurations it
+becomes desirable to have different settings for different Milter clients. This
+is supported with Postfix 2.12 and later.
+
+The following example shows a "non-critical" Milter client with a short connect
+timeout, and with "accept" as default action when the service is unvailable.
+
+ 1 /etc/postfix/main.cf:
+ 2 smtpd_milters = { inet:host:port,
+ 3 connect_timeout=10s, default_action=accept }
+
+Instead of a server endpoint, we now have a list enclosed in {}.
+
+ * Line 2: The first item in the list is the server endpoint. This supports
+ the exact same "inet" and "unix" syntax as described earlier.
+
+ * Line 3: The remainder of the list contains per-Milter settings. These
+ settings override global main.cf parameters, and have the same name as
+ those parameters, without the "milter_" prefix.
+
+Inside the list, syntax is similar to what we already know from main.cf: items
+separated by space or comma. There is one difference: y\byo\bou\bu m\bmu\bus\bst\bt e\ben\bnc\bcl\blo\bos\bse\be a\ba
+s\bse\bet\btt\bti\bin\bng\bg i\bin\bn p\bpa\bar\bre\ben\bnt\bth\bhe\bes\bse\bes\bs,\b, a\bas\bs i\bin\bn "\b"{\b{ n\bna\bam\bme\be =\b= v\bva\bal\blu\bue\be }\b}"\b",\b, i\bif\bf y\byo\bou\bu w\bwa\ban\bnt\bt t\bto\bo h\bha\bav\bve\be s\bsp\bpa\bac\bce\be
+w\bwi\bit\bth\bhi\bin\bn a\ba v\bva\bal\blu\bue\be o\bor\br a\bar\bro\bou\bun\bnd\bd "\b"=\b="\b".
+
S\bSe\ben\bnd\bdm\bma\bai\bil\bl m\bma\bac\bcr\bro\bo e\bem\bmu\bul\bla\bat\bti\bio\bon\bn
Postfix emulates a limited number of Sendmail macros, as shown in the table.
This document covers the following topics:
* Policy protocol description
- * Policy client/server configuration
+ * Simple policy client/server configuration
+ * Advanced policy client configuration
* Example: greylist policy server
* Greylisting mail from frequently forged domains
* Greylisting all your mail
must log a warning and disconnect. Postfix will retry the request at some later
time.
-P\bPo\bol\bli\bic\bcy\by c\bcl\bli\bie\ben\bnt\bt/\b/s\bse\ber\brv\bve\ber\br c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn
+S\bSi\bim\bmp\bpl\ble\be p\bpo\bol\bli\bic\bcy\by c\bcl\bli\bie\ben\bnt\bt/\b/s\bse\ber\brv\bve\ber\br c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn
The Postfix delegated policy client can connect to a TCP socket or to a UNIX-
domain socket. Examples:
the service name of the master.cf entry for the policy daemon service. In
the above examples, the service name is "policy" or "127.0.0.1:9998".
+A\bAd\bdv\bva\ban\bnc\bce\bed\bd p\bpo\bol\bli\bic\bcy\by c\bcl\bli\bie\ben\bnt\bt c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn
+
+The previous section lists a number of Postfix main.cf parameters that control
+time limits and other settings for all policy clients. This is sufficient for
+simple configurations. With more complex configurations it becomes desirable to
+have different settings per policy client. This is supported with Postfix 2.12
+and later.
+
+The following example shows a "non-critical" policy service with a short
+timeout, and with "DUNNO" as default action when the service is unvailable. The
+"DUNNO" action causes Postfix to ignore the result.
+
+ 1 /etc/postfix/main.cf:
+ 2 smtpd_recipient_restrictions =
+ 3 ...
+ 4 reject_unauth_destination
+ 5 check_policy_service { inet:host:port,
+ 6 timeout=10s, default_action=DUNNO }
+ 8 ...
+
+Instead of a server endpoint, we now have a list enclosed in {}.
+
+ * Line 5: The first item in the list is the server endpoint. This supports
+ the exact same "inet" and "unix" syntax as described earlier.
+
+ * Line 6: The remainder of the list contains per-client settings. These
+ settings override global main.cf parameters, and have the same name as
+ those parameters, without the "smtpd_policy_service_" prefix.
+
+Inside the list, syntax is similar to what we already know from main.cf: items
+separated by space or comma. There is one difference: y\byo\bou\bu m\bmu\bus\bst\bt e\ben\bnc\bcl\blo\bos\bse\be a\ba
+s\bse\bet\btt\bti\bin\bng\bg i\bin\bn p\bpa\bar\bre\ben\bnt\bth\bhe\bes\bse\bes\bs,\b, a\bas\bs i\bin\bn "\b"{\b{ n\bna\bam\bme\be =\b= v\bva\bal\blu\bue\be }\b}"\b",\b, i\bif\bf y\byo\bou\bu w\bwa\ban\bnt\bt t\bto\bo h\bha\bav\bve\be s\bsp\bpa\bac\bce\be
+w\bwi\bit\bth\bhi\bin\bn a\ba v\bva\bal\blu\bue\be o\bor\br a\bar\bro\bou\bun\bnd\bd "\b"=\b="\b". This comes in handy when different policy servers
+require different default actions with different SMTP status codes or text:
+
+ 1 /etc/postfix/main.cf:
+ 2 smtpd_recipient_restrictions =
+ 3 ...
+ 4 reject_unauth_destination
+ 5 check_policy_service {
+ 6 inet:host:port1,
+ 7 { default_action = 451 4.3.5 See http://www.example.com/
+ support1 }
+ 8 }
+ 9 ...
+
E\bEx\bxa\bam\bmp\bpl\ble\be:\b: g\bgr\bre\bey\byl\bli\bis\bst\bt p\bpo\bol\bli\bic\bcy\by s\bse\ber\brv\bve\ber\br
Greylisting is a defense against junk email that is described at http://
(mantools/srctoman - makedefs | nroff -man | less) with information
about build options that are not described in the INSTALL instructions.
+Major changes with snapshot 20140928
+====================================
+
+Support for per-Milter settings that override main.cf parameters.
+For details see the section "Advanced policy client configuration"
+in the SMTPD_POLICY_README document.
+
+Here is an example that uses both old and new syntax:
+
+ smtpd_milters = { inet:127.0.0.1:port1, default_action=accept, ... },
+ inet:127.0.0.1:port2, ...
+
+The per-milter settings are specified as attribute=value pairs
+separated by comma or space; specify { name = value } to allow
+spaces around the "=" or within an attribute value.
+
+The supported attribute names are: command_timeout, connect_timeout,
+content_timeout, default_action, and protocol. These have the same
+names as the corresponding main.cf parameters, without the "milter_"
+prefix.
+
+Support for per-policy service settings that override main.cf
+parameters. For details see the section "Different settings for
+different Milter applications" in the MILTER_README document.
+
+Here is an example that uses both old and new syntax:
+
+smtpd_recipient_restrictions = ...
+ check_policy_service { inet:127.0.0.1:port3, default_action=DUNNO }
+ check_policy_service inet:127.0.0.1:port4
+ ...
+
+The per-policy service settings are specified as attribute=value pairs
+separated by comma or space; specify { name = value } to allow
+spaces around the "=" or within an attribute value.
+
+The supported attribute names are: default_action, max_idle, max_ttl,
+request_limit, retry_delay, timeout, try_limit. These have the same
+names as the corresponding main.cf parameters, without the
+"smtpd_policy_service_" prefix.
+
+
Major changes with snapshot 20140921
====================================
up-convert myhostname to UTF-8 in MIME boundary strings?
+ Eliminate code duplication between pcf_print_master_field()
+ and pcf_print_master_entry().
+
Introduce constants to replace all the ad-hoc ", \t\r\n"
etc. for tokenization. That will have to go into an "util"
file because match_strings(3), dict_pipe(3) and dict_random(3)
depend on these definitions.
+ Error reporting: see if pcf_check_master_entry() and children
+ can return error descriptions instread of terminating with
+ a fatal error.
+
Make sure that proxy: can handle random:, pipe:, and other
multimaps.
<h2><a name="config">Configuring Postfix</a></h2>
<p> Like Sendmail, Postfix has a lot of configuration options that
-control how it talks to Milter applications. With the initial Postfix
-Milter protocol implementation, many options are global, that is,
-they apply to all Milter applications. Future Postfix versions may
+control how it talks to Milter applications. Besides global options
+that apply to all Milter applications, Postfix 2.12 and later
support per-Milter timeouts, per-Milter error handling, etc. </p>
<p> Information in this section: </p>
<li><a href="#timeouts">Milter protocol timeouts</a>
+<li><a href="#per-milter">Different settings for different Milter
+applications </a>
+
<li><a href="#macros">Sendmail macro emulation</a>
</ul>
</pre>
</blockquote>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
<h3><a name="version">Milter protocol version</a></h3>
<p> As Postfix is not built with the Sendmail libmilter library,
features that the application's libmilter library does not expect.
</p>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
<h3><a name="timeouts">Milter protocol timeouts</a></h3>
<p> Postfix uses different time limits at different Milter protocol
multiple times. This is an inherent problem with before-queue
filtering. </p>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
+<h3><a name="per-milter">Different settings for different Milter
+applications </a></h3>
+
+<p> The previous sections list a number of Postfix <a href="postconf.5.html">main.cf</a> parameters
+that control time limits and other settings for all Postfix Milter
+clients. This is sufficient for simple configurations. With more
+complex configurations it becomes desirable to have different
+settings for different Milter clients. This is supported with Postfix
+2.12 and later. </p>
+
+<p> The following example shows a "non-critical" Milter client with
+a short connect timeout, and with "accept" as default action when
+the service is unvailable. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> = { inet:host:port,
+3 connect_timeout=10s, default_action=accept }
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 2: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 3: The remainder of the list contains per-Milter
+settings. These settings override global <a href="postconf.5.html">main.cf</a> parameters, and
+have the same name as those parameters, without the "milter_" prefix.
+</p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+<a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space within a value or around "="</b>.
+</p>
+
<h3><a name="macros">Sendmail macro emulation</a></h3>
<p> Postfix emulates a limited number of Sendmail macros, as shown
OTHER = postfix-manuals.html
AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
-NROFF = GROFF_NO_SGR=1 nroff
+NROFF = LANG=C GROFF_NO_SGR=1 nroff
update: $(DAEMONS) $(COMMANDS) $(CONFIG) $(OTHER)
<li><a href="#protocol">Policy protocol description</a>
-<li><a href="#client_config">Policy client/server configuration</a>
+<li><a href="#client_config">Simple policy client/server configuration</a>
+
+<li><a href="#advanced">Advanced policy client configuration</a>
<li><a href="#greylist">Example: greylist policy server</a>
Instead the server must log a warning and disconnect. Postfix will
retry the request at some later time. </p>
-<h2><a name="client_config">Policy client/server configuration</a></h2>
+<h2><a name="client_config">Simple policy client/server configuration</a></h2>
<p> The Postfix delegated policy client can connect to a TCP socket
or to a UNIX-domain socket. Examples: </p>
</ul>
+<h2><a name="advanced">Advanced policy client configuration</a></h2>
+
+<p> The previous section lists a number of Postfix <a href="postconf.5.html">main.cf</a> parameters
+that control time limits and other settings for all policy clients.
+This is sufficient for simple configurations. With more complex
+configurations it becomes desirable to have different settings per
+policy client. This is supported with Postfix 2.12 and later. </p>
+
+<p> The following example shows a "non-critical" policy service
+with a short timeout, and with "DUNNO" as default action when the
+service is unvailable. The "DUNNO" action causes Postfix to ignore
+the result. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+3 ...
+4 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+5 <a href="postconf.5.html#check_policy_service">check_policy_service</a> { inet:host:port,
+6 timeout=10s, default_action=DUNNO }
+8 ...
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 5: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 6: The remainder of the list contains per-client
+settings. These settings override global <a href="postconf.5.html">main.cf</a> parameters,
+and have the same name as those parameters, without the
+"smtpd_policy_service_" prefix. </p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+<a href="postconf.5.html">main.cf</a>: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space within a value or around "="</b>.
+This comes in handy when different policy servers require different
+default actions with different SMTP status codes or text: </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
+2 <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
+3 ...
+4 <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>
+5 <a href="postconf.5.html#check_policy_service">check_policy_service</a> {
+6 inet:host:port1,
+7 { default_action = 451 4.3.5 See <a href="http://www.example.com/support1">http://www.example.com/support1</a> }
+8 }
+9 ...
+</pre>
+</blockquote>
+
<h2><a name="greylist">Example: greylist policy server</a></h2>
<p> Greylisting is a defense against junk email that is described at
<b>DESCRIPTION</b>
The Postfix <a href="bounce.8.html"><b>bounce</b>(8)</a> server produces delivery status notification
- (DSN) messages for undeliverable mail, delayed mail, successful deliv‐
+ (DSN) messages for undeliverable mail, delayed mail, successful deliv-
ery or address verification requests.
By default, these notifications are generated from built-in templates
with message headers and message text. Sites can override the built-in
- information by specifying a bounce template file with the <b>bounce_tem</b>‐\b‐
- <b>plate_file</b> configuration parameter.
+ information by specifying a bounce template file with the <b><a href="postconf.5.html#bounce_template_file">bounce_tem</a>-</b>
+ <b><a href="postconf.5.html#bounce_template_file">plate_file</a></b> configuration parameter.
- This document describes the general procedure to create a bounce tem‐
- plate file, followed by the specific details of bounce template for‐
+ This document describes the general procedure to create a bounce tem-
+ plate file, followed by the specific details of bounce template for-
mats.
<b>GENERAL PROCEDURE</b>
expansion of time value parameters that appear in the delayed mail
notification text.
- Once the result is satisfactory, copy the template to the Postfix con‐
+ Once the result is satisfactory, copy the template to the Postfix con-
figuration directory and specify in <a href="postconf.5.html">main.cf</a> something like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<b>TEMPLATE FILE FORMAT</b>
The template file can specify templates for failed mail, delayed mail,
successful delivery or for address verification. These templates are
- named <b>failure_template</b>, <b>delay_template</b>, <b>success_template</b> and <b>ver</b>‐\b‐
+ named <b>failure_template</b>, <b>delay_template</b>, <b>success_template</b> and <b>ver-</b>
<b>ify_template</b>, respectively. You can but do not have to specify all
four templates in a bounce template file.
Each template starts with "<i>template</i><b>_</b><i>name</i> <b>=</b> <<<b>EOF</b>" and ends with a line
that contains the word "<b>EOF</b>" only. You can change the word EOF, but you
- can't enclose it in quotes as with the shell or with Perl (<i>tem‐</i>
+ can't enclose it in quotes as with the shell or with Perl (<i>tem-</i>
<i>plate</i><b>_</b><i>name</i> <b>=</b> <<<b>'EOF'</b>). Here is an example:
# The failure template is used for undeliverable mail.
The mail system
EOF
- The usage and specification of bounce templates is subject to the fol‐
+ The usage and specification of bounce templates is subject to the fol-
lowing restrictions:
- · No special meaning is given to the backslash character or to
+ <b>o</b> No special meaning is given to the backslash character or to
leading whitespace; these are always taken literally.
- · Inside the << context, the "$" character is special. To produce
+ <b>o</b> Inside the << context, the "$" character is special. To produce
a "$" character as output, specify "$$".
- · Outside the << context, lines beginning with "#" are ignored, as
+ <b>o</b> Outside the << context, lines beginning with "#" are ignored, as
are empty lines, and lines consisting of whitespace only.
Examples of all templates can be found in the file <b>bounce.cf.default</b> in
<b>TEMPLATE HEADER FORMAT</b>
The first portion of a bounce template consists of optional template
- headers. Some become message headers in the delivery status notifica‐
+ headers. Some become message headers in the delivery status notifica-
tion; some control the formatting of that notification. Headers not
specified in a template will be left at their default value.
notification.
<b>Subject:</b>
- The subject in the message header of the delivery status notifi‐
+ The subject in the message header of the delivery status notifi-
cation that is returned to the sender.
<b>Postmaster-Subject:</b>
- The subject that will be used in Postmaster copies of undeliver‐
+ The subject that will be used in Postmaster copies of undeliver-
able or delayed mail notifications. These copies are sent under
control of the <a href="postconf.5.html#notify_classes">notify_classes</a> configuration parameter.
The usage and specification of template message headers is subject to
the following restrictions:
- · Template message header names can be specified in upper case,
+ <b>o</b> Template message header names can be specified in upper case,
lower case or mixed case. Postfix always produces bounce message
header labels of the form "<b>From:</b>" and "<b>Subject:</b>".
- · Template message headers must not span multiple lines.
+ <b>o</b> Template message headers must not span multiple lines.
- · Template message headers do not support $parameter expansions.
+ <b>o</b> Template message headers do not support $parameter expansions.
- · Template message headers must contain ASCII characters only, and
+ <b>o</b> Template message headers must contain ASCII characters only, and
must not contain ASCII null characters.
<b>TEMPLATE MESSAGE TEXT FORMAT</b>
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b> for possible <i>suffix</i> values.
<b><a href="postconf.5.html#mydomain">mydomain</a></b>
- Expands into the value of the <b><a href="postconf.5.html#mydomain">mydomain</a></b> parameter. With "smt‐
+ Expands into the value of the <b><a href="postconf.5.html#mydomain">mydomain</a></b> parameter. With "smt-
putf8_enable = yes", this replaces ACE labels (xn--mumble) with
their UTF-8 equivalent.
This feature is available in Postfix 2.12.
<b><a href="postconf.5.html#myhostname">myhostname</a></b>
- Expands into the value of the <b><a href="postconf.5.html#myhostname">myhostname</a></b> parameter. With "smt‐
+ Expands into the value of the <b><a href="postconf.5.html#myhostname">myhostname</a></b> parameter. With "smt-
putf8_enable = yes", this replaces ACE labels (xn--mumble) with
their UTF-8 equivalent.
The usage and specification of template message text is subject to the
following restrictions:
- · The template message text is not sent in Postmaster copies of
+ <b>o</b> The template message text is not sent in Postmaster copies of
delivery status notifications.
- · If the template message text contains non-ASCII characters,
+ <b>o</b> If the template message text contains non-ASCII characters,
Postfix requires that the <b>Charset:</b> template header is updated.
Specify an appropriate superset of US-ASCII. A superset is
- needed because Postfix appends ASCII text after the message tem‐
+ needed because Postfix appends ASCII text after the message tem-
plate when it sends a delivery status notification.
<b>SEE ALSO</b>
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta‐
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
tus information. Each log file is named after the queue file that it
corresponds to, and is kept in a queue subdirectory named after the
service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
- · Append a recipient (non-)delivery status record to a per-message
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
log file.
- · Enqueue a delivery status notification message, with a copy of a
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
per-message log file and of the corresponding message. When the
delivery status notification message is enqueued successfully,
the per-message log file is deleted.
- The software does a best notification effort. A non-delivery notifica‐
+ The software does a best notification effort. A non-delivery notifica-
tion is sent even when the log file or the original message cannot be
read.
Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
- ers of mail that Postfix did not deliver and of SMTP conversa‐
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
+ The recipient of postmaster notifications with the message head-
ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
time units.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix 2.12 and later:
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>FILES</b>
The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon always performs the following transformations:
- · Insert missing message headers: (<b>Resent-</b>) <b>From:</b>, <b>To:</b>, <b>Message-</b>
+ <b>o</b> Insert missing message headers: (<b>Resent-</b>) <b>From:</b>, <b>To:</b>, <b>Message-</b>
<b>Id:</b>, and <b>Date:</b>.
- · Transform envelope and header addresses to the standard
- <i>user@fully-qualified-domain</i> form that is expected by other Post‐
+ <b>o</b> Transform envelope and header addresses to the standard
+ <i>user@fully-qualified-domain</i> form that is expected by other Post-
fix programs. This task is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
daemon.
- · Eliminate duplicate envelope recipient addresses.
+ <b>o</b> Eliminate duplicate envelope recipient addresses.
The following address transformations are optional:
- · Optionally, rewrite all envelope and header addresses according
+ <b>o</b> Optionally, rewrite all envelope and header addresses according
to the mappings specified in the <a href="canonical.5.html"><b>canonical</b>(5)</a> lookup tables.
- · Optionally, masquerade envelope sender addresses and message
+ <b>o</b> Optionally, masquerade envelope sender addresses and message
header addresses (i.e. strip host or domain information below
all domains listed in the <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b> parameter, except
for user names listed in <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>). By default,
address masquerading does not affect envelope recipients.
- · Optionally, expand envelope recipients according to information
+ <b>o</b> Optionally, expand envelope recipients according to information
found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon performs sanity checks on the content of each
<b><a href="postconf.5.html#header_checks">header_checks</a> (empty)</b>
Optional lookup tables for content inspection of primary non-
- MIME message headers, as specified in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> man‐
+ MIME message headers, as specified in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> man-
ual page.
Available in Postfix version 2.0 and later:
page.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
- Optional lookup tables for content inspection of non-MIME mes‐
+ Optional lookup tables for content inspection of non-MIME mes-
sage headers in attached messages, as described in the
<a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
- The set of characters that Postfix will reject in message con‐
+ The set of characters that Postfix will reject in message con-
tent.
<b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
- The set of characters that Postfix will remove from message con‐
+ The set of characters that Postfix will remove from message con-
tent.
<b>BEFORE QUEUE MILTER CONTROLS</b>
does not arrive via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
- The mail filter protocol version and optional protocol exten‐
+ The mail filter protocol version and optional protocol exten-
sions for communication with a Milter application; prior to
Postfix 2.6 the default protocol is 2.
unavailable or mis-configured.
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The {daemon_name} macro value for Milter (mail filter) applica‐
+ The {daemon_name} macro value for Milter (mail filter) applica-
tions.
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
The {v} macro value for Milter (mail filter) applications.
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
- The time limit for connecting to a Milter (mail filter) applica‐
+ The time limit for connecting to a Milter (mail filter) applica-
tion, and for negotiating protocol options.
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
Reject mail with 8-bit text in message headers.
<b><a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a> (no)</b>
- Reject 8-bit message body text without 8-bit MIME content encod‐
+ Reject 8-bit message body text without 8-bit MIME content encod-
ing information.
<b><a href="postconf.5.html#strict_mime_encoding_domain">strict_mime_encoding_domain</a> (no)</b>
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#detect_8bit_encoding_header">detect_8bit_encoding_header</a> (yes)</b>
- Automatically detect 8BITMIME body content by looking at Con‐
+ Automatically detect 8BITMIME body content by looking at Con-
tent-Transfer-Encoding: message headers; historically, this
behavior was hard-coded to be "always on".
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
Optional list of user names that are not subjected to address
- masquerading, even when their address matches $masquer‐
- ade_domains.
+ masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ <a href="postconf.5.html#masquerade_domains">ade_domains</a>.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
What address lookup tables copy an address extension from the
mapping.
<b><a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> (envelope_sender, header_sender)</b>
- What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address map‐
+ What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address map-
ping.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the address dupli‐
+ The maximal number of addresses remembered by the address dupli-
cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
<a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.1 and later:
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta‐
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
tus information. Each log file is named after the queue file that it
corresponds to, and is kept in a queue subdirectory named after the
service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
- · Append a recipient (non-)delivery status record to a per-message
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
log file.
- · Enqueue a delivery status notification message, with a copy of a
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
per-message log file and of the corresponding message. When the
delivery status notification message is enqueued successfully,
the per-message log file is deleted.
- The software does a best notification effort. A non-delivery notifica‐
+ The software does a best notification effort. A non-delivery notifica-
tion is sent even when the log file or the original message cannot be
read.
Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
- ers of mail that Postfix did not deliver and of SMTP conversa‐
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
+ The recipient of postmaster notifications with the message head-
ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
time units.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix 2.12 and later:
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>FILES</b>
process manager.
The record is implemented as a per-destination logfile with as contents
- the queue IDs of deferred mail. A logfile is append-only, and is trun‐
+ the queue IDs of deferred mail. A logfile is append-only, and is trun-
cated when delivery is requested for the corresponding destination. A
destination is the part on the right-hand side of the right-most <b>@</b> in
an email address.
- Per-destination logfiles of deferred mail are maintained only for eli‐
+ Per-destination logfiles of deferred mail are maintained only for eli-
gible destinations. The list of eligible destinations is specified with
the <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a></b> configuration parameter, which defaults to
<b>$<a href="postconf.5.html#relay_domains">relay_domains</a></b>.
queue ID is queued for the specified destination.
<b>send_site</b> <i>sitename</i>
- Request delivery of mail that is queued for the specified desti‐
+ Request delivery of mail that is queued for the specified desti-
nation.
<b>send_file</b> <i>queueid</i>
Fast flush logfiles are truncated only after a "send" request, not when
mail is actually delivered, and therefore can accumulate outdated or
redundant data. In order to maintain sanity, "refresh" must be executed
- periodically. This can be automated with a suitable wakeup timer set‐
+ periodically. This can be automated with a suitable wakeup timer set-
ting in the <a href="master.5.html"><b>master.cf</b></a> configuration file.
Upon receipt of a request to deliver mail for an eligible destination,
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for per-destina‐
+ Optional list of destinations that are eligible for per-destina-
tion logfiles with mail that is queued to those destinations.
<b><a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a> (12h)</b>
"fast flush" logfile needs to be refreshed.
<b><a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a> (7d)</b>
- The time after which an empty per-destination "fast flush" log‐
+ The time after which an empty per-destination "fast flush" log-
file is deleted.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>FILES</b>
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
- protocols. It processes message delivery requests from the queue man‐
+ protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<i>domainname</i>
<i>domainname</i>:<i>port</i>
- Look up the mail exchangers for the specified domain, and con‐
+ Look up the mail exchangers for the specified domain, and con-
nect to the specified port (default: <b>smtp</b>).
[<i>hostname</i>]
[<i>address</i>]:<i>port</i>
Connect to the host at the specified address, and connect to the
- specified port (default: <b>smtp</b>). An IPv6 address must be format‐
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
ted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
files are marked so that the queue manager can move them to the <b>corrupt</b>
queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
there is no support for TLS, and connections are cached in-process,
making it ineffective when the client is used for multiple domains.
- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param‐
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth‐
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal‐
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes‐
+ response line, SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
- delivery status code or explanatory text of successful or unsuc‐
+ delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
<b>MIME PROCESSING CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user‐
+ Optional Postfix SMTP client lookup tables with one user-
name:password entry per remote hostname or domain, or sender
address when sender-dependent authentication is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen‐
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif‐
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail‐
+ An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer‐
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev‐
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS security
- policy by next-hop destination; when a non-empty value is speci‐
+ policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2)</b>
Available in Postfix version 2.4 and later:
- <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($smtp_sasl_tls_secu</b>‐\b‐
- <b>rity_options)</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
server certificate.
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate fingerprints
- for the "fingerprint" TLS security level (<b>smtp_tls_secu</b>‐\b‐
- <b>rity_level</b> = fingerprint).
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
The message digest algorithm used to construct remote SMTP
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for‐
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for‐
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali‐
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host‐
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
- <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($default_destination_concur</b>‐\b‐
- <b>rency_limit)</b>
- The maximal number of parallel deliveries to the same destina‐
+ <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
tion via the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b>
- The maximal number of recipients per message for the smtp mes‐
+ The maximal number of recipients per message for the smtp mes-
sage delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec‐
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
and for receiving the initial remote LMTP server response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the XFORWARD com‐
+ The Postfix SMTP client time limit for sending the XFORWARD com-
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
- The amount of time during which Postfix will use an SMTP connec‐
+ The amount of time during which Postfix will use an SMTP connec-
tion repeatedly.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera‐
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 and later:
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes‐
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
- problems that are caused by policy, resource, software or proto‐
+ problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv‐
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available with Postfix 2.2 and earlier:
to, and one or more recipients. This program expects to be run from
the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- The <a href="local.8.html"><b>local</b>(8)</a> daemon updates queue files and marks recipients as fin‐
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon updates queue files and marks recipients as fin-
ished, or it informs the queue manager that delivery should be tried
again at a later time. Delivery status reports are sent to the
<a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
Upon delivery, the local delivery agent tries each pathname in the list
until a file is found.
- Delivery via ~/.<b>forward</b> files is done with the privileges of the recip‐
+ Delivery via ~/.<b>forward</b> files is done with the privileges of the recip-
ient. Thus, ~/.<b>forward</b> like files must be readable by the recipient,
and their parent directory needs to have "execute" permission for the
recipient.
- The <b><a href="postconf.5.html#forward_path">forward_path</a></b> parameter is subject to interpolation of <b>$user</b> (recip‐
+ The <b><a href="postconf.5.html#forward_path">forward_path</a></b> parameter is subject to interpolation of <b>$user</b> (recip-
ient username), <b>$home</b> (recipient home directory), <b>$shell</b> (recipient
shell), <b>$recipient</b> (complete recipient address), <b>$extension</b> (recipient
- address extension), <b>$domain</b> (recipient domain), <b>$local</b> (entire recipi‐
+ address extension), <b>$domain</b> (recipient domain), <b>$local</b> (entire recipi-
ent address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b> The forms
<i>${name?value}</i> and <i>${name:value}</i> expand conditionally to <i>value</i> when
<i>$name</i> is (is not) defined. Characters that may have special meaning to
acceptable characters is specified with the <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a></b>
configuration parameter.
- An alias or ~/.<b>forward</b> file may list any combination of external com‐
+ An alias or ~/.<b>forward</b> file may list any combination of external com-
mands, destination file names, <b>:include:</b> directives, or mail addresses.
- See <a href="aliases.5.html"><b>aliases</b>(5)</a> for a precise description. Each line in a user's .<b>for</b>‐\b‐
+ See <a href="aliases.5.html"><b>aliases</b>(5)</a> for a precise description. Each line in a user's .<b>for-</b>
<b>ward</b> file has the same syntax as the right-hand part of an alias.
When an address is found in its own alias expansion, delivery is made
to the user instead. When a user is listed in the user's own ~/.<b>forward</b>
- file, delivery is made to the user's mailbox instead. An empty ~/.<b>for</b>‐\b‐
+ file, delivery is made to the user's mailbox instead. An empty ~/.<b>for-</b>
<b>ward</b> file means do not forward mail.
In order to prevent the mail system from using up unreasonable amounts
are broken up into chunks of length <b><a href="postconf.5.html#line_length_limit">line_length_limit</a></b>.
While expanding aliases, ~/.<b>forward</b> files, and so on, the program
- attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con‐
+ attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con-
figuration parameter limits the number of remembered recipients.
<b>MAIL FORWARDING</b>
Mailbox delivery can be delegated to an external command specified with
the <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a></b> and <b><a href="postconf.5.html#mailbox_command">mailbox_command</a></b> configuration parameters.
- The command executes with the privileges of the recipient user (excep‐
+ The command executes with the privileges of the recipient user (excep-
tions: secondary groups are not enabled; in case of delivery as root,
the command executes with the privileges of <b><a href="postconf.5.html#default_privs">default_privs</a></b>).
Mailbox delivery can be delegated to alternative message transports
- specified in the <a href="master.5.html"><b>master.cf</b></a> file. The <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a></b> and <b>mail</b>‐\b‐
- <b>box_transport</b> configuration parameters specify an optional message
+ specified in the <a href="master.5.html"><b>master.cf</b></a> file. The <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a></b> and <b><a href="postconf.5.html#mailbox_transport">mail</a>-</b>
+ <b><a href="postconf.5.html#mailbox_transport">box_transport</a></b> configuration parameters specify an optional message
transport that is to be used for all local recipients, regardless of
- whether they are found in the UNIX passwd database. The <b>fall</b>‐\b‐
- <b>
back_transport_maps</b> and <b><a href="postconf.5.html#fallback_transport">fallback_transport</a></b> parameters specify an
+ whether they are found in the UNIX passwd database. The <b><a href="postconf.5.html#fallback_transport_maps">fall</a>-</b>
+ <b>
<a href="postconf.5.html#fallback_transport_maps">back_transport_maps</a></b> and <b><a href="postconf.5.html#fallback_transport">fallback_transport</a></b> parameters specify an
optional message transport for recipients that are not found in the
<a href="aliases.5.html">aliases(5)</a> or UNIX passwd database.
to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
envelope recipient address, prepends a <b>Return-Path:</b> header with the
envelope sender address, prepends a > character to lines beginning with
- "<b>From</b> ", and appends an empty line. The mailbox is locked for exclu‐
+ "<b>From</b> ", and appends an empty line. The mailbox is locked for exclu-
sive access while delivery is in progress. In case of problems, an
attempt is made to truncate the mailbox to its original length.
<b>EXTERNAL COMMAND DELIVERY</b>
The <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> configuration parameter restricts delivery
- to external commands. The default setting (<b>alias, forward</b>) forbids com‐
+ to external commands. The default setting (<b>alias, forward</b>) forbids com-
mand destinations in <b>:include:</b> files.
- Optionally, the process working directory is changed to the path speci‐
+ Optionally, the process working directory is changed to the path speci-
fied with <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> (Postfix 2.2 and later). Failure
to change directory causes mail to be deferred.
- The <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> parameter value is subject to interpo‐
+ The <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> parameter value is subject to interpo-
lation of <b>$user</b> (recipient username), <b>$home</b> (recipient home directory),
<b>$shell</b> (recipient shell), <b>$recipient</b> (complete recipient address),
<b>$extension</b> (recipient address extension), <b>$domain</b> (recipient domain),
<b>$local</b> (entire recipient address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b>
The forms <i>${name?value}</i> and <i>${name:value}</i> expand conditionally to <i>value</i>
- when <i>$name</i> is (is not) defined. Characters that may have special mean‐
+ when <i>$name</i> is (is not) defined. Characters that may have special mean-
ing to the shell or file system are replaced by underscores. The list
- of acceptable characters is specified with the <b>execution_direc</b>‐\b‐
- <b>tory_expansion_filter</b> configuration parameter.
+ of acceptable characters is specified with the <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_direc</a>-</b>
+ <b><a href="postconf.5.html#execution_directory_expansion_filter">tory_expansion_filter</a></b> configuration parameter.
The command is executed directly where possible. Assistance by the
shell (<b>/bin/sh</b> on UNIX systems) is used only when the command contains
A limited amount of command output (standard output and standard error)
is captured for inclusion with non-delivery status reports. A command
- is forcibly terminated if it does not complete within <b>com</b>‐\b‐
+ is forcibly terminated if it does not complete within <b>com-</b>
<b>mand_time_limit</b> seconds. Command exit status codes are expected to
follow the conventions defined in <<b>sysexits.h</b>>. Exit status 0 means
normal successful completion.
command output begins with an enhanced status code, this status code
takes precedence over the non-zero exit status.
- A limited amount of message context is exported via environment vari‐
+ A limited amount of message context is exported via environment vari-
ables. Characters that may have special meaning to the shell are
- replaced by underscores. The list of acceptable characters is speci‐
+ replaced by underscores. The list of acceptable characters is speci-
fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
<b>SHELL</b> The recipient user's login shell.
<b>SENDER</b> The entire sender address.
- Additional remote client information is made available via the follow‐
+ Additional remote client information is made available via the follow-
ing environment variables:
<b>CLIENT_ADDRESS</b>
<b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
- external files. The default setting (<b>alias, forward</b>) forbids file des‐
+ external files. The default setting (<b>alias, forward</b>) forbids file des-
tinations in <b>:include:</b> files.
In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
to separate address extensions from local recipient names.
For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
- delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina‐
+ delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
owned by the user <i>name</i>, or it is sent back as undeliverable.
files are marked so that the queue manager can move them to the <b>corrupt</b>
queue afterwards.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>SECURITY</b>
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
- private Postfix queue and IPC mechanisms, 2) to impersonate the recipi‐
- ent and deliver to recipient-specified files or commands. It is there‐
+ private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
+ ent and deliver to recipient-specified files or commands. It is there-
fore security sensitive.
The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
<b>BUGS</b>
For security reasons, the message delivery status of external commands
or of external files is never checkpointed to file. As a result, the
- program may occasionally deliver more than once to a command or exter‐
+ program may occasionally deliver more than once to a command or exter-
nal file. Better safe than sorry.
Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
- The resulting mail forwarding loop is broken by the use of the <b>Deliv</b>‐\b‐
+ The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
<b>ered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
Give special treatment to owner-listname and listname-request
- address localparts: don't split such addresses when the recipi‐
- ent_delimiter is set to "-".
+ address localparts: don't split such addresses when the <a href="postconf.5.html#recipient_delimiter">recipi</a>-
+ <a href="postconf.5.html#recipient_delimiter">ent_delimiter</a> is set to "-".
<b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
Obsolete SUN mailtool compatibility feature.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by its recipi‐
+ Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a> (no)</b>
<b>DELIVERY METHOD CONTROLS</b>
The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
- <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, mail_spool_direc‐
-
tory, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
+ <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
+
<a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a> delivery.
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the address dupli‐
+ The maximal number of addresses remembered by the address dupli-
cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
<a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
The maximal number of parallel deliveries via the local mail
- delivery transport to the same recipient (when "local_destina‐
- tion_recipient_limit = 1") or the maximal number of parallel
- deliveries to the same local domain (when "local_destina‐
- tion_recipient_limit > 1").
+ delivery transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
+ deliveries to the same local domain (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> > 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
The maximal number of recipients per message delivery via the
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
- in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $command_execu‐
- tion_directory.
+ in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
+ <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by its recipi‐
+ Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
internal communication channel.
<b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
- Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to non-Postfix com‐
+ Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to non-Postfix com-
mand.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
process will service before terminating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
- The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv‐
+ The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
ery agent prepends a Delivered-To: message header with the
address that the mail was delivered to.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>FILES</b>
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com‐
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
patibility interface. For the sake of compatibility with existing
applications, some Sendmail command-line options are recognized but
silently ignored.
arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common modes of opera‐
+ Specific command aliases are provided for other common modes of opera-
tion:
<b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
<b>*</b> The message is in the <b>active</b> queue, i.e. the message is
selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv‐
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
ery attempt will be made until the mail is taken off
hold.
<b>newaliases</b>
Initialize the alias database. If no input file is specified
(with the <b>-oA</b> option, see below), the program processes the
- file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame‐
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
ter. If no alias database type is specified, the program uses
the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
parameter. This mode of operation is implemented by running the
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
<b>-bl</b> Go into daemon mode. To accept only local connections as with
- Sendmail
´s <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ Sendmail
's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
<b>-bm</b> Read mail from standard input and arrange for delivery. This is
before 2.3.
With all Postfix versions, you can specify a directory pathname
- with the MAIL_CONFIG environment variable to override the loca‐
+ with the MAIL_CONFIG environment variable to override the loca-
tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
Set the sender full name. This overrides the NAME environment
- variable, and is used only with messages that have no <b>From:</b> mes‐
+ variable, and is used only with messages that have no <b>From:</b> mes-
sage header.
<b>-f</b> <i>sender</i>
the <b>Errors-To:</b> message header overrides the error return
address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial user submis‐
- sion. Either do not rewrite addresses at all, or update incom‐
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
plete addresses with the domain information specified with
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
<b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don´t treat a line
+ <b>-i</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate MIME encap‐
+ To send 8-bit or binary content, use an appropriate MIME encap-
sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don´t treat a line
+ <b>-oi</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame‐
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe‐
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
Warning: flushing undeliverable mail frequently will result in
poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config‐
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
uration parameter instead.
<b>-qI</b><i>queueid</i>
Schedule immediate delivery of mail with the specified queue ID.
- This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com‐
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is queued for the
- named <i>site</i>. This option accepts only <i>site</i> names that are eligi‐
- ble for the "fast flush" service, and is implemented by execut‐
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
about the "fast flush" service.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
- instead of the characters specified with the <b>default_verp_delim</b>‐\b‐
- <b>iters</b> configuration parameter.
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt (Postfix ver‐
- sions 2.1 and later). Mail delivery always happens in the back‐
- ground. When multiple <b>-v</b> options are given, enable verbose log‐
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro‐
- gram. The text below provides only a parameter summary. See <b>post</b>‐\b‐
- <b>conf</b>(5) for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail with the <b>send</b>‐\b‐
- <b>mail</b>(1) command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com‐
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for per-destina‐
+ Optional list of destinations that are eligible for per-destina-
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>FILES</b>
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com‐
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
patibility interface. For the sake of compatibility with existing
applications, some Sendmail command-line options are recognized but
silently ignored.
arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common modes of opera‐
+ Specific command aliases are provided for other common modes of opera-
tion:
<b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
<b>*</b> The message is in the <b>active</b> queue, i.e. the message is
selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv‐
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
ery attempt will be made until the mail is taken off
hold.
<b>newaliases</b>
Initialize the alias database. If no input file is specified
(with the <b>-oA</b> option, see below), the program processes the
- file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame‐
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
ter. If no alias database type is specified, the program uses
the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
parameter. This mode of operation is implemented by running the
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
<b>-bl</b> Go into daemon mode. To accept only local connections as with
- Sendmail
´s <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ Sendmail
's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
<b>-bm</b> Read mail from standard input and arrange for delivery. This is
before 2.3.
With all Postfix versions, you can specify a directory pathname
- with the MAIL_CONFIG environment variable to override the loca‐
+ with the MAIL_CONFIG environment variable to override the loca-
tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
Set the sender full name. This overrides the NAME environment
- variable, and is used only with messages that have no <b>From:</b> mes‐
+ variable, and is used only with messages that have no <b>From:</b> mes-
sage header.
<b>-f</b> <i>sender</i>
the <b>Errors-To:</b> message header overrides the error return
address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial user submis‐
- sion. Either do not rewrite addresses at all, or update incom‐
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
plete addresses with the domain information specified with
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
<b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don´t treat a line
+ <b>-i</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate MIME encap‐
+ To send 8-bit or binary content, use an appropriate MIME encap-
sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don´t treat a line
+ <b>-oi</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame‐
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe‐
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
Warning: flushing undeliverable mail frequently will result in
poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config‐
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
uration parameter instead.
<b>-qI</b><i>queueid</i>
Schedule immediate delivery of mail with the specified queue ID.
- This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com‐
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is queued for the
- named <i>site</i>. This option accepts only <i>site</i> names that are eligi‐
- ble for the "fast flush" service, and is implemented by execut‐
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
about the "fast flush" service.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
- instead of the characters specified with the <b>default_verp_delim</b>‐\b‐
- <b>iters</b> configuration parameter.
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt (Postfix ver‐
- sions 2.1 and later). Mail delivery always happens in the back‐
- ground. When multiple <b>-v</b> options are given, enable verbose log‐
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro‐
- gram. The text below provides only a parameter summary. See <b>post</b>‐\b‐
- <b>conf</b>(5) for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail with the <b>send</b>‐\b‐
- <b>mail</b>(1) command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com‐
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for per-destina‐
+ Optional list of destinations that are eligible for per-destina-
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>FILES</b>
<b>DESCRIPTION</b>
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon awaits the arrival of incoming mail and arranges
- for its delivery via Postfix delivery processes. The actual mail rout‐
- ing strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This pro‐
+ for its delivery via Postfix delivery processes. The actual mail rout-
+ ing strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This pro-
gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- Mail addressed to the local <b>double-bounce</b> address is logged and dis‐
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
carded. This stops potential loops caused by undeliverable bounce
notifications.
These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
<b>trace</b> Per-recipient status information as requested with the Postfix
- "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main‐
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a>
heavy load.
<b>fairness</b>
- When the <b>active</b> queue has room, the queue manager takes one mes‐
+ When the <b>active</b> queue has room, the queue manager takes one mes-
sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
This prevents a large mail backlog from blocking the delivery of
new mail.
<b>slow start</b>
This strategy eliminates "thundering herd" problems by slowly
- adjusting the number of parallel deliveries to the same destina‐
+ adjusting the number of parallel deliveries to the same destina-
tion.
<b>round robin</b>
<b>exponential backoff</b>
Mail that cannot be delivered upon the first attempt is
- deferred. The time interval between delivery attempts is dou‐
+ deferred. The time interval between delivery attempts is dou-
bled after each attempt.
<b>destination status cache</b>
- The queue manager avoids unnecessary delivery attempts by main‐
- taining a short-term, in-memory list of unreachable destina‐
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
tions.
<b>TRIGGERS</b>
On an idle system, the queue manager waits for the arrival of trigger
- events, or it waits for a timer to go off. A trigger is a one-byte mes‐
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
sage. Depending on the message received, the queue manager performs
one of the following actions (the message is followed by the symbolic
constant used internally by the software):
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads single-charac‐
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads single-charac-
ter messages from untrusted local users, and thus may be susceptible to
denial of service attacks. The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon does not talk to the
outside world, and it can be run at fixed low privilege in a chrooted
environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the <b>syslog</b>(8) daemon. Cor‐
- rupted message files are saved to the <b>corrupt</b> queue for further inspec‐
+ Problems and transactions are logged to the <b>syslog</b>(8) daemon. Cor-
+ rupted message files are saved to the <b>corrupt</b> queue for further inspec-
tion.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>BUGS</b>
- A single queue manager process has to compete for disk access with mul‐
+ A single queue manager process has to compete for disk access with mul-
tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
mail can negatively impact outbound delivery rates.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> is a
- persistent process. Use the command "<b>postfix reload</b>" after a configura‐
+ persistent process. Use the command "<b>postfix reload</b>" after a configura-
tion change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
The default maximal number of parallel deliveries to the same
destination.
- <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($default_destination_concur</b>‐\b‐
- <b>rency_limit)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
- <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($initial_destination_concur</b>‐\b‐
- <b>rency)</b>
- Initial concurrency for delivery via the named message <i>trans‐</i>
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ Initial concurrency for delivery via the named message <i>trans-</i>
<i>port</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
failure before a specific destination is considered unavailable
(and further delivery is suspended).
- <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($default_desti</b>‐\b‐
- <b>nation_concurrency_failed_cohort_limit)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
The per-destination amount of delivery concurrency negative
- feedback, after a delivery completes with a connection or hand‐
+ feedback, after a delivery completes with a connection or hand-
shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($default_destina</b>‐\b‐
- <b>tion_concurrency_negative_feedback)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
The per-destination amount of delivery concurrency positive
- feedback, after a delivery completes without connection or hand‐
+ feedback, after a delivery completes without connection or hand-
shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($default_destina</b>‐\b‐
- <b>tion_concurrency_positive_feedback)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
- Make the queue manager's feedback algorithm verbose for perfor‐
+ Make the queue manager's feedback algorithm verbose for perfor-
mance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
Consider a message as undeliverable, when delivery fails with a
- temporary error, and the time in the queue has reached the maxi‐
- mal_queue_lifetime limit.
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
- The time between attempts by the Postfix queue manager to con‐
+ The time between attempts by the Postfix queue manager to con-
tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
The default amount of delay that is inserted between individual
deliveries to the same destination; the resulting behavior
- depends on the value of the corresponding per-destination recip‐
+ depends on the value of the corresponding per-destination recip-
ient limit.
<b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a></b>
a request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
- The time limit for the queue manager to send or receive informa‐
+ The time limit for the queue manager to send or receive informa-
tion over an internal communication channel.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
mail unless someone issues "<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration settings, and pro‐
+ Log warnings about problematic configuration settings, and pro-
vide helpful suggestions.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.12 and later:
<b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+ <b>postmap -hmq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+
+ <b>postmap -bmq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address rewriting,
mail routing, or access control. These tables are usually in <b>dbm</b> or <b>db</b>
use the "<b>postconf -m</b>" command.
To test lookup tables, use the "<b>postmap -q</b>" command as described in the
- SYNOPSIS above.
+ SYNOPSIS above. Use "<b>postmap -hmq -</b> <<i>file</i>" for <a href="header_checks.5.html">header_checks(5)</a> pat-
+ terns, and "<b>postmap -bmq -</b> <<i>file</i>" for <a href="header_checks.5.html">body_checks(5)</a> (Postfix 2.6 and
+ later).
<b>COMPATIBILITY</b>
With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
specified <i>transport:destination</i>.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in content filter‐
+ Enable or disable recipient validation, built-in content filter-
ing, or address mapping.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>SEE ALSO</b>
<b>postconf -a</b>|<b>-A</b>|<b>-l</b>|<b>-m</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
<b>DESCRIPTION</b>
- By default, the <a href="postconf.1.html"><b>postconf</b>(1)</a> command displays the values of <a href="postconf.5.html"><b>main.cf</b></a> con‐
+ By default, the <a href="postconf.1.html"><b>postconf</b>(1)</a> command displays the values of <a href="postconf.5.html"><b>main.cf</b></a> con-
figuration parameters, and warns about possible mis-typed parameter
- names (Postfix 2.9 and later). It can also change <a href="postconf.5.html"><b>main.cf</b></a> configura‐
+ names (Postfix 2.9 and later). It can also change <a href="postconf.5.html"><b>main.cf</b></a> configura-
tion parameter values, or display other configuration information about
the Postfix mail system.
Options:
<b>-a</b> List the available SASL server plug-in types. The SASL plug-in
- type is selected with the <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> configuration parame‐
+ type is selected with the <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> configuration parame-
ter by specifying one of the names listed below.
<b>cyrus</b> This server plug-in is available when Postfix is built
This feature is available with Postfix 2.3 and later.
<b>-A</b> List the available SASL client plug-in types. The SASL plug-in
- type is selected with the <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> con‐
+ type is selected with the <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> con-
figuration parameters by specifying one of the names listed
below.
This feature is available with Postfix 2.3 and later.
<b>-b</b> [<i>template</i><b>_</b><i>file</i>]
- Display the message text that appears at the beginning of deliv‐
- ery status notification (DSN) messages, replacing $<b>name</b> expres‐
+ Display the message text that appears at the beginning of deliv-
+ ery status notification (DSN) messages, replacing $<b>name</b> expres-
sions with actual values as described in <a href="bounce.5.html"><b>bounce</b>(5)</a>.
To override the built-in templates, specify a template file name
This feature is available with Postfix 2.9 and later.
- <b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set‐
+ <b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set-
tings. Specify <b>-df</b> to fold long lines for human readability
(Postfix 2.9 and later).
- <b>-e</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and update parameter set‐
+ <b>-e</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and update parameter set-
tings with the "<i>name=value</i>" pairs on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
line.
With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
- or more service entries with new values as specified with "<i>ser‐</i>
+ or more service entries with new values as specified with "<i>ser-</i>
<i>vice/type=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
With <b>-F</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
- or more service fields with new values as specied with "<i>ser‐</i>
- <i>vice/type/field=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Cur‐
- rently, the "command" field contains the command name and com‐
+ or more service fields with new values as specied with "<i>ser-</i>
+ <i>vice/type/field=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Cur-
+ rently, the "command" field contains the command name and com-
mand arguments. this may change in the near future, so that the
- "command" field contains only the command name, and a new "argu‐
+ "command" field contains only the command name, and a new "argu-
ments" pseudofield contains the command arguments.
With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and add or
- update one or more service parameter settings (-o parame‐
- ter=value settings) with new values as specied with "<i>ser‐</i>
+ update one or more service parameter settings (-o parame-
+ ter=value settings) with new values as specied with "<i>ser-</i>
<i>vice/type/parameter=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
In all cases the file is copied to a temporary file then renamed
and all fields), formatted as one "<i>service/type/field=value</i>" per
line. Specify <b>-Ff</b> to fold long lines.
- Specify one or more "<i>service/type/field</i>" instances on the <b>post</b>‐\b‐
- <b>conf</b>(1) command line to limit the output to fields of interest.
+ Specify one or more "<i>service/type/field</i>" instances on the <a href="postconf.1.html"><b>post-</b></a>
+ <a href="postconf.1.html"><b>conf</b>(1)</a> command line to limit the output to fields of interest.
Trailing parameter name or service type fields that are omitted
will be handled as "*" wildcard fields.
<b>-h</b> Show parameter or attribute values without the "<i>name</i> = " label
that normally precedes the value.
- <b>-l</b> List the names of all supported mailbox locking methods. Post‐
+ <b>-l</b> List the names of all supported mailbox locking methods. Post-
fix supports the following methods:
<b>flock</b> A kernel-based advisory locking method for local files
<b>dotlock</b>
An application-level locking method. An application locks
- a file named <i>filename</i> by creating a file named <i>file‐</i>
+ a file named <i>filename</i> by creating a file named <i>file-</i>
<i>name</i><b>.lock</b>. The application is expected to remove its own
lock file, as well as stale lock files that were left
behind after abnormal program termination.
<b>-m</b> List the names of all supported lookup table types. In Postfix
configuration files, lookup tables are specified as <i>type</i><b>:</b><i>name</i>,
- where <i>type</i> is one of the types listed below. The table <i>name</i> syn‐
- tax depends on the lookup table type as described in the DATA‐
- <a href="BASE_README.html">BASE_README</a> document.
+ where <i>type</i> is one of the types listed below. The table <i>name</i> syn-
+ tax depends on the lookup table type as described in the <a href="DATABASE_README.html">DATA</a>-
+ <a href="DATABASE_README.html">BASE_README</a> document.
<b>btree</b> A sorted, balanced tree structure. Available on systems
with support for Berkeley DB databases.
- <b>cdb</b> A read-optimized structure with no support for incremen‐
+ <b>cdb</b> A read-optimized structure with no support for incremen-
tal updates. Available on systems with support for CDB
databases.
Domain Routing (CIDR) patterns. This is described in
<a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
- <b>dbm</b> An indexed file type based on hashing. Available on sys‐
+ <b>dbm</b> An indexed file type based on hashing. Available on sys-
tems with support for DBM databases.
<b>environ</b>
The UNIX process environment array. The lookup key is the
- variable name. Originally implemented for testing, some‐
+ variable name. Originally implemented for testing, some-
one may find this useful someday.
- <b>fail</b> A table that reliably fails all requests. The lookup ta‐
- ble name is used for logging. This table exists to sim‐
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging. This table exists to sim-
plify Postfix error tests.
- <b>hash</b> An indexed file type based on hashing. Available on sys‐
+ <b>hash</b> An indexed file type based on hashing. Available on sys-
tems with support for Berkeley DB databases.
<b>internal</b>
when a process terminates.
<b>lmdb</b> OpenLDAP LMDB database (a memory-mapped, persistent
- file). Available on systems with support for LMDB data‐
+ file). Available on systems with support for LMDB data-
bases. This is described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
<b>ldap</b> (read-only)
LDAP database client. This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
<b>memcache</b>
- Memcache database client. This is described in <b>mem</b>‐\b‐
- <b>cache_table</b>(5).
+ Memcache database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
+ <a href="memcache_table.5.html"><b>cache_table</b>(5)</a>.
<b>mysql</b> (read-only)
MySQL database client. Available on systems with support
- for MySQL databases. This is described in <b>mysql_ta</b>‐\b‐
- <b>ble</b>(5).
+ for MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
+ <a href="mysql_table.5.html"><b>ble</b>(5)</a>.
<b>pcre</b> (read-only)
- A lookup table based on Perl Compatible Regular Expres‐
+ A lookup table based on Perl Compatible Regular Expres-
sions. The file format is described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
<b>pgsql</b> (read-only)
databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
<b>randmap</b> (read-only)
- An in-memory table that performs random selection. Exam‐
+ An in-memory table that performs random selection. Exam-
ple: "<b><a href="DATABASE_README.html#types">randmap</a>:{</b><i>result</i><b>_</b><i>1, ..., result</i><b>_</b><i>n</i><b>}</b>". Each table
query returns a random choice from the specified results.
The first and last characters of the "<a href="DATABASE_README.html#types">randmap</a>:" table
A lookup table based on regular expressions. The file
format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
- <b>sdbm</b> An indexed file type based on hashing. Available on sys‐
+ <b>sdbm</b> An indexed file type based on hashing. Available on sys-
tems with support for SDBM databases.
<b>socketmap</b> (read-only)
Sendmail-style socketmap client. The table name is
- <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path‐</i>
+ <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
<i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
<a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
<b>static</b> (read-only)
A table that always returns its name as lookup result.
- For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo</b>‐\b‐
+ For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
<b>bar</b> as lookup result.
<b>tcp</b> (read-only)
<b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
Specify <b>-Mf</b> to fold long lines for human readability.
- Specify zero or more arguments, each with a <i>service-name</i> or <i>ser‐</i>
+ Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
<i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
<b>unix</b>, <b>fifo</b>, or <b>pass</b>).
This feature is available with Postfix 2.11 and later.
- <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser‐
- vices and all parameters). formatted as one "<i>ser‐</i>
+ <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
+ vices and all parameters). formatted as one "<i>ser-</i>
<i>vice/type/parameter=value</i>" per line. Specify <b>-Pf</b> to fold long
lines.
This feature is available with Postfix 2.10 and later.
<b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
- named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param‐
+ named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param-
eter names, not "<i>name=value</i>" pairs.
With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
or more service parameter settings (-o parameter=value settings)
- as specied with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> com‐
+ as specied with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
mand line.
In all cases the file is copied to a temporary file then renamed
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera‐
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
This feature is available with Postfix 2.10 and later. Support
for -M and -P was added with Postfix 2.11.
- <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame‐
- ters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, so that those param‐
- eters revert to their default values. Specify a list of parame‐
+ <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
+ ters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, so that those param-
+ eters revert to their default values. Specify a list of parame-
ter names, not "<i>name=value</i>" pairs.
With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
into place. Specify quotes to protect special characters on the
<a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera‐
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
tion.
This feature is available with Postfix 2.6 and later. Support
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro‐
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
of set-group ID privileges, a non-standard directory is allowed
only if:
-
· The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+
<b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
- · The command is invoked by the super-user.
+ <b>o</b> The command is invoked by the super-user.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro‐
- gram. The text below provides only a parameter summary. See <b>post</b>‐\b‐
- <b>conf</b>(5) for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
via the MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail with the <b>send</b>‐\b‐
- <b>mail</b>(1) command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com‐
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>FILES</b>
<b>DESCRIPTION</b>
The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server provides additional protection against
mail server overload. One <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process handles multiple
- inbound SMTP connections, and decides which clients may talk to a Post‐
+ inbound SMTP connections, and decides which clients may talk to a Post-
fix SMTP server process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
leaves more SMTP server processes available for legitimate clients, and
delays the onset of server overload conditions.
This program should not be used on SMTP ports that receive mail from
end-user clients (MUAs). In a typical deployment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles
the MX service on TCP port 25, while MUA clients submit mail via the
- <b>submission</b> service on TCP port 587 which requires client authentica‐
+ <b>submission</b> service on TCP port 587 which requires client authentica-
tion. Alternatively, a site could set up a dedicated, non-postscreen,
- "port 25" server that provides <b>submission</b> service and client authenti‐
+ "port 25" server that provides <b>submission</b> service and client authenti-
cation, but no MX service.
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> maintains a temporary whitelist for clients that have
Postfix SMTP server process. This minimizes the overhead for legitimate
mail.
- By default, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs statistics and hands off every connec‐
+ By default, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs statistics and hands off every connec-
tion to a Postfix SMTP server process, while excluding clients in
- <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily, to avoid problems with non-stan‐
+ <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily, to avoid problems with non-stan-
dard SMTP implementations in network appliances). This mode is useful
for non-destructive testing.
information.
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> is not an SMTP proxy; this is intentional. The purpose
- is to keep spambots away from Postfix SMTP server processes, while min‐
+ is to keep spambots away from Postfix SMTP server processes, while min-
imizing overhead for legitimate traffic.
<b>SECURITY</b>
the "live" connection to a Postfix SMTP server process in the middle of
a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with
a 4XX status, and waits for the client to disconnect. When the client
- connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post‐
+ connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post-
fix SMTP server process (provided that the whitelist status has not
expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of this limitation by
giving the "after 220 server greeting" tests a long expiration time.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
- NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav‐
+ NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
ior. This is supported only when the default parameter value is
stress-dependent (that is, it looks like ${stress?{X}:{Y}}, or it is
the $<i>name</i> of an smtpd parameter with a stress-dependent default).
<b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
A mechanism to transform commands from remote SMTP clients.
- <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($smtpd_discard_ehlo_key</b>‐\b‐
- <b>word_address_maps)</b>
+ <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_key</a>-</b>
+ <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">word_address_maps</a>)</b>
Lookup tables, indexed by the remote SMTP client address, with
case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
<b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client is
- permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parame‐
+ permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parame-
ter.
<b>MAIL EXCHANGER POLICY TESTS</b>
<b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses where a non-
- whitelisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s tempo‐
+ whitelisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s tempo-
rary whitelist status.
<b>BEFORE 220 GREETING TESTS</b>
These tests are executed before the remote SMTP client receives the
- "220 servername" greeting. If no tests remain after the successful com‐
+ "220 servername" greeting. If no tests remain after the successful com-
pletion of this phase, the client will be handed off immediately to a
Postfix SMTP server process.
up to 6 seconds otherwise).
<b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
- The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off allowed con‐
+ The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off allowed con-
nections to.
Available in Postfix version 2.11 and later:
Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
<b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
- List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server considers in vio‐
+ List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server considers in vio-
lation of the SMTP protocol.
<b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
- Require that a remote SMTP client sends HELO or EHLO before com‐
+ Require that a remote SMTP client sends HELO or EHLO before com-
mencing a MAIL transaction.
<b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
- sends non-SMTP commands as specified with the postscreen_forbid‐
- den_commands parameter.
+ sends non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbid</a>-
+ <a href="postconf.5.html#postscreen_forbidden_commands">den_commands</a> parameter.
<b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
Enable "non-SMTP command" tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
- sends multiple commands instead of sending one command and wait‐
+ sends multiple commands instead of sending one command and wait-
ing for the server to respond.
<b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server decisions.
<b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an expired tem‐
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an expired tem-
porary whitelist entry before it is removed.
<b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
- <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($smtpd_client_connec</b>‐\b‐
- <b>tion_count_limit)</b>
+ <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connec</a>-</b>
+ <b><a href="postconf.5.html#smtpd_client_connection_count_limit">tion_count_limit</a>)</b>
How many simultaneous connections any remote SMTP client is
allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
<b>STARTTLS CONTROLS</b>
<b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server; when a
- non-empty value is specified, this overrides the obsolete param‐
+ non-empty value is specified, this overrides the obsolete param-
eters <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
<b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>SEE ALSO</b>
<b>DESCRIPTION</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write table lookup
- service to Postfix processes. These services are implemented with dis‐
+ service to Postfix processes. These services are implemented with dis-
tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose
of these services is:
- · To overcome chroot restrictions. For example, a chrooted SMTP
+ <b>o</b> To overcome chroot restrictions. For example, a chrooted SMTP
server needs access to the system passwd file in order to reject
mail for non-existent local addresses, but it is not practical
to maintain a copy of the passwd file in the chroot jail. The
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
- · To consolidate the number of open lookup tables by sharing one
+ <b>o</b> To consolidate the number of open lookup tables by sharing one
open table among multiple processes. For example, making mysql
connections from every Postfix daemon process results in "too
many connections" errors. The solution:
The total number of connections is limited by the number of
proxymap server processes.
- · To provide single-updater functionality for lookup tables that
+ <b>o</b> To provide single-updater functionality for lookup tables that
do not reliably support multiple writers (i.e. all file-based
tables).
<b>open</b> <i>maptype:mapname flags</i>
Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled
by <i>flags</i>. The reply includes the <i>maptype</i> dependent flags (to
- distinguish a fixed string table from a regular expression ta‐
+ distinguish a fixed string table from a regular expression ta-
ble).
<b>lookup</b> <i>maptype:mapname flags key</i>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved via the
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does not
talk to users, and can run at fixed low privilege, chrooted or not.
- However, running the proxymap server chrooted severely limits usabil‐
+ However, running the proxymap server chrooted severely limits usabil-
ity, because it can open only chrooted tables.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be
the table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by
sensitive and non-sensitive processes.
- Postfix-writable data files should be stored under a dedicated direc‐
+ Postfix-writable data files should be stored under a dedicated direc-
tory that is writable only by the Postfix mail system, such as the
Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly close lookup
tables (even if it did, this could not be relied on, because the
- process may be terminated between table updates). The read-write ser‐
+ process may be terminated between table updates). The read-write ser-
vice should therefore not be used with tables that leave persistent
storage in an inconsistent state between updates (for example, CDB).
Tables that support "sync on update" should be safe (for example,
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This program
expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- Mail addressed to the local <b>double-bounce</b> address is logged and dis‐
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
carded. This stops potential loops caused by undeliverable bounce
notifications.
These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
<b>trace</b> Per-recipient status information as requested with the Postfix
- "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main‐
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or
heavy load.
<b>fairness</b>
- When the <b>active</b> queue has room, the queue manager takes one mes‐
+ When the <b>active</b> queue has room, the queue manager takes one mes-
sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
This prevents a large mail backlog from blocking the delivery of
new mail.
<b>slow start</b>
This strategy eliminates "thundering herd" problems by slowly
- adjusting the number of parallel deliveries to the same destina‐
+ adjusting the number of parallel deliveries to the same destina-
tion.
<b>round robin</b>
<b>exponential backoff</b>
Mail that cannot be delivered upon the first attempt is
- deferred. The time interval between delivery attempts is dou‐
+ deferred. The time interval between delivery attempts is dou-
bled after each attempt.
<b>destination status cache</b>
- The queue manager avoids unnecessary delivery attempts by main‐
- taining a short-term, in-memory list of unreachable destina‐
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
tions.
<b>preemptive message scheduling</b>
<b>TRIGGERS</b>
On an idle system, the queue manager waits for the arrival of trigger
- events, or it waits for a timer to go off. A trigger is a one-byte mes‐
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
sage. Depending on the message received, the queue manager performs
one of the following actions (the message is followed by the symbolic
constant used internally by the software):
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads single-character
messages from untrusted local users, and thus may be susceptible to
- denial of service attacks. The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon does not talk to the out‐
+ denial of service attacks. The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon does not talk to the out-
side world, and it can be run at fixed low privilege in a chrooted
environment.
Problems and transactions are logged to the syslog daemon. Corrupted
message files are saved to the <b>corrupt</b> queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>BUGS</b>
- A single queue manager process has to compete for disk access with mul‐
+ A single queue manager process has to compete for disk access with mul-
tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
mail can negatively impact outbound delivery rates.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically as <a href="qmgr.8.html"><b>qmgr</b>(8)</a> is a per‐
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically as <a href="qmgr.8.html"><b>qmgr</b>(8)</a> is a per-
sistent process. Use the "<b>postfix reload</b>" command after a configuration
change.
The default maximal number of parallel deliveries to the same
destination.
- <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($default_destination_concur</b>‐\b‐
- <b>rency_limit)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
- <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($initial_destination_concur</b>‐\b‐
- <b>rency)</b>
- Initial concurrency for delivery via the named message <i>trans‐</i>
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ Initial concurrency for delivery via the named message <i>trans-</i>
<i>port</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
failure before a specific destination is considered unavailable
(and further delivery is suspended).
- <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($default_desti</b>‐\b‐
- <b>nation_concurrency_failed_cohort_limit)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
The per-destination amount of delivery concurrency negative
- feedback, after a delivery completes with a connection or hand‐
+ feedback, after a delivery completes with a connection or hand-
shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($default_destina</b>‐\b‐
- <b>tion_concurrency_negative_feedback)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
The per-destination amount of delivery concurrency positive
- feedback, after a delivery completes without connection or hand‐
+ feedback, after a delivery completes without connection or hand-
shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($default_destina</b>‐\b‐
- <b>tion_concurrency_positive_feedback)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
- Make the queue manager's feedback algorithm verbose for perfor‐
+ Make the queue manager's feedback algorithm verbose for perfor-
mance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
The default maximal number of recipients per message delivery.
- <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($default_destination_recipi</b>‐\b‐
- <b>ent_limit)</b>
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>MESSAGE SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
Consider a message as undeliverable, when delivery fails with a
- temporary error, and the time in the queue has reached the maxi‐
- mal_queue_lifetime limit.
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
- The time between attempts by the Postfix queue manager to con‐
+ The time between attempts by the Postfix queue manager to con-
tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
The default amount of delay that is inserted between individual
deliveries to the same destination; the resulting behavior
- depends on the value of the corresponding per-destination recip‐
+ depends on the value of the corresponding per-destination recip-
ient limit.
<b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a></b>
a request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
- The time limit for the queue manager to send or receive informa‐
+ The time limit for the queue manager to send or receive informa-
tion over an internal communication channel.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
mail unless someone issues "<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration settings, and pro‐
+ Log warnings about problematic configuration settings, and pro-
vide helpful suggestions.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.12 and later:
<b>DESCRIPTION</b>
<b>qmqp-sink</b> listens on the named host (or address) and port. It receives
- messages from the network and throws them away. The purpose is to mea‐
+ messages from the network and throws them away. The purpose is to mea-
sure QMQP client performance, not protocol compliance. Connections can
be accepted on IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4
and IPv6 are the default. This program is the complement of the <a href="qmqp-source.1.html"><b>qmqp-</b></a>
<a href="qmqp-source.1.html"><b>source</b>(1)</a> program.
- Note: this is an unsupported test program. No attempt is made to main‐
+ Note: this is an unsupported test program. No attempt is made to main-
tain compatibility between successive versions.
Arguments:
<b>-c</b> Display a running counter that is updated whenever a delivery is
completed.
- <b>-v</b> Increase verbosity. Specify <b>-v -v</b> to see some of the QMQP con‐
+ <b>-v</b> Increase verbosity. Specify <b>-v -v</b> to see some of the QMQP con-
versation.
<b>-x</b> <i>time</i>
<b>qmqpd</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix QMQP server receives one message per connection. Each mes‐
+ The Postfix QMQP server receives one message per connection. Each mes-
sage is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the
<a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single queue file. The program expects to be run
from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- The QMQP server implements one access policy: only explicitly autho‐
+ The QMQP server implements one access policy: only explicitly autho-
rized client hosts are allowed to use the service.
<b>SECURITY</b>
It is therefore not possible to reject individual recipients.
The QMQP protocol requires the server to receive the entire message
- before replying. If a message is malformed, or if any netstring compo‐
+ before replying. If a message is malformed, or if any netstring compo-
nent is longer than acceptable, Postfix replies immediately and closes
the connection. It is left up to the client to handle the situation.
specified <i>transport:destination</i>.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in content filter‐
+ Enable or disable recipient validation, built-in content filter-
ing, or address mapping.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>RESOURCE AND RATE CONTROLS</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
use the "<b>postconf -m</b>" command.
To test lookup tables, use the "<b>postmap -q</b>" command as described in the
- SYNOPSIS above.
+ SYNOPSIS above. Use "<b>postmap -hmq -</b> <<i>file</i>" for <a href="header_checks.5.html">header_checks(5)</a> pat-
+ terns, and "<b>postmap -bmq -</b> <<i>file</i>" for <a href="header_checks.5.html">body_checks(5)</a> (Postfix 2.6 and
+ later).
<b>COMPATIBILITY</b>
With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com‐
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
patibility interface. For the sake of compatibility with existing
applications, some Sendmail command-line options are recognized but
silently ignored.
arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common modes of opera‐
+ Specific command aliases are provided for other common modes of opera-
tion:
<b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
<b>*</b> The message is in the <b>active</b> queue, i.e. the message is
selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv‐
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
ery attempt will be made until the mail is taken off
hold.
<b>newaliases</b>
Initialize the alias database. If no input file is specified
(with the <b>-oA</b> option, see below), the program processes the
- file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame‐
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
ter. If no alias database type is specified, the program uses
the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
parameter. This mode of operation is implemented by running the
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
<b>-bl</b> Go into daemon mode. To accept only local connections as with
- Sendmail
´s <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ Sendmail
's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
<b>-bm</b> Read mail from standard input and arrange for delivery. This is
before 2.3.
With all Postfix versions, you can specify a directory pathname
- with the MAIL_CONFIG environment variable to override the loca‐
+ with the MAIL_CONFIG environment variable to override the loca-
tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
Set the sender full name. This overrides the NAME environment
- variable, and is used only with messages that have no <b>From:</b> mes‐
+ variable, and is used only with messages that have no <b>From:</b> mes-
sage header.
<b>-f</b> <i>sender</i>
the <b>Errors-To:</b> message header overrides the error return
address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial user submis‐
- sion. Either do not rewrite addresses at all, or update incom‐
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
plete addresses with the domain information specified with
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
<b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don´t treat a line
+ <b>-i</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate MIME encap‐
+ To send 8-bit or binary content, use an appropriate MIME encap-
sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don´t treat a line
+ <b>-oi</b> When reading a message from standard input, don't treat a line
with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame‐
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe‐
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
Warning: flushing undeliverable mail frequently will result in
poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config‐
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
uration parameter instead.
<b>-qI</b><i>queueid</i>
Schedule immediate delivery of mail with the specified queue ID.
- This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com‐
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is queued for the
- named <i>site</i>. This option accepts only <i>site</i> names that are eligi‐
- ble for the "fast flush" service, and is implemented by execut‐
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
about the "fast flush" service.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
- instead of the characters specified with the <b>default_verp_delim</b>‐\b‐
- <b>iters</b> configuration parameter.
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt (Postfix ver‐
- sions 2.1 and later). Mail delivery always happens in the back‐
- ground. When multiple <b>-v</b> options are given, enable verbose log‐
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro‐
- gram. The text below provides only a parameter summary. See <b>post</b>‐\b‐
- <b>conf</b>(5) for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail with the <b>send</b>‐\b‐
- <b>mail</b>(1) command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com‐
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for per-destina‐
+ Optional list of destinations that are eligible for per-destina-
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>FILES</b>
SMTP messages from the network and throws them away. The purpose is to
measure client performance, not protocol compliance.
- <b>smtp-sink</b> may also be configured to capture each mail delivery transac‐
+ <b>smtp-sink</b> may also be configured to capture each mail delivery transac-
tion to file. Since disk latencies are large compared to network
delays, this mode of operation can reduce the maximal performance by
several orders of magnitude.
domain sockets. IPv4 and IPv6 are the default. This program is the
complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> program.
- Note: this is an unsupported test program. No attempt is made to main‐
+ Note: this is an unsupported test program. No attempt is made to main-
tain compatibility between successive versions.
Arguments:
<b>-a</b> Do not announce SASL authentication support.
<b>-A</b> <i>delay</i>
- Wait <i>delay</i> seconds after responding to DATA, then abort prema‐
+ Wait <i>delay</i> seconds after responding to DATA, then abort prema-
turely with a 550 reply status. Do not read further input from
the client; this is an attempt to block the client before it
sends ".". Specify a zero delay value to abort immediately.
Use <i>hard-bounce-reply</i> for hard reject responses. The default
reply is "500 5.3.0 Error: command failed".
- <b>-c</b> Display running counters that are updated whenever an SMTP ses‐
+ <b>-c</b> Display running counters that are updated whenever an SMTP ses-
sion ends, a QUIT command is executed, or when "." is received.
<b>-C</b> Disable XCLIENT support.
is created by expanding the <i>dump-template</i> via strftime(3) and
appending a pseudo-random hexadecimal number (example:
"%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). If the
- template contains "/" characters, missing directories are cre‐
+ template contains "/" characters, missing directories are cre-
ated automatically. The message dump format is described below.
Note: this option keeps one capture file open for every mail
<b>-m</b> <i>count</i> (default: 256)
An upper bound on the maximal number of simultaneous connections
- that <b>smtp-sink</b> will handle. This prevents the process from run‐
+ that <b>smtp-sink</b> will handle. This prevents the process from run-
ning out of file descriptors. Excess connections will stay
queued in the TCP/IP stack.
CISCO PIX system. Implies <b>-e</b>.
<b>-q</b> <i>command,command,...</i>
- Disconnect (without replying) after receiving one of the speci‐
+ Disconnect (without replying) after receiving one of the speci-
fied commands.
Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
from the shell. Command names are case-insensitive.
<b>-Q</b> <i>command,command,...</i>
- Send a 421 reply and disconnect after receiving one of the spec‐
+ Send a 421 reply and disconnect after receiving one of the spec-
ified commands.
Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
An optional string that is prepended to each message that is
written to a dump file (see the dump file format description
below). The following C escape sequences are supported: \a
- (bell), \b (backslace), \f (formfeed), \n (newline), \r (car‐
+ (bell), \b (backslace), \f (formfeed), \n (newline), \r (car-
riage return), \t (horizontal tab), \v (vertical tab), \<i>ddd</i> (up
to three octal digits) and \\ (the backslash character).
window scaling implementations, specify a value > 0 and < 65536.
<b>-u</b> <i>username</i>
- Switch to the specified user privileges after opening the net‐
+ Switch to the specified user privileges after opening the net-
work socket and optionally changing the process root directory.
This option is required when the process runs with super-user
privileges. See also the <b>-R</b> option.
Each dumped message contains a sequence of text lines, terminated with
the newline character. The sequence of information is as follows:
- · The optional string specified with the <b>-S</b> option.
+ <b>o</b> The optional string specified with the <b>-S</b> option.
- · The <b>smtp-sink</b> generated headers as documented below.
+ <b>o</b> The <b>smtp-sink</b> generated headers as documented below.
- · The message header and body as received from the SMTP client.
+ <b>o</b> The message header and body as received from the SMTP client.
- · An empty line.
+ <b>o</b> An empty line.
The format of the <b>smtp-sink</b> generated headers is as follows:
<b>X-Helo-Args:</b> <i>text</i>
The arguments of the last HELO or EHLO command before this mail
delivery transaction. This record is present only if the client
- sent a recognizable HELO or EHLO command before the DATA com‐
+ sent a recognizable HELO or EHLO command before the DATA com-
mand.
<b>X-Mail-Args:</b> <i>text</i>
- The arguments of the MAIL command that started this mail deliv‐
+ The arguments of the MAIL command that started this mail deliv-
ery transaction. This record is present exactly once.
<b>X-Rcpt-Args:</b> <i>text</i>
are in the order as sent by the client.
<b>Received:</b> <i>text</i>
- A message header for compatibility with mail processing soft‐
- ware. This three-line header marks the end of the headers pro‐
+ A message header for compatibility with mail processing soft-
+ ware. This three-line header marks the end of the headers pro-
vided by <b>smtp-sink</b>, and is formatted as follows:
<b>from</b> <i>helo</i> <b>([</b><i>addr</i><b>])</b>
<b>by</b> <i>host</i> <b>(smtp-sink) with</b> <i>proto</i> <b>id</b> <i>random</i><b>;</b>
The hostname specified with the <b>-h</b> option, the client
- protocol (see <b>X-Client-Proto</b> above), and the pseudo-ran‐
+ protocol (see <b>X-Client-Proto</b> above), and the pseudo-ran-
dom portion of the per-message capture file name.
<i>time-stamp</i>
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
- protocols. It processes message delivery requests from the queue man‐
+ protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<i>domainname</i>
<i>domainname</i>:<i>port</i>
- Look up the mail exchangers for the specified domain, and con‐
+ Look up the mail exchangers for the specified domain, and con-
nect to the specified port (default: <b>smtp</b>).
[<i>hostname</i>]
[<i>address</i>]:<i>port</i>
Connect to the host at the specified address, and connect to the
- specified port (default: <b>smtp</b>). An IPv6 address must be format‐
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
ted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
files are marked so that the queue manager can move them to the <b>corrupt</b>
queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
there is no support for TLS, and connections are cached in-process,
making it ineffective when the client is used for multiple domains.
- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param‐
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
When authenticating to a remote SMTP or LMTP server with the
default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth‐
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal‐
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes‐
+ response line, SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
- delivery status code or explanatory text of successful or unsuc‐
+ delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
<b>MIME PROCESSING CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user‐
+ Optional Postfix SMTP client lookup tables with one user-
name:password entry per remote hostname or domain, or sender
address when sender-dependent authentication is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen‐
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif‐
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail‐
+ An optional table to prevent repeated SASL authentication fail-
ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer‐
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev‐
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS security
- policy by next-hop destination; when a non-empty value is speci‐
+ policy by next-hop destination; when a non-empty value is speci-
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2)</b>
Available in Postfix version 2.4 and later:
- <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($smtp_sasl_tls_secu</b>‐\b‐
- <b>rity_options)</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions with a verified
server certificate.
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
List of acceptable remote SMTP server certificate fingerprints
- for the "fingerprint" TLS security level (<b>smtp_tls_secu</b>‐\b‐
- <b>rity_level</b> = fingerprint).
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
The message digest algorithm used to construct remote SMTP
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for‐
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for‐
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali‐
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host‐
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
- <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($default_destination_concur</b>‐\b‐
- <b>rency_limit)</b>
- The maximal number of parallel deliveries to the same destina‐
+ <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
tion via the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b>
- The maximal number of recipients per message for the smtp mes‐
+ The maximal number of recipients per message for the smtp mes-
sage delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec‐
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
and for receiving the initial remote LMTP server response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the XFORWARD com‐
+ The Postfix SMTP client time limit for sending the XFORWARD com-
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
- The amount of time during which Postfix will use an SMTP connec‐
+ The amount of time during which Postfix will use an SMTP connec-
tion repeatedly.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera‐
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 and later:
Change the behavior of the smtp_*_timeout time limits, from a
time limit per read or write system call, to a time limit to
send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes‐
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
- problems that are caused by policy, resource, software or proto‐
+ problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log‐
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv‐
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available with Postfix 2.2 and earlier:
The SMTP server accepts network connection requests and performs zero
or more SMTP transactions per connection. Each received message is
piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
- queue as one single queue file. For this mode of operation, the pro‐
+ queue as one single queue file. For this mode of operation, the pro-
gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
Alternatively, the SMTP server be can run in stand-alone mode; this is
The SMTP server implements a variety of policies for connection
requests, and for parameters given to <b>HELO, ETRN, MAIL FROM, VRFY</b> and
- <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura‐
+ <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
tion file.
<b>SECURITY</b>
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas‐
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, policy violations, and
of other trouble.
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
Force the Postfix SMTP server to issue a TLS session id, even
- when TLS session caching is turned off (smtpd_tls_ses‐
- sion_cache_database is empty).
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal‐
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.7 and later:
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
- Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and smtpd_start‐
- tls_timeout time limits, from a time limit per read or write
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
system call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line, SMTP message
content line, or TLS protocol message).
Postfix address rewriting.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in content filter‐
+ Enable or disable recipient validation, built-in content filter-
ing, or address mapping.
Available in Postfix version 2.2 and later:
update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
$<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
clients at all, or rewrite message headers and update incomplete
- addresses with the domain specified in the remote_header_re‐
- write_domain parameter.
+ addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
+ <a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
<b>BEFORE-SMTPD PROXY AGENT</b>
Available in Postfix version 2.10 and later:
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
As of version 1.0, Postfix can be configured to send new mail to an
external content filter AFTER the mail is queued. This content filter
- is expected to inject mail back into a (Postfix or other) MTA for fur‐
+ is expected to inject mail back into a (Postfix or other) MTA for fur-
ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details.
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
As of version 2.1, the Postfix SMTP server can be configured to send
incoming mail to a real-time SMTP-based content filter BEFORE mail is
- queued. This content filter is expected to inject mail back into Post‐
- fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config‐
+ queued. This content filter is expected to inject mail back into Post-
+ fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
ure and operate this feature.
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
The hostname and TCP port of the mail filtering proxy server.
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- How the Postfix SMTP server announces itself to the proxy fil‐
+ How the Postfix SMTP server announces itself to the proxy fil-
ter.
<b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
- List of options that control how the Postfix SMTP server commu‐
+ List of options that control how the Postfix SMTP server commu-
nicates with a before-queue content filter.
<b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
filter) protocol. These content filters run outside Postfix. They can
inspect the SMTP command stream and the message content, and can
- request modifications before mail is queued. For details see the MIL‐
- <a href="TER_README.html">TER_README</a> document.
+ request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>-
+ <a href="MILTER_README.html">TER_README</a> document.
<b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
A list of Milter (mail filter) applications for new mail that
arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
- The mail filter protocol version and optional protocol exten‐
+ The mail filter protocol version and optional protocol exten-
sions for communication with a Milter application; prior to
Postfix 2.6 the default protocol is 2.
unavailable or mis-configured.
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The {daemon_name} macro value for Milter (mail filter) applica‐
+ The {daemon_name} macro value for Milter (mail filter) applica-
tions.
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
The {v} macro value for Milter (mail filter) applications.
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
- The time limit for connecting to a Milter (mail filter) applica‐
+ The time limit for connecting to a Milter (mail filter) applica-
tion, and for negotiating protocol options.
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in content filter‐
+ Enable or disable recipient validation, built-in content filter-
ing, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
- What remote SMTP clients are allowed to use the XFORWARD fea‐
+ What remote SMTP clients are allowed to use the XFORWARD fea-
ture.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
Postfix SMTP server SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL server implemen‐
+ list of available features depends on the SASL server implemen-
tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
- Search path for Cyrus SASL application configuration files, cur‐
+ Search path for Cyrus SASL application configuration files, cur-
rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
The SMTP TLS security level for the Postfix SMTP server; when a
- non-empty value is specified, this overrides the obsolete param‐
+ non-empty value is specified, this overrides the obsolete param-
eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b>
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
A file containing (PEM format) CA certificates of root CAs
- trusted to sign either remote SMTP client certificates or inter‐
+ trusted to sign either remote SMTP client certificates or inter-
mediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
A directory containing (PEM format) CA certificates of root CAs
- trusted to sign either remote SMTP client certificates or inter‐
+ trusted to sign either remote SMTP client certificates or inter-
mediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
Force the Postfix SMTP server to issue a TLS session id, even
- when TLS session caching is turned off (smtpd_tls_ses‐
- sion_cache_database is empty).
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
Ask a remote SMTP client for a client certificate.
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
When TLS encryption is optional in the Postfix SMTP server, do
- not announce or accept SASL authentication over unencrypted con‐
+ not announce or accept SASL authentication over unencrypted con-
nections.
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP server cipher list at mandatory TLS security lev‐
+ Postfix SMTP server cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2)</b>
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP server ECDSA certificate in PEM for‐
+ File with the Postfix SMTP server ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
- File with the Postfix SMTP server ECDSA private key in PEM for‐
+ File with the Postfix SMTP server ECDSA private key in PEM for-
mat.
<b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
Available in Postfix version 2.8 and later:
<b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
- With SSLv3 and later, use the Postfix SMTP server's cipher pref‐
+ With SSLv3 and later, use the Postfix SMTP server's cipher pref-
erence order instead of the remote client's cipher preference
order.
Enable stricter enforcement of the SMTPUTF8 protocol.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>VERP SUPPORT CONTROLS</b>
- With VERP style delivery, each recipient of a message receives a cus‐
+ With VERP style delivery, each recipient of a message receives a cus-
tomized copy of the message with his/her own recipient address encoded
- in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config‐
+ in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
uration and operation details of Postfix support for variable envelope
return path addresses. VERP style delivery is requested with the SMTP
XVERP command or with the "sendmail -V" command-line option and is
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- What remote SMTP clients are allowed to specify the XVERP com‐
+ What remote SMTP clients are allowed to specify the XVERP com-
mand.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
- What remote SMTP clients are allowed to specify the XVERP com‐
+ What remote SMTP clients are allowed to specify the XVERP com-
mand.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
- problems that are caused by policy, resource, software or proto‐
+ problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
As of Postfix version 2.0, the SMTP server rejects mail for unknown
- recipients. This prevents the mail queue from clogging up with undeliv‐
+ recipients. This prevents the mail queue from clogging up with undeliv-
erable MAILER-DAEMON messages. Additional information on this topic is
in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
Lookup tables with all names or addresses of local recipients: a
- recipient address is local when its domain matches $mydestina‐
-
tion, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+ recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
+
<a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code when a recipient
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a recipient
- address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci‐
+ address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
fies a list of lookup tables that does not match the recipient
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The Postfix SMTP server reply code when a recipient address
- matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci‐
+ matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
fies a list of lookup tables that does not match the recipient
address.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The Postfix SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
- specifies a list of lookup tables that does not match the recip‐
+ specifies a list of lookup tables that does not match the recip-
ient address.
<b>RESOURCE AND RATE CONTROLS</b>
this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
- The minimal amount of free space in bytes in the queue file sys‐
+ The minimal amount of free space in bytes in the queue file sys-
tem that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
Attempt to look up the remote SMTP client hostname, and verify
that the name matches the client IP address.
- The per SMTP client connection count and request rate limits are imple‐
+ The per SMTP client connection count and request rate limits are imple-
mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
Postfix version 2.2 and later.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
- Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and smtpd_start‐
- tls_timeout time limits, from a time limit per read or write
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
system call, to a time limit to send or receive a complete
record (an SMTP command line, SMTP response line, SMTP message
content line, or TLS protocol message).
The default action when an SMTPD policy service request fails.
<b><a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (0)</b>
- The maximal number of requests per SMTPD policy service connec‐
+ The maximal number of requests per SMTPD policy service connec-
tion, or zero (no limit).
<b><a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (2)</b>
request before giving up.
<b><a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (1s)</b>
- The delay between attempts to resend a failed SMTPD policy ser‐
+ The delay between attempts to resend a failed SMTPD policy ser-
vice request.
<b>ACCESS CONTROLS</b>
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients to destina‐
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient address verifica‐
+ Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. This feature is requested via the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is maintained by the
- <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor‐
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
mation about how to configure and operate the Postfix sender/recipient
address verification service.
of an address verification request in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
- The delay between queries for the completion of an address veri‐
+ The delay between queries for the completion of an address veri-
fication request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
The numerical Postfix SMTP server response when a recipient
- address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric‐
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
tion.
Available in Postfix version 2.6 and later:
fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when reject_unverified_recipi‐
- ent fails due to a temporary error condition.
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ <a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
Available with Postfix 2.9 and later:
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when the host‐
+ The numerical Postfix SMTP server response code when the host-
name specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code when a remote
- SMTP client request is blocked by the reject_multi_recipi‐
- ent_bounce restriction.
+ SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ <a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
Optional lookup tables with RBL response templates.
fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when reject_unknown_helo_host‐
- name fails due to an temporary error condition.
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
The Postfix SMTP server's action when
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that are gener‐
+ The sender address of postmaster notifications that are gener-
ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" remote SMTP clients that have more privi‐
+ The list of "trusted" remote SMTP clients that have more privi-
leges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that cause the Postfix SMTP server to immedi‐
+ List of commands that cause the Postfix SMTP server to immedi-
ately terminate the session with a 221 code.
Available in Postfix version 2.5 and later:
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta‐
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
tus information. Each log file is named after the queue file that it
corresponds to, and is kept in a queue subdirectory named after the
service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
- · Append a recipient (non-)delivery status record to a per-message
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
log file.
- · Enqueue a delivery status notification message, with a copy of a
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
per-message log file and of the corresponding message. When the
delivery status notification message is enqueued successfully,
the per-message log file is deleted.
- The software does a best notification effort. A non-delivery notifica‐
+ The software does a best notification effort. A non-delivery notifica-
tion is sent even when the log file or the original message cannot be
read.
Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
- ers of mail that Postfix did not deliver and of SMTP conversa‐
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the message head‐
+ The recipient of postmaster notifications with the message head-
ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
time units.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix 2.12 and later:
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>FILES</b>
strip source routed addresses (<i>@site,@site:user@domain</i>)
to <i>user@domain</i> form.
- <b>remote</b> Append the domain name specified with <b>$remote_header_re</b>‐\b‐
- <b>write_domain</b> to incomplete addresses. Otherwise the
- result is identical to that of the <b>local</b> address rewrit‐
+ <b>remote</b> Append the domain name specified with <b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-</b>
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a></b> to incomplete addresses. Otherwise the
+ result is identical to that of the <b>local</b> address rewrit-
ing context. This prevents Postfix from appending the
local domain to spam from poorly written remote clients.
entry in the <a href="master.5.html"><b>master.cf</b></a> file.
<i>nexthop</i>
- The host to send to and optional delivery method informa‐
+ The host to send to and optional delivery method informa-
tion.
<i>recipient</i>
- The envelope recipient address that is passed on to <i>nex‐</i>
+ The envelope recipient address that is passed on to <i>nex-</i>
<i>thop</i>.
<i>flags</i> The address class, whether the address requires relaying,
<b><a href="postconf.5.html#default_transport">default_transport</a> (smtp)</b>
The default mail delivery transport and next-hop destination for
destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
- $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $virtual_mail‐
-
box_domains, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+ $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail</a>-
+
<a href="postconf.5.html#virtual_mailbox_domains">box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
A list of Postfix features where the pattern "example.com" also
parameter setting.
<b>ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient address verifica‐
+ Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. By default, address verification probes
use the same route as regular mail. To override specific aspects of
the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
- Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver‐
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
- Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver‐
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
verification probes.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica‐
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
tion probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri‐
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
fication probes.
Available in Postfix version 2.3 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($sender_depen</b>‐\b‐
- <b>dent_relayhost_maps)</b>
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
for address verification probes.
Available in Postfix version 2.7 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($sender_depen</b>‐\b‐
- <b>dent_default_transport_maps)</b>
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
setting for address verification probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration settings, and pro‐
+ Log warnings about problematic configuration settings, and pro-
vide helpful suggestions.
<b>SEE ALSO</b>
principle.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> pro‐
- cesses are long-lived. Use the command "<b>postfix reload</b>" after a config‐
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> pro-
+ cesses are long-lived. Use the command "<b>postfix reload</b>" after a config-
uration change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
Available with Postfix 2.7 and later:
<b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b>
- The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address verification data‐
+ The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address verification data-
base cleanup runs.
<b>PROBE MESSAGE ROUTING CONTROLS</b>
message routing mechanisms.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica‐
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
tion probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri‐
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
fication probes.
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
- Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver‐
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
- Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver‐
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
ification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
Available in Postfix 2.3 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($sender_depen</b>‐\b‐
- <b>dent_relayhost_maps)</b>
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
for address verification probes.
Available in Postfix 2.7 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($sender_depen</b>‐\b‐
- <b>dent_default_transport_maps)</b>
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
setting for address verification probes.
Preliminary SMTPUTF8 support is introduced with Postfix 2.12.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci‐
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con‐
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the process name in
- syslog records, so that "smtpd" becomes, for example, "post‐
+ syslog records, so that "smtpd" becomes, for example, "post-
fix/smtpd".
<b>SEE ALSO</b>
\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap -hmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+
+\fBpostmap -bmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
-To test lookup tables, use the "\fBpostmap -q\fR" command as
-described in the SYNOPSIS above.
+To test lookup tables, use the "\fBpostmap -q\fR" command
+as described in the SYNOPSIS above. Use "\fBpostmap -hmq
+-\fR <\fIfile\fR" for header_checks(5) patterns, and
+"\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5)
+(Postfix 2.6 and later).
.SH "COMPATIBILITY"
.na
.nf
supports use the "\fBpostconf -m\fR" command.
To test lookup tables, use the "\fBpostmap -q\fR" command
-as described in the SYNOPSIS above.
+as described in the SYNOPSIS above. Use "\fBpostmap -hmq
+-\fR <\fIfile\fR" for header_checks(5) patterns, and
+"\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5)
+(Postfix 2.6 and later).
.SH "COMPATIBILITY"
.na
.nf
<h2><a name="config">Configuring Postfix</a></h2>
<p> Like Sendmail, Postfix has a lot of configuration options that
-control how it talks to Milter applications. With the initial Postfix
-Milter protocol implementation, many options are global, that is,
-they apply to all Milter applications. Future Postfix versions may
+control how it talks to Milter applications. Besides global options
+that apply to all Milter applications, Postfix 2.12 and later
support per-Milter timeouts, per-Milter error handling, etc. </p>
<p> Information in this section: </p>
<li><a href="#timeouts">Milter protocol timeouts</a>
+<li><a href="#per-milter">Different settings for different Milter
+applications </a>
+
<li><a href="#macros">Sendmail macro emulation</a>
</ul>
</pre>
</blockquote>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
<h3><a name="version">Milter protocol version</a></h3>
<p> As Postfix is not built with the Sendmail libmilter library,
features that the application's libmilter library does not expect.
</p>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
<h3><a name="timeouts">Milter protocol timeouts</a></h3>
<p> Postfix uses different time limits at different Milter protocol
multiple times. This is an inherent problem with before-queue
filtering. </p>
+<p> See "<a href="#per-milter">Different settings for different
+Milter applications</a>" for advanced configuration options. </p>
+
+<h3><a name="per-milter">Different settings for different Milter
+applications </a></h3>
+
+<p> The previous sections list a number of Postfix main.cf parameters
+that control time limits and other settings for all Postfix Milter
+clients. This is sufficient for simple configurations. With more
+complex configurations it becomes desirable to have different
+settings for different Milter clients. This is supported with Postfix
+2.12 and later. </p>
+
+<p> The following example shows a "non-critical" Milter client with
+a short connect timeout, and with "accept" as default action when
+the service is unvailable. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/main.cf:
+2 smtpd_milters = { inet:host:port,
+3 connect_timeout=10s, default_action=accept }
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 2: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 3: The remainder of the list contains per-Milter
+settings. These settings override global main.cf parameters, and
+have the same name as those parameters, without the "milter_" prefix.
+</p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+main.cf: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space within a value or around "="</b>.
+</p>
+
<h3><a name="macros">Sendmail macro emulation</a></h3>
<p> Postfix emulates a limited number of Sendmail macros, as shown
SRCTOMAN= ../mantools/srctoman
POSTLINK= ../mantools/postlink
DETAB = pr -tre
-NROFF = GROFF_NO_SGR=1 nroff
+NROFF = LANG=C GROFF_NO_SGR=1 nroff
HT2READ = ../mantools/html2readme
MAKEAAA = ../mantools/makereadme
MAKESOHO= ../mantools/make_soho_readme
<li><a href="#protocol">Policy protocol description</a>
-<li><a href="#client_config">Policy client/server configuration</a>
+<li><a href="#client_config">Simple policy client/server configuration</a>
+
+<li><a href="#advanced">Advanced policy client configuration</a>
<li><a href="#greylist">Example: greylist policy server</a>
Instead the server must log a warning and disconnect. Postfix will
retry the request at some later time. </p>
-<h2><a name="client_config">Policy client/server configuration</a></h2>
+<h2><a name="client_config">Simple policy client/server configuration</a></h2>
<p> The Postfix delegated policy client can connect to a TCP socket
or to a UNIX-domain socket. Examples: </p>
</ul>
+<h2><a name="advanced">Advanced policy client configuration</a></h2>
+
+<p> The previous section lists a number of Postfix main.cf parameters
+that control time limits and other settings for all policy clients.
+This is sufficient for simple configurations. With more complex
+configurations it becomes desirable to have different settings per
+policy client. This is supported with Postfix 2.12 and later. </p>
+
+<p> The following example shows a "non-critical" policy service
+with a short timeout, and with "DUNNO" as default action when the
+service is unvailable. The "DUNNO" action causes Postfix to ignore
+the result. </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/main.cf:
+2 smtpd_recipient_restrictions =
+3 ...
+4 reject_unauth_destination
+5 check_policy_service { inet:host:port,
+6 timeout=10s, default_action=DUNNO }
+8 ...
+</pre>
+</blockquote>
+
+<p> Instead of a server endpoint, we now have a list enclosed in {}. </p>
+
+<ul>
+
+<li> <p> Line 5: The first item in the list is the server endpoint.
+This supports the exact same "inet" and "unix" syntax as described
+earlier. </p>
+
+<li> <p> Line 6: The remainder of the list contains per-client
+settings. These settings override global main.cf parameters,
+and have the same name as those parameters, without the
+"smtpd_policy_service_" prefix. </p>
+
+</ul>
+
+<p> Inside the list, syntax is similar to what we already know from
+main.cf: items separated by space or comma. There is one difference:
+<b>you must enclose a setting in parentheses, as in "{ name = value
+}", if you want to have space within a value or around "="</b>.
+This comes in handy when different policy servers require different
+default actions with different SMTP status codes or text: </p>
+
+<blockquote>
+<pre>
+1 /etc/postfix/main.cf:
+2 smtpd_recipient_restrictions =
+3 ...
+4 reject_unauth_destination
+5 check_policy_service {
+6 inet:host:port1,
+7 { default_action = 451 4.3.5 See http://www.example.com/support1 }
+8 }
+9 ...
+</pre>
+</blockquote>
+
<h2><a name="greylist">Example: greylist policy server</a></h2>
<p> Greylisting is a defense against junk email that is described at
# \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
#
# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+#
+# \fBpostmap -hmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
+#
+# \fBpostmap -bmq - pcre:/etc/postfix/\fIfilename\fB <\fIinputfile\fR
# DESCRIPTION
# The Postfix mail system uses optional tables for address
# rewriting, mail routing, or access control. These tables
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
#
-# To test lookup tables, use the "\fBpostmap -q\fR" command as
-# described in the SYNOPSIS above.
-# COMPATIBILITY
+# To test lookup tables, use the "\fBpostmap -q\fR" command
+# as described in the SYNOPSIS above. Use "\fBpostmap -hmq
+# -\fR <\fIfile\fR" for header_checks(5) patterns, and
+# "\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5)
+# (Postfix 2.6 and later).
+# COMPATIBILITY
# .ad
# .fi
# With Postfix version 2.2 and earlier specify "\fBpostmap
# supports use the "\fBpostconf -m\fR" command.
#
# To test lookup tables, use the "\fBpostmap -q\fR" command
-# as described in the SYNOPSIS above.
+# as described in the SYNOPSIS above. Use "\fBpostmap -hmq
+# -\fR <\fIfile\fR" for header_checks(5) patterns, and
+# "\fBpostmap -bmq -\fR <\fIfile\fR" for body_checks(5)
+# (Postfix 2.6 and later).
# COMPATIBILITY
# .ad
# .fi
smtp_reply_footer.c safe_ultostr.c verify_sender_addr.c \
dict_memcache.c mail_version.c memcache_proto.c server_acl.c \
mkmap_fail.c haproxy_srvr.c dsn_filter.c dynamicmaps.c uxtext.c \
- smtputf8.c
+ smtputf8.c mail_conf_over.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
smtp_reply_footer.o safe_ultostr.o verify_sender_addr.o \
dict_memcache.o mail_version.o memcache_proto.o server_acl.o \
mkmap_fail.o haproxy_srvr.o dsn_filter.o dynamicmaps.o uxtext.o \
- smtputf8.o $(NON_PLUGIN_MAP_OBJ)
+ smtputf8.o attr_override.o $(NON_PLUGIN_MAP_OBJ)
# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf.
# When hard-linking these maps, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ),
# otherwise it sets the PLUGIN_* macros.
fold_addr.h header_body_checks.h data_redirect.h match_service.h \
addr_match_list.h smtp_reply_footer.h safe_ultostr.h \
verify_sender_addr.h dict_memcache.h memcache_proto.h server_acl.h \
- haproxy_srvr.h dsn_filter.h dynamicmaps.h uxtext.h smtputf8.h
+ haproxy_srvr.h dsn_filter.h dynamicmaps.h uxtext.h smtputf8.h \
+ attr_override.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
anvil_clnt.o: anvil_clnt.h
anvil_clnt.o: mail_params.h
anvil_clnt.o: mail_proto.h
+attr_override.o: ../../include/msg.h
+attr_override.o: ../../include/stringops.h
+attr_override.o: ../../include/sys_defs.h
+attr_override.o: ../../include/vbuf.h
+attr_override.o: ../../include/vstring.h
+attr_override.o: attr_override.c
+attr_override.o: attr_override.h
+attr_override.o: conv_time.h
+attr_override.o: mail_conf.h
been_here.o: ../../include/htable.h
been_here.o: ../../include/msg.h
been_here.o: ../../include/mymalloc.h
--- /dev/null
+/*++
+/* NAME
+/* attr_override 3
+/* SUMMARY
+/* apply name=value settings from string
+/* SYNOPSIS
+/* #include <attr_override.h>
+/*
+/* void attr_override(bp, delimiters, parens, ... ATTR_OVER_END);
+/* char *bp;
+/* const char *delimiters;
+/* const char *parens;
+/* DESCRIPTION
+/* This routine updates the values of known in-memory variables
+/* based on the name=value specifications from an input string.
+/* The input format supports parentheses around name=value to
+/* allow whitespace around "=" and within values.
+/*
+/* This may be used, for example, with client endpoint
+/* specifications or with policy tables to allow selective
+/* overrides of global main.cf parameter settings (timeouts,
+/* fall-back policies, etc.).
+/*
+/* Arguments:
+/* .IP bp
+/* Pointer to input string. The input is modified.
+/* .IP "delimiters, parens"
+/* See mystrtok(3) for description. Typical values are
+/* ", \\t\\r\\n" and "{}", respectively.
+/* .PP
+/* The parens argument is followed by a list of (key, value,
+/* value) argument triples. Each key may appear only once.
+/* The list must be terminated with ATTR_OVER_END. The following
+/* describes the keys and the expected values.
+/* .IP "ATTR_OVER_STR_TABLE, const ATTR_OVER_STR *, CONST_CHAR_STAR *"
+/* The second argument specifies a null-terminated table with
+/* attribute names and their range limits which should be the
+/* same as for the corresponding main.cf parameters. The
+/* third argument specifies a parallel table with assignment
+/* targets. The result strings are NOT copied.
+/* .IP "ATTR_OVER_TIME_TABLE, const ATTR_OVER_TIME *, int *"
+/* The second argument specifies a null-terminated table with
+/* attribute names, their default time units (leading digits
+/* are skipped), and their range limits which should be the
+/* same as for the corresponding main.cf parameters. The
+/* third argument specifies a parallel table with assignment
+/* targets.
+/* .IP "ATTR_OVER_INT_TABLE, const ATTR_OVER_INT *, int *"
+/* The second argument specifies a null-terminated table with
+/* attribute names and their range limits which should be the
+/* same as for the corresponding main.cf parameters. The
+/* third argument specifies a parallel table with assignment
+/* targets.
+/* BUGS
+/* Parallel tables may be inelegant, but the alternative (static
+/* allocation of target variables) is worse.
+/* SEE ALSO
+/* mystrtok(3), safe tokenizer
+/* extpar(3), extract text from parentheses
+/* split_nameval(3), name-value splitter
+/* DIAGNOSTICS
+/* Panic: interface violations.
+/*
+/* Fatal errors: memory allocation problem, syntax error,
+/* out-of-range error.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <errno.h>
+#include <string.h>
+#include <stdlib.h> /* strtol() */
+
+ /*
+ * Utility library.
+ */
+#include <msg.h>
+#include <stringops.h>
+
+ /*
+ * Global library.
+ */
+#include <mail_conf.h>
+#include <conv_time.h>
+#include <attr_override.h>
+
+/* attr_override - apply settings from list of attribute=value pairs */
+
+void attr_override(char *cp, const char *sep, const char *parens,...)
+{
+ const char myname[] = "attr_override";
+ va_list ap;
+ int idx;
+ char *nameval;
+ const ATTR_OVER_INT *int_table = 0;
+ const ATTR_OVER_STR *str_table = 0;
+ const ATTR_OVER_TIME *time_table = 0;
+ int *int_tgts = 0;
+ CONST_CHAR_STAR *str_tgts = 0;
+ int *time_tgts = 0;
+
+ /*
+ * Get the lookup tables and assignment targets.
+ */
+ va_start(ap, parens);
+ while ((idx = va_arg(ap, int)) != 0) {
+ switch (idx) {
+ case ATTR_OVER_INT_TABLE:
+ if (int_table)
+ msg_panic("%s: multiple ATTR_OVER_INT_TABLE", myname);
+ int_table = va_arg(ap, const ATTR_OVER_INT *);
+ int_tgts = va_arg(ap, int *);
+ break;
+ case ATTR_OVER_STR_TABLE:
+ if (str_table)
+ msg_panic("%s: multiple ATTR_OVER_STR_TABLE", myname);
+ str_table = va_arg(ap, const ATTR_OVER_STR *);
+ str_tgts = va_arg(ap, CONST_CHAR_STAR *);
+ break;
+ case ATTR_OVER_TIME_TABLE:
+ if (time_table)
+ msg_panic("%s: multiple ATTR_OVER_TIME_TABLE", myname);
+ time_table = va_arg(ap, const ATTR_OVER_TIME *);
+ time_tgts = va_arg(ap, int *);
+ break;
+ default:
+ msg_panic("%s: unknown argument type: %d", myname, idx);
+ }
+ }
+ va_end(ap);
+
+ /*
+ * Process each attribute=value override in the input string.
+ */
+ while ((nameval = mystrtokq(&cp, sep, parens)) != 0) {
+ int found = 0;
+ char *key;
+ char *value;
+ const char *err;
+ const ATTR_OVER_INT *ip;
+ const ATTR_OVER_STR *sp;
+ const ATTR_OVER_TIME *tp;
+ int int_val;
+ int def_unit;
+ char *end;
+ long longval;
+
+ /*
+ * Split into name and value.
+ */
+ /* { name = value } */
+ if (*nameval == parens[0]
+ && (err = extpar(&nameval, parens, EXPAR_FLAG_NONE)) != 0)
+ msg_fatal("%s in \"%s\"", err, nameval);
+ if ((err = split_nameval(nameval, &key, &value)) != 0)
+ msg_fatal("malformed option: %s: \"...%s...\"", err, nameval);
+
+ /*
+ * Look up the name and apply the value.
+ */
+ for (sp = str_table; sp != 0 && found == 0 && sp->name != 0; sp++) {
+ if (strcmp(sp->name, key) != 0)
+ continue;
+ check_mail_conf_str(sp->name, value, sp->min, sp->max);
+ str_tgts[sp - str_table] = value;
+ found = 1;
+ }
+ for (ip = int_table; ip != 0 && found == 0 && ip->name != 0; ip++) {
+ if (strcmp(ip->name, key) != 0)
+ continue;
+ /* XXX Duplicated from mail_conf_int(3). */
+ errno = 0;
+ int_val = longval = strtol(value, &end, 10);
+ if (*value == 0 || *end != 0 || errno == ERANGE
+ || longval != int_val)
+ msg_fatal("bad numerical configuration: %s = %s", key, value);
+ check_mail_conf_int(key, int_val, ip->min, ip->max);
+ int_tgts[ip - int_table] = int_val;
+ found = 1;
+ }
+ for (tp = time_table; tp != 0 && found == 0 && tp->name != 0; tp++) {
+ if (strcmp(tp->name, key) != 0)
+ continue;
+ def_unit = tp->defval[strspn(tp->defval, "0123456789")];
+ if (conv_time(value, &int_val, def_unit) == 0)
+ msg_fatal("%s: bad time value or unit: %s", key, value);
+ check_mail_conf_time(key, int_val, tp->min, tp->max);
+ time_tgts[tp - time_table] = int_val;
+ found = 1;
+ }
+ if (found == 0)
+ msg_fatal("unknown option: \"%s = %s\"", key, value);
+ }
+}
--- /dev/null
+#ifndef _ATTR_OVERRIDE_H_INCLUDED_
+#define _ATTR_OVERRIDE_H_INCLUDED_
+
+/*++
+/* NAME
+/* attr_override 3h
+/* SUMMARY
+/* apply name=value settings from string
+/* SYNOPSIS
+/* #include <attr_override.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * External interface.
+ */
+extern void attr_override(char *, const char *, const char *,...);
+
+typedef const char *CONST_CHAR_STAR;
+
+typedef struct {
+ const char *name;
+ int min;
+ int max;
+} ATTR_OVER_STR;
+
+typedef struct {
+ const char *name;
+ const char *defval;
+ int min;
+ int max;
+} ATTR_OVER_TIME;
+
+typedef struct {
+ const char *name;
+ int min;
+ int max;
+} ATTR_OVER_INT;
+
+#define ATTR_OVER_END 0
+#define ATTR_OVER_STR_TABLE 1
+#define ATTR_OVER_TIME_TABLE 2
+#define ATTR_OVER_INT_TABLE 3
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
extern long get_mail_conf_long2(const char *, const char *, long, long, long);
extern int get_mail_conf_time2(const char *, const char *, int, int, int, int);
extern int get_mail_conf_nint2(const char *, const char *, int, int, int);
+extern void check_mail_conf_str(const char *, const char *, int, int);
+extern void check_mail_conf_time(const char *, int, int, int);
+extern void check_mail_conf_int(const char *, int, int, int);
/*
* Lookup with function-call defaults.
/* int defval;
/* int min;
/* int max;
+/*
+/* void check_mail_conf_int(name, intval, min, max)
+/* const char *name;
+/* int intval;
+/* int min;
+/* int max;
/* DESCRIPTION
/* This module implements configuration parameter support
/* for integer values.
/*
/* get_mail_conf_int2() concatenates the two names and is otherwise
/* identical to get_mail_conf_int().
+/*
+/* check_mail_conf_int() exits with a fatal run-time error
+/* when the integer value does not meet its requirements.
/* DIAGNOSTICS
/* Fatal errors: malformed numerical value.
/* SEE ALSO
/* check_mail_conf_int - validate integer value */
-static void check_mail_conf_int(const char *name, int intval, int min, int max)
+void check_mail_conf_int(const char *name, int intval, int min, int max)
{
if (min && intval < min)
msg_fatal("invalid %s parameter value %d < %d", name, intval, min);
/* const char *defval;
/* int min;
/* int max;
+/*
+/* void check_mail_conf_str(name, strval, min, max)
+/* const char *name;
+/* const char *strval;
+/* int min;
+/* int max;
/* DESCRIPTION
/* This module implements support for string-valued global
/* configuration parameters.
/*
/* get_mail_conf_str2() concatenates the two names and is otherwise
/* identical to get_mail_conf_str().
+/*
+/* check_mail_conf_str() exits with a fatal run-time error
+/* when the string does not meet its length requirements.
/* DIAGNOSTICS
/* Fatal errors: bad string length.
/* SEE ALSO
/* check_mail_conf_str - validate string length */
-static void check_mail_conf_str(const char *name, const char *strval,
- int min, int max)
+void check_mail_conf_str(const char *name, const char *strval,
+ int min, int max)
{
ssize_t len = strlen(strval);
/* int def_unit;
/* int min;
/* int max;
+/*
+/* void check_mail_conf_time(name, intval, min, max)
+/* const char *name;
+/* int intval;
+/* int min;
+/* int max;
/* DESCRIPTION
/* This module implements configuration parameter support
/* for time interval values. The conversion routines understand
/* get_mail_conf_time_table() and get_mail_conf_time_fn_table() initialize
/* lists of variables, as directed by their table arguments. A table
/* must be terminated by a null entry.
+/*
+/* check_mail_conf_time() terminates the program with a fatal
+/* runtime error when the time does not meet its requirements.
/* DIAGNOSTICS
/* Fatal errors: malformed numerical value, unknown time unit.
/* BUGS
/* check_mail_conf_time - validate integer value */
-static void check_mail_conf_time(const char *name, int intval, int min, int max)
+void check_mail_conf_time(const char *name, int intval, int min, int max)
{
if (min && intval < min)
msg_fatal("invalid %s: %d (min %d)", name, intval, min);
/* get_mail_conf_time2 - evaluate integer-valued configuration variable */
int get_mail_conf_time2(const char *name1, const char *name2,
- int defval, int def_unit, int min, int max)
+ int defval, int def_unit, int min, int max)
{
int intval;
char *name;
{
char buf[BUFSIZ]; /* yeah! crappy code! */
- sprintf(buf, "%ds", value); /* yeah! more crappy code! */
+ sprintf(buf, "%ds", value); /* yeah! more crappy code! */
mail_conf_update(name, buf);
}
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20140924"
+#define MAIL_RELEASE_DATE "20140928"
#define MAIL_VERSION_NUMBER "2.12"
#ifdef SNAPSHOT
char *atmp;
const char *parse_err;
static char *saved_interfaces = 0;
+ char *err;
if (master_fp == 0)
msg_panic("get_master_ent: config file not open");
argv_add(serv->args, "-s",
vstring_str(vstring_sprintf(junk, "%d", serv->listen_fd_count)),
(char *) 0);
- while ((cp = mystrtok(&bufp, master_blanks)) != 0)
+ while ((cp = mystrtokq(&bufp, master_blanks, "{}")) != 0) {
+ if (*cp == '{' && (err = extpar(&cp, "{}", EXPAR_FLAG_STRIP)) != 0)
+ msg_fatal("%s: line %d: %s",
+ VSTREAM_PATH(master_fp), master_line, err);
argv_add(serv->args, cp, (char *) 0);
+ }
argv_terminate(serv->args);
/*
milter.o: ../../include/argv.h
milter.o: ../../include/attr.h
milter.o: ../../include/iostuff.h
+milter.o: ../../include/mail_conf.h
+milter.o: ../../include/mail_params.h
milter.o: ../../include/mail_proto.h
milter.o: ../../include/msg.h
milter.o: ../../include/mymalloc.h
#include <mail_proto.h>
#include <record.h>
#include <rec_type.h>
+#include <mail_params.h>
+#include <attr_override.h>
/* Postfix Milter library. */
m->disc_event(m);
}
+ /*
+ * Table-driven parsing of main.cf parameter overrides for specific Milters.
+ * We derive the override names from the corresponding main.cf parameter
+ * names by skipping the redundant "milter_" prefix.
+ *
+ * To avoid ugly static allocation of assignment targets, we use stack-based
+ * parallel arrays which is less inelegant.
+ */
+static const ATTR_OVER_TIME time_table[] = {
+ 7 + VAR_MILT_CONN_TIME, DEF_MILT_CONN_TIME, 1, 0,
+ 7 + VAR_MILT_CMD_TIME, DEF_MILT_CMD_TIME, 1, 0,
+ 7 + VAR_MILT_MSG_TIME, DEF_MILT_MSG_TIME, 1, 0,
+ 0,
+};
+static const ATTR_OVER_STR str_table[] = {
+ 7 + VAR_MILT_PROTOCOL, 1, 0,
+ 7 + VAR_MILT_DEF_ACTION, 1, 0,
+ 0,
+};
+
+#define conn_timeout_override time_tgts[0]
+#define cmd_timeout_override time_tgts[1]
+#define msg_timeout_override time_tgts[2]
+
+#define protocol_override str_tgts[0]
+#define action_override str_tgts[1]
+
/* milter_new - create milter list */
MILTERS *milter_new(const char *names,
char *name;
MILTER *milter;
const char *sep = ", \t\r\n";
+ const char *parens = "{}";
+ int time_tgts[sizeof(time_table) / sizeof(time_table[0])];
+ const char *str_tgts[sizeof(str_table) / sizeof(str_table[0])];
/*
* Parse the milter list.
*/
milters = (MILTERS *) mymalloc(sizeof(*milters));
- if (names != 0) {
+ if (names != 0 && *names != 0) {
char *saved_names = mystrdup(names);
char *cp = saved_names;
-
- while ((name = mystrtok(&cp, sep)) != 0) {
- milter = milter8_create(name, conn_timeout, cmd_timeout,
- msg_timeout, protocol, def_action,
- milters);
+ char *name_override;
+ char *op;
+ char *err;
+
+ /*
+ * Instantiate Milters, allowing for per-Milter overrides.
+ */
+ while ((name = mystrtokq(&cp, sep, parens)) != 0) {
+ if (name[0] == '{') { /* } */
+ op = name;
+ if ((err = extpar(&op, parens, EXPAR_FLAG_NONE)) != 0)
+ msg_fatal("milter service syntax error: %s", err);
+ if ((name_override = mystrtok(&op, sep)) == 0) {
+ msg_fatal("empty milter definition: \"%s\"", name);
+ } else {
+ conn_timeout_override = conn_timeout;
+ cmd_timeout_override = cmd_timeout;
+ msg_timeout_override = msg_timeout;
+ protocol_override = protocol;
+ action_override = def_action;
+ attr_override(op, sep, parens,
+ ATTR_OVER_STR_TABLE, str_table, str_tgts,
+ ATTR_OVER_TIME_TABLE, time_table, time_tgts,
+ 0);
+ milter = milter8_create(name_override,
+ conn_timeout_override,
+ cmd_timeout_override,
+ msg_timeout_override,
+ protocol_override,
+ action_override, milters);
+ }
+ } else {
+ milter = milter8_create(name, conn_timeout, cmd_timeout,
+ msg_timeout, protocol, def_action,
+ milters);
+ }
if (head == 0) {
head = milter;
} else {
MILTER8 *milter;
/*
- * Fill in the structure.
+ * Fill in the structure. Note: all strings must be copied.
*/
milter = (MILTER8 *) mymalloc(sizeof(*milter));
milter->m.name = mystrdup(name);
test22 test23 test24 test25 test26 test27 test28 test29 test30 test4b \
test31 test32 test33 test34 test35 test36 test37 test39 test40 test41 \
test42 test43 test44 test45 test46 test47 test48 test49 test50 test51 \
- test52 test53 test54 test55 test56 test57 test58
+ test52 test53 test54 test55 test56 test57 test58 test59
root_tests:
diff test58.ref test58.tmp
rm -f main.cf master.cf test58.tmp
+test59: $(PROG) test59.ref
+ rm -f main.cf master.cf
+ touch main.cf master.cf
+ echo foo unix - n n - 0 other >> master.cf
+ echo bar inet - n n 0 0 other >> master.cf
+ echo " -o name1=value1" >> master.cf
+ echo " -o { name2 = value2a value2b }" >> master.cf
+ echo " { arg1a arg1b }" >> master.cf
+ echo " { arg2a arg2b }x" >> master.cf
+ echo " { arg3a arg3b " >> master.cf
+ echo baz unix - n n 0 0 other >> master.cf
+ touch -t 197101010000 main.cf
+ $(SHLIB_ENV) ./$(PROG) -Mfc. >test59.tmp 2>&1 || true
+ diff test59.ref test59.tmp
+ rm -f main.cf master.cf test59.tmp
+
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
#include <mac_expand.h>
#include <dict.h>
#include <msg.h>
+#include <mymalloc.h>
/* Global library. */
PCF_MASTER_ENT *local_scope)
{
const PCF_DBMS_INFO *dp;
- size_t len;
char *db_type;
char *prefix;
static VSTRING *candidate = 0;
const char **cpp;
+ char *err;
/*
* Naive parsing. We don't really know if this substring specifies a
* local or global namespace.
*/
if (prefix != 0 && *prefix != '/' && *prefix != '.') {
- if (*prefix == '{') {
- if ((len = balpar(prefix, "{}")) > 0) {
- if (prefix[len] != 0) {
- /* XXX Encapsulate this in pcf_warn() function. */
- if (local_scope)
- msg_warn("%s:%s: syntax error after '}' in \"%s:%s\"",
- MASTER_CONF_FILE, local_scope->name_space,
- db_type, prefix);
- else
- msg_warn("%s: syntax error after '}' in \"%s:%s\"",
- MAIN_CONF_FILE, db_type, prefix);
- }
- prefix[len - 1] = 0;
- pcf_register_dbms_helper(prefix + 1, flag_parameter,
- local_scope);
- } else {
+ if (*prefix == '{') { /* } */
+ if ((err = extpar(&prefix, "{}", EXPAR_FLAG_NONE)) != 0) {
/* XXX Encapsulate this in pcf_warn() function. */
if (local_scope)
- msg_warn("%s:%s: missing '}' in parameter value: \"%s:%s\"",
+ msg_warn("%s:%s: %s",
MASTER_CONF_FILE, local_scope->name_space,
- db_type, prefix);
+ err);
else
- msg_warn("%s: missing '}' in parameter value: \"%s:%s\"",
- MAIN_CONF_FILE, db_type, prefix);
+ msg_warn("%s: %s", MAIN_CONF_FILE, err);
+ myfree(err);
}
+ pcf_register_dbms_helper(prefix, flag_parameter,
+ local_scope);
} else {
for (dp = pcf_dbms_info; dp->db_type != 0; dp++) {
if (strcmp(db_type, dp->db_type) == 0) {
if (mode & PCF_EDIT_CONF) {
if ((err = split_nameval(cp, &pattern, &req->edit_value)) != 0)
msg_fatal("%s: \"%s\"", err, req->raw_text);
+#if 0
if ((mode & PCF_MASTER_PARAM)
&& req->edit_value[strcspn(req->edit_value, PCF_MASTER_BLANKS)])
msg_fatal("whitespace in parameter value: \"%s\"",
req->raw_text);
+#endif
} else if (mode & (PCF_COMMENT_OUT | PCF_EDIT_EXCL)) {
if (strchr(cp, '=') != 0)
msg_fatal("-X or -# requires names without value");
#define STR(x) vstring_str(x)
-/* pcf_normalize_options - bring options into canonical form */
+/* pcf_extract_field - extract text from {}, trim leading/trailing blanks */
-static void pcf_normalize_options(ARGV *argv)
+static void pcf_extract_field(ARGV *argv, int field, const char *parens)
+{
+ char *arg = argv->argv[field];
+ char *err;
+
+ if ((err = extpar(&arg, parens, EXPAR_FLAG_STRIP)) != 0) {
+ msg_warn("%s: %s", MASTER_CONF_FILE, err);
+ myfree(err);
+ }
+ argv_replace_one(argv, field, arg);
+}
+
+/* pcf_normalize_nameval - normalize name = value from inside {} */
+
+static void pcf_normalize_nameval(ARGV *argv, int field)
+{
+ char *arg = argv->argv[field];
+ char *name;
+ char *value;
+ const char *err;
+ char *normalized;
+
+ if ((err = split_nameval(arg, &name, &value)) != 0) {
+ msg_warn("%s: %s: \"%s\"", MASTER_CONF_FILE, err, arg);
+ } else {
+ normalized = concatenate(name, "=", value, (char *) 0);
+ argv_replace_one(argv, field, normalized);
+ myfree(normalized);
+ }
+}
+
+/* pcf_normalize_daemon_args - bring daemon arguments into canonical form */
+
+static void pcf_normalize_daemon_args(ARGV *argv)
{
int field;
char *arg;
char *cp;
char *junk;
+ int extract_field;
/*
* Normalize options to simplify later processing.
argv_insert_one(argv, field + 1, arg + 2);
arg[2] = 0; /* XXX argv_replace_one() */
field += 1;
+ extract_field = (argv->argv[field][0] == '{');
} else if (argv->argv[field + 1] != 0) {
/* Already in "-o" "name=value" form. */
field += 1;
+ extract_field = (argv->argv[field][0] == '{');
+ } else
+ extract_field = 0;
+ /* Extract text inside {}, optionally convert to name=value. */
+ if (extract_field) {
+ pcf_extract_field(argv, field, "{}");
+ if (argv->argv[field - 1][1] == 'o')
+ pcf_normalize_nameval(argv, field);
}
}
+ /* Normalize non-option arguments. */
+ for ( /* void */ ; argv->argv[field] != 0; field++)
+ /* Extract text inside {}. */
+ if (argv->argv[field][0] == '{') /* } */
+ pcf_extract_field(argv, field, "{}");
}
/* pcf_fix_fatal - fix multiline text before release */
*
* XXX Do per-field sanity checks.
*/
- argv = argv_split(buf, PCF_MASTER_BLANKS);
+ argv = argv_splitq(buf, PCF_MASTER_BLANKS, "{}");
if (argv->argc < PCF_MASTER_MIN_FIELDS) {
argv_free(argv); /* Coverity 201311 */
return ("bad field count");
}
pcf_check_master_entry(argv, buf);
- pcf_normalize_options(argv);
+ pcf_normalize_daemon_args(argv);
masterp->name_space =
concatenate(argv->argv[0], PCF_NAMESP_SEP_STR, argv->argv[1], (char *) 0);
masterp->argv = argv;
int line_len;
int field;
int in_daemon_options;
+ int need_parens;
static int column_goal[] = {
0, /* service */
11, /* type */
for ( /* void */ ; (arg = argv[field]) != 0; field++) {
arg_len = strlen(arg);
aval = 0;
+ need_parens = 0;
if (in_daemon_options) {
/*
/*
* Keep option and value on the same line.
*/
- arg_len += strlen(aval) + 1;
+ arg_len += strlen(aval) + 3;
+ if ((need_parens = aval[strcspn(aval, PCF_MASTER_BLANKS)]) != 0)
+ arg_len += 2;
}
+ } else {
+ need_parens = arg[strcspn(arg, PCF_MASTER_BLANKS)];
}
/*
line_len = PCF_INDENT_LEN;
}
}
+ if (in_daemon_options == 0 && need_parens)
+ ADD_TEXT("{", 1);
ADD_TEXT(arg, strlen(arg));
+ if (in_daemon_options == 0 && need_parens)
+ ADD_TEXT("}", 1);
if (aval) {
- ADD_SPACE;
+ ADD_TEXT(" ", 1);
+ if (need_parens)
+ ADD_TEXT("{", 1);
ADD_TEXT(aval, strlen(aval));
+ if (need_parens)
+ ADD_TEXT("}", 1);
field += 1;
/* Force line wrap after option with value. */
int arg_len;
int line_len;
int in_daemon_options;
+ int need_parens;
/*
* Show the field value, or the first value in the case of a multi-column
for (field += 1; (arg = argv[field]) != 0; field++) {
arg_len = strlen(arg);
aval = 0;
+ need_parens = 0;
if (in_daemon_options) {
/*
* Keep option and value on the same line.
*/
arg_len += strlen(aval) + 1;
+ if ((need_parens = aval[strcspn(aval, PCF_MASTER_BLANKS)]) != 0)
+ arg_len += 2;
}
+ } else {
+ need_parens = arg[strcspn(arg, PCF_MASTER_BLANKS)];
}
/*
line_len = PCF_INDENT_LEN;
}
}
+ if (in_daemon_options == 0 && need_parens)
+ ADD_TEXT("{", 1);
ADD_TEXT(arg, strlen(arg));
+ if (in_daemon_options == 0 && need_parens)
+ ADD_TEXT("}", 1);
if (aval) {
ADD_SPACE;
+ if (need_parens)
+ ADD_TEXT("{", 1);
ADD_TEXT(aval, strlen(aval));
+ if (need_parens)
+ ADD_TEXT("}", 1);
field += 1;
/* Force line break after option with value. */
*/
if (field == PCF_MASTER_FLD_CMD) {
argv_truncate(masterp->argv, PCF_MASTER_FLD_CMD);
- argv_split_append(masterp->argv, new_value, PCF_MASTER_BLANKS);
+ argv_splitq_append(masterp->argv, new_value, PCF_MASTER_BLANKS, "{}");
+ pcf_normalize_daemon_args(masterp->argv);
}
/*
if (var_config_dir)
myfree(var_config_dir);
- var_config_dir = mystrdup((config_dir = safe_getenv(CONF_ENV_PATH)) != 0 ?
- config_dir : DEF_CONFIG_DIR); /* XXX */
- set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
+ if ((config_dir = safe_getenv(CONF_ENV_PATH)) != 0) {
+ var_config_dir = mystrdup(config_dir);
+ set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
+ } else {
+ var_config_dir = mystrdup(DEF_CONFIG_DIR);
+ }
}
-./postconf: warning: main.cf: syntax error after '}' in "pipemap:{ldap:xxx, memcache:yy}x"
-./postconf: warning: main.cf: missing '}' in parameter value: "randmap:{xx"
+./postconf: warning: main.cf: syntax error after '}' in "{ldap:xxx, memcache:yy}x"
+./postconf: warning: main.cf: missing '}' in "{xx"
config_directory = .
mydestination = foo bar pipemap:{ldap:xxx, memcache:yy}x randmap:{xx
xxx_domain = foo
--- /dev/null
+./postconf: warning: master.cf: syntax error after '}' in "{ arg2a arg2b }x"
+./postconf: warning: master.cf: missing '}' in "{ arg3a arg3b "
+foo unix - n n - 0 other
+bar inet - n n 0 0 other
+ -o name1=value1
+ -o {name2=value2a value2b}
+ arg1a arg1b {arg2a arg2b} {arg3a arg3b}
+baz unix - n n 0 0 other
smtpd_check.o: ../../include/argv.h
smtpd_check.o: ../../include/attr.h
smtpd_check.o: ../../include/attr_clnt.h
+smtpd_check.o: ../../include/attr_override.h
smtpd_check.o: ../../include/cleanup_user.h
smtpd_check.o: ../../include/conv_time.h
smtpd_check.o: ../../include/ctable.h
#include <conv_time.h>
#include <xtext.h>
#include <smtp_stream.h>
+#include <attr_override.h>
/* Application-specific. */
*/
double smtpd_space_multf = 1.5;
+ /*
+ * SMTPD policy client. Most attributes are ATTR_CLNT attributes.
+ */
+typedef struct {
+ ATTR_CLNT *client; /* client handle */
+ char *def_action; /* default action */
+} SMTPD_POLICY_CLNT;
+
+ /*
+ * Table-driven parsing of main.cf parameter overrides for specific policy
+ * clients. We derive the override names from the corresponding main.cf
+ * parameter names by skipping the redundant "smtpd_policy_service_" prefix.
+ *
+ * To avoid ugly static allocation of assignment targets, we use stack-based
+ * parallel arrays which is less inelegant.
+ */
+static const ATTR_OVER_TIME time_table[] = {
+ 21 + VAR_SMTPD_POLICY_TMOUT, DEF_SMTPD_POLICY_TMOUT, 1, 0,
+ 21 + VAR_SMTPD_POLICY_IDLE, DEF_SMTPD_POLICY_IDLE, 1, 0,
+ 21 + VAR_SMTPD_POLICY_TTL, DEF_SMTPD_POLICY_TTL, 1, 0,
+ 21 + VAR_SMTPD_POLICY_TRY_DELAY, DEF_SMTPD_POLICY_TRY_DELAY, 1, 0,
+ 0,
+};
+static const ATTR_OVER_INT int_table[] = {
+ 21 + VAR_SMTPD_POLICY_REQ_LIMIT, 0, 0,
+ 21 + VAR_SMTPD_POLICY_TRY_LIMIT, 1, 0,
+ 0,
+};
+static const ATTR_OVER_STR str_table[] = {
+ 21 + VAR_SMTPD_POLICY_DEF_ACTION, 1, 0,
+ 0,
+};
+
+#define smtpd_policy_tmout time_tgts[0]
+#define smtpd_policy_idle time_tgts[1]
+#define smtpd_policy_ttl time_tgts[2]
+#define smtpd_policy_try_delay time_tgts[3]
+
+#define smtpd_policy_req_limit int_tgts[0]
+#define smtpd_policy_try_limit int_tgts[1]
+
+#define smtpd_policy_def_action str_tgts[0]
+
/* policy_client_register - register policy service endpoint */
static void policy_client_register(const char *name)
{
- ATTR_CLNT *client;
+ const char myname[] = "policy_client_register";
+ SMTPD_POLICY_CLNT *policy_client;
+ char *saved_name = 0;
+ const char *policy_name = 0;
+ char *cp;
+ const char *sep = ", \t\r\n";
+ const char *parens = "{}";
+ char *err;
+ int time_tgts[sizeof(time_table) / sizeof(time_table[0])];
+ int int_tgts[sizeof(int_table) / sizeof(int_table[0])];
+ const char *str_tgts[sizeof(str_table) / sizeof(str_table[0])];
if (policy_clnt_table == 0)
policy_clnt_table = htable_create(1);
if (htable_find(policy_clnt_table, name) == 0) {
- client = attr_clnt_create(name,
- var_smtpd_policy_tmout,
- var_smtpd_policy_idle,
- var_smtpd_policy_ttl);
- attr_clnt_control(client,
- ATTR_CLNT_CTL_REQ_LIMIT, var_smtpd_policy_req_limit,
- ATTR_CLNT_CTL_TRY_LIMIT, var_smtpd_policy_try_limit,
- ATTR_CLNT_CTL_TRY_DELAY, var_smtpd_policy_try_delay,
+
+ /*
+ * Allow per-service overrides for main.cf global settings.
+ */
+ smtpd_policy_tmout = var_smtpd_policy_tmout;
+ smtpd_policy_idle = var_smtpd_policy_idle;
+ smtpd_policy_ttl = var_smtpd_policy_ttl;
+ smtpd_policy_req_limit = var_smtpd_policy_req_limit;
+ smtpd_policy_try_limit = var_smtpd_policy_try_limit;
+ smtpd_policy_try_delay = var_smtpd_policy_try_delay;
+ smtpd_policy_def_action = var_smtpd_policy_def_action;
+
+ if (*name == '{') { /* } */
+ cp = saved_name = mystrdup(name);
+ if ((err = extpar(&cp, parens, EXPAR_FLAG_NONE)) != 0)
+ msg_fatal("policy service syntax error: %s", cp);
+ if ((policy_name = mystrtok(&cp, sep)) == 0)
+ msg_fatal("empty policy service: \"%s\"", name);
+ attr_override(cp, sep, parens,
+ ATTR_OVER_TIME_TABLE, time_table, time_tgts,
+ ATTR_OVER_INT_TABLE, int_table, int_tgts,
+ ATTR_OVER_STR_TABLE, str_table, str_tgts,
+ 0);
+ } else {
+ policy_name = name;
+ }
+#if 0
+ if (msg_verbose)
+#endif
+ msg_info("%s: name=\"%s\" default_action=\"%s\" max_idle=%d "
+ "max_ttl=%d request_limit=%d retry_delay=%d "
+ "timeout=%d try_limit=%d",
+ myname, policy_name, smtpd_policy_def_action,
+ smtpd_policy_idle, smtpd_policy_ttl,
+ smtpd_policy_req_limit, smtpd_policy_try_delay,
+ smtpd_policy_tmout, smtpd_policy_try_limit);
+
+ /*
+ * Create the client.
+ */
+ policy_client = (SMTPD_POLICY_CLNT *) mymalloc(sizeof(*policy_client));
+ policy_client->client = attr_clnt_create(policy_name,
+ smtpd_policy_tmout,
+ smtpd_policy_idle,
+ smtpd_policy_ttl);
+
+ attr_clnt_control(policy_client->client,
+ ATTR_CLNT_CTL_REQ_LIMIT, smtpd_policy_req_limit,
+ ATTR_CLNT_CTL_TRY_LIMIT, smtpd_policy_try_limit,
+ ATTR_CLNT_CTL_TRY_DELAY, smtpd_policy_try_delay,
ATTR_CLNT_CTL_END);
- htable_enter(policy_clnt_table, name, (char *) client);
+ policy_client->def_action = mystrdup(smtpd_policy_def_action);
+ htable_enter(policy_clnt_table, name, (char *) policy_client);
+ if (saved_name)
+ myfree(saved_name);
}
}
const char *def_acl)
{
static VSTRING *action = 0;
- ATTR_CLNT *policy_clnt;
+ SMTPD_POLICY_CLNT *policy_clnt;
#ifdef USE_TLS
VSTRING *subject_buf;
* Sanity check.
*/
if (!policy_clnt_table
- || (policy_clnt = (ATTR_CLNT *) htable_find(policy_clnt_table, server)) == 0)
+ || (policy_clnt = (SMTPD_POLICY_CLNT *)
+ htable_find(policy_clnt_table, server)) == 0)
msg_panic("check_policy_service: no client endpoint for server %s",
server);
ENCODE_CN(issuer, issuer_buf, state->tls_context->issuer_CN);
#endif
- if (attr_clnt_request(policy_clnt,
+ if (attr_clnt_request(policy_clnt->client,
ATTR_FLAG_NONE, /* Query attributes. */
ATTR_TYPE_STR, MAIL_ATTR_REQ, "smtpd_access_policy",
ATTR_TYPE_STR, MAIL_ATTR_PROTO_STATE, state->where,
longjmp(smtpd_check_buf, status);
}
ret = check_table_result(state, server, nesting_level == 1 ?
- var_smtpd_policy_def_action :
+ policy_clnt->def_action :
DEF_SMTPD_POLICY_DEF_ACTION,
"policy query", reply_name,
reply_class, def_acl);
dict_fail.c msg_rate_delay.c dict_surrogate.c warn_stat.c \
dict_sockmap.c line_number.c recv_pass_attr.c pass_accept.c \
poll_fd.c timecmp.c slmdb.c dict_pipe.c dict_random.c \
- valid_utf8_hostname.c midna.c argv_splitq.c balpar.c dict_union.c
+ valid_utf8_hostname.c midna.c argv_splitq.c balpar.c dict_union.c \
+ extpar.c
OBJS = alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
dict_fail.o msg_rate_delay.o dict_surrogate.o warn_stat.o \
dict_sockmap.o line_number.o recv_pass_attr.o pass_accept.o \
poll_fd.o timecmp.o $(NON_PLUGIN_MAP_OBJ) dict_pipe.o dict_random.o \
- valid_utf8_hostname.o midna.o argv_splitq.o balpar.o dict_union.o
+ valid_utf8_hostname.o midna.o argv_splitq.o balpar.o dict_union.o \
+ extpar.o
# MAP_OBJ is for maps that may be dynamically loaded with dynamicmaps.cf.
# When hard-linking these, makedefs sets NON_PLUGIN_MAP_OBJ=$(MAP_OBJ),
# otherwise it sets the PLUGIN_* macros.
exec_command.o: exec_command.h
exec_command.o: msg.h
exec_command.o: sys_defs.h
+extpar.o: extpar.c
+extpar.o: stringops.h
+extpar.o: sys_defs.h
+extpar.o: vbuf.h
+extpar.o: vstring.h
fifo_listen.o: fifo_listen.c
fifo_listen.o: htable.h
fifo_listen.o: iostuff.h
/* position.
/*
/* argv_replace_one() replaces one string at the specified
-/* position.
+/* position. The old string is destroyed after the update is
+/* made.
/*
/* argv_delete() deletes the specified number of elements
/* starting at the specified array position. The result is
void argv_replace_one(ARGV *argvp, ssize_t where, const char *arg)
{
+ char *temp;
/*
* Sanity check.
if (where < 0 || where >= argvp->argc)
msg_panic("argv_replace_one bad position: %ld", (long) where);
- myfree(argvp->argv[where]);
+ temp = argvp->argv[where];
argvp->argv[where] = mystrdup(arg);
+ myfree(temp);
}
/* argv_delete - remove string(s) from array */
--- /dev/null
+/*++
+/* NAME
+/* extpar 3
+/* SUMMARY
+/* extract text from parentheses
+/* SYNOPSIS
+/* #include <stringops.h>
+/*
+/* char *extpar(bp, parens, flags)
+/* char **bp;
+/* const char *parens;
+/* int flags;
+/* DESCRIPTION
+/* extpar() extracts text from an input string that is enclosed
+/* in the specified parentheses, and updates the buffer pointer
+/* to point to that text.
+/*
+/* Arguments:
+/* .IP bp
+/* Pointer to buffer pointer. Both the buffer and the buffer
+/* pointer are modified.
+/* .IP parens
+/* One matching pair of parentheses, opening parenthesis first.
+/* .IP flags
+/* EXPAR_FLAG_NONE, or the bitwise OR of one or more flags:
+/* .RS
+/* .IP EXPAR_FLAG_STRIP
+/* Skip whitespace after the opening parenthesis, and trim
+/* whitespace before the closing parenthesis.
+/* .RE
+/* DIAGNOSTICS
+/* panic: the input string does not start with the opening
+/* parenthesis.
+/*
+/* In case of error the result value is a dynamically-allocated
+/* string with a description of the problem that includes a
+/* copy of the offending input. A non-null result value should
+/* be destroyed with myfree(). The following decribes the errors
+/* and the state of the buffer and buffer pointer.
+/* .IP "missing closing parenthesis"
+/* The buffer pointer points to text as if the closing parenthesis
+/* were present.
+/* .IP "text after closing parenthesis"
+/* The buffer pointer points to text as if the offending text
+/* were not present.
+/* SEE ALSO
+/* balpar(3) determine length of string in parentheses
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+ /*
+ * System library.
+ */
+#include <sys_defs.h>
+#include <ctype.h>
+
+ /*
+ * Utility library.
+ */
+#include <msg.h>
+#include <stringops.h>
+
+/* extpar - extract text from parentheses */
+
+char *extpar(char **bp, const char *parens, int strip)
+{
+ char *cp = *bp;
+ char *err = 0;
+ size_t len;
+
+ if (cp[0] != parens[0])
+ msg_panic("extpar: no '%c' at start of text: \"%s\"", parens[0], cp);
+ if ((len = balpar(cp, parens)) == 0) {
+ err = concatenate("missing '", parens + 1, "' in \"",
+ cp, "\"", (char *) 0);
+ cp += 1;
+ } else {
+ if (cp[len] != 0)
+ err = concatenate("syntax error after '", parens + 1, "' in \"",
+ cp, "\"", (char *) 0);
+ cp += 1;
+ cp[len -= 2] = 0;
+ }
+ if (strip) {
+ trimblanks(cp, len)[0] = 0;
+ while (ISSPACE(*cp))
+ cp++;
+ }
+ *bp = cp;
+ return (err);
+}
extern const char *split_nameval(char *, char **, char **);
extern int valid_utf8_string(const char *, ssize_t);
extern size_t balpar(const char *, const char *);
+extern char *extpar(char **, const char *, int);
+
+#define EXPAR_FLAG_NONE (0)
+#define EXPAR_FLAG_STRIP (1<<0)
/* LICENSE
/* .ad
projects / thirdparty / postfix.git / commitdiff
