-TXSASL_SERVER_IMPL_INFO
-Tbind_props
-Tcipher_probe_t
+-Td2i_X509_t
-Tdane_digest
-Tfilter_ctx
-Tgeneral_name_stack_t
Documentation: typo in SASL_README. Patrick Ben Koetter.
File: proto/SASL_README.html.
+
+ Documentation: increased the *.[0-9].html manpage width
+ from the historical 65 columns to the more contemporary 78
+ columns, and future-proofed the pattern that eliminates
+ redundant text from the "README FILES" section. Files:
+ mantools/postlink, mantools/man2html, man/Makefile.in.
+
+ Documentation: misc manual page cleanups. Files:
+ postconf/postconf.c, postmulti/postmulti.c.
+
+20131221
+
+ Testbed: TLS support. Viktor Dukhovni. Files: tls/Makefile.in,
+ tls/tls_dane.c, tls/tls_dane.sh, tls/tls_mgr.c, .indent.pro.
+
+ Documentation: added section on how to verify that forward
+ secrecy works. File: proto/FORWARD_SECRECY_README.html.
traffic is generally infeasible, and even recovery of individual sessions may
be infeasible given a sufficiently-strong key agreement method.
+Forward secrecy protects network communication in the absence of active
+attacks, i.e. no forged DNS replies, and no forged TLS server certificates. If
+active attacks are a concern, then you will need to authenticate the remote
+SMTP server in a secure manner. For example, by the fingerprint of the public
+key or certificate. Conventional PKI relies on too many trusted parties.
+
Topics covered in this document:
* Forward Secrecy in TLS
* Forward Secrecy in the Postfix SMTP Server
* Forward Secrecy in the Postfix SMTP Client
+ * How do I know that it works?
* Credits
And last but not least, for the impatient:
Once the parameters are in place, update main.cf as follows:
- main.cf:
- # Postfix >= 2.6
- smtpd_tls_eecdh_grade = strong
- # All versions of Postfix:
- smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
- smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
+ /etc/postfix/main.cf:
+ # Postfix >= 2.6
+ smtpd_tls_eecdh_grade = strong
+ # All versions of Postfix:
+ smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
+ smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
If some of your MSA clients don't support 2048-bit EDH, you may need to adjust
the submission entry in master.cf accordingly:
- master.cf:
- submission inet n - n - - smtpd
- # Some submission clients may not yet do 2048-bit EDH, if such
- # clients use your MSA, configure 1024-bit EDH instead:
- -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- ...
+ /etc/postfix/master.cf:
+ submission inet n - n - - smtpd
+ # Some submission clients may not yet do 2048-bit EDH, if such
+ # clients use your MSA, configure 1024-bit EDH instead:
+ -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ ...
+
+H\bHo\bow\bw d\bdo\bo I\bI k\bkn\bno\bow\bw t\bth\bha\bat\bt i\bit\bt w\bwo\bor\brk\bks\bs?\b?
+
+Postfix reports TLS connection information in several ways:
+
+ * With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", the Postfix SMTP
+ client and server will log information about, among others, the remote peer
+ certificate or public-key verification status, the negotiated cipher, and
+ key lengths. The general logfile format is:
+
+ postfix/smtp[xxx]: Trusted TLS connection established to
+ host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
+ postfix/smtpd[xxx]: Untrusted TLS connection established from
+ host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
+ * With "smtpd_tls_received_header = yes", the Postfix SMTP server will record
+ similar information in the Received: header in the form of comments (text
+ inside parentheses). The general format is:
+
+ Received: from host.example.com (host.example.com [192.168.0.2])
+ (using TLSv1 with cipher XXX (YYY/ZZZ bits))
+ (Client CN "host.example.com", Issuer "Wietse Venema" (not
+ verified))
+
+There are dozens of ciphers that support forward secrecy. What follows is the
+beginning of a list of 51 ciphers available with OpenSSL 1.0.1e:
+
+ $ openssl ciphers -v \
+ 'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' |
+ awk '{printf "%-32s %s\n", $1, $3}'
+ AECDH-AES256-SHA Kx=ECDH
+ ECDHE-RSA-AES256-GCM-SHA384 Kx=ECDH
+ ECDHE-ECDSA-AES256-GCM-SHA384 Kx=ECDH
+ ECDHE-RSA-AES256-SHA384 Kx=ECDH
+ ECDHE-ECDSA-AES256-SHA384 Kx=ECDH
+ ECDHE-RSA-AES256-SHA Kx=ECDH
+ ECDHE-ECDSA-AES256-SHA Kx=ECDH
+ ADH-AES256-GCM-SHA384 Kx=DH
+ ADH-AES256-SHA256 Kx=DH
+ ADH-AES256-SHA Kx=DH
+ ADH-CAMELLIA256-SHA Kx=DH
+ DHE-DSS-AES256-GCM-SHA384 Kx=DH
+ DHE-RSA-AES256-GCM-SHA384 Kx=DH
+ DHE-RSA-AES256-SHA256 Kx=DH
+ ...
C\bCr\bre\bed\bdi\bit\bts\bs
Wish list:
- Un-break "make tests" under src/smtpd.
+ To un-break "make tests" under src/smtpd, make tests
+ independent from the DNS and native routines for host
+ name/address lookup.
Make been_here flag BH_FLAG_FOLD configurable for masochists.
- Change html/Makefile to ".pl 99999" and ".ll 78".
-
- Replace some redundant TLS_README sections with pointers to
- FORWARD_SECRECY_README.
+ Replace some redundant TLS_README sections with pointers
+ to FORWARD_SECRECY_README.
Move html/index.html source to proto/.
individual sessions may be infeasible given a sufficiently-strong
key agreement method. </p>
+<p> Forward secrecy protects network communication in the absence
+of active attacks, i.e. no forged DNS replies, and no forged TLS
+server certificates. If active attacks are a concern, then you will
+need to authenticate the remote SMTP server in a secure manner.
+For example, by the fingerprint of the public key or certificate.
+Conventional PKI relies on too many trusted parties. </p>
+
<p> Topics covered in this document: </p>
<ul>
<li><a href="#client_fs">Forward Secrecy in the Postfix SMTP Client</a>
+<li><a href="#test">How do I know that it works?</a>
+
<li><a href="#credits"> Credits </a>
</ul>
<blockquote>
<pre>
-
<a href="postconf.5.html">main.cf</a>:
- # Postfix ≥ 2.6
- <a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong
- # All versions of Postfix:
- <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/dh2048.pem
- <a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/dh512.pem
+
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Postfix ≥ 2.6
+
<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong
+ # All versions of Postfix:
+
<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/dh2048.pem
+
<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/dh512.pem
</pre>
</blockquote>
<blockquote>
<pre>
-<a href="master.5.html">master.cf</a>:
- submission inet n - n - - smtpd
- # Some submission clients may not yet do 2048-bit EDH, if such
- # clients use your MSA, configure 1024-bit EDH instead:
- -o <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>=${<a href="postconf.5.html#config_directory">config_directory</a>}/dh1024.pem
- -o <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>=encrypt
- -o <a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>=yes
- ...
+/etc/postfix/<a href="master.5.html">master.cf</a>:
+ submission inet n - n - - smtpd
+ # Some submission clients may not yet do 2048-bit EDH, if such
+ # clients use your MSA, configure 1024-bit EDH instead:
+ -o <a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>=${<a href="postconf.5.html#config_directory">config_directory</a>}/dh1024.pem
+ -o <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>=encrypt
+ -o <a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a>=yes
+ ...
+</pre>
+</blockquote>
+
+<h2><a name="test">How do I know that it works? </a> </h2>
+
+<p> Postfix reports TLS connection information in several ways: </p>
+
+<ul>
+
+<li> <p> With "<a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> = 1" and "<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> = 1",
+the Postfix SMTP client and server will log information about, among
+others, the remote peer certificate or public-key verification
+status, the negotiated cipher, and key lengths. The general logfile
+format is: </p>
+
+<blockquote>
+<pre>
+postfix/smtp[xxx]: Trusted TLS connection established to host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
+postfix/smtpd[xxx]: Untrusted TLS connection established from host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits)
+</pre>
+</blockquote>
+
+<li> <p> With "<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes", the Postfix SMTP
+server will record similar information in the Received: header in
+the form of comments (text inside parentheses). The general format
+is: </p>
+
+<blockquote>
+<pre>
+Received: from host.example.com (host.example.com [192.168.0.2])
+ (using TLSv1 with cipher XXX (YYY/ZZZ bits))
+ (Client CN "host.example.com", Issuer "Wietse Venema" (not verified))
+</pre>
+</blockquote>
+
+</ul>
+
+<p> There are dozens of ciphers that support forward secrecy. What
+follows is the beginning of a list of 51 ciphers available with
+OpenSSL 1.0.1e: </p>
+
+<blockquote>
+<pre>
+$ openssl ciphers -v \
+ 'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' |
+ awk '{printf "%-32s %s\n", $1, $3}'
+AECDH-AES256-SHA Kx=ECDH
+ECDHE-RSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA Kx=ECDH
+ECDHE-ECDSA-AES256-SHA Kx=ECDH
+ADH-AES256-GCM-SHA384 Kx=DH
+ADH-AES256-SHA256 Kx=DH
+ADH-AES256-SHA Kx=DH
+ADH-CAMELLIA256-SHA Kx=DH
+DHE-DSS-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-SHA256 Kx=DH
+...
</pre>
</blockquote>
master.5.html nisplus_table.5.html generic.5.html bounce.5.html \
postfix-wrapper.5.html sqlite_table.5.html socketmap_table.5.html
OTHER = postfix-manuals.html
-AWK = awk '{ print; if (NR == 2) print ".pl 9999\n.ll 65" }'
+AWK = awk '{ print; if (NR == 2) print ".pl 99999\n.ll 78" }'
MAN2HTML = man2html -t "Postfix manual - `IFS=.; set \`echo $@\`; echo \"$$1($$2)\"`"
NROFF = GROFF_NO_SGR=1 nroff
<b>postmap -q - /etc/postfix/access</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- This document describes access control on remote SMTP
- client information: host names, network addresses, and
- envelope sender or recipient addresses; it is implemented
- by the Postfix SMTP server. See <a href="header_checks.5.html"><b>header_checks</b>(5)</a> or
- <a href="header_checks.5.html"><b>body_checks</b>(5)</a> for access control on the content of email
- messages.
-
- Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
- that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
+ This document describes access control on remote SMTP client informa-
+ tion: host names, network addresses, and envelope sender or recipient
+ addresses; it is implemented by the Postfix SMTP server. See
+ <a href="header_checks.5.html"><b>header_checks</b>(5)</a> or <a href="header_checks.5.html"><b>body_checks</b>(5)</a> for access control on the content of
+ email messages.
+
+ Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b>
+ or <b>db</b> format, is used for fast searching by the mail system. Execute
+ the command "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
after changing the corresponding text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those cases, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those cases, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern action</i>
- When <i>pattern</i> matches a mail address, domain or host
- address, perform the corresponding <i>action</i>.
+ When <i>pattern</i> matches a mail address, domain or host address,
+ perform the corresponding <i>action</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>EMAIL ADDRESS PATTERNS</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user</i>@<i>domain</i>
Matches the specified mail address.
<i>domain.tld</i>
- Matches <i>domain.tld</i> as the domain part of an email
- address.
+ Matches <i>domain.tld</i> as the domain part of an email address.
- The pattern <i>domain.tld</i> also matches subdomains, but
- only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
- figuration setting.
+ The pattern <i>domain.tld</i> also matches subdomains, but only when
+ the string <b>smtpd_access_maps</b> is listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
<i>.domain.tld</i>
- Matches subdomains of <i>domain.tld</i>, but only when the
- string <b>smtpd_access_maps</b> is not listed in the Post-
- fix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> configuration
- setting.
+ Matches subdomains of <i>domain.tld</i>, but only when the string
+ <b>smtpd_access_maps</b> is not listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
- <i>user</i>@ Matches all mail addresses with the specified user
- part.
+ <i>user</i>@ Matches all mail addresses with the specified user part.
- Note: lookup of the null sender address is not possible
- with some types of lookup table. By default, Postfix uses
- <> as the lookup key for such addresses. The value is
- specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b> parameter
- in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file.
+ Note: lookup of the null sender address is not possible with some types
+ of lookup table. By default, Postfix uses <> as the lookup key for such
+ addresses. The value is specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b>
+ parameter in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>EMAIL ADDRESS EXTENSION</b>
- When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
- and <i>user</i>@.
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@, and <i>user</i>@.
<b>HOST NAME/ADDRESS PATTERNS</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, the following
- lookup patterns are examined in the order as listed:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, the following lookup patterns are
+ examined in the order as listed:
<i>domain.tld</i>
Matches <i>domain.tld</i>.
- The pattern <i>domain.tld</i> also matches subdomains, but
- only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
- figuration setting.
+ The pattern <i>domain.tld</i> also matches subdomains, but only when
+ the string <b>smtpd_access_maps</b> is listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
<i>.domain.tld</i>
- Matches subdomains of <i>domain.tld</i>, but only when the
- string <b>smtpd_access_maps</b> is not listed in the Post-
- fix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> configuration
- setting.
+ Matches subdomains of <i>domain.tld</i>, but only when the string
+ <b>smtpd_access_maps</b> is not listed in the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration setting.
<i>net.work.addr.ess</i>
<i>net.work</i>
- <i>net</i> Matches the specified IPv4 host address or subnet-
- work. An IPv4 host address is a sequence of four
- decimal octets separated by ".".
+ <i>net</i> Matches the specified IPv4 host address or subnetwork. An IPv4
+ host address is a sequence of four decimal octets separated by
+ ".".
- Subnetworks are matched by repeatedly truncating
- the last ".octet" from the remote IPv4 host address
- string until a match is found in the access table,
- or until further truncation is not possible.
+ Subnetworks are matched by repeatedly truncating the last
+ ".octet" from the remote IPv4 host address string until a match
+ is found in the access table, or until further truncation is not
+ possible.
- NOTE 1: The access map lookup key must be in canon-
- ical form: do not specify unnecessary null charac-
- ters, and do not enclose network address informa-
- tion with "[]" characters.
+ NOTE 1: The access map lookup key must be in canonical form: do
+ not specify unnecessary null characters, and do not enclose net-
+ work address information with "[]" characters.
- NOTE 2: use the <b>cidr</b> lookup table type to specify
- network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
- details.
+ NOTE 2: use the <b>cidr</b> lookup table type to specify network/net-
+ mask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
<i>net:work:addr:ess</i>
<i>net:work</i>
- <i>net</i> Matches the specified IPv6 host address or subnet-
- work. An IPv6 host address is a sequence of three
- to eight hexadecimal octet pairs separated by ":".
+ <i>net</i> Matches the specified IPv6 host address or subnetwork. An IPv6
+ host address is a sequence of three to eight hexadecimal octet
+ pairs separated by ":".
- Subnetworks are matched by repeatedly truncating
- the last ":octetpair" from the remote IPv6 host
- address string until a match is found in the access
- table, or until further truncation is not possible.
+ Subnetworks are matched by repeatedly truncating the last
+ ":octetpair" from the remote IPv6 host address string until a
+ match is found in the access table, or until further truncation
+ is not possible.
- NOTE 1: the truncation and comparison are done with
- the string representation of the IPv6 host address.
- Thus, not all the ":" subnetworks will be tried.
+ NOTE 1: the truncation and comparison are done with the string
+ representation of the IPv6 host address. Thus, not all the ":"
+ subnetworks will be tried.
- NOTE 2: The access map lookup key must be in canon-
- ical form: do not specify unnecessary null charac-
- ters, and do not enclose network address informa-
- tion with "[]" characters.
+ NOTE 2: The access map lookup key must be in canonical form: do
+ not specify unnecessary null characters, and do not enclose net-
+ work address information with "[]" characters.
- NOTE 3: use the <b>cidr</b> lookup table type to specify
- network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
- details.
+ NOTE 3: use the <b>cidr</b> lookup table type to specify network/net-
+ mask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
IPv6 support is available in Postfix 2.2 and later.
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
- An all-numerical result is treated as OK. This for-
- mat is generated by address-based relay authoriza-
- tion schemes such as pop-before-smtp.
+ An all-numerical result is treated as OK. This format is gener-
+ ated by address-based relay authorization schemes such as pop-
+ before-smtp.
For other accept actions, see "OTHER ACTIONS" below.
<b>REJECT ACTIONS</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified
- at the beginning of the <i>text</i> below, Postfix inserts a
- default enhanced status code of "5.7.1" in the case of
- reject actions, and "4.7.1" in the case of defer actions.
- See "ENHANCED STATUS CODES" below.
+ Postfix version 2.3 and later support enhanced status codes as defined
+ in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified at the beginning of the <i>text</i>
+ below, Postfix inserts a default enhanced status code of "5.7.1" in the
+ case of reject actions, and "4.7.1" in the case of defer actions. See
+ "ENHANCED STATUS CODES" below.
<b>4</b><i>NN text</i>
<b>5</b><i>NN text</i>
- Reject the address etc. that matches the pattern,
- and respond with the numerical three-digit code and
- text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
- "do not try again".
+ Reject the address etc. that matches the pattern, and respond
+ with the numerical three-digit code and text. <b>4</b><i>NN</i> means "try
+ again later", while <b>5</b><i>NN</i> means "do not try again".
- The following responses have special meaning for
- the Postfix SMTP server:
+ The following responses have special meaning for the Postfix
+ SMTP server:
<b>421</b> <i>text</i> (Postfix 2.3 and later)
<b>521</b> <i>text</i> (Postfix 2.6 and later)
- After responding with the numerical three-
- digit code and text, disconnect immediately
- from the SMTP client. This frees up SMTP
- server resources so that they can be made
+ After responding with the numerical three-digit code and
+ text, disconnect immediately from the SMTP client. This
+ frees up SMTP server resources so that they can be made
available to another SMTP client.
- Note: The "521" response should be used only
- with botnets and other malware where inter-
- operability is of no concern. The "send 521
- and disconnect" behavior is NOT defined in
- the SMTP standard.
+ Note: The "521" response should be used only with botnets
+ and other malware where interoperability is of no con-
+ cern. The "send 521 and disconnect" behavior is NOT
+ defined in the SMTP standard.
<b>REJECT</b> <i>optional text...</i>
- Reject the address etc. that matches the pattern.
- Reply with "<b>$<a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a></b> <i>optional</i>
- <i>text...</i>" when the optional text is specified, oth-
- erwise reply with a generic error response message.
+ Reject the address etc. that matches the pattern. Reply with
+ "<b>$<a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a></b> <i>optional text...</i>" when the optional
+ text is specified, otherwise reply with a generic error response
+ message.
<b>DEFER</b> <i>optional text...</i>
- Reject the address etc. that matches the pattern.
- Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a></b> <i>optional</i>
- <i>text...</i>" when the optional text is specified, oth-
- erwise reply with a generic error response message.
+ Reject the address etc. that matches the pattern. Reply with
+ "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a></b> <i>optional text...</i>" when the optional text
+ is specified, otherwise reply with a generic error response mes-
+ sage.
This feature is available in Postfix 2.6 and later.
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a REJECT action. Reply with
- "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>"
- when the optional text is specified, otherwise
- reply with a generic error response message.
+ Defer the request if some later restriction would result in a
+ REJECT action. Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional</i>
+ <i>text...</i>" when the optional text is specified, otherwise reply
+ with a generic error response message.
Prior to Postfix 2.6, the SMTP reply code is 450.
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional</i>
- <i>text...</i>" when the optional text is specified, oth-
- erwise reply with a generic error response message.
+ Defer the request if some later restriction would result in a an
+ explicit or implicit PERMIT action. Reply with
+ "<b>$<a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> 4.7.1</b> <i>optional text...</i>" when the
+ optional text is specified, otherwise reply with a generic error
+ response message.
Prior to Postfix 2.6, the SMTP reply code is 450.
<b>OTHER ACTIONS</b>
<i>restriction...</i>
- Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
+ Apply the named UCE restriction(s) (<b>permit</b>, <b>reject</b>,
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>BCC</b> <i>user@domain</i>
- Send one copy of the message to the specified
- recipient.
+ Send one copy of the message to the specified recipient.
- If multiple BCC actions are specified within the
- same SMTP MAIL transaction, only the last action
- will be used.
+ If multiple BCC actions are specified within the same SMTP MAIL
+ transaction, only the last action will be used.
- This feature is not part of the stable Postfix
- release.
+ This feature is not part of the stable Postfix release.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
- erwise log a generic message.
+ Claim successful delivery and silently discard the message. Log
+ the optional text if specified, otherwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
- <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
- service.
+ Note: this action currently affects all recipients of the mes-
+ sage. To discard only one recipient without discarding the
+ entire message, use the <a href="transport.5.html">transport(5)</a> table to direct mail to the
+ <a href="discard.8.html">discard(8)</a> service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
- address subnetwork).
+ <b>DUNNO</b> Pretend that the lookup key was not found. This prevents Postfix
+ from trying substrings of the lookup key (such as a subdomain
+ name, or a network address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
- sage through the specified external content filter.
- The <i>transport</i> name specifies the first field of a
- mail delivery agent definition in <a href="master.5.html">master.cf</a>; the
- syntax of the next-hop <i>destination</i> is described in
- the manual page of the corresponding delivery
- agent. More information about external content
- filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
-
- Note 1: do not use $<i>number</i> regular expression sub-
- stitutions for <i>transport</i> or <i>destination</i> unless you
- know that the information has a trusted origin.
-
- Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
- the message. In the case that multiple <b>FILTER</b>
- actions fire, only the last one is executed.
-
- Note 3: the purpose of the FILTER command is to
- override message routing. To override the recipi-
- ent's <i>transport</i> but not the next-hop <i>destination</i>,
- specify an empty filter <i>destination</i> (Postfix 2.7
- and later), or specify a <i>transport:destination</i> that
- delivers through a different Postfix instance
- (Postfix 2.6 and earlier). Other options are using
- the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen-
- der-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b>
- <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features.
+ After the message is queued, send the entire message through the
+ specified external content filter. The <i>transport</i> name specifies
+ the first field of a mail delivery agent definition in <a href="master.5.html">mas-
+ ter.cf</a>; the syntax of the next-hop <i>destination</i> is described in
+ the manual page of the corresponding delivery agent. More
+ information about external content filters is in the Postfix
+ <a href="FILTER_README.html">FILTER_README</a> file.
+
+ Note 1: do not use $<i>number</i> regular expression substitutions for
+ <i>transport</i> or <i>destination</i> unless you know that the information
+ has a trusted origin.
+
+ Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In the case
+ that multiple <b>FILTER</b> actions fire, only the last one is exe-
+ cuted.
+
+ Note 3: the purpose of the FILTER command is to override message
+ routing. To override the recipient's <i>transport</i> but not the
+ next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post-
+ fix 2.7 and later), or specify a <i>transport:destination</i> that
+ delivers through a different Postfix instance (Postfix 2.6 and
+ earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b>
+ <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b>
+ <b>_transport_maps</a></b> features.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
- otherwise log a generic message.
+ Place the message on the <b>hold</b> queue, where it will sit until
+ someone either deletes it or releases it for delivery. Log the
+ optional text if specified, otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
- released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
+ Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a>
+ command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
- not expire within a few delivery attempts.
+ Note: use "<b>postsuper -r</b>" to release mail that was kept on hold
+ for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for
+ mail that will not expire within a few delivery attempts.
- Note: this action currently affects all recipients
- of the message.
+ Note: this action currently affects all recipients of the mes-
+ sage.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
- Prepend the specified message header to the mes-
- sage. When more than one PREPEND action executes,
- the first prepended header appears before the sec-
- ond etc. prepended header.
+ Prepend the specified message header to the message. When more
+ than one PREPEND action executes, the first prepended header
+ appears before the second etc. prepended header.
- Note: this action must execute before the message
- content is received; it cannot execute in the con-
-
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
+ Note: this action must execute before the message content is
+ received; it cannot execute in the context of
+ <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
- the specified address instead of the intended
- recipient(s).
+ After the message is queued, send the message to the specified
+ address instead of the intended recipient(s).
- Note: this action overrides the FILTER action, and
- currently affects all recipients of the message.
+ Note: this action overrides the FILTER action, and currently
+ affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
- Log a warning with the optional text, together with
- client information and if available, with helo,
- sender, recipient and protocol information.
+ Log a warning with the optional text, together with client
+ information and if available, with helo, sender, recipient and
+ protocol information.
This feature is available in Postfix 2.1 and later.
<b>ENHANCED STATUS CODES</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status
- code is specified in an access table, it is subject to
- modification. The following transformations are needed
- when the same access table is used for client, helo,
- sender, or recipient access restrictions; they happen
- regardless of whether Postfix replies to a MAIL FROM, RCPT
- TO or other SMTP command.
-
- <b>o</b> When a sender address matches a REJECT action, the
- Postfix SMTP server will transform a recipient DSN
- status (e.g., 4.1.1-4.1.6) into the corresponding
- sender DSN status, and vice versa.
-
- <b>o</b> When non-address information matches a REJECT
- action (such as the HELO command argument or the
- client hostname/address), the Postfix SMTP server
- will transform a sender or recipient DSN status
- into a generic non-address DSN status (e.g.,
- 4.0.0).
+ Postfix version 2.3 and later support enhanced status codes as defined
+ in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status code is specified in an access
+ table, it is subject to modification. The following transformations are
+ needed when the same access table is used for client, helo, sender, or
+ recipient access restrictions; they happen regardless of whether Post-
+ fix replies to a MAIL FROM, RCPT TO or other SMTP command.
+
+ <b>o</b> When a sender address matches a REJECT action, the Postfix SMTP
+ server will transform a recipient DSN status (e.g., 4.1.1-4.1.6)
+ into the corresponding sender DSN status, and vice versa.
+
+ <b>o</b> When non-address information matches a REJECT action (such as
+ the HELO command argument or the client hostname/address), the
+ Postfix SMTP server will transform a sender or recipient DSN
+ status into a generic non-address DSN status (e.g., 4.0.0).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
-
- Each pattern is a regular expression that is applied to
- the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
- entire client IP address, or an entire mail address. Thus,
- no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
- <i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
- up into <i>user</i> and <i>foo</i>.
-
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
-
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
- the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+
+ Each pattern is a regular expression that is applied to the entire
+ string being looked up. Depending on the application, that string is an
+ entire client hostname, an entire client IP address, or an entire mail
+ address. Thus, no parent domain or parent network search is done,
+ <i>user@domain</i> mail addresses are not broken up into their <i>user@</i> and
+ <i>domain</i> constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Actions are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
-
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
- client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
+
+ Each lookup operation uses the entire query string once. Depending on
+ the application, that string is an entire client hostname, an entire
+ client IP address, or an entire mail address. Thus, no parent domain
+ or parent network search is done, <i>user@domain</i> mail addresses are not
+ broken up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following example uses an indexed file, so that the
- order of table entries does not matter. The example per-
- mits access by the client at address 1.2.3.4 but rejects
- all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
- tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
- <b>-m</b>" to find out what lookup tables Postfix supports on
- your system.
+ The following example uses an indexed file, so that the order of table
+ entries does not matter. The example permits access by the client at
+ address 1.2.3.4 but rejects all other clients in 1.2.3.0/24. Instead of
+ <b>hash</b> lookup tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on your system.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> =
1.2.3 REJECT
1.2.3.4 OK
- Execute the command "<b>postmap /etc/postfix/access</b>" after
- editing the file.
+ Execute the command "<b>postmap /etc/postfix/access</b>" after editing the
+ file.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>newaliases</b>
<b>DESCRIPTION</b>
- The <a href="aliases.5.html"><b>aliases</b>(5)</a> table provides a system-wide mechanism to
- redirect mail for local recipients. The redirections are
- processed by the Postfix <a href="local.8.html"><b>local</b>(8)</a> delivery agent.
-
- Normally, the <a href="aliases.5.html"><b>aliases</b>(5)</a> table is specified as a text file
- that serves as input to the <a href="postalias.1.html"><b>postalias</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast lookup by the mail system. Execute the command
- <b>newaliases</b> in order to rebuild the indexed file after
+ The <a href="aliases.5.html"><b>aliases</b>(5)</a> table provides a system-wide mechanism to redirect mail
+ for local recipients. The redirections are processed by the Postfix
+ <a href="local.8.html"><b>local</b>(8)</a> delivery agent.
+
+ Normally, the <a href="aliases.5.html"><b>aliases</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postalias.1.html"><b>postalias</b>(1)</a> command. The result, an indexed file in
+ <b>dbm</b> or <b>db</b> format, is used for fast lookup by the mail system. Execute
+ the command <b>newaliases</b> in order to rebuild the indexed file after
changing the Postfix alias database.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions. In this case, the lookups are done in a slightly
- different way as described below under "REGULAR EXPRESSION
- TABLES".
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions. In this case, the
+ lookups are done in a slightly different way as described below under
+ "REGULAR EXPRESSION TABLES".
- Users can control delivery of their own mail by setting up
- <b>.forward</b> files in their home directory. Lines in per-user
- <b>.forward</b> files have the same syntax as the right-hand side
- of <a href="aliases.5.html"><b>aliases</b>(5)</a> entries.
+ Users can control delivery of their own mail by setting up <b>.forward</b>
+ files in their home directory. Lines in per-user <b>.forward</b> files have
+ the same syntax as the right-hand side of <a href="aliases.5.html"><b>aliases</b>(5)</a> entries.
The format of the alias database input file is as follows:
<i>name</i>: <i>value1</i>, <i>value2</i>, <i>...</i>
- <b>o</b> Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
- <b>o</b> A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
- The <i>name</i> is a local address (no domain part). Use double
- quotes when the name contains any special characters such
- as whitespace, `#', `:', or `@'. The <i>name</i> is folded to
- lowercase, in order to make database lookups case insensi-
- tive.
+ The <i>name</i> is a local address (no domain part). Use double quotes when
+ the name contains any special characters such as whitespace, `#', `:',
+ or `@'. The <i>name</i> is folded to lowercase, in order to make database
+ lookups case insensitive.
- In addition, when an alias exists for <b>owner-</b><i>name</i>, delivery
- diagnostics are directed to that address, instead of to
- the originator of the message. This is typically used to
- direct delivery errors to the maintainer of a mailing
- list, who is in a better position to deal with mailing
- list delivery problems than the originator of the undeliv-
- ered mail.
+ In addition, when an alias exists for <b>owner-</b><i>name</i>, delivery diagnostics
+ are directed to that address, instead of to the originator of the mes-
+ sage. This is typically used to direct delivery errors to the main-
+ tainer of a mailing list, who is in a better position to deal with
+ mailing list delivery problems than the originator of the undelivered
+ mail.
The <i>value</i> contains one or more of the following:
<i>address</i>
- Mail is forwarded to <i>address</i>, which is compatible
- with the <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> standard.
+ Mail is forwarded to <i>address</i>, which is compatible with the <a href="http://tools.ietf.org/html/rfc822">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc822">822</a> standard.
<i>/file/name</i>
- Mail is appended to <i>/file/name</i>. See <a href="local.8.html"><b>local</b>(8)</a> for
- details of delivery to file. Delivery is not lim-
- ited to regular files. For example, to dispose of
- unwanted mail, deflect it to <b>/dev/null</b>.
+ Mail is appended to <i>/file/name</i>. See <a href="local.8.html"><b>local</b>(8)</a> for details of
+ delivery to file. Delivery is not limited to regular files.
+ For example, to dispose of unwanted mail, deflect it to
+ <b>/dev/null</b>.
|<i>command</i>
- Mail is piped into <i>command</i>. Commands that contain
- special characters, such as whitespace, should be
- enclosed between double quotes. See <a href="local.8.html"><b>local</b>(8)</a> for
- details of delivery to command.
-
- When the command fails, a limited amount of command
- output is mailed back to the sender. The file
- <b>/usr/include/sysexits.h</b> defines the expected exit
- status codes. For example, use <b>"|exit 67"</b> to simu-
- late a "user unknown" error, and <b>"|exit 0"</b> to
- implement an expensive black hole.
+ Mail is piped into <i>command</i>. Commands that contain special char-
+ acters, such as whitespace, should be enclosed between double
+ quotes. See <a href="local.8.html"><b>local</b>(8)</a> for details of delivery to command.
+
+ When the command fails, a limited amount of command output is
+ mailed back to the sender. The file <b>/usr/include/sysexits.h</b>
+ defines the expected exit status codes. For example, use <b>"|exit</b>
+ <b>67"</b> to simulate a "user unknown" error, and <b>"|exit 0"</b> to imple-
+ ment an expensive black hole.
<b>:include:</b><i>/file/name</i>
- Mail is sent to the destinations listed in the
- named file. Lines in <b>:include:</b> files have the same
- syntax as the right-hand side of alias entries.
+ Mail is sent to the destinations listed in the named file.
+ Lines in <b>:include:</b> files have the same syntax as the right-hand
+ side of alias entries.
- A destination can be any destination that is
- described in this manual page. However, delivery to
- "|<i>command</i>" and <i>/file/name</i> is disallowed by default.
- To enable, edit the <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> and
- <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameters.
+ A destination can be any destination that is described in this
+ manual page. However, delivery to "|<i>command</i>" and <i>/file/name</i> is
+ disallowed by default. To enable, edit the <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_com</a>-</b>
+ <b><a href="postconf.5.html#allow_mail_to_commands">mands</a></b> and <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameters.
<b>ADDRESS EXTENSION</b>
- When alias database search fails, and the recipient local-
- part contains the optional recipient delimiter (e.g.,
- <i>user+foo</i>), the search is repeated for the unextended
- address (e.g., <i>user</i>).
+ When alias database search fails, and the recipient localpart contains
+ the optional recipient delimiter (e.g., <i>user+foo</i>), the search is
+ repeated for the unextended address (e.g., <i>user</i>).
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
- gated to the result of table lookup.
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
<b>CASE FOLDING</b>
- The <a href="local.8.html">local(8)</a> delivery agent always folds the search string
- to lowercase before database lookup.
+ The <a href="local.8.html">local(8)</a> delivery agent always folds the search string to lowercase
+ before database lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. NOTE: these formats
- do not use ":" at the end of a pattern.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ NOTE: these formats do not use ":" at the end of a pattern.
- Each regular expression is applied to the entire search
- string. Thus, a search string <i>user+foo</i> is not broken up
- into <i>user</i> and <i>foo</i>.
+ Each regular expression is applied to the entire search string. Thus, a
+ search string <i>user+foo</i> is not broken up into <i>user</i> and <i>foo</i>.
- Regular expressions are applied in the order as specified
- in the table, until a regular expression is found that
- matches the search string.
+ Regular expressions are applied in the order as specified in the table,
+ until a regular expression is found that matches the search string.
- Lookup results are the same as with indexed file lookups.
- For security reasons there is no support for <b>$1</b>, <b>$2</b> etc.
- substring interpolation.
+ Lookup results are the same as with indexed file lookups. For security
+ reasons there is no support for <b>$1</b>, <b>$2</b> etc. substring interpolation.
<b>SECURITY</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression
- substitution of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would
- open a security hole.
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests
- to use the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead
- it will open the table directly. Before Postfix version
- 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will terminate with a
- fatal error.
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
+ directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
+ terminate with a fatal error.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
<b><a href="postconf.5.html#alias_database">alias_database</a></b>
- List of alias databases that are updated by the
- <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
+ List of alias databases that are updated by the <a href="newaliases.1.html"><b>newaliases</b>(1)</a>
+ command.
<b><a href="postconf.5.html#alias_maps">alias_maps</a></b>
- List of alias databases queried by the <a href="local.8.html"><b>local</b>(8)</a>
- delivery agent.
+ List of alias databases queried by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent.
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b>
- Restrict the usage of mail delivery to external
- command.
+ Restrict the usage of mail delivery to external command.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b>
- Restrict the usage of mail delivery to external
- file.
+ Restrict the usage of mail delivery to external file.
<b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a></b>
- When delivering to an alias that has an <b>owner-</b> com-
- panion alias, set the envelope sender address to
- the right-hand side of the owner alias, instead
- using of the left-hand side address.
+ When delivering to an alias that has an <b>owner-</b> companion alias,
+ set the envelope sender address to the right-hand side of the
+ owner alias, instead using of the left-hand side address.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
- <b>include</b>, or <b>generic</b>.
+ A list of address rewriting or forwarding mechanisms that propa-
+ gate an address extension from the original address to the
+ result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
+ <b>ward</b>, <b>include</b>, or <b>generic</b>.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>listname</i> and <i>list-</i>
- <i>name</i><b>-request</b> addresses.
+ Give special treatment to <b>owner-</b><i>listname</i> and <i>listname</i><b>-request</b>
+ addresses.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b>
- Delimiter that separates recipients from address
- extensions.
+ Delimiter that separates recipients from address extensions.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a></b>
- Update the <a href="local.8.html">local(8)</a> delivery agent's Delivered-To:
- address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once,
- at the start of a delivery; do not update the
- Delivered-To: address while expanding aliases or
- .forward files.
+ Update the <a href="local.8.html">local(8)</a> delivery agent's Delivered-To: address (see
+ <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start of a delivery;
+ do not update the Delivered-To: address while expanding aliases
+ or .forward files.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>anvil</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about
- client connection counts or client request rates. This
- information can be used to defend against clients that
- hammer a server with either too many simultaneous ses-
- sions, or with too many successive requests within a con-
- figurable time interval. This server is designed to run
- under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
-
- In the following text, <b>ident</b> specifies a (service, client)
- combination. The exact syntax of that information is
- application-dependent; the <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care.
+ The Postfix <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains statistics about client connec-
+ tion counts or client request rates. This information can be used to
+ defend against clients that hammer a server with either too many simul-
+ taneous sessions, or with too many successive requests within a config-
+ urable time interval. This server is designed to run under control by
+ the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
+
+ In the following text, <b>ident</b> specifies a (service, client) combination.
+ The exact syntax of that information is application-dependent; the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not care.
<b>CONNECTION COUNT/RATE CONTROL</b>
- To register a new connection send the following request to
- the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+ To register a new connection send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a>
+ server:
<b>request=connect</b>
<b>ident=</b><i>string</i>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultane-
- ous connections and the number of connections per unit
- time for the (service, client) combination specified with
- <b>ident</b>:
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of simultaneous connections
+ and the number of connections per unit time for the (service, client)
+ combination specified with <b>ident</b>:
<b>status=0</b>
<b>count=</b><i>number</i>
<b>rate=</b><i>number</i>
- To register a disconnect event send the following request
-
to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+ To register a disconnect event send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=disconnect</b>
<b>ident=</b><i>string</i>
<b>status=0</b>
<b>MESSAGE RATE CONTROL</b>
- To register a message delivery request send the following
-
request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+ To register a message delivery request send the following request to
+ the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=message</b>
<b>ident=</b><i>string</i>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message
- delivery requests per unit time for the (service, client)
- combination specified with <b>ident</b>:
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of message delivery
+ requests per unit time for the (service, client) combination specified
+ with <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b>RECIPIENT RATE CONTROL</b>
- To register a recipient request send the following request
-
to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+ To register a recipient request send the following request to the
+ <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=recipient</b>
<b>ident=</b><i>string</i>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient
- addresses per unit time for the (service, client) combina-
- tion specified with <b>ident</b>:
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of recipient addresses per
+ unit time for the (service, client) combination specified with <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b>TLS SESSION NEGOTIATION RATE CONTROL</b>
- The features described in this section are available with
- Postfix 2.3 and later.
+ The features described in this section are available with Postfix 2.3
+ and later.
- To register a request for a new (i.e. not cached) TLS ses-
-
sion send the following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
+ To register a request for a new (i.e. not cached) TLS session send the
+ following request to the <a href="anvil.8.html"><b>anvil</b>(8)</a> server:
<b>request=newtls</b>
<b>ident=</b><i>string</i>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS
- session requests per unit time for the (service, client)
- combination specified with <b>ident</b>:
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
- To retrieve new TLS session request rate information with-
- out updating the counter information, send:
+ To retrieve new TLS session request rate information without updating
+ the counter information, send:
<b>request=newtls_report</b>
<b>ident=</b><i>string</i>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS
- session requests per unit time for the (service, client)
- combination specified with <b>ident</b>:
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server answers with the number of new TLS session requests
+ per unit time for the (service, client) combination specified with
+ <b>ident</b>:
<b>status=0</b>
<b>rate=</b><i>number</i>
<b>SECURITY</b>
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to
- local users, and can run chrooted at fixed low privilege.
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and
+ can run chrooted at fixed low privilege.
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with
- information about recent clients requests. No persistent
- state is kept because standard system library routines are
- not sufficiently robust for update-intensive applications.
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server maintains an in-memory table with information about
+ recent clients requests. No persistent state is kept because standard
+ system library routines are not sufficiently robust for update-inten-
+ sive applications.
- Although the in-memory state is kept only temporarily,
- this may require a lot of memory on systems that handle
- connections from many remote clients. To reduce memory
- usage, reduce the time unit over which state is kept.
+ Although the in-memory state is kept only temporarily, this may require
+ a lot of memory on systems that handle connections from many remote
+ clients. To reduce memory usage, reduce the time unit over which state
+ is kept.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the
- server logs the maximal count and rate values measured,
- together with (service, client) information and the time
- of day associated with those events. In order to avoid
- unnecessary overhead, no measurements are done for activ-
- ity that isn't concurrency limited or rate limited.
+ Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs
+ the maximal count and rate values measured, together with (service,
+ client) information and the time of day associated with those events.
+ In order to avoid unnecessary overhead, no measurements are done for
+ activity that isn't concurrency limited or rate limited.
<b>BUGS</b>
- Systems behind network address translating routers or
- proxies appear to have the same client address and can run
- into connection count and/or rate limits falsely.
-
- In this preliminary implementation, a count (or rate) lim-
- ited server process can have only one remote client at a
- time. If a server process reports multiple simultaneous
- clients, state is kept only for the last reported client.
-
- The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request
- information after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a>
- server from discarding client request rate information too
- early or too late, a rate limited service should always
- register connect/disconnect events even when it does not
- explicitly limit them.
+ Systems behind network address translating routers or proxies appear to
+ have the same client address and can run into connection count and/or
+ rate limits falsely.
+
+ In this preliminary implementation, a count (or rate) limited server
+ process can have only one remote client at a time. If a server process
+ reports multiple simultaneous clients, state is kept only for the last
+ reported client.
+
+ The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request information
+ after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a> server from discarding
+ client request rate information too early or too late, a rate limited
+ service should always register connect/disconnect events even when it
+ does not explicitly limit them.
<b>CONFIGURATION PARAMETERS</b>
- On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked
- up automatically as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a lim-
- ited amount of time. On other mail systems, use the com-
- mand "<b>postfix reload</b>" to speed up a change.
+ On low-traffic mail systems, changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automati-
+ cally as <a href="anvil.8.html"><b>anvil</b>(8)</a> processes run for only a limited amount of time. On
+ other mail systems, use the command "<b>postfix reload</b>" to speed up a
+ change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (60s)</b>
- The time unit over which client connection rates
- and other rates are calculated.
+ The time unit over which client connection rates and other rates
+ are calculated.
<b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a> (600s)</b>
- How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate
- limiting server logs peak usage information.
+ How frequently the <a href="anvil.8.html"><b>anvil</b>(8)</a> connection and rate limiting server
+ logs peak usage information.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="TUNING_README.html">TUNING_README</a>, performance tuning
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
The anvil service is available in Postfix 2.2 and later.
<b>postconf -b</b> [<i>template</i><b>_</b><i>file</i>]
<b>DESCRIPTION</b>
- The Postfix <a href="bounce.8.html"><b>bounce</b>(8)</a> server produces delivery status
- notification (DSN) messages for undeliverable mail,
- delayed mail, successful delivery or address verification
- requests.
+ The Postfix <a href="bounce.8.html"><b>bounce</b>(8)</a> server produces delivery status notification
+ (DSN) messages for undeliverable mail, delayed mail, successful deliv-
+ ery or address verification requests.
- By default, these notifications are generated from built-
- in templates with message headers and message text. Sites
- can override the built-in information by specifying a
- bounce template file with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> config-
- uration parameter.
+ By default, these notifications are generated from built-in templates
+ with message headers and message text. Sites can override the built-in
+ information by specifying a bounce template file with the <b><a href="postconf.5.html#bounce_template_file">bounce_tem</a>-</b>
+ <b><a href="postconf.5.html#bounce_template_file">plate_file</a></b> configuration parameter.
- This document describes the general procedure to create a
- bounce template file, followed by the specific details of
- bounce template formats.
+ This document describes the general procedure to create a bounce tem-
+ plate file, followed by the specific details of bounce template for-
+ mats.
<b>GENERAL PROCEDURE</b>
- To create a customized bounce template file, create a tem-
- porary copy of the file <b>/etc/postfix/bounce.cf.default</b> and
- edit the temporary file.
+ To create a customized bounce template file, create a temporary copy of
+ the file <b>/etc/postfix/bounce.cf.default</b> and edit the temporary file.
- To preview the results of $<i>name</i> expansions in the template
- text, use the command
+ To preview the results of $<i>name</i> expansions in the template text, use
+ the command
<b>postconf -b</b> <i>temporary</i><b>_</b><i>file</i>
- Errors in the template will be reported to the standard
- error stream and to the syslog daemon.
+ Errors in the template will be reported to the standard error stream
+ and to the syslog daemon.
- While previewing the text, be sure to pay particular
- attention to the expansion of time value parameters that
- appear in the delayed mail notification text.
+ While previewing the text, be sure to pay particular attention to the
+ expansion of time value parameters that appear in the delayed mail
+ notification text.
- Once the result is satisfactory, copy the template to the
- Postfix configuration directory and specify in <a href="postconf.5.html">main.cf</a>
- something like:
+ Once the result is satisfactory, copy the template to the Postfix con-
+ figuration directory and specify in <a href="postconf.5.html">main.cf</a> something like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#bounce_template_file">bounce_template_file</a> = /etc/postfix/bounce.cf
<b>TEMPLATE FILE FORMAT</b>
- The template file can specify templates for failed mail,
- delayed mail, successful delivery or for address verifica-
- tion. These templates are named <b>failure_template</b>,
- <b>delay_template</b>, <b>success_template</b> and <b>verify_template</b>,
- respectively. You can but do not have to specify all four
- templates in a bounce template file.
-
- Each template starts with "<i>template</i><b>_</b><i>name</i> <b>=</b> <<<b>EOF</b>" and ends
- with a line that contains the word "<b>EOF</b>" only. You can
- change the word EOF, but you can't enclose it in quotes as
- with the shell or with Perl (<i>template</i><b>_</b><i>name</i> <b>=</b> <<<b>'EOF'</b>).
- Here is an example:
+ The template file can specify templates for failed mail, delayed mail,
+ successful delivery or for address verification. These templates are
+ named <b>failure_template</b>, <b>delay_template</b>, <b>success_template</b> and <b>ver-</b>
+ <b>ify_template</b>, respectively. You can but do not have to specify all
+ four templates in a bounce template file.
+
+ Each template starts with "<i>template</i><b>_</b><i>name</i> <b>=</b> <<<b>EOF</b>" and ends with a line
+ that contains the word "<b>EOF</b>" only. You can change the word EOF, but you
+ can't enclose it in quotes as with the shell or with Perl (<i>tem-</i>
+ <i>plate</i><b>_</b><i>name</i> <b>=</b> <<<b>'EOF'</b>). Here is an example:
# The failure template is used for undeliverable mail.
The mail system
EOF
- The usage and specification of bounce templates is subject
- to the following restrictions:
+ The usage and specification of bounce templates is subject to the fol-
+ lowing restrictions:
- <b>o</b> No special meaning is given to the backslash char-
- acter or to leading whitespace; these are always
- taken literally.
+ <b>o</b> No special meaning is given to the backslash character or to
+ leading whitespace; these are always taken literally.
- <b>o</b> Inside the << context, the "$" character is spe-
- cial. To produce a "$" character as output, specify
- "$$".
+ <b>o</b> Inside the << context, the "$" character is special. To produce
+ a "$" character as output, specify "$$".
- <b>o</b> Outside the << context, lines beginning with "#"
- are ignored, as are empty lines, and lines consist-
- ing of whitespace only.
+ <b>o</b> Outside the << context, lines beginning with "#" are ignored, as
+ are empty lines, and lines consisting of whitespace only.
- Examples of all templates can be found in the file
- <b>bounce.cf.default</b> in the Postfix configuration directory.
+ Examples of all templates can be found in the file <b>bounce.cf.default</b> in
+ the Postfix configuration directory.
<b>TEMPLATE HEADER FORMAT</b>
- The first portion of a bounce template consists of
- optional template headers. Some become message headers in
- the delivery status notification; some control the format-
- ting of that notification. Headers not specified in a tem-
- plate will be left at their default value.
+ The first portion of a bounce template consists of optional template
+ headers. Some become message headers in the delivery status notifica-
+ tion; some control the formatting of that notification. Headers not
+ specified in a template will be left at their default value.
The following headers are supported:
<b>Charset:</b>
- The MIME character set of the template message
- text. See the "TEMPLATE MESSAGE TEXT FORMAT"
- description below.
+ The MIME character set of the template message text. See the
+ "TEMPLATE MESSAGE TEXT FORMAT" description below.
- <b>From:</b> The sender address in the message header of the
- delivery status notification.
+ <b>From:</b> The sender address in the message header of the delivery status
+ notification.
<b>Subject:</b>
- The subject in the message header of the delivery
- status notification that is returned to the sender.
+ The subject in the message header of the delivery status notifi-
+ cation that is returned to the sender.
<b>Postmaster-Subject:</b>
- The subject that will be used in Postmaster copies
- of undeliverable or delayed mail notifications.
- These copies are sent under control of the
- <a href="postconf.5.html#notify_classes">notify_classes</a> configuration parameter.
+ The subject that will be used in Postmaster copies of undeliver-
+ able or delayed mail notifications. These copies are sent under
+ control of the <a href="postconf.5.html#notify_classes">notify_classes</a> configuration parameter.
- The usage and specification of template message headers is
- subject to the following restrictions:
+ The usage and specification of template message headers is subject to
+ the following restrictions:
- <b>o</b> Template message header names can be specified in
- upper case, lower case or mixed case. Postfix
- always produces bounce message header labels of the
- form "<b>From:</b>" and "<b>Subject:</b>".
+ <b>o</b> Template message header names can be specified in upper case,
+ lower case or mixed case. Postfix always produces bounce message
+ header labels of the form "<b>From:</b>" and "<b>Subject:</b>".
- <b>o</b> Template message headers must not span multiple
- lines.
+ <b>o</b> Template message headers must not span multiple lines.
- <b>o</b> Template message headers do not support $parameter
- expansions.
+ <b>o</b> Template message headers do not support $parameter expansions.
- <b>o</b> Template message headers must contain ASCII charac-
- ters only, and must not contain ASCII null charac-
- ters.
+ <b>o</b> Template message headers must contain ASCII characters only, and
+ must not contain ASCII null characters.
<b>TEMPLATE MESSAGE TEXT FORMAT</b>
- The second portion of a bounce template consists of mes-
- sage text. As the above example shows, template message
- text may contain <a href="postconf.5.html">main.cf</a> $parameters. Besides the parame-
- ters that are defined in <a href="postconf.5.html">main.cf</a>, the following parameters
- are treated specially depending on the suffix that is
- appended to their name.
+ The second portion of a bounce template consists of message text. As
+ the above example shows, template message text may contain <a href="postconf.5.html">main.cf</a>
+ $parameters. Besides the parameters that are defined in <a href="postconf.5.html">main.cf</a>, the
+ following parameters are treated specially depending on the suffix that
+ is appended to their name.
<b>delay_warning_time_</b><i>suffix</i>
- Expands into the value of the <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b>
- parameter, expressed in the time unit specified by
- <i>suffix</i>, which is one of <b>seconds</b>, <b>minutes</b>, <b>hours,</b>
- <b>days</b>, or <b>weeks</b>.
+ Expands into the value of the <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b> parameter,
+ expressed in the time unit specified by <i>suffix</i>, which is one of
+ <b>seconds</b>, <b>minutes</b>, <b>hours, days</b>, or <b>weeks</b>.
<b>maximal_queue_lifetime_</b><i>suffix</i>
- Expands into the value of the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_life</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">time</a></b> parameter, expressed in the time unit speci-
- fied by <i>suffix</i>. See above under <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b>
- for possible <i>suffix</i> values.
-
- The usage and specification of template message text is
- subject to the following restrictions:
-
- <b>o</b> The template message text is not sent in Postmaster
- copies of delivery status notifications.
-
- <b>o</b> If the template message text contains non-ASCII
- characters, Postfix requires that the <b>Charset:</b> tem-
- plate header is updated. Specify an appropriate
- superset of US-ASCII. A superset is needed because
- Postfix appends ASCII text after the message tem-
+ Expands into the value of the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> parameter,
+ expressed in the time unit specified by <i>suffix</i>. See above under
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a></b> for possible <i>suffix</i> values.
+
+ The usage and specification of template message text is subject to the
+ following restrictions:
+
+ <b>o</b> The template message text is not sent in Postmaster copies of
+ delivery status notifications.
+
+ <b>o</b> If the template message text contains non-ASCII characters,
+ Postfix requires that the <b>Charset:</b> template header is updated.
+ Specify an appropriate superset of US-ASCII. A superset is
+ needed because Postfix appends ASCII text after the message tem-
plate when it sends a delivery status notification.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- The Postfix bounce template format was originally devel-
- oped by Nicolas Riendeau.
+ The Postfix bounce template format was originally developed by Nicolas
+ Riendeau.
<b>AUTHOR(S)</b>
Wietse Venema
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with
- delivery status information. Each log file is named after
- the queue file that it corresponds to, and is kept in a
- queue subdirectory named after the service name in the
- <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>). This pro-
- gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service
- requests:
-
- <b>o</b> Append a recipient (non-)delivery status record to
- a per-message log file.
-
- <b>o</b> Enqueue a delivery status notification message,
- with a copy of a per-message log file and of the
- corresponding message. When the delivery status
- notification message is enqueued successfully, the
- per-message log file is deleted.
-
- The software does a best notification effort. A non-deliv-
- ery notification is sent even when the log file or the
- original message cannot be read.
-
- Optionally, a bounce (defer, trace) client can request
- that the per-message log file be deleted when the
- requested operation fails. This is used by clients that
- cannot retry transactions by themselves, and that depend
- on retry logic in their own client.
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the per-
+ message log file be deleted when the requested operation fails. This
+ is used by clients that cannot retry transactions by themselves, and
+ that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
- returned to the sender.
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
<b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
- Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
- can be read by Postfix versions before 2.0.
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
- mail that Postfix did not receive.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
- sage templates.
+ Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that cannot be delivered
- within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received:
- headers, in the SMTP greeting banner, and in
- bounced mail.
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - /etc/postfix/canonical</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The optional <a href="canonical.5.html"><b>canonical</b>(5)</a> table specifies an address map-
- ping for local and non-local addresses. The mapping is
- used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, before mail is stored into
- the queue. The address mapping is recursive.
-
- Normally, the <a href="canonical.5.html"><b>canonical</b>(5)</a> table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/canonical</b>" to rebuild an indexed
- file after changing the corresponding text file.
-
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
-
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those cases, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
-
- By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message
- header addresses (i.e. addresses that appear inside mes-
- sages) and message envelope addresses (for example, the
- addresses that are used in SMTP protocol commands). This
- is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
-
- NOTE: Postfix versions 2.2 and later rewrite message head-
- ers from remote SMTP clients only if the client matches
- the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
- <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter spec-
- ifies a non-empty value. To get the behavior before Post-
- fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
+ The optional <a href="canonical.5.html"><b>canonical</b>(5)</a> table specifies an address mapping for local
+ and non-local addresses. The mapping is used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon,
+ before mail is stored into the queue. The address mapping is recur-
+ sive.
+
+ Normally, the <a href="canonical.5.html"><b>canonical</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/canonical</b>" to rebuild an
+ indexed file after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those cases, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
+
+ By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message header
+ addresses (i.e. addresses that appear inside messages) and message
+ envelope addresses (for example, the addresses that are used in SMTP
+ protocol commands). This is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
+ parameter.
+
+ NOTE: Postfix versions 2.2 and later rewrite message headers from
+ remote SMTP clients only if the client matches the <a href="postconf.5.html#local_header_rewrite_clients">local_header_re</a>-
+ <a href="postconf.5.html#local_header_rewrite_clients">write_clients</a> parameter, or if the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> config-
+ uration parameter specifies a non-empty value. To get the behavior
+ before Postfix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
<a href="DATABASE_README.html#types">static</a>:all".
- Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace
- login names by <i>Firstname.Lastname</i>, or to clean up
- addresses produced by legacy mail systems.
+ Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace login names
+ by <i>Firstname.Lastname</i>, or to clean up addresses produced by legacy mail
+ systems.
- The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
- <i>tual alias</i> support or with local aliasing. To change the
- destination but not the headers, use the <a href="virtual.5.html"><b>virtual</b>(5)</a> or
- <a href="aliases.5.html"><b>aliases</b>(5)</a> map instead.
+ The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>virtual alias</i> sup-
+ port or with local aliasing. To change the destination but not the
+ headers, use the <a href="virtual.5.html"><b>virtual</b>(5)</a> or <a href="aliases.5.html"><b>aliases</b>(5)</a> map instead.
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern address</i>
- When <i>pattern</i> matches a mail address, replace it by
- the corresponding <i>address</i>.
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>address</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user</i>@<i>domain address</i>
- Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
- highest precedence.
+ Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the highest prece-
+ dence.
- This is useful to clean up addresses produced by
- legacy mail systems. It can also be used to pro-
- duce <i>Firstname.Lastname</i> style addresses, but see
- below for a simpler solution.
+ This is useful to clean up addresses produced by legacy mail
+ systems. It can also be used to produce <i>Firstname.Lastname</i>
+ style addresses, but see below for a simpler solution.
<i>user address</i>
- Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
- $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
- or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
- $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+ Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
+ when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is listed in
+ $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
- This form is useful for replacing login names by
- <i>Firstname.Lastname</i>.
+ This form is useful for replacing login names by <i>Firstname.Last-</i>
+ <i>name</i>.
@<i>domain address</i>
- Replace other addresses in <i>domain</i> by <i>address</i>. This
- form has the lowest precedence.
-
- Note: @<i>domain</i> is a wild-card. When this form is
- applied to recipient addresses, the Postfix SMTP
- server accepts mail for any recipient in <i>domain</i>,
- regardless of whether that recipient exists. This
- may turn your mail system into a backscatter
- source: Postfix first accepts mail for non-existent
- recipients and then tries to return that mail as
- "undeliverable" to the often forged sender address.
+ Replace other addresses in <i>domain</i> by <i>address</i>. This form has the
+ lowest precedence.
+
+ Note: @<i>domain</i> is a wild-card. When this form is applied to
+ recipient addresses, the Postfix SMTP server accepts mail for
+ any recipient in <i>domain</i>, regardless of whether that recipient
+ exists. This may turn your mail system into a backscatter
+ source: Postfix first accepts mail for non-existent recipients
+ and then tries to return that mail as "undeliverable" to the
+ often forged sender address.
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>.
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
- to addresses without "@domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
- <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
- to addresses without ".domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
<b>ADDRESS EXTENSION</b>
- When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
- @<i>domain</i>.
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
- gated to the result of table lookup.
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
- constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
- <i>foo</i>.
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
- the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
- <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
- up into <i>user</i> and <i>foo</i>.
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
- What addresses are subject to canonical address
- mapping.
+ What addresses are subject to canonical address mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
List of canonical mapping tables.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a></b>
- Address mapping lookup table for envelope and
- header recipient addresses.
+ Address mapping lookup table for envelope and header recipient
+ addresses.
<b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a></b>
- Address mapping lookup table for envelope and
- header sender addresses.
+ Address mapping lookup table for envelope and header sender
+ addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
- <b>include</b>, or <b>generic</b>.
+ A list of address rewriting or forwarding mechanisms that propa-
+ gate an address extension from the original address to the
+ result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
+ <b>ward</b>, <b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
- receives mail on. You need to stop and start Post-
- fix when this parameter changes.
+ The network interface addresses that this system receives mail
+ on. You need to stop and start Postfix when this parameter
+ changes.
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b>
- Rewrite message header addresses in mail from these
- clients and update incomplete addresses with the
- domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
- rewrite message headers from other clients at all,
- or rewrite message headers and update incomplete
- addresses with the domain specified in the
- <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
+ Rewrite message header addresses in mail from these clients and
+ update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
+ $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
+ clients at all, or rewrite message headers and update incomplete
+ addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
+ <a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on
- by way of a proxy agent or network address transla-
- tor.
+ Other interfaces that this machine receives mail on by way of a
+ proxy agent or network address translator.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
- List of address classes subject to masquerading:
- zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
- <b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
+ List of address classes subject to masquerading: zero or more of
+ <b>envelope_sender</b>, <b>envelope_recipient</b>, <b>header_sender</b>,
+ <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
- List of domains that hide their subdomain struc-
- ture.
+ List of domains that hide their subdomain structure.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
- List of user names that are not subject to address
- masquerading.
+ List of user names that are not subject to address masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
- local.
+ List of domains that this mail system considers local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
The domain that is appended to locally-posted mail.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
- addresses.
+ Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> addresses.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="cidr_table.5.html">cidr</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional lookup tables.
- These tables are usually in <b>dbm</b> or <b>db</b> format. Alterna-
- tively, lookup tables can be specified in CIDR (Classless
- Inter-Domain Routing) form. In this case, each input is
- compared against a list of patterns. When a match is
- found, the corresponding result is returned and the search
- is terminated.
+ The Postfix mail system uses optional lookup tables. These tables are
+ usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec-
+ ified in CIDR (Classless Inter-Domain Routing) form. In this case, each
+ input is compared against a list of patterns. When a match is found,
+ the corresponding result is returned and the search is terminated.
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -q</b>" command as
- described in the SYNOPSIS above.
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
<b>TABLE FORMAT</b>
The general form of a Postfix CIDR table is:
<i>network</i><b>_</b><i>address</i><b>/</b><i>network</i><b>_</b><i>mask result</i>
- When a search string matches the specified network
- block, use the corresponding <i>result</i> value. Specify
- 0.0.0.0/0 to match every IPv4 address, and ::/0 to
- match every IPv6 address.
+ When a search string matches the specified network block, use
+ the corresponding <i>result</i> value. Specify 0.0.0.0/0 to match every
+ IPv4 address, and ::/0 to match every IPv6 address.
- An IPv4 network address is a sequence of four deci-
- mal octets separated by ".", and an IPv6 network
- address is a sequence of three to eight hexadecimal
- octet pairs separated by ":".
+ An IPv4 network address is a sequence of four decimal octets
+ separated by ".", and an IPv6 network address is a sequence of
+ three to eight hexadecimal octet pairs separated by ":".
- The <i>network</i><b>_</b><i>mask</i> is the number of high-order bits
- in the <i>network</i><b>_</b><i>address</i> that the search string must
- match.
+ The <i>network</i><b>_</b><i>mask</i> is the number of high-order bits in the <i>net-</i>
+ <i>work</i><b>_</b><i>address</i> that the search string must match.
- Before comparisons are made, lookup keys and table
- entries are converted from string to binary. There-
- fore table entries will be matched regardless of
- redundant zero characters.
+ Before comparisons are made, lookup keys and table entries are
+ converted from string to binary. Therefore table entries will be
+ matched regardless of redundant zero characters.
- Note: address information may be enclosed inside
- "[]" but this form is not required.
+ Note: address information may be enclosed inside "[]" but this
+ form is not required.
IPv6 support is available in Postfix 2.2 and later.
<i>network</i><b>_</b><i>address result</i>
- When a search string matches the specified network
- address, use the corresponding <i>result</i> value.
+ When a search string matches the specified network address, use
+ the corresponding <i>result</i> value.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
<b>EXAMPLE SMTPD ACCESS MAP</b>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<b>cleanup</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon processes inbound mail, inserts it
- into the <b>incoming</b> mail queue, and informs the queue man-
- ager of its arrival.
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon processes inbound mail, inserts it into the
+ <b>incoming</b> mail queue, and informs the queue manager of its arrival.
- The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon always performs the following trans-
- formations:
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon always performs the following transformations:
- <b>o</b> Insert missing message headers: (<b>Resent-</b>) <b>From:</b>,
- <b>To:</b>, <b>Message-Id:</b>, and <b>Date:</b>.
+ <b>o</b> Insert missing message headers: (<b>Resent-</b>) <b>From:</b>, <b>To:</b>, <b>Message-</b>
+ <b>Id:</b>, and <b>Date:</b>.
- <b>o</b> Transform envelope and header addresses to the
- standard <i>user@fully-qualified-domain</i> form that is
- expected by other Postfix programs. This task is
- delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.
+ <b>o</b> Transform envelope and header addresses to the standard
+ <i>user@fully-qualified-domain</i> form that is expected by other Post-
+ fix programs. This task is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
+ daemon.
<b>o</b> Eliminate duplicate envelope recipient addresses.
The following address transformations are optional:
- <b>o</b> Optionally, rewrite all envelope and header
- addresses according to the mappings specified in
- the <a href="canonical.5.html"><b>canonical</b>(5)</a> lookup tables.
+ <b>o</b> Optionally, rewrite all envelope and header addresses according
+ to the mappings specified in the <a href="canonical.5.html"><b>canonical</b>(5)</a> lookup tables.
- <b>o</b> Optionally, masquerade envelope sender addresses
- and message header addresses (i.e. strip host or
- domain information below all domains listed in the
- <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b> parameter, except for user names
- listed in <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>). By default,
- address masquerading does not affect envelope
- recipients.
+ <b>o</b> Optionally, masquerade envelope sender addresses and message
+ header addresses (i.e. strip host or domain information below
+ all domains listed in the <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b> parameter, except
+ for user names listed in <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>). By default,
+ address masquerading does not affect envelope recipients.
- <b>o</b> Optionally, expand envelope recipients according to
-
information found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
+ <b>o</b> Optionally, expand envelope recipients according to information
+ found in the <a href="virtual.5.html"><b>virtual</b>(5)</a> lookup tables.
- The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon performs sanity checks on the con-
- tent of each message. When it finds a problem, by default
- it returns a diagnostic status to the client, and leaves
- it up to the client to deal with the problem. Alterna-
- tively, the client can request the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon to
- bounce the message back to the sender in case of trouble.
+ The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon performs sanity checks on the content of each
+ message. When it finds a problem, by default it returns a diagnostic
+ status to the client, and leaves it up to the client to deal with the
+ problem. Alternatively, the client can request the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon to
+ bounce the message back to the sender in case of trouble.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- Table-driven rewriting rules make it hard to express <b>if</b>
- <b>then else</b> and other logical relationships.
+ Table-driven rewriting rules make it hard to express <b>if then else</b> and
+ other logical relationships.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="cleanup.8.html"><b>cleanup</b>(8)</a> processes run for only a limited amount of
- time. Use the command "<b>postfix reload</b>" to speed up a
- change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="cleanup.8.html"><b>cleanup</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#undisclosed_recipients_header">undisclosed_recipients_header</a> (see 'postconf -d' output)</b>
- Message header that the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server
- inserts when a message contains no To: or Cc: mes-
- sage header.
+ Message header that the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server inserts when a
+ message contains no To: or Cc: message header.
Available in Postfix version 2.1 only:
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
- Report mail delivery errors to the address speci-
- fied with the non-standard Errors-To: message
- header, instead of the envelope sender address
- (this feature is removed with Postfix version 2.2,
- is turned off by default with Postfix version 2.1,
- and is always turned on with older Postfix ver-
- sions).
+ Report mail delivery errors to the address specified with the
+ non-standard Errors-To: message header, instead of the envelope
+ sender address (this feature is removed with Postfix version
+ 2.2, is turned off by default with Postfix version 2.1, and is
+ always turned on with older Postfix versions).
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#always_add_missing_headers">always_add_missing_headers</a> (no)</b>
- Always add (Resent-) From:, To:, Date: or Message-
- ID: headers when not present.
+ Always add (Resent-) From:, To:, Date: or Message-ID: headers
+ when not present.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
- Enable long, non-repeating, queue IDs (queue file
- names).
+ Enable long, non-repeating, queue IDs (queue file names).
<b>BUILT-IN CONTENT FILTERING CONTROLS</b>
- Postfix built-in content filtering is meant to stop a
- flood of worms or viruses. It is not a general content
- filter.
+ Postfix built-in content filtering is meant to stop a flood of worms or
+ viruses. It is not a general content filter.
<b><a href="postconf.5.html#body_checks">body_checks</a> (empty)</b>
- Optional lookup tables for content inspection as
-
specified in the <a href="header_checks.5.html"><b>body_checks</b>(5)</a> manual page.
+ Optional lookup tables for content inspection as specified in
+ the <a href="header_checks.5.html"><b>body_checks</b>(5)</a> manual page.
<b><a href="postconf.5.html#header_checks">header_checks</a> (empty)</b>
- Optional lookup tables for content inspection of
- primary non-MIME message headers, as specified in
- the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
+ Optional lookup tables for content inspection of primary non-
+ MIME message headers, as specified in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> man-
+ ual page.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a> (51200)</b>
- How much text in a message body segment (or attach-
- ment, if you prefer to use that term) is subjected
- to <a href="postconf.5.html#body_checks">body_checks</a> inspection.
+ How much text in a message body segment (or attachment, if you
+ prefer to use that term) is subjected to <a href="postconf.5.html#body_checks">body_checks</a> inspection.
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
- Optional lookup tables for content inspection of
- MIME related message headers, as described in the
- <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
+ Optional lookup tables for content inspection of MIME related
+ message headers, as described in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual
+ page.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> ($<a href="postconf.5.html#header_checks">header_checks</a>)</b>
- Optional lookup tables for content inspection of
- non-MIME message headers in attached messages, as
-
described in the <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
+ Optional lookup tables for content inspection of non-MIME mes-
+ sage headers in attached messages, as described in the
+ <a href="header_checks.5.html"><b>header_checks</b>(5)</a> manual page.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
- The set of characters that Postfix will reject in
- message content.
+ The set of characters that Postfix will reject in message con-
+ tent.
<b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
- The set of characters that Postfix will remove from
- message content.
+ The set of characters that Postfix will remove from message con-
+ tent.
<b>BEFORE QUEUE MILTER CONTROLS</b>
- As of version 2.3, Postfix supports the Sendmail version 8
- Milter (mail filter) protocol. When mail is not received
- via the <a href="smtpd.8.html">smtpd(8)</a> server, the <a href="cleanup.8.html">cleanup(8)</a> server will simu-
- late SMTP events to the extent that this is possible. For
- details see the <a href="MILTER_README.html">MILTER_README</a> document.
+ As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
+ filter) protocol. When mail is not received via the <a href="smtpd.8.html">smtpd(8)</a> server,
+ the <a href="cleanup.8.html">cleanup(8)</a> server will simulate SMTP events to the extent that this
+ is possible. For details see the <a href="MILTER_README.html">MILTER_README</a> document.
<b><a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> (empty)</b>
- A list of Milter (mail filter) applications for new
- mail that does not arrive via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- server.
+ A list of Milter (mail filter) applications for new mail that
+ does not arrive via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
- The mail filter protocol version and optional pro-
- tocol extensions for communication with a Milter
- application; prior to Postfix 2.6 the default pro-
- tocol is 2.
+ The mail filter protocol version and optional protocol exten-
+ sions for communication with a Milter application; prior to
+ Postfix 2.6 the default protocol is 2.
<b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
- The default action when a Milter (mail filter)
- application is unavailable or mis-configured.
+ The default action when a Milter (mail filter) application is
+ unavailable or mis-configured.
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The {daemon_name} macro value for Milter (mail fil-
- ter) applications.
+ The {daemon_name} macro value for Milter (mail filter) applica-
+ tions.
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
- The {v} macro value for Milter (mail filter) appli-
- cations.
+ The {v} macro value for Milter (mail filter) applications.
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
- The time limit for connecting to a Milter (mail
- filter) application, and for negotiating protocol
- options.
+ The time limit for connecting to a Milter (mail filter) applica-
+ tion, and for negotiating protocol options.
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
- The time limit for sending an SMTP command to a
- Milter (mail filter) application, and for receiving
- the response.
+ The time limit for sending an SMTP command to a Milter (mail
+ filter) application, and for receiving the response.
<b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
- The time limit for sending message content to a
- Milter (mail filter) application, and for receiving
- the response.
+ The time limit for sending message content to a Milter (mail
+ filter) application, and for receiving the response.
<b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after completion of an SMTP connec-
- tion.
+ The macros that are sent to Milter (mail filter) applications
+ after completion of an SMTP connection.
<b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP HELO or EHLO command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP HELO or EHLO command.
<b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP MAIL FROM command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP MAIL FROM command.
<b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP RCPT TO command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP RCPT TO command.
<b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to version 4 or higher
- Milter (mail filter) applications after the SMTP
- DATA command.
+ The macros that are sent to version 4 or higher Milter (mail
+ filter) applications after the SMTP DATA command.
<b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to version 3 or higher
- Milter (mail filter) applications after an unknown
- SMTP command.
+ The macros that are sent to version 3 or higher Milter (mail
+ filter) applications after an unknown SMTP command.
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the message end-of-data.
+ The macros that are sent to Milter (mail filter) applications
+ after the message end-of-data.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the end of the message header.
+ The macros that are sent to Milter (mail filter) applications
+ after the end of the message header.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a> (empty)</b>
- Optional lookup tables for content inspection of
- message headers that are produced by Milter appli-
- cations.
+ Optional lookup tables for content inspection of message headers
+ that are produced by Milter applications.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:
Turn off MIME processing while receiving mail.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
- The maximal length of MIME multipart boundary
- strings.
+ The maximal length of MIME multipart boundary strings.
<b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
- The maximal recursion level that the MIME processor
- will handle.
+ The maximal recursion level that the MIME processor will handle.
<b><a href="postconf.5.html#strict_8bitmime">strict_8bitmime</a> (no)</b>
- Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and strict_8bit-
- mime_body.
+ Enable both <a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> and <a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a>.
<b><a href="postconf.5.html#strict_7bit_headers">strict_7bit_headers</a> (no)</b>
Reject mail with 8-bit text in message headers.
<b><a href="postconf.5.html#strict_8bitmime_body">strict_8bitmime_body</a> (no)</b>
- Reject 8-bit message body text without 8-bit MIME
- content encoding information.
+ Reject 8-bit message body text without 8-bit MIME content encod-
+ ing information.
<b><a href="postconf.5.html#strict_mime_encoding_domain">strict_mime_encoding_domain</a> (no)</b>
- Reject mail with invalid Content-Transfer-Encoding:
- information for the message/* or multipart/* MIME
- content types.
+ Reject mail with invalid Content-Transfer-Encoding: information
+ for the message/* or multipart/* MIME content types.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#detect_8bit_encoding_header">detect_8bit_encoding_header</a> (yes)</b>
- Automatically detect 8BITMIME body content by look-
- ing at Content-Transfer-Encoding: message headers;
- historically, this behavior was hard-coded to be
- "always on".
+ Automatically detect 8BITMIME body content by looking at Con-
+ tent-Transfer-Encoding: message headers; historically, this
+ behavior was hard-coded to be "always on".
<b>AUTOMATIC BCC RECIPIENT CONTROLS</b>
- Postfix can automatically add BCC (blind carbon copy) when
- mail enters the mail system:
+ Postfix can automatically add BCC (blind carbon copy) when mail enters
+ the mail system:
<b><a href="postconf.5.html#always_bcc">always_bcc</a> (empty)</b>
- Optional address that receives a "blind carbon
- copy" of each message that is received by the Post-
- fix mail system.
+ Optional address that receives a "blind carbon copy" of each
+ message that is received by the Postfix mail system.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#sender_bcc_maps">sender_bcc_maps</a> (empty)</b>
- Optional BCC (blind carbon-copy) address lookup
- tables, indexed by sender address.
+ Optional BCC (blind carbon-copy) address lookup tables, indexed
+ by sender address.
<b><a href="postconf.5.html#recipient_bcc_maps">recipient_bcc_maps</a> (empty)</b>
- Optional BCC (blind carbon-copy) address lookup
- tables, indexed by recipient address.
+ Optional BCC (blind carbon-copy) address lookup tables, indexed
+ by recipient address.
<b>ADDRESS TRANSFORMATION CONTROLS</b>
- Address rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a>
- daemon. The <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven
- address mapping.
+ Address rewriting is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. The
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server implements table driven address mapping.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
- address.
+ The recipient of mail addressed to the null address.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message
- headers and envelopes.
+ Optional address mapping lookup tables for message headers and
+ envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for envelope
- and header recipient addresses.
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
<b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for envelope
- and header sender addresses.
+ Optional address mapping lookup tables for envelope and header
+ sender addresses.
- <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender,</b>
- <b>header_recipient)</b>
+ <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a> (envelope_sender, header_sender, header_recipient)</b>
What addresses are subject to address masquerading.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a> (empty)</b>
- Optional list of domains whose subdomain structure
- will be stripped off in email addresses.
+ Optional list of domains whose subdomain structure will be
+ stripped off in email addresses.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
- Optional list of user names that are not subjected
- to address masquerading, even when their address
- matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
+ Optional list of user names that are not subjected to address
+ masquerading, even when their address matches $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ <a href="postconf.5.html#masquerade_domains">ade_domains</a>.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
- What address lookup tables copy an address exten-
- sion from the lookup key to the lookup result.
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
Available before Postfix version 2.0:
<b><a href="postconf.5.html#virtual_maps">virtual_maps</a> (empty)</b>
- Optional lookup tables with a) names of domains for
- which all addresses are aliased to addresses in
- other local or remote domains, and b) addresses
- that are aliased to addresses in other local or
- remote domains.
+ Optional lookup tables with a) names of domains for which all
+ addresses are aliased to addresses in other local or remote
+ domains, and b) addresses that are aliased to addresses in other
+ local or remote domains.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail
- addresses or domains to other local or remote
- address.
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote address.
Available in Postfix version 2.2 and later:
- <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient,</b>
- <b>header_sender, header_recipient)</b>
- What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a>
- address mapping.
-
- <b><a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> (envelope_recipient,</b>
+ <b><a href="postconf.5.html#canonical_classes">canonical_classes</a> (envelope_sender, envelope_recipient, header_sender,</b>
<b>header_recipient)</b>
- What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canoni</a>-
- <a href="postconf.5.html#recipient_canonical_maps">cal_maps</a> address mapping.
+ What addresses are subject to <a href="postconf.5.html#canonical_maps">canonical_maps</a> address mapping.
+
+ <b><a href="postconf.5.html#recipient_canonical_classes">recipient_canonical_classes</a> (envelope_recipient, header_recipient)</b>
+ What addresses are subject to <a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> address
+ mapping.
<b><a href="postconf.5.html#sender_canonical_classes">sender_canonical_classes</a> (envelope_sender, header_sender)</b>
- What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a>
- address mapping.
+ What addresses are subject to <a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> address map-
+ ping.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
- <a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
- plays.
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#header_size_limit">header_size_limit</a> (102400)</b>
- The maximal amount of memory in bytes for storing a
- message header.
+ The maximal amount of memory in bytes for storing a message
+ header.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
- that is allowed in the primary message headers.
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
<b><a href="postconf.5.html#in_flow_delay">in_flow_delay</a> (1s)</b>
- Time to pause before accepting a new message, when
- the message arrival rate exceeds the message deliv-
- ery rate.
+ Time to pause before accepting a new message, when the message
+ arrival rate exceeds the message delivery rate.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
- envelope information.
+ The maximal size in bytes of a message, including envelope
+ information.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#header_address_token_limit">header_address_token_limit</a> (10240)</b>
- The maximal number of address tokens are allowed in
- an address message header.
+ The maximal number of address tokens are allowed in an address
+ message header.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
- The maximal length of MIME multipart boundary
- strings.
+ The maximal length of MIME multipart boundary strings.
<b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
- The maximal recursion level that the MIME processor
- will handle.
+ The maximal recursion level that the MIME processor will handle.
<b><a href="postconf.5.html#queue_file_attribute_count_limit">queue_file_attribute_count_limit</a> (100)</b>
- The maximal number of (name=value) attributes that
- may be stored in a Postfix queue file.
+ The maximal number of (name=value) attributes that may be stored
+ in a Postfix queue file.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#virtual_alias_expansion_limit">virtual_alias_expansion_limit</a> (1000)</b>
- The maximal number of addresses that virtual alias
- expansion produces from each original recipient.
+ The maximal number of addresses that virtual alias expansion
+ produces from each original recipient.
<b><a href="postconf.5.html#virtual_alias_recursion_limit">virtual_alias_recursion_limit</a> (1000)</b>
- The maximal nesting depth of virtual alias expan-
- sion.
+ The maximal nesting depth of virtual alias expansion.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of
- the message headers of mail that is still queued.
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
- ered to.
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise
- be returned to the sender.
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the X-Original-To message
- header.
+ Enable support for the X-Original-To message header.
<b>FILES</b>
/etc/postfix/canonical*, canonical mapping table
<a href="CONTENT_INSPECTION_README.html">CONTENT_INSPECTION_README</a> content inspection
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with
- delivery status information. Each log file is named after
- the queue file that it corresponds to, and is kept in a
- queue subdirectory named after the service name in the
- <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>). This pro-
- gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service
- requests:
-
- <b>o</b> Append a recipient (non-)delivery status record to
- a per-message log file.
-
- <b>o</b> Enqueue a delivery status notification message,
- with a copy of a per-message log file and of the
- corresponding message. When the delivery status
- notification message is enqueued successfully, the
- per-message log file is deleted.
-
- The software does a best notification effort. A non-deliv-
- ery notification is sent even when the log file or the
- original message cannot be read.
-
- Optionally, a bounce (defer, trace) client can request
- that the per-message log file be deleted when the
- requested operation fails. This is used by clients that
- cannot retry transactions by themselves, and that depend
- on retry logic in their own client.
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the per-
+ message log file be deleted when the requested operation fails. This
+ is used by clients that cannot retry transactions by themselves, and
+ that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
- returned to the sender.
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
<b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
- Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
- can be read by Postfix versions before 2.0.
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
- mail that Postfix did not receive.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
- sage templates.
+ Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that cannot be delivered
- within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received:
- headers, in the SMTP greeting banner, and in
- bounced mail.
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>discard</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent processes delivery
- requests from the queue manager. Each request specifies a
- queue file, a sender address, a next-hop destination that
- is treated as the reason for discarding the mail, and
- recipient information. The reason may be prefixed with an
- <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
+ The Postfix <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent processes delivery requests from
+ the queue manager. Each request specifies a queue file, a sender
+ address, a next-hop destination that is treated as the reason for dis-
+ carding the mail, and recipient information. The reason may be pre-
+ fixed with an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all
- recipients in the delivery request, logs the "next-hop"
- destination as the reason for discarding the mail, updates
- the queue file, and either marks recipients as finished or
- informs the queue manager that delivery should be tried
- again at a later time.
+ The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all recipients in the
+ delivery request, logs the "next-hop" destination as the reason for
+ discarding the mail, updates the queue file, and either marks recipi-
+ ents as finished or informs the queue manager that delivery should be
+ tried again at a later time.
- Delivery status reports are sent to the <a href="trace.8.html"><b>trace</b>(8)</a> daemon as
- appropriate.
+ Delivery status reports are sent to the <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SECURITY</b>
- The <a href="discard.8.html"><b>discard</b>(8)</a> mailer is not security-sensitive. It does
- not talk to the network, and can be run chrooted at fixed
- low privilege.
+ The <a href="discard.8.html"><b>discard</b>(8)</a> mailer is not security-sensitive. It does not talk to
+ the network, and can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="discard.8.html"><b>dis-</b></a>
- <a href="discard.8.html"><b>card</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="discard.8.html"><b>discard</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that
- are generated by the mail system.
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.2.
<b>dnsblog</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server implements an ad-hoc DNS
- white/blacklist lookup service. This may eventually be
- replaced by an UDP client that is built directly into the
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+ The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server implements an ad-hoc DNS white/blacklist lookup
+ service. This may eventually be replaced by an UDP client that is built
+ directly into the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b>PROTOCOL</b>
- With each connection, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server receives a DNS
- white/blacklist domain name, IP address, and an ID. If
- the address is listed under the DNS white/blacklist, the
- <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server logs the match and replies with the
- query arguments plus an address list with the resulting IP
- addresses separated by whitespace. Otherwise it replies
- with the query arguments plus an empty address list.
- Finally, The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server closes the connection.
+ With each connection, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server receives a DNS white/black-
+ list domain name, IP address, and an ID. If the address is listed
+ under the DNS white/blacklist, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server logs the match and
+ replies with the query arguments plus an address list with the result-
+ ing IP addresses separated by whitespace. Otherwise it replies with
+ the query arguments plus an empty address list. Finally, The <a href="dnsblog.8.html"><b>dns-</b></a>
+ <a href="dnsblog.8.html"><b>blog</b>(8)</a> server closes the connection.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <b>dns-</b>
- <b>blog</b>(8) processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
- Optional list of DNS white/blacklist domains, fil-
- ters and weight factors.
+ Optional list of DNS white/blacklist domains, filters and weight
+ factors.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
syslogd(5), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.8.
<b>error</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix <a href="error.8.html"><b>error</b>(8)</a> delivery agent processes delivery
- requests from the queue manager. Each request specifies a
- queue file, a sender address, the reason for non-delivery
- (specified as the next-hop destination), and recipient
- information. The reason may be prefixed with an <a href="http://tools.ietf.org/html/rfc3463">RFC</a>
- <a href="http://tools.ietf.org/html/rfc3463">3463</a>-compatible detail code; if none is specified a
- default 4.0.0 or 5.0.0 code is used instead. This program
- expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or
- <b>retry</b>, the server bounces or defers all recipients in the
- delivery request using the "next-hop" information as the
- reason for non-delivery. The <b>retry</b> service name is sup-
- ported as of Postfix 2.4.
-
- Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
- <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+ The Postfix <a href="error.8.html"><b>error</b>(8)</a> delivery agent processes delivery requests from
+ the queue manager. Each request specifies a queue file, a sender
+ address, the reason for non-delivery (specified as the next-hop desti-
+ nation), and recipient information. The reason may be prefixed with an
+ <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code; if none is specified a default 4.0.0
+ or 5.0.0 code is used instead. This program expects to be run from the
+ <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Depending on the service name in <a href="master.5.html">master.cf</a>, <b>error</b> or <b>retry</b>, the server
+ bounces or defers all recipients in the delivery request using the
+ "next-hop" information as the reason for non-delivery. The <b>retry</b> ser-
+ vice name is supported as of Postfix 2.4.
+
+ Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a>
+ daemon as appropriate.
<b>SECURITY</b>
- The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not
- talk to the network, and can be run chrooted at fixed low
- privilege.
+ The <a href="error.8.html"><b>error</b>(8)</a> mailer is not security-sensitive. It does not talk to the
+ network, and can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="error.8.html"><b>error</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
- returned to the sender.
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
- mail that Postfix did not receive.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that
- are generated by the mail system.
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>flush</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="flush.8.html"><b>flush</b>(8)</a> server maintains a record of deferred mail by
- destination. This information is used to improve the per-
- formance of the SMTP <b>ETRN</b> request, and of its command-line
- equivalent, "<b>sendmail -qR</b>" or "<b>postqueue -f</b>". This pro-
- gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The record is implemented as a per-destination logfile
- with as contents the queue IDs of deferred mail. A logfile
- is append-only, and is truncated when delivery is
- requested for the corresponding destination. A destination
- is the part on the right-hand side of the right-most <b>@</b> in
+ The <a href="flush.8.html"><b>flush</b>(8)</a> server maintains a record of deferred mail by destination.
+ This information is used to improve the performance of the SMTP <b>ETRN</b>
+ request, and of its command-line equivalent, "<b>sendmail -qR</b>" or
+ "<b>postqueue -f</b>". This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a>
+ process manager.
+
+ The record is implemented as a per-destination logfile with as contents
+ the queue IDs of deferred mail. A logfile is append-only, and is trun-
+ cated when delivery is requested for the corresponding destination. A
+ destination is the part on the right-hand side of the right-most <b>@</b> in
an email address.
- Per-destination logfiles of deferred mail are maintained
- only for eligible destinations. The list of eligible des-
- tinations is specified with the <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a></b> config-
-
uration parameter, which defaults to <b>$<a href="postconf.5.html#relay_domains">relay_domains</a></b>.
+ Per-destination logfiles of deferred mail are maintained only for eli-
+ gible destinations. The list of eligible destinations is specified with
+ the <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a></b> configuration parameter, which defaults to
+ <b>$<a href="postconf.5.html#relay_domains">relay_domains</a></b>.
This server implements the following requests:
<b>add</b> <i>sitename queueid</i>
- Inform the <a href="flush.8.html"><b>flush</b>(8)</a> server that the message with
- the specified queue ID is queued for the specified
- destination.
+ Inform the <a href="flush.8.html"><b>flush</b>(8)</a> server that the message with the specified
+ queue ID is queued for the specified destination.
<b>send_site</b> <i>sitename</i>
- Request delivery of mail that is queued for the
- specified destination.
+ Request delivery of mail that is queued for the specified desti-
+ nation.
<b>send_file</b> <i>queueid</i>
Request delivery of the specified deferred message.
<b>refresh</b>
- Refresh non-empty per-destination logfiles that
- were not read in <b>$<a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a></b> hours, by
- simulating send requests (see above) for the corre-
- sponding destinations.
+ Refresh non-empty per-destination logfiles that were not read in
+ <b>$<a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a></b> hours, by simulating send requests (see
+ above) for the corresponding destinations.
- Delete empty per-destination logfiles that were not
-
updated in <b>$<a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a></b> days.
+ Delete empty per-destination logfiles that were not updated in
+ <b>$<a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a></b> days.
This request completes in the background.
<b>purge</b> Do a <b>refresh</b> for all per-destination logfiles.
<b>SECURITY</b>
- The <a href="flush.8.html"><b>flush</b>(8)</a> server is not security-sensitive. It does not
- talk to the network, and it does not talk to local users.
- The fast flush server can run chrooted at fixed low privi-
- lege.
+ The <a href="flush.8.html"><b>flush</b>(8)</a> server is not security-sensitive. It does not talk to the
+ network, and it does not talk to local users. The fast flush server
+ can run chrooted at fixed low privilege.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- Fast flush logfiles are truncated only after a "send"
- request, not when mail is actually delivered, and there-
- fore can accumulate outdated or redundant data. In order
- to maintain sanity, "refresh" must be executed periodi-
- cally. This can be automated with a suitable wakeup timer
- setting in the <a href="master.5.html"><b>master.cf</b></a> configuration file.
-
- Upon receipt of a request to deliver mail for an eligible
- destination, the <a href="flush.8.html"><b>flush</b>(8)</a> server requests delivery of all
- messages that are listed in that destination's logfile,
- regardless of the recipients of those messages. This is
- not an issue for mail that is sent to a <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> des-
- tination because such mail typically only has recipients
- in one domain.
+ Fast flush logfiles are truncated only after a "send" request, not when
+ mail is actually delivered, and therefore can accumulate outdated or
+ redundant data. In order to maintain sanity, "refresh" must be executed
+ periodically. This can be automated with a suitable wakeup timer set-
+ ting in the <a href="master.5.html"><b>master.cf</b></a> configuration file.
+
+ Upon receipt of a request to deliver mail for an eligible destination,
+ the <a href="flush.8.html"><b>flush</b>(8)</a> server requests delivery of all messages that are listed
+ in that destination's logfile, regardless of the recipients of those
+ messages. This is not an issue for mail that is sent to a <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>
+ destination because such mail typically only has recipients in one
+ domain.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="flush.8.html"><b>flush</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="flush.8.html"><b>flush</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for
- per-destination logfiles with mail that is queued
- to those destinations.
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
<b><a href="postconf.5.html#fast_flush_refresh_time">fast_flush_refresh_time</a> (12h)</b>
- The time after which a non-empty but unread per-
- destination "fast flush" logfile needs to be
- refreshed.
+ The time after which a non-empty but unread per-destination
+ "fast flush" logfile needs to be refreshed.
<b><a href="postconf.5.html#fast_flush_purge_time">fast_flush_purge_time</a> (7d)</b>
- The time after which an empty per-destination "fast
- flush" logfile is deleted.
+ The time after which an empty per-destination "fast flush" log-
+ file is deleted.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
- <b>put)</b>
- What Postfix features match subdomains of
- "domain.tld" automatically, instead of requiring an
- explicit ".domain.tld" pattern.
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ What Postfix features match subdomains of "domain.tld" automati-
+ cally, instead of requiring an explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/flush, "fast flush" logfiles.
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 1.0.
<b>postmap -q - /etc/postfix/generic</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The optional <a href="generic.5.html"><b>generic</b>(5)</a> table specifies an address mapping
- that applies when mail is delivered. This is the opposite
- of <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping, which applies when mail is
- received.
-
- Typically, one would use the <a href="generic.5.html"><b>generic</b>(5)</a> table on a system
- that does not have a valid Internet domain name and that
- uses something like <i>localdomain.local</i> instead. The
- <a href="generic.5.html"><b>generic</b>(5)</a> table is then used by the <a href="smtp.8.html"><b>smtp</b>(8)</a> client to
- transform local mail addresses into valid Internet mail
- addresses when mail has to be sent across the Internet.
- See the EXAMPLE section at the end of this document.
-
- The <a href="generic.5.html"><b>generic</b>(5)</a> mapping affects both message header
- addresses (i.e. addresses that appear inside messages) and
- message envelope addresses (for example, the addresses
- that are used in SMTP protocol commands).
-
- Normally, the <a href="generic.5.html"><b>generic</b>(5)</a> table is specified as a text file
- that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/generic</b>" to rebuild an indexed file
+ The optional <a href="generic.5.html"><b>generic</b>(5)</a> table specifies an address mapping that applies
+ when mail is delivered. This is the opposite of <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping,
+ which applies when mail is received.
+
+ Typically, one would use the <a href="generic.5.html"><b>generic</b>(5)</a> table on a system that does not
+ have a valid Internet domain name and that uses something like <i>localdo-</i>
+ <i>main.local</i> instead. The <a href="generic.5.html"><b>generic</b>(5)</a> table is then used by the <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ client to transform local mail addresses into valid Internet mail
+ addresses when mail has to be sent across the Internet. See the EXAM-
+ PLE section at the end of this document.
+
+ The <a href="generic.5.html"><b>generic</b>(5)</a> mapping affects both message header addresses (i.e.
+ addresses that appear inside messages) and message envelope addresses
+ (for example, the addresses that are used in SMTP protocol commands).
+
+ Normally, the <a href="generic.5.html"><b>generic</b>(5)</a> table is specified as a text file that serves
+ as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b>
+ or <b>db</b> format, is used for fast searching by the mail system. Execute
+ the command "<b>postmap /etc/postfix/generic</b>" to rebuild an indexed file
after changing the corresponding text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those case, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches a mail address, replace it by
- the corresponding <i>result</i>.
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user</i>@<i>domain address</i>
- Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
- highest precedence.
+ Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the highest prece-
+ dence.
<i>user address</i>
- Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
- $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
- or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
- $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+ Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>,
+ when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is listed in
+ $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
@<i>domain address</i>
- Replace other addresses in <i>domain</i> by <i>address</i>. This
- form has the lowest precedence.
+ Replace other addresses in <i>domain</i> by <i>address</i>. This form has the
+ lowest precedence.
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>.
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>.
- <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
- to addresses without "@domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
- <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
- to addresses without ".domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
<b>ADDRESS EXTENSION</b>
- When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
- @<i>domain</i>.
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
- gated to the result of table lookup.
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
- constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
- <i>foo</i>.
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
- the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
- <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
- up into <i>user</i> and <i>foo</i>.
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following shows a generic mapping with an indexed
- file. When mail is sent to a remote host via SMTP, this
- replaces <i>his@localdomain.local</i> by his ISP mail address,
- replaces <i>her@localdomain.local</i> by her ISP mail address,
- and replaces other local addresses by his ISP account,
- with an address extension of <i>+local</i> (this example assumes
- that the ISP supports "+" style address extensions).
+ The following shows a generic mapping with an indexed file. When mail
+ is sent to a remote host via SMTP, this replaces <i>his@localdomain.local</i>
+ by his ISP mail address, replaces <i>her@localdomain.local</i> by her ISP mail
+ address, and replaces other local addresses by his ISP account, with an
+ address extension of <i>+local</i> (this example assumes that the ISP supports
+ "+" style address extensions).
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/generic
her@localdomain.local heraccount@herisp.example
@localdomain.local hisaccount+local@hisisp.example
- Execute the command "<b>postmap /etc/postfix/generic</b>" when-
- ever the table is changed. Instead of <b>hash</b>, some systems
- use <b>dbm</b> database files. To find out what tables your sys-
- tem supports use the command "<b>postconf -m</b>".
+ Execute the command "<b>postmap /etc/postfix/generic</b>" whenever the table
+ is changed. Instead of <b>hash</b>, some systems use <b>dbm</b> database files. To
+ find out what tables your system supports use the command "<b>postconf</b>
+ <b>-m</b>".
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a></b>
- Address mapping lookup table for envelope and
- header sender and recipient addresses while deliv-
- ering mail via SMTP.
+ Address mapping lookup table for envelope and header sender and
+ recipient addresses while delivering mail via SMTP.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
- <b>include</b>, or <b>generic</b>.
+ A list of address rewriting or forwarding mechanisms that propa-
+ gate an address extension from the original address to the
+ result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
+ <b>ward</b>, <b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
- receives mail on. You need to stop and start Post-
- fix when this parameter changes.
+ The network interface addresses that this system receives mail
+ on. You need to stop and start Postfix when this parameter
+ changes.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on
- by way of a proxy agent or network address transla-
- tor.
+ Other interfaces that this machine receives mail on by way of a
+ proxy agent or network address translator.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
- local.
+ List of domains that this mail system considers local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
The domain that is appended to locally-posted mail.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
- addresses.
+ Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> addresses.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="STANDARD_CONFIGURATION_README.html">STANDARD_CONFIGURATION_README</a>, configuration examples
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
A genericstable feature appears in the Sendmail MTA.
<b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- This document describes access control on the content of
- message headers and message body lines; it is implemented
- by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server before mail is queued.
- See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
- information.
-
- Each message header or message body line is compared
- against a list of patterns. When a match is found the
- corresponding action is executed, and the matching process
- is repeated for the next message header or message body
- line.
-
- Note: message headers are examined one logical header at a
- time, even when a message header spans multiple lines.
- Body lines are always examined one line at a time.
-
- For examples, see the EXAMPLES section at the end of this
- manual page.
-
- Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood
- of mail from worms or viruses; they do not decode attach-
- ments, and they do not unzip archives. See the documents
- referenced below in the README FILES section if you need
- more sophisticated content analysis.
+ This document describes access control on the content of message head-
+ ers and message body lines; it is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a>
+ server before mail is queued. See <a href="access.5.html"><b>access</b>(5)</a> for access control on
+ remote SMTP client information.
+
+ Each message header or message body line is compared against a list of
+ patterns. When a match is found the corresponding action is executed,
+ and the matching process is repeated for the next message header or
+ message body line.
+
+ Note: message headers are examined one logical header at a time, even
+ when a message header spans multiple lines. Body lines are always exam-
+ ined one line at a time.
+
+ For examples, see the EXAMPLES section at the end of this manual page.
+
+ Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood of mail from
+ worms or viruses; they do not decode attachments, and they do not unzip
+ archives. See the documents referenced below in the README FILES sec-
+ tion if you need more sophisticated content analysis.
<b>FILTERS WHILE RECEIVING MAIL</b>
- Postfix implements the following four built-in content
- inspection classes while receiving mail:
+ Postfix implements the following four built-in content inspection
+ classes while receiving mail:
<b><a href="postconf.5.html#header_checks">header_checks</a></b> (default: empty)
- These are applied to initial message headers
- (except for the headers that are processed with
- <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
+ These are applied to initial message headers (except for the
+ headers that are processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to MIME related message headers
- only.
+ These are applied to MIME related message headers only.
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to message headers of attached
- email messages (except for the headers that are
-
processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
+ These are applied to message headers of attached email messages
+ (except for the headers that are processed with
+ <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
- These are applied to all other content, including
- multi-part message boundaries.
+ These are applied to all other content, including multi-part
+ message boundaries.
- With Postfix versions before 2.0, all content after
- the initial message headers is treated as body con-
- tent.
+ With Postfix versions before 2.0, all content after the initial
+ message headers is treated as body content.
<b>FILTERS AFTER RECEIVING MAIL</b>
- Postfix supports a subset of the built-in content inspec-
- tion classes after the message is received:
+ Postfix supports a subset of the built-in content inspection classes
+ after the message is received:
<b><a href="postconf.5.html#milter_header_checks">milter_header_checks</a></b> (default: empty)
- These are applied to headers that are added with
- Milter applications.
+ These are applied to headers that are added with Milter applica-
+ tions.
This feature is available in Postfix 2.7 and later.
<b>FILTERS WHILE DELIVERING MAIL</b>
- Postfix supports all four content inspection classes while
- delivering mail via SMTP.
+ Postfix supports all four content inspection classes while delivering
+ mail via SMTP.
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a></b> (default: empty)
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a></b> (default: empty)
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a></b> (default: empty)
- These features are available in Postfix 2.5 and
- later.
+ These features are available in Postfix 2.5 and later.
<b>COMPATIBILITY</b>
- With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
- to query a table that contains case sensitive patterns. By
- default, <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. By default, <a href="regexp_table.5.html">regexp</a>: and
+ <a href="pcre_table.5.html">pcre</a>: patterns are case insensitive.
<b>TABLE FORMAT</b>
- This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
- are specified in the form of Postfix regular expression
- lookup tables. Usually the best performance is obtained
- with <b>pcre</b> (Perl Compatible Regular Expression) tables. The
- <b>regexp</b> (POSIX regular expressions) tables are usually
- slower, but more widely available. Use the command "<b>post-</b>
- <b>conf -m</b>" to find out what lookup table types your Postfix
- system supports.
-
- The general format of Postfix regular expression tables is
- given below. For a discussion of specific pattern or
- flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
- respectively.
+ This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules are specified
+ in the form of Postfix regular expression lookup tables. Usually the
+ best performance is obtained with <b>pcre</b> (Perl Compatible Regular Expres-
+ sion) tables. The <b>regexp</b> (POSIX regular expressions) tables are usually
+ slower, but more widely available. Use the command "<b>postconf -m</b>" to
+ find out what lookup table types your Postfix system supports.
+
+ The general format of Postfix regular expression tables is given below.
+ For a discussion of specific pattern or flags syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>
+ or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>, respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
- When /<i>pattern</i>/ matches the input string, execute
- the corresponding <i>action</i>. See below for a list of
- possible actions.
+ When /<i>pattern</i>/ matches the input string, execute the correspond-
+ ing <i>action</i>. See below for a list of possible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
- When /<i>pattern</i>/ does <b>not</b> match the input string,
- execute the corresponding <i>action</i>.
+ When /<i>pattern</i>/ does <b>not</b> match the input string, execute the cor-
+ responding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the same input string
- also matches /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if the same input string also matches /<i>pat-</i>
+ <i>tern</i>/. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
- <b>if</b>..<b>endif</b>.
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the same input string
- does <b>not</b> match /<i>pattern</i>/. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if the same input string does <b>not</b> match /<i>pat-</i>
+ <i>tern</i>/. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A pattern/action line starts with non-whitespace
- text. A line that starts with whitespace continues
- a logical line.
+ A pattern/action line starts with non-whitespace text. A line
+ that starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- For each line of message input, the patterns are applied
- in the order as specified in the table. When a pattern is
- found that matches the input line, the corresponding
- action is executed and then the next input line is
- inspected.
+ For each line of message input, the patterns are applied in the order
+ as specified in the table. When a pattern is found that matches the
+ input line, the corresponding action is executed and then the next
+ input line is inspected.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the <i>action</i> string is possible using the conventional
- Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
- string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
- aren't followed by whitespace.
+ Substitution of substrings from the matched expression into the <i>action</i>
+ string is possible using the conventional Perl syntax (<b>$1</b>, <b>$2</b>, etc.).
+ The macros in the result string may need to be written as <b>${n}</b> or <b>$(n)</b>
+ if they aren't followed by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
- a result when the expression does not match, substitutions
- are not available for negated patterns.
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
<b>ACTIONS</b>
- Action names are case insensitive. They are shown in upper
- case for consistency with other Postfix documentation.
+ Action names are case insensitive. They are shown in upper case for
+ consistency with other Postfix documentation.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
- erwise log a generic message.
+ Claim successful delivery and silently discard the message. Log
+ the optional text if specified, otherwise log a generic message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
- affects all recipients. To discard only one recip-
- ient without discarding the entire message, use the
- <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
- service.
+ Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec-
+ tion of the current message and affects all recipients. To dis-
+ card only one recipient without discarding the entire message,
+ use the <a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a> ser-
+ vice.
This feature is available in Postfix 2.0 and later.
- This feature is not supported with smtp header/body
- checks.
+ This feature is not supported with smtp header/body checks.
- <b>DUNNO</b> Pretend that the input line did not match any pat-
- tern, and inspect the next input line. This action
- can be used to shorten the table search.
+ <b>DUNNO</b> Pretend that the input line did not match any pattern, and
+ inspect the next input line. This action can be used to shorten
+ the table search.
- For backwards compatibility reasons, Postfix also
- accepts <b>OK</b> but it is (and always has been) treated
- as <b>DUNNO</b>.
+ For backwards compatibility reasons, Postfix also accepts <b>OK</b> but
+ it is (and always has been) treated as <b>DUNNO</b>.
This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
- sage through the specified external content filter.
- The <i>transport</i> name specifies the first field of a
- mail delivery agent definition in <a href="master.5.html">master.cf</a>; the
- syntax of the next-hop <i>destination</i> is described in
- the manual page of the corresponding delivery
- agent. More information about external content
- filters is in the Postfix <a href="FILTER_README.html">FILTER_README</a> file.
-
- Note 1: do not use $<i>number</i> regular expression sub-
- stitutions for <i>transport</i> or <i>destination</i> unless you
- know that the information has a trusted origin.
-
- Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
- the message. In the case that multiple <b>FILTER</b>
- actions fire, only the last one is executed.
-
- Note 3: the purpose of the FILTER command is to
- override message routing. To override the recipi-
- ent's <i>transport</i> but not the next-hop <i>destination</i>,
- specify an empty filter <i>destination</i> (Postfix 2.7
- and later), or specify a <i>transport:destination</i> that
- delivers through a different Postfix instance
- (Postfix 2.6 and earlier). Other options are using
- the recipient-dependent <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> or the sen-
- der-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport</a>-</b>
- <b><a href="postconf.5.html#sender_dependent_default_transport_maps">_maps</a></b> features.
+ After the message is queued, send the entire message through the
+ specified external content filter. The <i>transport</i> name specifies
+ the first field of a mail delivery agent definition in <a href="master.5.html">mas-
+ ter.cf</a>; the syntax of the next-hop <i>destination</i> is described in
+ the manual page of the corresponding delivery agent. More
+ information about external content filters is in the Postfix
+ <a href="FILTER_README.html">FILTER_README</a> file.
+
+ Note 1: do not use $<i>number</i> regular expression substitutions for
+ <i>transport</i> or <i>destination</i> unless you know that the information
+ has a trusted origin.
+
+ Note 2: this action overrides the <a href="postconf.5.html">main.cf</a> <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In the case
+ that multiple <b>FILTER</b> actions fire, only the last one is exe-
+ cuted.
+
+ Note 3: the purpose of the FILTER command is to override message
+ routing. To override the recipient's <i>transport</i> but not the
+ next-hop <i>destination</i>, specify an empty filter <i>destination</i> (Post-
+ fix 2.7 and later), or specify a <i>transport:destination</i> that
+ delivers through a different Postfix instance (Postfix 2.6 and
+ earlier). Other options are using the recipient-dependent <b><a href="postconf.5.html#transport_maps">trans</a>-</b>
+ <b><a href="postconf.5.html#transport_maps">port_maps</a></b> or the sender-dependent <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default-</b>
+ <b>_transport_maps</a></b> features.
This feature is available in Postfix 2.0 and later.
- This feature is not supported with smtp header/body
- checks.
+ This feature is not supported with smtp header/body checks.
<b>HOLD</b> <i>optional text...</i>
- Arrange for the message to be placed on the <b>hold</b>
- queue, and inspect the next input line. The mes-
- sage remains on <b>hold</b> until someone either deletes
- it or releases it for delivery. Log the optional
- text if specified, otherwise log a generic message.
-
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
- released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
-
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
- not expire within a few delivery attempts.
-
- Note: this action affects all recipients of the
- message.
+ Arrange for the message to be placed on the <b>hold</b> queue, and
+ inspect the next input line. The message remains on <b>hold</b> until
+ someone either deletes it or releases it for delivery. Log the
+ optional text if specified, otherwise log a generic message.
+
+ Mail that is placed on hold can be examined with the <a href="postcat.1.html"><b>postcat</b>(1)</a>
+ command, and can be destroyed or released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a>
+ command.
+
+ Note: use "<b>postsuper -r</b>" to release mail that was kept on hold
+ for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer. Use "<b>postsuper -H</b>" only for
+ mail that will not expire within a few delivery attempts.
+
+ Note: this action affects all recipients of the message.
This feature is available in Postfix 2.0 and later.
- This feature is not supported with smtp header/body
- checks.
+ This feature is not supported with smtp header/body checks.
- <b>IGNORE</b> Delete the current line from the input, and inspect
- the next input line.
+ <b>IGNORE</b> Delete the current line from the input, and inspect the next
+ input line.
<b>INFO</b> <i>optional text...</i>
- Log an "info:" record with the <i>optional text...</i> (or
- log a generic text), and inspect the next input
- line. This action is useful for routine logging or
- for debugging.
+ Log an "info:" record with the <i>optional text...</i> (or log a
+ generic text), and inspect the next input line. This action is
+ useful for routine logging or for debugging.
This feature is available in Postfix 2.8 and later.
<b>PREPEND</b> <i>text...</i>
- Prepend one line with the specified text, and
- inspect the next input line.
+ Prepend one line with the specified text, and inspect the next
+ input line.
Notes:
- <b>o</b> The prepended text is output on a separate
- line, immediately before the input that
- triggered the <b>PREPEND</b> action.
+ <b>o</b> The prepended text is output on a separate line, immedi-
+ ately before the input that triggered the <b>PREPEND</b> action.
- <b>o</b> The prepended text is not considered part of
- the input stream: it is not subject to
- header/body checks or address rewriting, and
- it does not affect the way that Postfix adds
- missing message headers.
+ <b>o</b> The prepended text is not considered part of the input
+ stream: it is not subject to header/body checks or
+ address rewriting, and it does not affect the way that
+ Postfix adds missing message headers.
- <b>o</b> When prepending text before a message header
- line, the prepended text must begin with a
- valid message header label.
+ <b>o</b> When prepending text before a message header line, the
+ prepended text must begin with a valid message header
+ label.
- <b>o</b> This action cannot be used to prepend multi-
- line text.
+ <b>o</b> This action cannot be used to prepend multi-line text.
This feature is available in Postfix 2.1 and later.
- This feature is not supported with mil-
- ter_header_checks.
+ This feature is not supported with <a href="postconf.5.html#milter_header_checks">milter_header_checks</a>.
<b>REDIRECT</b> <i>user@domain</i>
- Write a message redirection request to the queue
- file, and inspect the next input line. After the
- message is queued, it will be sent to the specified
- address instead of the intended recipient(s).
-
- Note: this action overrides the <b>FILTER</b> action, and
- affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire, only the last one is exe-
- cuted.
+ Write a message redirection request to the queue file, and
+ inspect the next input line. After the message is queued, it
+ will be sent to the specified address instead of the intended
+ recipient(s).
+
+ Note: this action overrides the <b>FILTER</b> action, and affects all
+ recipients of the message. If multiple <b>REDIRECT</b> actions fire,
+ only the last one is executed.
This feature is available in Postfix 2.1 and later.
- This feature is not supported with smtp header/body
- checks.
+ This feature is not supported with smtp header/body checks.
<b>REPLACE</b> <i>text...</i>
- Replace the current line with the specified text,
- and inspect the next input line.
+ Replace the current line with the specified text, and inspect
+ the next input line.
- This feature is available in Postfix 2.2 and later.
- The description below applies to Postfix 2.2.2 and
- later.
+ This feature is available in Postfix 2.2 and later. The descrip-
+ tion below applies to Postfix 2.2.2 and later.
Notes:
- <b>o</b> When replacing a message header line, the
- replacement text must begin with a valid
- header label.
+ <b>o</b> When replacing a message header line, the replacement
+ text must begin with a valid header label.
- <b>o</b> The replaced text remains part of the input
- stream. Unlike the result from the <b>PREPEND</b>
- action, a replaced message header may be
- subject to address rewriting and may affect
- the way that Postfix adds missing message
+ <b>o</b> The replaced text remains part of the input stream.
+ Unlike the result from the <b>PREPEND</b> action, a replaced
+ message header may be subject to address rewriting and
+ may affect the way that Postfix adds missing message
headers.
<b>REJECT</b> <i>optional text...</i>
- Reject the entire message. Reply with <i>optional</i>
- <i>text...</i> when the optional text is specified, other-
- wise reply with a generic error message.
+ Reject the entire message. Reply with <i>optional text...</i> when the
+ optional text is specified, otherwise reply with a generic error
+ message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
- affects all recipients.
+ Note: this action disables further header or <a href="postconf.5.html#body_checks">body_checks</a> inspec-
+ tion of the current message and affects all recipients.
- Postfix version 2.3 and later support enhanced sta-
- tus codes. When no code is specified at the begin-
- ning of <i>optional text...</i>, Postfix inserts a default
- enhanced status code of "5.7.1".
+ Postfix version 2.3 and later support enhanced status codes.
+ When no code is specified at the beginning of <i>optional text...</i>,
+ Postfix inserts a default enhanced status code of "5.7.1".
- This feature is not supported with smtp header/body
- checks.
+ This feature is not supported with smtp header/body checks.
<b>WARN</b> <i>optional text...</i>
- Log a "warning:" record with the <i>optional text...</i>
- (or log a generic text), and inspect the next input
- line. This action is useful for debugging and for
- testing a pattern before applying more drastic
- actions.
+ Log a "warning:" record with the <i>optional text...</i> (or log a
+ generic text), and inspect the next input line. This action is
+ useful for debugging and for testing a pattern before applying
+ more drastic actions.
<b>BUGS</b>
- Empty lines never match, because some map types mis-behave
- when given a zero-length search string. This limitation
- may be removed for regular expression tables in a future
- release.
+ Empty lines never match, because some map types mis-behave when given a
+ zero-length search string. This limitation may be removed for regular
+ expression tables in a future release.
- Many people overlook the main limitations of header and
- <a href="postconf.5.html#body_checks">body_checks</a> rules.
+ Many people overlook the main limitations of header and <a href="postconf.5.html#body_checks">body_checks</a>
+ rules.
- <b>o</b> These rules operate on one logical message header
- or one body line at a time. A decision made for one
- line is not carried over to the next line.
+ <b>o</b> These rules operate on one logical message header or one body
+ line at a time. A decision made for one line is not carried over
+ to the next line.
- <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>)
- then the rules need to be specified for the encoded
- form.
+ <b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules
+ need to be specified for the encoded form.
- <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2047">2047</a>) then the rules need to be specified for the
- encoded form.
+ <b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the
+ rules need to be specified for the encoded form.
- Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
- excluded from inspection. Examples of such message headers
- are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from
+ inspection. Examples of such message headers are <b>From:</b>, <b>To:</b>, <b>Message-</b>
+ <b>ID:</b>, <b>Date:</b>.
- Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
- examined before they are deleted. Examples are: <b>Bcc:</b>, <b>Con-</b>
- <b>tent-Length:</b>, <b>Return-Path:</b>.
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be examined
+ before they are deleted. Examples are: <b>Bcc:</b>, <b>Content-Length:</b>, <b>Return-</b>
+ <b>Path:</b>.
<b>CONFIGURATION PARAMETERS</b>
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
- Lookup tables with content filter rules for message
- body lines. These filters see one physical line at
- a time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
- bytes.
+ Lookup tables with content filter rules for message body lines.
+ These filters see one physical line at a time, in chunks of at
+ most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b> bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
- The amount of content per message body segment
- (attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
- tering.
+ The amount of content per message body segment (attachment) that
+ is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> filtering.
<b><a href="postconf.5.html#header_checks">header_checks</a></b>
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- Lookup tables with content filter rules for message
- header lines: respectively, these are applied to
- the initial message headers (not including MIME
- headers), to the MIME headers anywhere in the mes-
- sage, and to the initial headers of attached mes-
- sages.
-
- Note: these filters see one logical message header
- at a time, even when a message header spans multi-
- ple lines. Message headers that are longer than
- <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
+ Lookup tables with content filter rules for message header
+ lines: respectively, these are applied to the initial message
+ headers (not including MIME headers), to the MIME headers any-
+ where in the message, and to the initial headers of attached
+ messages.
+
+ Note: these filters see one logical message header at a time,
+ even when a message header spans multiple lines. Message headers
+ that are longer than <b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are trun-
+ cated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
- While receiving mail, give no special treatment to
- MIME related message headers; all text after the
- initial message headers is considered to be part of
- the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
- applied to all the initial message headers, and
- that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
- message.
+ While receiving mail, give no special treatment to MIME related
+ message headers; all text after the initial message headers is
+ considered to be part of the message body. This means that
+ <b><a href="postconf.5.html#header_checks">header_checks</a></b> is applied to all the initial message headers, and
+ that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the message.
- Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
- process a multi-line message header one line at a
- time.
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will process a
+ multi-line message header one line at a time.
<b>EXAMPLES</b>
- Header pattern to block attachments with bad file name
- extensions. For convenience, the PCRE /x flag is speci-
- fied, so that there is no need to collapse the pattern
- into a single line of text. The purpose of the
- [[:xdigit:]] sub-expressions is to recognize Windows CLSID
- strings.
+ Header pattern to block attachments with bad file name extensions. For
+ convenience, the PCRE /x flag is specified, so that there is no need to
+ collapse the pattern into a single line of text. The purpose of the
+ [[:xdigit:]] sub-expressions is to recognize Windows CLSID strings.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks.pcre
vb[esx]?|vxd|ws[cfh]))(\?=)?"?\s*(;|$)/x
REJECT Attachment name "$2" may not end with ".$4"
- Body pattern to stop a specific HTML browser vulnerability
- exploit.
+ Body pattern to stop a specific HTML browser vulnerability exploit.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="regexp_table.5.html">regexp</a>:/etc/postfix/body_checks
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="ldap_table.5.html">ldap</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
- Alternatively, lookup tables can be specified as LDAP
- databases.
+ Alternatively, lookup tables can be specified as LDAP databases.
- In order to use LDAP lookups, define an LDAP source as a
-
lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ In order to use LDAP lookups, define an LDAP source as a lookup table
+ in <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
- The file /etc/postfix/ldap-aliases.cf has the same format
- as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parame-
- ters described below. An example is given at the end of
- this manual.
+ The file /etc/postfix/ldap-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below. An
+ example is given at the end of this manual.
- This configuration method is available with Postfix ver-
- sion 2.1 and later. See the section "BACKWARDS COMPATI-
- BILITY" below for older Postfix versions.
+ This configuration method is available with Postfix version 2.1 and
+ later. See the section "BACKWARDS COMPATIBILITY" below for older Post-
+ fix versions.
- For details about LDAP SSL and STARTTLS, see the section
- on SSL and STARTTLS below.
+ For details about LDAP SSL and STARTTLS, see the section on SSL and
+ STARTTLS below.
<b>BACKWARDS COMPATIBILITY</b>
- For backwards compatibility with Postfix version 2.0 and
- earlier, LDAP parameters can also be defined in <a href="postconf.5.html">main.cf</a>.
- Specify as LDAP source a name that doesn't begin with a
- slash or a dot. The LDAP parameters will then be accessi-
- ble as the name you've given the source in its definition,
- an underscore, and the name of the parameter. For exam-
- ple, if the map is specified as "<a href="ldap_table.5.html">ldap</a>:<i>ldapsource</i>", the
- "server_host" parameter below would be defined in <a href="postconf.5.html">main.cf</a>
- as "<i>ldapsource</i>_server_host".
-
- Note: with this form, the passwords for the LDAP sources
- are written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable.
- Support for this form will be removed in a future Postfix
- version.
-
- For backwards compatibility with the pre 2.2 LDAP clients,
- <b>result_filter</b> can for now be used instead of <b>result_for-</b>
- <b>mat</b>, when the latter parameter is not also set. The new
- name better reflects the function of the parameter. This
- compatibility interface may be removed in a future
- release.
+ For backwards compatibility with Postfix version 2.0 and earlier, LDAP
+ parameters can also be defined in <a href="postconf.5.html">main.cf</a>. Specify as LDAP source a
+ name that doesn't begin with a slash or a dot. The LDAP parameters
+ will then be accessible as the name you've given the source in its def-
+ inition, an underscore, and the name of the parameter. For example, if
+ the map is specified as "<a href="ldap_table.5.html">ldap</a>:<i>ldapsource</i>", the "server_host" parameter
+ below would be defined in <a href="postconf.5.html">main.cf</a> as "<i>ldapsource</i>_server_host".
+
+ Note: with this form, the passwords for the LDAP sources are written in
+ <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this form will
+ be removed in a future Postfix version.
+
+ For backwards compatibility with the pre 2.2 LDAP clients, <b>result_fil-</b>
+ <b>ter</b> can for now be used instead of <b>result_format</b>, when the latter
+ parameter is not also set. The new name better reflects the function
+ of the parameter. This compatibility interface may be removed in a
+ future release.
<b>LIST MEMBERSHIP</b>
- When using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>,
- $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>,
- etc., it is important to understand that the table must
- store each list member as a separate key. The table lookup
- verifies the *existence* of the key. See "Postfix lists
- versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a dis-
- cussion.
+ When using LDAP to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
- in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
- DO create tables with each matching item as a key and with
- an arbitrary value. With LDAP databases it is not uncommon
- to return the key itself.
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With LDAP databases it is not uncommon to return the key itself.
- For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestina</a>-
- <a href="postconf.5.html#mydestination">tion</a>:
+ For example, NEVER do this in a map defining $<a href="postconf.5.html#mydestination">mydestination</a>:
query_filter = domain=*
result_attribute = domain
result_attribute = domain
<b>GENERAL LDAP PARAMETERS</b>
- In the text below, default values are given in parenthe-
- ses. Note: don't use quotes in these variables; at least,
- not until the Postfix configuration routines understand
- how to deal with quoted strings.
+ In the text below, default values are given in parentheses. Note:
+ don't use quotes in these variables; at least, not until the Postfix
+ configuration routines understand how to deal with quoted strings.
<b>server_host (default: localhost)</b>
- The name of the host running the LDAP server, e.g.
+ The name of the host running the LDAP server, e.g.
server_host = ldap.example.com
- Depending on the LDAP client library you're using,
- it should be possible to specify multiple servers
- here, with the library trying them in order should
- the first one fail. It should also be possible to
- give each server in the list a different port
- (overriding <b>server_port</b> below), by naming them like
+ Depending on the LDAP client library you're using, it should be
+ possible to specify multiple servers here, with the library try-
+ ing them in order should the first one fail. It should also be
+ possible to give each server in the list a different port (over-
+ riding <b>server_port</b> below), by naming them like
server_host = ldap.example.com:1444
- With OpenLDAP, a (list of) LDAP URLs can be used to
- specify both the hostname(s) and the port(s):
+ With OpenLDAP, a (list of) LDAP URLs can be used to specify both
+ the hostname(s) and the port(s):
server_host = <a href="ldap_table.5.html">ldap</a>://ldap.example.com:1444
<a href="ldap_table.5.html">ldap</a>://ldap2.example.com:1444
- All LDAP URLs accepted by the OpenLDAP library are
- supported, including connections over UNIX domain
- sockets, and LDAP SSL (the last one provided that
- OpenLDAP was compiled with support for SSL):
+ All LDAP URLs accepted by the OpenLDAP library are supported,
+ including connections over UNIX domain sockets, and LDAP SSL
+ (the last one provided that OpenLDAP was compiled with support
+ for SSL):
server_host = ldapi://%2Fsome%2Fpath
ldaps://ldap.example.com:636
server_port = 778
<b>timeout (default: 10 seconds)</b>
- The number of seconds a search can take before tim-
- ing out, e.g.
+ The number of seconds a search can take before timing out, e.g.
timeout = 5
<b>search_base (No default; you must configure this)</b>
- The <a href="http://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search,
- e.g.
+ The <a href="http://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search, e.g.
search_base = dc=your, dc=com
- With Postfix 2.2 and later this parameter supports
- the following '%' expansions:
+ With Postfix 2.2 and later this parameter supports the following
+ '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted local part of the address.
- Otherwise, <b>%u</b> is replaced by the entire
- search string. If the localpart is empty,
- the search is suppressed and returns no
- results.
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2253">2253</a>) quoted domain part of the address.
- Otherwise, the search is suppressed and
- returns no results.
+ <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a> quoting is
+ used to make sure that the input key does not add unex-
+ pected metacharacters.
- <b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-
- case equivalents of the above expansions
- behave identically to their lower-case
- counter-parts. With the <b>result_format</b> param-
- eter (previously called <b>result_filter</b> see
- the COMPATIBILITY section and below), they
- expand to the corresponding components of
- input key rather than the result value.
-
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the search is suppressed and
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the search is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted domain part of
+ the address. Otherwise, the search is suppressed and
returns no results.
+ <b>%[SUD]</b> For the <b>search_base</b> parameter, the upper-case equivalents
+ of the above expansions behave identically to their
+ lower-case counter-parts. With the <b>result_format</b> parame-
+ ter (previously called <b>result_filter</b> see the COMPATIBIL-
+ ITY section and below), they expand to the corresponding
+ components of input key rather than the result value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the search is sup-
+ pressed and returns no results.
+
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
- The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory,
- where <b>%s</b> is a substitute for the address Postfix is
- trying to resolve, e.g.
+ The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory, where <b>%s</b> is a
+ substitute for the address Postfix is trying to resolve, e.g.
query_filter = (&(mail=%s)(paid_up=true))
- This parameter supports the following '%' expan-
- sions:
+ This parameter supports the following '%' expansions:
- <b>%%</b> This is replaced by a literal '%' character.
- (Postfix 2.2 and later).
-
- <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted local part of the address.
- Otherwise, <b>%u</b> is replaced by the entire
- search string. If the localpart is empty,
- the search is suppressed and returns no
- results.
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC</a>
- <a href="http://tools.ietf.org/html/rfc2254">2254</a>) quoted domain part of the address.
- Otherwise, the search is suppressed and
- returns no results.
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later).
- <b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query_filter</b> param-
- eter identically to their lower-case
- counter-parts. With the <b>result_format</b> param-
- eter (previously called <b>result_filter</b> see
- the COMPATIBILITY section and below), they
- expand to the corresponding components of
- input key rather than the result value.
+ <b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a> quoting is
+ used to make sure that the input key does not add unex-
+ pected metacharacters.
- The above %S, %U and %D expansions are
- available with Postfix 2.2 and later.
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the search is sup-
+ pressed and returns no results.
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the search is suppressed and
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted domain part of
+ the address. Otherwise, the search is suppressed and
returns no results.
- The above %1, ..., %9 expansions are avail-
- able with Postfix 2.2 and later.
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query_filter</b> parameter identically to their lower-
+ case counter-parts. With the <b>result_format</b> parameter
+ (previously called <b>result_filter</b> see the COMPATIBILITY
+ section and below), they expand to the corresponding com-
+ ponents of input key rather than the result value.
+
+ The above %S, %U and %D expansions are available with
+ Postfix 2.2 and later.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the search is sup-
+ pressed and returns no results.
+
+ The above %1, ..., %9 expansions are available with Post-
+ fix 2.2 and later.
- The "domain" parameter described below limits the
- input keys to addresses in matching domains. When
- the "domain" parameter is non-empty, LDAP queries
- for unqualified addresses or addresses in non-
- matching domains are suppressed and return no
- results.
+ The "domain" parameter described below limits the input keys to
+ addresses in matching domains. When the "domain" parameter is
+ non-empty, LDAP queries for unqualified addresses or addresses
+ in non-matching domains are suppressed and return no results.
- NOTE: DO NOT put quotes around the <b>query_filter</b>
- parameter.
+ NOTE: DO NOT put quotes around the <b>query_filter</b> parameter.
<b>result_format (default: %s</b>)
- Called <b>result_filter</b> in Postfix releases prior to
- 2.2. Format template applied to result attributes.
- Most commonly used to append (or prepend) text to
- the result. This parameter supports the following
- '%' expansions:
+ Called <b>result_filter</b> in Postfix releases prior to 2.2. Format
+ template applied to result attributes. Most commonly used to
+ append (or prepend) text to the result. This parameter supports
+ the following '%' expansions:
- <b>%%</b> This is replaced by a literal '%' character.
- (Postfix 2.2 and later).
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later).
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
- skipped.
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
- <b>%u</b> When the result attribute value is an
- address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
- When the result has an empty localpart it is
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
- the domain part of the attribute value. When
- the result is unqualified it is skipped.
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
- interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query_fil-</b>
- <b>ter</b>, and in fact because the input key is
- known in advance, lookups whose key does not
- contain all the information specified in the
- result template are suppressed and return no
- results.
-
- The above %S, %U, %D and %1, ..., %9 expan-
- sions are available with Postfix 2.2 and
- later.
-
- For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
- allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and
- size_limit parameters explained below allow one to
- restrict the number of values in the result, which
- is especially useful for maps that should return a
- single value.
-
- The default value <b>%s</b> specifies that each attribute
- value should be used as is.
-
- This parameter was called <b>result_filter</b> in Postfix
- releases prior to 2.2. If no "result_format" is
- specified, the value of "result_filter" will be
- used instead before resorting to the default value.
- This provides compatibility with old configuration
- files.
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query_fil-</b>
+ <b>ter</b>, and in fact because the input key is known in
+ advance, lookups whose key does not contain all the
+ information specified in the result template are sup-
+ pressed and return no results.
+
+ The above %S, %U, %D and %1, ..., %9 expansions are
+ available with Postfix 2.2 and later.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and size_limit
+ parameters explained below allow one to restrict the number of
+ values in the result, which is especially useful for maps that
+ should return a single value.
+
+ The default value <b>%s</b> specifies that each attribute value should
+ be used as is.
+
+ This parameter was called <b>result_filter</b> in Postfix releases
+ prior to 2.2. If no "result_format" is specified, the value of
+ "result_filter" will be used instead before resorting to the
+ default value. This provides compatibility with old configura-
+ tion files.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
- the query load on the LDAP server.
+ This is a list of domain names, paths to files, or dictionaries.
+ When specified, only fully qualified search keys with a *non-
+ empty* localpart and a matching domain are eligible for lookup:
+ 'user' lookups, bare domain lookups and "@domain" lookups are
+ not performed. This can significantly reduce the query load on
+ the LDAP server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
- It is best not to use LDAP to store the domains
- eligible for LDAP lookups.
+ It is best not to use LDAP to store the domains eligible for
+ LDAP lookups.
- NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
- aliases.
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases.
This feature is available in Postfix 1.0 and later.
<b>result_attribute (default: maildrop)</b>
- The attribute(s) Postfix will read from any direc-
- tory entries returned by the lookup, to be resolved
- to an email address.
+ The attribute(s) Postfix will read from any directory entries
+ returned by the lookup, to be resolved to an email address.
result_attribute = mailbox, maildrop
- Don't rely on the default value ("maildrop"). Set
- the result_attribute explicitly in all ldap table
- configuration files. This is particularly relevant
- when no result_attribute is applicable, e.g. cases
- in which leaf_result_attribute and/or termi-
- nal_result_attribute are used instead. The default
- value is harmless if "maildrop" is also listed as a
- leaf or terminal result attribute, but it is best
- to not leave this to chance.
+ Don't rely on the default value ("maildrop"). Set the
+ result_attribute explicitly in all ldap table configuration
+ files. This is particularly relevant when no result_attribute is
+ applicable, e.g. cases in which leaf_result_attribute and/or
+ terminal_result_attribute are used instead. The default value is
+ harmless if "maildrop" is also listed as a leaf or terminal
+ result attribute, but it is best to not leave this to chance.
<b>special_result_attribute (default: empty)</b>
- The attribute(s) of directory entries that can con-
- tain DNs or <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recur-
- sive search is performed to retrieve the entry ref-
- erenced by the DN, or the entries matched by the
- URL query.
+ The attribute(s) of directory entries that can contain DNs or
+ <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recursive search is performed to
+ retrieve the entry referenced by the DN, or the entries matched
+ by the URL query.
special_result_attribute = memberdn
- DN recursion retrieves the same result_attributes
- as the main query, including the special attributes
- for further recursion.
-
- URL processing retrieves only those attributes that
- are included in both the URL definition and as
- result attributes (ordinary, special, leaf or ter-
- minal) in the Postfix table definition. If the URL
- lists any of the table's special result attributes,
- these are retrieved and used recursively. A URL
- that does not specify any attribute selection, is
- equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a URL that selects all
- attributes, in which case the selected attributes
- will be the full set of result attributes in the
+ DN recursion retrieves the same result_attributes as the main
+ query, including the special attributes for further recursion.
+
+ URL processing retrieves only those attributes that are included
+ in both the URL definition and as result attributes (ordinary,
+ special, leaf or terminal) in the Postfix table definition. If
+ the URL lists any of the table's special result attributes,
+ these are retrieved and used recursively. A URL that does not
+ specify any attribute selection, is equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a
+ URL that selects all attributes, in which case the selected
+ attributes will be the full set of result attributes in the
Postfix table.
- If an LDAP URL attribute-descriptor or the corre-
- sponding Postfix LDAP table result attribute (but
- not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-type options
- ("attr;option"), the attribute requested from the
- LDAP server will include the sub-type option. In
- all other cases, the URL attribute and the table
- attribute must match exactly. Attributes with
- options in both the URL and the Postfix table are
- requested only when the options are identical. LDAP
- attribute-descriptor options are very rarely used,
- most LDAP users will not need to concern themselves
- with this level of nuanced detail.
+ If an LDAP URL attribute-descriptor or the corresponding Postfix
+ LDAP table result attribute (but not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> sub-
+ type options ("attr;option"), the attribute requested from the
+ LDAP server will include the sub-type option. In all other
+ cases, the URL attribute and the table attribute must match
+ exactly. Attributes with options in both the URL and the Postfix
+ table are requested only when the options are identical. LDAP
+ attribute-descriptor options are very rarely used, most LDAP
+ users will not need to concern themselves with this level of
+ nuanced detail.
<b>terminal_result_attribute (default: empty)</b>
- When one or more terminal result attributes are
- found in an LDAP entry, all other result attributes
- are ignored and only the terminal result attributes
- are returned. This is useful for delegating expan-
- sion of group members to a particular host, by
- using an optional "maildrop" attribute on selected
- groups to route the group to a specific host, where
- the group is expanded, possibly via mailing-list
- manager or other special processing.
+ When one or more terminal result attributes are found in an LDAP
+ entry, all other result attributes are ignored and only the ter-
+ minal result attributes are returned. This is useful for dele-
+ gating expansion of group members to a particular host, by using
+ an optional "maildrop" attribute on selected groups to route the
+ group to a specific host, where the group is expanded, possibly
+ via mailing-list manager or other special processing.
result_attribute =
terminal_result_attribute = maildrop
- When using terminal and/or leaf result attributes,
- the result_attribute is best set to an empty value
- when it is not used, or else explicitly set to the
- desired value, even if it is the default value
- "maildrop".
+ When using terminal and/or leaf result attributes, the
+ result_attribute is best set to an empty value when it is not
+ used, or else explicitly set to the desired value, even if it is
+ the default value "maildrop".
- This feature is available with Postfix 2.4 or
- later.
+ This feature is available with Postfix 2.4 or later.
<b>leaf_result_attribute (default: empty)</b>
- When one or more special result attributes are
- found in a non-terminal (see above) LDAP entry,
- leaf result attributes are excluded from the expan-
- sion of that entry. This is useful when expanding
- groups and the desired mail address attribute(s) of
- the member objects obtained via DN or URI recursion
- are also present in the group object. To only
- return the attribute values from the leaf objects
- and not the containing group, add the attribute to
- the leaf_result_attribute list, and not the
- result_attribute list, which is always expanded.
- Note, the default value of "result_attribute" is
- not empty, you may want to set it explicitly empty
- when using "leaf_result_attribute" to expand the
- group to a list of member DN addresses. If groups
- have both member DN references AND attributes that
- hold multiple string valued rfc822 addresses, then
- the string attributes go in "result_attribute".
- The attributes that represent the email addresses
- of objects referenced via a DN (or LDAP URI) go in
+ When one or more special result attributes are found in a non-
+ terminal (see above) LDAP entry, leaf result attributes are
+ excluded from the expansion of that entry. This is useful when
+ expanding groups and the desired mail address attribute(s) of
+ the member objects obtained via DN or URI recursion are also
+ present in the group object. To only return the attribute values
+ from the leaf objects and not the containing group, add the
+ attribute to the leaf_result_attribute list, and not the
+ result_attribute list, which is always expanded. Note, the
+ default value of "result_attribute" is not empty, you may want
+ to set it explicitly empty when using "leaf_result_attribute" to
+ expand the group to a list of member DN addresses. If groups
+ have both member DN references AND attributes that hold multiple
+ string valued rfc822 addresses, then the string attributes go in
+ "result_attribute". The attributes that represent the email
+ addresses of objects referenced via a DN (or LDAP URI) go in
"leaf_result_attribute".
result_attribute = memberaddr
terminal_result_attribute = maildrop
leaf_result_attribute = mail
- When using terminal and/or leaf result attributes,
- the result_attribute is best set to an empty value
- when it is not used, or else explicitly set to the
- desired value, even if it is the default value
- "maildrop".
+ When using terminal and/or leaf result attributes, the
+ result_attribute is best set to an empty value when it is not
+ used, or else explicitly set to the desired value, even if it is
+ the default value "maildrop".
- This feature is available with Postfix 2.4 or
- later.
+ This feature is available with Postfix 2.4 or later.
<b>scope (default: sub)</b>
- The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
- translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
- and LDAP_SCOPE_ONELEVEL.
+ The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These translate into
+ LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
- Whether or how to bind to the LDAP server. Newer
- LDAP implementations don't require clients to bind,
- which saves time. Example:
+ Whether or how to bind to the LDAP server. Newer LDAP implemen-
+ tations don't require clients to bind, which saves time. Exam-
+ ple:
# Don't bind
bind = no
# Use SASL bind
bind = sasl
- Postfix versions prior to 2.8 only support "bind =
- no" which means don't bind, and "bind = yes" which
- means do a SIMPLE bind. Postfix 2.8 and later also
- supports "bind = SASL" when compiled with LDAP SASL
- support as described in <a href="LDAP_README.html">LDAP_README</a>, it also adds
- the synonyms "bind = none" and "bind = simple" for
- "bind = no" and "bind = yes" respectively. See the
- SASL section below for additional parameters avail-
- able with "bind = sasl".
-
- If you do need to bind, you might consider config-
- uring Postfix to connect to the local machine on a
- port that's an SSL tunnel to your LDAP server. If
- your LDAP server doesn't natively support SSL, put
- a tunnel (wrapper, proxy, whatever you want to call
- it) on that system too. This should prevent the
- password from traversing the network in the clear.
+ Postfix versions prior to 2.8 only support "bind = no" which
+ means don't bind, and "bind = yes" which means do a SIMPLE bind.
+ Postfix 2.8 and later also supports "bind = SASL" when compiled
+ with LDAP SASL support as described in <a href="LDAP_README.html">LDAP_README</a>, it also adds
+ the synonyms "bind = none" and "bind = simple" for "bind = no"
+ and "bind = yes" respectively. See the SASL section below for
+ additional parameters available with "bind = sasl".
+
+ If you do need to bind, you might consider configuring Postfix
+ to connect to the local machine on a port that's an SSL tunnel
+ to your LDAP server. If your LDAP server doesn't natively sup-
+ port SSL, put a tunnel (wrapper, proxy, whatever you want to
+ call it) on that system too. This should prevent the password
+ from traversing the network in the clear.
<b>bind_dn (default: empty)</b>
- If you do have to bind, do it with this distin-
- guished name. Example:
+ If you do have to bind, do it with this distinguished name.
+ Example:
bind_dn = uid=postfix, dc=your, dc=com
- With "bind = sasl" (see above) the DN may be
- optional for some SASL mechanisms, don't specify a
- DN if not needed.
+ With "bind = sasl" (see above) the DN may be optional for some
+ SASL mechanisms, don't specify a DN if not needed.
<b>bind_pw (default: empty)</b>
- The password for the distinguished name above. If
- you have to use this, you probably want to make the
- map configuration file readable only by the Postfix
- user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
- tax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is not pos-
- sible to securely store the bind password. This is
- because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow
- local accounts to submit mail via the sendmail com-
- mand. Example:
+ The password for the distinguished name above. If you have to
+ use this, you probably want to make the map configuration file
+ readable only by the Postfix user. When using the obsolete
+ <a href="ldap_table.5.html">ldap</a>:ldapsource syntax, with map parameters in <a href="postconf.5.html">main.cf</a>, it is
+ not possible to securely store the bind password. This is
+ because <a href="postconf.5.html">main.cf</a> needs to be world readable to allow local
+ accounts to submit mail via the sendmail command. Example:
bind_pw = postfixpw
- With "bind = sasl" (see above) the password may be
- optional for some SASL mechanisms, don't specify a
- password if not needed.
+ With "bind = sasl" (see above) the password may be optional for
+ some SASL mechanisms, don't specify a password if not needed.
<b>cache (IGNORED with a warning)</b>
<b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b>
- The above parameters are NO LONGER SUPPORTED by
- Postfix. Cache support has been dropped from
- OpenLDAP as of release 2.1.13.
+ The above parameters are NO LONGER SUPPORTED by Postfix. Cache
+ support has been dropped from OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b>
- A limit on the nesting depth of DN and URL special
- result attribute evaluation. The limit must be a
- non-zero positive number.
+ A limit on the nesting depth of DN and URL special result
+ attribute evaluation. The limit must be a non-zero positive num-
+ ber.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
- that lookups do not return multiple values.
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b>
- A limit on the number of LDAP entries returned by
- any single LDAP search performed as part of the
- lookup. A setting of 0 disables the limit. Expan-
- sion of DN and URL references involves nested LDAP
- queries, each of which is separately subjected to
+ A limit on the number of LDAP entries returned by any single
+ LDAP search performed as part of the lookup. A setting of 0 dis-
+ ables the limit. Expansion of DN and URL references involves
+ nested LDAP queries, each of which is separately subjected to
this limit.
- Note: even a single LDAP entry can generate multi-
- ple lookup results, via multiple result attributes
- and/or multi-valued result attributes. This limit
- caps the per search resource utilization on the
- LDAP server, not the final multiplicity of the
- lookup result. It is analogous to the "-z" option
- of "ldapsearch".
+ Note: even a single LDAP entry can generate multiple lookup
+ results, via multiple result attributes and/or multi-valued
+ result attributes. This limit caps the per search resource uti-
+ lization on the LDAP server, not the final multiplicity of the
+ lookup result. It is analogous to the "-z" option of
+ "ldapsearch".
<b>dereference (default: 0)</b>
- When to dereference LDAP aliases. (Note that this
- has nothing do with Postfix aliases.) The permitted
- values are those legal for the OpenLDAP/UM LDAP
- implementations:
+ When to dereference LDAP aliases. (Note that this has nothing do
+ with Postfix aliases.) The permitted values are those legal for
+ the OpenLDAP/UM LDAP implementations:
0 never
3 always
- See ldap.h or the ldap_open(3) or ldapsearch(1) man
- pages for more information. And if you're using an
- LDAP package that has other possible values, please
- bring it to the attention of the postfix-
- users@postfix.org mailing list.
+ See ldap.h or the ldap_open(3) or ldapsearch(1) man pages for
+ more information. And if you're using an LDAP package that has
+ other possible values, please bring it to the attention of the
+ postfix-users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b>
- Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
- version 3 support).
+ Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3
+ support).
<b>version (default: 2)</b>
Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b>
- What level to set for debugging in the OpenLDAP
- libraries.
+ What level to set for debugging in the OpenLDAP libraries.
<b>LDAP SASL PARAMETERS</b>
- If you're using the OpenLDAP libraries compiled with SASL
- support, Postfix 2.8 and later built with LDAP SASL sup-
- port as described in <a href="LDAP_README.html">LDAP_README</a> can authenticate to LDAP
- servers via SASL.
-
- This enables authentication to the LDAP server via mecha-
- nisms other than a simple password. The added flexibility
- has a cost: it is no longer practical to set an explicit
- timeout on the duration of an LDAP bind operation. Under
- adverse conditions, whether a SASL bind times out, or if
- it does, the duration of the timeout is determined by the
+ If you're using the OpenLDAP libraries compiled with SASL support,
+ Postfix 2.8 and later built with LDAP SASL support as described in
+ <a href="LDAP_README.html">LDAP_README</a> can authenticate to LDAP servers via SASL.
+
+ This enables authentication to the LDAP server via mechanisms other
+ than a simple password. The added flexibility has a cost: it is no
+ longer practical to set an explicit timeout on the duration of an LDAP
+ bind operation. Under adverse conditions, whether a SASL bind times
+ out, or if it does, the duration of the timeout is determined by the
LDAP and SASL libraries.
- It is best to use tables that use SASL binds via <a href="proxymap.8.html">prox-</a>
- <a href="proxymap.8.html">ymap(8)</a>, this way the requesting process can time-out the
- proxymap request. This also lets you tailer the process
- environment by overriding the <a href="proxymap.8.html">proxymap(8)</a> import_environ-
- ment setting in <a href="master.5.html">master.cf</a>(5). Special environment settings
- may be needed to configure GSSAPI credential caches or
- other SASL mechanism specific options. The GSSAPI creden-
- tials used for LDAP lookups may need to be different than
- say those used for the Postfix SMTP client to authenticate
- to remote servers.
-
- Using SASL mechanisms requires LDAP protocol version 3,
- the default protocol version is 2 for backwards compati-
- bility. You must set "version = 3" in addition to "bind =
- sasl".
-
- The following parameters are relevant to using LDAP with
- SASL
+ It is best to use tables that use SASL binds via <a href="proxymap.8.html">proxymap(8)</a>, this way
+ the requesting process can time-out the proxymap request. This also
+ lets you tailer the process environment by overriding the <a href="proxymap.8.html">proxymap(8)</a>
+ <a href="postconf.5.html#import_environment">import_environment</a> setting in <a href="master.5.html">master.cf</a>(5). Special environment set-
+ tings may be needed to configure GSSAPI credential caches or other SASL
+ mechanism specific options. The GSSAPI credentials used for LDAP
+ lookups may need to be different than say those used for the Postfix
+ SMTP client to authenticate to remote servers.
+
+ Using SASL mechanisms requires LDAP protocol version 3, the default
+ protocol version is 2 for backwards compatibility. You must set "ver-
+ sion = 3" in addition to "bind = sasl".
+
+ The following parameters are relevant to using LDAP with SASL
<b>sasl_mechs (default: empty)</b>
Space separated list of SASL mechanism(s) to try.
SASL Realm to use, if applicable.
<b>sasl_authz_id (default: empty)</b>
- The SASL authorization identity to assert, if
- applicable.
+ The SASL authorization identity to assert, if applicable.
<b>sasl_minssf (default: 0)</b>
- The minimum required sasl security factor required
- to establish a connection.
+ The minimum required sasl security factor required to establish
+ a connection.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
- If you're using the OpenLDAP libraries compiled with SSL
- support, Postfix can connect to LDAP SSL servers and can
- issue the STARTTLS command.
+ If you're using the OpenLDAP libraries compiled with SSL support, Post-
+ fix can connect to LDAP SSL servers and can issue the STARTTLS command.
- LDAP SSL service can be requested by using a LDAP SSL URL
- in the server_host parameter:
+ LDAP SSL service can be requested by using a LDAP SSL URL in the
+ server_host parameter:
server_host = ldaps://ldap.example.com:636
start_tls = yes
- Both forms require LDAP protocol version 3, which has to
- be set explicitly with:
+ Both forms require LDAP protocol version 3, which has to be set explic-
+ itly with:
version = 3
- If any of the Postfix programs querying the map is config-
- ured in <a href="master.5.html">master.cf</a> to run chrooted, all the certificates
- and keys involved have to be copied to the chroot jail. Of
- course, the private keys should only be readable by the
- user "postfix".
+ If any of the Postfix programs querying the map is configured in <a href="master.5.html">mas-
+ ter.cf</a> to run chrooted, all the certificates and keys involved have to
+ be copied to the chroot jail. Of course, the private keys should only
+ be readable by the user "postfix".
- The following parameters are relevant to LDAP SSL and
- STARTTLS:
+ The following parameters are relevant to LDAP SSL and STARTTLS:
<b>start_tls (default: no)</b>
- Whether or not to issue STARTTLS upon connection to
- the server. Don't set this with LDAP SSL (the SSL
- session is setup automatically when the TCP connec-
- tion is opened).
-
- <b>tls_ca_cert_dir (No default; set either this or</b>
- <b>tls_ca_cert_file)</b>
- Directory containing X509 Certificate Authority
- certificates in PEM format which are to be recog-
- nized by the client in SSL/TLS connections. The
- files each contain one CA certificate. The files
- are looked up by the CA subject name hash value,
- which must hence be available. If more than one CA
- certificate with the same name hash value exist,
- the extension must be different (e.g. 9d66eef0.0,
- 9d66eef0.1 etc). The search is performed in the
- ordering of the extension number, regardless of
- other properties of the certificates. Use the
- c_rehash utility (from the OpenSSL distribution) to
- create the necessary links.
-
- <b>tls_ca_cert_file (No default; set either this or</b>
- <b>tls_ca_cert_dir)</b>
- File containing the X509 Certificate Authority cer-
- tificates in PEM format which are to be recognized
- by the client in SSL/TLS connections. This setting
- takes precedence over tls_ca_cert_dir.
+ Whether or not to issue STARTTLS upon connection to the server.
+ Don't set this with LDAP SSL (the SSL session is setup automati-
+ cally when the TCP connection is opened).
+
+ <b>tls_ca_cert_dir (No default; set either this or tls_ca_cert_file)</b>
+ Directory containing X509 Certificate Authority certificates in
+ PEM format which are to be recognized by the client in SSL/TLS
+ connections. The files each contain one CA certificate. The
+ files are looked up by the CA subject name hash value, which
+ must hence be available. If more than one CA certificate with
+ the same name hash value exist, the extension must be different
+ (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in
+ the ordering of the extension number, regardless of other prop-
+ erties of the certificates. Use the c_rehash utility (from the
+ OpenSSL distribution) to create the necessary links.
+
+ <b>tls_ca_cert_file (No default; set either this or tls_ca_cert_dir)</b>
+ File containing the X509 Certificate Authority certificates in
+ PEM format which are to be recognized by the client in SSL/TLS
+ connections. This setting takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b>
- File containing client's X509 certificate to be
- used by the client in SSL/ TLS connections.
+ File containing client's X509 certificate to be used by the
+ client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b>
- File containing the private key corresponding to
- the above tls_cert.
+ File containing the private key corresponding to the above
+ tls_cert.
<b>tls_require_cert (default: no)</b>
- Whether or not to request server's X509 certificate
- and check its validity when establishing SSL/TLS
- connections. The supported values are <b>no</b> and <b>yes</b>.
-
- With <b>no</b>, the server certificate trust chain is not
- checked, but with OpenLDAP prior to 2.1.13, the
- name in the server certificate must still match the
- LDAP server name. With OpenLDAP 2.0.0 to 2.0.11 the
- server name is not necessarily what you specified,
- rather it is determined (by reverse lookup) from
- the IP address of the LDAP server connection. With
- OpenLDAP prior to 2.0.13, subjectAlternativeName
- extensions in the LDAP server certificate are
- ignored: the server name must match the subject
- CommonName. The <b>no</b> setting corresponds to the <b>never</b>
- value of <b>TLS_REQCERT</b> in LDAP client configuration
- files.
-
- Don't use TLS with OpenLDAP 2.0.x (and especially
- with x <= 11) if you can avoid it.
-
- With <b>yes</b>, the server certificate must be issued by
- a trusted CA, and not be expired. The LDAP server
- name must match one of the name(s) found in the
- certificate (see above for OpenLDAP library version
- dependent behavior). The <b>yes</b> setting corresponds to
- the <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client con-
- figuration files.
-
- The "try" and "allow" values of <b>TLS_REQCERT</b> have no
- equivalents here. They are not available with
- OpenLDAP 2.0, and in any case have questionable
- security properties. Either you want TLS verified
- LDAP connections, or you don't.
-
- The <b>yes</b> value only works correctly with Postfix 2.5
- and later, or with OpenLDAP 2.0. Earlier Postfix
- releases or later OpenLDAP releases don't work
- together with this setting. Support for LDAP over
- TLS was added to Postfix based on the OpenLDAP 2.0
- API.
+ Whether or not to request server's X509 certificate and check
+ its validity when establishing SSL/TLS connections. The sup-
+ ported values are <b>no</b> and <b>yes</b>.
+
+ With <b>no</b>, the server certificate trust chain is not checked, but
+ with OpenLDAP prior to 2.1.13, the name in the server certifi-
+ cate must still match the LDAP server name. With OpenLDAP 2.0.0
+ to 2.0.11 the server name is not necessarily what you specified,
+ rather it is determined (by reverse lookup) from the IP address
+ of the LDAP server connection. With OpenLDAP prior to 2.0.13,
+ subjectAlternativeName extensions in the LDAP server certificate
+ are ignored: the server name must match the subject CommonName.
+ The <b>no</b> setting corresponds to the <b>never</b> value of <b>TLS_REQCERT</b> in
+ LDAP client configuration files.
+
+ Don't use TLS with OpenLDAP 2.0.x (and especially with x <= 11)
+ if you can avoid it.
+
+ With <b>yes</b>, the server certificate must be issued by a trusted CA,
+ and not be expired. The LDAP server name must match one of the
+ name(s) found in the certificate (see above for OpenLDAP library
+ version dependent behavior). The <b>yes</b> setting corresponds to the
+ <b>demand</b> value of <b>TLS_REQCERT</b> in LDAP client configuration files.
+
+ The "try" and "allow" values of <b>TLS_REQCERT</b> have no equivalents
+ here. They are not available with OpenLDAP 2.0, and in any case
+ have questionable security properties. Either you want TLS veri-
+ fied LDAP connections, or you don't.
+
+ The <b>yes</b> value only works correctly with Postfix 2.5 and later,
+ or with OpenLDAP 2.0. Earlier Postfix releases or later OpenLDAP
+ releases don't work together with this setting. Support for LDAP
+ over TLS was added to Postfix based on the OpenLDAP 2.0 API.
<b>tls_random_file (No default)</b>
- Path of a file to obtain random bits from when
- /dev/[u]random is not available, to be used by the
- client in SSL/TLS connections.
+ Path of a file to obtain random bits from when /dev/[u]random is
+ not available, to be used by the client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
- Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
-
aliases. Assume that in <a href="postconf.5.html">main.cf</a>, you have:
+ Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a> aliases.
+ Assume that in <a href="postconf.5.html">main.cf</a>, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
server_host = ldap.example.com
search_base = dc=example, dc=com
- Upon receiving mail for a local address "ldapuser" that
- isn't found in the /etc/aliases database, Postfix will
- search the LDAP server listening at port 389 on ldap.exam-
- ple.com. It will bind anonymously, search for any direc-
- tory entries whose mailacceptinggeneralid attribute is
- "ldapuser", read the "maildrop" attributes of those found,
- and build a list of their maildrops, which will be treated
- as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be deliv-
- ered.
+ Upon receiving mail for a local address "ldapuser" that isn't found in
+ the /etc/aliases database, Postfix will search the LDAP server listen-
+ ing at port 389 on ldap.example.com. It will bind anonymously, search
+ for any directory entries whose mailacceptinggeneralid attribute is
+ "ldapuser", read the "maildrop" attributes of those found, and build a
+ list of their maildrops, which will be treated as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to
+ which the message will be delivered.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
- Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
- Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
- Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
- Victor Duchovni, and many others.
+ Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Stevenson, LaM-
+ ont Jones, Liviu Daia, Manuel Guesdon, Mike Mattice, Prabhat K Singh,
+ Sami Haahtinen, Samuel Tardieu, Victor Duchovni, and many others.
LDAP_TABLE(5)
</pre> </body> </html>
<b>postmap -q - <a href="lmdb_table.5.html">lmdb</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix LMDB adapter provides access to a persistent,
- memory-mapped, key-value store. The database size is lim-
- ited only by the size of the memory address space and file
- system.
+ The Postfix LMDB adapter provides access to a persistent, memory-
+ mapped, key-value store. The database size is limited only by the size
+ of the memory address space and file system.
<b>REQUESTS</b>
- The LMDB adapter supports all Postfix lookup table opera-
- tions. This makes LMDB suitable for Postfix address
- rewriting, routing, access policies, caches, or any infor-
- mation that can be stored under a fixed lookup key.
-
- When a transaction fails due to a full database, Postfix
- resizes the database and retries the transaction.
-
- Postfix access, address mapping and routing table lookups
- may generate partial search keys such as domain names
- without one or more subdomains, network addresses without
- one or more least-significant octets, or email addresses
- without the localpart, address extension or domain por-
- tion. This behavior is also found with <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">hash</a>:, or
- <a href="ldap_table.5.html">ldap</a>: tables.
-
- Unlike other flat-file based Postfix databases, changes to
- an LMDB database do not trigger automatic daemon program
- restart.
+ The LMDB adapter supports all Postfix lookup table operations. This
+ makes LMDB suitable for Postfix address rewriting, routing, access
+ policies, caches, or any information that can be stored under a fixed
+ lookup key.
+
+ When a transaction fails due to a full database, Postfix resizes the
+ database and retries the transaction.
+
+ Postfix access, address mapping and routing table lookups may generate
+ partial search keys such as domain names without one or more subdo-
+ mains, network addresses without one or more least-significant octets,
+ or email addresses without the localpart, address extension or domain
+ portion. This behavior is also found with <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">hash</a>:, or <a href="ldap_table.5.html">ldap</a>:
+ tables.
+
+ Unlike other flat-file based Postfix databases, changes to an LMDB
+ database do not trigger automatic daemon program restart.
<b>RELIABILITY</b>
- LMDB's copy-on-write architecture achieves reliable
- updates, at the cost of using more space than some other
- flat-file databases. Read operations are memory-mapped
- for speed. Write operations are not memory-mapped to
- avoid silent curruption due stray pointer bugs.
-
- The Postfix LMDB adapter implements locking with fcntl(2)
- locks at whole-file granularity. LMDB's native locking
- scheme would require world-writable lockfiles and would
- therefore violate the Postfix security model.
-
- Multiple processes can safely update an LMDB database
- without serializing requests through the <a href="proxymap.8.html">proxymap(8)</a> ser-
- vice. This makes LMDB suitable as a shared cache for <a href="verify.8.html">ver-</a>
- <a href="verify.8.html">ify(8)</a> or <a href="postscreen.8.html">postscreen(8)</a> services.
+ LMDB's copy-on-write architecture achieves reliable updates, at the
+ cost of using more space than some other flat-file databases. Read
+ operations are memory-mapped for speed. Write operations are not mem-
+ ory-mapped to avoid silent curruption due stray pointer bugs.
+
+ The Postfix LMDB adapter implements locking with fcntl(2) locks at
+ whole-file granularity. LMDB's native locking scheme would require
+ world-writable lockfiles and would therefore violate the Postfix secu-
+ rity model.
+
+ Multiple processes can safely update an LMDB database without serializ-
+ ing requests through the <a href="proxymap.8.html">proxymap(8)</a> service. This makes LMDB suitable
+ as a shared cache for <a href="verify.8.html">verify(8)</a> or <a href="postscreen.8.html">postscreen(8)</a> services.
<b>CONFIGURATION PARAMETERS</b>
- Short-lived programs automatically pick up changes to
- <a href="postconf.5.html">main.cf</a>. With long-running daemon programs, Use the com-
- mand "<b>postfix reload</b>" after a configuration change.
+ Short-lived programs automatically pick up changes to <a href="postconf.5.html">main.cf</a>. With
+ long-running daemon programs, Use the command "<b>postfix reload</b>" after a
+ configuration change.
<b><a href="postconf.5.html#lmdb_map_size">lmdb_map_size</a> (default: 16777216)</b>
- The initial OpenLDAP LMDB database size limit in
- bytes.
+ The initial OpenLDAP LMDB database size limit in bytes.
<b>SEE ALSO</b>
<a href="postconf.1.html">postconf(1)</a>, Postfix supported lookup tables
<a href="LMDB_README.html">LMDB_README</a>, Postfix LMDB howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
LMDB support was introduced with Postfix version 2.11.
<b>smtp</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix SMTP+LMTP client implements the SMTP and LMTP
- mail delivery protocols. It processes message delivery
- requests from the queue manager. Each request specifies a
- queue file, a sender address, a domain or host to deliver
- to, and recipient information. This program expects to be
- run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The SMTP+LMTP client updates the queue file and marks
- recipients as finished, or it informs the queue manager
- that delivery should be tried again at a later time.
- Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
- <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
-
- The SMTP+LMTP client looks up a list of mail exchanger
- addresses for the destination host, sorts the list by
- preference, and connects to each listed address until it
- finds a server that responds.
-
- When a server is not reachable, or when mail delivery
- fails due to a recoverable error condition, the SMTP+LMTP
- client will try to deliver the mail to an alternate host.
-
- After a successful mail transaction, a connection may be
- saved to the <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it
- may be used by any SMTP+LMTP client for a subsequent
- transaction.
-
- By default, connection caching is enabled temporarily for
- destinations that have a high volume of mail in the active
- queue. Connection caching can be enabled permanently for
- specific destinations.
+ The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
+ protocols. It processes message delivery requests from the queue man-
+ ager. Each request specifies a queue file, a sender address, a domain
+ or host to deliver to, and recipient information. This program expects
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The SMTP+LMTP client updates the queue file and marks recipients as
+ finished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+ The SMTP+LMTP client looks up a list of mail exchanger addresses for
+ the destination host, sorts the list by preference, and connects to
+ each listed address until it finds a server that responds.
+
+ When a server is not reachable, or when mail delivery fails due to a
+ recoverable error condition, the SMTP+LMTP client will try to deliver
+ the mail to an alternate host.
+
+ After a successful mail transaction, a connection may be saved to the
+ <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
+ SMTP+LMTP client for a subsequent transaction.
+
+ By default, connection caching is enabled temporarily for destinations
+ that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching
+ can be enabled permanently for specific destinations.
<b>SMTP DESTINATION SYNTAX</b>
SMTP destinations have the following form:
<i>domainname</i>
<i>domainname</i>:<i>port</i>
- Look up the mail exchangers for the specified
- domain, and connect to the specified port (default:
- <b>smtp</b>).
+ Look up the mail exchangers for the specified domain, and con-
+ nect to the specified port (default: <b>smtp</b>).
[<i>hostname</i>]
[<i>hostname</i>]:<i>port</i>
- Look up the address(es) of the specified host, and
- connect to the specified port (default: <b>smtp</b>).
+ Look up the address(es) of the specified host, and connect to
+ the specified port (default: <b>smtp</b>).
[<i>address</i>]
[<i>address</i>]:<i>port</i>
- Connect to the host at the specified address, and
- connect to the specified port (default: <b>smtp</b>). An
- IPv6 address must be formatted as [<b>ipv6</b>:<i>address</i>].
+ Connect to the host at the specified address, and connect to the
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
+ ted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
LMTP destinations have the following form:
<b>unix</b>:<i>pathname</i>
- Connect to the local UNIX-domain server that is
- bound to the specified <i>pathname</i>. If the process
- runs chrooted, an absolute pathname is interpreted
- relative to the Postfix queue directory.
+ Connect to the local UNIX-domain server that is bound to the
+ specified <i>pathname</i>. If the process runs chrooted, an absolute
+ pathname is interpreted relative to the Postfix queue directory.
<b>inet</b>:<i>hostname</i>
<b>inet</b>:[<i>address</i>]
<b>inet</b>:[<i>address</i>]:<i>port</i>
- Connect to the specified TCP port on the specified
- local or remote host. If no port is specified, con-
- nect to the port defined as <b>lmtp</b> in <b>services</b>(4).
- If no such service is found, the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> con-
- figuration parameter (default value of 24) will be
- used. An IPv6 address must be formatted as
+ Connect to the specified TCP port on the specified local or
+ remote host. If no port is specified, connect to the port
+ defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
+ the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
+ will be used. An IPv6 address must be formatted as
[<b>ipv6</b>:<i>address</i>].
<b>SECURITY</b>
- The SMTP+LMTP client is moderately security-sensitive. It
- talks to SMTP or LMTP servers and to DNS servers on the
- network. The SMTP+LMTP client can be run chrooted at fixed
- low privilege.
+ The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
+ or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
+ can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
- can move them to the <b>corrupt</b> queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
+ files are marked so that the queue manager can move them to the <b>corrupt</b>
+ queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces, protocol problems,
- and of other trouble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection caching does not work with TLS.
- The necessary support for TLS object passivation and re-
- activation does not exist without closing the session,
- which defeats the purpose.
+ SMTP and LMTP connection caching does not work with TLS. The necessary
+ support for TLS object passivation and re-activation does not exist
+ without closing the session, which defeats the purpose.
- SMTP and LMTP connection caching assumes that SASL creden-
- tials are valid for all destinations that map onto the
- same IP address and TCP port.
+ SMTP and LMTP connection caching assumes that SASL credentials are
+ valid for all destinations that map onto the same IP address and TCP
+ port.
<b>CONFIGURATION PARAMETERS</b>
- Before Postfix version 2.3, the LMTP client is a separate
- program that implements only a subset of the functionality
- available with SMTP: there is no support for TLS, and con-
- nections are cached in-process, making it ineffective when
- the client is used for multiple domains.
+ Before Postfix version 2.3, the LMTP client is a separate program that
+ implements only a subset of the functionality available with SMTP:
+ there is no support for TLS, and connections are cached in-process,
+ making it ineffective when the client is used for multiple domains.
- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i>
- "mirror" parameter for the equivalent LMTP feature. This
- document describes only those LMTP-related parameters that
- aren't simply "mirror" parameters.
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
+ eter for the equivalent LMTP feature. This document describes only
+ those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b>
Never send EHLO at the start of an SMTP session.
<b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b>
- Defer mail delivery when no MX record resolves to
- an IP address.
+ Defer mail delivery when no MX record resolves to an IP address.
<b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b>
- The maximal length of message header and body lines
- that Postfix will send via SMTP.
+ The maximal length of message header and body lines that Postfix
+ will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before
- sending ".<CR><LF>" in order to work around the PIX
- firewall "<CR><LF>.<CR><LF>" bug.
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
+ "<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
- How long a message must be queued before the Post-
- fix SMTP client turns on the PIX firewall
- "<CR><LF>.<CR><LF>" bug workaround for delivery
- through firewalls with "smtp fixup" mode turned on.
+ How long a message must be queued before the Postfix SMTP client
+ turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for
+ delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for
- CISCO PIX firewall bugs.
+ A list that specifies zero or more workarounds for CISCO PIX
+ firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server
- address, with per-destination workarounds for CISCO
- PIX firewall bugs.
+ Lookup tables, indexed by the remote SMTP server address, with
+ per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM
-
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP
- servers one line at a time.
+ A mechanism to transform replies from remote SMTP servers one
+ line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
- Skip remote SMTP servers that greet with a 5XX sta-
- tus code.
+ Skip remote SMTP servers that greet with a 5XX status code.
<b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
- Do not wait for the response to the SMTP QUIT com-
- mand.
+ Do not wait for the response to the SMTP QUIT command.
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code
- (go away, try again later).
+ Skip SMTP servers that greet with a 4XX status code (go away,
+ try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server
- address, with case insensitive lists of EHLO key-
- words (pipelining, starttls, auth, etc.) that the
- Postfix SMTP client will ignore in the EHLO
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the Postfix SMTP
- client will ignore in the EHLO response from a
- remote SMTP server.
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewrit-
- ing in the Postfix SMTP client, typically to trans-
- form a locally valid address into a globally valid
- address when sending mail across the Internet.
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
+ the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- Allow DNS CNAME records to override the servername
- that the Postfix SMTP client uses for logging, SASL
- password lookup, TLS policy decisions, or TLS cer-
- tificate verification.
+ Allow DNS CNAME records to override the servername that the
+ Postfix SMTP client uses for logging, SASL password lookup, TLS
+ policy decisions, or TLS certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server
- address, with case insensitive lists of LHLO key-
- words (pipelining, starttls, auth, etc.) that the
- Postfix LMTP client will ignore in the LHLO
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the Postfix LMTP
- client will ignore in the LHLO response from a
- remote LMTP server.
+ A case insensitive list of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server
- with the default setting "no", send no SASL autho-
- riZation ID (authzid); send only the SASL authenti-
- Cation ID (authcid) plus the authcid's password.
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
+ cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
- SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the
- Postfix SMTP client.
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the
- Postfix SMTP client.
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix
- SMTP client.
+ Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP
- window scaling.
+ An optional workaround for routers that break TCP window scal-
+ ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time lim-
- its, from a time limit per read or write system
- call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line,
- SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to
- the MAIL FROM command in SASL-authenticated SMTP
- sessions.
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
- Disable the conversion of 8BITMIME format to 7BIT
- format.
+ Disable the conversion of 8BITMIME format to 7BIT format.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
- The maximal length of MIME multipart boundary
- strings.
+ The maximal length of MIME multipart boundary strings.
<b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
- The maximal recursion level that the MIME processor
- will handle.
+ The maximal recursion level that the MIME processor will handle.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the
- Postfix SMTP server EHLO response announces XFOR-
- WARD support.
+ Send the non-standard XFORWARD command when the Postfix SMTP
+ server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
- client.
+ Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one
- username:password entry per remote hostname or
- domain, or sender address when sender-dependent
- authentication is enabled.
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per remote hostname or domain, or sender
+ address when sender-dependent authentication is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- Postfix SMTP client SASL security options; as of
- Postfix 2.3 the list of available features depends
- on the SASL client implementation that is selected
- with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Postfix SMTP client SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL client implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the
- remote SMTP server's list of offered SASL mecha-
- nisms.
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
+ server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
- Enable sender-dependent authentication in the Post-
- fix SMTP client; this is available only with SASL
- authentication, and disables SMTP connection
- caching to ensure that mail from different senders
- will use the appropriate credentials.
+ Enable sender-dependent authentication in the Postfix SMTP
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
+ ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that the Post-
- fix SMTP client passes through to the SASL plug-in
- implementation that is selected with
- <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Implementation-specific information that the Postfix SMTP client
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
- should use for authentication.
+ The SASL plug-in type that the Postfix SMTP client should use
+ for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authen-
- tication failures with the same remote SMTP server
- hostname, username and password.
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
+ password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
- entry before it is removed.
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authenti-
- cation request with a 535 reply code, defer mail
- delivery instead of returning mail as undeliver-
- able.
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
+ mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to
- the MAIL FROM command in SASL-authenticated SMTP
- sessions.
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
-
found in the <a href="TLS_README.html">TLS_README</a> document.
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
- The default SMTP TLS security level for the Postfix
- SMTP client; when a non-empty value is specified,
- this overrides the obsolete parameters
- <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
+ The default SMTP TLS security level for the Postfix SMTP client;
+ when a non-empty value is specified, this overrides the obsolete
+ parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
- <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
- <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
- sessions.
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
- shake procedures.
+ Time limit for Postfix SMTP client write and read operations
+ during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs
- trusted to sign either remote SMTP server certifi-
- cates or intermediate CA certificates.
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
+ tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
- verify a remote SMTP server certificate.
+ Directory with PEM format certificate authority certificates
+ that the Postfix SMTP client uses to verify a remote SMTP server
+ certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
- in PEM format.
+ File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- client will use with mandatory TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
- List of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at all TLS security
- levels.
+ List of ciphers or cipher types to exclude from the Postfix SMTP
+ client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to
- exclude from the Postfix SMTP client cipher list at
- mandatory TLS security levels.
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
+ els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
- in PEM format.
+ File with the Postfix SMTP client DSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
- in PEM format.
+ File with the Postfix SMTP client DSA private key in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
- in PEM format.
+ File with the Postfix SMTP client RSA private key in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
- TLS activity.
+ Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
- for that server.
+ Log the hostname of a remote SMTP server that offers STARTTLS,
+ when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client
- TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
- obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
+ Optional lookup tables with the Postfix SMTP client TLS security
+ policy by next-hop destination; when a non-empty value is speci-
+ fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2)</b>
- List of SSL/TLS protocols that the Postfix SMTP
- client will use with mandatory TLS encryption.
+ List of SSL/TLS protocols that the Postfix SMTP client will use
+ with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
- The verification depth for remote SMTP server cer-
- tificates.
+ The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server
- certificate peername for the "secure" TLS security
- level.
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
- SMTP client TLS session cache.
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS ses-
- sion cache information.
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server
- certificate peername for the "verify" TLS security
- level.
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
- number generator (PRNG).
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
- <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
- <b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
<b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "MEDIUM" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "LOW" or higher grade ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "EXPORT" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
- that provide authentication without encryption.
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
Available in Postfix version 2.4 and later:
- <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
- <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
- sessions with a verified server certificate.
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
+ server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate
- fingerprints for the "fingerprint" TLS security
- level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
+ List of acceptable remote SMTP server certificate fingerprints
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
- The message digest algorithm used to construct
- remote SMTP server certificate fingerprints.
+ The message digest algorithm used to construct remote SMTP
+ server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
- List of TLS protocols that the Postfix SMTP client
- will exclude or include with opportunistic TLS
- encryption.
+ List of TLS protocols that the Postfix SMTP client will exclude
+ or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- client will use with opportunistic TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate
- in PEM format.
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
+ mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key
- in PEM format.
+ File with the Postfix SMTP client ECDSA private key in PEM for-
+ mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a
- TLS protocol vulnerability (CVE-2009-3555), where
- an attacker prepends malicious HELO, MAIL, RCPT,
- DATA commands to a Postfix SMTP client TLS session.
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ TLS session.
Available in Postfix version 2.8 and later:
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
- List or bit-mask of OpenSSL bug work-arounds to
- disable.
+ List or bit-mask of OpenSSL bug work-arounds to disable.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor
- certificates and/or public keys.
+ Zero or more PEM-format files with trust-anchor certificates
+ and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a
- hostname is not an alias and its address records
- lie in an unsigned zone.
+ Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
- <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix
- TLS library.
+ <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix TLS library.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
- The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">mas-
- ter.cf</a>.
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
- bility with Postfix versions before 2.3. Support for these
- will be removed in a future release.
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
- the mail in the clear.
+ Opportunistic mode: use TLS when a remote SMTP server announces
+ STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
- clear.
+ Enforcement mode: require that remote SMTP servers use TLS
+ encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the
- remote SMTP server hostname matches the information
- in the remote SMTP server certificate.
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
+ server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop destination and by
- remote SMTP server hostname.
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
+ name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP
- client TLS cipher list.
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
- <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
- transport.
+ <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
+ tion via the smtp message delivery transport.
- <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per message for
- the smtp message delivery transport.
+ <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b>
+ The maximal number of recipients per message for the smtp mes-
+ sage delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a
- TCP connection, or zero (use the operating system
- built-in time limit).
+ The Postfix SMTP client time limit for completing a TCP connec-
+ tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- HELO or EHLO command, and for receiving the initial
- remote SMTP server response.
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
+ response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The Postfix LMTP client time limit for sending the
- LHLO command, and for receiving the initial remote
- LMTP server response.
+ The Postfix LMTP client time limit for sending the LHLO command,
+ and for receiving the initial remote LMTP server response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- XFORWARD command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the XFORWARD com-
+ mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- MAIL FROM command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the MAIL FROM
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP RCPT TO command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP DATA command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the SMTP DATA
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP message content.
+ The Postfix SMTP client time limit for sending the SMTP message
+ content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP ".", and for receiving the remote SMTP server
- response.
+ The Postfix SMTP client time limit for sending the SMTP ".", and
+ for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- QUIT command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the QUIT command,
+ and for receiving the remote SMTP server response.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP
- addresses that can result from Postfix SMTP client
- mail exchanger lookups, or zero (no limit).
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
+ (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before the Postfix SMTP client gives up or
- delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
- limit).
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
+ <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The Postfix SMTP client time limit for sending the
- RSET command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the RSET command,
+ and for receiving the remote SMTP server response.
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep Postfix LMTP client connections open for up to
- $<a href="postconf.5.html#max_idle">max_idle</a> seconds.
+ Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
- specified destinations.
+ Permanently enable SMTP connection caching for the specified
+ destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
- destination has a high volume of mail in the active
- queue.
+ Temporarily enable SMTP connection caching while a destination
+ has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
- The amount of time during which Postfix will use an
- SMTP connection repeatedly.
+ The amount of time during which Postfix will use an SMTP connec-
+ tion repeatedly.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
- When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
- open before it is closed.
+ When SMTP connection caching is enabled, the amount of time that
+ an unused SMTP client socket is kept open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
- receive operations.
+ Time limit for connection cache connect, send or receive opera-
+ tions.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time lim-
- its, from a time limit per read or write system
- call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line,
- SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number
- of times that an SMTP session may be reused before
- it is closed, or zero (no limit).
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
+ (no limit).
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
- resource, software or protocol errors.
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
- when it detects a "mail loops back to myself" error
- condition.
+ Where the Postfix SMTP client should deliver mail when it
+ detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
- clients.
+ Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail sys-
- tem receives mail on.
+ The network interface addresses that this mail system receives
+ mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use
- when making or accepting connections.
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support,
- assume that the server performs final delivery, and
- send "delivered" delivery status notifications
- instead of "relayed".
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
+ ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
- connects to.
+ The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
- address translation unit.
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
- The address type ("ipv6", "ipv4" or "any") that the
- Postfix SMTP client will try first, when a destina-
- tion has IPv6 and IPv4 addresses with equal MX
- preference.
+ The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
+ client will try first, when a destination has IPv6 and IPv4
+ addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
- IPv4 connection.
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
- IPv6 connection.
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
- mand.
+ The hostname to send in the SMTP EHLO or HELO command.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms the Postfix SMTP client uses to
- look up a host's IP address.
+ What mechanisms the Postfix SMTP client uses to look up a host's
+ IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
- addresses.
+ Randomize the order of equal-preference MX host addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
- that can't be found or that are unreachable.
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
- that can't be found or that are unreachable.
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
<b>SEE ALSO</b>
<a href="generic.5.html">generic(5)</a>, output address rewriting
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>local</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="local.8.html"><b>local</b>(8)</a> daemon processes delivery requests from the
- Postfix queue manager to deliver mail to local recipients.
- Each delivery request specifies a queue file, a sender
- address, a domain or host to deliver to, and one or more
- recipients. This program expects to be run from the <a href="master.8.html"><b>mas-</b></a>
- <a href="master.8.html"><b>ter</b>(8)</a> process manager.
-
- The <a href="local.8.html"><b>local</b>(8)</a> daemon updates queue files and marks recipi-
- ents as finished, or it informs the queue manager that
- delivery should be tried again at a later time. Delivery
- status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or
- <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon processes delivery requests from the Postfix queue
+ manager to deliver mail to local recipients. Each delivery request
+ specifies a queue file, a sender address, a domain or host to deliver
+ to, and one or more recipients. This program expects to be run from
+ the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon updates queue files and marks recipients as fin-
+ ished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>CASE FOLDING</b>
- All delivery decisions are made using the bare recipient
- name (i.e. the address localpart), folded to lower case.
- See also under ADDRESS EXTENSION below for a few excep-
- tions.
+ All delivery decisions are made using the bare recipient name (i.e. the
+ address localpart), folded to lower case. See also under ADDRESS
+ EXTENSION below for a few exceptions.
<b>SYSTEM-WIDE AND USER-LEVEL ALIASING</b>
- The system administrator can set up one or more system-
- wide <b>sendmail</b>-style alias databases. Users can have <b>send-</b>
- <b>mail</b>-style ~/.<b>forward</b> files. Mail for <i>name</i> is delivered
- to the alias <i>name</i>, to destinations in ~<i>name</i>/.<b>forward</b>, to
- the mailbox owned by the user <i>name</i>, or it is sent back as
- undeliverable.
-
- The system administrator can specify a comma/space sepa-
- rated list of ~/.<b>forward</b> like files through the <b><a href="postconf.5.html#forward_path">for</a>-</b>
- <b><a href="postconf.5.html#forward_path">ward_path</a></b> configuration parameter. Upon delivery, the
- local delivery agent tries each pathname in the list until
- a file is found.
-
- Delivery via ~/.<b>forward</b> files is done with the privileges
- of the recipient. Thus, ~/.<b>forward</b> like files must be
- readable by the recipient, and their parent directory
- needs to have "execute" permission for the recipient.
-
- The <b><a href="postconf.5.html#forward_path">forward_path</a></b> parameter is subject to interpolation of
- <b>$user</b> (recipient username), <b>$home</b> (recipient home direc-
- tory), <b>$shell</b> (recipient shell), <b>$recipient</b> (complete
- recipient address), <b>$extension</b> (recipient address exten-
- sion), <b>$domain</b> (recipient domain), <b>$local</b> (entire recipi-
- ent address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b> The forms
- <i>${name?value}</i> and <i>${name:value}</i> expand conditionally to
- <i>value</i> when <i>$name</i> is (is not) defined. Characters that may
- have special meaning to the shell or file system are
- replaced by underscores. The list of acceptable charac-
- ters is specified with the <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a></b> con-
- figuration parameter.
-
- An alias or ~/.<b>forward</b> file may list any combination of
- external commands, destination file names, <b>:include:</b>
- directives, or mail addresses. See <a href="aliases.5.html"><b>aliases</b>(5)</a> for a pre-
- cise description. Each line in a user's .<b>forward</b> file has
- the same syntax as the right-hand part of an alias.
-
- When an address is found in its own alias expansion,
- delivery is made to the user instead. When a user is
- listed in the user's own ~/.<b>forward</b> file, delivery is made
- to the user's mailbox instead. An empty ~/.<b>forward</b> file
- means do not forward mail.
-
- In order to prevent the mail system from using up unrea-
- sonable amounts of memory, input records read from
- <b>:include:</b> or from ~/.<b>forward</b> files are broken up into
- chunks of length <b><a href="postconf.5.html#line_length_limit">line_length_limit</a></b>.
-
- While expanding aliases, ~/.<b>forward</b> files, and so on, the
- program attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">dupli</a>-</b>
- <b><a href="postconf.5.html#duplicate_filter_limit">cate_filter_limit</a></b> configuration parameter limits the num-
- ber of remembered recipients.
+ The system administrator can set up one or more system-wide <b>sendmail</b>-
+ style alias databases. Users can have <b>sendmail</b>-style ~/.<b>forward</b> files.
+ Mail for <i>name</i> is delivered to the alias <i>name</i>, to destinations in
+ ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the user <i>name</i>, or it is sent
+ back as undeliverable.
+
+ The system administrator can specify a comma/space separated list of
+ ~/.<b>forward</b> like files through the <b><a href="postconf.5.html#forward_path">forward_path</a></b> configuration parameter.
+ Upon delivery, the local delivery agent tries each pathname in the list
+ until a file is found.
+
+ Delivery via ~/.<b>forward</b> files is done with the privileges of the recip-
+ ient. Thus, ~/.<b>forward</b> like files must be readable by the recipient,
+ and their parent directory needs to have "execute" permission for the
+ recipient.
+
+ The <b><a href="postconf.5.html#forward_path">forward_path</a></b> parameter is subject to interpolation of <b>$user</b> (recip-
+ ient username), <b>$home</b> (recipient home directory), <b>$shell</b> (recipient
+ shell), <b>$recipient</b> (complete recipient address), <b>$extension</b> (recipient
+ address extension), <b>$domain</b> (recipient domain), <b>$local</b> (entire recipi-
+ ent address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b> The forms
+ <i>${name?value}</i> and <i>${name:value}</i> expand conditionally to <i>value</i> when
+ <i>$name</i> is (is not) defined. Characters that may have special meaning to
+ the shell or file system are replaced by underscores. The list of
+ acceptable characters is specified with the <b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a></b>
+ configuration parameter.
+
+ An alias or ~/.<b>forward</b> file may list any combination of external com-
+ mands, destination file names, <b>:include:</b> directives, or mail addresses.
+ See <a href="aliases.5.html"><b>aliases</b>(5)</a> for a precise description. Each line in a user's .<b>for-</b>
+ <b>ward</b> file has the same syntax as the right-hand part of an alias.
+
+ When an address is found in its own alias expansion, delivery is made
+ to the user instead. When a user is listed in the user's own ~/.<b>forward</b>
+ file, delivery is made to the user's mailbox instead. An empty ~/.<b>for-</b>
+ <b>ward</b> file means do not forward mail.
+
+ In order to prevent the mail system from using up unreasonable amounts
+ of memory, input records read from <b>:include:</b> or from ~/.<b>forward</b> files
+ are broken up into chunks of length <b><a href="postconf.5.html#line_length_limit">line_length_limit</a></b>.
+
+ While expanding aliases, ~/.<b>forward</b> files, and so on, the program
+ attempts to avoid duplicate deliveries. The <b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a></b> con-
+ figuration parameter limits the number of remembered recipients.
<b>MAIL FORWARDING</b>
- For the sake of reliability, forwarded mail is re-submit-
- ted as a new message, so that each recipient has a sepa-
- rate on-file delivery status record.
+ For the sake of reliability, forwarded mail is re-submitted as a new
+ message, so that each recipient has a separate on-file delivery status
+ record.
- In order to stop mail forwarding loops early, the software
- adds an optional <b>Delivered-To:</b> header with the final enve-
- lope recipient address. If mail arrives for a recipient
- that is already listed in a <b>Delivered-To:</b> header, the mes-
- sage is bounced.
+ In order to stop mail forwarding loops early, the software adds an
+ optional <b>Delivered-To:</b> header with the final envelope recipient
+ address. If mail arrives for a recipient that is already listed in a
+ <b>Delivered-To:</b> header, the message is bounced.
<b>MAILBOX DELIVERY</b>
- The default per-user mailbox is a file in the UNIX mail
- spool directory (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>);
- the location can be specified with the <b><a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-</b>
- <b><a href="postconf.5.html#mail_spool_directory">tory</a></b> configuration parameter. Specify a name ending in <b>/</b>
- for <b>qmail</b>-compatible <b>maildir</b> delivery.
-
- Alternatively, the per-user mailbox can be a file in the
- user's home directory with a name specified via the
- <b><a href="postconf.5.html#home_mailbox">home_mailbox</a></b> configuration parameter. Specify a relative
- path name. Specify a name ending in <b>/</b> for <b>qmail</b>-compatible
- <b>maildir</b> delivery.
-
- Mailbox delivery can be delegated to an external command
- specified with the <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a></b> and <b><a href="postconf.5.html#mailbox_command">mailbox_com</a>-</b>
- <b><a href="postconf.5.html#mailbox_command">mand</a></b> configuration parameters. The command executes with
- the privileges of the recipient user (exceptions: sec-
- ondary groups are not enabled; in case of delivery as
- root, the command executes with the privileges of
- <b><a href="postconf.5.html#default_privs">default_privs</a></b>).
-
- Mailbox delivery can be delegated to alternative message
- transports specified in the <a href="master.5.html"><b>master.cf</b></a> file. The <b><a href="postconf.5.html#mailbox_transport_maps">mail</a>-</b>
- <b><a href="postconf.5.html#mailbox_transport_maps">box_transport_maps</a></b> and <b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a></b> configuration
- parameters specify an optional message transport that is
- to be used for all local recipients, regardless of whether
- they are found in the UNIX passwd database. The <b><a href="postconf.5.html#fallback_transport_maps">fall</a>-</b>
- <b><a href="postconf.5.html#fallback_transport_maps">back_transport_maps</a></b> and <b><a href="postconf.5.html#fallback_transport">fallback_transport</a></b> parameters
- specify an optional message transport for recipients that
- are not found in the <a href="aliases.5.html">aliases(5)</a> or UNIX passwd database.
-
- In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a>
- daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
- to each message, prepends an <b>X-Original-To:</b> header with
- the recipient address as given to Postfix, prepends an
- optional <b>Delivered-To:</b> header with the final envelope
- recipient address, prepends a <b>Return-Path:</b> header with the
- envelope sender address, prepends a > character to lines
- beginning with "<b>From</b> ", and appends an empty line. The
- mailbox is locked for exclusive access while delivery is
- in progress. In case of problems, an attempt is made to
- truncate the mailbox to its original length.
-
- In the case of <b>maildir</b> delivery, the local daemon prepends
- an optional <b>Delivered-To:</b> header with the final envelope
- recipient address, prepends an <b>X-Original-To:</b> header with
- the recipient address as given to Postfix, and prepends a
- <b>Return-Path:</b> header with the envelope sender address.
+ The default per-user mailbox is a file in the UNIX mail spool directory
+ (<b>/var/mail/</b><i>user</i> or <b>/var/spool/mail/</b><i>user</i>); the location can be specified
+ with the <b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a></b> configuration parameter. Specify a name
+ ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ Alternatively, the per-user mailbox can be a file in the user's home
+ directory with a name specified via the <b><a href="postconf.5.html#home_mailbox">home_mailbox</a></b> configuration
+ parameter. Specify a relative path name. Specify a name ending in <b>/</b> for
+ <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ Mailbox delivery can be delegated to an external command specified with
+ the <b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a></b> and <b><a href="postconf.5.html#mailbox_command">mailbox_command</a></b> configuration parameters.
+ The command executes with the privileges of the recipient user (excep-
+ tions: secondary groups are not enabled; in case of delivery as root,
+ the command executes with the privileges of <b><a href="postconf.5.html#default_privs">default_privs</a></b>).
+
+ Mailbox delivery can be delegated to alternative message transports
+ specified in the <a href="master.5.html"><b>master.cf</b></a> file. The <b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a></b> and <b><a href="postconf.5.html#mailbox_transport">mail</a>-</b>
+ <b><a href="postconf.5.html#mailbox_transport">box_transport</a></b> configuration parameters specify an optional message
+ transport that is to be used for all local recipients, regardless of
+ whether they are found in the UNIX passwd database. The <b><a href="postconf.5.html#fallback_transport_maps">fall</a>-</b>
+ <b><a href="postconf.5.html#fallback_transport_maps">back_transport_maps</a></b> and <b><a href="postconf.5.html#fallback_transport">fallback_transport</a></b> parameters specify an
+ optional message transport for recipients that are not found in the
+ <a href="aliases.5.html">aliases(5)</a> or UNIX passwd database.
+
+ In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
+ prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
+ envelope recipient address, prepends a <b>Return-Path:</b> header with the
+ envelope sender address, prepends a > character to lines beginning with
+ "<b>From</b> ", and appends an empty line. The mailbox is locked for exclu-
+ sive access while delivery is in progress. In case of problems, an
+ attempt is made to truncate the mailbox to its original length.
+
+ In the case of <b>maildir</b> delivery, the local daemon prepends an optional
+ <b>Delivered-To:</b> header with the final envelope recipient address,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, and prepends a <b>Return-Path:</b> header with the envelope sender
+ address.
<b>EXTERNAL COMMAND DELIVERY</b>
- The <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> configuration parameter
- restricts delivery to external commands. The default set-
- ting (<b>alias, forward</b>) forbids command destinations in
- <b>:include:</b> files.
-
- Optionally, the process working directory is changed to
- the path specified with <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> (Post-
- fix 2.2 and later). Failure to change directory causes
- mail to be deferred.
-
- The <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> parameter value is subject
- to interpolation of <b>$user</b> (recipient username), <b>$home</b>
- (recipient home directory), <b>$shell</b> (recipient shell),
- <b>$recipient</b> (complete recipient address), <b>$extension</b>
- (recipient address extension), <b>$domain</b> (recipient domain),
- <b>$local</b> (entire recipient address localpart) and <b>$recipi-</b>
- <b>ent_delimiter.</b> The forms <i>${name?value}</i> and <i>${name:value}</i>
- expand conditionally to <i>value</i> when <i>$name</i> is (is not)
- defined. Characters that may have special meaning to the
- shell or file system are replaced by underscores. The
- list of acceptable characters is specified with the <b><a href="postconf.5.html#execution_directory_expansion_filter">execu</a>-</b>
- <b><a href="postconf.5.html#execution_directory_expansion_filter">tion_directory_expansion_filter</a></b> configuration parameter.
-
- The command is executed directly where possible. Assis-
- tance by the shell (<b>/bin/sh</b> on UNIX systems) is used only
- when the command contains shell magic characters, or when
- the command invokes a shell built-in command.
-
- A limited amount of command output (standard output and
- standard error) is captured for inclusion with non-deliv-
- ery status reports. A command is forcibly terminated if
- it does not complete within <b><a href="postconf.5.html#command_time_limit">command_time_limit</a></b> seconds.
- Command exit status codes are expected to follow the con-
- ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
+ The <b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a></b> configuration parameter restricts delivery
+ to external commands. The default setting (<b>alias, forward</b>) forbids com-
+ mand destinations in <b>:include:</b> files.
+
+ Optionally, the process working directory is changed to the path speci-
+ fied with <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> (Postfix 2.2 and later). Failure
+ to change directory causes mail to be deferred.
+
+ The <b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a></b> parameter value is subject to interpo-
+ lation of <b>$user</b> (recipient username), <b>$home</b> (recipient home directory),
+ <b>$shell</b> (recipient shell), <b>$recipient</b> (complete recipient address),
+ <b>$extension</b> (recipient address extension), <b>$domain</b> (recipient domain),
+ <b>$local</b> (entire recipient address localpart) and <b>$<a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a>.</b>
+ The forms <i>${name?value}</i> and <i>${name:value}</i> expand conditionally to <i>value</i>
+ when <i>$name</i> is (is not) defined. Characters that may have special mean-
+ ing to the shell or file system are replaced by underscores. The list
+ of acceptable characters is specified with the <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_direc</a>-</b>
+ <b><a href="postconf.5.html#execution_directory_expansion_filter">tory_expansion_filter</a></b> configuration parameter.
+
+ The command is executed directly where possible. Assistance by the
+ shell (<b>/bin/sh</b> on UNIX systems) is used only when the command contains
+ shell magic characters, or when the command invokes a shell built-in
+ command.
+
+ A limited amount of command output (standard output and standard error)
+ is captured for inclusion with non-delivery status reports. A command
+ is forcibly terminated if it does not complete within <b>com-</b>
+ <b>mand_time_limit</b> seconds. Command exit status codes are expected to
+ follow the conventions defined in <<b>sysexits.h</b>>. Exit status 0 means
normal successful completion.
- Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style
- enhanced status codes. If a command terminates with a
- non-zero exit status, and the command output begins with
- an enhanced status code, this status code takes precedence
- over the non-zero exit status.
+ Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style enhanced status
+ codes. If a command terminates with a non-zero exit status, and the
+ command output begins with an enhanced status code, this status code
+ takes precedence over the non-zero exit status.
- A limited amount of message context is exported via envi-
- ronment variables. Characters that may have special mean-
- ing to the shell are replaced by underscores. The list of
- acceptable characters is specified with the <b><a href="postconf.5.html#command_expansion_filter">command_expan</a>-</b>
- <b><a href="postconf.5.html#command_expansion_filter">sion_filter</a></b> configuration parameter.
+ A limited amount of message context is exported via environment vari-
+ ables. Characters that may have special meaning to the shell are
+ replaced by underscores. The list of acceptable characters is speci-
+ fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
<b>SHELL</b> The recipient user's login shell.
<b>LOGNAME</b>
The bare recipient name.
- <b>LOCAL</b> The entire recipient address localpart (text to the
- left of the rightmost @ character).
+ <b>LOCAL</b> The entire recipient address localpart (text to the left of the
+ rightmost @ character).
<b>ORIGINAL_RECIPIENT</b>
- The entire recipient address, before any address
- rewriting or aliasing (Postfix 2.5 and later).
+ The entire recipient address, before any address rewriting or
+ aliasing (Postfix 2.5 and later).
<b>RECIPIENT</b>
The entire recipient address.
<b>SENDER</b> The entire sender address.
- Additional remote client information is made available via
- the following environment variables:
+ Additional remote client information is made available via the follow-
+ ing environment variables:
<b>CLIENT_ADDRESS</b>
- Remote client network address. Available as of
- Postfix 2.2.
+ Remote client network address. Available as of Postfix 2.2.
<b>CLIENT_HELO</b>
- Remote client EHLO command parameter. Available as
- of Postfix 2.2.
+ Remote client EHLO command parameter. Available as of Postfix
+ 2.2.
<b>CLIENT_HOSTNAME</b>
- Remote client hostname. Available as of Postfix
- 2.2.
+ Remote client hostname. Available as of Postfix 2.2.
<b>CLIENT_PROTOCOL</b>
- Remote client protocol. Available as of Postfix
- 2.2.
+ Remote client protocol. Available as of Postfix 2.2.
<b>SASL_METHOD</b>
- SASL authentication method specified in the remote
- client AUTH command. Available as of Postfix 2.2.
+ SASL authentication method specified in the remote client AUTH
+ command. Available as of Postfix 2.2.
<b>SASL_SENDER</b>
- SASL sender address specified in the remote client
- MAIL FROM command. Available as of Postfix 2.2.
+ SASL sender address specified in the remote client MAIL FROM
+ command. Available as of Postfix 2.2.
<b>SASL_USERNAME</b>
- SASL username specified in the remote client AUTH
- command. Available as of Postfix 2.2.
+ SASL username specified in the remote client AUTH command.
+ Available as of Postfix 2.2.
- The <b>PATH</b> environment variable is always reset to a system-
- dependent default path, and environment variables whose
- names are blessed by the <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration
- parameter are exported unchanged.
+ The <b>PATH</b> environment variable is always reset to a system-dependent
+ default path, and environment variables whose names are blessed by the
+ <b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
- The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>"
- envelope header to each message, prepends an <b>X-Original-</b>
- <b>To:</b> header with the recipient address as given to Postfix,
- prepends an optional <b>Delivered-To:</b> header with the final
- recipient envelope address, prepends a <b>Return-Path:</b> header
- with the sender envelope address, and appends no empty
- line.
+ The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
+ to each message, prepends an <b>X-Original-To:</b> header with the recipient
+ address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
+ with the final recipient envelope address, prepends a <b>Return-Path:</b>
+ header with the sender envelope address, and appends no empty line.
<b>EXTERNAL FILE DELIVERY</b>
- The delivery format depends on the destination filename
- syntax. The default is to use UNIX-style mailbox format.
- Specify a name ending in <b>/</b> for <b>qmail</b>-compatible <b>maildir</b>
- delivery.
-
- The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts
- delivery to external files. The default setting (<b>alias,</b>
- <b>forward</b>) forbids file destinations in <b>:include:</b> files.
-
- In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a>
- daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
- to each message, prepends an <b>X-Original-To:</b> header with
- the recipient address as given to Postfix, prepends an
- optional <b>Delivered-To:</b> header with the final recipient
- envelope address, prepends a > character to lines begin-
- ning with "<b>From</b> ", and appends an empty line. The enve-
- lope sender address is available in the <b>Return-Path:</b>
- header. When the destination is a regular file, it is
- locked for exclusive access while delivery is in progress.
- In case of problems, an attempt is made to truncate a reg-
- ular file to its original length.
-
- In the case of <b>maildir</b> delivery, the local daemon prepends
- an optional <b>Delivered-To:</b> header with the final envelope
- recipient address, and prepends an <b>X-Original-To:</b> header
- with the recipient address as given to Postfix. The enve-
- lope sender address is available in the <b>Return-Path:</b>
- header.
+ The delivery format depends on the destination filename syntax. The
+ default is to use UNIX-style mailbox format. Specify a name ending in
+ <b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
+
+ The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
+ external files. The default setting (<b>alias, forward</b>) forbids file des-
+ tinations in <b>:include:</b> files.
+
+ In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
+ prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
+ recipient envelope address, prepends a > character to lines beginning
+ with "<b>From</b> ", and appends an empty line. The envelope sender address
+ is available in the <b>Return-Path:</b> header. When the destination is a
+ regular file, it is locked for exclusive access while delivery is in
+ progress. In case of problems, an attempt is made to truncate a regular
+ file to its original length.
+
+ In the case of <b>maildir</b> delivery, the local daemon prepends an optional
+ <b>Delivered-To:</b> header with the final envelope recipient address, and
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix. The envelope sender address is available in the <b>Return-</b>
+ <b>Path:</b> header.
<b>ADDRESS EXTENSION</b>
- The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter
- specifies how to separate address extensions from local
- recipient names.
+ The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
+ to separate address extensions from local recipient names.
- For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for
- <i>name</i>+<i>foo</i> is delivered to the alias <i>name</i>+<i>foo</i> or to the
- alias <i>name</i>, to the destinations listed in ~<i>name</i>/.<b>for-</b>
- <b>ward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox owned by the
- user <i>name</i>, or it is sent back as undeliverable.
+ For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
+ delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
+ tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
+ owned by the user <i>name</i>, or it is sent back as undeliverable.
<b>DELIVERY RIGHTS</b>
- Deliveries to external files and external commands are
- made with the rights of the receiving user on whose behalf
- the delivery is made. In the absence of a user context,
- the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner rights of the <b>:include:</b>
- file or alias database. When those files are owned by the
- superuser, delivery is made with the rights specified with
+ Deliveries to external files and external commands are made with the
+ rights of the receiving user on whose behalf the delivery is made. In
+ the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
+ rights of the <b>:include:</b> file or alias database. When those files are
+ owned by the superuser, delivery is made with the rights specified with
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
- can move them to the <b>corrupt</b> queue afterwards.
+ Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
+ files are marked so that the queue manager can move them to the <b>corrupt</b>
+ queue afterwards.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>SECURITY</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to
- access the private Postfix queue and IPC mechanisms, 2) to
- impersonate the recipient and deliver to recipient-speci-
- fied files or commands. It is therefore security sensi-
- tive.
-
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression
- substitution of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would
- open a security hole.
-
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests
- to use the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead
- it will open the table directly. Before Postfix version
- 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will terminate with a
- fatal error.
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
+ private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
+ ent and deliver to recipient-specified files or commands. It is there-
+ fore security sensitive.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
+
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
+ directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
+ terminate with a fatal error.
<b>BUGS</b>
- For security reasons, the message delivery status of
- external commands or of external files is never check-
- pointed to file. As a result, the program may occasionally
- deliver more than once to a command or external file. Bet-
- ter safe than sorry.
+ For security reasons, the message delivery status of external commands
+ or of external files is never checkpointed to file. As a result, the
+ program may occasionally deliver more than once to a command or exter-
+ nal file. Better safe than sorry.
- Mutually-recursive aliases or ~/.<b>forward</b> files are not
- detected early. The resulting mail forwarding loop is
- broken by the use of the <b>Delivered-To:</b> message header.
+ Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
+ The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
+ <b>ered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="local.8.html"><b>local</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#biff">biff</a> (yes)</b>
Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
<b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
- When delivering to an alias "aliasname" that has an
- "owner-aliasname" companion alias, set the envelope
- sender address to the expansion of the "owner-
- aliasname" alias.
+ When delivering to an alias "aliasname" that has an "owner-
+ aliasname" companion alias, set the envelope sender address to
+ the expansion of the "owner-aliasname" alias.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
- Give special treatment to owner-listname and list-
- name-request address localparts: don't split such
- addresses when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is set to
- "-".
+ Give special treatment to owner-listname and listname-request
+ address localparts: don't split such addresses when the <a href="postconf.5.html#recipient_delimiter">recipi</a>-
+ <a href="postconf.5.html#recipient_delimiter">ent_delimiter</a> is set to "-".
<b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
Obsolete SUN mailtool compatibility feature.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
- Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the
- Delivered-To: address (see prepend_deliv-
- ered_header) only once, at the start of a delivery
- attempt; do not update the Delivered-To: address
+ Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
+ address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
+ of a delivery attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by
- its recipient.
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
<b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a> (no)</b>
- Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the
- owner-alias attribute, when delivering mail to a
- child alias that does not have its own owner alias.
+ Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
+ attribute, when delivering mail to a child alias that does not
+ have its own owner alias.
<b>DELIVERY METHOD CONTROLS</b>
- The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to
- low is: aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>,
- <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>, <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>,
- <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a>, fallback_trans-
- port_maps, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
+ The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
+ aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
+ <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>, <a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
+ <a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
- The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a>
- delivery.
+ The alias databases that are used for <a href="local.8.html"><b>local</b>(8)</a> delivery.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding
- a .forward file with user-specified delivery meth-
- ods.
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
+ file with user-specified delivery methods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox
- delivery, whether or not the recipients are found
- in the UNIX passwd database.
+ Optional lookup tables with per-recipient message delivery
+ transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
+ the recipients are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for mailbox
- delivery to all local recipients, whether or not
- they are found in the UNIX passwd database.
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent should use for mailbox delivery to all local recipients,
+ whether or not they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
- Optional lookup tables with per-recipient external
-
commands to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
+ Optional lookup tables with per-recipient external commands to
+ use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
- Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> deliv-
- ery agent should use for mailbox delivery.
+ Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
+ should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
- Optional pathname of a mailbox file relative to a
- <a href="local.8.html"><b>local</b>(8)</a> user's home directory.
+ Optional pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
+ user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
- The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes
- are kept.
+ The directory where <a href="local.8.html"><b>local</b>(8)</a> UNIX-style mailboxes are kept.
<b><a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a> (empty)</b>
- Optional lookup tables with per-recipient message
- delivery transports for recipients that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent could not find in the
- <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
+ Optional lookup tables with per-recipient message delivery
+ transports for recipients that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent could
+ not find in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
- Optional message delivery transport that the
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent should use for names that
- are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password
- database.
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
+ or UNIX password database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
- Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a>
- recipients.
+ Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for
- delivery to external command.
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
+ external command.
<b>MAILBOX LOCKING CONTROLS</b>
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
- lockfile is removed.
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
- attempting delivery.
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
+ delivery.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#command_time_limit">command_time_limit</a> (1000s)</b>
Time limit for delivery to external commands.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
- <a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
- plays.
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
- The maximal number of parallel deliveries via the
- local mail delivery transport to the same recipient
- (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> = 1") or
- the maximal number of parallel deliveries to the
- same <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> (when "local_destination_recipi-
- ent_limit > 1").
+ The maximal number of parallel deliveries via the local mail
+ delivery transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
+ deliveries to the same local domain (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> > 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
- The maximal number of recipients per message deliv-
- ery via the local mail delivery transport.
+ The maximal number of recipients per message delivery via the
+ local mail delivery transport.
<b><a href="postconf.5.html#mailbox_size_limit">mailbox_size_limit</a> (51200000)</b>
- The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox
- or maildir file, or zero (no limit).
+ The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
+ file, or zero (no limit).
<b>SECURITY CONTROLS</b>
<b><a href="postconf.5.html#allow_mail_to_commands">allow_mail_to_commands</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external com-
- mands.
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external commands.
<b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a> (alias, forward)</b>
- Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
+ Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent allows in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_com</a>-
- <a href="postconf.5.html#mailbox_command">mand</a> and $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
+ <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
- The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent for delivery to external file or command.
+ The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
+ delivery to external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
-
agent allows in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
- <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d'</b>
- <b>output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent allows in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
- <a href="postconf.5.html#command_execution_directory">tion_directory</a>.
+ <b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d' output)</b>
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by
- its recipient.
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
- process will export to non-Postfix processes.
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
- Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to
- non-Postfix command.
+ Optional shell program for <a href="local.8.html"><b>local</b>(8)</a> delivery to non-Postfix com-
+ mand.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
- The message delivery contexts where the Postfix
- <a href="local.8.html"><b>local</b>(8)</a> delivery agent prepends a Delivered-To:
- message header with the address that the mail was
- delivered to.
+ The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
+ ery agent prepends a Delivered-To: message header with the
+ address that the mail was delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
- What address lookup tables copy an address exten-
- sion from the lookup key to the lookup result.
+ What address lookup tables copy an address extension from the
+ lookup key to the lookup result.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name
- from its extension (example: user+foo), or a .for-
- ward file name from its extension (example: .for-
- ward+foo).
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
+ extension (example: .forward+foo).
<b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
- Require that a <a href="local.8.html"><b>local</b>(8)</a> recipient's home directory
- exists before mail delivery is attempted.
+ Require that a <a href="local.8.html"><b>local</b>(8)</a> recipient's home directory exists before
+ mail delivery is attempted.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
The following are examples; details differ between systems.
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
- tem by Daniel Bernstein.
+ The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
+ Bernstein.
- The <i>maildir</i> structure appears in the <b>qmail</b> system by
- Daniel Bernstein.
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
<b>AUTHOR(S)</b>
Wietse Venema
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to
- Sendmail compatibility interface. For the sake of compat-
- ibility with existing applications, some Sendmail command-
- line options are recognized but silently ignored.
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
- By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from stan-
- dard input until EOF or until it reads a line with only a
- <b>.</b> character, and arranges for delivery. Postfix <a href="sendmail.1.html"><b>send-</b></a>
- <a href="sendmail.1.html"><b>mail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command to create a
- queue file in the <b>maildrop</b> directory.
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common
- modes of operation:
+ Specific command aliases are provided for other common modes of opera-
+ tion:
- <b>mailq</b> List the mail queue. Each entry shows the queue
- file ID, message size, arrival time, sender, and
- the recipients that still need to be delivered. If
- mail could not be delivered upon the last attempt,
- the reason for failure is shown. The queue ID
- string is followed by an optional status character:
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
- <b>*</b> The message is in the <b>active</b> queue, i.e. the
- message is selected for delivery.
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no
- further delivery attempt will be made until
- the mail is taken off hold.
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
- This mode of operation is implemented by executing
-
the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
<b>newaliases</b>
- Initialize the alias database. If no input file is
- specified (with the <b>-oA</b> option, see below), the
- program processes the file(s) specified with the
- <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parameter. If no
- alias database type is specified, the program uses
- the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b>
- configuration parameter. This mode of operation is
- implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
-
- Note: it may take a minute or so before an alias
- database update becomes visible. Use the "<b>postfix</b>
- <b>reload</b>" command to eliminate this delay.
-
- These and other features can be selected by specifying the
- appropriate combination of command-line options. Some fea-
- tures are controlled by parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
- ration file.
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
The following options are recognized:
<b>-Am</b> (ignored)
<b>-Ac</b> (ignored)
- Postfix sendmail uses the same configuration file
- regardless of whether or not a message is an ini-
- tial submission.
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
<b>-B</b> <i>body</i><b>_</b><i>type</i>
The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
- <b>-bd</b> Go into daemon mode. This mode of operation is
- implemented by executing the "<b>postfix start</b>" com-
- mand.
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
<b>-bh</b> (ignored)
<b>-bH</b> (ignored)
Postfix has no persistent host status database.
- <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-bl</b> Go into daemon mode. To accept only local connec-
- tions as with Sendmail's <b>-bl</b> option, specify
- "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in the Postfix <a href="postconf.5.html"><b>main.cf</b></a>
- configuration file.
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
- <b>-bm</b> Read mail from standard input and arrange for
- delivery. This is the default mode of operation.
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
- <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
- from standard input, and write responses to stan-
- dard output. In stand-alone SMTP server mode, mail
- relaying and other access controls are disabled by
- default. To enable them, run the process as the
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
- This mode of operation is implemented by running
- the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
- <b>-bv</b> Do not collect or deliver a message. Instead, send
- an email report after verifying each recipient
- address. This is useful for testing address
- rewriting and routing configurations.
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
- This feature is available in Postfix version 2.1
- and later.
+ This feature is available in Postfix version 2.1 and later.
<b>-C</b> <i>config</i><b>_</b><i>file</i>
<b>-C</b> <i>config</i><b>_</b><i>dir</i>
- The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of
- its parent directory. This information is ignored
- with Postfix versions before 2.3.
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
- With all Postfix versions, you can specify a direc-
- tory pathname with the MAIL_CONFIG environment
- variable to override the location of configuration
- files.
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
- Set the sender full name. This overrides the NAME
- environment variable, and is used only with mes-
- sages that have no <b>From:</b> message header.
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
<b>-f</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial
- user submission. Either do not rewrite addresses
- at all, or update incomplete addresses with the
- domain information specified with <b>remote_header_re-</b>
- <b>write_domain</b>.
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
- This option is ignored before Postfix version 2.3.
+ This option is ignored before Postfix version 2.3.
<b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
- Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configura-
- tion parameter instead.
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
- <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
- The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configura-
- tion parameter instead.
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
<b>-m</b> (ignored)
Backwards compatibility.
<b>-N</b> <i>dsn</i> (default: 'delay, failure')
- Delivery status notification control. Specify
- either a comma-separated list with one or more of
- <b>failure</b> (send notification when delivery fails),
- <b>delay</b> (send notification when delivery is delayed),
- or <b>success</b> (send notification when the message is
- delivered); or specify <b>never</b> (don't send any noti-
- fications at all).
+ Delivery status notification control. Specify either a comma-
+ separated list with one or more of <b>failure</b> (send notification
+ when delivery fails), <b>delay</b> (send notification when delivery is
+ delayed), or <b>success</b> (send notification when the message is
+ delivered); or specify <b>never</b> (don't send any notifications at
+ all).
This feature is available in Postfix 2.3 and later.
Backwards compatibility.
<b>-oA</b><i>alias</i><b>_</b><i>database</i>
- Non-default alias database. Specify <i>pathname</i> or
-
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-O</b> <i>option=value</i> (ignored)
- Set the named <i>option</i> to <i>value</i>. Use the equivalent
-
configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate
- MIME encapsulation and specify the appropriate <b>-B</b>
- command-line option.
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
- The sender is never eliminated from alias etc.
- expansions.
+ The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
-
ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
<b>-R</b> <i>return</i>
- Delivery status notification control. Specify
- "hdrs" to return only the header when a message
- bounces, "full" to return a full copy (the default
- behavior).
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
- The <b>-R</b> option specifies an upper bound; Postfix
- will return only the header, when a full copy would
- exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> setting.
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is imple-
-
mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
- Warning: flushing undeliverable mail frequently
- will result in poor delivery performance of all
- other mail.
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the
- <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
<b>-qI</b><i>queueid</i>
- Schedule immediate delivery of mail with the speci-
- fied queue ID. This option is implemented by exe-
- cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
- with Postfix version 2.4 and later.
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
- Schedule immediate delivery of all mail that is
- queued for the named <i>site</i>. This option accepts only
- <i>site</i> names that are eligible for the "fast flush"
- service, and is implemented by executing the
- <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
- mation about the "fast flush" service.
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
<b>-qS</b><i>site</i>
- This command is not implemented. Use the slower
- "<b>sendmail -q</b>" command instead.
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
- <b>-t</b> Extract recipients from message headers. These are
- added to any recipients specified on the command
- line.
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
- With Postfix versions prior to 2.1, this option
- requires that no recipient addresses are specified
- on the command line.
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
<b>-U</b> (ignored)
Initial user submission.
<b>-V</b> <i>envid</i>
- Specify the envelope ID for notification by servers
- that support DSN.
+ Specify the envelope ID for notification by servers that support
+ DSN.
This feature is available in Postfix 2.3 and later.
<b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
- Variable Envelope Return Path. Given an envelope
- sender address of the form <i>owner-listname</i>@<i>origin</i>,
- each recipient <i>user</i>@<i>domain</i> receives mail with a
- personalized envelope sender address.
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
- By default, the personalized envelope sender
- address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
- default <b>+</b> and <b>=</b> characters are configurable with
- the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration parame-
- ter.
+ By default, the personalized envelope sender address is <i>owner-</i>
+ <i>listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> characters are
+ configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
+ parameter.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
- As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter
- characters, instead of the characters specified
- with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
- parameter.
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt
- (Postfix versions 2.1 and later). Mail delivery
- always happens in the background. When multiple <b>-v</b>
- options are given, enable verbose logging for
- debugging purposes.
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
- Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
- <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters instead.
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted, possibly
- remote, users. Thus, the usual precautions need to be
- taken against malicious inputs.
+ By design, this program is not set-user (or group) id. However, it must
+ handle data from untrusted, possibly remote, users. Thus, the usual
+ precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
- error stream.
+ Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>MAIL_DEBUG</b> (value does not matter)
- Enable debugging with an external command, as spec-
- ified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
- parameter.
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with mes-
- sages that have no <b>From:</b> message header. See also
- the <b>-F</b> option above.
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
- Controls how the Postfix sendmail command converts
- email message line endings from <CR><LF> into UNIX
- format (<LF>).
+ Controls how the Postfix sendmail command converts email message
+ line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble
- shoot a Postfix system.
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
- The external command to execute when a Postfix dae-
- mon program is invoked with the -D option.
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b>ACCESS CONTROLS</b>
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to flush the
- queue.
+ List of users who are authorized to flush the queue.
<b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail
- with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
- leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
- The maximal number of attempts to fork() a child
- process.
+ The maximal number of attempts to fork() a child process.
<b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
- The delay between attempts to fork() a child
- process.
+ The delay between attempts to fork() a child process.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
- that is allowed in the primary message headers.
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
- manager; prior to Postfix 2.4 the default value was
- 1000s.
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
- details for the Postfix "fast flush" service.
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for
- per-destination logfiles with mail that is queued
- to those destinations.
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
- path addresses.
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
- and in SMTP commands.
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
- updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
- The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of
- the message headers of mail that is still queued.
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
- Report mail delivery errors to the address speci-
- fied with the non-standard Errors-To: message
- header, instead of the envelope sender address
- (this feature is removed with Postfix version 2.2,
- is turned off by default with Postfix version 2.1,
- and is always turned on with older Postfix ver-
- sions).
+ Report mail delivery errors to the address specified with the
+ non-standard Errors-To: message header, instead of the envelope
+ sender address (this feature is removed with Postfix version
+ 2.2, is turned off by default with Postfix version 2.1, and is
+ always turned on with older Postfix versions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix, mail queue
syslogd(8), system logging
<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
master - Postfix master process configuration file format
<b>DESCRIPTION</b>
- The Postfix mail system is implemented by small number of
- (mostly) client commands that are invoked by users, and by
- a larger number of services that run in the background.
-
- Postfix services are implemented by daemon processes.
- These run in the background under control of the <a href="master.8.html"><b>master</b>(8)</a>
- process. The <a href="master.5.html">master.cf</a> configuration file defines how a
- client program connects to a service, and what daemon pro-
- gram runs when a service is requested. Most daemon pro-
- cesses are short-lived and terminate voluntarily after
- serving <b><a href="postconf.5.html#max_use">max_use</a></b> clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b>
- or more units of time.
-
- All daemons specified here must speak a Postfix-internal
- protocol. In order to execute non-Postfix software use the
- <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a> or <a href="spawn.8.html"><b>spawn</b>(8)</a> services, or run the server
- under control by <b>inetd</b>(8) or equivalent.
-
- After changing <a href="master.5.html">master.cf</a> you must execute "<b>postfix reload</b>"
- to reload the configuration.
+ The Postfix mail system is implemented by small number of (mostly)
+ client commands that are invoked by users, and by a larger number of
+ services that run in the background.
+
+ Postfix services are implemented by daemon processes. These run in the
+ background under control of the <a href="master.8.html"><b>master</b>(8)</a> process. The <a href="master.5.html">master.cf</a> con-
+ figuration file defines how a client program connects to a service, and
+ what daemon program runs when a service is requested. Most daemon pro-
+ cesses are short-lived and terminate voluntarily after serving <b><a href="postconf.5.html#max_use">max_use</a></b>
+ clients, or after inactivity for <b><a href="postconf.5.html#max_idle">max_idle</a></b> or more units of time.
+
+ All daemons specified here must speak a Postfix-internal protocol. In
+ order to execute non-Postfix software use the <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a> or
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> services, or run the server under control by <b>inetd</b>(8) or
+ equivalent.
+
+ After changing <a href="master.5.html">master.cf</a> you must execute "<b>postfix reload</b>" to reload
+ the configuration.
<b>SYNTAX</b>
The general format of the <a href="master.5.html">master.cf</a> file is as follows:
- <b>o</b> Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
- <b>o</b> A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
- <b>o</b> Each logical line defines a single Postfix service.
- Each service is identified by its name and type as
- described below. When multiple lines specify the
- same service name and type, only the last one is
- remembered. Otherwise, the order of <a href="master.5.html">master.cf</a> ser-
- vice definitions does not matter.
+ <b>o</b> Each logical line defines a single Postfix service. Each ser-
+ vice is identified by its name and type as described below.
+ When multiple lines specify the same service name and type, only
+ the last one is remembered. Otherwise, the order of <a href="master.5.html">master.cf</a>
+ service definitions does not matter.
- Each logical line consists of eight fields separated by
- whitespace. These are described below in the order as
- they appear in the <a href="master.5.html">master.cf</a> file.
+ Each logical line consists of eight fields separated by whitespace.
+ These are described below in the order as they appear in the <a href="master.5.html">master.cf</a>
+ file.
- Where applicable a field of "-" requests that the built-in
- default value be used. For boolean fields specify "y" or
- "n" to override the default value.
+ Where applicable a field of "-" requests that the built-in default
+ value be used. For boolean fields specify "y" or "n" to override the
+ default value.
<b>Service name</b>
- The service name syntax depends on the service type
- as described next.
+ The service name syntax depends on the service type as described
+ next.
<b>Service type</b>
Specify one of the following service types:
- <b>inet</b> The service listens on a TCP/IP socket and
- is accessible via the network.
-
- The service name is specified as <i>host:port</i>,
- denoting the host and port on which new con-
- nections should be accepted. The host part
- (and colon) may be omitted. Either host or
- port may be given in symbolic form (host or
- service name) or in numeric form (IP address
- or port number). Host information may be
- enclosed inside "[]"; this form is necessary
- only with IPv6 addresses.
-
- Examples: a service named <b>127.0.0.1:smtp</b> or
- <b>::1:smtp</b> receives mail via the loopback
- interface only; and a service named <b>10025</b>
- accepts connections on TCP port 10025 via
- all interfaces configured with the
- <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> parameter.
-
- Note: with Postfix version 2.2 and later
- specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only</b>" in
- <a href="postconf.5.html">main.cf</a>, instead of hard-coding loopback IP
- address information in <a href="master.5.html">master.cf</a> or in
- <a href="postconf.5.html">main.cf</a>.
-
- <b>unix</b> The service listens on a UNIX-domain socket
- and is accessible for local clients only.
-
- The service name is a pathname relative to
- the Postfix queue directory (pathname con-
- trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
- tion parameter in <a href="postconf.5.html">main.cf</a>).
-
- On Solaris 8 and earlier systems the <b>unix</b>
- type is implemented with streams sockets.
-
- <b>fifo</b> The service listens on a FIFO (named pipe)
- and is accessible for local clients only.
-
- The service name is a pathname relative to
- the Postfix queue directory (pathname con-
- trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
- tion parameter in <a href="postconf.5.html">main.cf</a>).
-
- <b>pass</b> The service listens on a UNIX-domain socket,
- and is accessible to local clients only. It
- receives one open connection (file descrip-
- tor passing) per connection request.
-
- The service name is a pathname relative to
- the Postfix queue directory (pathname con-
- trolled with the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configura-
- tion parameter in <a href="postconf.5.html">main.cf</a>).
-
- On Solaris 8 and earlier systems the <b>pass</b>
- type is implemented with streams sockets.
-
- This feature is available as of Postfix ver-
- sion 2.5.
+ <b>inet</b> The service listens on a TCP/IP socket and is accessible
+ via the network.
+
+ The service name is specified as <i>host:port</i>, denoting the
+ host and port on which new connections should be
+ accepted. The host part (and colon) may be omitted.
+ Either host or port may be given in symbolic form (host
+ or service name) or in numeric form (IP address or port
+ number). Host information may be enclosed inside "[]";
+ this form is necessary only with IPv6 addresses.
+
+ Examples: a service named <b>127.0.0.1:smtp</b> or <b>::1:smtp</b>
+ receives mail via the loopback interface only; and a ser-
+ vice named <b>10025</b> accepts connections on TCP port 10025
+ via all interfaces configured with the <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
+ parameter.
+
+ Note: with Postfix version 2.2 and later specify
+ "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only</b>" in <a href="postconf.5.html">main.cf</a>, instead of
+ hard-coding loopback IP address information in <a href="master.5.html">master.cf</a>
+ or in <a href="postconf.5.html">main.cf</a>.
+
+ <b>unix</b> The service listens on a UNIX-domain socket and is acces-
+ sible for local clients only.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ On Solaris 8 and earlier systems the <b>unix</b> type is imple-
+ mented with streams sockets.
+
+ <b>fifo</b> The service listens on a FIFO (named pipe) and is acces-
+ sible for local clients only.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ <b>pass</b> The service listens on a UNIX-domain socket, and is
+ accessible to local clients only. It receives one open
+ connection (file descriptor passing) per connection
+ request.
+
+ The service name is a pathname relative to the Postfix
+ queue directory (pathname controlled with the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration parameter in <a href="postconf.5.html">main.cf</a>).
+
+ On Solaris 8 and earlier systems the <b>pass</b> type is imple-
+ mented with streams sockets.
+
+ This feature is available as of Postfix version 2.5.
<b>Private (default: y)</b>
- Whether or not access is restricted to the mail
- system. Internet (type <b>inet</b>) services can't be
- private.
+ Whether or not access is restricted to the mail system. Inter-
+ net (type <b>inet</b>) services can't be private.
<b>Unprivileged (default: y)</b>
- Whether the service runs with root privileges or as
- the owner of the Postfix system (the owner name is
- controlled by the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> configuration variable
- in the <a href="postconf.5.html">main.cf</a> file).
+ Whether the service runs with root privileges or as the owner of
+ the Postfix system (the owner name is controlled by the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> configuration variable in the <a href="postconf.5.html">main.cf</a> file).
- The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a>
- daemons require privileges.
+ The <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons require
+ privileges.
<b>Chroot (default: y)</b>
- Whether or not the service runs chrooted to the
- mail queue directory (pathname is controlled by the
- <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> configuration variable in the
- <a href="postconf.5.html">main.cf</a> file).
-
- Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>,
- <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>, and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons.
- Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run chrooted,
- doing so defeats most of the purpose of having that
+ Whether or not the service runs chrooted to the mail queue
+ directory (pathname is controlled by the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> config-
+ uration variable in the <a href="postconf.5.html">main.cf</a> file).
+
+ Chroot should not be used with the <a href="local.8.html"><b>local</b>(8)</a>, <a href="pipe.8.html"><b>pipe</b>(8)</a>, <a href="spawn.8.html"><b>spawn</b>(8)</a>,
+ and <a href="virtual.8.html"><b>virtual</b>(8)</a> daemons. Although the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server can run
+ chrooted, doing so defeats most of the purpose of having that
service in the first place.
- The files in the examples/chroot-setup subdirectory
- of the Postfix source archive show set up a Postfix
- chroot environment on a variety of systems. See
- also <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> for issues related
- to running daemons chrooted.
+ The files in the examples/chroot-setup subdirectory of the Post-
+ fix source archive show set up a Postfix chroot environment on a
+ variety of systems. See also <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> for
+ issues related to running daemons chrooted.
<b>Wake up time (default: 0)</b>
- Automatically wake up the named service after the
- specified number of seconds. The wake up is imple-
- mented by connecting to the service and sending a
- wake up request. A ? at the end of the wake-up
- time field requests that no wake up events be sent
- before the first time a service is used. Specify 0
- for no automatic wake up.
+ Automatically wake up the named service after the specified num-
+ ber of seconds. The wake up is implemented by connecting to the
+ service and sending a wake up request. A ? at the end of the
+ wake-up time field requests that no wake up events be sent
+ before the first time a service is used. Specify 0 for no auto-
+ matic wake up.
- The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require
- a wake up timer.
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a>, <a href="qmgr.8.html"><b>qmgr</b>(8)</a> and <a href="flush.8.html"><b>flush</b>(8)</a> daemons require a wake up
+ timer.
<b>Process limit (default: $<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
- The maximum number of processes that may execute
- this service simultaneously. Specify 0 for no
- process count limit.
+ The maximum number of processes that may execute this service
+ simultaneously. Specify 0 for no process count limit.
- NOTE: Some Postfix services must be configured as a
- single-process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and
- some services must be configured with no process
- limit (for example, <a href="cleanup.8.html"><b>cleanup</b>(8)</a>). These limits must
- not be changed.
+ NOTE: Some Postfix services must be configured as a single-
+ process service (for example, <a href="qmgr.8.html"><b>qmgr</b>(8)</a>) and some services must be
+ configured with no process limit (for example, <a href="cleanup.8.html"><b>cleanup</b>(8)</a>).
+ These limits must not be changed.
<b>Command name + arguments</b>
- The command to be executed. Characters that are
- special to the shell such as ">" or "|" have no
- special meaning here, and quotes cannot be used to
- protect arguments containing whitespace.
-
- The command name is relative to the Postfix daemon
- directory (pathname is controlled by the <b><a href="postconf.5.html#daemon_directory">dae</a>-</b>
- <b><a href="postconf.5.html#daemon_directory">mon_directory</a></b> configuration variable).
-
- The command argument syntax for specific commands
- is specified in the respective daemon manual page.
-
- The following command-line options have the same
- effect for all daemon programs:
-
- <b>-D</b> Run the daemon under control by the command
- specified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> variable
- in the <a href="postconf.5.html">main.cf</a> configuration file. See
- <a href="DEBUG_README.html">DEBUG_README</a> for hints and tips.
-
- <b>-o <i></b>name</i>=<i>value</i>
- Override the named <a href="postconf.5.html">main.cf</a> configuration
- parameter. The parameter value can refer to
- other parameters as <i>$name</i> etc., just like in
- <a href="postconf.5.html">main.cf</a>. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
-
- NOTE 1: do not specify whitespace around the
- "=" or in parameter values. To specify a
- parameter value that contains whitespace,
- use commas instead of spaces, or specify the
- value in <a href="postconf.5.html">main.cf</a>. Example:
+ The command to be executed. Characters that are special to the
+ shell such as ">" or "|" have no special meaning here, and
+ quotes cannot be used to protect arguments containing white-
+ space.
+
+ The command name is relative to the Postfix daemon directory
+ (pathname is controlled by the <b><a href="postconf.5.html#daemon_directory">daemon_directory</a></b> configuration
+ variable).
+
+ The command argument syntax for specific commands is specified
+ in the respective daemon manual page.
+
+ The following command-line options have the same effect for all
+ daemon programs:
+
+ <b>-D</b> Run the daemon under control by the command specified
+ with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> variable in the <a href="postconf.5.html">main.cf</a> config-
+ uration file. See <a href="DEBUG_README.html">DEBUG_README</a> for hints and tips.
+
+ <b>-o</b> <i>name</i>=<i>value</i>
+ Override the named <a href="postconf.5.html">main.cf</a> configuration parameter. The
+ parameter value can refer to other parameters as <i>$name</i>
+ etc., just like in <a href="postconf.5.html">main.cf</a>. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for syntax.
+
+ NOTE 1: do not specify whitespace around the "=" or in
+ parameter values. To specify a parameter value that con-
+ tains whitespace, use commas instead of spaces, or spec-
+ ify the value in <a href="postconf.5.html">main.cf</a>. Example:
/etc/postfix/<a href="master.5.html">master.cf</a>:
submission inet .... smtpd
/etc/postfix/<a href="postconf.5.html">main.cf</a>
submission_mumble = text with whitespace...
- NOTE 2: Over-zealous use of parameter over-
- rides makes the Postfix configuration hard
- to understand and maintain. At a certain
- point, it might be easier to configure mul-
- tiple instances of Postfix, instead of con-
- figuring multiple personalities via <a href="master.5.html">mas-
- ter.cf</a>.
+ NOTE 2: Over-zealous use of parameter overrides makes the
+ Postfix configuration hard to understand and maintain.
+ At a certain point, it might be easier to configure mul-
+ tiple instances of Postfix, instead of configuring multi-
+ ple personalities via <a href="master.5.html">master.cf</a>.
- <b>-v</b> Increase the verbose logging level. Specify
- multiple <b>-v</b> options to make a Postfix daemon
- process increasingly verbose.
+ <b>-v</b> Increase the verbose logging level. Specify multiple <b>-v</b>
+ options to make a Postfix daemon process increasingly
+ verbose.
<b>SEE ALSO</b>
<a href="master.8.html">master(8)</a>, process manager
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Initial version by
<b>master</b> [<b>-Ddtvw</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-e</b> <i>exit</i><b>_</b><i>time</i>]
<b>DESCRIPTION</b>
- The <a href="master.8.html"><b>master</b>(8)</a> daemon is the resident process that runs
- Postfix daemons on demand: daemons to send or receive mes-
- sages via the network, daemons to deliver mail locally,
- etc. These daemons are created on demand up to a config-
- urable maximum number per service.
-
- Postfix daemons terminate voluntarily, either after being
- idle for a configurable amount of time, or after having
- serviced a configurable number of requests. Exceptions to
- this rule are the resident queue manager, address verifi-
- cation server, and the TLS session cache and pseudo-random
- number server.
-
- The behavior of the <a href="master.8.html"><b>master</b>(8)</a> daemon is controlled by the
- <a href="master.5.html"><b>master.cf</b></a> configuration file, as described in <a href="master.5.html"><b>master</b>(5)</a>.
+ The <a href="master.8.html"><b>master</b>(8)</a> daemon is the resident process that runs Postfix daemons
+ on demand: daemons to send or receive messages via the network, daemons
+ to deliver mail locally, etc. These daemons are created on demand up
+ to a configurable maximum number per service.
+
+ Postfix daemons terminate voluntarily, either after being idle for a
+ configurable amount of time, or after having serviced a configurable
+ number of requests. Exceptions to this rule are the resident queue man-
+ ager, address verification server, and the TLS session cache and
+ pseudo-random number server.
+
+ The behavior of the <a href="master.8.html"><b>master</b>(8)</a> daemon is controlled by the <a href="master.5.html"><b>master.cf</b></a>
+ configuration file, as described in <a href="master.5.html"><b>master</b>(5)</a>.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
- in the named directory instead of the default con-
- figuration directory. This also overrides the con-
- figuration files for other Postfix daemon pro-
- cesses.
-
- <b>-D</b> After initialization, run a debugger on the master
- process. The debugging command is specified with
- the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> in the <a href="postconf.5.html"><b>main.cf</b></a> global configu-
- ration file.
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files in the named
+ directory instead of the default configuration directory. This
+ also overrides the configuration files for other Postfix daemon
+ processes.
- <b>-d</b> Do not redirect stdin, stdout or stderr to
- /dev/null, and do not discard the controlling ter-
- minal. This must be used for debugging only.
+ <b>-D</b> After initialization, run a debugger on the master process. The
+ debugging command is specified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> in the
+ <a href="postconf.5.html"><b>main.cf</b></a> global configuration file.
+
+ <b>-d</b> Do not redirect stdin, stdout or stderr to /dev/null, and do not
+ discard the controlling terminal. This must be used for debug-
+ ging only.
<b>-e</b> <i>exit</i><b>_</b><i>time</i>
- Terminate the master process after <i>exit</i><b>_</b><i>time</i> sec-
- onds. Child processes terminate at their conve-
- nience.
+ Terminate the master process after <i>exit</i><b>_</b><i>time</i> seconds. Child pro-
+ cesses terminate at their convenience.
- <b>-t</b> Test mode. Return a zero exit status when the <b>mas-</b>
- <b>ter.pid</b> lock file does not exist or when that file
- is not locked. This is evidence that the <a href="master.8.html"><b>master</b>(8)</a>
- daemon is not running.
+ <b>-t</b> Test mode. Return a zero exit status when the <b>master.pid</b> lock
+ file does not exist or when that file is not locked. This is
+ evidence that the <a href="master.8.html"><b>master</b>(8)</a> daemon is not running.
- <b>-v</b> Enable verbose logging for debugging purposes. This
- option is passed on to child processes. Multiple <b>-v</b>
- options make the software increasingly verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. This option is
+ passed on to child processes. Multiple <b>-v</b> options make the soft-
+ ware increasingly verbose.
- <b>-w</b> Wait in a dummy foreground process, while the real
- master daemon initializes in a background process.
- The dummy foreground process returns a zero exit
- status only if the master daemon initialization is
- successful, and if it completes in a reasonable
- amount of time.
+ <b>-w</b> Wait in a dummy foreground process, while the real master daemon
+ initializes in a background process. The dummy foreground
+ process returns a zero exit status only if the master daemon
+ initialization is successful, and if it completes in a reason-
+ able amount of time.
- This feature is available in Postfix 2.10 and
- later.
+ This feature is available in Postfix 2.10 and later.
Signals:
- <b>SIGHUP</b> Upon receipt of a <b>HUP</b> signal (e.g., after "<b>postfix</b>
- <b>reload</b>"), the master process re-reads its configu-
- ration files. If a service has been removed from
- the <a href="master.5.html"><b>master.cf</b></a> file, its running processes are ter-
- minated immediately. Otherwise, running processes
- are allowed to terminate as soon as is convenient,
- so that changes in configuration settings affect
- only new service requests.
+ <b>SIGHUP</b> Upon receipt of a <b>HUP</b> signal (e.g., after "<b>postfix reload</b>"), the
+ master process re-reads its configuration files. If a service
+ has been removed from the <a href="master.5.html"><b>master.cf</b></a> file, its running processes
+ are terminated immediately. Otherwise, running processes are
+ allowed to terminate as soon as is convenient, so that changes
+ in configuration settings affect only new service requests.
<b>SIGTERM</b>
- Upon receipt of a <b>TERM</b> signal (e.g., after "<b>postfix</b>
- <b>abort</b>"), the master process passes the signal on to
- its child processes and terminates. This is useful
- for an emergency shutdown. Normally one would ter-
- minate only the master ("<b>postfix stop</b>") and allow
+ Upon receipt of a <b>TERM</b> signal (e.g., after "<b>postfix abort</b>"), the
+ master process passes the signal on to its child processes and
+ terminates. This is useful for an emergency shutdown. Normally
+ one would terminate only the master ("<b>postfix stop</b>") and allow
running processes to finish what they are doing.
<b>DIAGNOSTICS</b>
- Problems are reported to <b>syslogd</b>(8). The exit status is
- non-zero in case of problems, including problems while
- initializing as a master daemon process in the background.
+ Problems are reported to <b>syslogd</b>(8). The exit status is non-zero in
+ case of problems, including problems while initializing as a master
+ daemon process in the background.
<b>ENVIRONMENT</b>
<b>MAIL_DEBUG</b>
- After initialization, start a debugger as specified
- with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter
- in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+ After initialization, start a debugger as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
+ ration file.
<b>MAIL_CONFIG</b>
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- Unlike most Postfix daemon processes, the <a href="master.8.html"><b>master</b>(8)</a> server
- does not automatically pick up changes to <a href="postconf.5.html"><b>main.cf</b></a>. Changes
- to <a href="master.5.html"><b>master.cf</b></a> are never picked up automatically. Use the
- "<b>postfix reload</b>" command after a configuration change.
+ Unlike most Postfix daemon processes, the <a href="master.8.html"><b>master</b>(8)</a> server does not
+ automatically pick up changes to <a href="postconf.5.html"><b>main.cf</b></a>. Changes to <a href="master.5.html"><b>master.cf</b></a> are
+ never picked up automatically. Use the "<b>postfix reload</b>" command after
+ a configuration change.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#default_process_limit">default_process_limit</a> (100)</b>
- The default maximal number of Postfix child pro-
- cesses that provide a given service.
+ The default maximal number of Postfix child processes that pro-
+ vide a given service.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#service_throttle_time">service_throttle_time</a> (60s)</b>
- How long the Postfix <a href="master.8.html"><b>master</b>(8)</a> waits before forking
- a server that appears to be malfunctioning.
+ How long the Postfix <a href="master.8.html"><b>master</b>(8)</a> waits before forking a server
+ that appears to be malfunctioning.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#master_service_disable">master_service_disable</a> (empty)</b>
- Selectively disable <a href="master.8.html"><b>master</b>(8)</a> listener ports by
- service type or by service name and type.
+ Selectively disable <a href="master.8.html"><b>master</b>(8)</a> listener ports by service type or
+ by service name and type.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
- The external command to execute when a Postfix dae-
- mon program is invoked with the -D option.
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail sys-
- tem receives mail on.
+ The network interface addresses that this mail system receives
+ mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use
- when making or accepting connections.
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
- process will import from a non-Postfix parent
- process.
+ The list of environment parameters that a Postfix process will
+ import from a non-Postfix parent process.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
- To expand the directory names below into their actual val-
-
ues, use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" etc.
+ To expand the directory names below into their actual values, use the
+ command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" etc.
$<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, global configuration file.
$<a href="postconf.5.html#config_directory">config_directory</a>/<a href="master.5.html">master.cf</a>, master server configuration file.
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="memcache_table.5.html">memcache</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
- Alternatively, lookup tables can be specified as memcache
- instances. To use memcache lookups, define a memcache
-
source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ Alternatively, lookup tables can be specified as memcache instances.
+ To use memcache lookups, define a memcache source as a lookup table in
+ <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="memcache_table.5.html">memcache</a>:/etc/postfix/memcache-aliases.cf
- The file /etc/postfix/memcache-aliases.cf has the same
- format as the Postfix <a href="postconf.5.html">main.cf</a> file, and specifies the
- parameters described below.
+ The file /etc/postfix/memcache-aliases.cf has the same format as the
+ Postfix <a href="postconf.5.html">main.cf</a> file, and specifies the parameters described below.
- The Postfix memcache client supports the lookup, update,
- delete and sequence (first/next) operations. The sequence
- operation requires a backup database that supports the
- operation.
+ The Postfix memcache client supports the lookup, update, delete and
+ sequence (first/next) operations. The sequence operation requires a
+ backup database that supports the operation.
<b>MEMCACHE MAIN PARAMETERS</b>
<b>memcache (default: inet:localhost:11211)</b>
- The memcache server (note: singular) that Postfix
- will try to connect to. For a TCP server specify
- "inet:" followed by a hostname or address, ":", and
- a port name or number. Specify an IPv6 address
- inside "[]". For a UNIX-domain server specify
+ The memcache server (note: singular) that Postfix will try to
+ connect to. For a TCP server specify "inet:" followed by a
+ hostname or address, ":", and a port name or number. Specify an
+ IPv6 address inside "[]". For a UNIX-domain server specify
"unix:" followed by the socket pathname. Examples:
memcache = inet:memcache.example.com:11211
memcache = inet:[fc00:8d00:189::3]:11211
memcache = unix:/path/to/socket
- NOTE: to access a UNIX-domain socket with the <a href="proxymap.8.html">prox-</a>
- <a href="proxymap.8.html">ymap(8)</a> server, the socket must be accessible by
- the unprivileged postfix user.
+ NOTE: to access a UNIX-domain socket with the <a href="proxymap.8.html">proxymap(8)</a>
+ server, the socket must be accessible by the unprivileged post-
+ fix user.
<b>backup (default: undefined)</b>
- An optional Postfix database that provides persis-
- tent backup for the memcache database. The Postfix
- memcache client will update the memcache database
- whenever it looks up or changes information in the
- persistent database. Specify a Postfix "<a href="DATABASE_README.html">type:table</a>"
+ An optional Postfix database that provides persistent backup for
+ the memcache database. The Postfix memcache client will update
+ the memcache database whenever it looks up or changes informa-
+ tion in the persistent database. Specify a Postfix "<a href="DATABASE_README.html">type:table</a>"
database. Examples:
# Non-shared postscreen cache.
# Shared postscreen cache for processes on the same host.
backup = <a href="proxymap.8.html">proxy</a>:<a href="DATABASE_README.html#types">btree</a>:/var/lib/postfix/<a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a>
- Access to remote proxymap servers is under develop-
- ment.
-
- NOTE 1: When sharing a persistent <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or
- <a href="verify.8.html"><b>verify</b>(8)</a> cache, disable automatic cache cleanup
- (set *_cache_cleanup_interval = 0) except with one
- Postfix instance that will be responsible for cache
- cleanup.
-
- NOTE 2: When multiple tables share the same mem-
- cache database, each table should use the <b>key_for-</b>
- <b>mat</b> feature (see below) to prepend its own unique
- string to the lookup key. Otherwise, automatic
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache cleanup may not
- work.
-
- NOTE 3: When the backup database is accessed with
- "<a href="proxymap.8.html">proxy</a>:" lookups, the full backup database name
- (including the "<a href="proxymap.8.html">proxy</a>:" prefix) must be specified
- in the proxymap server's <a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> or
- <a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> setting (depending on whether the
- access is read-only or read-write).
+ Access to remote proxymap servers is under development.
+
+ NOTE 1: When sharing a persistent <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a>
+ cache, disable automatic cache cleanup (set
+ *_cache_cleanup_interval = 0) except with one Postfix instance
+ that will be responsible for cache cleanup.
+
+ NOTE 2: When multiple tables share the same memcache database,
+ each table should use the <b>key_format</b> feature (see below) to
+ prepend its own unique string to the lookup key. Otherwise,
+ automatic <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache cleanup may not work.
+
+ NOTE 3: When the backup database is accessed with "<a href="proxymap.8.html">proxy</a>:"
+ lookups, the full backup database name (including the "<a href="proxymap.8.html">proxy</a>:"
+ prefix) must be specified in the proxymap server's
+ <a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> or <a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> setting (depending on
+ whether the access is read-only or read-write).
<b>flags (default: 0)</b>
- Optional flags that should be stored along with a
- memcache update. The flags are ignored when looking
- up information.
+ Optional flags that should be stored along with a memcache
+ update. The flags are ignored when looking up information.
<b>ttl (default: 3600)</b>
The expiration time in seconds of memcache updates.
- NOTE 1: When using a memcache table as
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache without persistent
- backup, specify a zero *_cache_cleanup_interval
- value with all Postfix instances that use the mem-
- cache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
- value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the mem-
- cache table's <b>ttl</b> value.
+ NOTE 1: When using a memcache table as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>ver-</b></a>
+ <a href="verify.8.html"><b>ify</b>(8)</a> cache without persistent backup, specify a zero
+ *_cache_cleanup_interval value with all Postfix instances that
+ use the memcache, and specify the largest <a href="postscreen.8.html"><b>postscreen</b>(8)</a> *_ttl
+ value or <a href="verify.8.html"><b>verify</b>(8)</a> *_expire_time value as the memcache table's
+ <b>ttl</b> value.
- NOTE 2: According to memcache protocol documenta-
- tion, a value greater than 30 days (2592000 sec-
- onds) specifies absolute UNIX time. Smaller values
- are relative to the time of the update.
+ NOTE 2: According to memcache protocol documentation, a value
+ greater than 30 days (2592000 seconds) specifies absolute UNIX
+ time. Smaller values are relative to the time of the update.
<b>MEMCACHE KEY PARAMETERS</b>
<b>key_format (default: %s)</b>
- Format of the lookup and update keys that the Post-
- fix memcache client sends to the memcache server.
- By default, these are the same as the lookup and
- update keys that the memcache client receives from
- Postfix applications.
+ Format of the lookup and update keys that the Postfix memcache
+ client sends to the memcache server. By default, these are the
+ same as the lookup and update keys that the memcache client
+ receives from Postfix applications.
- NOTE 1: The <b>key_format</b> feature is not used for
- <b>backup</b> database requests.
+ NOTE 1: The <b>key_format</b> feature is not used for <b>backup</b> database
+ requests.
- NOTE 2: When multiple tables share the same mem-
- cache database, each table should prepend its own
- unique string to the lookup key. Otherwise, auto-
- matic <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache cleanup may
- not work.
+ NOTE 2: When multiple tables share the same memcache database,
+ each table should prepend its own unique string to the lookup
+ key. Otherwise, automatic <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache
+ cleanup may not work.
Examples:
key_format = verify:%s
key_format = postscreen:%s
- The <b>key_format</b> parameter supports the following '%'
- expansions:
+ The <b>key_format</b> parameter supports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the memcache client
- input key.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, a lookup
- is silently suppressed and returns no
- results (an update is skipped with a warn-
- ing).
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the domain
- part of the address. Otherwise, a lookup is
- silently suppressed and returns no results
- (an update is skipped with a warning).
-
- <b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>key_format</b> parame-
- ter identically to their lower-case counter-
- parts.
-
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, a lookup is silently sup-
- pressed and returns no results (an update is
+ <b>%s</b> This is replaced by the memcache client input key.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, a lookup is silently
+ suppressed and returns no results (an update is skipped
+ with a warning).
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the domain part of the address. Other-
+ wise, a lookup is silently suppressed and returns no
+ results (an update is skipped with a warning).
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>key_format</b> parameter identically to their lower-
+ case counter-parts.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, a lookup is
+ silently suppressed and returns no results (an update is
skipped with a warning).
<b>domain (default: no domain list)</b>
- This feature can significantly reduce database
- server load. Specify a list of domain names, paths
- to files, or "<a href="DATABASE_README.html">type:table</a>" databases. When speci-
- fied, only fully qualified search keys with a *non-
- empty* localpart and a matching domain are eligible
- for lookup or update: bare 'user' lookups, bare
- domain lookups and "@domain" lookups are silently
- skipped (updates are skipped with a warning).
- Example:
+ This feature can significantly reduce database server load.
+ Specify a list of domain names, paths to files, or "<a href="DATABASE_README.html">type:table</a>"
+ databases. When specified, only fully qualified search keys
+ with a *non-empty* localpart and a matching domain are eligible
+ for lookup or update: bare 'user' lookups, bare domain lookups
+ and "@domain" lookups are silently skipped (updates are skipped
+ with a warning). Example:
domain = example.com, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
The maximal memcache reply line length in bytes.
<b>max_try (default: 2)</b>
- The number of times to try a memcache command
- before giving up. The memcache client does not
- retry a command when the memcache server accepts no
- connection.
+ The number of times to try a memcache command before giving up.
+ The memcache client does not retry a command when the memcache
+ server accepts no connection.
<b>retry_pause (default: 1)</b>
- The time in seconds before retrying a failed mem-
- cache command.
+ The time in seconds before retrying a failed memcache command.
<b>timeout (default: 2)</b>
- The time limit for sending a memcache command and
- for receiving a memcache reply.
+ The time limit for sending a memcache command and for receiving
+ a memcache reply.
<b>BUGS</b>
- The Postfix memcache client cannot be used for security-
- sensitive tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain
- "<i>|command</i> and "<i>/file/name</i>" destinations), or <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
- <b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>, <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b>
- (these specify UNIX process privileges or "<i>/file/name</i>"
- destinations). In a typical deployment a memcache data-
- base is writable by any process that can talk to the mem-
- cache server; in contrast, security-sensitive tables must
- never be writable by the unprivileged Postfix user.
-
- The Postfix memcache client requires additional configura-
- tion when used as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For
- details see the <b>backup</b> and <b>ttl</b> parameter discussions in
- the MEMCACHE MAIN PARAMETERS section above.
+ The Postfix memcache client cannot be used for security-sensitive
+ tables such as <b><a href="postconf.5.html#alias_maps">alias_maps</a></b> (these may contain "<i>|command</i> and "<i>/file/name</i>"
+ destinations), or <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b>, <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mail</a>-</b>
+ <b><a href="postconf.5.html#virtual_mailbox_maps">box_maps</a></b> (these specify UNIX process privileges or "<i>/file/name</i>" desti-
+ nations). In a typical deployment a memcache database is writable by
+ any process that can talk to the memcache server; in contrast, secu-
+ rity-sensitive tables must never be writable by the unprivileged Post-
+ fix user.
+
+ The Postfix memcache client requires additional configuration when used
+ as <a href="postscreen.8.html"><b>postscreen</b>(8)</a> or <a href="verify.8.html"><b>verify</b>(8)</a> cache. For details see the <b>backup</b> and
+ <b>ttl</b> parameter discussions in the MEMCACHE MAIN PARAMETERS section
+ above.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="MEMCACHE_README.html">MEMCACHE_README</a>, Postfix memcache client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- Memcache support was introduced with Postfix version 2.9.
+ Memcache support was introduced with Postfix version 2.9.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="mysql_table.5.html">mysql</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
- Alternatively, lookup tables can be specified as MySQL
- databases. In order to use MySQL lookups, define a MySQL
-
source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ Alternatively, lookup tables can be specified as MySQL databases. In
+ order to use MySQL lookups, define a MySQL source as a lookup table in
+ <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="mysql_table.5.html">mysql</a>:/etc/mysql-aliases.cf
- The file /etc/postfix/mysql-aliases.cf has the same format
- as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parame-
- ters described below.
+ The file /etc/postfix/mysql-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
<b>BACKWARDS COMPATIBILITY</b>
- For compatibility with other Postfix lookup tables, MySQL
- parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do
- that, specify as MySQL source a name that doesn't begin
- with a slash or a dot. The MySQL parameters will then be
- accessible as the name you've given the source in its def-
- inition, an underscore, and the name of the parameter.
- For example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>",
- the parameter "hosts" below would be defined in <a href="postconf.5.html">main.cf</a> as
- "<i>mysqlname</i>_hosts".
-
- Note: with this form, the passwords for the MySQL sources
- are written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable.
- Support for this form will be removed in a future Postfix
- version.
-
- Normally, the SQL query is specified via a single <b>query</b>
- parameter (described in more detail below). When this
- parameter is not specified in the map definition, Postfix
- reverts to an older interface, with the SQL query con-
- structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
- <b>additional_conditions</b> parameters. The old interface will
- be gradually phased out. To migrate to the new interface
- set:
+ For compatibility with other Postfix lookup tables, MySQL parameters
+ can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as MySQL
+ source a name that doesn't begin with a slash or a dot. The MySQL
+ parameters will then be accessible as the name you've given the source
+ in its definition, an underscore, and the name of the parameter. For
+ example, if the map is specified as "<a href="mysql_table.5.html">mysql</a>:<i>mysqlname</i>", the parameter
+ "hosts" below would be defined in <a href="postconf.5.html">main.cf</a> as "<i>mysqlname</i>_hosts".
+
+ Note: with this form, the passwords for the MySQL sources are written
+ in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this form
+ will be removed in a future Postfix version.
+
+ Normally, the SQL query is specified via a single <b>query</b> parameter
+ (described in more detail below). When this parameter is not specified
+ in the map definition, Postfix reverts to an older interface, with the
+ SQL query constructed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
+ <b>additional_conditions</b> parameters. The old interface will be gradually
+ phased out. To migrate to the new interface set:
<b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
FROM [<i>table</i>]
WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
[<i>additional</i><b>_</b><i>conditions</i>]
- Insert the value, not the name, of each legacy parameter.
- Note that the <b>additional_conditions</b> parameter is optional
- and if not empty, will always start with <b>AND</b>.
+ Insert the value, not the name, of each legacy parameter. Note that the
+ <b>additional_conditions</b> parameter is optional and if not empty, will
+ always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
- When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
- <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
- is important to understand that the table must store each
- list member as a separate key. The table lookup verifies
- the *existence* of the key. See "Postfix lists versus
- tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
- in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
- DO create tables with each matching item as a key and with
- an arbitrary value. With SQL databases it is not uncommon
- to return the key itself or a constant value.
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
<b>MYSQL PARAMETERS</b>
- <b>hosts</b> The hosts that Postfix will try to connect to and
- query from. Specify <i>unix:</i> for UNIX domain sockets,
- <i>inet:</i> for TCP connections (default). Example:
+ <b>hosts</b> The hosts that Postfix will try to connect to and query from.
+ Specify <i>unix:</i> for UNIX domain sockets, <i>inet:</i> for TCP connections
+ (default). Example:
hosts = host1.some.domain host2.some.domain:port
hosts = unix:/file/name
- The hosts are tried in random order, with all con-
- nections over UNIX domain sockets being tried
- before those over TCP. The connections are auto-
- matically closed after being idle for about 1
- minute, and are re-opened as necessary. Postfix
- versions 2.0 and earlier do not randomize the host
- order.
-
- NOTE: if you specify localhost as a hostname (even
- if you prefix it with <i>inet:</i>), MySQL will connect to
- the default UNIX domain socket. In order to
- instruct MySQL to connect to localhost over TCP you
- have to specify
+ The hosts are tried in random order, with all connections over
+ UNIX domain sockets being tried before those over TCP. The con-
+ nections are automatically closed after being idle for about 1
+ minute, and are re-opened as necessary. Postfix versions 2.0 and
+ earlier do not randomize the host order.
+
+ NOTE: if you specify localhost as a hostname (even if you prefix
+ it with <i>inet:</i>), MySQL will connect to the default UNIX domain
+ socket. In order to instruct MySQL to connect to localhost over
+ TCP you have to specify
hosts = 127.0.0.1
<b>user, password</b>
- The user name and password to log into the mysql
- server. Example:
+ The user name and password to log into the mysql server. Exam-
+ ple:
user = someone
password = some_password
<b>dbname</b> The database name on the servers. Example:
dbname = customer_database
- <b>query</b> The SQL query template used to search the database,
- where <b>%s</b> is a substitute for the address Postfix is
- trying to resolve, e.g.
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
- This parameter supports the following '%' expan-
- sions:
+ This parameter supports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the input key. SQL
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, the
- query is suppressed and returns no results.
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the SQL
- quoted domain part of the address. Other-
- wise, the query is suppressed and returns no
- results.
-
- <b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query</b> parameter
- identically to their lower-case counter-
- parts. With the <b>result_format</b> parameter
- (see below), they expand the input key
- rather than the result value.
-
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the query is suppressed and
- returns no results.
-
- The <b>domain</b> parameter described below limits the
- input keys to addresses in matching domains. When
- the <b>domain</b> parameter is non-empty, SQL queries for
- unqualified addresses or addresses in non-matching
- domains are suppressed and return no results.
-
- This parameter is available with Postfix 2.2. In
- prior releases the SQL query was built from the
- separate parameters: <b>select_field</b>, <b>table</b>,
- <b>where_field</b> and <b>additional_conditions</b>. The mapping
- from the old parameters to the equivalent query is:
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is non-
+ empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ This parameter is available with Postfix 2.2. In prior releases
+ the SQL query was built from the separate parameters:
+ <b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>. The
+ mapping from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The '%s' in the <b>WHERE</b> clause expands to the escaped
- search string. With Postfix 2.2 these legacy
- parameters are used if the <b>query</b> parameter is not
- specified.
+ The '%s' in the <b>WHERE</b> clause expands to the escaped search
+ string. With Postfix 2.2 these legacy parameters are used if
+ the <b>query</b> parameter is not specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
- Format template applied to result attributes. Most
- commonly used to append (or prepend) text to the
- result. This parameter supports the following '%'
- expansions:
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
- skipped.
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
- <b>%u</b> When the result attribute value is an
- address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
- When the result has an empty localpart it is
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
- the domain part of the attribute value. When
- the result is unqualified it is skipped.
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
- interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query</b>, and
- in fact because the input key is known in
- advance, queries whose key does not contain
- all the information specified in the result
- template are suppressed and return no
- results.
-
- For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
- allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and parame-
- ter explained below allows one to restrict the num-
- ber of values in the result, which is especially
- useful for maps that must return at most one value.
-
- The default value <b>%s</b> specifies that each result
- value should be used as is.
-
- This parameter is available with Postfix 2.2 and
- later.
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
- the query load on the MySQL server.
+ This is a list of domain names, paths to files, or dictionaries.
+ When specified, only fully qualified search keys with a *non-
+ empty* localpart and a matching domain are eligible for lookup:
+ 'user' lookups, bare domain lookups and "@domain" lookups are
+ not performed. This can significantly reduce the query load on
+ the MySQL server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
- It is best not to use SQL to store the domains eli-
- gible for SQL lookups.
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
- This parameter is available with Postfix 2.2 and
- later.
+ This parameter is available with Postfix 2.2 and later.
- NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
- aliases, because the input keys are always unquali-
- fied.
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
- that lookups do not return multiple values.
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
<b>option_file</b>
- Read options from the given file instead of the
- default my.cnf location.
+ Read options from the given file instead of the default my.cnf
+ location.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>option_group</b>
Read options from the given group.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>tls_cert_file</b>
File containing client's X509 certificate.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>tls_key_file</b>
- File containing the private key corresponding to
- <b>tls_cert_file</b>.
+ File containing the private key corresponding to <b>tls_cert_file</b>.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>tls_CAfile</b>
- File containing certificates for all of the X509
- Certificate Authorities the client will recognize.
- Takes precedence over <b>tls_CApath</b>.
+ File containing certificates for all of the X509 Certificate
+ Authorities the client will recognize. Takes precedence over
+ <b>tls_CApath</b>.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>tls_CApath</b>
- Directory containing X509 Certificate Authority
- certificates in separate individual files.
+ Directory containing X509 Certificate Authority certificates in
+ separate individual files.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>tls_verify_cert (default: no)</b>
- Verify that the server's name matches the common
- name in the certficate.
+ Verify that the server's name matches the common name in the
+ certficate.
- This parameter is available with Postfix 2.11 and
- later.
+ This parameter is available with Postfix 2.11 and later.
<b>OBSOLETE QUERY INTERFACE</b>
- This section describes an interface that is deprecated as
- of Postfix 2.2. It is replaced by the more general <b>query</b>
- interface described above. If the <b>query</b> parameter is
- defined, the legacy parameters described here ignored.
- Please migrate to the new interface as the legacy inter-
- face may be removed in a future release.
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface described
+ above. If the <b>query</b> parameter is defined, the legacy parameters
+ described here ignored. Please migrate to the new interface as the
+ legacy interface may be removed in a future release.
- The following parameters can be used to fill in a SELECT
- template statement of the form:
+ The following parameters can be used to fill in a SELECT template
+ statement of the form:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The specifier %s is replaced by the search string, and is
- escaped so if it contains single quotes or other odd char-
- acters, it will not cause a parse error, or worse, a secu-
- rity problem.
+ The specifier %s is replaced by the search string, and is escaped so if
+ it contains single quotes or other odd characters, it will not cause a
+ parse error, or worse, a security problem.
<b>select_field</b>
The SQL "select" parameter. Example:
<a href="MYSQL_README.html">MYSQL_README</a>, Postfix MYSQL client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
MySQL support was introduced with Postfix version 1.0.
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to
- Sendmail compatibility interface. For the sake of compat-
- ibility with existing applications, some Sendmail command-
- line options are recognized but silently ignored.
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
- By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from stan-
- dard input until EOF or until it reads a line with only a
- <b>.</b> character, and arranges for delivery. Postfix <a href="sendmail.1.html"><b>send-</b></a>
- <a href="sendmail.1.html"><b>mail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command to create a
- queue file in the <b>maildrop</b> directory.
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common
- modes of operation:
+ Specific command aliases are provided for other common modes of opera-
+ tion:
- <b>mailq</b> List the mail queue. Each entry shows the queue
- file ID, message size, arrival time, sender, and
- the recipients that still need to be delivered. If
- mail could not be delivered upon the last attempt,
- the reason for failure is shown. The queue ID
- string is followed by an optional status character:
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
- <b>*</b> The message is in the <b>active</b> queue, i.e. the
- message is selected for delivery.
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no
- further delivery attempt will be made until
- the mail is taken off hold.
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
- This mode of operation is implemented by executing
-
the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
<b>newaliases</b>
- Initialize the alias database. If no input file is
- specified (with the <b>-oA</b> option, see below), the
- program processes the file(s) specified with the
- <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parameter. If no
- alias database type is specified, the program uses
- the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b>
- configuration parameter. This mode of operation is
- implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
-
- Note: it may take a minute or so before an alias
- database update becomes visible. Use the "<b>postfix</b>
- <b>reload</b>" command to eliminate this delay.
-
- These and other features can be selected by specifying the
- appropriate combination of command-line options. Some fea-
- tures are controlled by parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
- ration file.
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
The following options are recognized:
<b>-Am</b> (ignored)
<b>-Ac</b> (ignored)
- Postfix sendmail uses the same configuration file
- regardless of whether or not a message is an ini-
- tial submission.
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
<b>-B</b> <i>body</i><b>_</b><i>type</i>
The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
- <b>-bd</b> Go into daemon mode. This mode of operation is
- implemented by executing the "<b>postfix start</b>" com-
- mand.
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
<b>-bh</b> (ignored)
<b>-bH</b> (ignored)
Postfix has no persistent host status database.
- <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-bl</b> Go into daemon mode. To accept only local connec-
- tions as with Sendmail's <b>-bl</b> option, specify
- "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in the Postfix <a href="postconf.5.html"><b>main.cf</b></a>
- configuration file.
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
- <b>-bm</b> Read mail from standard input and arrange for
- delivery. This is the default mode of operation.
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
- <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
- from standard input, and write responses to stan-
- dard output. In stand-alone SMTP server mode, mail
- relaying and other access controls are disabled by
- default. To enable them, run the process as the
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
- This mode of operation is implemented by running
- the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
- <b>-bv</b> Do not collect or deliver a message. Instead, send
- an email report after verifying each recipient
- address. This is useful for testing address
- rewriting and routing configurations.
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
- This feature is available in Postfix version 2.1
- and later.
+ This feature is available in Postfix version 2.1 and later.
<b>-C</b> <i>config</i><b>_</b><i>file</i>
<b>-C</b> <i>config</i><b>_</b><i>dir</i>
- The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of
- its parent directory. This information is ignored
- with Postfix versions before 2.3.
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
- With all Postfix versions, you can specify a direc-
- tory pathname with the MAIL_CONFIG environment
- variable to override the location of configuration
- files.
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
- Set the sender full name. This overrides the NAME
- environment variable, and is used only with mes-
- sages that have no <b>From:</b> message header.
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
<b>-f</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial
- user submission. Either do not rewrite addresses
- at all, or update incomplete addresses with the
- domain information specified with <b>remote_header_re-</b>
- <b>write_domain</b>.
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
- This option is ignored before Postfix version 2.3.
+ This option is ignored before Postfix version 2.3.
<b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
- Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configura-
- tion parameter instead.
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
- <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
- The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configura-
- tion parameter instead.
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
<b>-m</b> (ignored)
Backwards compatibility.
<b>-N</b> <i>dsn</i> (default: 'delay, failure')
- Delivery status notification control. Specify
- either a comma-separated list with one or more of
- <b>failure</b> (send notification when delivery fails),
- <b>delay</b> (send notification when delivery is delayed),
- or <b>success</b> (send notification when the message is
- delivered); or specify <b>never</b> (don't send any noti-
- fications at all).
+ Delivery status notification control. Specify either a comma-
+ separated list with one or more of <b>failure</b> (send notification
+ when delivery fails), <b>delay</b> (send notification when delivery is
+ delayed), or <b>success</b> (send notification when the message is
+ delivered); or specify <b>never</b> (don't send any notifications at
+ all).
This feature is available in Postfix 2.3 and later.
Backwards compatibility.
<b>-oA</b><i>alias</i><b>_</b><i>database</i>
- Non-default alias database. Specify <i>pathname</i> or
-
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-O</b> <i>option=value</i> (ignored)
- Set the named <i>option</i> to <i>value</i>. Use the equivalent
-
configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate
- MIME encapsulation and specify the appropriate <b>-B</b>
- command-line option.
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
- The sender is never eliminated from alias etc.
- expansions.
+ The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
-
ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
<b>-R</b> <i>return</i>
- Delivery status notification control. Specify
- "hdrs" to return only the header when a message
- bounces, "full" to return a full copy (the default
- behavior).
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
- The <b>-R</b> option specifies an upper bound; Postfix
- will return only the header, when a full copy would
- exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> setting.
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is imple-
-
mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
- Warning: flushing undeliverable mail frequently
- will result in poor delivery performance of all
- other mail.
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the
- <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
<b>-qI</b><i>queueid</i>
- Schedule immediate delivery of mail with the speci-
- fied queue ID. This option is implemented by exe-
- cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
- with Postfix version 2.4 and later.
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
- Schedule immediate delivery of all mail that is
- queued for the named <i>site</i>. This option accepts only
- <i>site</i> names that are eligible for the "fast flush"
- service, and is implemented by executing the
- <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
- mation about the "fast flush" service.
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
<b>-qS</b><i>site</i>
- This command is not implemented. Use the slower
- "<b>sendmail -q</b>" command instead.
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
- <b>-t</b> Extract recipients from message headers. These are
- added to any recipients specified on the command
- line.
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
- With Postfix versions prior to 2.1, this option
- requires that no recipient addresses are specified
- on the command line.
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
<b>-U</b> (ignored)
Initial user submission.
<b>-V</b> <i>envid</i>
- Specify the envelope ID for notification by servers
- that support DSN.
+ Specify the envelope ID for notification by servers that support
+ DSN.
This feature is available in Postfix 2.3 and later.
<b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
- Variable Envelope Return Path. Given an envelope
- sender address of the form <i>owner-listname</i>@<i>origin</i>,
- each recipient <i>user</i>@<i>domain</i> receives mail with a
- personalized envelope sender address.
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
- By default, the personalized envelope sender
- address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
- default <b>+</b> and <b>=</b> characters are configurable with
- the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration parame-
- ter.
+ By default, the personalized envelope sender address is <i>owner-</i>
+ <i>listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> characters are
+ configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
+ parameter.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
- As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter
- characters, instead of the characters specified
- with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
- parameter.
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt
- (Postfix versions 2.1 and later). Mail delivery
- always happens in the background. When multiple <b>-v</b>
- options are given, enable verbose logging for
- debugging purposes.
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
- Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
- <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters instead.
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted, possibly
- remote, users. Thus, the usual precautions need to be
- taken against malicious inputs.
+ By design, this program is not set-user (or group) id. However, it must
+ handle data from untrusted, possibly remote, users. Thus, the usual
+ precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
- error stream.
+ Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>MAIL_DEBUG</b> (value does not matter)
- Enable debugging with an external command, as spec-
- ified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
- parameter.
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with mes-
- sages that have no <b>From:</b> message header. See also
- the <b>-F</b> option above.
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
- Controls how the Postfix sendmail command converts
- email message line endings from <CR><LF> into UNIX
- format (<LF>).
+ Controls how the Postfix sendmail command converts email message
+ line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble
- shoot a Postfix system.
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
- The external command to execute when a Postfix dae-
- mon program is invoked with the -D option.
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b>ACCESS CONTROLS</b>
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to flush the
- queue.
+ List of users who are authorized to flush the queue.
<b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail
- with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
- leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
- The maximal number of attempts to fork() a child
- process.
+ The maximal number of attempts to fork() a child process.
<b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
- The delay between attempts to fork() a child
- process.
+ The delay between attempts to fork() a child process.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
- that is allowed in the primary message headers.
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
- manager; prior to Postfix 2.4 the default value was
- 1000s.
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
- details for the Postfix "fast flush" service.
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for
- per-destination logfiles with mail that is queued
- to those destinations.
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
- path addresses.
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
- and in SMTP commands.
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
- updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
- The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of
- the message headers of mail that is still queued.
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
- Report mail delivery errors to the address speci-
- fied with the non-standard Errors-To: message
- header, instead of the envelope sender address
- (this feature is removed with Postfix version 2.2,
- is turned off by default with Postfix version 2.1,
- and is always turned on with older Postfix ver-
- sions).
+ Report mail delivery errors to the address specified with the
+ non-standard Errors-To: message header, instead of the envelope
+ sender address (this feature is removed with Postfix version
+ 2.2, is turned off by default with Postfix version 2.1, and is
+ always turned on with older Postfix versions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix, mail queue
syslogd(8), system logging
<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - "<a href="nisplus_table.5.html">nisplus</a>:[</b><i>name</i><b>=%s];</b><i>name.name.</i><b>"</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional lookup tables.
- These tables are usually in <b>dbm</b> or <b>db</b> format. Alterna-
- tively, lookup tables can be specified as NIS+ databases.
+ The Postfix mail system uses optional lookup tables. These tables are
+ usually in <b>dbm</b> or <b>db</b> format. Alternatively, lookup tables can be spec-
+ ified as NIS+ databases.
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
- To test Postfix NIS+ lookup tables, use the "<b>postmap -q</b>"
- command as described in the SYNOPSIS above.
+ To test Postfix NIS+ lookup tables, use the "<b>postmap -q</b>" command as
+ described in the SYNOPSIS above.
<b>QUERY SYNTAX</b>
- Most of the NIS+ query is specified via the NIS+ map name.
- The general format of a Postfix NIS+ map name is as fol-
- lows:
+ Most of the NIS+ query is specified via the NIS+ map name. The general
+ format of a Postfix NIS+ map name is as follows:
<b><a href="nisplus_table.5.html">nisplus</a>:[</b><i>name</i><b>=%s];</b><i>name.name.name</i><b>.:</b><i>column</i>
- Postfix NIS+ map names differ from what one normally would
- use with commands such as <b>niscat</b>:
+ Postfix NIS+ map names differ from what one normally would use with
+ commands such as <b>niscat</b>:
- <b>o</b> With each NIS+ table lookup, "<b>%s</b>" is replaced by a
- version of the lookup string. There can be only
- one "<b>%s</b>" instance in a Postfix NIS+ map name.
+ <b>o</b> With each NIS+ table lookup, "<b>%s</b>" is replaced by a version of
+ the lookup string. There can be only one "<b>%s</b>" instance in a
+ Postfix NIS+ map name.
- <b>o</b> Postfix NIS+ map names use "<b>;</b>" instead of "<b>,</b>",
- because the latter character is special in the
- Postfix <a href="postconf.5.html">main.cf</a> file. Postfix replaces "<b>;</b>" charac-
- ters in the map name by "<b>,</b>" before making NIS+
- queries.
+ <b>o</b> Postfix NIS+ map names use "<b>;</b>" instead of "<b>,</b>", because the lat-
+ ter character is special in the Postfix <a href="postconf.5.html">main.cf</a> file. Postfix
+ replaces "<b>;</b>" characters in the map name by "<b>,</b>" before making
+ NIS+ queries.
- <b>o</b> The ":<i>column</i>" part in the NIS+ map name is not part
- of the actual NIS+ query. Instead, it specifies the
- number of the table column that provides the lookup
- result. When no ":<i>column</i>" is specified the first
- column (1) is used.
+ <b>o</b> The ":<i>column</i>" part in the NIS+ map name is not part of the
+ actual NIS+ query. Instead, it specifies the number of the table
+ column that provides the lookup result. When no ":<i>column</i>" is
+ specified the first column (1) is used.
<b>EXAMPLE</b>
A NIS+ aliases map might be queried as follows:
- <a href="postconf.5.html#alias_maps">alias_maps</a> = dbm:/etc/mail/aliases,
+ <a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="DATABASE_README.html#types">dbm</a>:/etc/mail/aliases,
<a href="nisplus_table.5.html">nisplus</a>:[alias=%s];mail_aliases.org_dir.$<a href="postconf.5.html#mydomain">mydomain</a>.:1
- This queries the local aliases file before the NIS+ file.
+ This queries the local aliases file before the NIS+ file.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Geoff Gibbs
<b>oqmgr</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon awaits the arrival of incoming mail
- and arranges for its delivery via Postfix delivery pro-
- cesses. The actual mail routing strategy is delegated to
- the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This program expects to be
- run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon awaits the arrival of incoming mail and arranges
+ for its delivery via Postfix delivery processes. The actual mail rout-
+ ing strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- Mail addressed to the local <b>double-bounce</b> address is
- logged and discarded. This stops potential loops caused
- by undeliverable bounce notifications.
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
+ carded. This stops potential loops caused by undeliverable bounce
+ notifications.
<b>MAIL QUEUES</b>
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon maintains the following queues:
<b>incoming</b>
- Inbound mail from the network, or mail picked up by
- the local <a href="pickup.8.html"><b>pickup</b>(8)</a> agent from the <b>maildrop</b> direc-
- tory.
+ Inbound mail from the network, or mail picked up by the local
+ <a href="pickup.8.html"><b>pickup</b>(8)</a> agent from the <b>maildrop</b> directory.
- <b>active</b> Messages that the queue manager has opened for
- delivery. Only a limited number of messages is
- allowed to enter the <b>active</b> queue (leaky bucket
- strategy, for a fixed delivery rate).
+ <b>active</b> Messages that the queue manager has opened for delivery. Only a
+ limited number of messages is allowed to enter the <b>active</b> queue
+ (leaky bucket strategy, for a fixed delivery rate).
<b>deferred</b>
- Mail that could not be delivered upon the first
- attempt. The queue manager implements exponential
- backoff by doubling the time between delivery
- attempts.
+ Mail that could not be delivered upon the first attempt. The
+ queue manager implements exponential backoff by doubling the
+ time between delivery attempts.
<b>corrupt</b>
- Unreadable or damaged queue files are moved here
- for inspection.
+ Unreadable or damaged queue files are moved here for inspection.
- <b>hold</b> Messages that are kept "on hold" are kept here
- until someone sets them free.
+ <b>hold</b> Messages that are kept "on hold" are kept here until someone
+ sets them free.
<b>DELIVERY STATUS REPORTS</b>
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon keeps an eye on per-message delivery
- status reports in the following directories. Each status
- report file has the same name as the corresponding message
- file:
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon keeps an eye on per-message delivery status reports
+ in the following directories. Each status report file has the same name
+ as the corresponding message file:
- <b>bounce</b> Per-recipient status information about why mail is
- bounced. These files are maintained by the
- <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
+ <b>bounce</b> Per-recipient status information about why mail is bounced.
+ These files are maintained by the <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
- <b>defer</b> Per-recipient status information about why mail is
- delayed. These files are maintained by the
- <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
+ <b>defer</b> Per-recipient status information about why mail is delayed.
+ These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
- <b>trace</b> Per-recipient status information as requested with
- the Postfix "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" com-
- mand. These files are maintained by the <a href="trace.8.html"><b>trace</b>(8)</a>
- daemon.
+ <b>trace</b> Per-recipient status information as requested with the Postfix
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
+ tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is responsible for asking the
- <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery
- reports.
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a>
+ or <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery reports.
<b>STRATEGIES</b>
- The queue manager implements a variety of strategies for
- either opening queue files (input) or for message delivery
- (output).
+ The queue manager implements a variety of strategies for either opening
+ queue files (input) or for message delivery (output).
<b>leaky bucket</b>
- This strategy limits the number of messages in the
- <b>active</b> queue and prevents the queue manager from
- running out of memory under heavy load.
+ This strategy limits the number of messages in the <b>active</b> queue
+ and prevents the queue manager from running out of memory under
+ heavy load.
<b>fairness</b>
- When the <b>active</b> queue has room, the queue manager
- takes one message from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one
- from the <b>deferred</b> queue. This prevents a large mail
- backlog from blocking the delivery of new mail.
+ When the <b>active</b> queue has room, the queue manager takes one mes-
+ sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
+ This prevents a large mail backlog from blocking the delivery of
+ new mail.
<b>slow start</b>
- This strategy eliminates "thundering herd" problems
- by slowly adjusting the number of parallel deliver-
- ies to the same destination.
+ This strategy eliminates "thundering herd" problems by slowly
+ adjusting the number of parallel deliveries to the same destina-
+ tion.
<b>round robin</b>
- The queue manager sorts delivery requests by desti-
- nation. Round-robin selection prevents one desti-
- nation from dominating deliveries to other destina-
- tions.
+ The queue manager sorts delivery requests by destination.
+ Round-robin selection prevents one destination from dominating
+ deliveries to other destinations.
<b>exponential backoff</b>
- Mail that cannot be delivered upon the first
- attempt is deferred. The time interval between
- delivery attempts is doubled after each attempt.
+ Mail that cannot be delivered upon the first attempt is
+ deferred. The time interval between delivery attempts is dou-
+ bled after each attempt.
<b>destination status cache</b>
- The queue manager avoids unnecessary delivery
- attempts by maintaining a short-term, in-memory
- list of unreachable destinations.
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
+ tions.
<b>TRIGGERS</b>
- On an idle system, the queue manager waits for the arrival
- of trigger events, or it waits for a timer to go off. A
- trigger is a one-byte message. Depending on the message
- received, the queue manager performs one of the following
- actions (the message is followed by the symbolic constant
- used internally by the software):
+ On an idle system, the queue manager waits for the arrival of trigger
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
+ sage. Depending on the message received, the queue manager performs
+ one of the following actions (the message is followed by the symbolic
+ constant used internally by the software):
<b>D (QMGR_REQ_SCAN_DEFERRED)</b>
- Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a deferred queue
- scan is already in progress, that scan will be
- restarted as soon as it finishes.
+ Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a deferred queue scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
<b>I (QMGR_REQ_SCAN_INCOMING)</b>
- Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an incoming queue
- scan is already in progress, that scan will be
- restarted as soon as it finishes.
+ Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an incoming queue scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
<b>A (QMGR_REQ_SCAN_ALL)</b>
- Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request
-
affects the next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
+ Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request affects the
+ next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
<b>F (QMGR_REQ_FLUSH_DEAD)</b>
- Purge all information about dead transports and
- destinations.
+ Purge all information about dead transports and destinations.
<b>W (TRIGGER_REQ_WAKEUP)</b>
- Wakeup call, This is used by the master server to
- instantiate servers that should not go away for-
- ever. The action is to start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
- scan.
-
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon reads an entire buffer worth of trig-
- gers. Multiple identical trigger requests are collapsed
- into one, and trigger requests are sorted so that <b>A</b> and <b>F</b>
- precede <b>D</b> and <b>I</b>. Thus, in order to force a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
- run, one would request <b>A F D</b>; in order to notify the queue
- manager of the arrival of new mail one would request <b>I</b>.
+ Wakeup call, This is used by the master server to instantiate
+ servers that should not go away forever. The action is to start
+ an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan.
+
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon reads an entire buffer worth of triggers. Multiple
+ identical trigger requests are collapsed into one, and trigger requests
+ are sorted so that <b>A</b> and <b>F</b> precede <b>D</b> and <b>I</b>. Thus, in order to force a
+ <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> run, one would request <b>A F D</b>; in order to notify the
+ queue manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
- The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads
- single-character messages from untrusted local users, and
- thus may be susceptible to denial of service attacks. The
- <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon does not talk to the outside world, and it
- can be run at fixed low privilege in a chrooted environ-
- ment.
+ The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads single-charac-
+ ter messages from untrusted local users, and thus may be susceptible to
+ denial of service attacks. The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon does not talk to the
+ outside world, and it can be run at fixed low privilege in a chrooted
+ environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the <b>syslog</b>(8) dae-
- mon. Corrupted message files are saved to the <b>corrupt</b>
- queue for further inspection.
+ Problems and transactions are logged to the <b>syslog</b>(8) daemon. Cor-
+ rupted message files are saved to the <b>corrupt</b> queue for further inspec-
+ tion.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>BUGS</b>
- A single queue manager process has to compete for disk
- access with multiple front-end processes such as
- <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound mail can negatively
- impact outbound delivery rates.
+ A single queue manager process has to compete for disk access with mul-
+ tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
+ mail can negatively impact outbound delivery rates.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as
- <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> is a persistent process. Use the command "<b>postfix</b>
- <b>reload</b>" after a configuration change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> is a
+ persistent process. Use the command "<b>postfix reload</b>" after a configura-
+ tion change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
- <b>ter.cf</b> entry.
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
<b>COMPATIBILITY CONTROLS</b>
Available before Postfix version 2.5:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
- Allow a sender or recipient address to have `-' as
- the first character.
+ Allow a sender or recipient address to have `-' as the first
+ character.
Available with Postfix version 2.7 and later:
<b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
- When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies
- no explicit next-hop destination, use $default_fil-
- ter_nexthop instead; when that value is empty, use
- the domain in the recipient address.
+ When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+ next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+ that value is empty, use the domain in the recipient address.
<b>ACTIVE QUEUE CONTROLS</b>
<b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
- The minimal delay between warnings that a specific
- destination is clogging up the Postfix active
- queue.
+ The minimal delay between warnings that a specific destination
+ is clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> (20000)</b>
The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
- The maximal number of recipients held in memory by
- the Postfix queue manager, and the maximal size of
- the short-term, in-memory "dead" destination status
- cache.
+ The maximal number of recipients held in memory by the Postfix
+ queue manager, and the maximal size of the short-term, in-memory
+ "dead" destination status cache.
<b>DELIVERY CONCURRENCY CONTROLS</b>
<b><a href="postconf.5.html#qmgr_fudge_factor">qmgr_fudge_factor</a> (100)</b>
- Obsolete feature: the percentage of delivery
- resources that a busy mail system will use up for
- delivery of a large mailing list message.
+ Obsolete feature: the percentage of delivery resources that a
+ busy mail system will use up for delivery of a large mailing
+ list message.
<b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
- The initial per-destination concurrency level for
- parallel delivery to the same destination.
+ The initial per-destination concurrency level for parallel
+ delivery to the same destination.
<b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
- The default maximal number of parallel deliveries
- to the same destination.
+ The default maximal number of parallel deliveries to the same
+ destination.
- <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
- <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_desti</a>-</b>
- <b><a href="postconf.5.html#initial_destination_concurrency">nation_concurrency</a>)</b>
- Initial concurrency for delivery via the named mes-
- sage <i>transport</i>.
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ Initial concurrency for delivery via the named message <i>trans-</i>
+ <i>port</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
- How many pseudo-cohorts must suffer connection or
- handshake failure before a specific destination is
- considered unavailable (and further delivery is
- suspended).
+ How many pseudo-cohorts must suffer connection or handshake
+ failure before a specific destination is considered unavailable
+ (and further delivery is suspended).
- <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency
- negative feedback, after a delivery completes with
- a connection or handshake failure.
+ The per-destination amount of delivery concurrency negative
+ feedback, after a delivery completes with a connection or hand-
+ shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency
- positive feedback, after a delivery completes with-
- out connection or handshake failure.
+ The per-destination amount of delivery concurrency positive
+ feedback, after a delivery completes without connection or hand-
+ shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
- Make the queue manager's feedback algorithm verbose
- for performance analysis purposes.
+ Make the queue manager's feedback algorithm verbose for perfor-
+ mance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
- The default maximal number of recipients per mes-
- sage delivery.
+ The default maximal number of recipients per message delivery.
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>OTHER RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
- The minimal time between attempts to deliver a
- deferred message; prior to Postfix 2.4 the default
- value was 1000s.
+ The minimal time between attempts to deliver a deferred message;
+ prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
- The maximal time between attempts to deliver a
- deferred message.
+ The maximal time between attempts to deliver a deferred message.
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
- Consider a message as undeliverable, when delivery
- fails with a temporary error, and the time in the
- queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit.
+ Consider a message as undeliverable, when delivery fails with a
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
- manager; prior to Postfix 2.4 the default value was
- 1000s.
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
- The time between attempts by the Postfix queue man-
- ager to contact a malfunctioning message delivery
- transport.
+ The time between attempts by the Postfix queue manager to con-
+ tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
- Consider a bounce message as undeliverable, when
- delivery fails with a temporary error, and the time
- in the queue has reached the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a>
- limit.
+ Consider a bounce message as undeliverable, when delivery fails
+ with a temporary error, and the time in the queue has reached
+ the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
- The default amount of delay that is inserted
- between individual deliveries to the same destina-
- tion; the resulting behavior depends on the value
- of the corresponding per-destination recipient
- limit.
-
- <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a></b>
+ The default amount of delay that is inserted between individual
+ deliveries to the same destination; the resulting behavior
+ depends on the value of the corresponding per-destination recip-
+ ient limit.
+
+ <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>SAFETY CONTROLS</b>
<b><a href="postconf.5.html#qmgr_daemon_timeout">qmgr_daemon_timeout</a> (1000s)</b>
- How much time a Postfix queue manager process may
- take to handle a request before it is terminated by
- a built-in watchdog timer.
+ How much time a Postfix queue manager process may take to handle
+ a request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
- The time limit for the queue manager to send or
- receive information over an internal communication
- channel.
+ The time limit for the queue manager to send or receive informa-
+ tion over an internal communication channel.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
- The names of message delivery transports that
- should not deliver mail unless someone issues
- "<b>sendmail -q</b>" or equivalent.
+ The names of message delivery transports that should not deliver
+ mail unless someone issues "<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
- tings, and provide helpful suggestions.
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/incoming, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting, mail routing, or access control. These tables
- are usually in <b>dbm</b> or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting,
+ mail routing, or access control. These tables are usually in <b>dbm</b> or <b>db</b>
+ format.
- Alternatively, lookup tables can be specified in Perl Com-
- patible Regular Expression form. In this case, each input
- is compared against a list of patterns. When a match is
- found, the corresponding result is returned and the search
- is terminated.
+ Alternatively, lookup tables can be specified in Perl Compatible Regu-
+ lar Expression form. In this case, each input is compared against a
+ list of patterns. When a match is found, the corresponding result is
+ returned and the search is terminated.
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -q</b>" command as
- described in the SYNOPSIS above.
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
<b>COMPATIBILITY</b>
- With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
- to query a table that contains case sensitive patterns.
- Patterns are case insensitive by default.
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. Patterns are case insensi-
+ tive by default.
<b>TABLE FORMAT</b>
The general form of a PCRE table is:
<b>/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> matches the input string, use the cor-
- responding <i>result</i> value.
+ When <i>pattern</i> matches the input string, use the corresponding
+ <i>result</i> value.
<b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> does <b>not</b> match the input string, use
- the corresponding <i>result</i> value.
+ When <i>pattern</i> does <b>not</b> match the input string, use the corre-
+ sponding <i>result</i> value.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if that same input string
- also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if that same input string also matches <i>pat-</i>
+ <i>tern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
- <b>if</b>..<b>endif</b>.
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if that same input string
- does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if that same input string does <b>not</b> match <i>pat-</i>
+ <i>tern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
- <b>if</b>..<b>endif</b>.
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
- Each pattern is a perl-like regular expression. The
- expression delimiter can be any non-alphanumerical charac-
- ter, except whitespace or characters that have special
- meaning (traditionally the forward slash is used). The
- regular expression can contain whitespace.
+ Each pattern is a perl-like regular expression. The expression delim-
+ iter can be any non-alphanumerical character, except whitespace or
+ characters that have special meaning (traditionally the forward slash
+ is used). The regular expression can contain whitespace.
- By default, matching is case-insensitive, and newlines are
- not treated as special characters. The behavior is con-
- trolled by flags, which are toggled by appending one or
- more of the following characters after the pattern:
+ By default, matching is case-insensitive, and newlines are not treated
+ as special characters. The behavior is controlled by flags, which are
+ toggled by appending one or more of the following characters after the
+ pattern:
<b>i</b> (default: on)
- Toggles the case sensitivity flag. By default,
- matching is case insensitive.
+ Toggles the case sensitivity flag. By default, matching is case
+ insensitive.
<b>m</b> (default: off)
- Toggles the PCRE_MULTILINE flag. When this flag is
- on, the <b>^</b> and <b>$</b> metacharacters match immediately
- after and immediately before a newline character,
- respectively, in addition to matching at the start
- and end of the subject string.
+ Toggles the PCRE_MULTILINE flag. When this flag is on, the <b>^</b> and
+ <b>$</b> metacharacters match immediately after and immediately before
+ a newline character, respectively, in addition to matching at
+ the start and end of the subject string.
<b>s</b> (default: on)
- Toggles the PCRE_DOTALL flag. When this flag is on,
- the <b>.</b> metacharacter matches the newline character.
- With Postfix versions prior to 2.0, the flag is off
- by default, which is inconvenient for multi-line
- message header matching.
+ Toggles the PCRE_DOTALL flag. When this flag is on, the <b>.</b>
+ metacharacter matches the newline character. With Postfix ver-
+ sions prior to 2.0, the flag is off by default, which is incon-
+ venient for multi-line message header matching.
<b>x</b> (default: off)
- Toggles the pcre extended flag. When this flag is
- on, whitespace characters in the pattern (other
- than in a character class) are ignored. To include
- a whitespace character as part of the pattern,
- escape it with backslash.
+ Toggles the pcre extended flag. When this flag is on, whitespace
+ characters in the pattern (other than in a character class) are
+ ignored. To include a whitespace character as part of the pat-
+ tern, escape it with backslash.
Note: do not use <b>#</b><i>comment</i> after patterns.
<b>A</b> (default: off)
- Toggles the PCRE_ANCHORED flag. When this flag is
- on, the pattern is forced to be "anchored", that
- is, it is constrained to match only at the start of
- the string which is being searched (the "subject
- string"). This effect can also be achieved by
+ Toggles the PCRE_ANCHORED flag. When this flag is on, the pat-
+ tern is forced to be "anchored", that is, it is constrained to
+ match only at the start of the string which is being searched
+ (the "subject string"). This effect can also be achieved by
appropriate constructs in the pattern itself.
<b>E</b> (default: off)
- Toggles the PCRE_DOLLAR_ENDONLY flag. When this
- flag is on, a <b>$</b> metacharacter in the pattern
- matches only at the end of the subject string.
- Without this flag, a dollar also matches immedi-
- ately before the final character if it is a newline
- character (but not before any other newline charac-
- ters). This flag is ignored if PCRE_MULTILINE flag
- is set.
+ Toggles the PCRE_DOLLAR_ENDONLY flag. When this flag is on, a <b>$</b>
+ metacharacter in the pattern matches only at the end of the sub-
+ ject string. Without this flag, a dollar also matches immedi-
+ ately before the final character if it is a newline character
+ (but not before any other newline characters). This flag is
+ ignored if PCRE_MULTILINE flag is set.
<b>U</b> (default: off)
- Toggles the ungreedy matching flag. When this flag
- is on, the pattern matching engine inverts the
- "greediness" of the quantifiers so that they are
- not greedy by default, but become greedy if fol-
- lowed by "?". This flag can also set by a (?U)
- modifier within the pattern.
+ Toggles the ungreedy matching flag. When this flag is on, the
+ pattern matching engine inverts the "greediness" of the quanti-
+ fiers so that they are not greedy by default, but become greedy
+ if followed by "?". This flag can also set by a (?U) modifier
+ within the pattern.
<b>X</b> (default: off)
- Toggles the PCRE_EXTRA flag. When this flag is on,
- any backslash in a pattern that is followed by a
- letter that has no special meaning causes an error,
- thus reserving these combinations for future expan-
- sion.
+ Toggles the PCRE_EXTRA flag. When this flag is on, any back-
+ slash in a pattern that is followed by a letter that has no spe-
+ cial meaning causes an error, thus reserving these combinations
+ for future expansion.
<b>SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the input
- string.
-
- Each pattern is applied to the entire input string.
- Depending on the application, that string is an entire
- client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, and <i>user@domain</i> mail addresses are not
- broken up into their <i>user</i> and <i>domain</i> constituent parts,
- nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the input string.
+
+ Each pattern is applied to the entire input string. Depending on the
+ application, that string is an entire client hostname, an entire client
+ IP address, or an entire mail address. Thus, no parent domain or par-
+ ent network search is done, and <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings (text that matches patterns
- inside "()") from the matched expression into the result
- string is requested with $1, $2, etc.; specify $$ to pro-
- duce a $ character as output. The macros in the result
- string may need to be written as ${n} or $(n) if they
- aren't followed by whitespace.
-
- Note: since negated patterns (those preceded by <b>!</b>) return
- a result when the expression does not match, substitutions
- are not available for negated patterns.
+ Substitution of substrings (text that matches patterns inside "()")
+ from the matched expression into the result string is requested with
+ $1, $2, etc.; specify $$ to produce a $ character as output. The
+ macros in the result string may need to be written as ${n} or $(n) if
+ they aren't followed by whitespace.
+
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
<b>EXAMPLE SMTPD ACCESS MAP</b>
# Protect your outgoing majordomo exploders
<b>postmap -q - <a href="pgsql_table.5.html">pgsql</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format.
-
- Alternatively, lookup tables can be specified as Post-
- greSQL databases. In order to use PostgreSQL lookups,
- define a PostgreSQL source as a lookup table in <a href="postconf.5.html">main.cf</a>,
- for example:
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
+
+ Alternatively, lookup tables can be specified as PostgreSQL databases.
+ In order to use PostgreSQL lookups, define a PostgreSQL source as a
+ lookup table in <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="pgsql_table.5.html">pgsql</a>:/etc/pgsql-aliases.cf
- The file /etc/postfix/pgsql-aliases.cf has the same format
- as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parame-
- ters described below.
+ The file /etc/postfix/pgsql-aliases.cf has the same format as the Post-
+ fix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
<b>BACKWARDS COMPATIBILITY</b>
- For compatibility with other Postfix lookup tables, Post-
- greSQL parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In
- order to do that, specify as PostgreSQL source a name that
- doesn't begin with a slash or a dot. The PostgreSQL
- parameters will then be accessible as the name you've
- given the source in its definition, an underscore, and the
- name of the parameter. For example, if the map is speci-
- fied as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the parameter "hosts" below
- would be defined in <a href="postconf.5.html">main.cf</a> as "<i>pgsqlname</i>_hosts".
-
- Note: with this form, the passwords for the PostgreSQL
- sources are written in <a href="postconf.5.html">main.cf</a>, which is normally world-
- readable. Support for this form will be removed in a
- future Postfix version.
-
- Normally, the SQL query is specified via a single <b>query</b>
- parameter (described in more detail below). When this
- parameter is not specified in the map definition, Postfix
- reverts to an older interface, with the SQL query con-
- structed from the <b>select_function</b>, <b>select_field</b>, <b>table</b>,
- <b>where_field</b> and <b>additional_conditions</b> parameters. The old
- interface will be gradually phased out. To migrate to the
- new interface set:
+ For compatibility with other Postfix lookup tables, PostgreSQL parame-
+ ters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as
+ PostgreSQL source a name that doesn't begin with a slash or a dot. The
+ PostgreSQL parameters will then be accessible as the name you've given
+ the source in its definition, an underscore, and the name of the param-
+ eter. For example, if the map is specified as "<a href="pgsql_table.5.html">pgsql</a>:<i>pgsqlname</i>", the
+ parameter "hosts" below would be defined in <a href="postconf.5.html">main.cf</a> as "<i>pgsql-</i>
+ <i>name</i>_hosts".
+
+ Note: with this form, the passwords for the PostgreSQL sources are
+ written in <a href="postconf.5.html">main.cf</a>, which is normally world-readable. Support for this
+ form will be removed in a future Postfix version.
+
+ Normally, the SQL query is specified via a single <b>query</b> parameter
+ (described in more detail below). When this parameter is not specified
+ in the map definition, Postfix reverts to an older interface, with the
+ SQL query constructed from the <b>select_function</b>, <b>select_field</b>, <b>table</b>,
+ <b>where_field</b> and <b>additional_conditions</b> parameters. The old interface
+ will be gradually phased out. To migrate to the new interface set:
<b>query</b> = SELECT <i>select</i><b>_</b><i>function</i>('%s')
- or in the absence of <b>select_function</b>, the lower prece-
- dence:
+ or in the absence of <b>select_function</b>, the lower precedence:
<b>query</b> = SELECT <i>select</i><b>_</b><i>field</i>
FROM <i>table</i>
WHERE <i>where</i><b>_</b><i>field</i> = '%s'
<i>additional</i><b>_</b><i>conditions</i>
- Use the value, not the name, of each legacy parameter.
- Note that the <b>additional_conditions</b> parameter is optional
- and if not empty, will always start with <b>AND</b>.
+ Use the value, not the name, of each legacy parameter. Note that the
+ <b>additional_conditions</b> parameter is optional and if not empty, will
+ always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
- When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
- <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
- is important to understand that the table must store each
- list member as a separate key. The table lookup verifies
- the *existence* of the key. See "Postfix lists versus
- tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
- in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
- DO create tables with each matching item as a key and with
- an arbitrary value. With SQL databases it is not uncommon
- to return the key itself or a constant value.
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
<b>PGSQL PARAMETERS</b>
- <b>hosts</b> The hosts that Postfix will try to connect to and
- query from. Specify <i>unix:</i> for UNIX-domain sockets,
- <i>inet:</i> for TCP connections (default). Example:
+ <b>hosts</b> The hosts that Postfix will try to connect to and query from.
+ Specify <i>unix:</i> for UNIX-domain sockets, <i>inet:</i> for TCP connections
+ (default). Example:
hosts = host1.some.domain host2.some.domain:port
hosts = unix:/file/name
- The hosts are tried in random order, with all con-
- nections over UNIX domain sockets being tried
- before those over TCP. The connections are auto-
- matically closed after being idle for about 1
+ The hosts are tried in random order, with all connections over
+ UNIX domain sockets being tried before those over TCP. The con-
+ nections are automatically closed after being idle for about 1
minute, and are re-opened as necessary.
- NOTE: the <i>unix:</i> and <i>inet:</i> prefixes are accepted for
- backwards compatibility reasons, but are actually
- ignored. The PostgreSQL client library will always
- try to connect to an UNIX socket if the name starts
- with a slash, and will try a TCP connection other-
- wise.
+ NOTE: the <i>unix:</i> and <i>inet:</i> prefixes are accepted for backwards
+ compatibility reasons, but are actually ignored. The PostgreSQL
+ client library will always try to connect to an UNIX socket if
+ the name starts with a slash, and will try a TCP connection oth-
+ erwise.
<b>user, password</b>
- The user name and password to log into the pgsql
- server. Example:
+ The user name and password to log into the pgsql server. Exam-
+ ple:
user = someone
password = some_password
<b>dbname</b> The database name on the servers. Example:
dbname = customer_database
- <b>query</b> The SQL query template used to search the database,
- where <b>%s</b> is a substitute for the address Postfix is
- trying to resolve, e.g.
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
- This parameter supports the following '%' expan-
- sions:
+ This parameter supports the following '%' expansions:
- <b>%%</b> This is replaced by a literal '%' character.
- (Postfix 2.2 and later)
-
- <b>%s</b> This is replaced by the input key. SQL
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, the
- query is suppressed and returns no results.
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the SQL
- quoted domain part of the address. Other-
- wise, the query is suppressed and returns no
- results.
-
- <b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query</b> parameter
- identically to their lower-case counter-
- parts. With the <b>result_format</b> parameter
- (see below), they expand the input key
- rather than the result value.
-
- The above %S, %U and %D expansions are
- available with Postfix 2.2 and later
-
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the query is suppressed and
- returns no results.
-
- The above %1, ... %9 expansions are avail-
- able with Postfix 2.2 and later
-
- The <b>domain</b> parameter described below limits the
- input keys to addresses in matching domains. When
- the <b>domain</b> parameter is non-empty, SQL queries for
- unqualified addresses or addresses in non-matching
- domains are suppressed and return no results.
-
- The precedence of this parameter has changed with
- Postfix 2.2, in prior releases the precedence was,
- from highest to lowest, <b>select_function</b>, <b>query</b>,
- <b>select_field</b>, ...
-
- With Postfix 2.2 the <b>query</b> parameter has highest
- precedence, see COMPATIBILITY above.
+ <b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
+ and later)
+
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ The above %S, %U and %D expansions are available with
+ Postfix 2.2 and later
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The above %1, ... %9 expansions are available with Post-
+ fix 2.2 and later
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is non-
+ empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ The precedence of this parameter has changed with Postfix 2.2,
+ in prior releases the precedence was, from highest to lowest,
+ <b>select_function</b>, <b>query</b>, <b>select_field</b>, ...
+
+ With Postfix 2.2 the <b>query</b> parameter has highest precedence, see
+ COMPATIBILITY above.
NOTE: DO NOT put quotes around the <b>query</b> parameter.
<b>result_format (default: %s</b>)
- Format template applied to result attributes. Most
- commonly used to append (or prepend) text to the
- result. This parameter supports the following '%'
- expansions:
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
- skipped.
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
- <b>%u</b> When the result attribute value is an
- address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
- When the result has an empty localpart it is
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
- the domain part of the attribute value. When
- the result is unqualified it is skipped.
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
- interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query</b>, and
- in fact because the input key is known in
- advance, queries whose key does not contain
- all the information specified in the result
- template are suppressed and return no
- results.
-
- For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
- allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and parame-
- ter explained below allows one to restrict the num-
- ber of values in the result, which is especially
- useful for maps that must return at most one value.
-
- The default value <b>%s</b> specifies that each result
- value should be used as is.
-
- This parameter is available with Postfix 2.2 and
- later.
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
- the query load on the PostgreSQL server.
+ This is a list of domain names, paths to files, or dictionaries.
+ When specified, only fully qualified search keys with a *non-
+ empty* localpart and a matching domain are eligible for lookup:
+ 'user' lookups, bare domain lookups and "@domain" lookups are
+ not performed. This can significantly reduce the query load on
+ the PostgreSQL server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
- It is best not to use SQL to store the domains eli-
- gible for SQL lookups.
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
- This parameter is available with Postfix 2.2 and
- later.
+ This parameter is available with Postfix 2.2 and later.
- NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
- aliases, because the input keys are always unquali-
- fied.
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
- that lookups do not return multiple values.
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACES</b>
- This section describes query interfaces that are depre-
- cated as of Postfix 2.2. Please migrate to the new <b>query</b>
- interface as the old interfaces are slated to be phased
- out.
+ This section describes query interfaces that are deprecated as of Post-
+ fix 2.2. Please migrate to the new <b>query</b> interface as the old inter-
+ faces are slated to be phased out.
<b>select_function</b>
- This parameter specifies a database function name.
- Example:
+ This parameter specifies a database function name. Example:
select_function = my_lookup_user_alias
This is equivalent to:
query = SELECT my_lookup_user_alias('%s')
- This parameter overrides the legacy table-related
- fields (described below). With Postfix versions
- prior to 2.2, it also overrides the <b>query</b> parame-
- ter. Starting with Postfix 2.2, the <b>query</b> parameter
- has highest precedence, and the <b>select_function</b>
+ This parameter overrides the legacy table-related fields
+ (described below). With Postfix versions prior to 2.2, it also
+ overrides the <b>query</b> parameter. Starting with Postfix 2.2, the
+ <b>query</b> parameter has highest precedence, and the <b>select_function</b>
parameter is deprecated.
- The following parameters (with lower precedence than the
- <b>select_function</b> interface described above) can be used to
- build the SQL select statement as follows:
+ The following parameters (with lower precedence than the <b>select_func-</b>
+ <b>tion</b> interface described above) can be used to build the SQL select
+ statement as follows:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The specifier %s is replaced with each lookup by the
- lookup key and is escaped so if it contains single quotes
- or other odd characters, it will not cause a parse error,
- or worse, a security problem.
+ The specifier %s is replaced with each lookup by the lookup key and is
+ escaped so if it contains single quotes or other odd characters, it
+ will not cause a parse error, or worse, a security problem.
- Starting with Postfix 2.2, this interface is obsoleted by
- the more general <b>query</b> interface described above. If
- higher precedence the <b>query</b> or <b>select_function</b> parameters
- described above are defined, the parameters described here
- are ignored.
+ Starting with Postfix 2.2, this interface is obsoleted by the more gen-
+ eral <b>query</b> interface described above. If higher precedence the <b>query</b> or
+ <b>select_function</b> parameters described above are defined, the parameters
+ described here are ignored.
<b>select_field</b>
The SQL "select" parameter. Example:
<a href="PGSQL_README.html">PGSQL_README</a>, Postfix PostgreSQL client guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
PgSQL support was introduced with Postfix version 2.1.
<b>pickup</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon waits for hints that new mail has
- been dropped into the <b>maildrop</b> directory, and feeds it
- into the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon. Ill-formatted files are
- deleted without notifying the originator. This program
- expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon waits for hints that new mail has been dropped
+ into the <b>maildrop</b> directory, and feeds it into the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
+ Ill-formatted files are deleted without notifying the originator. This
+ program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<b>STANDARDS</b>
- None. The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon does not interact with the out-
- side world.
+ None. The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon does not interact with the outside world.
<b>SECURITY</b>
- The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is moderately security sensitive. It
- runs with fixed low privilege and can run in a chrooted
- environment. However, the program reads files from poten-
- tially hostile users. The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon opens no files
- for writing, is careful about what files it opens for
- reading, and does not actually touch any data that is sent
- to its public service endpoint.
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is moderately security sensitive. It runs with
+ fixed low privilege and can run in a chrooted environment. However,
+ the program reads files from potentially hostile users. The <a href="pickup.8.html"><b>pickup</b>(8)</a>
+ daemon opens no files for writing, is careful about what files it opens
+ for reading, and does not actually touch any data that is sent to its
+ public service endpoint.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon copies mail from file to the
- <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon. It could avoid message copying over-
- head by sending a file descriptor instead of file data,
- but then the already complex <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon would have
- to deal with unfiltered user data.
+ The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon copies mail from file to the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
+ It could avoid message copying overhead by sending a file descriptor
+ instead of file data, but then the already complex <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon
+ would have to deal with unfiltered user data.
<b>CONFIGURATION PARAMETERS</b>
- As the <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is a relatively long-running
- process, up to an hour may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change
- takes effect. Use the command "<b>postfix reload</b>" command to
- speed up a change.
+ As the <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon is a relatively long-running process, up to an
+ hour may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change takes effect. Use the command
+ "<b>postfix reload</b>" command to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>CONTENT INSPECTION CONTROLS</b>
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
- After the message is queued, send the entire mes-
- sage to the specified <i>transport:destination</i>.
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
- content filtering, or address mapping.
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
- are reconstructed.
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>pipe</b> [generic Postfix daemon options] command_attributes...
<b>DESCRIPTION</b>
- The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon processes requests from the Postfix
- queue manager to deliver messages to external commands.
- This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process
- manager.
-
- Message attributes such as sender address, recipient
- address and next-hop host name can be specified as com-
- mand-line macros that are expanded before the external
- command is executed.
-
- The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon updates queue files and marks recipi-
- ents as finished, or it informs the queue manager that
- delivery should be tried again at a later time. Delivery
- status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or
- <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+ The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon processes requests from the Postfix queue manager to
+ deliver messages to external commands. This program expects to be run
+ from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Message attributes such as sender address, recipient address and next-
+ hop host name can be specified as command-line macros that are expanded
+ before the external command is executed.
+
+ The <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon updates queue files and marks recipients as fin-
+ ished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
<b>SINGLE-RECIPIENT DELIVERY</b>
- Some destinations cannot handle more than one recipient
- per delivery request. Examples are pagers or fax machines.
- In addition, multi-recipient delivery is undesirable when
- prepending a <b>Delivered-to:</b> or <b>X-Original-To:</b> message
- header.
+ Some destinations cannot handle more than one recipient per delivery
+ request. Examples are pagers or fax machines. In addition, multi-
+ recipient delivery is undesirable when prepending a <b>Delivered-to:</b> or <b>X-</b>
+ <b>Original-To:</b> message header.
- To prevent Postfix from sending multiple recipients per
- delivery request, specify
+ To prevent Postfix from sending multiple recipients per delivery
+ request, specify
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
- in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name
- in the first column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for the
- pipe-based delivery transport.
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for the pipe-based delivery
+ transport.
<b>COMMAND ATTRIBUTE SYNTAX</b>
- The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a>
- file at the end of a service definition. The syntax is as
- follows:
+ The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
+ end of a service definition. The syntax is as follows:
<b>chroot=</b><i>pathname</i> (optional)
- Change the process root directory and working
- directory to the named directory. This happens
- before switching to the privileges specified with
- the <b>user</b> attribute, and before executing the
- optional <b>directory=</b><i>pathname</i> directive. Delivery is
- deferred in case of failure.
+ Change the process root directory and working directory to the
+ named directory. This happens before switching to the privileges
+ specified with the <b>user</b> attribute, and before executing the
+ optional <b>directory=</b><i>pathname</i> directive. Delivery is deferred in
+ case of failure.
This feature is available as of Postfix 2.3.
<b>directory=</b><i>pathname</i> (optional)
- Change to the named directory before executing the
- external command. The directory must be accessible
- for the user specified with the <b>user</b> attribute (see
- below). The default working directory is
- <b>$<a href="postconf.5.html#queue_directory">queue_directory</a></b>. Delivery is deferred in case of
- failure.
+ Change to the named directory before executing the external com-
+ mand. The directory must be accessible for the user specified
+ with the <b>user</b> attribute (see below). The default working direc-
+ tory is <b>$<a href="postconf.5.html#queue_directory">queue_directory</a></b>. Delivery is deferred in case of fail-
+ ure.
This feature is available as of Postfix 2.2.
<b>eol=</b><i>string</i> (optional, default: <b>\n</b>)
- The output record delimiter. Typically one would
- use either <b>\r\n</b> or <b>\n</b>. The usual C-style backslash
- escape sequences are recognized: <b>\a \b \f \n \r \t</b>
- <b>\v \</b><i>ddd</i> (up to three octal digits) and <b>\\</b>.
+ The output record delimiter. Typically one would use either <b>\r\n</b>
+ or <b>\n</b>. The usual C-style backslash escape sequences are recog-
+ nized: <b>\a \b \f \n \r \t \v \</b><i>ddd</i> (up to three octal digits) and
+ <b>\\</b>.
<b>flags=BDFORXhqu.</b>> (optional)
- Optional message processing flags. By default, a
- message is copied unchanged.
-
- <b>B</b> Append a blank line at the end of each mes-
- sage. This is required by some mail user
- agents that recognize "<b>From</b> " lines only
- when preceded by a blank line.
-
- <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message
- header with the envelope recipient address.
- Note: for this to work, the <i>transport</i><b>_desti-</b>
- <b>nation_recipient_limit</b> must be 1 (see SIN-
- GLE-RECIPIENT DELIVERY above for details).
-
- The <b>D</b> flag also enforces loop detection
- (Postfix 2.5 and later): if a message
- already contains a <b>Delivered-To:</b> header with
- the same recipient address, then the message
- is returned as undeliverable. The address
- comparison is case insensitive.
+ Optional message processing flags. By default, a message is
+ copied unchanged.
+
+ <b>B</b> Append a blank line at the end of each message. This is
+ required by some mail user agents that recognize "<b>From</b> "
+ lines only when preceded by a blank line.
+
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ SINGLE-RECIPIENT DELIVERY above for details).
+
+ The <b>D</b> flag also enforces loop detection (Postfix 2.5 and
+ later): if a message already contains a <b>Delivered-To:</b>
+ header with the same recipient address, then the message
+ is returned as undeliverable. The address comparison is
+ case insensitive.
This feature is available as of Postfix 2.0.
- <b>F</b> Prepend a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope
- header to the message content. This is
- expected by, for example, <b>UUCP</b> software.
+ <b>F</b> Prepend a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to the
+ message content. This is expected by, for example, <b>UUCP</b>
+ software.
- <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" mes-
- sage header with the recipient address as
- given to Postfix. Note: for this to work,
- the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b>
- must be 1 (see SINGLE-RECIPIENT DELIVERY
- above for details).
+ <b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
+ the recipient address as given to Postfix. Note: for this
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
This feature is available as of Postfix 2.0.
- <b>R</b> Prepend a <b>Return-Path:</b> message header with
- the envelope sender address.
+ <b>R</b> Prepend a <b>Return-Path:</b> message header with the envelope
+ sender address.
- <b>X</b> Indicate that the external command performs
- final delivery. This flag affects the sta-
- tus reported in "success" DSN (delivery sta-
- tus notification) messages, and changes it
- from "relayed" into "delivered".
+ <b>X</b> Indicate that the external command performs final deliv-
+ ery. This flag affects the status reported in "success"
+ DSN (delivery status notification) messages, and changes
+ it from "relayed" into "delivered".
This feature is available as of Postfix 2.5.
- <b>h</b> Fold the command-line <b>$original_recipient</b>
- and <b>$recipient</b> address domain part (text to
- the right of the right-most <b>@</b> character) to
- lower case; fold the entire command-line
- <b>$domain</b> and <b>$nexthop</b> host or domain informa-
- tion to lower case. This is recommended for
- delivery via <b>UUCP</b>.
-
- <b>q</b> Quote white space and other special charac-
- ters in the command-line <b>$sender</b>, <b>$origi-</b>
- <b>nal_recipient</b> and <b>$recipient</b> address local-
- parts (text to the left of the right-most <b>@</b>
- character), according to an 8-bit transpar-
- ent version of <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended
- for delivery via <b>UUCP</b> or <b>BSMTP</b>.
-
- The result is compatible with the address
- parsing of command-line recipients by the
- Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> mail submission command.
-
- The <b>q</b> flag affects only entire addresses,
- not the partial address information from the
- <b>$user</b>, <b>$extension</b> or <b>$mailbox</b> command-line
- macros.
-
- <b>u</b> Fold the command-line <b>$original_recipient</b>
- and <b>$recipient</b> address localpart (text to
- the left of the right-most <b>@</b> character) to
- lower case. This is recommended for deliv-
+ <b>h</b> Fold the command-line <b>$original_recipient</b> and <b>$recipient</b>
+ address domain part (text to the right of the right-most
+ <b>@</b> character) to lower case; fold the entire command-line
+ <b>$domain</b> and <b>$nexthop</b> host or domain information to lower
+ case. This is recommended for delivery via <b>UUCP</b>.
+
+ <b>q</b> Quote white space and other special characters in the
+ command-line <b>$sender</b>, <b>$original_recipient</b> and <b>$recipient</b>
+ address localparts (text to the left of the right-most <b>@</b>
+ character), according to an 8-bit transparent version of
+ <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended for delivery via <b>UUCP</b> or
+ <b>BSMTP</b>.
+
+ The result is compatible with the address parsing of com-
+ mand-line recipients by the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> mail sub-
+ mission command.
+
+ The <b>q</b> flag affects only entire addresses, not the partial
+ address information from the <b>$user</b>, <b>$extension</b> or <b>$mail-</b>
+ <b>box</b> command-line macros.
+
+ <b>u</b> Fold the command-line <b>$original_recipient</b> and <b>$recipient</b>
+ address localpart (text to the left of the right-most <b>@</b>
+ character) to lower case. This is recommended for deliv-
ery via <b>UUCP</b>.
- <b>.</b> Prepend "<b>.</b>" to lines starting with "<b>.</b>". This
- is needed by, for example, <b>BSMTP</b> software.
+ <b>.</b> Prepend "<b>.</b>" to lines starting with "<b>.</b>". This is needed
+ by, for example, <b>BSMTP</b> software.
- > Prepend ">" to lines starting with "<b>From</b> ".
- This is expected by, for example, <b>UUCP</b> soft-
- ware.
+ > Prepend ">" to lines starting with "<b>From</b> ". This is
+ expected by, for example, <b>UUCP</b> software.
<b>null_sender</b>=<i>replacement</i> (default: MAILER-DAEMON)
- Replace the null sender address (typically used for
- delivery status notifications) with the specified
- text when expanding the <b>$sender</b> command-line macro,
- and when generating a From_ or Return-Path: message
- header.
-
- If the null sender replacement text is a non-empty
- string then it is affected by the <b>q</b> flag for
+ Replace the null sender address (typically used for delivery
+ status notifications) with the specified text when expanding the
+ <b>$sender</b> command-line macro, and when generating a From_ or
+ Return-Path: message header.
+
+ If the null sender replacement text is a non-empty string then
+ it is affected by the <b>q</b> flag for address quoting in command-line
+ arguments.
+
+ The null sender replacement text may be empty; this form is rec-
+ ommended for content filters that feed mail back into Postfix.
+ The empty sender address is not affected by the <b>q</b> flag for
address quoting in command-line arguments.
- The null sender replacement text may be empty; this
- form is recommended for content filters that feed
- mail back into Postfix. The empty sender address is
- not affected by the <b>q</b> flag for address quoting in
- command-line arguments.
-
- Caution: a null sender address is easily mis-parsed
- by naive software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a>
- daemon executes a command such as:
+ Caution: a null sender address is easily mis-parsed by naive
+ software. For example, when the <a href="pipe.8.html"><b>pipe</b>(8)</a> daemon executes a com-
+ mand such as:
<i>Wrong</i>: command -f$sender -- $recipient
- the command will mis-parse the -f option value when
- the sender address is a null string. For correct
- parsing, specify <b>$sender</b> as an argument by itself:
+ the command will mis-parse the -f option value when the sender
+ address is a null string. For correct parsing, specify <b>$sender</b>
+ as an argument by itself:
<i>Right</i>: command -f $sender -- $recipient
This feature is available as of Postfix 2.3.
<b>size</b>=<i>size</i><b>_</b><i>limit</i> (optional)
- Don't deliver messages that exceed this size limit
- (in bytes); return them to the sender instead.
+ Don't deliver messages that exceed this size limit (in bytes);
+ return them to the sender instead.
<b>user</b>=<i>username</i> (required)
<b>user</b>=<i>username</i>:<i>groupname</i>
- Execute the external command with the user ID and
- group ID of the specified <i>username</i>. The software
- refuses to execute commands with root privileges,
- or with the privileges of the mail system owner. If
- <i>groupname</i> is specified, the corresponding group ID
- is used instead of the group ID of <i>username</i>.
+ Execute the external command with the user ID and group ID of
+ the specified <i>username</i>. The software refuses to execute com-
+ mands with root privileges, or with the privileges of the mail
+ system owner. If <i>groupname</i> is specified, the corresponding group
+ ID is used instead of the group ID of <i>username</i>.
<b>argv</b>=<i>command</i>... (required)
- The command to be executed. This must be specified
- as the last command attribute. The command is exe-
- cuted directly, i.e. without interpretation of
- shell meta characters by a shell command inter-
- preter.
+ The command to be executed. This must be specified as the last
+ command attribute. The command is executed directly, i.e. with-
+ out interpretation of shell meta characters by a shell command
+ interpreter.
- In the command argument vector, the following
- macros are recognized and replaced with correspond-
- ing information from the Postfix queue manager
- delivery request.
+ In the command argument vector, the following macros are recog-
+ nized and replaced with corresponding information from the Post-
+ fix queue manager delivery request.
- In addition to the form ${<i>name</i>}, the forms $<i>name</i>
- and $(<i>name</i>) are also recognized. Specify <b>$$</b> where
- a single <b>$</b> is wanted.
+ In addition to the form ${<i>name</i>}, the forms $<i>name</i> and $(<i>name</i>) are
+ also recognized. Specify <b>$$</b> where a single <b>$</b> is wanted.
<b>${client_address}</b>
- This macro expands to the remote client net-
- work address.
+ This macro expands to the remote client network address.
This feature is available as of Postfix 2.2.
<b>${client_helo}</b>
- This macro expands to the remote client HELO
- command parameter.
+ This macro expands to the remote client HELO command
+ parameter.
This feature is available as of Postfix 2.2.
<b>${client_hostname}</b>
- This macro expands to the remote client
- hostname.
+ This macro expands to the remote client hostname.
This feature is available as of Postfix 2.2.
<b>${client_port}</b>
- This macro expands to the remote client TCP
- port number.
+ This macro expands to the remote client TCP port number.
This feature is available as of Postfix 2.5.
<b>${client_protocol}</b>
- This macro expands to the remote client pro-
- tocol.
+ This macro expands to the remote client protocol.
This feature is available as of Postfix 2.2.
<b>${domain}</b>
- This macro expands to the domain portion of
- the recipient address. For example, with an
- address <i>user+foo@domain</i> the domain is
- <i>domain</i>.
+ This macro expands to the domain portion of the recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the domain is <i>domain</i>.
- This information is modified by the <b>h</b> flag
- for case folding.
+ This information is modified by the <b>h</b> flag for case fold-
+ ing.
This feature is available as of Postfix 2.5.
<b>${extension}</b>
- This macro expands to the extension part of
- a recipient address. For example, with an
- address <i>user+foo@domain</i> the extension is
- <i>foo</i>.
+ This macro expands to the extension part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the extension is <i>foo</i>.
- A command-line argument that contains
- <b>${extension}</b> expands into as many command-
- line arguments as there are recipients.
+ A command-line argument that contains <b>${extension}</b>
+ expands into as many command-line arguments as there are
+ recipients.
- This information is modified by the <b>u</b> flag
- for case folding.
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
<b>${mailbox}</b>
- This macro expands to the complete local
- part of a recipient address. For example,
- with an address <i>user+foo@domain</i> the mailbox
- is <i>user+foo</i>.
+ This macro expands to the complete local part of a recip-
+ ient address. For example, with an address
+ <i>user+foo@domain</i> the mailbox is <i>user+foo</i>.
- A command-line argument that contains
- <b>${mailbox}</b> expands to as many command-line
- arguments as there are recipients.
+ A command-line argument that contains <b>${mailbox}</b> expands
+ to as many command-line arguments as there are recipi-
+ ents.
- This information is modified by the <b>u</b> flag
- for case folding.
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
<b>${nexthop}</b>
This macro expands to the next-hop hostname.
- This information is modified by the <b>h</b> flag
- for case folding.
+ This information is modified by the <b>h</b> flag for case fold-
+ ing.
<b>${original_recipient}</b>
- This macro expands to the complete recipient
- address before any address rewriting or
- aliasing.
+ This macro expands to the complete recipient address
+ before any address rewriting or aliasing.
- A command-line argument that contains
- <b>${original_recipient}</b> expands to as many
- command-line arguments as there are recipi-
- ents.
+ A command-line argument that contains <b>${original_recipi-</b>
+ <b>ent}</b> expands to as many command-line arguments as there
+ are recipients.
- This information is modified by the <b>hqu</b>
- flags for quoting and case folding.
+ This information is modified by the <b>hqu</b> flags for quoting
+ and case folding.
This feature is available as of Postfix 2.5.
<b>${queue_id}</b>
This macro expands to the queue id.
- This feature is available as of Postfix
- 2.11.
+ This feature is available as of Postfix 2.11.
<b>${recipient}</b>
- This macro expands to the complete recipient
- address.
+ This macro expands to the complete recipient address.
- A command-line argument that contains
- <b>${recipient}</b> expands to as many command-line
- arguments as there are recipients.
+ A command-line argument that contains <b>${recipient}</b>
+ expands to as many command-line arguments as there are
+ recipients.
- This information is modified by the <b>hqu</b>
- flags for quoting and case folding.
+ This information is modified by the <b>hqu</b> flags for quoting
+ and case folding.
<b>${sasl_method}</b>
- This macro expands to the name of the SASL
- authentication mechanism in the AUTH command
- when the Postfix SMTP server received the
- message.
+ This macro expands to the name of the SASL authentication
+ mechanism in the AUTH command when the Postfix SMTP
+ server received the message.
This feature is available as of Postfix 2.2.
<b>${sasl_sender}</b>
- This macro expands to the SASL sender name
- (i.e. the original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC</a>
- <a href="http://tools.ietf.org/html/rfc4954">4954</a>) in the MAIL FROM command when the
- Postfix SMTP server received the message.
+ This macro expands to the SASL sender name (i.e. the
+ original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
+ mand when the Postfix SMTP server received the message.
This feature is available as of Postfix 2.2.
<b>${sasl_username}</b>
- This macro expands to the SASL user name in
- the AUTH command when the Postfix SMTP
- server received the message.
+ This macro expands to the SASL user name in the AUTH com-
+ mand when the Postfix SMTP server received the message.
This feature is available as of Postfix 2.2.
<b>${sender}</b>
- This macro expands to the envelope sender
- address. By default, the null sender address
- expands to MAILER-DAEMON; this can be
- changed with the <b>null_sender</b> attribute, as
- described above.
+ This macro expands to the envelope sender address. By
+ default, the null sender address expands to MAILER-DAE-
+ MON; this can be changed with the <b>null_sender</b> attribute,
+ as described above.
- This information is modified by the <b>q</b> flag
- for quoting.
+ This information is modified by the <b>q</b> flag for quoting.
<b>${size}</b>
- This macro expands to Postfix's idea of the
- message size, which is an approximation of
- the size of the message as delivered.
+ This macro expands to Postfix's idea of the message size,
+ which is an approximation of the size of the message as
+ delivered.
<b>${user}</b>
- This macro expands to the username part of a
- recipient address. For example, with an
- address <i>user+foo@domain</i> the username part is
- <i>user</i>.
+ This macro expands to the username part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
+ the username part is <i>user</i>.
- A command-line argument that contains
- <b>${user}</b> expands into as many command-line
- arguments as there are recipients.
+ A command-line argument that contains <b>${user}</b> expands
+ into as many command-line arguments as there are recipi-
+ ents.
- This information is modified by the <b>u</b> flag
- for case folding.
+ This information is modified by the <b>u</b> flag for case fold-
+ ing.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Command exit status codes are expected to follow the con-
- ventions defined in <<b>sysexits.h</b>>. Exit status 0 means
- normal successful completion.
-
- In the case of a non-zero exit status, a limited amount of
- command output is reported in an delivery status notifica-
- tion. When the output begins with a 4.X.X or 5.X.X
- enhanced status code, the status code takes precedence
- over the non-zero exit status (Postfix version 2.3 and
+ Command exit status codes are expected to follow the conventions
+ defined in <<b>sysexits.h</b>>. Exit status 0 means normal successful comple-
+ tion.
+
+ In the case of a non-zero exit status, a limited amount of command out-
+ put is reported in an delivery status notification. When the output
+ begins with a 4.X.X or 5.X.X enhanced status code, the status code
+ takes precedence over the non-zero exit status (Postfix version 2.3 and
later).
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
- can move them to the <b>corrupt</b> queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
+ files are marked so that the queue manager can move them to the <b>corrupt</b>
+ queue for further inspection.
<b>SECURITY</b>
- This program needs a dual personality 1) to access the
- private Postfix queue and IPC mechanisms, and 2) to exe-
- cute external commands as the specified user. It is there-
- fore security sensitive.
+ This program needs a dual personality 1) to access the private Postfix
+ queue and IPC mechanisms, and 2) to execute external commands as the
+ specified user. It is therefore security sensitive.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a> processes run
+ for only a limited amount of time. Use the command "<b>postfix reload</b>" to
+ speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>RESOURCE AND RATE CONTROLS</b>
- In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>mas-</b>
- <b>ter.cf</b></a> entry.
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
- <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- Limit the number of parallel deliveries to the same
- destination, for delivery via the named <i>transport</i>.
- The limit is enforced by the Postfix queue manager.
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ Limit the number of parallel deliveries to the same destination,
+ for delivery via the named <i>transport</i>. The limit is enforced by
+ the Postfix queue manager.
- <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- Limit the number of recipients per message deliv-
- ery, for delivery via the named <i>transport</i>. The
- limit is enforced by the Postfix queue manager.
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ Limit the number of recipients per message delivery, for deliv-
+ ery via the named <i>transport</i>. The limit is enforced by the Post-
+ fix queue manager.
<b><a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
- Limit the time for delivery to external command,
- for delivery via the named <i>transport</i>. The limit is
- enforced by the pipe delivery agent.
+ Limit the time for delivery to external command, for delivery
+ via the named <i>transport</i>. The limit is enforced by the pipe
+ delivery agent.
- Postfix 2.4 and later support a suffix that speci-
- fies the time unit: s (seconds), m (minutes), h
- (hours), d (days), w (weeks). The default time unit
- is seconds.
+ Postfix 2.4 and later support a suffix that specifies the time
+ unit: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+ The default time unit is seconds.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
- process will export to non-Postfix processes.
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name
- from its extension (example: user+foo), or a .for-
- ward file name from its extension (example: .for-
- ward+foo).
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
+ extension (example: .forward+foo).
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
[<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
<b>DESCRIPTION</b>
- The <a href="postalias.1.html"><b>postalias</b>(1)</a> command creates or queries one or more
- Postfix alias databases, or updates an existing one. The
- input and output file formats are expected to be compati-
- ble with Sendmail version 8, and are expected to be suit-
- able for the use as NIS alias maps.
-
- If the result files do not exist they will be created with
- the same group and other read permissions as their source
- file.
-
- While a database update is in progress, signal delivery is
- postponed, and an exclusive, advisory, lock is placed on
- the entire database, in order to avoid surprises in spec-
- tator processes.
-
- The format of Postfix alias input files is described in
- <a href="aliases.5.html"><b>aliases</b>(5)</a>.
-
- By default the lookup key is mapped to lowercase to make
- the lookups case insensitive; as of Postfix 2.3 this case
- folding happens only with tables whose lookup keys are
- fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or <a href="DATABASE_README.html#types">hash</a>:. With
- earlier versions, the lookup key is folded even with
- tables where a lookup field can match both upper and lower
- case text, such as <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in
- loss of information with $<i>number</i> substitutions.
+ The <a href="postalias.1.html"><b>postalias</b>(1)</a> command creates or queries one or more Postfix alias
+ databases, or updates an existing one. The input and output file for-
+ mats are expected to be compatible with Sendmail version 8, and are
+ expected to be suitable for the use as NIS alias maps.
+
+ If the result files do not exist they will be created with the same
+ group and other read permissions as their source file.
+
+ While a database update is in progress, signal delivery is postponed,
+ and an exclusive, advisory, lock is placed on the entire database, in
+ order to avoid surprises in spectator processes.
+
+ The format of Postfix alias input files is described in <a href="aliases.5.html"><b>aliases</b>(5)</a>.
+
+ By default the lookup key is mapped to lowercase to make the lookups
+ case insensitive; as of Postfix 2.3 this case folding happens only with
+ tables whose lookup keys are fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or
+ <a href="DATABASE_README.html#types">hash</a>:. With earlier versions, the lookup key is folded even with tables
+ where a lookup field can match both upper and lower case text, such as
+ <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in loss of information with $<i>number</i>
+ substitutions.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
- directory instead of the default configuration
- directory.
-
- <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is zero when the
- requested information was found.
-
- If a key value of <b>-</b> is specified, the program reads
- key values from the standard input stream. The exit
- status is zero when at least one of the requested
- keys was found.
-
- <b>-f</b> Do not fold the lookup key to lower case while cre-
- ating or querying a table.
-
- With Postfix version 2.3 and later, this option has
- no effect for regular expression tables. There,
- case folding is controlled by appending a flag to a
- pattern.
-
- <b>-i</b> Incremental mode. Read entries from standard input
- and do not truncate an existing database. By
- default, <a href="postalias.1.html"><b>postalias</b>(1)</a> creates a new database from
- the entries in <i>file</i><b>_</b><i>name</i>.
-
- <b>-N</b> Include the terminating null character that termi-
- nates lookup keys and values. By default, <b>postal-</b>
- <b>ias</b>(1) does whatever is the default for the host
- operating system.
-
- <b>-n</b> Don't include the terminating null character that
- terminates lookup keys and values. By default,
- <a href="postalias.1.html"><b>postalias</b>(1)</a> does whatever is the default for the
- host operating system.
-
- <b>-o</b> Do not release root privileges when processing a
- non-root input file. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> drops
- root privileges and runs as the source file owner
- instead.
-
- <b>-p</b> Do not inherit the file access permissions from the
- input file when creating a new file. Instead, cre-
- ate a new file with default access permissions
- (mode 0644).
-
- <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the
- first value found to the standard output stream.
- The exit status is zero when the requested informa-
- tion was found.
-
- If a key value of <b>-</b> is specified, the program reads
- key values from the standard input stream and
- writes one line of <i>key: value</i> output for each key
- that was found. The exit status is zero when at
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one entry per map.
+ The exit status is zero when the requested information was
+ found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream. The exit status is zero when at
least one of the requested keys was found.
- <b>-r</b> When updating a table, do not complain about
- attempts to update existing entries, and make those
- updates anyway.
+ <b>-f</b> Do not fold the lookup key to lower case while creating or
+ querying a table.
+
+ With Postfix version 2.3 and later, this option has no effect
+ for regular expression tables. There, case folding is controlled
+ by appending a flag to a pattern.
+
+ <b>-i</b> Incremental mode. Read entries from standard input and do not
+ truncate an existing database. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> creates
+ a new database from the entries in <i>file</i><b>_</b><i>name</i>.
+
+ <b>-N</b> Include the terminating null character that terminates lookup
+ keys and values. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> does whatever is the
+ default for the host operating system.
+
+ <b>-n</b> Don't include the terminating null character that terminates
+ lookup keys and values. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> does whatever
+ is the default for the host operating system.
+
+ <b>-o</b> Do not release root privileges when processing a non-root input
+ file. By default, <a href="postalias.1.html"><b>postalias</b>(1)</a> drops root privileges and runs as
+ the source file owner instead.
+
+ <b>-p</b> Do not inherit the file access permissions from the input file
+ when creating a new file. Instead, create a new file with
+ default access permissions (mode 0644).
- <b>-s</b> Retrieve all database elements, and write one line
- of <i>key: value</i> output for each element. The elements
- are printed in database order, which is not neces-
- sarily the same as the original input order. This
- feature is available in Postfix version 2.2 and
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the first value
+ found to the standard output stream. The exit status is zero
+ when the requested information was found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream and writes one line of <i>key: value</i>
+ output for each key that was found. The exit status is zero when
+ at least one of the requested keys was found.
+
+ <b>-r</b> When updating a table, do not complain about attempts to update
+ existing entries, and make those updates anyway.
+
+ <b>-s</b> Retrieve all database elements, and write one line of <i>key: value</i>
+ output for each element. The elements are printed in database
+ order, which is not necessarily the same as the original input
+ order. This feature is available in Postfix version 2.2 and
later, and is not available for all database types.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
- <b>-w</b> When updating a table, do not complain about
- attempts to update existing entries, and ignore
- those attempts.
+ <b>-w</b> When updating a table, do not complain about attempts to update
+ existing entries, and ignore those attempts.
Arguments:
<i>file</i><b>_</b><i>type</i>
- The database type. To find out what types are sup-
- ported, use the "<b>postconf -m</b>" command.
-
- The <a href="postalias.1.html"><b>postalias</b>(1)</a> command can query any supported
- file type, but it can create only the following
- file types:
-
- <b>btree</b> The output is a btree file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
- with support for <b>db</b> databases.
-
- <b>cdb</b> The output is one file named <i>file</i><b>_</b><i>name</i><b>.cdb</b>.
- This is available on systems with support
- for <b>cdb</b> databases.
-
- <b>dbm</b> The output consists of two files, named
- <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available on systems with support for <b>dbm</b>
- databases.
-
- <b>hash</b> The output is a hashed file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
- with support for <b>db</b> databases.
-
- <b>fail</b> A table that reliably fails all requests.
- The lookup table name is used for logging
- only. This table exists to simplify Postfix
- error tests.
-
- <b>sdbm</b> The output consists of two files, named
- <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available on systems with support for <b>sdbm</b>
- databases.
-
- When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
- the database type specified via the <b><a href="postconf.5.html#default_database_type">default_data</a>-</b>
- <b><a href="postconf.5.html#default_database_type">base_type</a></b> configuration parameter. The default
- value for this parameter depends on the host envi-
- ronment.
+ The database type. To find out what types are supported, use the
+ "<b>postconf -m</b>" command.
+
+ The <a href="postalias.1.html"><b>postalias</b>(1)</a> command can query any supported file type, but
+ it can create only the following file types:
+
+ <b>btree</b> The output is a btree file, named <i>file</i><b>_</b><i>name</i><b>.db</b>. This is
+ available on systems with support for <b>db</b> databases.
+
+ <b>cdb</b> The output is one file named <i>file</i><b>_</b><i>name</i><b>.cdb</b>. This is
+ available on systems with support for <b>cdb</b> databases.
+
+ <b>dbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>dbm</b> databases.
+
+ <b>hash</b> The output is a hashed file, named <i>file</i><b>_</b><i>name</i><b>.db</b>. This is
+ available on systems with support for <b>db</b> databases.
+
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging only. This table exists to
+ simplify Postfix error tests.
+
+ <b>sdbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>sdbm</b> databases.
+
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses the database
+ type specified via the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. The default value for this parameter depends on the
+ host environment.
<i>file</i><b>_</b><i>name</i>
- The name of the alias database source file when
- creating a database.
+ The name of the alias database source file when creating a data-
+ base.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream and to
- <b>syslogd</b>(8). No output means that no problems were
- detected. Duplicate entries are skipped and are flagged
- with a warning.
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8). No
+ output means that no problems were detected. Duplicate entries are
+ skipped and are flagged with a warning.
- <a href="postalias.1.html"><b>postalias</b>(1)</a> terminates with zero exit status in case of
- success (including successful "<b>postalias -q</b>" lookup) and
- terminates with non-zero exit status in case of failure.
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> terminates with zero exit status in case of success
+ (including successful "<b>postalias -q</b>" lookup) and terminates with non-
+ zero exit status in case of failure.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
- updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> (16777216)</b>
- The per-table I/O buffer size for programs that
- create Berkeley DB hash or btree tables.
+ The per-table I/O buffer size for programs that create Berkeley
+ DB hash or btree tables.
<b><a href="postconf.5.html#berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> (131072)</b>
- The per-table I/O buffer size for programs that
- read Berkeley DB hash or btree tables.
+ The per-table I/O buffer size for programs that read Berkeley DB
+ hash or btree tables.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
- The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postcat</b> [<b>-bdehnoqv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>files</i>...]
<b>DESCRIPTION</b>
- The <a href="postcat.1.html"><b>postcat</b>(1)</a> command prints the contents of the named
- <i>files</i> in human-readable form. The files are expected to be
- in Postfix queue file format. If no <i>files</i> are specified on
- the command line, the program reads from standard input.
+ The <a href="postcat.1.html"><b>postcat</b>(1)</a> command prints the contents of the named <i>files</i> in human-
+ readable form. The files are expected to be in Postfix queue file for-
+ mat. If no <i>files</i> are specified on the command line, the program reads
+ from standard input.
- By default, <a href="postcat.1.html"><b>postcat</b>(1)</a> shows the envelope and message con-
- tent, as if the options <b>-beh</b> were specified. To view mes-
- sage content only, specify <b>-bh</b> (Postfix 2.7 and later).
+ By default, <a href="postcat.1.html"><b>postcat</b>(1)</a> shows the envelope and message content, as if
+ the options <b>-beh</b> were specified. To view message content only, specify
+ <b>-bh</b> (Postfix 2.7 and later).
Options:
- <b>-b</b> Show body content. The <b>-b</b> option starts producing
- output at the first non-header line, and stops when
- the end of the message is reached.
+ <b>-b</b> Show body content. The <b>-b</b> option starts producing output at the
+ first non-header line, and stops when the end of the message is
+ reached.
This feature is available in Postfix 2.7 and later.
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
<b>-d</b> Print the decimal type of each record.
This feature is available in Postfix 2.7 and later.
- <b>-h</b> Show message header content. The <b>-h</b> option pro-
- duces output from the beginning of the message up
- to, but not including, the first non-header line.
+ <b>-h</b> Show message header content. The <b>-h</b> option produces output from
+ the beginning of the message up to, but not including, the first
+ non-header line.
This feature is available in Postfix 2.7 and later.
<b>-o</b> Print the queue file offset of each record.
- <b>-q</b> Search the Postfix queue for the named <i>files</i>
- instead of taking the names literally.
+ <b>-q</b> Search the Postfix queue for the named <i>files</i> instead of taking
+ the names literally.
This feature is available in Postfix 2.0 and later.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>DIAGNOSTICS</b>
Problems are reported to the standard error stream.
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b>FILES</b>
/var/spool/postfix, Postfix queue directory
<a href="postconf.5.html">postconf(5)</a>, Postfix configuration
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>SYNOPSIS</b>
<b>Managing <a href="postconf.5.html">main.cf</a>:</b>
- <b>postconf</b> [<b>-dfhnopvx</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<b>-C</b> <i>class,...</i>] [<i>parame-</i>
- <i>ter ...</i>]
+ <b>postconf</b> [<b>-dfhnopvx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-C</b> <i>class,...</i>] [<i>parameter ...</i>]
- <b>postconf</b> [<b>-epv</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>parameter</i><b>=</b><i>value ...</i>
+ <b>postconf</b> [<b>-epv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter</i><b>=</b><i>value ...</i>
- <b>postconf -#</b> [<b>-pv</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>parameter ...</i>
+ <b>postconf -#</b> [<b>-pv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter ...</i>
- <b>postconf -X</b> [<b>-pv</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>parameter ...</i>
+ <b>postconf -X</b> [<b>-pv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>parameter ...</i>
<b>Managing <a href="master.5.html">master.cf</a> service entries:</b>
- <b>postconf -M</b> [<b>-fovx</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>] <i>...</i>]
+ <b>postconf -M</b> [<b>-fovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>] <i>...</i>]
- <b>postconf -M</b> [<b>-ev</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>=</b><i>value ...</i>
+ <b>postconf -M</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>=</b><i>value ...</i>
- <b>postconf -M#</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
+ <b>postconf -M#</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
- <b>postconf -MX</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
+ <b>postconf -MX</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type ...</i>
<b>Managing <a href="master.5.html">master.cf</a> service fields:</b>
- <b>postconf -F</b> [<b>-fovx</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>field</i>]]
- <i>...</i>]
+ <b>postconf -F</b> [<b>-fovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>field</i>]] <i>...</i>]
- <b>postconf -F</b> [<b>-ev</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>field</i><b>=</b><i>value</i>
- <i>...</i>
+ <b>postconf -F</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>field</i><b>=</b><i>value ...</i>
<b>Managing <a href="master.5.html">master.cf</a> service parameters:</b>
- <b>postconf -P</b> [<b>-fovx</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>parame-</i>
- <i>ter</i>]] <i>...</i>]
+ <b>postconf -P</b> [<b>-fovx</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>service</i>[<b>/</b><i>type</i>[<b>/</b><i>parameter</i>]] <i>...</i>]
- <b>postconf -P</b> [<b>-ev</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parame-</i>
- <i>ter</i><b>=</b><i>value ...</i>
+ <b>postconf -P</b> [<b>-ev</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter</i><b>=</b><i>value ...</i>
- <b>postconf -PX</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter ...</i>
+ <b>postconf -PX</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>service</i><b>/</b><i>type</i><b>/</b><i>parameter ...</i>
<b>Managing bounce message templates:</b>
- <b>postconf -b</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
+ <b>postconf -b</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
- <b>postconf -t</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
+ <b>postconf -t</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<i>template</i><b>_</b><i>file</i>]
<b>Managing other configuration:</b>
- <b>postconf -a</b>|<b>-A</b>|<b>-l</b>|<b>-m</b> [<b>-v</b>] [<b>-c</b> <i>conf</i><b>_</b><i>dir</i>]
+ <b>postconf -a</b>|<b>-A</b>|<b>-l</b>|<b>-m</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
<b>DESCRIPTION</b>
- By default, the <a href="postconf.1.html"><b>postconf</b>(1)</a> command displays the values of
- <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters, and warns about possible
- mis-typed parameter names (Postfix 2.9 and later). It can
- also change <a href="postconf.5.html"><b>main.cf</b></a> configuration parameter values, or
- display other configuration information about the Postfix
- mail system.
+ By default, the <a href="postconf.1.html"><b>postconf</b>(1)</a> command displays the values of <a href="postconf.5.html"><b>main.cf</b></a> con-
+ figuration parameters, and warns about possible mis-typed parameter
+ names (Postfix 2.9 and later). It can also change <a href="postconf.5.html"><b>main.cf</b></a> configura-
+ tion parameter values, or display other configuration information about
+ the Postfix mail system.
Options:
- <b>-a</b> List the available SASL server plug-in types. The
- SASL plug-in type is selected with the
- <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> configuration parameter by specify-
- ing one of the names listed below.
+ <b>-a</b> List the available SASL server plug-in types. The SASL plug-in
+ type is selected with the <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b> configuration parame-
+ ter by specifying one of the names listed below.
- <b>cyrus</b> This server plug-in is available when Post-
- fix is built with Cyrus SASL support.
+ <b>cyrus</b> This server plug-in is available when Postfix is built
+ with Cyrus SASL support.
<b>dovecot</b>
- This server plug-in uses the Dovecot authen-
- tication server, and is available when Post-
- fix is built with any form of SASL support.
+ This server plug-in uses the Dovecot authentication
+ server, and is available when Postfix is built with any
+ form of SASL support.
- This feature is available with Postfix 2.3 and
- later.
+ This feature is available with Postfix 2.3 and later.
- <b>-A</b> List the available SASL client plug-in types. The
- SASL plug-in type is selected with the
- <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> configuration
- parameters by specifying one of the names listed
+ <b>-A</b> List the available SASL client plug-in types. The SASL plug-in
+ type is selected with the <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b> or <b><a href="postconf.5.html#lmtp_sasl_type">lmtp_sasl_type</a></b> con-
+ figuration parameters by specifying one of the names listed
below.
- <b>cyrus</b> This client plug-in is available when Post-
- fix is built with Cyrus SASL support.
+ <b>cyrus</b> This client plug-in is available when Postfix is built
+ with Cyrus SASL support.
- This feature is available with Postfix 2.3 and
- later.
+ This feature is available with Postfix 2.3 and later.
<b>-b</b> [<i>template</i><b>_</b><i>file</i>]
- Display the message text that appears at the begin-
- ning of delivery status notification (DSN) mes-
- sages, replacing $<b>name</b> expressions with actual val-
- ues as described in <a href="bounce.5.html"><b>bounce</b>(5)</a>.
+ Display the message text that appears at the beginning of deliv-
+ ery status notification (DSN) messages, replacing $<b>name</b> expres-
+ sions with actual values as described in <a href="bounce.5.html"><b>bounce</b>(5)</a>.
- To override the built-in templates, specify a tem-
- plate file name at the end of the <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
- mand line, or specify a file name in <a href="postconf.5.html"><b>main.cf</b></a> with
- the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter.
+ To override the built-in templates, specify a template file name
+ at the end of the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, or specify a file
+ name in <a href="postconf.5.html"><b>main.cf</b></a> with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter.
- To force selection of the built-in templates, spec-
- ify an empty template file name on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
- command line (in shell language: "").
+ To force selection of the built-in templates, specify an empty
+ template file name on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line (in shell
+ language: "").
- This feature is available with Postfix 2.3 and
- later.
+ This feature is available with Postfix 2.3 and later.
- <b>-c</b> <i>conf</i><b>_</b><i>dir</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory.
+ <b>-c</b> <i>config</i><b>_</b><i>dir</i>
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
<b>-C</b> <i>class,...</i>
- When displaying <a href="postconf.5.html"><b>main.cf</b></a> parameters, select only
- parameters from the specified class(es):
+ When displaying <a href="postconf.5.html"><b>main.cf</b></a> parameters, select only parameters from
+ the specified class(es):
<b>builtin</b>
Parameters with built-in names.
<b>service</b>
- Parameters with service-defined names (the
- first field of a <a href="master.5.html"><b>master.cf</b></a> entry plus a
- Postfix-defined suffix).
+ Parameters with service-defined names (the first field of
+ a <a href="master.5.html"><b>master.cf</b></a> entry plus a Postfix-defined suffix).
<b>user</b> Parameters with user-defined names.
The default is as if "<b>-C all</b>" is specified.
- <b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of
- actual settings. Specify <b>-df</b> to fold long lines
- for human readability (Postfix 2.9 and later).
+ <b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set-
+ tings. Specify <b>-df</b> to fold long lines for human readability
+ (Postfix 2.9 and later).
- <b>-e</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and update
- parameter settings with the "<i>name=value</i>" pairs on
- the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+ <b>-e</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and update parameter set-
+ tings with the "<i>name=value</i>" pairs on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
+ line.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- replace one or more service entries with new values
- as specified with "<i>service/type=value</i>" on the <a href="postconf.1.html"><b>post-</b></a>
- <a href="postconf.1.html"><b>conf</b>(1)</a> command line.
-
- With <b>-F</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- replace one or more service fields with new values
- as specied with "<i>service/type/field=value</i>" on the
- <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Currently, the "command"
- field contains the command name and command argu-
- ments. this may change in the near future, so that
- the "command" field contains only the command name,
- and a new "arguments" pseudofield contains the com-
- mand arguments.
-
- With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- add or update one or more service parameter set-
- tings (-o parameter=value settings) with new values
- as specied with "<i>service/type/parameter=value</i>" on
- the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
+ or more service entries with new values as specified with "<i>ser-</i>
+ <i>vice/type=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- In all cases the file is copied to a temporary file
- then renamed into place. Specify quotes to protect
- special characters and whitespace on the <a href="postconf.1.html"><b>post-</b></a>
- <a href="postconf.1.html"><b>conf</b>(1)</a> command line.
+ With <b>-F</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and replace one
+ or more service fields with new values as specied with "<i>ser-</i>
+ <i>vice/type/field=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Cur-
+ rently, the "command" field contains the command name and com-
+ mand arguments. this may change in the near future, so that the
+ "command" field contains only the command name, and a new "argu-
+ ments" pseudofield contains the command arguments.
- The <b>-e</b> option is no longer needed with Postfix ver-
- sion 2.8 and later.
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and add or
+ update one or more service parameter settings (-o parame-
+ ter=value settings) with new values as specied with "<i>ser-</i>
+ <i>vice/type/parameter=value</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- <b>-f</b> Fold long lines when printing <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a>
- configuration file entries, for human readability.
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters and
+ whitespace on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- This feature is available with Postfix 2.9 and
+ The <b>-e</b> option is no longer needed with Postfix version 2.8 and
later.
- <b>-F</b> Show <a href="master.5.html"><b>master.cf</b></a> per-entry field settings (by default
- all services and all fields), formatted as one
- "<i>service/type/field=value</i>" per line. Specify <b>-Ff</b> to
- fold long lines.
+ <b>-f</b> Fold long lines when printing <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> configuration
+ file entries, for human readability.
- Specify one or more "<i>service/type/field</i>" instances
- on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output
- to fields of interest. Trailing parameter name or
- service type fields that are omitted will be han-
- dled as "*" wildcard fields.
+ This feature is available with Postfix 2.9 and later.
- This feature is available with Postfix 2.11 and
- later.
+ <b>-F</b> Show <a href="master.5.html"><b>master.cf</b></a> per-entry field settings (by default all services
+ and all fields), formatted as one "<i>service/type/field=value</i>" per
+ line. Specify <b>-Ff</b> to fold long lines.
+
+ Specify one or more "<i>service/type/field</i>" instances on the <a href="postconf.1.html"><b>post-</b></a>
+ <a href="postconf.1.html"><b>conf</b>(1)</a> command line to limit the output to fields of interest.
+ Trailing parameter name or service type fields that are omitted
+ will be handled as "*" wildcard fields.
- <b>-h</b> Show parameter or attribute values without the
- "<i>name</i> = " label that normally precedes the value.
+ This feature is available with Postfix 2.11 and later.
- <b>-l</b> List the names of all supported mailbox locking
- methods. Postfix supports the following methods:
+ <b>-h</b> Show parameter or attribute values without the "<i>name</i> = " label
+ that normally precedes the value.
- <b>flock</b> A kernel-based advisory locking method for
- local files only. This locking method is
- available on systems with a BSD compatible
- library.
+ <b>-l</b> List the names of all supported mailbox locking methods. Post-
+ fix supports the following methods:
- <b>fcntl</b> A kernel-based advisory locking method for
- local and remote files.
+ <b>flock</b> A kernel-based advisory locking method for local files
+ only. This locking method is available on systems with a
+ BSD compatible library.
+
+ <b>fcntl</b> A kernel-based advisory locking method for local and
+ remote files.
<b>dotlock</b>
- An application-level locking method. An
- application locks a file named <i>filename</i> by
- creating a file named <i>filename</i><b>.lock</b>. The
- application is expected to remove its own
- lock file, as well as stale lock files that
- were left behind after abnormal program ter-
- mination.
-
- <b>-m</b> List the names of all supported lookup table types.
- In Postfix configuration files, lookup tables are
- specified as <i>type</i><b>:</b><i>name</i>, where <i>type</i> is one of the
- types listed below. The table <i>name</i> syntax depends
- on the lookup table type as described in the <a href="DATABASE_README.html">DATA</a>-
+ An application-level locking method. An application locks
+ a file named <i>filename</i> by creating a file named <i>file-</i>
+ <i>name</i><b>.lock</b>. The application is expected to remove its own
+ lock file, as well as stale lock files that were left
+ behind after abnormal program termination.
+
+ <b>-m</b> List the names of all supported lookup table types. In Postfix
+ configuration files, lookup tables are specified as <i>type</i><b>:</b><i>name</i>,
+ where <i>type</i> is one of the types listed below. The table <i>name</i> syn-
+ tax depends on the lookup table type as described in the <a href="DATABASE_README.html">DATA</a>-
<a href="DATABASE_README.html">BASE_README</a> document.
- <b>btree</b> A sorted, balanced tree structure. Avail-
- able on systems with support for Berkeley DB
- databases.
+ <b>btree</b> A sorted, balanced tree structure. Available on systems
+ with support for Berkeley DB databases.
- <b>cdb</b> A read-optimized structure with no support
- for incremental updates. Available on sys-
- tems with support for CDB databases.
+ <b>cdb</b> A read-optimized structure with no support for incremen-
+ tal updates. Available on systems with support for CDB
+ databases.
- <b>cidr</b> A table that associates values with Class-
- less Inter-Domain Routing (CIDR) patterns.
-
This is described in <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
+ <b>cidr</b> A table that associates values with Classless Inter-
+ Domain Routing (CIDR) patterns. This is described in
+ <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a>.
- <b>dbm</b> An indexed file type based on hashing.
- Available on systems with support for DBM
- databases.
+ <b>dbm</b> An indexed file type based on hashing. Available on sys-
+ tems with support for DBM databases.
<b>environ</b>
- The UNIX process environment array. The
- lookup key is the variable name. Originally
- implemented for testing, someone may find
- this useful someday.
+ The UNIX process environment array. The lookup key is the
+ variable name. Originally implemented for testing, some-
+ one may find this useful someday.
- <b>fail</b> A table that reliably fails all requests.
- The lookup table name is used for logging.
- This table exists to simplify Postfix error
- tests.
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging. This table exists to sim-
+ plify Postfix error tests.
- <b>hash</b> An indexed file type based on hashing.
- Available on systems with support for Berke-
- ley DB databases.
+ <b>hash</b> An indexed file type based on hashing. Available on sys-
+ tems with support for Berkeley DB databases.
<b>internal</b>
- A non-shared, in-memory hash table. Its con-
- tent are lost when a process terminates.
+ A non-shared, in-memory hash table. Its content are lost
+ when a process terminates.
- <b>lmdb</b> OpenLDAP LMDB database (a memory-mapped,
- persistent file). Available on systems with
- support for LMDB databases. This is
- described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
+ <b>lmdb</b> OpenLDAP LMDB database (a memory-mapped, persistent
+ file). Available on systems with support for LMDB data-
+ bases. This is described in <a href="lmdb_table.5.html"><b>lmdb_table</b>(5)</a>.
<b>ldap</b> (read-only)
- LDAP database client. This is described in
- <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
+ LDAP database client. This is described in <a href="ldap_table.5.html"><b>ldap_table</b>(5)</a>.
<b>memcache</b>
- Memcache database client. This is described
- in <a href="memcache_table.5.html"><b>memcache_table</b>(5)</a>.
+ Memcache database client. This is described in <a href="memcache_table.5.html"><b>mem-</b></a>
+ <a href="memcache_table.5.html"><b>cache_table</b>(5)</a>.
<b>mysql</b> (read-only)
- MySQL database client. Available on systems
- with support for MySQL databases. This is
- described in <a href="mysql_table.5.html"><b>mysql_table</b>(5)</a>.
+ MySQL database client. Available on systems with support
+ for MySQL databases. This is described in <a href="mysql_table.5.html"><b>mysql_ta-</b></a>
+ <a href="mysql_table.5.html"><b>ble</b>(5)</a>.
<b>pcre</b> (read-only)
- A lookup table based on Perl Compatible Reg-
- ular Expressions. The file format is
- described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ A lookup table based on Perl Compatible Regular Expres-
+ sions. The file format is described in <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
<b>pgsql</b> (read-only)
- PostgreSQL database client. This is
-
described in <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
+ PostgreSQL database client. This is described in
+ <a href="pgsql_table.5.html"><b>pgsql_table</b>(5)</a>.
- <b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access
- to Postfix databases. The table name syntax
- is <i>type</i><b>:</b><i>name</i>.
+ <b>proxy</b> Postfix <a href="proxymap.8.html"><b>proxymap</b>(8)</a> client for shared access to Postfix
+ databases. The table name syntax is <i>type</i><b>:</b><i>name</i>.
<b>regexp</b> (read-only)
- A lookup table based on regular expressions.
- The file format is described in <a href="regexp_table.5.html"><b>regexp_ta-</b></a>
- <a href="regexp_table.5.html"><b>ble</b>(5)</a>.
+ A lookup table based on regular expressions. The file
+ format is described in <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>.
- <b>sdbm</b> An indexed file type based on hashing.
- Available on systems with support for SDBM
- databases.
+ <b>sdbm</b> An indexed file type based on hashing. Available on sys-
+ tems with support for SDBM databases.
<b>socketmap</b> (read-only)
- Sendmail-style socketmap client. The table
- name is <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP
- server, or <b>unix</b>:<i>pathname</i>:<i>name</i> for a UNIX-
- domain server. This is described in <a href="socketmap_table.5.html"><b>sock-</b></a>
- <a href="socketmap_table.5.html"><b>etmap_table</b>(5)</a>.
+ Sendmail-style socketmap client. The table name is
+ <b>inet</b>:<i>host</i>:<i>port</i>:<i>name</i> for a TCP/IP server, or <b>unix</b>:<i>path-</i>
+ <i>name</i>:<i>name</i> for a UNIX-domain server. This is described in
+ <a href="socketmap_table.5.html"><b>socketmap_table</b>(5)</a>.
<b>sqlite</b> (read-only)
- SQLite database. This is described in
- <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
+ SQLite database. This is described in <a href="sqlite_table.5.html"><b>sqlite_table</b>(5)</a>.
<b>static</b> (read-only)
- A table that always returns its name as
- lookup result. For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b>
- always returns the string <b>foobar</b> as lookup
- result.
+ A table that always returns its name as lookup result.
+ For example, <b><a href="DATABASE_README.html#types">static</a>:foobar</b> always returns the string <b>foo-</b>
+ <b>bar</b> as lookup result.
<b>tcp</b> (read-only)
- TCP/IP client. The protocol is described in
- <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
+ TCP/IP client. The protocol is described in <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
<b>texthash</b> (read-only)
- Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files,
- except that you don't need to run the
- <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can use the
- file, and that it does not detect changes
- after the file is read.
+ Produces similar results as <a href="DATABASE_README.html#types">hash</a>: files, except that you
+ don't need to run the <a href="postmap.1.html"><b>postmap</b>(1)</a> command before you can
+ use the file, and that it does not detect changes after
+ the file is read.
<b>unix</b> (read-only)
- A limited view of the UNIX authentication
- database. The following tables are imple-
- mented:
+ A limited view of the UNIX authentication database. The
+ following tables are implemented:
<b>unix:passwd.byname</b>
- The table is the UNIX password data-
- base. The key is a login name. The
- result is a password file entry in
- <b>passwd</b>(5) format.
+ The table is the UNIX password database. The key
+ is a login name. The result is a password file
+ entry in <b>passwd</b>(5) format.
<b>unix:group.byname</b>
- The table is the UNIX group database.
- The key is a group name. The result
- is a group file entry in <b>group</b>(5)
- format.
-
- Other table types may exist depending on how Post-
- fix was built.
-
- <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a>
- file contents. Specify <b>-Mf</b> to fold long lines for
- human readability.
-
- Specify zero or more arguments, each with a <i>ser-</i>
- <i>vice-name</i> or <i>service-name/service-type</i> pair, where
- <i>service-name</i> is the first field of a <a href="master.5.html">master.cf</a>
- entry and <i>service-type</i> is one of (<b>inet</b>, <b>unix</b>, <b>fifo</b>,
- or <b>pass</b>).
-
- If <i>service-name</i> or <i>service-name/service-type</i> is
- specified, only the matching <a href="master.5.html">master.cf</a> entries will
- be output. For example, "<b>postconf -Mf smtp</b>" will
- output all services named "smtp", and "<b>postconf -Mf</b>
- <b>smtp/inet</b>" will output only the smtp service that
- listens on the network. Trailing service type
- fields that are omitted will be handled as "*"
- wildcard fields.
-
- This feature is available with Postfix 2.9 and
- later. The syntax was changed from "<i>name.type</i>" to
- "<i>name/type</i>", and "*" wildcard support was added
- with Postfix 2.11.
-
- <b>-n</b> Show only configuration parameters that have
- explicit <i>name=value</i> settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify
- <b>-nf</b> to fold long lines for human readability (Post-
- fix 2.9 and later).
+ The table is the UNIX group database. The key is a
+ group name. The result is a group file entry in
+ <b>group</b>(5) format.
+
+ Other table types may exist depending on how Postfix was built.
+
+ <b>-M</b> Show <a href="master.5.html"><b>master.cf</b></a> file contents instead of <a href="postconf.5.html"><b>main.cf</b></a> file contents.
+ Specify <b>-Mf</b> to fold long lines for human readability.
+
+ Specify zero or more arguments, each with a <i>service-name</i> or <i>ser-</i>
+ <i>vice-name/service-type</i> pair, where <i>service-name</i> is the first
+ field of a <a href="master.5.html">master.cf</a> entry and <i>service-type</i> is one of (<b>inet</b>,
+ <b>unix</b>, <b>fifo</b>, or <b>pass</b>).
+
+ If <i>service-name</i> or <i>service-name/service-type</i> is specified, only
+ the matching <a href="master.5.html">master.cf</a> entries will be output. For example,
+ "<b>postconf -Mf smtp</b>" will output all services named "smtp", and
+ "<b>postconf -Mf smtp/inet</b>" will output only the smtp service that
+ listens on the network. Trailing service type fields that are
+ omitted will be handled as "*" wildcard fields.
+
+ This feature is available with Postfix 2.9 and later. The syntax
+ was changed from "<i>name.type</i>" to "<i>name/type</i>", and "*" wildcard
+ support was added with Postfix 2.11.
+
+ <b>-n</b> Show only configuration parameters that have explicit <i>name=value</i>
+ settings in <a href="postconf.5.html"><b>main.cf</b></a>. Specify <b>-nf</b> to fold long lines for human
+ readability (Postfix 2.9 and later).
<b>-o</b> <i>name=value</i>
Override <a href="postconf.5.html"><b>main.cf</b></a> parameter settings.
- This feature is available with Postfix 2.10 and
- later.
+ This feature is available with Postfix 2.10 and later.
- <b>-p</b> Show <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This is the
- default.
+ <b>-p</b> Show <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This is the default.
- <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by
- default all services and all parameters). format-
- ted as one "<i>service/type/parameter=value</i>" per line.
- Specify <b>-Pf</b> to fold long lines.
+ <b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
+ vices and all parameters). formatted as one "<i>ser-</i>
+ <i>vice/type/parameter=value</i>" per line. Specify <b>-Pf</b> to fold long
+ lines.
- Specify one or more "<i>service/type/parameter</i>"
- instances on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit
- the output to parameters of interest. Trailing
- parameter name or service type fields that are
- omitted will be handled as "*" wildcard fields.
+ Specify one or more "<i>service/type/parameter</i>" instances on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line to limit the output to parameters of
+ interest. Trailing parameter name or service type fields that
+ are omitted will be handled as "*" wildcard fields.
- This feature is available with Postfix 2.11 and
- later.
+ This feature is available with Postfix 2.11 and later.
<b>-t</b> [<i>template</i><b>_</b><i>file</i>]
- Display the templates for text that appears at the
- beginning of delivery status notification (DSN)
- messages, without expanding $<b>name</b> expressions.
+ Display the templates for text that appears at the beginning of
+ delivery status notification (DSN) messages, without expanding
+ $<b>name</b> expressions.
- To override the built-in templates, specify a tem-
- plate file name at the end of the <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
- mand line, or specify a file name in <a href="postconf.5.html"><b>main.cf</b></a> with
- the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter.
+ To override the built-in templates, specify a template file name
+ at the end of the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, or specify a file
+ name in <a href="postconf.5.html"><b>main.cf</b></a> with the <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a></b> parameter.
- To force selection of the built-in templates, spec-
- ify an empty template file name on the <a href="postconf.1.html"><b>postconf</b>(1)</a>
- command line (in shell language: "").
+ To force selection of the built-in templates, specify an empty
+ template file name on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line (in shell
+ language: "").
- This feature is available with Postfix 2.3 and
- later.
+ This feature is available with Postfix 2.3 and later.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
- <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter val-
- ues. The expansion is recursive.
+ <b>-x</b> Expand <i>$name</i> in <a href="postconf.5.html"><b>main.cf</b></a> or <a href="master.5.html"><b>master.cf</b></a> parameter values. The
+ expansion is recursive.
- This feature is available with Postfix 2.10 and
- later.
+ This feature is available with Postfix 2.10 and later.
- <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the
- parameters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- Specify a list of parameter names, not "<i>name=value</i>"
- pairs.
+ <b>-X</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and remove the parameters
+ named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line. Specify a list of param-
+ eter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- remove one or more service entries as specified
- with "<i>service/type</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
- line.
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service entries as specified with "<i>service/type</i>" on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- remove one or more service parameter settings (-o
- parameter=value settings) as specied with "<i>ser-</i>
- <i>vice/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
- line.
+ With <b>-P</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and remove one
+ or more service parameter settings (-o parameter=value settings)
+ as specied with "<i>service/type/parameter</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> com-
+ mand line.
- In all cases the file is copied to a temporary file
- then renamed into place. Specify quotes to protect
-
special characters on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the
- reverse operation.
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ tion.
- This feature is available with Postfix 2.10 and
- later. Support for -M and -P was added with Post-
- fix 2.11.
+ This feature is available with Postfix 2.10 and later. Support
+ for -M and -P was added with Postfix 2.11.
- <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment
- out the parameters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
- line, so that those parameters revert to their
- default values. Specify a list of parameter names,
- not "<i>name=value</i>" pairs.
+ <b>-#</b> Edit the <a href="postconf.5.html"><b>main.cf</b></a> configuration file, and comment out the parame-
+ ters named on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line, so that those param-
+ eters revert to their default values. Specify a list of parame-
+ ter names, not "<i>name=value</i>" pairs.
- With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and
- comment out one or more service entries as speci-
- fied with "<i>service/type</i>" on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command
- line.
+ With <b>-M</b>, edit the <a href="master.5.html"><b>master.cf</b></a> configuration file, and comment out
+ one or more service entries as specified with "<i>service/type</i>" on
+ the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- In all cases the file is copied to a temporary file
- then renamed into place. Specify quotes to protect
-
special characters on the <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
+ In all cases the file is copied to a temporary file then renamed
+ into place. Specify quotes to protect special characters on the
+ <a href="postconf.1.html"><b>postconf</b>(1)</a> command line.
- There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the
- reverse operation.
+ There is no <a href="postconf.1.html"><b>postconf</b>(1)</a> command to perform the reverse opera-
+ tion.
- This feature is available with Postfix 2.6 and
- later. Support for -M was added with Postfix 2.11.
+ This feature is available with Postfix 2.6 and later. Support
+ for -M was added with Postfix 2.11.
<b>DIAGNOSTICS</b>
Problems are reported to the standard error stream.
Directory with Postfix configuration files.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
- sage templates.
+ Pathname of a configuration file with bounce message templates.
<b>FILES</b>
/etc/postfix/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
<b>postdrop</b> [<b>-rv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
<b>DESCRIPTION</b>
- The <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command creates a file in the <b>maildrop</b>
- directory and copies its standard input to the file.
+ The <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command creates a file in the <b>maildrop</b> directory and
+ copies its standard input to the file.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory. See also the MAIL_CONFIG environment
- setting below.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
- <b>-r</b> Use a Postfix-internal protocol for reading the
- message from standard input, and for reporting sta-
- tus information on standard output. This is cur-
- rently the only supported method.
+ <b>-r</b> Use a Postfix-internal protocol for reading the message from
+ standard input, and for reporting status information on standard
+ output. This is currently the only supported method.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose. As of Postfix 2.3, this option is avail-
- able for the super-user only.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose. As of Postfix
+ 2.3, this option is available for the super-user only.
<b>SECURITY</b>
- The command is designed to run with set-group ID privi-
- leges, so that it can write to the <b>maildrop</b> queue direc-
- tory and so that it can connect to Postfix daemon pro-
- cesses.
+ The command is designed to run with set-group ID privileges, so that it
+ can write to the <b>maildrop</b> queue directory and so that it can connect to
+ Postfix daemon processes.
<b>DIAGNOSTICS</b>
- Fatal errors: malformed input, I/O error, out of memory.
- Problems are logged to <b>syslogd</b>(8) and to the standard
- error stream. When the input is incomplete, or when the
- process receives a HUP, INT, QUIT or TERM signal, the
- queue file is deleted.
+ Fatal errors: malformed input, I/O error, out of memory. Problems are
+ logged to <b>syslogd</b>(8) and to the standard error stream. When the input
+ is incomplete, or when the process receives a HUP, INT, QUIT or TERM
+ signal, the queue file is deleted.
<b>ENVIRONMENT</b>
MAIL_CONFIG
- Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid
- exploitation of set-group ID privileges, a non-
- standard directory is allowed only if:
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-standard directory is allowed
+ only if:
- <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a>
- file with the <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b>
- configuration parameter.
+ <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
- A list of non-default Postfix configuration direc-
- tories that may be specified with "-c <a href="postconf.5.html#config_directory">config_direc</a>-
- <a href="postconf.5.html#config_directory">tory</a>" on the command line, or via the MAIL_CONFIG
- environment parameter.
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or
+ via the MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
- process will import from a non-Postfix parent
- process.
+ The list of environment parameters that a Postfix process will
+ import from a non-Postfix parent process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
- The time limit for sending a trigger to a Postfix
- daemon (for example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> dae-
- mon).
+ The time limit for sending a trigger to a Postfix daemon (for
+ example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail
- with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
- leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
<b>FILES</b>
/var/spool/postfix/<a href="QSHAPE_README.html#maildrop_queue">maildrop</a>, <a href="QSHAPE_README.html#maildrop_queue">maildrop queue</a>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
postfix-wrapper - Postfix multi-instance API
<b>DESCRIPTION</b>
- Support for managing multiple Postfix instances is avail-
- able as of version 2.6. Instances share executable files
- and documentation, but have their own directories for con-
- figuration, queue and data files.
+ Support for managing multiple Postfix instances is available as of ver-
+ sion 2.6. Instances share executable files and documentation, but have
+ their own directories for configuration, queue and data files.
- This document describes how the familiar "postfix start"
- etc. user interface can be used to manage one or multiple
- Postfix instances, and gives details of an API to coordi-
- nate activities between the <a href="postfix.1.html">postfix(1)</a> command and a
- multi-instance manager program.
+ This document describes how the familiar "postfix start" etc. user
+ interface can be used to manage one or multiple Postfix instances, and
+ gives details of an API to coordinate activities between the <a href="postfix.1.html">postfix(1)</a>
+ command and a multi-instance manager program.
- With multi-instance support, the default Postfix instance
- is always required. This instance is identified by the
- <a href="postconf.5.html#config_directory">config_directory</a> parameter's default value.
+ With multi-instance support, the default Postfix instance is always
+ required. This instance is identified by the <a href="postconf.5.html#config_directory">config_directory</a> parame-
+ ter's default value.
<b>GENERAL OPERATION</b>
- Multi-instance support is backwards compatible: when you
- run only one Postfix instance, commands such as "postfix
- start" will not change behavior at all.
+ Multi-instance support is backwards compatible: when you run only one
+ Postfix instance, commands such as "postfix start" will not change
+ behavior at all.
- Even with multiple Postfix instances, you can keep using
- the same postfix commands in boot scripts, upgrade proce-
- dures, and other places. The commands do more work, but
- humans are not forced to learn new tricks.
+ Even with multiple Postfix instances, you can keep using the same post-
+ fix commands in boot scripts, upgrade procedures, and other places. The
+ commands do more work, but humans are not forced to learn new tricks.
For example, to start all Postfix instances, use:
# postfix start
- Other <a href="postfix.1.html">postfix(1)</a> commands also work as expected. For exam-
- ple, to find out what Postfix instances exist in a multi-
- instance configuration, use:
+ Other <a href="postfix.1.html">postfix(1)</a> commands also work as expected. For example, to find
+ out what Postfix instances exist in a multi-instance configuration,
+ use:
# postfix status
- This enumerates the status of all Postfix instances within
- a multi-instance configuration.
+ This enumerates the status of all Postfix instances within a multi-
+ instance configuration.
<b>MANAGING AN INDIVIDUAL POSTFIX INSTANCE</b>
- To manage a specific Postfix instance, specify its config-
-
uration directory on the <a href="postfix.1.html">postfix(1)</a> command line:
+ To manage a specific Postfix instance, specify its configuration direc-
+ tory on the <a href="postfix.1.html">postfix(1)</a> command line:
# postfix -c <i>/path/to/config</i><b>_</b><i>directory command</i>
- Alternatively, the <a href="postfix.1.html">postfix(1)</a> command accepts the
- instance's configuration directory via the MAIL_CONFIG
- environment variable (the -c command-line option has
- higher precedence).
+ Alternatively, the <a href="postfix.1.html">postfix(1)</a> command accepts the instance's configura-
+ tion directory via the MAIL_CONFIG environment variable (the -c com-
+ mand-line option has higher precedence).
- Otherwise, the <a href="postfix.1.html">postfix(1)</a> command will operate on all
- Postfix instances.
+ Otherwise, the <a href="postfix.1.html">postfix(1)</a> command will operate on all Postfix
+ instances.
<b>ENABLING POSTFIX(1) MULTI-INSTANCE MODE</b>
- By default, the <a href="postfix.1.html">postfix(1)</a> command operates in single-
- instance mode. In this mode the command invokes the post-
- fix-script file directly (currently installed in the dae-
- mon directory). This file contains the commands that
- start or stop one Postfix instance, that upgrade the con-
- figuration of one Postfix instance, and so on.
-
- When the <a href="postfix.1.html">postfix(1)</a> command operates in multi-instance
- mode as discussed below, the command needs to execute
- start, stop, etc. commands for each Postfix instance.
- This multiplication of commands is handled by a multi-
- instance manager program.
-
- Turning on <a href="postfix.1.html">postfix(1)</a> multi-instance mode goes as follows:
- in the default Postfix instance's <a href="postconf.5.html">main.cf</a> file, 1) specify
- the pathname of a multi-instance manager program with the
- <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter; 2) populate the
- <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter with the configura-
- tion directory pathnames of additional Postfix instances.
- For example:
+ By default, the <a href="postfix.1.html">postfix(1)</a> command operates in single-instance mode. In
+ this mode the command invokes the postfix-script file directly (cur-
+ rently installed in the daemon directory). This file contains the com-
+ mands that start or stop one Postfix instance, that upgrade the config-
+ uration of one Postfix instance, and so on.
+
+ When the <a href="postfix.1.html">postfix(1)</a> command operates in multi-instance mode as dis-
+ cussed below, the command needs to execute start, stop, etc. commands
+ for each Postfix instance. This multiplication of commands is handled
+ by a multi-instance manager program.
+
+ Turning on <a href="postfix.1.html">postfix(1)</a> multi-instance mode goes as follows: in the
+ default Postfix instance's <a href="postconf.5.html">main.cf</a> file, 1) specify the pathname of a
+ multi-instance manager program with the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parame-
+ ter; 2) populate the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter with the con-
+ figuration directory pathnames of additional Postfix instances. For
+ example:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper
<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> = /etc/postfix-test
- The $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper file implements a
- simple manager and contains instructions for creating
- Postfix instances by hand. The <a href="postmulti.1.html">postmulti(1)</a> command pro-
- vides a more extensive implementation including support
- for life-cycle management.
+ The $<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper file implements a simple manager
+ and contains instructions for creating Postfix instances by hand. The
+ <a href="postmulti.1.html">postmulti(1)</a> command provides a more extensive implementation including
+ support for life-cycle management.
- The <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> and other <a href="postconf.5.html">main.cf</a> parame-
- ters are listed below in the CONFIGURATION PARAMETERS sec-
- tion.
+ The <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> and other <a href="postconf.5.html">main.cf</a> parameters are listed
+ below in the CONFIGURATION PARAMETERS section.
- In multi-instance mode, the <a href="postfix.1.html">postfix(1)</a> command invokes the
- $<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> command instead of the postfix-
- script file. This multi-instance manager in turn executes
- the <a href="postfix.1.html">postfix(1)</a> command in single-instance mode for each
- Postfix instance.
+ In multi-instance mode, the <a href="postfix.1.html">postfix(1)</a> command invokes the
+ $<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> command instead of the postfix-script file.
+ This multi-instance manager in turn executes the <a href="postfix.1.html">postfix(1)</a> command in
+ single-instance mode for each Postfix instance.
- To illustrate the main ideas behind multi-instance opera-
- tion, below is an example of a simple but useful multi-
- instance manager implementation:
+ To illustrate the main ideas behind multi-instance operation, below is
+ an example of a simple but useful multi-instance manager implementa-
+ tion:
#!/bin/sh
exit $err
<b>PER-INSTANCE MULTI-INSTANCE MANAGER CONTROLS</b>
- Each Postfix instance has its own <a href="postconf.5.html">main.cf</a> file with param-
- eters that control how the multi-instance manager operates
- on that instance. This section discusses the most impor-
- tant settings.
-
- The setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes" allows the
- multi-instance manager to start (stop, etc.) the corre-
- sponding Postfix instance. For safety reasons, this set-
- ting is not the default.
-
- The default setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no" is useful
- for manual testing with "postfix -c <i>/path/name</i> start" etc.
- The multi-instance manager will not start such an
- instance, and it will skip commands such as "stop" or
- "flush" that require a running Postfix instance. The
- multi-instance manager will execute commands such as
- "check", "set-permissions" or "upgrade-configuration", and
- it will replace "start" by "check" so that problems will
- be reported even when the instance is disabled.
+ Each Postfix instance has its own <a href="postconf.5.html">main.cf</a> file with parameters that
+ control how the multi-instance manager operates on that instance. This
+ section discusses the most important settings.
+
+ The setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes" allows the multi-instance
+ manager to start (stop, etc.) the corresponding Postfix instance. For
+ safety reasons, this setting is not the default.
+
+ The default setting "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = no" is useful for manual
+ testing with "postfix -c <i>/path/name</i> start" etc. The multi-instance
+ manager will not start such an instance, and it will skip commands such
+ as "stop" or "flush" that require a running Postfix instance. The
+ multi-instance manager will execute commands such as "check", "set-per-
+ missions" or "upgrade-configuration", and it will replace "start" by
+ "check" so that problems will be reported even when the instance is
+ disabled.
<b>MAINTAINING SHARED AND NON-SHARED FILES</b>
- Some files are shared between Postfix instances, such as
- executables and manpages, and some files are per-instance,
- such as configuration files, mail queue files, and data
- files. See the NON-SHARED FILES section below for a list
- of per-instance files.
-
- Before Postfix multi-instance support was implemented, the
- executables, manpages, etc., have always been maintained
- as part of the default Postfix instance.
-
- With multi-instance support, we simply continue to do
- this. Specifically, a Postfix instance will not check or
- update shared files when that instance's <a href="postconf.5.html#config_directory">config_directory</a>
- value is listed with the default <a href="postconf.5.html">main.cf</a> file's
- <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter.
-
- The consequence of this approach is that the default Post-
- fix instance should be checked and updated before any
- other instances.
+ Some files are shared between Postfix instances, such as executables
+ and manpages, and some files are per-instance, such as configuration
+ files, mail queue files, and data files. See the NON-SHARED FILES sec-
+ tion below for a list of per-instance files.
+
+ Before Postfix multi-instance support was implemented, the executables,
+ manpages, etc., have always been maintained as part of the default
+ Postfix instance.
+
+ With multi-instance support, we simply continue to do this. Specifi-
+ cally, a Postfix instance will not check or update shared files when
+ that instance's <a href="postconf.5.html#config_directory">config_directory</a> value is listed with the default
+ <a href="postconf.5.html">main.cf</a> file's <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter.
+
+ The consequence of this approach is that the default Postfix instance
+ should be checked and updated before any other instances.
<b>MULTI-INSTANCE API SUMMARY</b>
- Only the multi-instance manager implements support for the
- <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> configuration parameter. The multi-
- instance manager will start only Postfix instances whose
- <a href="postconf.5.html">main.cf</a> file has "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". A setting
- of "no" allows a Postfix instance to be tested by hand.
-
- The <a href="postfix.1.html">postfix(1)</a> command operates on only one Postfix
- instance when the -c option is specified, or when
- MAIL_CONFIG is present in the process environment. This is
- necessary to terminate recursion.
-
- Otherwise, when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter
- value is non-empty, the <a href="postfix.1.html">postfix(1)</a> command executes the
- command specified with the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parame-
- ter, instead of executing the commands in postfix-script.
-
- The multi-instance manager skips commands such as "stop"
- or "reload" that require a running Postfix instance, when
- an instance does not have "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes".
- This avoids false error messages.
-
- The multi-instance manager replaces a "start" command by
- "check" when a Postfix instance's <a href="postconf.5.html">main.cf</a> file does not
- have "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". This substitution
- ensures that problems will be reported even when the
- instance is disabled.
-
- No Postfix command or script will update or check shared
- files when its <a href="postconf.5.html#config_directory">config_directory</a> value is listed in the
- default <a href="postconf.5.html">main.cf</a>'s <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter
- value. Therefore, the default instance should be checked
- and updated before any Postfix instances that depend on
- it.
-
- Set-gid commands such as <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a>
- effectively append the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parame-
- ter value to the legacy <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a>
- parameter value. The commands use this information to
- determine whether a -c option or MAIL_CONFIG environment
+ Only the multi-instance manager implements support for the
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> configuration parameter. The multi-instance man-
+ ager will start only Postfix instances whose <a href="postconf.5.html">main.cf</a> file has
+ "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". A setting of "no" allows a Postfix
+ instance to be tested by hand.
+
+ The <a href="postfix.1.html">postfix(1)</a> command operates on only one Postfix instance when the
+ -c option is specified, or when MAIL_CONFIG is present in the process
+ environment. This is necessary to terminate recursion.
+
+ Otherwise, when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value is non-
+ empty, the <a href="postfix.1.html">postfix(1)</a> command executes the command specified with the
+ <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> parameter, instead of executing the commands in
+ postfix-script.
+
+ The multi-instance manager skips commands such as "stop" or "reload"
+ that require a running Postfix instance, when an instance does not have
+ "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes". This avoids false error messages.
+
+ The multi-instance manager replaces a "start" command by "check" when a
+ Postfix instance's <a href="postconf.5.html">main.cf</a> file does not have "<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> =
+ yes". This substitution ensures that problems will be reported even
+ when the instance is disabled.
+
+ No Postfix command or script will update or check shared files when its
+ <a href="postconf.5.html#config_directory">config_directory</a> value is listed in the default <a href="postconf.5.html">main.cf</a>'s
+ <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value. Therefore, the default
+ instance should be checked and updated before any Postfix instances
+ that depend on it.
+
+ Set-gid commands such as <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a> effectively
+ append the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value to the legacy
+ <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter value. The commands use this
+ information to determine whether a -c option or MAIL_CONFIG environment
setting specifies a legitimate value.
- The legacy <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter remains
- necessary for non-default Postfix instances that are run-
- ning different versions of Postfix, or that are not man-
- aged together with the default Postfix instance.
+ The legacy <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter remains necessary for
+ non-default Postfix instances that are running different versions of
+ Postfix, or that are not managed together with the default Postfix
+ instance.
<b>ENVIRONMENT VARIABLES</b>
MAIL_CONFIG
- When present, this forces the <a href="postfix.1.html">postfix(1)</a> command to
- operate only on the specified Postfix instance.
- This environment variable is exported by the <a href="postfix.1.html">post-</a>
- <a href="postfix.1.html">fix(1)</a> -c option, so that <a href="postfix.1.html">postfix(1)</a> commands in
- descendant processes will work correctly.
+ When present, this forces the <a href="postfix.1.html">postfix(1)</a> command to operate only
+ on the specified Postfix instance. This environment variable is
+ exported by the <a href="postfix.1.html">postfix(1)</a> -c option, so that <a href="postfix.1.html">postfix(1)</a> com-
+ mands in descendant processes will work correctly.
<b>CONFIGURATION PARAMETERS</b>
- The text below provides only a parameter summary. See
- <a href="postconf.5.html">postconf(5)</a> for more details.
+ The text below provides only a parameter summary. See <a href="postconf.5.html">postconf(5)</a> for
+ more details.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configura-
- tion directories; these directories belong to addi-
- tional Postfix instances that share the Postfix
- executable files and documentation with the default
- Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> (empty)</b>
- The pathname of a multi-instance manager command
- that the <a href="postfix.1.html"><b>postfix</b>(1)</a> command invokes when the
- <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value is non-
- empty.
+ The pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
+ <a href="postfix.1.html"><b>fix</b>(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+ parameter value is non-empty.
<b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
- The optional instance name of this Postfix
- instance.
+ The optional instance name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
- The optional instance group name of this Postfix
- instance.
+ The optional instance group name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
- Allow this Postfix instance to be started, stopped,
- etc., by a multi-instance manager.
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
<b>NON-SHARED FILES</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix-writable data files (for
- example: caches, pseudo-random numbers).
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b>SEE ALSO</b>
<a href="postfix.1.html">postfix(1)</a> Postfix control program
$<a href="postconf.5.html#daemon_directory">daemon_directory</a>/postfix-wrapper simple multi-instance manager
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postfix</b> [<b>-Dv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <i>command</i>
<b>DESCRIPTION</b>
- This command is reserved for the superuser. To submit
-
mail, use the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
+ This command is reserved for the superuser. To submit mail, use the
+ Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> command controls the operation of the Post-
- fix mail system: start or stop the <a href="master.8.html"><b>master</b>(8)</a> daemon, do a
- health check, and other maintenance.
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> command controls the operation of the Postfix mail sys-
+ tem: start or stop the <a href="master.8.html"><b>master</b>(8)</a> daemon, do a health check, and other
+ maintenance.
- By default, the <a href="postfix.1.html"><b>postfix</b>(1)</a> command sets up a standardized
- environment and runs the <b>postfix-script</b> shell script to do
- the actual work.
+ By default, the <a href="postfix.1.html"><b>postfix</b>(1)</a> command sets up a standardized environment
+ and runs the <b>postfix-script</b> shell script to do the actual work.
- However, when support for multiple Postfix instances is
- configured, <a href="postfix.1.html"><b>postfix</b>(1)</a> executes the command specified with
- the <b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a></b> configuration parameter. This
- command will execute the <i>command</i> for each applicable Post-
- fix instance.
+ However, when support for multiple Postfix instances is configured,
+ <a href="postfix.1.html"><b>postfix</b>(1)</a> executes the command specified with the <b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrap</a>-</b>
+ <b><a href="postconf.5.html#multi_instance_wrapper">per</a></b> configuration parameter. This command will execute the <i>command</i> for
+ each applicable Postfix instance.
The following commands are implemented:
- <b>check</b> Warn about bad directory/file ownership or permis-
- sions, and create missing directories.
+ <b>check</b> Warn about bad directory/file ownership or permissions, and cre-
+ ate missing directories.
- <b>start</b> Start the Postfix mail system. This also runs the
- configuration check described above.
+ <b>start</b> Start the Postfix mail system. This also runs the configuration
+ check described above.
- <b>stop</b> Stop the Postfix mail system in an orderly fashion.
- If possible, running processes are allowed to ter-
- minate at their earliest convenience.
+ <b>stop</b> Stop the Postfix mail system in an orderly fashion. If possible,
+ running processes are allowed to terminate at their earliest
+ convenience.
- Note: in order to refresh the Postfix mail system
- after a configuration change, do not use the <b>start</b>
- and <b>stop</b> commands in succession. Use the <b>reload</b>
- command instead.
+ Note: in order to refresh the Postfix mail system after a con-
+ figuration change, do not use the <b>start</b> and <b>stop</b> commands in
+ succession. Use the <b>reload</b> command instead.
- <b>abort</b> Stop the Postfix mail system abruptly. Running pro-
- cesses are signaled to stop immediately.
+ <b>abort</b> Stop the Postfix mail system abruptly. Running processes are
+ signaled to stop immediately.
- <b>flush</b> Force delivery: attempt to deliver every message in
- the deferred mail queue. Normally, attempts to
- deliver delayed mail happen at regular intervals,
- the interval doubling after each failed attempt.
+ <b>flush</b> Force delivery: attempt to deliver every message in the deferred
+ mail queue. Normally, attempts to deliver delayed mail happen at
+ regular intervals, the interval doubling after each failed
+ attempt.
- Warning: flushing undeliverable mail frequently
- will result in poor delivery performance of all
- other mail.
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
- <b>reload</b> Re-read configuration files. Running processes ter-
- minate at their earliest convenience.
+ <b>reload</b> Re-read configuration files. Running processes terminate at
+ their earliest convenience.
- <b>status</b> Indicate if the Postfix mail system is currently
- running.
+ <b>status</b> Indicate if the Postfix mail system is currently running.
<b>set-permissions [</b><i>name</i>=<i>value ...</i><b>]</b>
- Set the ownership and permissions of Postfix
- related files and directories, as specified in the
- <b>postfix-files</b> file.
+ Set the ownership and permissions of Postfix related files and
+ directories, as specified in the <b>postfix-files</b> file.
- Specify <i>name</i>=<i>value</i> to override and update specific
- <a href="postconf.5.html">main.cf</a> configuration parameters. Use this, for
- example, to change the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b>
- setting for an already installed Postfix system.
+ Specify <i>name</i>=<i>value</i> to override and update specific <a href="postconf.5.html">main.cf</a> con-
+ figuration parameters. Use this, for example, to change the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> or <b><a href="postconf.5.html#setgid_group">setgid_group</a></b> setting for an already installed
+ Postfix system.
- This feature is available in Postfix 2.1 and later.
- With Postfix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_direc</a>-</b>
- <b><a href="postconf.5.html#config_directory">tory</a>/post-install set-permissions</b>".
+ This feature is available in Postfix 2.1 and later. With Post-
+ fix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_directory</a>/post-install set-</b>
+ <b>permissions</b>".
<b>upgrade-configuration [</b><i>name</i>=<i>value ...</i><b>]</b>
- Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with infor-
- mation that Postfix needs in order to run: add or
- update services, and add or update configuration
- parameter settings.
+ Update the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> files with information that
+ Postfix needs in order to run: add or update services, and add
+ or update configuration parameter settings.
- Specify <i>name</i>=<i>value</i> to override and update specific
- <a href="postconf.5.html">main.cf</a> configuration parameters.
+ Specify <i>name</i>=<i>value</i> to override and update specific <a href="postconf.5.html">main.cf</a> con-
+ figuration parameters.
- This feature is available in Postfix 2.1 and later.
- With Postfix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_direc</a>-</b>
- <b><a href="postconf.5.html#config_directory">tory</a>/post-install upgrade-configuration</b>".
+ This feature is available in Postfix 2.1 and later. With Post-
+ fix 2.0 and earlier, use "<b>$<a href="postconf.5.html#config_directory">config_directory</a>/post-install</b>
+ <b>upgrade-configuration</b>".
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files
- in the named directory instead of the default con-
- figuration directory. Use this to distinguish
- between multiple Postfix instances on the same
- host.
-
- With Postfix 2.6 and later, this option forces the
- <a href="postfix.1.html">postfix(1)</a> command to operate on the specified
- Postfix instance only. This behavior is inherited
- by <a href="postfix.1.html">postfix(1)</a> commands that run as a descendant of
- the current process.
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> and <a href="master.5.html"><b>master.cf</b></a> configuration files in the named
+ directory instead of the default configuration directory. Use
+ this to distinguish between multiple Postfix instances on the
+ same host.
+
+ With Postfix 2.6 and later, this option forces the <a href="postfix.1.html">postfix(1)</a>
+ command to operate on the specified Postfix instance only. This
+ behavior is inherited by <a href="postfix.1.html">postfix(1)</a> commands that run as a
+ descendant of the current process.
<b>-D</b> (with <b>postfix start</b> only)
- Run each Postfix daemon under control of a debugger
- as specified via the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
- parameter.
+ Run each Postfix daemon under control of a debugger as specified
+ via the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>ENVIRONMENT</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment
- variables before executing the <b>postfix-script</b> file:
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> command exports the following environment variables
+ before executing the <b>postfix-script</b> file:
<b>MAIL_CONFIG</b>
- This is set when the -c command-line option is
- present.
+ This is set when the -c command-line option is present.
- With Postfix 2.6 and later, this environment vari-
- able forces the <a href="postfix.1.html">postfix(1)</a> command to operate on
- the specified Postfix instance only. This behavior
- is inherited by <a href="postfix.1.html">postfix(1)</a> commands that run as a
- descendant of the current process.
+ With Postfix 2.6 and later, this environment variable forces the
+ <a href="postfix.1.html">postfix(1)</a> command to operate on the specified Postfix instance
+ only. This behavior is inherited by <a href="postfix.1.html">postfix(1)</a> commands that
+ run as a descendant of the current process.
<b>MAIL_VERBOSE</b>
- This is set when the -v command-line option is
- present.
+ This is set when the -v command-line option is present.
<b>MAIL_DEBUG</b>
- This is set when the -D command-line option is
- present.
+ This is set when the -D command-line option is present.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are
- exported as environment variables with the same names:
+ The following <a href="postconf.5.html"><b>main.cf</b></a> configuration parameters are exported as environ-
+ ment variables with the same names:
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#setgid_group">setgid_group</a> (postdrop)</b>
- The group ownership of set-gid Postfix commands and
- of group-writable Postfix directories.
+ The group ownership of set-gid Postfix commands and of group-
+ writable Postfix directories.
<b><a href="postconf.5.html#sendmail_path">sendmail_path</a> (see 'postconf -d' output)</b>
- A Sendmail compatibility feature that specifies the
-
location of the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
+ A Sendmail compatibility feature that specifies the location of
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command.
<b><a href="postconf.5.html#newaliases_path">newaliases_path</a> (see 'postconf -d' output)</b>
- Sendmail compatibility feature that specifies the
-
location of the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
+ Sendmail compatibility feature that specifies the location of
+ the <a href="newaliases.1.html"><b>newaliases</b>(1)</a> command.
<b><a href="postconf.5.html#mailq_path">mailq_path</a> (see 'postconf -d' output)</b>
- Sendmail compatibility feature that specifies where
-
the Postfix <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
+ Sendmail compatibility feature that specifies where the Postfix
+ <a href="mailq.1.html"><b>mailq</b>(1)</a> command is installed.
<b><a href="postconf.5.html#html_directory">html_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix HTML files that describe
- how to build, configure or operate a specific Post-
- fix subsystem or feature.
+ The location of Postfix HTML files that describe how to build,
+ configure or operate a specific Postfix subsystem or feature.
<b><a href="postconf.5.html#manpage_directory">manpage_directory</a> (see 'postconf -d' output)</b>
Where the Postfix manual pages are installed.
<b><a href="postconf.5.html#readme_directory">readme_directory</a> (see 'postconf -d' output)</b>
- The location of Postfix README files that describe
- how to build, configure or operate a specific Post-
- fix subsystem or feature.
+ The location of Postfix README files that describe how to build,
+ configure or operate a specific Postfix subsystem or feature.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix-writable data files (for
- example: caches, pseudo-random numbers).
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
Other configuration parameters:
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
- process will import from a non-Postfix parent
- process.
+ The list of environment parameters that a Postfix process will
+ import from a non-Postfix parent process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configura-
- tion directories; these directories belong to addi-
- tional Postfix instances that share the Postfix
- executable files and documentation with the default
- Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b><a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> (empty)</b>
- The pathname of a multi-instance manager command
- that the <a href="postfix.1.html"><b>postfix</b>(1)</a> command invokes when the
- <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter value is non-
- empty.
+ The pathname of a multi-instance manager command that the <a href="postfix.1.html"><b>post-</b></a>
+ <a href="postfix.1.html"><b>fix</b>(1)</a> command invokes when the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
+ parameter value is non-empty.
<b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
- The optional instance group name of this Postfix
- instance.
+ The optional instance group name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
- The optional instance name of this Postfix
- instance.
+ The optional instance name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
- Allow this Postfix instance to be started, stopped,
- etc., by a multi-instance manager.
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
<b>FILES</b>
- Prior to Postfix version 2.6, all of the following files
- were in <b>$<a href="postconf.5.html#config_directory">config_directory</a></b>. Some files are now in <b>$<a href="postconf.5.html#daemon_directory">dae</a>-</b>
- <b><a href="postconf.5.html#daemon_directory">mon_directory</a></b> so that they can be shared among multiple
- instances that run the same Postfix version.
+ Prior to Postfix version 2.6, all of the following files were in <b>$<a href="postconf.5.html#config_directory">con</a>-</b>
+ <b><a href="postconf.5.html#config_directory">fig_directory</a></b>. Some files are now in <b>$<a href="postconf.5.html#daemon_directory">daemon_directory</a></b> so that they can
+ be shared among multiple instances that run the same Postfix version.
- Use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" or "<b>postconf</b>
- <b><a href="postconf.5.html#daemon_directory">daemon_directory</a></b>" to expand the names into their actual
- values.
+ Use the command "<b>postconf <a href="postconf.5.html#config_directory">config_directory</a></b>" or "<b>postconf <a href="postconf.5.html#daemon_directory">daemon_direc</a>-</b>
+ <b><a href="postconf.5.html#daemon_directory">tory</a></b>" to expand the names into their actual values.
$<a href="postconf.5.html#config_directory">config_directory</a>/<a href="postconf.5.html">main.cf</a>, Postfix configuration parameters
$<a href="postconf.5.html#config_directory">config_directory</a>/<a href="master.5.html">master.cf</a>, Postfix daemon processes
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postkick</b> [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-v</b>] <i>class service request</i>
<b>DESCRIPTION</b>
- The <a href="postkick.1.html"><b>postkick</b>(1)</a> command sends <i>request</i> to the specified
- <i>service</i> over a local transport channel. This command
- makes Postfix private IPC accessible for use in, for exam-
- ple, shell scripts.
+ The <a href="postkick.1.html"><b>postkick</b>(1)</a> command sends <i>request</i> to the specified <i>service</i> over a
+ local transport channel. This command makes Postfix private IPC acces-
+ sible for use in, for example, shell scripts.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
- directory instead of the default configuration
- directory.
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
Arguments:
- <i>class</i> Name of a class of local transport channel end-
- points, either <b>public</b> (accessible by any local
- user) or <b>private</b> (administrative access only).
+ <i>class</i> Name of a class of local transport channel endpoints, either
+ <b>public</b> (accessible by any local user) or <b>private</b> (administrative
+ access only).
<i>service</i>
- The name of a local transport endpoint within the
- named class.
+ The name of a local transport endpoint within the named class.
<i>request</i>
- A string. The list of valid requests is service-
- specific.
+ A string. The list of valid requests is service-specific.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the standard error
- stream.
+ Problems and transactions are logged to the standard error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#application_event_drain_time">application_event_drain_time</a> (100s)</b>
- How long the <a href="postkick.1.html"><b>postkick</b>(1)</a> command waits for a
- request to enter the Postfix daemon process input
- buffer before giving up.
+ How long the <a href="postkick.1.html"><b>postkick</b>(1)</a> command waits for a request to enter
+ the Postfix daemon process input buffer before giving up.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b>FILES</b>
/var/spool/postfix/private, private class endpoints
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>[-v</b>] <i>file command...</i>
<b>DESCRIPTION</b>
- The <a href="postlock.1.html"><b>postlock</b>(1)</a> command locks <i>file</i> for exclusive access,
- and executes <i>command</i>. The locking method is compatible
- with the Postfix UNIX-style local delivery agent.
+ The <a href="postlock.1.html"><b>postlock</b>(1)</a> command locks <i>file</i> for exclusive access, and executes
+ <i>command</i>. The locking method is compatible with the Postfix UNIX-style
+ local delivery agent.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
- directory instead of the default configuration
- directory.
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
<b>-l</b> <i>lock</i><b>_</b><i>style</i>
- Override the locking method specified via the <b><a href="postconf.5.html#mailbox_delivery_lock">mail</a>-</b>
- <b><a href="postconf.5.html#mailbox_delivery_lock">box_delivery_lock</a></b> configuration parameter (see
- below).
+ Override the locking method specified via the <b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_deliv</a>-</b>
+ <b><a href="postconf.5.html#mailbox_delivery_lock">ery_lock</a></b> configuration parameter (see below).
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
Arguments:
- <i>file</i> A mailbox file. The user should have read/write
- permission.
+ <i>file</i> A mailbox file. The user should have read/write permission.
<i>command...</i>
- The command to execute while <i>file</i> is locked for
- exclusive access. The command is executed
- directly, i.e. without interpretation by a shell
- command interpreter.
+ The command to execute while <i>file</i> is locked for exclusive
+ access. The command is executed directly, i.e. without inter-
+ pretation by a shell command interpreter.
<b>DIAGNOSTICS</b>
- The result status is 75 (EX_TEMPFAIL) when <a href="postlock.1.html"><b>postlock</b>(1)</a>
- could not perform the requested operation. Otherwise, the
- exit status is the exit status from the command.
+ The result status is 75 (EX_TEMPFAIL) when <a href="postlock.1.html"><b>postlock</b>(1)</a> could not per-
+ form the requested operation. Otherwise, the exit status is the exit
+ status from the command.
<b>BUGS</b>
- With remote file systems, the ability to acquire a lock
- does not necessarily eliminate access conflicts. Avoid
- file access by processes running on different machines.
+ With remote file systems, the ability to acquire a lock does not neces-
+ sarily eliminate access conflicts. Avoid file access by processes run-
+ ning on different machines.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
- lockfile is removed.
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before
- attempting delivery.
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
+ delivery.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
- The maximal number of attempts to fork() a child
- process.
+ The maximal number of attempts to fork() a child process.
<b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
- The delay between attempts to fork() a child
- process.
+ The delay between attempts to fork() a child process.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
postlog - Postfix-compatible logging utility
<b>SYNOPSIS</b>
- <b>postlog</b> [<b>-iv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-p</b> <i>priority</i><b>] [-t</b> <i>tag</i>]
- [<i>text...</i>]
+ <b>postlog</b> [<b>-iv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-p</b> <i>priority</i><b>] [-t</b> <i>tag</i>] [<i>text...</i>]
<b>DESCRIPTION</b>
- The <a href="postlog.1.html"><b>postlog</b>(1)</a> command implements a Postfix-compatible
- logging interface for use in, for example, shell scripts.
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command implements a Postfix-compatible logging inter-
+ face for use in, for example, shell scripts.
- By default, <a href="postlog.1.html"><b>postlog</b>(1)</a> logs the <i>text</i> given on the command
- line as one record. If no <i>text</i> is specified on the command
- line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads from standard input and logs each
- input line as one record.
+ By default, <a href="postlog.1.html"><b>postlog</b>(1)</a> logs the <i>text</i> given on the command line as one
+ record. If no <i>text</i> is specified on the command line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads
+ from standard input and logs each input line as one record.
- Logging is sent to <b>syslogd</b>(8); when the standard error
- stream is connected to a terminal, logging is sent there
- as well.
+ Logging is sent to <b>syslogd</b>(8); when the standard error stream is con-
+ nected to a terminal, logging is sent there as well.
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
- directory instead of the default configuration
- directory.
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
<b>-i</b> Include the process ID in the logging tag.
<b>-p</b> <i>priority</i>
- Specifies the logging severity: <b>info</b> (default),
- <b>warn</b>, <b>error</b>, <b>fatal</b>, or <b>panic</b>.
+ Specifies the logging severity: <b>info</b> (default), <b>warn</b>, <b>error</b>,
+ <b>fatal</b>, or <b>panic</b>.
- <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying
- name that appears at the beginning of each logging
- record. A default tag is used when none is speci-
- fied.
+ <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
+ appears at the beginning of each logging record. A default tag
+ is used when none is specified.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>ENVIRONMENT</b>
MAIL_CONFIG
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
syslogd(8), syslog daemon
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
[<i>file</i><b>_</b><i>type</i>:]<i>file</i><b>_</b><i>name</i> ...
<b>DESCRIPTION</b>
- The <a href="postmap.1.html"><b>postmap</b>(1)</a> command creates or queries one or more
- Postfix lookup tables, or updates an existing one. The
- input and output file formats are expected to be compati-
- ble with:
+ The <a href="postmap.1.html"><b>postmap</b>(1)</a> command creates or queries one or more Postfix lookup
+ tables, or updates an existing one. The input and output file formats
+ are expected to be compatible with:
<b>makemap</b> <i>file</i><b>_</b><i>type file</i><b>_</b><i>name</i> < <i>file</i><b>_</b><i>name</i>
- If the result files do not exist they will be created with
- the same group and other read permissions as their source
- file.
+ If the result files do not exist they will be created with the same
+ group and other read permissions as their source file.
- While the table update is in progress, signal delivery is
- postponed, and an exclusive, advisory, lock is placed on
- the entire table, in order to avoid surprises in spectator
- processes.
+ While the table update is in progress, signal delivery is postponed,
+ and an exclusive, advisory, lock is placed on the entire table, in
+ order to avoid surprises in spectator processes.
<b>INPUT FILE FORMAT</b>
The format of a lookup table input file is as follows:
<i>key</i> whitespace <i>value</i>
- <b>o</b> Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
-
- <b>o</b> A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
-
- The <i>key</i> and <i>value</i> are processed as is, except that sur-
- rounding white space is stripped off. Unlike with Postfix
- alias databases, quotes cannot be used to protect lookup
- keys that contain special characters such as `#' or white-
- space.
-
- By default the lookup key is mapped to lowercase to make
- the lookups case insensitive; as of Postfix 2.3 this case
- folding happens only with tables whose lookup keys are
- fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or <a href="DATABASE_README.html#types">hash</a>:. With
- earlier versions, the lookup key is folded even with
- tables where a lookup field can match both upper and lower
- case text, such as <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in
- loss of information with $<i>number</i> substitutions.
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
+
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ The <i>key</i> and <i>value</i> are processed as is, except that surrounding white
+ space is stripped off. Unlike with Postfix alias databases, quotes can-
+ not be used to protect lookup keys that contain special characters such
+ as `#' or whitespace.
+
+ By default the lookup key is mapped to lowercase to make the lookups
+ case insensitive; as of Postfix 2.3 this case folding happens only with
+ tables whose lookup keys are fixed-case strings such as <a href="DATABASE_README.html#types">btree</a>:, <a href="DATABASE_README.html#types">dbm</a>: or
+ <a href="DATABASE_README.html#types">hash</a>:. With earlier versions, the lookup key is folded even with tables
+ where a lookup field can match both upper and lower case text, such as
+ <a href="regexp_table.5.html">regexp</a>: and <a href="pcre_table.5.html">pcre</a>:. This resulted in loss of information with $<i>number</i>
+ substitutions.
<b>COMMAND-LINE ARGUMENTS</b>
- <b>-b</b> Enable message body query mode. When reading lookup
- keys from standard input with "<b>-q -</b>", process the
- input as if it is an email message in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> for-
- mat. Each line of body content becomes one lookup
- key.
-
- By default, the <b>-b</b> option starts generating lookup
- keys at the first non-header line, and stops when
- the end of the message is reached. To simulate
- <a href="header_checks.5.html"><b>body_checks</b>(5)</a> processing, enable MIME parsing with
- <b>-m</b>. With this, the <b>-b</b> option generates no body-
- style lookup keys for attachment MIME headers and
- for attached message/* headers.
-
- This feature is available in Postfix version 2.6
- and later.
+ <b>-b</b> Enable message body query mode. When reading lookup keys from
+ standard input with "<b>-q -</b>", process the input as if it is an
+ email message in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> format. Each line of body content
+ becomes one lookup key.
+
+ By default, the <b>-b</b> option starts generating lookup keys at the
+ first non-header line, and stops when the end of the message is
+ reached. To simulate <a href="header_checks.5.html"><b>body_checks</b>(5)</a> processing, enable MIME
+ parsing with <b>-m</b>. With this, the <b>-b</b> option generates no body-
+ style lookup keys for attachment MIME headers and for attached
+ message/* headers.
+
+ This feature is available in Postfix version 2.6 and later.
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
- directory instead of the default configuration
- directory.
-
- <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one
- entry per map. The exit status is zero when the
- requested information was found.
-
- If a key value of <b>-</b> is specified, the program reads
- key values from the standard input stream. The exit
- status is zero when at least one of the requested
- keys was found.
-
- <b>-f</b> Do not fold the lookup key to lower case while cre-
- ating or querying a table.
-
- With Postfix version 2.3 and later, this option has
- no effect for regular expression tables. There,
- case folding is controlled by appending a flag to a
- pattern.
-
- <b>-h</b> Enable message header query mode. When reading
- lookup keys from standard input with "<b>-q -</b>",
- process the input as if it is an email message in
- <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> format. Each logical header line becomes
- one lookup key. A multi-line header becomes one
- lookup key with one or more embedded newline char-
- acters.
-
- By default, the <b>-h</b> option generates lookup keys
- until the first non-header line is reached. To
- simulate <a href="header_checks.5.html"><b>header_checks</b>(5)</a> processing, enable MIME
- parsing with <b>-m</b>. With this, the <b>-h</b> option also gen-
- erates header-style lookup keys for attachment MIME
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ instead of the default configuration directory.
+
+ <b>-d</b> <i>key</i> Search the specified maps for <i>key</i> and remove one entry per map.
+ The exit status is zero when the requested information was
+ found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream. The exit status is zero when at
+ least one of the requested keys was found.
+
+ <b>-f</b> Do not fold the lookup key to lower case while creating or
+ querying a table.
+
+ With Postfix version 2.3 and later, this option has no effect
+ for regular expression tables. There, case folding is controlled
+ by appending a flag to a pattern.
+
+ <b>-h</b> Enable message header query mode. When reading lookup keys from
+ standard input with "<b>-q -</b>", process the input as if it is an
+ email message in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> format. Each logical header line
+ becomes one lookup key. A multi-line header becomes one lookup
+ key with one or more embedded newline characters.
+
+ By default, the <b>-h</b> option generates lookup keys until the first
+ non-header line is reached. To simulate <a href="header_checks.5.html"><b>header_checks</b>(5)</a> pro-
+ cessing, enable MIME parsing with <b>-m</b>. With this, the <b>-h</b> option
+ also generates header-style lookup keys for attachment MIME
headers and for attached message/* headers.
- This feature is available in Postfix version 2.6
- and later.
+ This feature is available in Postfix version 2.6 and later.
- <b>-i</b> Incremental mode. Read entries from standard input
- and do not truncate an existing database. By
- default, <a href="postmap.1.html"><b>postmap</b>(1)</a> creates a new database from the
- entries in <b>file_name</b>.
+ <b>-i</b> Incremental mode. Read entries from standard input and do not
+ truncate an existing database. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> creates a
+ new database from the entries in <b>file_name</b>.
<b>-m</b> Enable MIME parsing with "<b>-b</b>" and "<b>-h</b>".
- This feature is available in Postfix version 2.6
- and later.
-
- <b>-N</b> Include the terminating null character that termi-
- nates lookup keys and values. By default,
- <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is the default for the
- host operating system.
-
- <b>-n</b> Don't include the terminating null character that
- terminates lookup keys and values. By default,
- <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is the default for the
- host operating system.
-
- <b>-o</b> Do not release root privileges when processing a
- non-root input file. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> drops
- root privileges and runs as the source file owner
- instead.
-
- <b>-p</b> Do not inherit the file access permissions from the
- input file when creating a new file. Instead, cre-
- ate a new file with default access permissions
- (mode 0644).
-
- <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the
- first value found to the standard output stream.
- The exit status is zero when the requested informa-
- tion was found.
-
- If a key value of <b>-</b> is specified, the program reads
- key values from the standard input stream and
- writes one line of <i>key value</i> output for each key
- that was found. The exit status is zero when at
- least one of the requested keys was found.
+ This feature is available in Postfix version 2.6 and later.
+
+ <b>-N</b> Include the terminating null character that terminates lookup
+ keys and values. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is the
+ default for the host operating system.
+
+ <b>-n</b> Don't include the terminating null character that terminates
+ lookup keys and values. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> does whatever is
+ the default for the host operating system.
+
+ <b>-o</b> Do not release root privileges when processing a non-root input
+ file. By default, <a href="postmap.1.html"><b>postmap</b>(1)</a> drops root privileges and runs as
+ the source file owner instead.
+
+ <b>-p</b> Do not inherit the file access permissions from the input file
+ when creating a new file. Instead, create a new file with
+ default access permissions (mode 0644).
+
+ <b>-q</b> <i>key</i> Search the specified maps for <i>key</i> and write the first value
+ found to the standard output stream. The exit status is zero
+ when the requested information was found.
+
+ If a key value of <b>-</b> is specified, the program reads key values
+ from the standard input stream and writes one line of <i>key value</i>
+ output for each key that was found. The exit status is zero when
+ at least one of the requested keys was found.
- <b>-r</b> When updating a table, do not complain about
- attempts to update existing entries, and make those
- updates anyway.
+ <b>-r</b> When updating a table, do not complain about attempts to update
+ existing entries, and make those updates anyway.
- <b>-s</b> Retrieve all database elements, and write one line
- of <i>key value</i> output for each element. The elements
- are printed in database order, which is not neces-
- sarily the same as the original input order.
+ <b>-s</b> Retrieve all database elements, and write one line of <i>key value</i>
+ output for each element. The elements are printed in database
+ order, which is not necessarily the same as the original input
+ order.
- This feature is available in Postfix version 2.2
- and later, and is not available for all database
- types.
+ This feature is available in Postfix version 2.2 and later, and
+ is not available for all database types.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
- <b>-w</b> When updating a table, do not complain about
- attempts to update existing entries, and ignore
- those attempts.
+ <b>-w</b> When updating a table, do not complain about attempts to update
+ existing entries, and ignore those attempts.
Arguments:
<i>file</i><b>_</b><i>type</i>
- The database type. To find out what types are sup-
- ported, use the "<b>postconf -m</b>" command.
+ The database type. To find out what types are supported, use the
+ "<b>postconf -m</b>" command.
- The <a href="postmap.1.html"><b>postmap</b>(1)</a> command can query any supported file
- type, but it can create only the following file
- types:
+ The <a href="postmap.1.html"><b>postmap</b>(1)</a> command can query any supported file type, but it
+ can create only the following file types:
- <b>btree</b> The output file is a btree file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
- with support for <b>db</b> databases.
+ <b>btree</b> The output file is a btree file, named <i>file</i><b>_</b><i>name</i><b>.db</b>.
+ This is available on systems with support for <b>db</b> data-
+ bases.
- <b>cdb</b> The output consists of one file, named
- <i>file</i><b>_</b><i>name</i><b>.cdb</b>. This is available on systems
- with support for <b>cdb</b> databases.
+ <b>cdb</b> The output consists of one file, named <i>file</i><b>_</b><i>name</i><b>.cdb</b>.
+ This is available on systems with support for <b>cdb</b> data-
+ bases.
- <b>dbm</b> The output consists of two files, named
- <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available on systems with support for <b>dbm</b>
- databases.
+ <b>dbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>dbm</b> databases.
- <b>hash</b> The output file is a hashed file, named
- <i>file</i><b>_</b><i>name</i><b>.db</b>. This is available on systems
- with support for <b>db</b> databases.
+ <b>hash</b> The output file is a hashed file, named <i>file</i><b>_</b><i>name</i><b>.db</b>.
+ This is available on systems with support for <b>db</b> data-
+ bases.
- <b>fail</b> A table that reliably fails all requests.
- The lookup table name is used for logging
- only. This table exists to simplify Postfix
- error tests.
+ <b>fail</b> A table that reliably fails all requests. The lookup ta-
+ ble name is used for logging only. This table exists to
+ simplify Postfix error tests.
- <b>sdbm</b> The output consists of two files, named
- <i>file</i><b>_</b><i>name</i><b>.pag</b> and <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is
- available on systems with support for <b>sdbm</b>
- databases.
+ <b>sdbm</b> The output consists of two files, named <i>file</i><b>_</b><i>name</i><b>.pag</b> and
+ <i>file</i><b>_</b><i>name</i><b>.dir</b>. This is available on systems with support
+ for <b>sdbm</b> databases.
- When no <i>file</i><b>_</b><i>type</i> is specified, the software uses
- the database type specified via the <b><a href="postconf.5.html#default_database_type">default_data</a>-</b>
- <b><a href="postconf.5.html#default_database_type">base_type</a></b> configuration parameter.
+ When no <i>file</i><b>_</b><i>type</i> is specified, the software uses the database
+ type specified via the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter.
<i>file</i><b>_</b><i>name</i>
- The name of the lookup table source file when
- rebuilding a database.
+ The name of the lookup table source file when rebuilding a data-
+ base.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream and to
- <b>syslogd</b>(8). No output means that no problems were
- detected. Duplicate entries are skipped and are flagged
- with a warning.
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8). No
+ output means that no problems were detected. Duplicate entries are
+ skipped and are flagged with a warning.
- <a href="postmap.1.html"><b>postmap</b>(1)</a> terminates with zero exit status in case of
- success (including successful "<b>postmap -q</b>" lookup) and
- terminates with non-zero exit status in case of failure.
+ <a href="postmap.1.html"><b>postmap</b>(1)</a> terminates with zero exit status in case of success (includ-
+ ing successful "<b>postmap -q</b>" lookup) and terminates with non-zero exit
+ status in case of failure.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#berkeley_db_create_buffer_size">berkeley_db_create_buffer_size</a> (16777216)</b>
- The per-table I/O buffer size for programs that
- create Berkeley DB hash or btree tables.
+ The per-table I/O buffer size for programs that create Berkeley
+ DB hash or btree tables.
<b><a href="postconf.5.html#berkeley_db_read_buffer_size">berkeley_db_read_buffer_size</a> (131072)</b>
- The per-table I/O buffer size for programs that
- read Berkeley DB hash or btree tables.
+ The per-table I/O buffer size for programs that read Berkeley DB
+ hash or btree tables.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
- The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>LIFE-CYCLE MANAGEMENT:</b>
- <b>postmulti -e create</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>]
- [<b>-I</b> <i>name</i>] [<i>param=value</i> ...]
+ <b>postmulti -e create</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>] [<b>-I</b> <i>name</i>]
+ [<i>param=value</i> ...]
- <b>postmulti -e import</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>]
- [<b>
-I</b> <i>name</i>] [<b><a href="postconf.5.html#config_directory">config_directory</a>=</b><i>/path</i>]
+ <b>postmulti -e import</b> [<b>-av</b>] [<b>-g</b> <i>group</i>] [<b>-i</b> <i>name</i>] [<b>-G</b> <i>group</i>] [<b>-I</b> <i>name</i>]
+ [<b><a href="postconf.5.html#config_directory">config_directory</a>=</b><i>/path</i>]
<b>postmulti -e destroy</b> [<b>-v</b>] <b>-i</b> <i>name</i>
<b>postmulti -e assign</b> [<b>-v</b>] <b>-i</b> <i>name</i> [<b>-I</b> <i>name</i>] [-G <i>group</i>]
<b>DESCRIPTION</b>
- The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command allows a Postfix administrator to
- manage multiple Postfix instances on a single host.
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command allows a Postfix administrator to manage mul-
+ tiple Postfix instances on a single host.
- <a href="postmulti.1.html"><b>postmulti</b>(1)</a> implements two fundamental modes of opera-
- tion. In <b>iterator</b> mode, it executes the same command for
- multiple Postfix instances. In <b>life-cycle management</b>
- mode, it adds or deletes one instance, or changes the
- multi-instance status of one instance.
+ <a href="postmulti.1.html"><b>postmulti</b>(1)</a> implements two fundamental modes of operation. In <b>itera-</b>
+ <b>tor</b> mode, it executes the same command for multiple Postfix instances.
+ In <b>life-cycle management</b> mode, it adds or deletes one instance, or
+ changes the multi-instance status of one instance.
- Each mode of operation has its own command syntax. For
- this reason, each mode is documented in separate sections
- below.
+ Each mode of operation has its own command syntax. For this reason,
+ each mode is documented in separate sections below.
<b>BACKGROUND</b>
- A multi-instance configuration consists of one primary
- Postfix instance, and one or more secondary instances
- whose configuration directory pathnames are recorded in
- the primary instance's <a href="postconf.5.html">main.cf</a> file. Postfix instances
- share program files and documentation, but have their own
- configuration, queue and data directories.
-
- Currently, only the default Postfix instance can be used
- as primary instance in a multi-instance configuration. The
- <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command does not currently support a <b>-c</b>
- option to select an alternative primary instance, and
- exits with a fatal error if the <b>MAIL_CONFIG</b> environment
- variable is set to a non-default configuration directory.
-
- See the <a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a> tutorial for a more detailed
- discussion of multi-instance management with <a href="postmulti.1.html"><b>postmulti</b>(1)</a>.
+ A multi-instance configuration consists of one primary Postfix
+ instance, and one or more secondary instances whose configuration
+ directory pathnames are recorded in the primary instance's <a href="postconf.5.html">main.cf</a>
+ file. Postfix instances share program files and documentation, but have
+ their own configuration, queue and data directories.
+
+ Currently, only the default Postfix instance can be used as primary
+ instance in a multi-instance configuration. The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command
+ does not currently support a <b>-c</b> option to select an alternative primary
+ instance, and exits with a fatal error if the <b>MAIL_CONFIG</b> environment
+ variable is set to a non-default configuration directory.
+
+ See the <a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a> tutorial for a more detailed discussion
+ of multi-instance management with <a href="postmulti.1.html"><b>postmulti</b>(1)</a>.
<b>ITERATOR MODE</b>
- In iterator mode, <b>postmulti</b> performs the same operation on
- all Postfix instances in turn.
+ In iterator mode, <b>postmulti</b> performs the same operation on all Postfix
+ instances in turn.
- If multi-instance support is not enabled, the requested
- command is performed just for the primary instance.
+ If multi-instance support is not enabled, the requested command is per-
+ formed just for the primary instance.
Iterator mode implements the following command options:
<b>Instance selection</b>
- <b>-a</b> Perform the operation on all instances. This is the
- default.
+ <b>-a</b> Perform the operation on all instances. This is the default.
<b>-g</b> <i>group</i>
- Perform the operation only for members of the named
- <i>group</i>.
+ Perform the operation only for members of the named <i>group</i>.
<b>-i</b> <i>name</i>
- Perform the operation only for the instance with
- the specified <i>name</i>. You can specify either the
- instance name or the absolute pathname of the
- instance's configuration directory. Specify "-" to
- select the primary Postfix instance.
+ Perform the operation only for the instance with the specified
+ <i>name</i>. You can specify either the instance name or the absolute
+ pathname of the instance's configuration directory. Specify "-"
+ to select the primary Postfix instance.
- <b>-R</b> Reverse the iteration order. This may be appropri-
- ate when updating a multi-instance system, where
- "sink" instances are started before "source"
- instances.
+ <b>-R</b> Reverse the iteration order. This may be appropriate when updat-
+ ing a multi-instance system, where "sink" instances are started
+ before "source" instances.
This option cannot be used with <b>-p</b>.
<b>List mode</b>
- <b>-l</b> List Postfix instances with their instance name,
- instance group name, enable/disable status and con-
- figuration directory.
+ <b>-l</b> List Postfix instances with their instance name, instance group
+ name, enable/disable status and configuration directory.
<b>Postfix-wrapper mode</b>
- <b>-p</b> Invoke <a href="postfix.1.html"><b>postfix(1)</a></b> to execute the specified <i>command</i>.
- This option implements the <a href="postfix-wrapper.5.html"><b>postfix-wrapper</b>(5)</a>
- interface.
-
- <b>o</b> With "start"-like commands, "postfix check"
- is executed for instances that are not
- enabled. The full list of commands is speci-
- fied with the <a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a>
- parameter.
+ <b>-p</b> Invoke <a href="postfix.1.html"><b>postfix(1)</a></b> to execute the specified <i>command</i>. This option
+ implements the <a href="postfix-wrapper.5.html"><b>postfix-wrapper</b>(5)</a> interface.
- <b>o</b> With "stop"-like commands, the iteration
- order is reversed, and disabled instances
- are skipped. The full list of commands is
- specified with the <a href="postconf.5.html#postmulti_stop_commands">postmulti_stop_commands</a>
+ <b>o</b> With "start"-like commands, "postfix check" is executed
+ for instances that are not enabled. The full list of com-
+ mands is specified with the <a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a>
parameter.
- <b>o</b> With "reload" and other commands that
- require a started instance, disabled
- instances are skipped. The full list of com-
- mands is specified with the <a href="postconf.5.html#postmulti_control_commands">postmulti_con</a>-
- <a href="postconf.5.html#postmulti_control_commands">trol_commands</a> parameter.
+ <b>o</b> With "stop"-like commands, the iteration order is
+ reversed, and disabled instances are skipped. The full
+ list of commands is specified with the <a href="postconf.5.html#postmulti_stop_commands">post</a>-
+ <a href="postconf.5.html#postmulti_stop_commands">multi_stop_commands</a> parameter.
+
+ <b>o</b> With "reload" and other commands that require a started
+ instance, disabled instances are skipped. The full list
+ of commands is specified with the <a href="postconf.5.html#postmulti_control_commands">postmulti_control_com</a>-
+ <a href="postconf.5.html#postmulti_control_commands">mands</a> parameter.
- <b>o</b> With "status" and other commands that don't
- require a started instance, the command is
- executed for all instances.
+ <b>o</b> With "status" and other commands that don't require a
+ started instance, the command is executed for all
+ instances.
- The <b>-p</b> option can also be used interactively to
- start/stop/etc. a named instance or instance
- group. For example, to start just the instances in
- the group "msa", invoke <a href="postmulti.1.html"><b>postmulti</b>(1)</a> as follows:
+ The <b>-p</b> option can also be used interactively to start/stop/etc.
+ a named instance or instance group. For example, to start just
+ the instances in the group "msa", invoke <a href="postmulti.1.html"><b>postmulti</b>(1)</a> as fol-
+ lows:
# postmulti -g msa -p start
<b>Command mode</b>
- <b>-x</b> Execute the specified <i>command</i> for all Postfix
- instances. The command runs with appropriate envi-
- ronment settings for MAIL_CONFIG, <a href="postconf.5.html#command_directory">command_direc</a>-
- <a href="postconf.5.html#command_directory">tory</a>, <a href="postconf.5.html#daemon_directory">daemon_directory</a>, <a href="postconf.5.html#config_directory">config_directory</a>,
- <a href="postconf.5.html#queue_directory">queue_directory</a>, <a href="postconf.5.html#data_directory">data_directory</a>,
- <a href="postconf.5.html#multi_instance_name">multi_instance_name</a>, <a href="postconf.5.html#multi_instance_group">multi_instance_group</a> and
- <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>.
+ <b>-x</b> Execute the specified <i>command</i> for all Postfix instances. The
+ command runs with appropriate environment settings for MAIL_CON-
+ FIG, <a href="postconf.5.html#command_directory">command_directory</a>, <a href="postconf.5.html#daemon_directory">daemon_directory</a>, <a href="postconf.5.html#config_directory">config_directory</a>,
+ <a href="postconf.5.html#queue_directory">queue_directory</a>, <a href="postconf.5.html#data_directory">data_directory</a>, <a href="postconf.5.html#multi_instance_name">multi_instance_name</a>,
+ <a href="postconf.5.html#multi_instance_group">multi_instance_group</a> and <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a>.
<b>Other options</b>
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>LIFE-CYCLE MANAGEMENT MODE</b>
- With the <b>-e</b> option <a href="postmulti.1.html"><b>postmulti</b>(1)</a> can be used to add or
- delete a Postfix instance, and to manage the multi-
- instance status of an existing instance.
+ With the <b>-e</b> option <a href="postmulti.1.html"><b>postmulti</b>(1)</a> can be used to add or delete a Postfix
+ instance, and to manage the multi-instance status of an existing
+ instance.
The following options are implemented:
<b>Existing instance selection</b>
- <b>-a</b> When creating or importing an instance, place the
- new instance at the front of the secondary instance
- list.
+ <b>-a</b> When creating or importing an instance, place the new instance
+ at the front of the secondary instance list.
<b>-g</b> <i>group</i>
- When creating or importing an instance, place the
- new instance before the first secondary instance
- that is a member of the specified group.
+ When creating or importing an instance, place the new instance
+ before the first secondary instance that is a member of the
+ specified group.
<b>-i</b> <i>name</i>
- When creating or importing an instance, place the
- new instance before the matching secondary
- instance.
+ When creating or importing an instance, place the new instance
+ before the matching secondary instance.
- With other life-cycle operations, apply the opera-
- tion to the named existing instance. Specify "-"
- to select the primary Postfix instance.
+ With other life-cycle operations, apply the operation to the
+ named existing instance. Specify "-" to select the primary
+ Postfix instance.
<b>New or existing instance name assignment</b>
<b>-I</b> <i>name</i>
- Assign the specified instance <i>name</i> to an existing
- instance, newly-created instance, or imported
- instance. Instance names other than "-" (which
- makes the instance "nameless") must start with
- "postfix-". This restriction reduces the likeli-
- hood of name collisions with system files.
+ Assign the specified instance <i>name</i> to an existing instance,
+ newly-created instance, or imported instance. Instance names
+ other than "-" (which makes the instance "nameless") must start
+ with "postfix-". This restriction reduces the likelihood of
+ name collisions with system files.
<b>-G</b> <i>group</i>
- Assign the specified <i>group</i> name to an existing
- instance or to a newly created or imported
- instance.
+ Assign the specified <i>group</i> name to an existing instance or to a
+ newly created or imported instance.
<b>Instance creation/deletion/status change</b>
<b>-e</b> <i>action</i>
- "Edit" managed instances. The following actions are
- supported:
+ "Edit" managed instances. The following actions are supported:
- <b>init</b> This command is required before <a href="postmulti.1.html"><b>postmulti</b>(1)</a>
- can be used to manage Postfix instances.
- The "postmulti -e init" command updates the
- primary instance's <a href="postconf.5.html">main.cf</a> file by setting:
+ <b>init</b> This command is required before <a href="postmulti.1.html"><b>postmulti</b>(1)</a> can be used
+ to manage Postfix instances. The "postmulti -e init"
+ command updates the primary instance's <a href="postconf.5.html">main.cf</a> file by
+ setting:
<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> =
${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p --
<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes
- You can set these by other means if you pre-
- fer.
-
- <b>create</b> Create a new Postfix instance and add it to
- the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of
- the primary instance. The "<b>-I</b> <i>name</i>" option
- is recommended to give the instance a short
- name that is used to construct default val-
- ues for the private directories of the new
- instance. The "<b>-G</b> <i>group</i>" option may be spec-
- ified to assign the instance to a group,
- otherwise, the new instance is not a member
- of any groups.
-
- The new instance <a href="postconf.5.html">main.cf</a> is the stock
- <a href="postconf.5.html">main.cf</a> with the parameters that specify the
- locations of shared files cloned from the
- primary instance. For "nameless" instances,
- you should manually adjust "<a href="postconf.5.html#syslog_name">syslog_name</a>" to
- yield a unique "logtag" starting with "post-
- fix-" that will uniquely identify the
- instance in the mail logs. It is simpler to
- assign the instance a short name with the
+ You can set these by other means if you prefer.
+
+ <b>create</b> Create a new Postfix instance and add it to the
+ <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the primary
+ instance. The "<b>-I</b> <i>name</i>" option is recommended to give
+ the instance a short name that is used to construct
+ default values for the private directories of the new
+ instance. The "<b>-G</b> <i>group</i>" option may be specified to
+ assign the instance to a group, otherwise, the new
+ instance is not a member of any groups.
+
+ The new instance <a href="postconf.5.html">main.cf</a> is the stock <a href="postconf.5.html">main.cf</a> with the
+ parameters that specify the locations of shared files
+ cloned from the primary instance. For "nameless"
+ instances, you should manually adjust "<a href="postconf.5.html#syslog_name">syslog_name</a>" to
+ yield a unique "logtag" starting with "postfix-" that
+ will uniquely identify the instance in the mail logs. It
+ is simpler to assign the instance a short name with the
"<b>-I</b> <i>name</i>" option.
- Optional "name=value" arguments specify the
- instance <a href="postconf.5.html#config_directory">config_directory</a>, <a href="postconf.5.html#queue_directory">queue_directory</a>
- and <a href="postconf.5.html#data_directory">data_directory</a>. For example:
+ Optional "name=value" arguments specify the instance <a href="postconf.5.html#config_directory">con</a>-
+ <a href="postconf.5.html#config_directory">fig_directory</a>, <a href="postconf.5.html#queue_directory">queue_directory</a> and <a href="postconf.5.html#data_directory">data_directory</a>. For
+ example:
# postmulti -I postfix-mumble \
-G mygroup -e create \
<a href="postconf.5.html#queue_directory">queue_directory</a>=/my/queue/dir \
<a href="postconf.5.html#data_directory">data_directory</a>=/my/data/dir
- If any of these pathnames is not supplied,
- the program attempts to generate the path-
- name by taking the corresponding primary
- instance pathname, and by replacing the last
- pathname component by the value of the <b>-I</b>
- option.
-
- If the instance configuration directory
- already exists, and contains both a <a href="postconf.5.html">main.cf</a>
- and <a href="master.5.html">master.cf</a> file, <b>create</b> will "import" the
- instance as-is. For existing instances, <b>cre-</b>
- <b>ate</b> and <b>import</b> are identical.
-
- <b>import</b> Import an existing instance into the list of
- instances managed by the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> multi-
- instance manager. This adds the instance to
- the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> list of the
- primary instance. If the "<b>-I</b> <i>name</i>" option
- is provided it specifies the new name for
- the instance and is used to define a default
- location for the instance configuration
- directory (as with <b>create</b> above). The "<b>-G</b>
- <i>group</i>" option may be used to assign the
- instance to a group. Add a "<b><a href="postconf.5.html#config_directory">config_direc</a>-</b>
- <b><a href="postconf.5.html#config_directory">tory</a>=</b><i>/path</i>" argument to override a default
- pathname based on "<b>-I</b> <i>name</i>".
+ If any of these pathnames is not supplied, the program
+ attempts to generate the pathname by taking the corre-
+ sponding primary instance pathname, and by replacing the
+ last pathname component by the value of the <b>-I</b> option.
+
+ If the instance configuration directory already exists,
+ and contains both a <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> file, <b>create</b>
+ will "import" the instance as-is. For existing instances,
+ <b>create</b> and <b>import</b> are identical.
+
+ <b>import</b> Import an existing instance into the list of instances
+ managed by the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> multi-instance manager. This
+ adds the instance to the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> list
+ of the primary instance. If the "<b>-I</b> <i>name</i>" option is pro-
+ vided it specifies the new name for the instance and is
+ used to define a default location for the instance con-
+ figuration directory (as with <b>create</b> above). The "<b>-G</b>
+ <i>group</i>" option may be used to assign the instance to a
+ group. Add a "<b><a href="postconf.5.html#config_directory">config_directory</a>=</b><i>/path</i>" argument to over-
+ ride a default pathname based on "<b>-I</b> <i>name</i>".
<b>destroy</b>
- Destroy a secondary Postfix instance. To be
- a candidate for destruction an instance must
- be disabled, stopped and its queue must not
- contain any messages. Attempts to destroy
- the primary Postfix instance trigger a fatal
+ Destroy a secondary Postfix instance. To be a candidate
+ for destruction an instance must be disabled, stopped and
+ its queue must not contain any messages. Attempts to
+ destroy the primary Postfix instance trigger a fatal
error, without destroying the instance.
- The instance is removed from the primary
- instance <a href="postconf.5.html">main.cf</a> file's <a href="postconf.5.html#alternate_config_directories">alternate_con</a>-
- <a href="postconf.5.html#alternate_config_directories">fig_directories</a> parameter and its data,
- queue and configuration directories are
- cleaned of files and directories created by
- the Postfix system. The <a href="postconf.5.html">main.cf</a> and mas-
- ter.cf files are removed from the configura-
- tion directory even if they have been modi-
- fied since initial creation. Finally, the
- instance is "deported" from the list of man-
- aged instances.
-
- If other files are present in instance pri-
- vate directories, the directories may not be
- fully removed, a warning is logged to alert
- the administrator. It is expected that an
- instance built using "fresh" directories via
- the <b>create</b> action will be fully removed by
- the <b>destroy</b> action (if first disabled). If
- the instance configuration and queue direc-
- tories are populated with additional files
- (access and rewriting tables, chroot jail
- content, etc.) the instance directories will
- not be fully removed.
-
- The <b>destroy</b> action triggers potentially dan-
- gerous file removal operations. Make sure
- the instance's data, queue and configuration
- directories are set correctly and do not
- contain any valuable files.
-
- <b>deport</b> Deport a secondary instance from the list of
- managed instances. This deletes the instance
- configuration directory from the primary
- instance's <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> list,
- but does not remove any files or directo-
- ries.
-
- <b>assign</b> Assign a new instance name or a new group
- name to the selected instance. Use "<b>-G -</b>"
- to specify "no group" and "<b>-I -</b>" to specify
- "no name". If you choose to make an
- instance "nameless", set a suitable sys-
- log_name in the corresponding <a href="postconf.5.html">main.cf</a> file.
-
- <b>enable</b> Mark the selected instance as enabled. This
- just sets the <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> parame-
- ter to "yes" in the instance's <a href="postconf.5.html">main.cf</a> file.
+ The instance is removed from the primary instance <a href="postconf.5.html">main.cf</a>
+ file's <a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> parameter and its
+ data, queue and configuration directories are cleaned of
+ files and directories created by the Postfix system. The
+ <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> files are removed from the configu-
+ ration directory even if they have been modified since
+ initial creation. Finally, the instance is "deported"
+ from the list of managed instances.
+
+ If other files are present in instance private directo-
+ ries, the directories may not be fully removed, a warning
+ is logged to alert the administrator. It is expected that
+ an instance built using "fresh" directories via the <b>cre-</b>
+ <b>ate</b> action will be fully removed by the <b>destroy</b> action
+ (if first disabled). If the instance configuration and
+ queue directories are populated with additional files
+ (access and rewriting tables, chroot jail content, etc.)
+ the instance directories will not be fully removed.
+
+ The <b>destroy</b> action triggers potentially dangerous file
+ removal operations. Make sure the instance's data, queue
+ and configuration directories are set correctly and do
+ not contain any valuable files.
+
+ <b>deport</b> Deport a secondary instance from the list of managed
+ instances. This deletes the instance configuration direc-
+ tory from the primary instance's <a href="postconf.5.html#multi_instance_directories">multi_instance_directo</a>-
+ <a href="postconf.5.html#multi_instance_directories">ries</a> list, but does not remove any files or directories.
+
+ <b>assign</b> Assign a new instance name or a new group name to the
+ selected instance. Use "<b>-G -</b>" to specify "no group" and
+ "<b>-I -</b>" to specify "no name". If you choose to make an
+ instance "nameless", set a suitable <a href="postconf.5.html#syslog_name">syslog_name</a> in the
+ corresponding <a href="postconf.5.html">main.cf</a> file.
+
+ <b>enable</b> Mark the selected instance as enabled. This just sets the
+ <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> parameter to "yes" in the
+ instance's <a href="postconf.5.html">main.cf</a> file.
<b>disable</b>
- Mark the selected instance as disabled. This
- means that the instance will not be started
- etc. with "postfix start", "postmulti -p
- start" and so on. The instance can still be
- started etc. with "postfix -c config-direc-
- tory start".
+ Mark the selected instance as disabled. This means that
+ the instance will not be started etc. with "postfix
+ start", "postmulti -p start" and so on. The instance can
+ still be started etc. with "postfix -c config-directory
+ start".
<b>Other options</b>
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>ENVIRONMENT</b>
- The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command exports the following environment
- variables before executing the requested <i>command</i> for a
- given instance:
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command exports the following environment variables
+ before executing the requested <i>command</i> for a given instance:
<b>MAIL_VERBOSE</b>
- This is set when the -v command-line option is
- present.
+ This is set when the -v command-line option is present.
<b>MAIL_CONFIG</b>
- The location of the configuration directory of the
- instance.
+ The location of the configuration directory of the instance.
<b>CONFIGURATION PARAMETERS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
- process will import from a non-Postfix parent
- process.
+ The list of environment parameters that a Postfix process will
+ import from a non-Postfix parent process.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configura-
- tion directories; these directories belong to addi-
- tional Postfix instances that share the Postfix
- executable files and documentation with the default
- Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b><a href="postconf.5.html#multi_instance_group">multi_instance_group</a> (empty)</b>
- The optional instance group name of this Postfix
- instance.
+ The optional instance group name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_name">multi_instance_name</a> (empty)</b>
- The optional instance name of this Postfix
- instance.
+ The optional instance name of this Postfix instance.
<b><a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> (no)</b>
- Allow this Postfix instance to be started, stopped,
- etc., by a multi-instance manager.
+ Allow this Postfix instance to be started, stopped, etc., by a
+ multi-instance manager.
<b><a href="postconf.5.html#postmulti_start_commands">postmulti_start_commands</a> (start)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>
- instance manager treats as "start" commands.
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "start" commands.
<b><a href="postconf.5.html#postmulti_stop_commands">postmulti_stop_commands</a> (see 'postconf -d' output)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>
- instance manager treats as "stop" commands.
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "stop" commands.
<b><a href="postconf.5.html#postmulti_control_commands">postmulti_control_commands</a> (reload flush)</b>
- The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a>
- instance manager treats as "control" commands, that
- operate on running instances.
+ The <a href="postfix.1.html"><b>postfix</b>(1)</a> commands that the <a href="postmulti.1.html"><b>postmulti</b>(1)</a> instance manager
+ treats as "control" commands, that operate on running instances.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
$<a href="postconf.5.html#daemon_directory">daemon_directory</a>/<a href="postconf.5.html">main.cf</a>, stock configuration file
<a href="MULTI_INSTANCE_README.html">MULTI_INSTANCE_README</a>, Postfix multi-instance management
<b>HISTORY</b>
- The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command was introduced with Postfix ver-
- sion 2.6.
+ The <a href="postmulti.1.html"><b>postmulti</b>(1)</a> command was introduced with Postfix version 2.6.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Victor Duchovni
<b>postqueue</b> [<b>-v</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] <b>-s</b> <i>site</i>
<b>DESCRIPTION</b>
- The <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command implements the Postfix user
- interface for queue management. It implements operations
- that are traditionally available via the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> com-
- mand. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command for queue operations
- that require super-user privileges such as deleting a mes-
- sage from the queue or changing the status of a message.
+ The <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command implements the Postfix user interface for
+ queue management. It implements operations that are traditionally
+ available via the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command. See the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command
+ for queue operations that require super-user privileges such as delet-
+ ing a message from the queue or changing the status of a message.
The following options are recognized:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory. See also the MAIL_CONFIG environment
- setting below.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
- <b>-f</b> Flush the queue: attempt to deliver all queued
- mail.
+ <b>-f</b> Flush the queue: attempt to deliver all queued mail.
- This option implements the traditional "<b>sendmail</b>
- <b>-q</b>" command, by contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> dae-
- mon.
+ This option implements the traditional "<b>sendmail -q</b>" command, by
+ contacting the Postfix <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
- Warning: flushing undeliverable mail frequently
- will result in poor delivery performance of all
- other mail.
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
<b>-i</b> <i>queue</i><b>_</b><i>id</i>
- Schedule immediate delivery of deferred mail with
- the specified queue ID.
+ Schedule immediate delivery of deferred mail with the specified
+ queue ID.
- This option implements the traditional <b>sendmail -qI</b>
- co
mmand, by contacting the <a href="flush.8.html"><b>flush</b>(8)</a> server.
+ This option implements the traditional <b>sendmail -qI</b> command, by
+ contacting the <a href="flush.8.html"><b>flush</b>(8)</a> server.
- This feature is available with Postfix version 2.4
- and later.
+ This feature is available with Postfix version 2.4 and later.
- <b>-p</b> Produce a traditional sendmail-style queue listing.
- This option implements the traditional <b>mailq</b> com-
-
mand, by contacting the Postfix <a href="showq.8.html"><b>showq</b>(8)</a> daemon.
+ <b>-p</b> Produce a traditional sendmail-style queue listing. This option
+ implements the traditional <b>mailq</b> command, by contacting the
+ Postfix <a href="showq.8.html"><b>showq</b>(8)</a> daemon.
- Each queue entry shows the queue file ID, message
- size, arrival time, sender, and the recipients that
- still need to be delivered. If mail could not be
- delivered upon the last attempt, the reason for
- failure is shown. The queue ID string is followed
- by an optional status character:
+ Each queue entry shows the queue file ID, message size, arrival
+ time, sender, and the recipients that still need to be deliv-
+ ered. If mail could not be delivered upon the last attempt, the
+ reason for failure is shown. The queue ID string is followed by
+ an optional status character:
- <b>*</b> The message is in the <b>active</b> queue, i.e. the
- message is selected for delivery.
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no
- further delivery attempt will be made until
- the mail is taken off hold.
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
<b>-s</b> <i>site</i>
- Schedule immediate delivery of all mail that is
- queued for the named <i>site</i>. A numerical site must be
- specified as a valid <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> address literal
- enclosed in [], just like in email addresses. The
- site must be eligible for the "fast flush" service.
- See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast
- flush" service.
-
- This option implements the traditional "<b>sendmail</b>
- <b>-qR</b><i>site</i>" command, by contacting the Postfix
- <a href="flush.8.html"><b>flush</b>(8)</a> daemon.
-
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose. As of Postfix 2.3, this option is avail-
- able for the super-user only.
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. A numerical site must be specified as a valid <a href="http://tools.ietf.org/html/rfc5321">RFC</a>
+ <a href="http://tools.ietf.org/html/rfc5321">5321</a> address literal enclosed in [], just like in email
+ addresses. The site must be eligible for the "fast flush" ser-
+ vice. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast flush"
+ service.
+
+ This option implements the traditional "<b>sendmail -qR</b><i>site</i>" com-
+ mand, by contacting the Postfix <a href="flush.8.html"><b>flush</b>(8)</a> daemon.
+
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose. As of Postfix
+ 2.3, this option is available for the super-user only.
<b>SECURITY</b>
- This program is designed to run with set-group ID privi-
- leges, so that it can connect to Postfix daemon processes.
+ This program is designed to run with set-group ID privileges, so that
+ it can connect to Postfix daemon processes.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
- error stream.
+ Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
<b>ENVIRONMENT</b>
MAIL_CONFIG
- Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid
- exploitation of set-group ID privileges, a non-
- standard directory is allowed only if:
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-standard directory is allowed
+ only if:
- <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a>
- file with the <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b>
- configuration parameter.
+ <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
- A list of non-default Postfix configuration direc-
- tories that may be specified with "-c <a href="postconf.5.html#config_directory">config_direc</a>-
- <a href="postconf.5.html#config_directory">tory</a>" on the command line, or via the MAIL_CONFIG
- environment parameter.
+ A list of non-default Postfix configuration directories that may
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line, or
+ via the MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for
- per-destination logfiles with mail that is queued
- to those destinations.
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a Postfix
- process will import from a non-Postfix parent
- process.
+ The list of environment parameters that a Postfix process will
+ import from a non-Postfix parent process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
- The time limit for sending a trigger to a Postfix
- daemon (for example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> dae-
- mon).
+ The time limit for sending a trigger to a Postfix daemon (for
+ example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to flush the
- queue.
+ List of users who are authorized to flush the queue.
<b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
List of users who are authorized to view the queue.
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- The postqueue command was introduced with Postfix version
- 1.1.
+ The postqueue command was introduced with Postfix version 1.1.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postscreen</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server provides additional pro-
- tection against mail server overload. One <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- process handles multiple inbound SMTP connections, and
- decides which clients may talk to a Postfix SMTP server
- process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> leaves
- more SMTP server processes available for legitimate
- clients, and delays the onset of server overload condi-
- tions.
-
- This program should not be used on SMTP ports that receive
- mail from end-user clients (MUAs). In a typical deploy-
- ment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles the MX service on TCP port 25,
- while MUA clients submit mail via the <b>submission</b> service
- on TCP port 587 which requires client authentication.
- Alternatively, a site could set up a dedicated, non-
- postscreen, "port 25" server that provides <b>submission</b> ser-
- vice and client authentication, but no MX service.
-
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> maintains a temporary whitelist for clients
- that have passed a number of tests. When an SMTP client
- IP address is whitelisted, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off the
- connection immediately to a Postfix SMTP server process.
- This minimizes the overhead for legitimate mail.
-
- By default, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs statistics and hands off
- every connection to a Postfix SMTP server process, while
- excluding clients in <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily,
- to avoid problems with non-standard SMTP implementations
- in network appliances). This mode is useful for non-
- destructive testing.
-
- In a typical production setting, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is config-
- ured to reject mail from clients that fail one or more
- tests. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs rejected mail with the client
- address, helo, sender and recipient information.
-
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is not an SMTP proxy; this is intentional.
- The purpose is to keep spambots away from Postfix SMTP
- server processes, while minimizing overhead for legitimate
- traffic.
+ The Postfix <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server provides additional protection against
+ mail server overload. One <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process handles multiple
+ inbound SMTP connections, and decides which clients may talk to a Post-
+ fix SMTP server process. By keeping spambots away, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ leaves more SMTP server processes available for legitimate clients, and
+ delays the onset of server overload conditions.
+
+ This program should not be used on SMTP ports that receive mail from
+ end-user clients (MUAs). In a typical deployment, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> handles
+ the MX service on TCP port 25, while MUA clients submit mail via the
+ <b>submission</b> service on TCP port 587 which requires client authentica-
+ tion. Alternatively, a site could set up a dedicated, non-postscreen,
+ "port 25" server that provides <b>submission</b> service and client authenti-
+ cation, but no MX service.
+
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> maintains a temporary whitelist for clients that have
+ passed a number of tests. When an SMTP client IP address is
+ whitelisted, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off the connection immediately to a
+ Postfix SMTP server process. This minimizes the overhead for legitimate
+ mail.
+
+ By default, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs statistics and hands off every connec-
+ tion to a Postfix SMTP server process, while excluding clients in
+ <a href="postconf.5.html#mynetworks">mynetworks</a> from all tests (primarily, to avoid problems with non-stan-
+ dard SMTP implementations in network appliances). This mode is useful
+ for non-destructive testing.
+
+ In a typical production setting, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to reject
+ mail from clients that fail one or more tests. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> logs
+ rejected mail with the client address, helo, sender and recipient
+ information.
+
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is not an SMTP proxy; this is intentional. The purpose
+ is to keep spambots away from Postfix SMTP server processes, while min-
+ imizing overhead for legitimate traffic.
<b>SECURITY</b>
- The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server is moderately security-sensitive.
- It talks to untrusted clients on the network. The process
- can be run chrooted at fixed low privilege.
+ The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server is moderately security-sensitive. It talks to
+ untrusted clients on the network. The process can be run chrooted at
+ fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently
- does not announce support for AUTH, XCLIENT or XFORWARD.
- If you need to make these services available on port 25,
- then do not enable the optional "after 220 server greet-
- ing" tests, and do not use DNSBLs that reject traffic from
- dial-up and residential networks.
-
- The optional "after 220 server greeting" tests involve
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine. When these
- tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> adds the client to the tempo-
- rary whitelist, but it cannot not hand off the "live" con-
- nection to a Postfix SMTP server process in the middle of
- a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to
- deliver mail with a 4XX status, and waits for the client
- to disconnect. When the client connects again,
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Postfix
- SMTP server process (provided that the whitelist status
- has not expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of
- this limitation by giving the "after 220 server greeting"
- tests a long expiration time.
+ The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently does not
+ announce support for AUTH, XCLIENT or XFORWARD. If you need to make
+ these services available on port 25, then do not enable the optional
+ "after 220 server greeting" tests, and do not use DNSBLs that reject
+ traffic from dial-up and residential networks.
+
+ The optional "after 220 server greeting" tests involve <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
+ built-in SMTP protocol engine. When these tests succeed, <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ adds the client to the temporary whitelist, but it cannot not hand off
+ the "live" connection to a Postfix SMTP server process in the middle of
+ a session. Instead, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> defers attempts to deliver mail with
+ a 4XX status, and waits for the client to disconnect. When the client
+ connects again, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will allow the client to talk to a Post-
+ fix SMTP server process (provided that the whitelist status has not
+ expired). <a href="postscreen.8.html"><b>postscreen</b>(8)</a> mitigates the impact of this limitation by
+ giving the "after 220 server greeting" tests a long expiration time.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> processes may run for several hours. Use
- the command "postfix reload" after a configuration change.
+ Changes to <a href="postconf.5.html">main.cf</a> are not picked up automatically, as <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ processes may run for several hours. Use the command "postfix reload"
+ after a configuration change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
- NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-
- dependent behavior. This is supported only when the
- default parameter value is stress-dependent (that is, it
- looks like ${stress?X}${stress:Y}, or it is the $<i>name</i> of
- an smtpd parameter with a stress-dependent default).
- Other parameters always evaluate as if the <b>stress</b> parame-
- ter value is the empty string.
+ NOTE: Some <a href="postscreen.8.html"><b>postscreen</b>(8)</a> parameters implement stress-dependent behav-
+ ior. This is supported only when the default parameter value is
+ stress-dependent (that is, it looks like ${stress?X}${stress:Y}, or it
+ is the $<i>name</i> of an smtpd parameter with a stress-dependent default).
+ Other parameters always evaluate as if the <b>stress</b> parameter value is
+ the empty string.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#postscreen_command_filter">postscreen_command_filter</a> ($<a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a>)</b>
- A mechanism to transform commands from remote SMTP
- clients.
-
- <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_dis</a>-</b>
- <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">card_ehlo_keyword_address_maps</a>)</b>
- Lookup tables, indexed by the remote SMTP client
- address, with case insensitive lists of EHLO key-
- words (pipelining, starttls, auth, etc.) that the
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the EHLO
- response to a remote SMTP client.
-
- <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_key</a>-</b>
- <b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">words</a>)</b>
- A case insensitive list of EHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- server will not send in the EHLO response to a
- remote SMTP client.
+ A mechanism to transform commands from remote SMTP clients.
+
+ <b><a href="postconf.5.html#postscreen_discard_ehlo_keyword_address_maps">postscreen_discard_ehlo_keyword_address_maps</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_key</a>-</b>
+ <b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">word_address_maps</a>)</b>
+ Lookup tables, indexed by the remote SMTP client address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
+ EHLO response to a remote SMTP client.
+
+ <b><a href="postconf.5.html#postscreen_discard_ehlo_keywords">postscreen_discard_ehlo_keywords</a> ($<a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>)</b>
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server will not send in the
+ EHLO response to a remote SMTP client.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#postscreen_expansion_filter">postscreen_expansion_filter</a> (see 'postconf -d' output)</b>
- List of characters that are permitted in
+ List of characters that are permitted in
<a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> attribute expansions.
<b><a href="postconf.5.html#postscreen_reject_footer">postscreen_reject_footer</a> ($<a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a>)</b>
- Optional information that is appended after a 4XX
-
or 5XX <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
+ Optional information that is appended after a 4XX or 5XX
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server response.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise
- be returned to the sender.
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
<b>BEFORE-POSTSCREEN PROXY AGENT</b>
Available in Postfix version 2.10 and later:
<b><a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> (empty)</b>
- The name of the proxy protocol used by an optional
- before-postscreen proxy agent.
+ The name of the proxy protocol used by an optional before-
+ postscreen proxy agent.
<b><a href="postconf.5.html#postscreen_upstream_proxy_timeout">postscreen_upstream_proxy_timeout</a> (5s)</b>
- The time limit for the proxy protocol specified
- with the <a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parame-
- ter.
+ The time limit for the proxy protocol specified with the
+ <a href="postconf.5.html#postscreen_upstream_proxy_protocol">postscreen_upstream_proxy_protocol</a> parameter.
<b>PERMANENT WHITE/BLACKLIST TEST</b>
- This test is executed immediately after a remote SMTP
- client connects. If a client is permanently whitelisted,
- the client will be handed off immediately to a Postfix
- SMTP server process.
+ This test is executed immediately after a remote SMTP client connects.
+ If a client is permanently whitelisted, the client will be handed off
+ immediately to a Postfix SMTP server process.
<b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
- Permanent white/blacklist for remote SMTP client IP
- addresses.
+ Permanent white/blacklist for remote SMTP client IP addresses.
<b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client is permanently blacklisted with the
- <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parameter.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client is
+ permanently blacklisted with the <a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> parame-
+ ter.
<b>MAIL EXCHANGER POLICY TESTS</b>
- When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to monitor all primary
- and backup MX addresses, it can refuse to whitelist
- clients that connect to a backup MX address only. For
- small sites, this requires configuring primary and backup
- MX addresses on the same MTA. Larger sites would have to
- share the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup
- MTAs, which would introduce a common point of failure.
+ When <a href="postscreen.8.html"><b>postscreen</b>(8)</a> is configured to monitor all primary and backup MX
+ addresses, it can refuse to whitelist clients that connect to a backup
+ MX address only. For small sites, this requires configuring primary and
+ backup MX addresses on the same MTA. Larger sites would have to share
+ the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache between primary and backup MTAs, which would
+ introduce a common point of failure.
<b><a href="postconf.5.html#postscreen_whitelist_interfaces">postscreen_whitelist_interfaces</a> (<a href="DATABASE_README.html#types">static</a>:all)</b>
- A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses
- where a non-whitelisted remote SMTP client can
- obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s temporary whitelist status.
+ A list of local <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server IP addresses where a non-
+ whitelisted remote SMTP client can obtain <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s tempo-
+ rary whitelist status.
<b>BEFORE 220 GREETING TESTS</b>
- These tests are executed before the remote SMTP client
- receives the "220 servername" greeting. If no tests remain
- after the successful completion of this phase, the client
- will be handed off immediately to a Postfix SMTP server
- process.
+ These tests are executed before the remote SMTP client receives the
+ "220 servername" greeting. If no tests remain after the successful com-
+ pletion of this phase, the client will be handed off immediately to a
+ Postfix SMTP server process.
<b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
- The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in <a href="master.5.html">mas-
- ter.cf</a>.
+ The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client's combined DNSBL score is equal to or
- greater than a threshold (as defined with the
- <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
- <a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client's
+ combined DNSBL score is equal to or greater than a threshold (as
+ defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and
+ <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> parameters).
<b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
- A mapping from actual DNSBL domain name which
- includes a secret password, to the DNSBL domain
- name that postscreen will reply with when it
- rejects mail.
+ A mapping from actual DNSBL domain name which includes a secret
+ password, to the DNSBL domain name that postscreen will reply
+ with when it rejects mail.
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
- Optional list of DNS white/blacklist domains, fil-
- ters and weight factors.
+ Optional list of DNS white/blacklist domains, filters and weight
+ factors.
<b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
- The inclusive lower bound for blocking a remote
- SMTP client, based on its combined DNSBL score as
-
defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+ The inclusive lower bound for blocking a remote SMTP client,
+ based on its combined DNSBL score as defined with the
+ <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
<b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client speaks before its turn within the time
-
specified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ speaks before its turn within the time specified with the
+ <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
<b><a href="postconf.5.html#postscreen_greet_banner">postscreen_greet_banner</a> ($<a href="postconf.5.html#smtpd_banner">smtpd_banner</a>)</b>
- The <i>text</i> in the optional "220-<i>text</i>..." server
- response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
- Postfix SMTP server's "220 text..." response, in an
- attempt to confuse bad SMTP clients so that they
- speak before their turn (pre-greet).
+ The <i>text</i> in the optional "220-<i>text</i>..." server response that
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real Postfix SMTP server's "220
+ text..." response, in an attempt to confuse bad SMTP clients so
+ that they speak before their turn (pre-greet).
<b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
- an SMTP client to send a command before its turn,
- and for DNS blocklist lookup results to arrive
- (default: up to 2 seconds under stress, up to 6
- seconds otherwise).
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for an SMTP
+ client to send a command before its turn, and for DNS blocklist
+ lookup results to arrive (default: up to 2 seconds under stress,
+ up to 6 seconds otherwise).
<b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
- The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off
- allowed connections to.
+ The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> hands off allowed con-
+ nections to.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">postscreen_dnsbl_whitelist_threshold</a> (0)</b>
- Allow a remote SMTP client to skip "before" and
- "after 220 greeting" protocol tests, based on its
- combined DNSBL score as defined with the
- <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+ Allow a remote SMTP client to skip "before" and "after 220
+ greeting" protocol tests, based on its combined DNSBL score as
+ defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
<b>AFTER 220 GREETING TESTS</b>
- These tests are executed after the remote SMTP client
- receives the "220 servername" greeting. If a client passes
- all tests during this phase, it will receive a 4XX
- response to all RCPT TO commands. After the client recon-
- nects, it will be allowed to talk directly to a Postfix
+ These tests are executed after the remote SMTP client receives the "220
+ servername" greeting. If a client passes all tests during this phase,
+ it will receive a 4XX response to all RCPT TO commands. After the
+ client reconnects, it will be allowed to talk directly to a Postfix
SMTP server process.
<b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client sends a bare newline character, that
- is, a newline not preceded by carriage return.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends a bare newline character, that is, a newline not preceded
+ by carriage return.
<b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
- Enable "bare newline" SMTP protocol tests in the
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+ Enable "bare newline" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ server.
<b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
- Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- daemon.
+ Disable the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
<b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
- List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server con-
- siders in violation of the SMTP protocol.
+ List of commands that the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server considers in vio-
+ lation of the SMTP protocol.
<b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
- Require that a remote SMTP client sends HELO or
- EHLO before commencing a MAIL transaction.
+ Require that a remote SMTP client sends HELO or EHLO before com-
+ mencing a MAIL transaction.
<b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client sends non-SMTP commands as specified
- with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends non-SMTP commands as specified with the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbid</a>-
+ <a href="postconf.5.html#postscreen_forbidden_commands">den_commands</a> parameter.
<b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
- Enable "non-SMTP command" tests in the
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+ Enable "non-SMTP command" tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote
- SMTP client sends multiple commands instead of
- sending one command and waiting for the server to
- respond.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when a remote SMTP client
+ sends multiple commands instead of sending one command and wait-
+ ing for the server to respond.
<b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
- Enable "pipelining" SMTP protocol tests in the
- <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
+ Enable "pipelining" SMTP protocol tests in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ server.
<b>CACHE CONTROLS</b>
<b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
- The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
- cleanup runs.
+ The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache cleanup runs.
- <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (<a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_direc</a>-</b>
- <b><a href="postconf.5.html#data_directory">tory</a>/postscreen_cache)</b>
- Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
- decisions.
+ <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (<a href="DATABASE_README.html#types">btree</a>:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b>
+ Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server decisions.
<b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
- expired temporary whitelist entry before it is
- removed.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an expired tem-
+ porary whitelist entry before it is removed.
<b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful "bare newline" SMTP proto-
- col test.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "bare newline" SMTP protocol test.
<b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful DNS blocklist test.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful DNS blocklist test.
<b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful PREGREET test.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful PREGREET test.
<b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful "non_smtp_command" SMTP
- protocol test.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "non_smtp_command" SMTP protocol test.
<b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful "pipelining" SMTP protocol
- test.
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the result from a
+ successful "pipelining" SMTP protocol test.
<b>RESOURCE CONTROLS</b>
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
- are reconstructed.
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
- <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
- <b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
- How many simultaneous connections any remote SMTP
- client is allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- daemon.
+ <b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a> ($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connec</a>-</b>
+ <b><a href="postconf.5.html#smtpd_client_connection_count_limit">tion_count_limit</a>)</b>
+ How many simultaneous connections any remote SMTP client is
+ allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
<b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
- The limit on the total number of commands per SMTP
- session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
- engine.
+ The limit on the total number of commands per SMTP session for
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
<b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
- The time limit to read an entire command line with
+ The time limit to read an entire command line with
<a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol engine.
<b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
- The number of clients that can be waiting for ser-
- vice from a real Postfix SMTP server process.
+ The number of clients that can be waiting for service from a
+ real Postfix SMTP server process.
<b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
- The number of non-whitelisted clients that can be
- waiting for a decision whether they will receive
- service from a real Postfix SMTP server process.
+ The number of non-whitelisted clients that can be waiting for a
+ decision whether they will receive service from a real Postfix
+ SMTP server process.
<b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
- How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
- respond to a remote SMTP client command or to per-
- form a cache operation before it is terminated by a
- built-in watchdog timer.
+ How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to respond to a
+ remote SMTP client command or to perform a cache operation
+ before it is terminated by a built-in watchdog timer.
<b>STARTTLS CONTROLS</b>
<b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
- The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- server; when a non-empty value is specified, this
- overrides the obsolete parameters
- <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
+ The SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server; when a
+ non-empty value is specified, this overrides the obsolete param-
+ eters <a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
<b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
- The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in <a href="master.5.html">mas-
- ter.cf</a>.
+ The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
- These parameters are supported for compatibility with
- <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
+ These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
+ parameters.
<b><a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
- Opportunistic TLS: announce STARTTLS support to
- remote SMTP clients, but do not require that
- clients use TLS encryption.
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
<b><a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
- Mandatory TLS: announce STARTTLS support to remote
- SMTP clients, and require that clients use TLS
- encryption.
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="POSTSCREEN_README.html">POSTSCREEN_README</a>, Postfix Postscreen Howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.8.
- Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work
- by Michael Tokarev, in OpenBSD spamd, and in MailChannels
- Traffic Control.
+ Many ideas in <a href="postscreen.8.html"><b>postscreen</b>(8)</a> were explored in earlier work by Michael
+ Tokarev, in OpenBSD spamd, and in MailChannels Traffic Control.
<b>AUTHOR(S)</b>
Wietse Venema
[<b>-r</b> <i>queue</i><b>_</b><i>id</i>] [<i>directory ...</i>]
<b>DESCRIPTION</b>
- The <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command does maintenance jobs on the
- Postfix queue. Use of the command is restricted to the
- superuser. See the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command for unprivileged
- queue operations such as listing or flushing the mail
- queue.
-
- By default, <a href="postsuper.1.html"><b>postsuper</b>(1)</a> performs the operations requested
- with the <b>-s</b> and <b>-p</b> command-line options on all Postfix
- queue directories - this includes the <b>incoming</b>, <b>active</b> and
- <b>deferred</b> directories with mail files and the <b>bounce</b>,
- <b>defer</b>, <b>trace</b> and <b>flush</b> directories with log files.
+ The <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command does maintenance jobs on the Postfix queue.
+ Use of the command is restricted to the superuser. See the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command for unprivileged queue operations such as listing
+ or flushing the mail queue.
+
+ By default, <a href="postsuper.1.html"><b>postsuper</b>(1)</a> performs the operations requested with the <b>-s</b>
+ and <b>-p</b> command-line options on all Postfix queue directories - this
+ includes the <b>incoming</b>, <b>active</b> and <b>deferred</b> directories with mail files
+ and the <b>bounce</b>, <b>defer</b>, <b>trace</b> and <b>flush</b> directories with log files.
Options:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory. See also the MAIL_CONFIG environment
- setting below.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory. See also the MAIL_CONFIG
+ environment setting below.
<b>-d</b> <i>queue</i><b>_</b><i>id</i>
- Delete one message with the named queue ID from the
- named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
- <b>active</b> and <b>deferred</b>).
+ Delete one message with the named queue ID from the named mail
+ queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>).
- If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
- queue IDs from standard input. For example, to
- delete all mail with exactly one recipient
- <b>user@example.com</b>:
+ If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads queue IDs
+ from standard input. For example, to delete all mail with
+ exactly one recipient <b>user@example.com</b>:
mailq | tail +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" }
# $7=sender, $8=recipient1, $9=recipient2
print $1 }
' | tr -d '*!' | postsuper -d -
- Specify "<b>-d ALL</b>" to remove all messages; for exam-
- ple, specify "<b>-d ALL deferred</b>" to delete all mail
- in the <b>deferred</b> queue. As a safety measure, the
- word <b>ALL</b> must be specified in upper case.
+ Specify "<b>-d ALL</b>" to remove all messages; for example, specify
+ "<b>-d ALL deferred</b>" to delete all mail in the <b>deferred</b> queue. As
+ a safety measure, the word <b>ALL</b> must be specified in upper case.
- Warning: Postfix queue IDs are reused (always with
- Postfix <= 2.8; and with Postfix >= 2.9 when
- <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no). There is a very small
- possibility that postsuper deletes the wrong mes-
- sage file when it is executed while the Postfix
- mail system is delivering mail.
+ Warning: Postfix queue IDs are reused (always with Postfix <=
+ 2.8; and with Postfix >= 2.9 when <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no).
+ There is a very small possibility that postsuper deletes the
+ wrong message file when it is executed while the Postfix mail
+ system is delivering mail.
The scenario is as follows:
- 1) The Postfix queue manager deletes the mes-
- sage that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is asked to delete,
- because Postfix is finished with the message
- (it is delivered, or it is returned to the
- sender).
+ 1) The Postfix queue manager deletes the message that <a href="postsuper.1.html"><b>post-</b></a>
+ <a href="postsuper.1.html"><b>super</b>(1)</a> is asked to delete, because Postfix is finished
+ with the message (it is delivered, or it is returned to
+ the sender).
- 2) New mail arrives, and the new message is
- given the same queue ID as the message that
- <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is supposed to delete. The
- probability for reusing a deleted queue ID
- is about 1 in 2**15 (the number of different
- microsecond values that the system clock can
- distinguish within a second).
+ 2) New mail arrives, and the new message is given the same
+ queue ID as the message that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> is supposed to
+ delete. The probability for reusing a deleted queue ID
+ is about 1 in 2**15 (the number of different microsecond
+ values that the system clock can distinguish within a
+ second).
- 3) <a href="postsuper.1.html"><b>postsuper</b>(1)</a> deletes the new message,
- instead of the old message that it should
- have deleted.
+ 3) <a href="postsuper.1.html"><b>postsuper</b>(1)</a> deletes the new message, instead of the old
+ message that it should have deleted.
<b>-h</b> <i>queue</i><b>_</b><i>id</i>
- Put mail "on hold" so that no attempt is made to
- deliver it. Move one message with the named queue
- ID from the named mail queue(s) (default: <b>incoming</b>,
- <b>active</b> and <b>deferred</b>) to the <b>hold</b> queue.
+ Put mail "on hold" so that no attempt is made to deliver it.
+ Move one message with the named queue ID from the named mail
+ queue(s) (default: <b>incoming</b>, <b>active</b> and <b>deferred</b>) to the <b>hold</b>
+ queue.
- If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
- queue IDs from standard input.
+ If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads queue IDs
+ from standard input.
- Specify "<b>-h ALL</b>" to hold all messages; for example,
- specify "<b>-h ALL deferred</b>" to hold all mail in the
- <b>deferred</b> queue. As a safety measure, the word <b>ALL</b>
- must be specified in upper case.
+ Specify "<b>-h ALL</b>" to hold all messages; for example, specify "<b>-h</b>
+ <b>ALL deferred</b>" to hold all mail in the <b>deferred</b> queue. As a
+ safety measure, the word <b>ALL</b> must be specified in upper case.
- Note: while mail is "on hold" it will not expire
- when its time in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
- <b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> set-
- ting. It becomes subject to expiration after it is
- released from "hold".
+ Note: while mail is "on hold" it will not expire when its time
+ in the queue exceeds the <b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b> setting. It becomes subject to expiration
+ after it is released from "hold".
This feature is available in Postfix 2.0 and later.
<b>-H</b> <i>queue</i><b>_</b><i>id</i>
- Release mail that was put "on hold". Move one mes-
- sage with the named queue ID from the named mail
- queue(s) (default: <b>hold</b>) to the <b>deferred</b> queue.
+ Release mail that was put "on hold". Move one message with the
+ named queue ID from the named mail queue(s) (default: <b>hold</b>) to
+ the <b>deferred</b> queue.
- If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads
- queue IDs from standard input.
+ If a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program reads queue IDs
+ from standard input.
- Note: specify "<b>postsuper -r</b>" to release mail that
- was kept on hold for a significant fraction of
- <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>,
- or longer.
+ Note: specify "<b>postsuper -r</b>" to release mail that was kept on
+ hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a></b> or
+ <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or longer.
- Specify "<b>-H ALL</b>" to release all mail that is "on
- hold". As a safety measure, the word <b>ALL</b> must be
- specified in upper case.
+ Specify "<b>-H ALL</b>" to release all mail that is "on hold". As a
+ safety measure, the word <b>ALL</b> must be specified in upper case.
This feature is available in Postfix 2.0 and later.
- <b>-p</b> Purge old temporary files that are left over after
- system or software crashes.
+ <b>-p</b> Purge old temporary files that are left over after system or
+ software crashes.
<b>-r</b> <i>queue</i><b>_</b><i>id</i>
- Requeue the message with the named queue ID from
- the named mail queue(s) (default: <b>hold</b>, <b>incoming</b>,
- <b>active</b> and <b>deferred</b>). To requeue multiple mes-
- sages, specify multiple <b>-r</b> command-line options.
-
- Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the
- program reads queue IDs from standard input.
-
- Specify "<b>-r ALL</b>" to requeue all messages. As a
- safety measure, the word <b>ALL</b> must be specified in
- upper case.
-
- A requeued message is moved to the <b>maildrop</b> queue,
- from where it is copied by the <a href="pickup.8.html"><b>pickup</b>(8)</a> and
- <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemons to a new queue file. In many
- respects its handling differs from that of a new
+ Requeue the message with the named queue ID from the named mail
+ queue(s) (default: <b>hold</b>, <b>incoming</b>, <b>active</b> and <b>deferred</b>). To
+ requeue multiple messages, specify multiple <b>-r</b> command-line
+ options.
+
+ Alternatively, if a <i>queue</i><b>_</b><i>id</i> of <b>-</b> is specified, the program
+ reads queue IDs from standard input.
+
+ Specify "<b>-r ALL</b>" to requeue all messages. As a safety measure,
+ the word <b>ALL</b> must be specified in upper case.
+
+ A requeued message is moved to the <b>maildrop</b> queue, from where it
+ is copied by the <a href="pickup.8.html"><b>pickup</b>(8)</a> and <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemons to a new queue
+ file. In many respects its handling differs from that of a new
local submission.
- <b>o</b> The message is not subjected to the
- <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> or <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> settings.
- When mail has passed through an external
- content filter, this would produce incorrect
- results with Milter applications that depend
- on original SMTP connection state informa-
- tion.
-
- <b>o</b> The message is subjected again to mail
- address rewriting and substitution. This is
- useful when rewriting rules or virtual map-
- pings have changed.
-
- The address rewriting context (local or
- remote) is the same as when the message was
- received.
-
- <b>o</b> The message is subjected to the same <a href="postconf.5.html#content_filter">con</a>-
- <a href="postconf.5.html#content_filter">tent_filter</a> settings (if any) as used for
- new local mail submissions. This is useful
- when <a href="postconf.5.html#content_filter">content_filter</a> settings have changed.
-
- Warning: Postfix queue IDs are reused (always with
- Postfix <= 2.8; and with Postfix >= 2.9 when
- <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no). There is a very small
- possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues the wrong
- message file when it is executed while the Postfix
- mail system is running, but no harm should be done.
+ <b>o</b> The message is not subjected to the <a href="postconf.5.html#smtpd_milters">smtpd_milters</a> or
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a> settings. When mail has passed through
+ an external content filter, this would produce incorrect
+ results with Milter applications that depend on original
+ SMTP connection state information.
+
+ <b>o</b> The message is subjected again to mail address rewriting
+ and substitution. This is useful when rewriting rules or
+ virtual mappings have changed.
+
+ The address rewriting context (local or remote) is the
+ same as when the message was received.
+
+ <b>o</b> The message is subjected to the same <a href="postconf.5.html#content_filter">content_filter</a> set-
+ tings (if any) as used for new local mail submissions.
+ This is useful when <a href="postconf.5.html#content_filter">content_filter</a> settings have changed.
+
+ Warning: Postfix queue IDs are reused (always with Postfix <=
+ 2.8; and with Postfix >= 2.9 when <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no).
+ There is a very small possibility that <a href="postsuper.1.html"><b>postsuper</b>(1)</a> requeues the
+ wrong message file when it is executed while the Postfix mail
+ system is running, but no harm should be done.
This feature is available in Postfix 1.1 and later.
- <b>-s</b> Structure check and structure repair. This should
- be done once before Postfix startup.
-
- <b>o</b> Rename files whose name does not match the
- message file inode number. This operation is
- necessary after restoring a mail queue from
- a different machine or from backup, when
- queue files were created with Postfix <= 2.8
- or with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> = no".
-
- <b>o</b> Move queue files that are in the wrong place
- in the file system hierarchy and remove sub-
- directories that are no longer needed. File
- position rearrangements are necessary after
- a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
+ <b>-s</b> Structure check and structure repair. This should be done once
+ before Postfix startup.
+
+ <b>o</b> Rename files whose name does not match the message file
+ inode number. This operation is necessary after restoring
+ a mail queue from a different machine or from backup,
+ when queue files were created with Postfix <= 2.8 or with
+ "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> = no".
+
+ <b>o</b> Move queue files that are in the wrong place in the file
+ system hierarchy and remove subdirectories that are no
+ longer needed. File position rearrangements are neces-
+ sary after a change in the <b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a></b> and/or
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a></b> configuration parameters.
- <b>o</b> Rename queue files created with
- "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> = yes" to short
- names, for migration to Postfix <= 2.8. The
- procedure is as follows:
+ <b>o</b> Rename queue files created with "<a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> =
+ yes" to short names, for migration to Postfix <= 2.8.
+ The procedure is as follows:
# postfix stop
# postconf <a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a>=no
# postsuper
- Run <a href="postsuper.1.html"><b>postsuper</b>(1)</a> repeatedly until it stops
- reporting file name changes.
+ Run <a href="postsuper.1.html"><b>postsuper</b>(1)</a> repeatedly until it stops reporting file
+ name changes.
- <b>-S</b> A redundant version of <b>-s</b> that requires that long
- file names also match the message file inode num-
- ber. This option exists for testing purposes, and
- is available with Postfix 2.9 and later.
+ <b>-S</b> A redundant version of <b>-s</b> that requires that long file names
+ also match the message file inode number. This option exists for
+ testing purposes, and is available with Postfix 2.9 and later.
- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
- verbose.
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ options make the software increasingly verbose.
<b>DIAGNOSTICS</b>
- Problems are reported to the standard error stream and to
- <b>syslogd</b>(8).
+ Problems are reported to the standard error stream and to <b>syslogd</b>(8).
- <a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with
- <b>-d</b>, the number of messages requeued with <b>-r</b>, and the num-
- ber of messages whose queue file name was fixed with <b>-s</b>.
- The report is written to the standard error stream and to
- <b>syslogd</b>(8).
+ <a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with <b>-d</b>, the number
+ of messages requeued with <b>-r</b>, and the number of messages whose queue
+ file name was fixed with <b>-s</b>. The report is written to the standard
+ error stream and to <b>syslogd</b>(8).
<b>ENVIRONMENT</b>
MAIL_CONFIG
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>BUGS</b>
- Mail that is not sanitized by Postfix (i.e. mail in the
- <b>maildrop</b> queue) cannot be placed "on hold".
+ Mail that is not sanitized by Postfix (i.e. mail in the <b>maildrop</b> queue)
+ cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
- The number of subdirectory levels for queue direc-
-
tories listed with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
+ The number of subdirectory levels for queue directories listed
+ with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
<b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
- The names of queue directories that are split
- across multiple subdirectory levels.
+ The names of queue directories that are split across multiple
+ subdirectory levels.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
- Enable long, non-repeating, queue IDs (queue file
- names).
+ Enable long, non-repeating, queue IDs (queue file names).
<b>SEE ALSO</b>
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible user interface
<a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
POSTTLS-FINGER(1) POSTTLS-FINGER(1)
<b>NAME</b>
- posttls-finger - Probe the TLS properties of an ESMTP or
- LMTP server.
+ posttls-finger - Probe the TLS properties of an ESMTP or LMTP server.
<b>SYNOPSIS</b>
<b>posttls-finger</b> [<i>options</i>] [<b>inet:</b>]<i>domain</i>[:<i>port</i>] [<i>match ...</i>]
<b>posttls-finger</b> -S [<i>options</i>] <b>unix:</b><i>pathname</i> [<i>match ...</i>]
<b>DESCRIPTION</b>
- <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> connects to the specified destination
- and reports TLS-related information about the server. With
- SMTP, the destination is a domainname; with LMTP it is
- either a domainname prefixed with <b>inet:</b> or a pathname pre-
- fixed with <b>unix:</b>. If Postfix is built without TLS sup-
- port, the resulting posttls-finger program has very lim-
- ited functionality, and only the <b>-a</b>, <b>-c</b>, <b>-h</b>, <b>-o</b>, <b>-S</b>, <b>-t</b>,
- <b>-T</b> and <b>-v</b> options are available.
-
- Note: this is an unsupported test program. No attempt is
- made to maintain compatibility between successive ver-
- sions.
-
- For SMTP servers that don't support ESMTP, only the greet-
- ing banner and the negative EHLO response are reported.
- Otherwise, the reported EHLO response details further
- server capabilities.
-
- If TLS support is enabled when <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> is com-
- piled, and the server supports <b>STARTTLS</b>, a TLS handshake
- is attempted.
-
- If DNSSEC support is available, the connection TLS secu-
- rity level (<b>-l</b> option) defaults to <b>dane</b>; see <a href="TLS_README.html">TLS_README</a>
- for details. Otherwise, it defaults to <b>secure</b>. This set-
- ting determines the certificate matching policy.
-
- If TLS negotiation succeeds, the TLS protocol and cipher
- details are reported. The server certificate is then veri-
- fied in accordance with the policy at the chosen (or
- default) security level. With public CA-based trust, when
- the <b>-L</b> option includes <b>certmatch</b>, (true by default) name
- matching is performed even if the certificate chain is not
- trusted. This logs the names found in the remote SMTP
- server certificate and which if any would match, were the
- certificate chain trusted.
-
- Note: <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> does not perform any table
- lookups, so the TLS policy table and obsolete per-site
- tables are not consulted. It does not communicate with
- the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> daemon (or any other Postfix daemons); its
- TLS session cache is held in private memory, and disap-
- pears when the process exits.
-
- With the <b>-r</b> <i>delay</i> option, if the server assigns a TLS ses-
- sion id, the TLS session is cached. The connection is then
- closed and re-opened after the specified delay, and <a href="posttls-finger.1.html"><b>post-</b></a>
- <a href="posttls-finger.1.html"><b>tls-finger</b>(1)</a> then reports whether the cached TLS session
- was re-used.
-
- When the destination is a load-balancer, it may be dis-
- tributing load between multiple server caches. Typically,
- each server returns its unique name in its EHLO response.
- If, upon reconnecting with <b>-r</b>, a new server name is
- detected, another session is cached for the new server,
- and the reconnect is repeated up to a maximum number of
- times (default 5) that can be specified via the <b>-m</b> option.
-
- The choice of SMTP or LMTP (<b>-S</b> option) determines the syn-
- tax of the destination argument. With SMTP, one can spec-
- ify a service on a non-default port as <i>host</i>:<i>service</i>, and
- disable MX (mail exchanger) DNS lookups with [<i>host</i>] or
- [<i>host</i>]:<i>port</i>. The [] form is required when you specify an
- IP address instead of a hostname. An IPv6 address takes
- the form [<b>ipv6:</b><i>address</i>]. The default port for SMTP is
- taken from the <b>smtp/tcp</b> entry in /etc/services, defaulting
- to 25 if the entry is not found.
-
- With LMTP, specify <b>unix:</b><i>pathname</i> to connect to a local
- server listening on a unix-domain socket bound to the
- specified pathname; otherwise, specify an optional <b>inet:</b>
- prefix followed by a <i>domain</i> and an optional port, with the
- same syntax as for SMTP. The default TCP port for LMTP is
- 24.
+ <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> connects to the specified destination and reports
+ TLS-related information about the server. With SMTP, the destination is
+ a domainname; with LMTP it is either a domainname prefixed with <b>inet:</b>
+ or a pathname prefixed with <b>unix:</b>. If Postfix is built without TLS
+ support, the resulting posttls-finger program has very limited func-
+ tionality, and only the <b>-a</b>, <b>-c</b>, <b>-h</b>, <b>-o</b>, <b>-S</b>, <b>-t</b>, <b>-T</b> and <b>-v</b> options are
+ available.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
+
+ For SMTP servers that don't support ESMTP, only the greeting banner and
+ the negative EHLO response are reported. Otherwise, the reported EHLO
+ response details further server capabilities.
+
+ If TLS support is enabled when <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> is compiled, and the
+ server supports <b>STARTTLS</b>, a TLS handshake is attempted.
+
+ If DNSSEC support is available, the connection TLS security level (<b>-l</b>
+ option) defaults to <b>dane</b>; see <a href="TLS_README.html">TLS_README</a> for details. Otherwise, it
+ defaults to <b>secure</b>. This setting determines the certificate matching
+ policy.
+
+ If TLS negotiation succeeds, the TLS protocol and cipher details are
+ reported. The server certificate is then verified in accordance with
+ the policy at the chosen (or default) security level. With public CA-
+ based trust, when the <b>-L</b> option includes <b>certmatch</b>, (true by default)
+ name matching is performed even if the certificate chain is not
+ trusted. This logs the names found in the remote SMTP server certifi-
+ cate and which if any would match, were the certificate chain trusted.
+
+ Note: <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> does not perform any table lookups, so the TLS
+ policy table and obsolete per-site tables are not consulted. It does
+ not communicate with the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> daemon (or any other Postfix dae-
+ mons); its TLS session cache is held in private memory, and disappears
+ when the process exits.
+
+ With the <b>-r</b> <i>delay</i> option, if the server assigns a TLS session id, the
+ TLS session is cached. The connection is then closed and re-opened
+ after the specified delay, and <a href="posttls-finger.1.html"><b>posttls-finger</b>(1)</a> then reports whether
+ the cached TLS session was re-used.
+
+ When the destination is a load-balancer, it may be distributing load
+ between multiple server caches. Typically, each server returns its
+ unique name in its EHLO response. If, upon reconnecting with <b>-r</b>, a new
+ server name is detected, another session is cached for the new server,
+ and the reconnect is repeated up to a maximum number of times (default
+ 5) that can be specified via the <b>-m</b> option.
+
+ The choice of SMTP or LMTP (<b>-S</b> option) determines the syntax of the
+ destination argument. With SMTP, one can specify a service on a non-
+ default port as <i>host</i>:<i>service</i>, and disable MX (mail exchanger) DNS
+ lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The [] form is required when you
+ specify an IP address instead of a hostname. An IPv6 address takes the
+ form [<b>ipv6:</b><i>address</i>]. The default port for SMTP is taken from the
+ <b>smtp/tcp</b> entry in /etc/services, defaulting to 25 if the entry is not
+ found.
+
+ With LMTP, specify <b>unix:</b><i>pathname</i> to connect to a local server listening
+ on a unix-domain socket bound to the specified pathname; otherwise,
+ specify an optional <b>inet:</b> prefix followed by a <i>domain</i> and an optional
+ port, with the same syntax as for SMTP. The default TCP port for LMTP
+ is 24.
Arguments:
<b>-a</b> <i>family</i> (default: <b>any</b>)
- Address family preference: <b>ipv4</b>, <b>ipv6</b> or <b>any</b>. When
- using <b>any</b>, posttls-finger will randomly select one
- of the two as the more preferred, and exhaust all
- MX preferences for the first address family before
- trying any addresses for the other.
+ Address family preference: <b>ipv4</b>, <b>ipv6</b> or <b>any</b>. When using <b>any</b>,
+ posttls-finger will randomly select one of the two as the more
+ preferred, and exhaust all MX preferences for the first address
+ family before trying any addresses for the other.
<b>-A</b> <i>trust-anchor.pem</i> (default: none)
- A list of PEM trust-anchor files that overrides
- CAfile and CApath trust chain verification. Spec-
- ify the option multiple times to specify multiple
- files. See the <a href="postconf.5.html">main.cf</a> documentation for
+ A list of PEM trust-anchor files that overrides CAfile and CAp-
+ ath trust chain verification. Specify the option multiple times
+ to specify multiple files. See the <a href="postconf.5.html">main.cf</a> documentation for
<a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> for details.
- <b>-c</b> Disable SMTP chat logging; only TLS-related infor-
- mation is logged.
+ <b>-c</b> Disable SMTP chat logging; only TLS-related information is
+ logged.
- <b>-C</b> Print the remote SMTP server certificate trust
- chain in PEM format. The issuer DN, subject DN,
- certificate and public key fingerprints (see <b>-d</b>
- <i>mdalg</i> option below) are printed above each PEM cer-
- tificate block. If you specify <b>-F</b> <i>CAfile</i> or <b>-P</b>
- <i>CApath</i>, the OpenSSL library may augment the chain
- with missing issuer certificates. To see the
- actual chain sent by the remote SMTP server leave
- <i>CAfile</i> and <i>CApath</i> unset.
+ <b>-C</b> Print the remote SMTP server certificate trust chain in PEM for-
+ mat. The issuer DN, subject DN, certificate and public key fin-
+ gerprints (see <b>-d</b> <i>mdalg</i> option below) are printed above each PEM
+ certificate block. If you specify <b>-F</b> <i>CAfile</i> or <b>-P</b> <i>CApath</i>, the
+ OpenSSL library may augment the chain with missing issuer cer-
+ tificates. To see the actual chain sent by the remote SMTP
+ server leave <i>CAfile</i> and <i>CApath</i> unset.
<b>-d</b> <i>mdalg</i> (default: <b>sha1</b>)
- The message digest algorithm to use for reporting
- remote SMTP server fingerprints and matching
- against user provided certificate fingerprints
- (with DANE TLSA records the algorithm is specified
- in the DNS).
+ The message digest algorithm to use for reporting remote SMTP
+ server fingerprints and matching against user provided certifi-
+ cate fingerprints (with DANE TLSA records the algorithm is spec-
+ ified in the DNS).
- <b>-f</b> Lookup the associated DANE TLSA RRset even when a
- hostname is not an alias and its address records
- lie in an unsigned zone. See smtp_tls_force_inse-
- cure_host_tlsa_lookup for details.
+ <b>-f</b> Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
+ See <a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> for details.
<b>-F</b> <i>CAfile.pem</i> (default: none)
- The PEM formatted CAfile for remote SMTP server
- certificate verification. By default no CAfile is
- used and no public CAs are trusted.
+ The PEM formatted CAfile for remote SMTP server certificate ver-
+ ification. By default no CAfile is used and no public CAs are
+ trusted.
<b>-g</b> <i>grade</i> (default: medium)
- The minimum TLS cipher grade used by posttls-fin-
-
ger. See <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> for details.
+ The minimum TLS cipher grade used by posttls-finger. See
+ <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> for details.
<b>-h</b> <i>host</i><b>_</b><i>lookup</i> (default: <b>dns</b>)
- The hostname lookup methods used for the connec-
- tion. See the documentation of <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a>
- for syntax and semantics.
+ The hostname lookup methods used for the connection. See the
+ documentation of <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> for syntax and semantics.
<b>-l</b> <i>level</i> (default: <b>dane</b> or <b>secure</b>)
- The security level for the connection, default <b>dane</b>
- or <b>secure</b> depending on whether DNSSEC is available.
- For syntax and semantics, see the documentation of
- <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>. When <b>dane</b> or <b>dane-only</b> is
- supported and selected, if no TLSA records are
- found, or all the records found are unusable, the
- <i>secure</i> level will be used instead. The <b>fingerprint</b>
- security level allows you to test certificate or
- public-key fingerprint matches before you deploy
- them in the policy table.
-
- Note, since <b>posttls-finger</b> does not actually
- deliver any email, the <b>none</b>, <b>may</b> and <b>encrypt</b> secu-
- rity levels are not very useful. Since <b>may</b> and
- <b>encrypt</b> don't require peer certificates, they will
- often negotiate anonymous TLS ciphersuites, so you
- won't learn much about the remote SMTP server's
- certificates at these levels if it also supports
- anonymous TLS (though you may learn that the server
- supports anonymous TLS).
+ The security level for the connection, default <b>dane</b> or <b>secure</b>
+ depending on whether DNSSEC is available. For syntax and seman-
+ tics, see the documentation of <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>. When
+ <b>dane</b> or <b>dane-only</b> is supported and selected, if no TLSA records
+ are found, or all the records found are unusable, the <i>secure</i>
+ level will be used instead. The <b>fingerprint</b> security level
+ allows you to test certificate or public-key fingerprint matches
+ before you deploy them in the policy table.
+
+ Note, since <b>posttls-finger</b> does not actually deliver any email,
+ the <b>none</b>, <b>may</b> and <b>encrypt</b> security levels are not very useful.
+ Since <b>may</b> and <b>encrypt</b> don't require peer certificates, they will
+ often negotiate anonymous TLS ciphersuites, so you won't learn
+ much about the remote SMTP server's certificates at these levels
+ if it also supports anonymous TLS (though you may learn that the
+ server supports anonymous TLS).
<b>-L</b> <i>logopts</i> (default: <b>routine,certmatch</b>)
- Fine-grained TLS logging options. To tune the TLS
- features logged during the TLS handshake, specify
- one or more of:
+ Fine-grained TLS logging options. To tune the TLS features
+ logged during the TLS handshake, specify one or more of:
<b>0, none</b>
- These yield no TLS logging; you'll generally
- want more, but this is handy if you just
- want the trust chain:
+ These yield no TLS logging; you'll generally want more,
+ but this is handy if you just want the trust chain:
$ posttls-finger -cC -L none destination
<b>1, routine, summary</b>
- These synonymous values yield a normal one-
- line summary of the TLS connection.
+ These synonymous values yield a normal one-line summary
+ of the TLS connection.
<b>2, debug</b>
- These synonymous values combine routine,
- ssl-debug, cache and verbose.
+ These synonymous values combine routine, ssl-debug, cache
+ and verbose.
<b>3, ssl-expert</b>
- These synonymous values combine debug with
- ssl-handshake-packet-dump. For experts
- only.
+ These synonymous values combine debug with ssl-handshake-
+ packet-dump. For experts only.
<b>4, ssl-developer</b>
- These synonymous values combine ssl-expert
- with ssl-session-packet-dump. For experts
- only, and in most cases, use wireshark
- instead.
+ These synonymous values combine ssl-expert with ssl-ses-
+ sion-packet-dump. For experts only, and in most cases,
+ use wireshark instead.
<b>ssl-debug</b>
- Turn on OpenSSL logging of the progress of
- the SSL handshake.
+ Turn on OpenSSL logging of the progress of the SSL hand-
+ shake.
<b>ssl-handshake-packet-dump</b>
- Log hexadecimal packet dumps of the SSL
- handshake; for experts only.
+ Log hexadecimal packet dumps of the SSL handshake; for
+ experts only.
<b>ssl-session-packet-dump</b>
- Log hexadecimal packet dumps of the entire
- SSL session; only useful to those who can
- debug SSL protocol problems from hex dumps.
+ Log hexadecimal packet dumps of the entire SSL session;
+ only useful to those who can debug SSL protocol problems
+ from hex dumps.
<b>untrusted</b>
- Logs trust chain verification problems.
- This is turned on automatically at security
- levels that use peer names signed by cer-
- tificate authorities to validate certifi-
- cates. So while this setting is recognized,
- you should never need to set it explicitly.
+ Logs trust chain verification problems. This is turned
+ on automatically at security levels that use peer names
+ signed by certificate authorities to validate certifi-
+ cates. So while this setting is recognized, you should
+ never need to set it explicitly.
<b>peercert</b>
- This logs a one line summary of the remote
- SMTP server certificate subject, issuer, and
- fingerprints.
+ This logs a one line summary of the remote SMTP server
+ certificate subject, issuer, and fingerprints.
<b>certmatch</b>
- This logs remote SMTP server certificate
- matching, showing the CN and each subjec-
- tAltName and which name matched. With DANE,
- logs matching of TLSA record trust-anchor
- and end-entity certificates.
-
- <b>cache</b> This logs session cache operations, showing
- whether session caching is effective with
- the remote SMTP server. Automatically used
- when reconnecting with the <b>-r</b> option; rarely
- needs to be set explicitly.
+ This logs remote SMTP server certificate matching, show-
+ ing the CN and each subjectAltName and which name
+ matched. With DANE, logs matching of TLSA record trust-
+ anchor and end-entity certificates.
+
+ <b>cache</b> This logs session cache operations, showing whether ses-
+ sion caching is effective with the remote SMTP server.
+ Automatically used when reconnecting with the <b>-r</b> option;
+ rarely needs to be set explicitly.
<b>verbose</b>
- Enables verbose logging in the Postfix TLS
- driver; includes all of peercert..cache and
- more.
+ Enables verbose logging in the Postfix TLS driver;
+ includes all of peercert..cache and more.
- The default is <b>routine,certmatch</b>. After a recon-
- nect, <b>peercert</b>, <b>certmatch</b> and <b>verbose</b> are automati-
- cally disabled while <b>cache</b> and <b>summary</b> are enabled.
+ The default is <b>routine,certmatch</b>. After a reconnect, <b>peercert</b>,
+ <b>certmatch</b> and <b>verbose</b> are automatically disabled while <b>cache</b> and
+ <b>summary</b> are enabled.
<b>-m</b> <i>count</i> (default: <b>5</b>)
- When the <b>-r</b> <i>delay</i> option is specified, the <b>-m</b>
- option determines the maximum number of reconnect
- attempts to use with a server behind a load-bal-
- acer, to see whether connection caching is likely
- to be effective for this destination. Some MTAs
- don't expose the underlying server identity in
- their EHLO response; with these servers there will
- never be more than 1 reconnection attempt.
+ When the <b>-r</b> <i>delay</i> option is specified, the <b>-m</b> option determines
+ the maximum number of reconnect attempts to use with a server
+ behind a load-balacer, to see whether connection caching is
+ likely to be effective for this destination. Some MTAs don't
+ expose the underlying server identity in their EHLO response;
+ with these servers there will never be more than 1 reconnection
+ attempt.
<b>-o</b> <i>name=value</i>
- Specify zero or more times to override the value of
- the <a href="postconf.5.html">main.cf</a> parameter <i>name</i> with <i>value</i>. Possible
- use-cases include overriding the values of TLS
- library parameters, or "<a href="postconf.5.html#myhostname">myhostname</a>" to configure
- the SMTP EHLO name sent to the remote server.
+ Specify zero or more times to override the value of the <a href="postconf.5.html">main.cf</a>
+ parameter <i>name</i> with <i>value</i>. Possible use-cases include overrid-
+ ing the values of TLS library parameters, or "<a href="postconf.5.html#myhostname">myhostname</a>" to
+ configure the SMTP EHLO name sent to the remote server.
<b>-p</b> <i>protocols</i> (default: !SSLv2)
- List of TLS protocols that posttls-finger will
- exclude or include. See smtp_tls_mandatory_proto-
- cols for details.
+ List of TLS protocols that posttls-finger will exclude or
+ include. See <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> for details.
<b>-P</b> <i>CApath/</i> (default: none)
- The OpenSSL CApath/ directory (indexed via
- c_rehash(1)) for remote SMTP server certificate
- verification. By default no CApath is used and no
- public CAs are trusted.
+ The OpenSSL CApath/ directory (indexed via c_rehash(1)) for
+ remote SMTP server certificate verification. By default no CAp-
+ ath is used and no public CAs are trusted.
<b>-r</b> <i>delay</i>
- With a cachable TLS session, disconnect and recon-
- nect after <i>delay</i> seconds. Report whether the ses-
- sion is re-used. Retry if a new server is encoun-
- tered, up to 5 times or as specified with the <b>-m</b>
- option. By default reconnection is disabled, spec-
- ify a positive delay to enable this behavior.
-
- <b>-S</b> Disable SMTP; that is, connect to an LMTP server.
- The default port for LMTP over TCP is 24. Alterna-
- tive ports can specified by appending "<i>:service-</i>
- <i>name</i>" or ":<i>portnumber</i>" to the destination argument.
+ With a cachable TLS session, disconnect and reconnect after
+ <i>delay</i> seconds. Report whether the session is re-used. Retry if a
+ new server is encountered, up to 5 times or as specified with
+ the <b>-m</b> option. By default reconnection is disabled, specify a
+ positive delay to enable this behavior.
+
+ <b>-S</b> Disable SMTP; that is, connect to an LMTP server. The default
+ port for LMTP over TCP is 24. Alternative ports can specified
+ by appending "<i>:servicename</i>" or ":<i>portnumber</i>" to the destination
+ argument.
<b>-t</b> <i>timeout</i> (default: <b>30</b>)
- The TCP connection timeout to use. This is also
- the timeout for reading the remote server's 220
- banner.
+ The TCP connection timeout to use. This is also the timeout for
+ reading the remote server's 220 banner.
<b>-T</b> <i>timeout</i> (default: <b>30</b>)
- The SMTP/LMTP command timeout for EHLO/LHLO, START-
- TLS and QUIT.
+ The SMTP/LMTP command timeout for EHLO/LHLO, STARTTLS and QUIT.
- <b>-v</b> Enable verose Postfix logging. Specify more than
- once to increase the level of verbose logging.
+ <b>-v</b> Enable verose Postfix logging. Specify more than once to
+ increase the level of verbose logging.
[<b>inet:</b>]<i>domain</i>[:<i>port</i>]
- Connect via TCP to domain <i>domain</i>, port <i>port</i>. The
- default port is <b>smtp</b> (or 24 with LMTP). With SMTP
- an MX lookup is performed to resolve the domain to
- a host, unless the domain is enclosed in <b>[]</b>. If
- you want to connect to a specific MX host, for
- instance <i>mx1.example.com</i>, specify [<i>mx1.example.com</i>]
- as the destination and <i>example.com</i> as a <b>match</b> argu-
- ment. When using DNS, the destination domain is
- assumed fully qualified and no default domain or
- search suffixes are applied; you must use fully-
- qualified names or also enable <b>native</b> host lookups
- (these don't support <b>dane</b> or <b>dane-only</b> as no DNSSEC
- validation information is available via <b>native</b>
- lookups).
+ Connect via TCP to domain <i>domain</i>, port <i>port</i>. The default port is
+ <b>smtp</b> (or 24 with LMTP). With SMTP an MX lookup is performed to
+ resolve the domain to a host, unless the domain is enclosed in
+ <b>[]</b>. If you want to connect to a specific MX host, for instance
+ <i>mx1.example.com</i>, specify [<i>mx1.example.com</i>] as the destination
+ and <i>example.com</i> as a <b>match</b> argument. When using DNS, the desti-
+ nation domain is assumed fully qualified and no default domain
+ or search suffixes are applied; you must use fully-qualified
+ names or also enable <b>native</b> host lookups (these don't support
+ <b>dane</b> or <b>dane-only</b> as no DNSSEC validation information is avail-
+ able via <b>native</b> lookups).
<b>unix:</b><i>pathname</i>
- Connect to the UNIX-domain socket at <i>pathname</i>. LMTP
- only.
+ Connect to the UNIX-domain socket at <i>pathname</i>. LMTP only.
<b>match ...</b>
- With no match arguments specified, certificate
- peername matching uses the compiled-in default
- strategies for each security level. If you specify
- one or more arguments, these will be used as the
- list of certificate or public-key digests to match
- for the <b>fingerprint</b> level, or as the list of DNS
- names to match in the certificate at the <b>verify</b> and
- <b>secure</b> levels. If the security level is <b>dane</b>, or
- <b>dane-only</b> the match names are ignored, and <b>host-</b>
- <b>name, nexthop</b> strategies are used.
+ With no match arguments specified, certificate peername matching
+ uses the compiled-in default strategies for each security level.
+ If you specify one or more arguments, these will be used as the
+ list of certificate or public-key digests to match for the <b>fin-</b>
+ <b>gerprint</b> level, or as the list of DNS names to match in the cer-
+ tificate at the <b>verify</b> and <b>secure</b> levels. If the security level
+ is <b>dane</b>, or <b>dane-only</b> the match names are ignored, and <b>hostname,</b>
+ <b>nexthop</b> strategies are used.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
- Read configuration parameters from a non-default
- location.
+ Read configuration parameters from a non-default location.
<b>MAIL_VERBOSE</b>
Same as <b>-v</b> option.
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>proxymap</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write
- table lookup service to Postfix processes. These services
- are implemented with distinct service names: <b>proxymap</b> and
- <b>proxywrite</b>, respectively. The purpose of these services
- is:
-
- <b>o</b> To overcome chroot restrictions. For example, a
- chrooted SMTP server needs access to the system
- passwd file in order to reject mail for non-exis-
- tent local addresses, but it is not practical to
- maintain a copy of the passwd file in the chroot
- jail. The solution:
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides read-only or read-write table lookup
+ service to Postfix processes. These services are implemented with dis-
+ tinct service names: <b>proxymap</b> and <b>proxywrite</b>, respectively. The purpose
+ of these services is:
+
+ <b>o</b> To overcome chroot restrictions. For example, a chrooted SMTP
+ server needs access to the system passwd file in order to reject
+ mail for non-existent local addresses, but it is not practical
+ to maintain a copy of the passwd file in the chroot jail. The
+ solution:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
- <b>o</b> To consolidate the number of open lookup tables by
- sharing one open table among multiple processes.
- For example, making mysql connections from every
- Postfix daemon process results in "too many connec-
- tions" errors. The solution:
+ <b>o</b> To consolidate the number of open lookup tables by sharing one
+ open table among multiple processes. For example, making mysql
+ connections from every Postfix daemon process results in "too
+ many connections" errors. The solution:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> =
<a href="proxymap.8.html">proxy</a>:<a href="mysql_table.5.html">mysql</a>:/etc/postfix/virtual_alias.cf
- The total number of connections is limited by the
- number of proxymap server processes.
+ The total number of connections is limited by the number of
+ proxymap server processes.
- <b>o</b> To provide single-updater functionality for lookup
- tables that do not reliably support multiple writ-
- ers (i.e. all file-based tables).
+ <b>o</b> To provide single-updater functionality for lookup tables that
+ do not reliably support multiple writers (i.e. all file-based
+ tables).
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
<b>open</b> <i>maptype:mapname flags</i>
- Open the table with type <i>maptype</i> and name <i>mapname</i>,
- as controlled by <i>flags</i>. The reply includes the <i>map-</i>
- <i>type</i> dependent flags (to distinguish a fixed string
- table from a regular expression table).
+ Open the table with type <i>maptype</i> and name <i>mapname</i>, as controlled
+ by <i>flags</i>. The reply includes the <i>maptype</i> dependent flags (to
+ distinguish a fixed string table from a regular expression ta-
+ ble).
<b>lookup</b> <i>maptype:mapname flags key</i>
- Look up the data stored under the requested key.
- The reply is the request completion status code and
- the lookup result value. The <i>maptype:mapname</i> and
- <i>flags</i> are the same as with the <b>open</b> request.
+ Look up the data stored under the requested key. The reply is
+ the request completion status code and the lookup result value.
+ The <i>maptype:mapname</i> and <i>flags</i> are the same as with the <b>open</b>
+ request.
<b>update</b> <i>maptype:mapname flags key value</i>
- Update the data stored under the requested key.
- The reply is the request completion status code.
- The <i>maptype:mapname</i> and <i>flags</i> are the same as with
- the <b>open</b> request.
+ Update the data stored under the requested key. The reply is
+ the request completion status code. The <i>maptype:mapname</i> and
+ <i>flags</i> are the same as with the <b>open</b> request.
- To implement single-updater maps, specify a process
- limit of 1 in the <a href="master.5.html">master.cf</a> file entry for the
- <b>proxywrite</b> service.
+ To implement single-updater maps, specify a process limit of 1
+ in the <a href="master.5.html">master.cf</a> file entry for the <b>proxywrite</b> service.
This request is supported in Postfix 2.5 and later.
<b>delete</b> <i>maptype:mapname flags key</i>
- Delete the data stored under the requested key.
- The reply is the request completion status code.
- The <i>maptype:mapname</i> and <i>flags</i> are the same as with
- the <b>open</b> request.
+ Delete the data stored under the requested key. The reply is
+ the request completion status code. The <i>maptype:mapname</i> and
+ <i>flags</i> are the same as with the <b>open</b> request.
This request is supported in Postfix 2.5 and later.
<b>sequence</b> <i>maptype:mapname flags function</i>
- Iterate over the specified database. The <i>function</i>
- is one of DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT.
- The reply is the request completion status code and
- a lookup key and result value, if found.
+ Iterate over the specified database. The <i>function</i> is one of
+ DICT_SEQ_FUN_FIRST or DICT_SEQ_FUN_NEXT. The reply is the
+ request completion status code and a lookup key and result
+ value, if found.
This request is supported in Postfix 2.9 and later.
- The request completion status is one of OK, RETRY, NOKEY
- (lookup failed because the key was not found), BAD (mal-
- formed request) or DENY (the table is not approved for
- proxy read or update access).
+ The request completion status is one of OK, RETRY, NOKEY (lookup failed
+ because the key was not found), BAD (malformed request) or DENY (the
+ table is not approved for proxy read or update access).
- There is no <b>close</b> command, nor are tables implicitly
- closed when a client disconnects. The purpose is to share
- tables among multiple client processes.
+ There is no <b>close</b> command, nor are tables implicitly closed when a
+ client disconnects. The purpose is to share tables among multiple
+ client processes.
<b>SERVER PROCESS MANAGEMENT</b>
- <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>mas-</b></a>
- <a href="master.8.html"><b>ter</b>(8)</a> server. Each server can handle multiple simultane-
- ous connections. When all servers are busy while a client
- connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server
- process, provided that the process limit is not exceeded.
- Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> servers run under control by the Postfix <a href="master.8.html"><b>master</b>(8)</a> server.
+ Each server can handle multiple simultaneous connections. When all
+ servers are busy while a client connects, the <a href="master.8.html"><b>master</b>(8)</a> creates a new
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server process, provided that the process limit is not
+ exceeded. Each server terminates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b>
clients or after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.
<b>SECURITY</b>
- The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved
- via the <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration
- parameters, does not talk to users, and can run at fixed
- low privilege, chrooted or not. However, running the
- proxymap server chrooted severely limits usability,
- because it can open only chrooted tables.
-
- The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process,
- and must not be used to look up sensitive information such
- as UNIX user or group IDs, mailbox file/directory names or
- external commands.
-
- In Postfix version 2.2 and later, the proxymap client rec-
- ognizes requests to access a table for security-sensitive
- purposes, and opens the table directly. This allows the
- same <a href="postconf.5.html">main.cf</a> setting to be used by sensitive and non-sen-
- sitive processes.
-
- Postfix-writable data files should be stored under a dedi-
- cated directory that is writable only by the Postfix mail
- system, such as the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
-
- In particular, Postfix-writable files should never exist
- in root-owned directories. That would open up a particular
- type of security hole where ownership of a file or direc-
- tory does not match the provider of its content.
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server opens only tables that are approved via the
+ <b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a></b> or <b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a></b> configuration parameters, does not
+ talk to users, and can run at fixed low privilege, chrooted or not.
+ However, running the proxymap server chrooted severely limits usabil-
+ ity, because it can open only chrooted tables.
+
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is not a trusted daemon process, and must not be
+ used to look up sensitive information such as UNIX user or group IDs,
+ mailbox file/directory names or external commands.
+
+ In Postfix version 2.2 and later, the proxymap client recognizes
+ requests to access a table for security-sensitive purposes, and opens
+ the table directly. This allows the same <a href="postconf.5.html">main.cf</a> setting to be used by
+ sensitive and non-sensitive processes.
+
+ Postfix-writable data files should be stored under a dedicated direc-
+ tory that is writable only by the Postfix mail system, such as the
+ Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>.
+
+ In particular, Postfix-writable files should never exist in root-owned
+ directories. That would open up a particular type of security hole
+ where ownership of a file or directory does not match the provider of
+ its content.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple
- clients, and must therefore not be used for tables that
- have high-latency lookups.
-
- The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly
- close lookup tables (even if it did, this could not be
- relied on, because the process may be terminated between
- table updates). The read-write service should therefore
- not be used with tables that leave persistent storage in
- an inconsistent state between updates (for example, CDB).
- Tables that support "sync on update" should be safe (for
- example, Berkeley DB) as should tables that are imple-
- mented by a real DBMS.
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple clients, and must
+ therefore not be used for tables that have high-latency lookups.
+
+ The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> read-write service does not explicitly close lookup
+ tables (even if it did, this could not be relied on, because the
+ process may be terminated between table updates). The read-write ser-
+ vice should therefore not be used with tables that leave persistent
+ storage in an inconsistent state between updates (for example, CDB).
+ Tables that support "sync on update" should be safe (for example,
+ Berkeley DB) as should tables that are implemented by a real DBMS.
<b>CONFIGURATION PARAMETERS</b>
- On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>prox-</b></a>
- <a href="proxymap.8.html"><b>ymap</b>(8)</a> relevant changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ On busy mail systems a long time may pass before <a href="proxymap.8.html"><b>proxymap</b>(8)</a> relevant
+ changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up. Use the command "<b>postfix reload</b>" to
+ speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix-writable data files (for
- example: caches, pseudo-random numbers).
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_read_maps">proxy_read_maps</a> (see 'postconf -d' output)</b>
- The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
- allowed to access for the read-only service.
+ The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
+ access for the read-only service.
Available in Postfix 2.5 and later:
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix-writable data files (for
- example: caches, pseudo-random numbers).
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
<b><a href="postconf.5.html#proxy_write_maps">proxy_write_maps</a> (see 'postconf -d' output)</b>
- The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is
- allowed to access for the read-write service.
+ The lookup tables that the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server is allowed to
+ access for the read-write service.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
The proxymap service was introduced with Postfix 2.0.
<b>qmgr</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon awaits the arrival of incoming mail and
- arranges for its delivery via Postfix delivery processes.
- The actual mail routing strategy is delegated to the <a href="trivial-rewrite.8.html"><b>triv-</b></a>
- <a href="trivial-rewrite.8.html"><b>ial-rewrite</b>(8)</a> daemon. This program expects to be run
- from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon awaits the arrival of incoming mail and arranges for
+ its delivery via Postfix delivery processes. The actual mail routing
+ strategy is delegated to the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon. This program
+ expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- Mail addressed to the local <b>double-bounce</b> address is
- logged and discarded. This stops potential loops caused
- by undeliverable bounce notifications.
+ Mail addressed to the local <b>double-bounce</b> address is logged and dis-
+ carded. This stops potential loops caused by undeliverable bounce
+ notifications.
<b>MAIL QUEUES</b>
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon maintains the following queues:
<b>incoming</b>
- Inbound mail from the network, or mail picked up by
- the local <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon from the <b>maildrop</b> direc-
- tory.
+ Inbound mail from the network, or mail picked up by the local
+ <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon from the <b>maildrop</b> directory.
- <b>active</b> Messages that the queue manager has opened for
- delivery. Only a limited number of messages is
- allowed to enter the <b>active</b> queue (leaky bucket
- strategy, for a fixed delivery rate).
+ <b>active</b> Messages that the queue manager has opened for delivery. Only a
+ limited number of messages is allowed to enter the <b>active</b> queue
+ (leaky bucket strategy, for a fixed delivery rate).
<b>deferred</b>
- Mail that could not be delivered upon the first
- attempt. The queue manager implements exponential
- backoff by doubling the time between delivery
- attempts.
+ Mail that could not be delivered upon the first attempt. The
+ queue manager implements exponential backoff by doubling the
+ time between delivery attempts.
<b>corrupt</b>
- Unreadable or damaged queue files are moved here
- for inspection.
+ Unreadable or damaged queue files are moved here for inspection.
- <b>hold</b> Messages that are kept "on hold" are kept here
- until someone sets them free.
+ <b>hold</b> Messages that are kept "on hold" are kept here until someone
+ sets them free.
<b>DELIVERY STATUS REPORTS</b>
- The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon keeps an eye on per-message delivery
- status reports in the following directories. Each status
- report file has the same name as the corresponding message
- file:
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon keeps an eye on per-message delivery status reports
+ in the following directories. Each status report file has the same name
+ as the corresponding message file:
- <b>bounce</b> Per-recipient status information about why mail is
- bounced. These files are maintained by the
- <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
+ <b>bounce</b> Per-recipient status information about why mail is bounced.
+ These files are maintained by the <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon.
- <b>defer</b> Per-recipient status information about why mail is
- delayed. These files are maintained by the
- <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
+ <b>defer</b> Per-recipient status information about why mail is delayed.
+ These files are maintained by the <a href="defer.8.html"><b>defer</b>(8)</a> daemon.
- <b>trace</b> Per-recipient status information as requested with
- the Postfix "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" com-
- mand. These files are maintained by the <a href="trace.8.html"><b>trace</b>(8)</a>
- daemon.
+ <b>trace</b> Per-recipient status information as requested with the Postfix
+ "<b>sendmail -v</b>" or "<b>sendmail -bv</b>" command. These files are main-
+ tained by the <a href="trace.8.html"><b>trace</b>(8)</a> daemon.
- The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is responsible for asking the
- <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery
- reports.
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is responsible for asking the <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or
+ <a href="trace.8.html"><b>trace</b>(8)</a> daemons to send delivery reports.
<b>STRATEGIES</b>
- The queue manager implements a variety of strategies for
- either opening queue files (input) or for message delivery
- (output).
+ The queue manager implements a variety of strategies for either opening
+ queue files (input) or for message delivery (output).
<b>leaky bucket</b>
- This strategy limits the number of messages in the
- <b>active</b> queue and prevents the queue manager from
- running out of memory under heavy load.
+ This strategy limits the number of messages in the <b>active</b> queue
+ and prevents the queue manager from running out of memory under
+ heavy load.
<b>fairness</b>
- When the <b>active</b> queue has room, the queue manager
- takes one message from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one
- from the <b>deferred</b> queue. This prevents a large mail
- backlog from blocking the delivery of new mail.
+ When the <b>active</b> queue has room, the queue manager takes one mes-
+ sage from the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> and one from the <b>deferred</b> queue.
+ This prevents a large mail backlog from blocking the delivery of
+ new mail.
<b>slow start</b>
- This strategy eliminates "thundering herd" problems
- by slowly adjusting the number of parallel deliver-
- ies to the same destination.
+ This strategy eliminates "thundering herd" problems by slowly
+ adjusting the number of parallel deliveries to the same destina-
+ tion.
<b>round robin</b>
- The queue manager sorts delivery requests by desti-
- nation. Round-robin selection prevents one desti-
- nation from dominating deliveries to other destina-
- tions.
+ The queue manager sorts delivery requests by destination.
+ Round-robin selection prevents one destination from dominating
+ deliveries to other destinations.
<b>exponential backoff</b>
- Mail that cannot be delivered upon the first
- attempt is deferred. The time interval between
- delivery attempts is doubled after each attempt.
+ Mail that cannot be delivered upon the first attempt is
+ deferred. The time interval between delivery attempts is dou-
+ bled after each attempt.
<b>destination status cache</b>
- The queue manager avoids unnecessary delivery
- attempts by maintaining a short-term, in-memory
- list of unreachable destinations.
+ The queue manager avoids unnecessary delivery attempts by main-
+ taining a short-term, in-memory list of unreachable destina-
+ tions.
<b>preemptive message scheduling</b>
- The queue manager attempts to minimize the average
- per-recipient delay while still preserving the cor-
- rect per-message delays, using a sophisticated pre-
- emptive message scheduling.
+ The queue manager attempts to minimize the average per-recipient
+ delay while still preserving the correct per-message delays,
+ using a sophisticated preemptive message scheduling.
<b>TRIGGERS</b>
- On an idle system, the queue manager waits for the arrival
- of trigger events, or it waits for a timer to go off. A
- trigger is a one-byte message. Depending on the message
- received, the queue manager performs one of the following
- actions (the message is followed by the symbolic constant
- used internally by the software):
+ On an idle system, the queue manager waits for the arrival of trigger
+ events, or it waits for a timer to go off. A trigger is a one-byte mes-
+ sage. Depending on the message received, the queue manager performs
+ one of the following actions (the message is followed by the symbolic
+ constant used internally by the software):
<b>D (QMGR_REQ_SCAN_DEFERRED)</b>
- Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a deferred queue
- scan is already in progress, that scan will be
- restarted as soon as it finishes.
+ Start a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan. If a deferred queue scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
<b>I (QMGR_REQ_SCAN_INCOMING)</b>
- Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an incoming queue
- scan is already in progress, that scan will be
- restarted as soon as it finishes.
+ Start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan. If an incoming queue scan is
+ already in progress, that scan will be restarted as soon as it
+ finishes.
<b>A (QMGR_REQ_SCAN_ALL)</b>
- Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request
-
affects the next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
+ Ignore <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> file time stamps. The request affects the
+ next <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scan.
<b>F (QMGR_REQ_FLUSH_DEAD)</b>
- Purge all information about dead transports and
- destinations.
+ Purge all information about dead transports and destinations.
<b>W (TRIGGER_REQ_WAKEUP)</b>
- Wakeup call, This is used by the master server to
- instantiate servers that should not go away for-
- ever. The action is to start an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
- scan.
-
- The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon reads an entire buffer worth of trig-
- gers. Multiple identical trigger requests are collapsed
- into one, and trigger requests are sorted so that <b>A</b> and <b>F</b>
- precede <b>D</b> and <b>I</b>. Thus, in order to force a <a href="QSHAPE_README.html#deferred_queue">deferred queue</a>
- run, one would request <b>A F D</b>; in order to notify the queue
- manager of the arrival of new mail one would request <b>I</b>.
+ Wakeup call, This is used by the master server to instantiate
+ servers that should not go away forever. The action is to start
+ an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan.
+
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon reads an entire buffer worth of triggers. Multiple
+ identical trigger requests are collapsed into one, and trigger requests
+ are sorted so that <b>A</b> and <b>F</b> precede <b>D</b> and <b>I</b>. Thus, in order to force a
+ <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> run, one would request <b>A F D</b>; in order to notify the
+ queue manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
- The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads
- single-character messages from untrusted local users, and
- thus may be susceptible to denial of service attacks. The
- <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon does not talk to the outside world, and it
- can be run at fixed low privilege in a chrooted environ-
- ment.
+ The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads single-character
+ messages from untrusted local users, and thus may be susceptible to
+ denial of service attacks. The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon does not talk to the out-
+ side world, and it can be run at fixed low privilege in a chrooted
+ environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the syslog daemon.
- Corrupted message files are saved to the <b>corrupt</b> queue for
- further inspection.
+ Problems and transactions are logged to the syslog daemon. Corrupted
+ message files are saved to the <b>corrupt</b> queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>BUGS</b>
- A single queue manager process has to compete for disk
- access with multiple front-end processes such as
- <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound mail can negatively
- impact outbound delivery rates.
+ A single queue manager process has to compete for disk access with mul-
+ tiple front-end processes such as <a href="cleanup.8.html"><b>cleanup</b>(8)</a>. A sudden burst of inbound
+ mail can negatively impact outbound delivery rates.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically as
- <a href="qmgr.8.html"><b>qmgr</b>(8)</a> is a persistent process. Use the "<b>postfix reload</b>"
- command after a configuration change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically as <a href="qmgr.8.html"><b>qmgr</b>(8)</a> is a per-
+ sistent process. Use the "<b>postfix reload</b>" command after a configuration
+ change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
- In the text below, <i>transport</i> is the first field in a <b>mas-</b>
- <b>ter.cf</b> entry.
+ In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
<b>COMPATIBILITY CONTROLS</b>
Available before Postfix version 2.5:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
- Allow a sender or recipient address to have `-' as
- the first character.
+ Allow a sender or recipient address to have `-' as the first
+ character.
Available with Postfix version 2.7 and later:
<b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
- When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies
- no explicit next-hop destination, use $default_fil-
- ter_nexthop instead; when that value is empty, use
- the domain in the recipient address.
+ When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+ next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+ that value is empty, use the domain in the recipient address.
<b>ACTIVE QUEUE CONTROLS</b>
<b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
- The minimal delay between warnings that a specific
- destination is clogging up the Postfix active
- queue.
+ The minimal delay between warnings that a specific destination
+ is clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> (20000)</b>
The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
- The maximal number of recipients held in memory by
- the Postfix queue manager, and the maximal size of
- the short-term, in-memory "dead" destination status
- cache.
+ The maximal number of recipients held in memory by the Postfix
+ queue manager, and the maximal size of the short-term, in-memory
+ "dead" destination status cache.
<b><a href="postconf.5.html#qmgr_message_recipient_minimum">qmgr_message_recipient_minimum</a> (10)</b>
- The minimal number of in-memory recipients for any
- message.
+ The minimal number of in-memory recipients for any message.
<b><a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a> (20000)</b>
- The default per-transport upper limit on the number
- of in-memory recipients.
+ The default per-transport upper limit on the number of in-memory
+ recipients.
<b><a href="postconf.5.html#transport_recipient_limit"><i>transport</i>_recipient_limit</a> ($<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> (1000)</b>
- The default value for the extra per-transport limit
- imposed on the number of in-memory recipients.
+ The default value for the extra per-transport limit imposed on
+ the number of in-memory recipients.
- <b><a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> ($<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipi</a>-</b>
- <b><a href="postconf.5.html#default_extra_recipient_limit">ent_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_extra_recipient_limit"><i>transport</i>_extra_recipient_limit</a> ($<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> (100)</b>
- The default per-transport limit on the number of
- recipients refilled at once.
+ The default per-transport limit on the number of recipients
+ refilled at once.
- <b><a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-</b>
- <b><a href="postconf.5.html#default_recipient_refill_limit">ent_refill_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_recipient_refill_limit"><i>transport</i>_recipient_refill_limit</a> ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> (5s)</b>
- The default per-transport maximum delay between
- recipients refills.
+ The default per-transport maximum delay between recipients
+ refills.
- <b><a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-</b>
- <b><a href="postconf.5.html#default_recipient_refill_delay">ent_refill_delay</a>)</b>
+ <b><a href="postconf.5.html#transport_recipient_refill_delay"><i>transport</i>_recipient_refill_delay</a> ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>DELIVERY CONCURRENCY CONTROLS</b>
<b><a href="postconf.5.html#initial_destination_concurrency">initial_destination_concurrency</a> (5)</b>
- The initial per-destination concurrency level for
- parallel delivery to the same destination.
+ The initial per-destination concurrency level for parallel
+ delivery to the same destination.
<b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
- The default maximal number of parallel deliveries
- to the same destination.
+ The default maximal number of parallel deliveries to the same
+ destination.
- <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_limit"><i>transport</i>_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
Available in Postfix version 2.5 and later:
- <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_desti</a>-</b>
- <b><a href="postconf.5.html#initial_destination_concurrency">nation_concurrency</a>)</b>
- Initial concurrency for delivery via the named mes-
- sage <i>transport</i>.
+ <b><a href="postconf.5.html#transport_initial_destination_concurrency"><i>transport</i>_initial_destination_concurrency</a> ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
+ Initial concurrency for delivery via the named message <i>trans-</i>
+ <i>port</i>.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
- How many pseudo-cohorts must suffer connection or
- handshake failure before a specific destination is
- considered unavailable (and further delivery is
- suspended).
+ How many pseudo-cohorts must suffer connection or handshake
+ failure before a specific destination is considered unavailable
+ (and further delivery is suspended).
- <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_failed_cohort_limit"><i>transport</i>_destination_concurrency_failed_cohort_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency
- negative feedback, after a delivery completes with
- a connection or handshake failure.
+ The per-destination amount of delivery concurrency negative
+ feedback, after a delivery completes with a connection or hand-
+ shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_negative_feedback"><i>transport</i>_destination_concurrency_negative_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency
- positive feedback, after a delivery completes with-
- out connection or handshake failure.
+ The per-destination amount of delivery concurrency positive
+ feedback, after a delivery completes without connection or hand-
+ shake failure.
- <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a></b>
- <b>($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_concurrency_positive_feedback"><i>transport</i>_destination_concurrency_positive_feedback</a> ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
- Make the queue manager's feedback algorithm verbose
- for performance analysis purposes.
+ Make the queue manager's feedback algorithm verbose for perfor-
+ mance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a> (50)</b>
- The default maximal number of recipients per mes-
- sage delivery.
+ The default maximal number of recipients per message delivery.
- <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
+ <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>MESSAGE SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> (5)</b>
- How often the Postfix queue manager's scheduler is
- allowed to preempt delivery of one message with
- another.
+ How often the Postfix queue manager's scheduler is allowed to
+ preempt delivery of one message with another.
<b><a href="postconf.5.html#transport_delivery_slot_cost"><i>transport</i>_delivery_slot_cost</a> ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> (3)</b>
- How many recipients a message must have in order to
- invoke the Postfix queue manager's scheduling algo-
- rithm at all.
+ How many recipients a message must have in order to invoke the
+ Postfix queue manager's scheduling algorithm at all.
- <b><a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-</b>
- <b><a href="postconf.5.html#default_minimum_delivery_slots">ery_slots</a>)</b>
+ <b><a href="postconf.5.html#transport_minimum_delivery_slots"><i>transport</i>_minimum_delivery_slots</a> ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a> (50)</b>
- The default value for transport-specific _deliv-
- ery_slot_discount settings.
+ The default value for transport-specific _delivery_slot_discount
+ settings.
- <b><a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> ($<a href="postconf.5.html#default_delivery_slot_discount">default_deliv</a>-</b>
- <b><a href="postconf.5.html#default_delivery_slot_discount">ery_slot_discount</a>)</b>
+ <b><a href="postconf.5.html#transport_delivery_slot_discount"><i>transport</i>_delivery_slot_discount</a> ($<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b><a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> (3)</b>
- The default value for transport-specific _deliv-
- ery_slot_loan settings.
+ The default value for transport-specific _delivery_slot_loan
+ settings.
<b><a href="postconf.5.html#transport_delivery_slot_loan"><i>transport</i>_delivery_slot_loan</a> ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
Idem, for delivery via the named message <i>transport</i>.
<b>OTHER RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (300s)</b>
- The minimal time between attempts to deliver a
- deferred message; prior to Postfix 2.4 the default
- value was 1000s.
+ The minimal time between attempts to deliver a deferred message;
+ prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a> (4000s)</b>
- The maximal time between attempts to deliver a
- deferred message.
+ The maximal time between attempts to deliver a deferred message.
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
- Consider a message as undeliverable, when delivery
- fails with a temporary error, and the time in the
- queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> limit.
+ Consider a message as undeliverable, when delivery fails with a
+ temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
+ <a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
- manager; prior to Postfix 2.4 the default value was
- 1000s.
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
- The time between attempts by the Postfix queue man-
- ager to contact a malfunctioning message delivery
- transport.
+ The time between attempts by the Postfix queue manager to con-
+ tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
- Consider a bounce message as undeliverable, when
- delivery fails with a temporary error, and the time
- in the queue has reached the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a>
- limit.
+ Consider a bounce message as undeliverable, when delivery fails
+ with a temporary error, and the time in the queue has reached
+ the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
- The default amount of delay that is inserted
- between individual deliveries to the same destina-
- tion; the resulting behavior depends on the value
- of the corresponding per-destination recipient
- limit.
-
- <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a></b>
+ The default amount of delay that is inserted between individual
+ deliveries to the same destination; the resulting behavior
+ depends on the value of the corresponding per-destination recip-
+ ient limit.
+
+ <b><a href="postconf.5.html#transport_destination_rate_delay"><i>transport</i>_destination_rate_delay</a> $<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a></b>
Idem, for delivery via the named message <i>transport</i>.
<b>SAFETY CONTROLS</b>
<b><a href="postconf.5.html#qmgr_daemon_timeout">qmgr_daemon_timeout</a> (1000s)</b>
- How much time a Postfix queue manager process may
- take to handle a request before it is terminated by
- a built-in watchdog timer.
+ How much time a Postfix queue manager process may take to handle
+ a request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
- The time limit for the queue manager to send or
- receive information over an internal communication
- channel.
+ The time limit for the queue manager to send or receive informa-
+ tion over an internal communication channel.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
- The names of message delivery transports that
- should not deliver mail unless someone issues
- "<b>sendmail -q</b>" or equivalent.
+ The names of message delivery transports that should not deliver
+ mail unless someone issues "<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
- tings, and provide helpful suggestions.
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/incoming, <a href="QSHAPE_README.html#incoming_queue">incoming queue</a>
<a href="QSHAPE_README.html">QSHAPE_README</a>, Postfix queue analysis
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>qmqp-sink</b> [<b>-46cv</b>] [<b>-x</b> <i>time</i>] <b>unix:</b><i>pathname backlog</i>
<b>DESCRIPTION</b>
- <b>qmqp-sink</b> listens on the named host (or address) and port.
- It receives messages from the network and throws them
- away. The purpose is to measure QMQP client performance,
- not protocol compliance. Connections can be accepted on
- IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4
- and IPv6 are the default. This program is the complement
- of the <a href="qmqp-source.1.html"><b>qmqp-source</b>(1)</a> program.
-
- Note: this is an unsupported test program. No attempt is
- made to maintain compatibility between successive ver-
- sions.
+ <b>qmqp-sink</b> listens on the named host (or address) and port. It receives
+ messages from the network and throws them away. The purpose is to mea-
+ sure QMQP client performance, not protocol compliance. Connections can
+ be accepted on IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4
+ and IPv6 are the default. This program is the complement of the <a href="qmqp-source.1.html"><b>qmqp-</b></a>
+ <a href="qmqp-source.1.html"><b>source</b>(1)</a> program.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
Arguments:
- <b>-4</b> Support IPv4 only. This option has no effect when
- Postfix is built without IPv6 support.
+ <b>-4</b> Support IPv4 only. This option has no effect when Postfix is
+ built without IPv6 support.
- <b>-6</b> Support IPv6 only. This option is not available
- when Postfix is built without IPv6 support.
+ <b>-6</b> Support IPv6 only. This option is not available when Postfix is
+ built without IPv6 support.
- <b>-c</b> Display a running counter that is updated whenever
- a delivery is completed.
+ <b>-c</b> Display a running counter that is updated whenever a delivery is
+ completed.
- <b>-v</b> Increase verbosity. Specify <b>-v -v</b> to see some of
- the QMQP conversation.
+ <b>-v</b> Increase verbosity. Specify <b>-v -v</b> to see some of the QMQP con-
+ versation.
<b>-x</b> <i>time</i>
- Terminate after <i>time</i> seconds. This is to facilitate
- memory leak testing.
+ Terminate after <i>time</i> seconds. This is to facilitate memory leak
+ testing.
<b>SEE ALSO</b>
<a href="qmqp-source.1.html">qmqp-source(1)</a>, QMQP message generator
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>qmqp-source</b> [<i>options</i>] <b>unix:</b><i>pathname</i>
<b>DESCRIPTION</b>
- <b>qmqp-source</b> connects to the named host and TCP port
- (default 628) and sends one or more messages to it, either
- sequentially or in parallel. The program speaks the QMQP
- protocol. Connections can be made to UNIX-domain and IPv4
- or IPv6 servers. IPv4 and IPv6 are the default.
+ <b>qmqp-source</b> connects to the named host and TCP port (default 628) and
+ sends one or more messages to it, either sequentially or in parallel.
+ The program speaks the QMQP protocol. Connections can be made to UNIX-
+ domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the default.
- Note: this is an unsupported test program. No attempt is
- made to maintain compatibility between successive ver-
- sions.
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
Arguments:
- <b>-4</b> Connect to the server with IPv4. This option has no
- effect when Postfix is built without IPv6 support.
+ <b>-4</b> Connect to the server with IPv4. This option has no effect when
+ Postfix is built without IPv6 support.
- <b>-6</b> Connect to the server with IPv6. This option is not
- available when Postfix is built without IPv6 sup-
- port.
+ <b>-6</b> Connect to the server with IPv6. This option is not available
+ when Postfix is built without IPv6 support.
- <b>-c</b> Display a running counter that is incremented each
- time a delivery completes.
+ <b>-c</b> Display a running counter that is incremented each time a deliv-
+ ery completes.
<b>-C</b> <i>count</i>
- When a host sends RESET instead of SYN|ACK, try
- <i>count</i> times before giving up. The default count is
- 1. Specify a larger count in order to work around a
- problem with TCP/IP stacks that send RESET when the
- listen queue is full.
+ When a host sends RESET instead of SYN|ACK, try <i>count</i> times
+ before giving up. The default count is 1. Specify a larger count
+ in order to work around a problem with TCP/IP stacks that send
+ RESET when the listen queue is full.
<b>-f</b> <i>from</i>
- Use the specified sender address (default:
- <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ Use the specified sender address (default: <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
<b>-l</b> <i>length</i>
- Send <i>length</i> bytes as message payload. The length
- includes the message headers.
+ Send <i>length</i> bytes as message payload. The length includes the
+ message headers.
<b>-m</b> <i>message</i><b>_</b><i>count</i>
Send the specified number of messages (default: 1).
<b>-M</b> <i><a href="postconf.5.html#myhostname">myhostname</a></i>
- Use the specified hostname or [address] in the
- default sender and recipient addresses, instead of
- the machine hostname.
+ Use the specified hostname or [address] in the default sender
+ and recipient addresses, instead of the machine hostname.
<b>-r</b> <i>recipient</i><b>_</b><i>count</i>
- Send the specified number of recipients per trans-
- action (default: 1). Recipient names are generated
- by prepending a number to the recipient address.
+ Send the specified number of recipients per transaction
+ (default: 1). Recipient names are generated by prepending a
+ number to the recipient address.
<b>-s</b> <i>session</i><b>_</b><i>count</i>
- Run the specified number of QMQP sessions in paral-
- lel (default: 1).
+ Run the specified number of QMQP sessions in parallel (default:
+ 1).
- <b>-t</b> <i>to</i> Use the specified recipient address (default:
- <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ <b>-t</b> <i>to</i> Use the specified recipient address (default: <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
<b>-R</b> <i>interval</i>
- Wait for a random period of time 0 <= n <= interval
- between messages. Suspending one thread does not
- affect other delivery threads.
+ Wait for a random period of time 0 <= n <= interval between mes-
+ sages. Suspending one thread does not affect other delivery
+ threads.
- <b>-v</b> Make the program more verbose, for debugging pur-
- poses.
+ <b>-v</b> Make the program more verbose, for debugging purposes.
<b>-w</b> <i>interval</i>
- Wait a fixed time between messages. Suspending one
- thread does not affect other delivery threads.
+ Wait a fixed time between messages. Suspending one thread does
+ not affect other delivery threads.
<b>SEE ALSO</b>
<a href="qmqp-sink.1.html">qmqp-sink(1)</a>, QMQP message dump
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>qmqpd</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix QMQP server receives one message per connec-
- tion. Each message is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> dae-
- mon, and is placed into the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single
- queue file. The program expects to be run from the <a href="master.8.html"><b>mas-</b></a>
- <a href="master.8.html"><b>ter</b>(8)</a> process manager.
+ The Postfix QMQP server receives one message per connection. Each mes-
+ sage is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the
+ <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single queue file. The program expects to be run
+ from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
- The QMQP server implements one access policy: only explic-
- itly authorized client hosts are allowed to use the ser-
- vice.
+ The QMQP server implements one access policy: only explicitly autho-
+ rized client hosts are allowed to use the service.
<b>SECURITY</b>
- The QMQP server is moderately security-sensitive. It talks
- to QMQP clients and to DNS servers on the network. The
- QMQP server can be run chrooted at fixed low privilege.
+ The QMQP server is moderately security-sensitive. It talks to QMQP
+ clients and to DNS servers on the network. The QMQP server can be run
+ chrooted at fixed low privilege.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- The QMQP protocol provides only one server reply per mes-
- sage delivery. It is therefore not possible to reject
- individual recipients.
+ The QMQP protocol provides only one server reply per message delivery.
+ It is therefore not possible to reject individual recipients.
- The QMQP protocol requires the server to receive the
- entire message before replying. If a message is malformed,
- or if any netstring component is longer than acceptable,
- Postfix replies immediately and closes the connection. It
- is left up to the client to handle the situation.
+ The QMQP protocol requires the server to receive the entire message
+ before replying. If a message is malformed, or if any netstring compo-
+ nent is longer than acceptable, Postfix replies immediately and closes
+ the connection. It is left up to the client to handle the situation.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="qmqpd.8.html"><b>qmqpd</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="qmqpd.8.html"><b>qmqpd</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>CONTENT INSPECTION CONTROLS</b>
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
- After the message is queued, send the entire mes-
- sage to the specified <i>transport:destination</i>.
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
- content filtering, or address mapping.
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
- are reconstructed.
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
- that is allowed in the primary message headers.
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
- envelope information.
+ The maximal size in bytes of a message, including envelope
+ information.
<b><a href="postconf.5.html#qmqpd_timeout">qmqpd_timeout</a> (300s)</b>
- The time limit for sending or receiving information
- over the network.
+ The time limit for sending or receiving information over the
+ network.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise
- be returned to the sender.
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
<b>TARPIT CONTROLS</b>
<b><a href="postconf.5.html#qmqpd_error_delay">qmqpd_error_delay</a> (1s)</b>
- How long the Postfix QMQP server will pause before
- sending a negative reply to the remote QMQP client.
+ How long the Postfix QMQP server will pause before sending a
+ negative reply to the remote QMQP client.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#qmqpd_authorized_clients">qmqpd_authorized_clients</a> (empty)</b>
- What remote QMQP clients are allowed to connect to
- the Postfix QMQP server port.
+ What remote QMQP clients are allowed to connect to the Postfix
+ QMQP server port.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
- and in SMTP commands.
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#qmqpd_client_port_logging">qmqpd_client_port_logging</a> (no)</b>
- Enable logging of the remote QMQP client port in
- addition to the hostname and IP address.
+ Enable logging of the remote QMQP client port in addition to the
+ hostname and IP address.
<b>SEE ALSO</b>
<a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="QMQP_README.html">QMQP_README</a>, Postfix ezmlm-idx howto.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
The qmqpd service was introduced with Postfix version 1.1.
[<b>-c</b> <i>config</i><b>_</b><i>directory</i>] [<i>queue</i><b>_</b><i>name</i> ...]
<b>DESCRIPTION</b>
- The <b>qshape</b> program helps the administrator understand the
- Postfix queue message distribution in time and by sender
- domain or recipient domain. The program needs read access
- to the queue directories and queue files, so it must run
- as the superuser or the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> specified in <a href="postconf.5.html"><b>main.cf</b></a>
+ The <b>qshape</b> program helps the administrator understand the Postfix queue
+ message distribution in time and by sender domain or recipient domain.
+ The program needs read access to the queue directories and queue files,
+ so it must run as the superuser or the <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> specified in <a href="postconf.5.html"><b>main.cf</b></a>
(typically <b>postfix</b>).
Options:
- <b>-s</b> Display the sender domain distribution instead of
- the recipient domain distribution. By default the
- recipient distribution is displayed. There can be
- more recipients than messages, but as each message
- has only one sender, the sender distribution is a
+ <b>-s</b> Display the sender domain distribution instead of the recipient
+ domain distribution. By default the recipient distribution is
+ displayed. There can be more recipients than messages, but as
+ each message has only one sender, the sender distribution is a
message distribution.
- <b>-p</b> Generate aggregate statistics for parent domains.
- Top level domains are not shown, nor are domains
- with fewer than <i>min</i><b>_</b><i>subdomains</i> subdomains. The
- names of parent domains are shown with a leading
- dot, (e.g. <i>.example.com</i>).
+ <b>-p</b> Generate aggregate statistics for parent domains. Top level
+ domains are not shown, nor are domains with fewer than <i>min</i><b>_</b><i>sub-</i>
+ <i>domains</i> subdomains. The names of parent domains are shown with a
+ leading dot, (e.g. <i>.example.com</i>).
<b>-m</b> <i>min</i><b>_</b><i>subdomains</i>
- When used with the <b>-p</b> option, sets the minimum sub-
- domain count needed to show a separate line for a
- parent domain. The default is 5.
+ When used with the <b>-p</b> option, sets the minimum subdomain count
+ needed to show a separate line for a parent domain. The default
+ is 5.
<b>-b</b> <i>bucket</i><b>_</b><i>count</i>
- The age distribution is broken up into a sequence
- of geometrically increasing intervals. This option
- sets the number of intervals or "buckets". Each
- bucket has a maximum queue age that is twice as
- large as that of the previous bucket. The last
+ The age distribution is broken up into a sequence of geometri-
+ cally increasing intervals. This option sets the number of
+ intervals or "buckets". Each bucket has a maximum queue age that
+ is twice as large as that of the previous bucket. The last
bucket has no age limit.
<b>-t</b> <i>bucket</i><b>_</b><i>time</i>
- The age limit in minutes for the first time bucket.
- The default value is 5, meaning that the first
- bucket counts messages between 0 and 5 minutes old.
+ The age limit in minutes for the first time bucket. The default
+ value is 5, meaning that the first bucket counts messages
+ between 0 and 5 minutes old.
- <b>-l</b> Instead of using a geometric age sequence, use a
- linear age sequence, in other words simple multi-
- ples of <b>bucket_time</b>.
+ <b>-l</b> Instead of using a geometric age sequence, use a linear age
+ sequence, in other words simple multiples of <b>bucket_time</b>.
This feature is available in Postfix 2.2 and later.
<b>-w</b> <i>terminal</i><b>_</b><i>width</i>
- The output is right justified, with the counts for
- the last bucket shown on the 80th column, the <i>ter-</i>
- <i>minal</i><b>_</b><i>width</i> can be adjusted for wider screens
- allowing more buckets to be displayed without trun-
- cating the domain names on the left. When a row for
- a full domain name and its counters does not fit in
- the specified number of columns, only the last 17
- bytes of the domain name are shown with the prefix
- replaced by a '+' character. Truncated parent
- domain rows are shown as '.+' followed by the last
- 16 bytes of the domain name. If this is still too
- narrow to show the domain name and all the coun-
- ters, the terminal_width limit is violated.
+ The output is right justified, with the counts for the last
+ bucket shown on the 80th column, the <i>terminal</i><b>_</b><i>width</i> can be
+ adjusted for wider screens allowing more buckets to be displayed
+ without truncating the domain names on the left. When a row for
+ a full domain name and its counters does not fit in the speci-
+ fied number of columns, only the last 17 bytes of the domain
+ name are shown with the prefix replaced by a '+' character.
+ Truncated parent domain rows are shown as '.+' followed by the
+ last 16 bytes of the domain name. If this is still too narrow to
+ show the domain name and all the counters, the terminal_width
+ limit is violated.
<b>-N</b> <i>batch</i><b>_</b><i>msg</i><b>_</b><i>count</i>
- When the output device is a terminal, intermediate
- results are shown each "batch_msg_count" messages.
- This produces usable results in a reasonable time
- even when the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is large. The default
- is to show intermediate results every 1000 mes-
- sages.
+ When the output device is a terminal, intermediate results are
+ shown each "batch_msg_count" messages. This produces usable
+ results in a reasonable time even when the <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> is
+ large. The default is to show intermediate results every 1000
+ messages.
<b>-n</b> <i>batch</i><b>_</b><i>top</i><b>_</b><i>domains</i>
- When reporting intermediate or final results to a
- termainal, report only the top "batch_top_domains"
- domains. The default limit is 20 domains.
+ When reporting intermediate or final results to a termainal,
+ report only the top "batch_top_domains" domains. The default
+ limit is 20 domains.
<b>-c</b> <i>config</i><b>_</b><i>directory</i>
- The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named
- directory instead of the default configuration
- directory.
+ The <a href="postconf.5.html"><b>main.cf</b></a> configuration file is in the named directory instead
+ of the default configuration directory.
Arguments:
<i>queue</i><b>_</b><i>name</i>
- By default <b>qshape</b> displays the combined distribu-
- tion of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>. To display
- a different set of queues, just list their direc-
- tory names on the command line. Absolute paths are
- used as is, other paths are taken relative to the
- <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter setting. While
- <a href="postconf.5.html"><b>main.cf</b></a> supports the use of <i>$variable</i> expansion in
- the definition of the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter,
- the <b>qshape</b> program does not. If you must use vari-
- able expansions in the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> setting, you
- must specify an explicit absolute path for each
- queue subdirectory even if you want the default
- <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queue</a> distribution.
+ By default <b>qshape</b> displays the combined distribution of the
+ incoming and <a href="QSHAPE_README.html#active_queue">active queues</a>. To display a different set of
+ queues, just list their directory names on the command line.
+ Absolute paths are used as is, other paths are taken relative to
+ the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter setting. While <a href="postconf.5.html"><b>main.cf</b></a>
+ supports the use of <i>$variable</i> expansion in the definition of the
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> parameter, the <b>qshape</b> program does not. If you
+ must use variable expansions in the <b><a href="postconf.5.html#queue_directory">queue_directory</a></b> setting, you
+ must specify an explicit absolute path for each queue subdirec-
+ tory even if you want the default <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queue</a> dis-
+ tribution.
<b>SEE ALSO</b>
<a href="mailq.1.html">mailq(1)</a>, List all messages in the queue.
$<a href="postconf.5.html#queue_directory">queue_directory</a>/deferred/, messages postponed for later delivery.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Victor Duchovni
<b>postmap -q - <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting, mail routing, or access control. These tables
- are usually in <b>dbm</b> or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting,
+ mail routing, or access control. These tables are usually in <b>dbm</b> or <b>db</b>
+ format.
- Alternatively, lookup tables can be specified in POSIX
- regular expression form. In this case, each input is com-
- pared against a list of patterns. When a match is found,
- the corresponding result is returned and the search is
- terminated.
+ Alternatively, lookup tables can be specified in POSIX regular expres-
+ sion form. In this case, each input is compared against a list of pat-
+ terns. When a match is found, the corresponding result is returned and
+ the search is terminated.
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -q</b>" command as
- described in the SYNOPSIS above.
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
<b>COMPATIBILITY</b>
- With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
- to query a table that contains case sensitive patterns.
- Patterns are case insensitive by default.
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>" to query a
+ table that contains case sensitive patterns. Patterns are case insensi-
+ tive by default.
<b>TABLE FORMAT</b>
The general form of a Postfix regular expression table is:
<b>/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> matches the input string, use the cor-
- responding <i>result</i> value.
+ When <i>pattern</i> matches the input string, use the corresponding
+ <i>result</i> value.
<b>!/</b><i>pattern</i><b>/</b><i>flags result</i>
- When <i>pattern</i> does <b>not</b> match the input string, use
- the corresponding <i>result</i> value.
+ When <i>pattern</i> does <b>not</b> match the input string, use the corre-
+ sponding <i>result</i> value.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if that same input string
- also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if that same input string also matches <i>pat-</i>
+ <i>tern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
- <b>if</b>..<b>endif</b>.
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
- <b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if that same input string
- does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>endif</b> Match the input string against the patterns between <b>if</b> and
+ <b>endif</b>, if and only if that same input string does <b>not</b> match <i>pat-</i>
+ <i>tern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
- <b>if</b>..<b>endif</b>.
+ Note: do not prepend whitespace to patterns inside <b>if</b>..<b>endif</b>.
This feature is available in Postfix 2.1 and later.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
-
- Each pattern is a POSIX regular expression enclosed by a
- pair of delimiters. The regular expression syntax is docu-
- mented in <b>re_format</b>(7) with 4.4BSD, in <b>regex</b>(5) with
- Solaris, and in <b>regex</b>(7) with Linux. Other systems may use
- other document names.
-
- The expression delimiter can be any non-alphanumerical
- character, except whitespace or characters that have spe-
- cial meaning (traditionally the forward slash is used).
- The regular expression can contain whitespace.
-
- By default, matching is case-insensitive, and newlines are
- not treated as special characters. The behavior is con-
- trolled by flags, which are toggled by appending one or
- more of the following characters after the pattern:
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
+
+ Each pattern is a POSIX regular expression enclosed by a pair of delim-
+ iters. The regular expression syntax is documented in <b>re_format</b>(7) with
+ 4.4BSD, in <b>regex</b>(5) with Solaris, and in <b>regex</b>(7) with Linux. Other
+ systems may use other document names.
+
+ The expression delimiter can be any non-alphanumerical character,
+ except whitespace or characters that have special meaning (tradition-
+ ally the forward slash is used). The regular expression can contain
+ whitespace.
+
+ By default, matching is case-insensitive, and newlines are not treated
+ as special characters. The behavior is controlled by flags, which are
+ toggled by appending one or more of the following characters after the
+ pattern:
<b>i</b> (default: on)
- Toggles the case sensitivity flag. By default,
- matching is case insensitive.
+ Toggles the case sensitivity flag. By default, matching is case
+ insensitive.
<b>m</b> (default: off)
- Toggle the multi-line mode flag. When this flag is
- on, the <b>^</b> and <b>$</b> metacharacters match immediately
- after and immediately before a newline character,
- respectively, in addition to matching at the start
- and end of the input string.
+ Toggle the multi-line mode flag. When this flag is on, the <b>^</b> and
+ <b>$</b> metacharacters match immediately after and immediately before
+ a newline character, respectively, in addition to matching at
+ the start and end of the input string.
<b>x</b> (default: on)
- Toggles the extended expression syntax flag. By
- default, support for extended expression syntax is
- enabled.
+ Toggles the extended expression syntax flag. By default, support
+ for extended expression syntax is enabled.
<b>TABLE SEARCH ORDER</b>
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the input
- string.
-
- Each pattern is applied to the entire input string.
- Depending on the application, that string is an entire
- client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, and <i>user@domain</i> mail addresses are not
- broken up into their <i>user</i> and <i>domain</i> constituent parts,
- nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the input string.
+
+ Each pattern is applied to the entire input string. Depending on the
+ application, that string is an entire client hostname, an entire client
+ IP address, or an entire mail address. Thus, no parent domain or par-
+ ent network search is done, and <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings (text that matches patterns
- inside "()") from the matched expression into the result
- string is requested with $1, $2, etc.; specify $$ to pro-
- duce a $ character as output. The macros in the result
- string may need to be written as ${n} or $(n) if they
- aren't followed by whitespace.
-
- Note: since negated patterns (those preceded by <b>!</b>) return
- a result when the expression does not match, substitutions
- are not available for negated patterns.
+ Substitution of substrings (text that matches patterns inside "()")
+ from the matched expression into the result string is requested with
+ $1, $2, etc.; specify $$ to produce a $ character as output. The
+ macros in the result string may need to be written as ${n} or $(n) if
+ they aren't followed by whitespace.
+
+ Note: since negated patterns (those preceded by <b>!</b>) return a result when
+ the expression does not match, substitutions are not available for
+ negated patterns.
<b>EXAMPLE SMTPD ACCESS MAP</b>
# Disallow sender-specified routing. This is a must if you relay mail
<b>postmap /etc/postfix/relocated</b>
<b>DESCRIPTION</b>
- The optional <a href="relocated.5.html"><b>relocated</b>(5)</a> table provides the information
- that is used in "user has moved to <i>new</i><b>_</b><i>location</i>" bounce
- messages.
-
- Normally, the <a href="relocated.5.html"><b>relocated</b>(5)</a> table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/relocated</b>" to rebuild an indexed
- file after changing the corresponding relocated table.
-
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
-
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
+ The optional <a href="relocated.5.html"><b>relocated</b>(5)</a> table provides the information that is used
+ in "user has moved to <i>new</i><b>_</b><i>location</i>" bounce messages.
+
+ Normally, the <a href="relocated.5.html"><b>relocated</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/relocated</b>" to rebuild an
+ indexed file after changing the corresponding relocated table.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those case, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
Table lookups are case insensitive.
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern new</i><b>_</b><i>location</i>
- Where <i>new</i><b>_</b><i>location</i> specifies contact information
- such as an email address, or perhaps a street
- address or telephone number.
+ Where <i>new</i><b>_</b><i>location</i> specifies contact information such as an
+ email address, or perhaps a street address or telephone number.
- <b>o</b> Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ <b>o</b> Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
- <b>o</b> A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ <b>o</b> A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user</i>@<i>domain</i>
- Matches <i>user</i>@<i>domain</i>. This form has precedence over
- all other forms.
+ Matches <i>user</i>@<i>domain</i>. This form has precedence over all other
+ forms.
- <i>user</i> Matches <i>user</i>@<i>site</i> when <i>site</i> is $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i>
- is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when <i>site</i> is listed
-
in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+ <i>user</i> Matches <i>user</i>@<i>site</i> when <i>site</i> is $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in
+ $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when <i>site</i> is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
+ $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
@<i>domain</i>
- Matches other addresses in <i>domain</i>. This form has
- the lowest precedence.
+ Matches other addresses in <i>domain</i>. This form has the lowest
+ precedence.
<b>ADDRESS EXTENSION</b>
- When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
- @<i>domain</i>.
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions or
- when lookups are directed to a TCP-based server. For a
- description of regular expression lookup table syntax, see
- <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description of the
- TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
- This feature is not available up to and including Postfix
- version 2.4.
-
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
- constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
- <i>foo</i>.
-
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
-
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
- the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions or when lookups are directed
+ to a TCP-based server. For a description of regular expression lookup
+ table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description
+ of the TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This
+ feature is not available up to and including Postfix version 2.4.
+
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
+
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
+
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
- <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
- up into <i>user</i> and <i>foo</i>.
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a></b>
List of lookup tables for relocated users or sites.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
- receives mail on. You need to stop and start Post-
- fix when this parameter changes.
+ The network interface addresses that this system receives mail
+ on. You need to stop and start Postfix when this parameter
+ changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
- local.
+ List of domains that this mail system considers local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
The domain that is appended to locally-posted mail.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on
- by way of a proxy agent or network address transla-
- tor.
+ Other interfaces that this machine receives mail on by way of a
+ proxy agent or network address translator.
<b>SEE ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>scache</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="scache.8.html"><b>scache</b>(8)</a> server maintains a shared multi-connection
- cache. This information can be used by, for example, Post-
- fix SMTP clients or other Postfix delivery agents.
-
- The connection cache is organized into logical destination
- names, physical endpoint names, and connections.
-
- As a specific example, logical SMTP destinations specify
- (transport, domain, port), and physical SMTP endpoints
- specify (transport, IP address, port). An SMTP connection
- may be saved after a successful mail transaction.
-
- In the general case, one logical destination may refer to
- zero or more physical endpoints, one physical endpoint may
- be referenced by zero or more logical destinations, and
- one endpoint may refer to zero or more connections.
-
- The exact syntax of a logical destination or endpoint name
- is application dependent; the <a href="scache.8.html"><b>scache</b>(8)</a> server does not
- care. A connection is stored as a file descriptor
- together with application-dependent information that is
- needed to re-activate a connection object. Again, the
- <a href="scache.8.html"><b>scache</b>(8)</a> server is completely unaware of the details of
- that information.
-
- All information is stored with a finite time to live
- (ttl). The connection cache daemon terminates when no
- client is connected for <b><a href="postconf.5.html#max_idle">max_idle</a></b> time units.
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server maintains a shared multi-connection cache. This
+ information can be used by, for example, Postfix SMTP clients or other
+ Postfix delivery agents.
+
+ The connection cache is organized into logical destination names, phys-
+ ical endpoint names, and connections.
+
+ As a specific example, logical SMTP destinations specify (transport,
+ domain, port), and physical SMTP endpoints specify (transport, IP
+ address, port). An SMTP connection may be saved after a successful
+ mail transaction.
+
+ In the general case, one logical destination may refer to zero or more
+ physical endpoints, one physical endpoint may be referenced by zero or
+ more logical destinations, and one endpoint may refer to zero or more
+ connections.
+
+ The exact syntax of a logical destination or endpoint name is applica-
+ tion dependent; the <a href="scache.8.html"><b>scache</b>(8)</a> server does not care. A connection is
+ stored as a file descriptor together with application-dependent infor-
+ mation that is needed to re-activate a connection object. Again, the
+ <a href="scache.8.html"><b>scache</b>(8)</a> server is completely unaware of the details of that informa-
+ tion.
+
+ All information is stored with a finite time to live (ttl). The con-
+ nection cache daemon terminates when no client is connected for
+ <b><a href="postconf.5.html#max_idle">max_idle</a></b> time units.
This server implements the following requests:
<b>save_endp</b> <i>ttl endpoint endpoint</i><b>_</b><i>properties file</i><b>_</b><i>descriptor</i>
- Save the specified file descriptor and connection
- property data under the specified endpoint name.
- The endpoint properties are used by the client to
- re-activate a passivated connection object.
+ Save the specified file descriptor and connection property data
+ under the specified endpoint name. The endpoint properties are
+ used by the client to re-activate a passivated connection
+ object.
<b>find_endp</b> <i>endpoint</i>
- Look up cached properties and a cached file
- descriptor for the specified endpoint.
+ Look up cached properties and a cached file descriptor for the
+ specified endpoint.
<b>save_dest</b> <i>ttl destination destination</i><b>_</b><i>properties endpoint</i>
- Save the binding between a logical destination and
- an endpoint under the destination name, together
- with destination specific connection properties.
- The destination properties are used by the client
- to re-activate a passivated connection object.
+ Save the binding between a logical destination and an endpoint
+ under the destination name, together with destination specific
+ connection properties. The destination properties are used by
+ the client to re-activate a passivated connection object.
<b>find_dest</b> <i>destination</i>
- Look up cached destination properties, cached end-
- point properties, and a cached file descriptor for
- the specified logical destination.
+ Look up cached destination properties, cached endpoint proper-
+ ties, and a cached file descriptor for the specified logical
+ destination.
<b>SECURITY</b>
- The <a href="scache.8.html"><b>scache</b>(8)</a> server is not security-sensitive. It does
- not talk to the network, and it does not talk to local
- users. The <a href="scache.8.html"><b>scache</b>(8)</a> server can run chrooted at fixed low
- privilege.
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server is not security-sensitive. It does not talk to the
+ network, and it does not talk to local users. The <a href="scache.8.html"><b>scache</b>(8)</a> server can
+ run chrooted at fixed low privilege.
- The <a href="scache.8.html"><b>scache</b>(8)</a> server is not a trusted process. It must not
- be used to store information that is security sensitive.
+ The <a href="scache.8.html"><b>scache</b>(8)</a> server is not a trusted process. It must not be used to
+ store information that is security sensitive.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- The session cache cannot be shared among multiple
- machines.
+ The session cache cannot be shared among multiple machines.
- When a connection expires from the cache, it is closed
- without the appropriate protocol specific handshake.
+ When a connection expires from the cache, it is closed without the
+ appropriate protocol specific handshake.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as
- <a href="scache.8.html"><b>scache</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="scache.8.html"><b>scache</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>RESOURCE CONTROLS</b>
<b><a href="postconf.5.html#connection_cache_ttl_limit">connection_cache_ttl_limit</a> (2s)</b>
- The maximal time-to-live value that the <a href="scache.8.html"><b>scache</b>(8)</a>
- connection cache server allows.
+ The maximal time-to-live value that the <a href="scache.8.html"><b>scache</b>(8)</a> connection
+ cache server allows.
<b><a href="postconf.5.html#connection_cache_status_update_time">connection_cache_status_update_time</a> (600s)</b>
- How frequently the <a href="scache.8.html"><b>scache</b>(8)</a> server logs usage sta-
- tistics with connection cache hit and miss rates
- for logical destinations and for physical end-
- points.
+ How frequently the <a href="scache.8.html"><b>scache</b>(8)</a> server logs usage statistics with
+ connection cache hit and miss rates for logical destinations and
+ for physical endpoints.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtp.8.html">smtp(8)</a>, SMTP client
<a href="CONNECTION_CACHE_README.html">CONNECTION_CACHE_README</a>, Postfix connection cache
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.2.
<b>sendmail -I</b>
<b>DESCRIPTION</b>
- The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to
- Sendmail compatibility interface. For the sake of compat-
- ibility with existing applications, some Sendmail command-
- line options are recognized but silently ignored.
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to Sendmail com-
+ patibility interface. For the sake of compatibility with existing
+ applications, some Sendmail command-line options are recognized but
+ silently ignored.
- By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from stan-
- dard input until EOF or until it reads a line with only a
- <b>.</b> character, and arranges for delivery. Postfix <a href="sendmail.1.html"><b>send-</b></a>
- <a href="sendmail.1.html"><b>mail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command to create a
- queue file in the <b>maildrop</b> directory.
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from standard input
+ until EOF or until it reads a line with only a <b>.</b> character, and
+ arranges for delivery. Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ command to create a queue file in the <b>maildrop</b> directory.
- Specific command aliases are provided for other common
- modes of operation:
+ Specific command aliases are provided for other common modes of opera-
+ tion:
- <b>mailq</b> List the mail queue. Each entry shows the queue
- file ID, message size, arrival time, sender, and
- the recipients that still need to be delivered. If
- mail could not be delivered upon the last attempt,
- the reason for failure is shown. The queue ID
- string is followed by an optional status character:
+ <b>mailq</b> List the mail queue. Each entry shows the queue file ID, message
+ size, arrival time, sender, and the recipients that still need
+ to be delivered. If mail could not be delivered upon the last
+ attempt, the reason for failure is shown. The queue ID string is
+ followed by an optional status character:
- <b>*</b> The message is in the <b>active</b> queue, i.e. the
- message is selected for delivery.
+ <b>*</b> The message is in the <b>active</b> queue, i.e. the message is
+ selected for delivery.
- <b>!</b> The message is in the <b>hold</b> queue, i.e. no
- further delivery attempt will be made until
- the mail is taken off hold.
+ <b>!</b> The message is in the <b>hold</b> queue, i.e. no further deliv-
+ ery attempt will be made until the mail is taken off
+ hold.
- This mode of operation is implemented by executing
-
the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ This mode of operation is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
<b>newaliases</b>
- Initialize the alias database. If no input file is
- specified (with the <b>-oA</b> option, see below), the
- program processes the file(s) specified with the
- <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parameter. If no
- alias database type is specified, the program uses
- the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b>
- configuration parameter. This mode of operation is
- implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
-
- Note: it may take a minute or so before an alias
- database update becomes visible. Use the "<b>postfix</b>
- <b>reload</b>" command to eliminate this delay.
-
- These and other features can be selected by specifying the
- appropriate combination of command-line options. Some fea-
- tures are controlled by parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
- ration file.
+ Initialize the alias database. If no input file is specified
+ (with the <b>-oA</b> option, see below), the program processes the
+ file(s) specified with the <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parame-
+ ter. If no alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b> configuration
+ parameter. This mode of operation is implemented by running the
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias database update
+ becomes visible. Use the "<b>postfix reload</b>" command to eliminate
+ this delay.
+
+ These and other features can be selected by specifying the appropriate
+ combination of command-line options. Some features are controlled by
+ parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
The following options are recognized:
<b>-Am</b> (ignored)
<b>-Ac</b> (ignored)
- Postfix sendmail uses the same configuration file
- regardless of whether or not a message is an ini-
- tial submission.
+ Postfix sendmail uses the same configuration file regardless of
+ whether or not a message is an initial submission.
<b>-B</b> <i>body</i><b>_</b><i>type</i>
The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
- <b>-bd</b> Go into daemon mode. This mode of operation is
- implemented by executing the "<b>postfix start</b>" com-
- mand.
+ <b>-bd</b> Go into daemon mode. This mode of operation is implemented by
+ executing the "<b>postfix start</b>" command.
<b>-bh</b> (ignored)
<b>-bH</b> (ignored)
Postfix has no persistent host status database.
- <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-bl</b> Go into daemon mode. To accept only local connec-
- tions as with Sendmail's <b>-bl</b> option, specify
- "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in the Postfix <a href="postconf.5.html"><b>main.cf</b></a>
- configuration file.
+ <b>-bl</b> Go into daemon mode. To accept only local connections as with
+ Sendmail's <b>-bl</b> option, specify "<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback</b>" in
+ the Postfix <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
- <b>-bm</b> Read mail from standard input and arrange for
- delivery. This is the default mode of operation.
+ <b>-bm</b> Read mail from standard input and arrange for delivery. This is
+ the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
- <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
- from standard input, and write responses to stan-
- dard output. In stand-alone SMTP server mode, mail
- relaying and other access controls are disabled by
- default. To enable them, run the process as the
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands from standard
+ input, and write responses to standard output. In stand-alone
+ SMTP server mode, mail relaying and other access controls are
+ disabled by default. To enable them, run the process as the
<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
- This mode of operation is implemented by running
- the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+ This mode of operation is implemented by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ daemon.
- <b>-bv</b> Do not collect or deliver a message. Instead, send
- an email report after verifying each recipient
- address. This is useful for testing address
- rewriting and routing configurations.
+ <b>-bv</b> Do not collect or deliver a message. Instead, send an email
+ report after verifying each recipient address. This is useful
+ for testing address rewriting and routing configurations.
- This feature is available in Postfix version 2.1
- and later.
+ This feature is available in Postfix version 2.1 and later.
<b>-C</b> <i>config</i><b>_</b><i>file</i>
<b>-C</b> <i>config</i><b>_</b><i>dir</i>
- The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of
- its parent directory. This information is ignored
- with Postfix versions before 2.3.
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of its parent
+ directory. This information is ignored with Postfix versions
+ before 2.3.
- With all Postfix versions, you can specify a direc-
- tory pathname with the MAIL_CONFIG environment
- variable to override the location of configuration
- files.
+ With all Postfix versions, you can specify a directory pathname
+ with the MAIL_CONFIG environment variable to override the loca-
+ tion of configuration files.
<b>-F</b> <i>full</i><b>_</b><i>name</i>
- Set the sender full name. This overrides the NAME
- environment variable, and is used only with mes-
- sages that have no <b>From:</b> message header.
+ Set the sender full name. This overrides the NAME environment
+ variable, and is used only with messages that have no <b>From:</b> mes-
+ sage header.
<b>-f</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
- <b>-G</b> Gateway (relay) submission, as opposed to initial
- user submission. Either do not rewrite addresses
- at all, or update incomplete addresses with the
- domain information specified with <b>remote_header_re-</b>
- <b>write_domain</b>.
+ <b>-G</b> Gateway (relay) submission, as opposed to initial user submis-
+ sion. Either do not rewrite addresses at all, or update incom-
+ plete addresses with the domain information specified with
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>.
- This option is ignored before Postfix version 2.3.
+ This option is ignored before Postfix version 2.3.
<b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
- Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configura-
- tion parameter instead.
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configuration parameter
+ instead.
- <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
- mand above.
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> command above.
- <b>-i</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-i</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-L</b> <i>label</i> (ignored)
- The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configura-
- tion parameter instead.
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configuration parameter
+ instead.
<b>-m</b> (ignored)
Backwards compatibility.
<b>-N</b> <i>dsn</i> (default: 'delay, failure')
- Delivery status notification control. Specify
- either a comma-separated list with one or more of
- <b>failure</b> (send notification when delivery fails),
- <b>delay</b> (send notification when delivery is delayed),
- or <b>success</b> (send notification when the message is
- delivered); or specify <b>never</b> (don't send any noti-
- fications at all).
+ Delivery status notification control. Specify either a comma-
+ separated list with one or more of <b>failure</b> (send notification
+ when delivery fails), <b>delay</b> (send notification when delivery is
+ delayed), or <b>success</b> (send notification when the message is
+ delivered); or specify <b>never</b> (don't send any notifications at
+ all).
This feature is available in Postfix 2.3 and later.
Backwards compatibility.
<b>-oA</b><i>alias</i><b>_</b><i>database</i>
- Non-default alias database. Specify <i>pathname</i> or
-
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+ Non-default alias database. Specify <i>pathname</i> or <i>type</i>:<i>pathname</i>.
+ See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-O</b> <i>option=value</i> (ignored)
- Set the named <i>option</i> to <i>value</i>. Use the equivalent
-
configuration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set the named <i>option</i> to <i>value</i>. Use the equivalent configuration
+ parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
- To send 8-bit or binary content, use an appropriate
- MIME encapsulation and specify the appropriate <b>-B</b>
- command-line option.
+ To send 8-bit or binary content, use an appropriate MIME encap-
+ sulation and specify the appropriate <b>-B</b> command-line option.
- <b>-oi</b> When reading a message from standard input, don't
- treat a line with only a <b>.</b> character as the end of
- input.
+ <b>-oi</b> When reading a message from standard input, don't treat a line
+ with only a <b>.</b> character as the end of input.
<b>-om</b> (ignored)
- The sender is never eliminated from alias etc.
- expansions.
+ The sender is never eliminated from alias etc. expansions.
<b>-o</b> <i>x value</i> (ignored)
- Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
-
ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configuration parame-
+ ter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
<b>-r</b> <i>sender</i>
- Set the envelope sender address. This is the
- address where delivery problems are sent to. With
- Postfix versions before 2.1, the <b>Errors-To:</b> message
- header overrides the error return address.
+ Set the envelope sender address. This is the address where
+ delivery problems are sent to. With Postfix versions before 2.1,
+ the <b>Errors-To:</b> message header overrides the error return
+ address.
<b>-R</b> <i>return</i>
- Delivery status notification control. Specify
- "hdrs" to return only the header when a message
- bounces, "full" to return a full copy (the default
- behavior).
+ Delivery status notification control. Specify "hdrs" to return
+ only the header when a message bounces, "full" to return a full
+ copy (the default behavior).
- The <b>-R</b> option specifies an upper bound; Postfix
- will return only the header, when a full copy would
- exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> setting.
+ The <b>-R</b> option specifies an upper bound; Postfix will return only
+ the header, when a full copy would exceed the <a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a>
+ setting.
This option is ignored before Postfix version 2.10.
- <b>-q</b> Attempt to deliver all queued mail. This is imple-
-
mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+ <b>-q</b> Attempt to deliver all queued mail. This is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
- Warning: flushing undeliverable mail frequently
- will result in poor delivery performance of all
- other mail.
+ Warning: flushing undeliverable mail frequently will result in
+ poor delivery performance of all other mail.
<b>-q</b><i>interval</i> (ignored)
- The interval between queue runs. Use the
- <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
+ The interval between queue runs. Use the <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> config-
+ uration parameter instead.
<b>-qI</b><i>queueid</i>
- Schedule immediate delivery of mail with the speci-
- fied queue ID. This option is implemented by exe-
- cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
- with Postfix version 2.4 and later.
+ Schedule immediate delivery of mail with the specified queue ID.
+ This option is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> com-
+ mand, and is available with Postfix version 2.4 and later.
<b>-qR</b><i>site</i>
- Schedule immediate delivery of all mail that is
- queued for the named <i>site</i>. This option accepts only
- <i>site</i> names that are eligible for the "fast flush"
- service, and is implemented by executing the
- <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
- mation about the "fast flush" service.
+ Schedule immediate delivery of all mail that is queued for the
+ named <i>site</i>. This option accepts only <i>site</i> names that are eligi-
+ ble for the "fast flush" service, and is implemented by execut-
+ ing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information
+ about the "fast flush" service.
<b>-qS</b><i>site</i>
- This command is not implemented. Use the slower
- "<b>sendmail -q</b>" command instead.
+ This command is not implemented. Use the slower "<b>sendmail -q</b>"
+ command instead.
- <b>-t</b> Extract recipients from message headers. These are
- added to any recipients specified on the command
- line.
+ <b>-t</b> Extract recipients from message headers. These are added to any
+ recipients specified on the command line.
- With Postfix versions prior to 2.1, this option
- requires that no recipient addresses are specified
- on the command line.
+ With Postfix versions prior to 2.1, this option requires that no
+ recipient addresses are specified on the command line.
<b>-U</b> (ignored)
Initial user submission.
<b>-V</b> <i>envid</i>
- Specify the envelope ID for notification by servers
- that support DSN.
+ Specify the envelope ID for notification by servers that support
+ DSN.
This feature is available in Postfix 2.3 and later.
<b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
- Variable Envelope Return Path. Given an envelope
- sender address of the form <i>owner-listname</i>@<i>origin</i>,
- each recipient <i>user</i>@<i>domain</i> receives mail with a
- personalized envelope sender address.
+ Variable Envelope Return Path. Given an envelope sender address
+ of the form <i>owner-listname</i>@<i>origin</i>, each recipient <i>user</i>@<i>domain</i>
+ receives mail with a personalized envelope sender address.
- By default, the personalized envelope sender
- address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
- default <b>+</b> and <b>=</b> characters are configurable with
- the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration parame-
- ter.
+ By default, the personalized envelope sender address is <i>owner-</i>
+ <i>listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The default <b>+</b> and <b>=</b> characters are
+ configurable with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
+ parameter.
<b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
- As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter
- characters, instead of the characters specified
- with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
- parameter.
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter characters,
+ instead of the characters specified with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delim</a>-</b>
+ <b><a href="postconf.5.html#default_verp_delimiters">iters</a></b> configuration parameter.
- <b>-v</b> Send an email report of the first delivery attempt
- (Postfix versions 2.1 and later). Mail delivery
- always happens in the background. When multiple <b>-v</b>
- options are given, enable verbose logging for
- debugging purposes.
+ <b>-v</b> Send an email report of the first delivery attempt (Postfix ver-
+ sions 2.1 and later). Mail delivery always happens in the back-
+ ground. When multiple <b>-v</b> options are given, enable verbose log-
+ ging for debugging purposes.
<b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
- Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
- <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters instead.
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b>
+ configuration parameters instead.
<b>SECURITY</b>
- By design, this program is not set-user (or group) id.
- However, it must handle data from untrusted, possibly
- remote, users. Thus, the usual precautions need to be
- taken against malicious inputs.
+ By design, this program is not set-user (or group) id. However, it must
+ handle data from untrusted, possibly remote, users. Thus, the usual
+ precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard
- error stream.
+ Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable verbose logging for debugging purposes.
<b>MAIL_DEBUG</b> (value does not matter)
- Enable debugging with an external command, as spec-
- ified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
- parameter.
+ Enable debugging with an external command, as specified with the
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with mes-
- sages that have no <b>From:</b> message header. See also
- the <b>-F</b> option above.
+ <b>NAME</b> The sender full name. This is used only with messages that have
+ no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this program. The text below provides only a parameter
- summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
- ples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram. The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ <a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#sendmail_fix_line_endings">sendmail_fix_line_endings</a> (always)</b>
- Controls how the Postfix sendmail command converts
- email message line endings from <CR><LF> into UNIX
- format (<LF>).
+ Controls how the Postfix sendmail command converts email message
+ line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble
- shoot a Postfix system.
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
- The external command to execute when a Postfix dae-
- mon program is invoked with the -D option.
+ The external command to execute when a Postfix daemon program is
+ invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b>ACCESS CONTROLS</b>
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to flush the
- queue.
+ List of users who are authorized to flush the queue.
<b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List of users who are authorized to submit mail
- with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
- leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+ List of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
+ mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
- The maximal number of attempts to fork() a child
- process.
+ The maximal number of attempts to fork() a child process.
<b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
- The delay between attempts to fork() a child
- process.
+ The delay between attempts to fork() a child process.
<b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
- The maximal number of Received: message headers
- that is allowed in the primary message headers.
+ The maximal number of Received: message headers that is allowed
+ in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
- manager; prior to Postfix 2.4 the default value was
- 1000s.
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
- details for the Postfix "fast flush" service.
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
- Optional list of destinations that are eligible for
- per-destination logfiles with mail that is queued
- to those destinations.
+ Optional list of destinations that are eligible for per-destina-
+ tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
- path addresses.
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
- and in SMTP commands.
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
- updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix support programs and
- daemon programs.
+ The directory with Postfix support programs and daemon programs.
<b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
- The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
-
<a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>, <a href="postalias.1.html"><b>postalias</b>(1)</a>
+ and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of
- the message headers of mail that is still queued.
+ The time after which the sender receives a copy of the message
+ headers of mail that is still queued.
<b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
- Report mail delivery errors to the address speci-
- fied with the non-standard Errors-To: message
- header, instead of the envelope sender address
- (this feature is removed with Postfix version 2.2,
- is turned off by default with Postfix version 2.1,
- and is always turned on with older Postfix ver-
- sions).
+ Report mail delivery errors to the address specified with the
+ non-standard Errors-To: message header, instead of the envelope
+ sender address (this feature is removed with Postfix version
+ 2.2, is turned off by default with Postfix version 2.1, and is
+ always turned on with older Postfix versions).
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix, mail queue
syslogd(8), system logging
<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>showq</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="showq.8.html"><b>showq</b>(8)</a> daemon reports the Postfix mail queue status.
- It is the program that emulates the sendmail `mailq' com-
- mand.
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon reports the Postfix mail queue status. It is the
+ program that emulates the sendmail `mailq' command.
- The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can also be run in stand-alone mode by
- the superuser. This mode of operation is used to emulate
- the `mailq' command while the Postfix mail system is down.
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can also be run in stand-alone mode by the supe-
+ ruser. This mode of operation is used to emulate the `mailq' command
+ while the Postfix mail system is down.
<b>SECURITY</b>
- The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can run in a chroot jail at fixed low
- privilege, and takes no input from the client. Its service
- port is accessible to local untrusted users, so the ser-
- vice can be susceptible to denial of service attacks.
+ The <a href="showq.8.html"><b>showq</b>(8)</a> daemon can run in a chroot jail at fixed low privilege,
+ and takes no input from the client. Its service port is accessible to
+ local untrusted users, so the service can be susceptible to denial of
+ service attacks.
<b>STANDARDS</b>
- None. The <a href="showq.8.html"><b>showq</b>(8)</a> daemon does not interact with the out-
- side world.
+ None. The <a href="showq.8.html"><b>showq</b>(8)</a> daemon does not interact with the outside world.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="showq.8.html"><b>showq</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="showq.8.html"><b>showq</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#duplicate_filter_limit">duplicate_filter_limit</a> (1000)</b>
- The maximal number of addresses remembered by the
- address duplicate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>vir-</b></a>
- <a href="virtual.5.html"><b>tual</b>(5)</a> alias expansion, or for <a href="showq.8.html"><b>showq</b>(8)</a> queue dis-
- plays.
+ The maximal number of addresses remembered by the address dupli-
+ cate filter for <a href="aliases.5.html"><b>aliases</b>(5)</a> or <a href="virtual.5.html"><b>virtual</b>(5)</a> alias expansion, or for
+ <a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
- address.
+ The recipient of mail addressed to the null address.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#enable_long_queue_ids">enable_long_queue_ids</a> (no)</b>
- Enable long, non-repeating, queue IDs (queue file
- names).
+ Enable long, non-repeating, queue IDs (queue file names).
<b>FILES</b>
/var/spool/postfix, queue directories
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>smtp-sink</b> [<i>options</i>] <b>unix:</b><i>pathname backlog</i>
<b>DESCRIPTION</b>
- <b>smtp-sink</b> listens on the named host (or address) and port.
- It takes SMTP messages from the network and throws them
- away. The purpose is to measure client performance, not
- protocol compliance.
-
- <b>smtp-sink</b> may also be configured to capture each mail
- delivery transaction to file. Since disk latencies are
- large compared to network delays, this mode of operation
- can reduce the maximal performance by several orders of
- magnitude.
-
- Connections can be accepted on IPv4 or IPv6 endpoints, or
- on UNIX-domain sockets. IPv4 and IPv6 are the default.
- This program is the complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> pro-
- gram.
-
- Note: this is an unsupported test program. No attempt is
- made to maintain compatibility between successive ver-
- sions.
+ <b>smtp-sink</b> listens on the named host (or address) and port. It takes
+ SMTP messages from the network and throws them away. The purpose is to
+ measure client performance, not protocol compliance.
+
+ <b>smtp-sink</b> may also be configured to capture each mail delivery transac-
+ tion to file. Since disk latencies are large compared to network
+ delays, this mode of operation can reduce the maximal performance by
+ several orders of magnitude.
+
+ Connections can be accepted on IPv4 or IPv6 endpoints, or on UNIX-
+ domain sockets. IPv4 and IPv6 are the default. This program is the
+ complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> program.
+
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
Arguments:
- <b>-4</b> Support IPv4 only. This option has no effect when
- Postfix is built without IPv6 support.
+ <b>-4</b> Support IPv4 only. This option has no effect when Postfix is
+ built without IPv6 support.
- <b>-6</b> Support IPv6 only. This option is not available
- when Postfix is built without IPv6 support.
+ <b>-6</b> Support IPv6 only. This option is not available when Postfix is
+ built without IPv6 support.
<b>-8</b> Do not announce 8BITMIME support.
<b>-a</b> Do not announce SASL authentication support.
<b>-A</b> <i>delay</i>
- Wait <i>delay</i> seconds after responding to DATA, then
- abort prematurely with a 550 reply status. Do not
- read further input from the client; this is an
- attempt to block the client before it sends ".".
- Specify a zero delay value to abort immediately.
+ Wait <i>delay</i> seconds after responding to DATA, then abort prema-
+ turely with a 550 reply status. Do not read further input from
+ the client; this is an attempt to block the client before it
+ sends ".". Specify a zero delay value to abort immediately.
<b>-b</b> <i>soft-bounce-reply</i>
- Use <i>soft-bounce-reply</i> for soft reject responses.
- The default reply is "450 4.3.0 Error: command
- failed".
+ Use <i>soft-bounce-reply</i> for soft reject responses. The default
+ reply is "450 4.3.0 Error: command failed".
<b>-B</b> <i>hard-bounce-reply</i>
- Use <i>hard-bounce-reply</i> for hard reject responses.
- The default reply is "500 5.3.0 Error: command
- failed".
+ Use <i>hard-bounce-reply</i> for hard reject responses. The default
+ reply is "500 5.3.0 Error: command failed".
- <b>-c</b> Display running counters that are updated whenever
- an SMTP session ends, a QUIT command is executed,
- or when "." is received.
+ <b>-c</b> Display running counters that are updated whenever an SMTP ses-
+ sion ends, a QUIT command is executed, or when "." is received.
<b>-C</b> Disable XCLIENT support.
<b>-d</b> <i>dump-template</i>
- Dump each mail transaction to a single-message file
- whose name is created by expanding the <i>dump-tem-</i>
- <i>plate</i> via strftime(3) and appending a pseudo-random
- hexadecimal number (example: "%Y%m%d%H/%M." expands
- into "2006081203/05.809a62e3"). If the template
- contains "/" characters, missing directories are
- created automatically. The message dump format is
- described below.
-
- Note: this option keeps one capture file open for
- every mail transaction in progress.
+ Dump each mail transaction to a single-message file whose name
+ is created by expanding the <i>dump-template</i> via strftime(3) and
+ appending a pseudo-random hexadecimal number (example:
+ "%Y%m%d%H/%M." expands into "2006081203/05.809a62e3"). If the
+ template contains "/" characters, missing directories are cre-
+ ated automatically. The message dump format is described below.
+
+ Note: this option keeps one capture file open for every mail
+ transaction in progress.
<b>-D</b> <i>dump-template</i>
- Append mail transactions to a multi-message dump
- file whose name is created by expanding the <i>dump-</i>
- <i>template</i> via strftime(3). If the template contains
- "/" characters, missing directories are created
- automatically. The message dump format is
- described below.
+ Append mail transactions to a multi-message dump file whose name
+ is created by expanding the <i>dump-template</i> via strftime(3). If
+ the template contains "/" characters, missing directories are
+ created automatically. The message dump format is described
+ below.
- Note: this option keeps one capture file open for
- every mail transaction in progress.
+ Note: this option keeps one capture file open for every mail
+ transaction in progress.
<b>-e</b> Do not announce ESMTP support.
<b>-E</b> Do not announce ENHANCEDSTATUSCODES support.
<b>-f</b> <i>command,command,...</i>
- Reject the specified commands with a hard (5xx)
- error code. This option implies <b>-p</b>.
+ Reject the specified commands with a hard (5xx) error code.
+ This option implies <b>-p</b>.
- Examples of commands are CONNECT, HELO, EHLO, LHLO,
- MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
- Separate command names by white space or commas,
- and use quotes to protect white space from the
- shell. Command names are case-insensitive.
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
<b>-F</b> Disable XFORWARD support.
<b>-h</b> <i>hostname</i>
- Use <i>hostname</i> in the SMTP greeting, in the HELO
- response, and in the EHLO response. The default
- hostname is "smtp-sink".
+ Use <i>hostname</i> in the SMTP greeting, in the HELO response, and in
+ the EHLO response. The default hostname is "smtp-sink".
<b>-L</b> Enable LMTP instead of SMTP.
<b>-m</b> <i>count</i> (default: 256)
- An upper bound on the maximal number of simultane-
- ous connections that <b>smtp-sink</b> will handle. This
- prevents the process from running out of file
- descriptors. Excess connections will stay queued in
- the TCP/IP stack.
+ An upper bound on the maximal number of simultaneous connections
+ that <b>smtp-sink</b> will handle. This prevents the process from run-
+ ning out of file descriptors. Excess connections will stay
+ queued in the TCP/IP stack.
<b>-M</b> <i>count</i>
Terminate after receiving <i>count</i> messages.
<b>-n</b> <i>count</i>
Terminate after <i>count</i> sessions.
- <b>-p</b> Do not announce support for ESMTP command pipelin-
- ing.
+ <b>-p</b> Do not announce support for ESMTP command pipelining.
- <b>-P</b> Change the server greeting so that it appears to
- come through a CISCO PIX system. Implies <b>-e</b>.
+ <b>-P</b> Change the server greeting so that it appears to come through a
+ CISCO PIX system. Implies <b>-e</b>.
<b>-q</b> <i>command,command,...</i>
- Disconnect (without replying) after receiving one
- of the specified commands.
+ Disconnect (without replying) after receiving one of the speci-
+ fied commands.
- Examples of commands are CONNECT, HELO, EHLO, LHLO,
- MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
- Separate command names by white space or commas,
- and use quotes to protect white space from the
- shell. Command names are case-insensitive.
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
<b>-Q</b> <i>command,command,...</i>
- Send a 421 reply and disconnect after receiving one
- of the specified commands.
+ Send a 421 reply and disconnect after receiving one of the spec-
+ ified commands.
- Examples of commands are CONNECT, HELO, EHLO, LHLO,
- MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
- Separate command names by white space or commas,
- and use quotes to protect white space from the
- shell. Command names are case-insensitive.
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
<b>-r</b> <i>command,command,...</i>
- Reject the specified commands with a soft (4xx)
- error code. This option implies <b>-p</b>.
+ Reject the specified commands with a soft (4xx) error code.
+ This option implies <b>-p</b>.
- Examples of commands are CONNECT, HELO, EHLO, LHLO,
- MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
- Separate command names by white space or commas,
- and use quotes to protect white space from the
- shell. Command names are case-insensitive.
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
<b>-R</b> <i>root-directory</i>
- Change the process root directory to the specified
- location. This option requires super-user privi-
- leges. See also the <b>-u</b> option.
+ Change the process root directory to the specified location.
+ This option requires super-user privileges. See also the <b>-u</b>
+ option.
<b>-s</b> <i>command,command,...</i>
Log the named commands to syslogd.
- Examples of commands are CONNECT, HELO, EHLO, LHLO,
- MAIL, RCPT, VRFY, DATA, ., RSET, NOOP, and QUIT.
- Separate command names by white space or commas,
- and use quotes to protect white space from the
- shell. Command names are case-insensitive.
+ Examples of commands are CONNECT, HELO, EHLO, LHLO, MAIL, RCPT,
+ VRFY, DATA, ., RSET, NOOP, and QUIT. Separate command names by
+ white space or commas, and use quotes to protect white space
+ from the shell. Command names are case-insensitive.
<b>-S start-string</b>
- An optional string that is prepended to each mes-
- sage that is written to a dump file (see the dump
- file format description below). The following C
- escape sequences are supported: \a (bell), \b
- (backslace), \f (formfeed), \n (newline), \r (car-
- riage return), \t (horizontal tab), \v (vertical
- tab), \<i>ddd</i> (up to three octal digits) and \\ (the
- backslash character).
+ An optional string that is prepended to each message that is
+ written to a dump file (see the dump file format description
+ below). The following C escape sequences are supported: \a
+ (bell), \b (backslace), \f (formfeed), \n (newline), \r (car-
+ riage return), \t (horizontal tab), \v (vertical tab), \<i>ddd</i> (up
+ to three octal digits) and \\ (the backslash character).
<b>-t</b> <i>timeout</i> (default: 100)
- Limit the time for receiving a command or sending a
- response. The time limit is specified in seconds.
+ Limit the time for receiving a command or sending a response.
+ The time limit is specified in seconds.
<b>-T</b> <i>windowsize</i>
- Override the default TCP window size. To work
- around broken TCP window scaling implementations,
- specify a value > 0 and < 65536.
+ Override the default TCP window size. To work around broken TCP
+ window scaling implementations, specify a value > 0 and < 65536.
<b>-u</b> <i>username</i>
- Switch to the specified user privileges after open-
- ing the network socket and optionally changing the
- process root directory. This option is required
- when the process runs with super-user privileges.
- See also the <b>-R</b> option.
+ Switch to the specified user privileges after opening the net-
+ work socket and optionally changing the process root directory.
+ This option is required when the process runs with super-user
+ privileges. See also the <b>-R</b> option.
<b>-v</b> Show the SMTP conversations.
<b>-w</b> <i>delay</i>
- Wait <i>delay</i> seconds before responding to a DATA com-
- mand.
+ Wait <i>delay</i> seconds before responding to a DATA command.
<b>-W</b> <i>command:delay[:odds]</i>
- Wait <i>delay</i> seconds before responding to <i>command</i>.
- If <i>odds</i> is also specified (a number between 1-99
- inclusive), wait for a random multiple of <i>delay</i>.
- The random multiplier is equal to the number of
- times the program needs to roll a dice with a range
- of 0..99 inclusive, before the dice produces a
- result greater than or equal to <i>odds</i>.
+ Wait <i>delay</i> seconds before responding to <i>command</i>. If <i>odds</i> is
+ also specified (a number between 1-99 inclusive), wait for a
+ random multiple of <i>delay</i>. The random multiplier is equal to the
+ number of times the program needs to roll a dice with a range of
+ 0..99 inclusive, before the dice produces a result greater than
+ or equal to <i>odds</i>.
[<b>inet:</b>][<i>host</i>]:<i>port</i>
- Listen on network interface <i>host</i> (default: any
- interface) TCP port <i>port</i>. Both <i>host</i> and <i>port</i> may be
- specified in numeric or symbolic form.
+ Listen on network interface <i>host</i> (default: any interface) TCP
+ port <i>port</i>. Both <i>host</i> and <i>port</i> may be specified in numeric or
+ symbolic form.
<b>unix:</b><i>pathname</i>
Listen on the UNIX-domain socket at <i>pathname</i>.
<i>backlog</i>
- The maximum length the queue of pending connec-
- tions, as defined by the <b>listen</b>(2) system call.
+ The maximum length the queue of pending connections, as defined
+ by the <b>listen</b>(2) system call.
<b>DUMP FILE FORMAT</b>
- Each dumped message contains a sequence of text lines,
- terminated with the newline character. The sequence of
- information is as follows:
+ Each dumped message contains a sequence of text lines, terminated with
+ the newline character. The sequence of information is as follows:
<b>o</b> The optional string specified with the <b>-S</b> option.
- <b>o</b> The <b>smtp-sink</b> generated headers as documented
- below.
+ <b>o</b> The <b>smtp-sink</b> generated headers as documented below.
- <b>o</b> The message header and body as received from the
- SMTP client.
+ <b>o</b> The message header and body as received from the SMTP client.
<b>o</b> An empty line.
- The format of the <b>smtp-sink</b> generated headers is as fol-
- lows:
+ The format of the <b>smtp-sink</b> generated headers is as follows:
<b>X-Client-Addr:</b> <i>text</i>
- The client IP address without enclosing []. An IPv6
- address is prefixed with "ipv6:". This record is
- always present.
+ The client IP address without enclosing []. An IPv6 address is
+ prefixed with "ipv6:". This record is always present.
<b>X-Client-Proto:</b> <i>text</i>
- The client protocol: SMTP, ESMTP or LMTP. This
- record is always present.
+ The client protocol: SMTP, ESMTP or LMTP. This record is always
+ present.
<b>X-Helo-Args:</b> <i>text</i>
- The arguments of the last HELO or EHLO command
- before this mail delivery transaction. This record
- is present only if the client sent a recognizable
- HELO or EHLO command before the DATA command.
+ The arguments of the last HELO or EHLO command before this mail
+ delivery transaction. This record is present only if the client
+ sent a recognizable HELO or EHLO command before the DATA com-
+ mand.
<b>X-Mail-Args:</b> <i>text</i>
- The arguments of the MAIL command that started this
- mail delivery transaction. This record is present
- exactly once.
+ The arguments of the MAIL command that started this mail deliv-
+ ery transaction. This record is present exactly once.
<b>X-Rcpt-Args:</b> <i>text</i>
- The arguments of an RCPT command within this mail
- delivery transaction. There is one record for each
- RCPT command, and they are in the order as sent by
- the client.
+ The arguments of an RCPT command within this mail delivery
+ transaction. There is one record for each RCPT command, and they
+ are in the order as sent by the client.
<b>Received:</b> <i>text</i>
- A message header for compatibility with mail pro-
- cessing software. This three-line header marks the
- end of the headers provided by <b>smtp-sink</b>, and is
- formatted as follows:
+ A message header for compatibility with mail processing soft-
+ ware. This three-line header marks the end of the headers pro-
+ vided by <b>smtp-sink</b>, and is formatted as follows:
<b>from</b> <i>helo</i> <b>([</b><i>addr</i><b>])</b>
- The HELO or EHLO command argument and client
- IP address. If the client did not send HELO
- or EHLO, the client IP address is used
- instead.
+ The HELO or EHLO command argument and client IP address.
+ If the client did not send HELO or EHLO, the client IP
+ address is used instead.
<b>by</b> <i>host</i> <b>(smtp-sink) with</b> <i>proto</i> <b>id</b> <i>random</i><b>;</b>
- The hostname specified with the <b>-h</b> option,
- the client protocol (see <b>X-Client-Proto</b>
- above), and the pseudo-random portion of the
- per-message capture file name.
+ The hostname specified with the <b>-h</b> option, the client
+ protocol (see <b>X-Client-Proto</b> above), and the pseudo-ran-
+ dom portion of the per-message capture file name.
<i>time-stamp</i>
A time stamp as defined in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a>.
<a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>smtp-source</b> [<i>options</i>] <b>unix:</b><i>pathname</i>
<b>DESCRIPTION</b>
- <b>smtp-source</b> connects to the named <i>host</i> and TCP <i>port</i>
- (default: port 25) and sends one or more messages to it,
- either sequentially or in parallel. The program speaks
- either SMTP (default) or LMTP. Connections can be made to
- UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are
- the default.
+ <b>smtp-source</b> connects to the named <i>host</i> and TCP <i>port</i> (default: port 25)
+ and sends one or more messages to it, either sequentially or in paral-
+ lel. The program speaks either SMTP (default) or LMTP. Connections can
+ be made to UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are the
+ default.
- Note: this is an unsupported test program. No attempt is
- made to maintain compatibility between successive ver-
- sions.
+ Note: this is an unsupported test program. No attempt is made to main-
+ tain compatibility between successive versions.
Arguments:
- <b>-4</b> Connect to the server with IPv4. This option has no
- effect when Postfix is built without IPv6 support.
+ <b>-4</b> Connect to the server with IPv4. This option has no effect when
+ Postfix is built without IPv6 support.
- <b>-6</b> Connect to the server with IPv6. This option is not
- available when Postfix is built without IPv6 sup-
- port.
+ <b>-6</b> Connect to the server with IPv6. This option is not available
+ when Postfix is built without IPv6 support.
- <b>-A</b> Don't abort when the server sends something other
- than the expected positive reply code.
+ <b>-A</b> Don't abort when the server sends something other than the
+ expected positive reply code.
- <b>-c</b> Display a running counter that is incremented each
- time an SMTP DATA command completes.
+ <b>-c</b> Display a running counter that is incremented each time an SMTP
+ DATA command completes.
<b>-C</b> <i>count</i>
- When a host sends RESET instead of SYN|ACK, try
- <i>count</i> times before giving up. The default count is
- 1. Specify a larger count in order to work around a
- problem with TCP/IP stacks that send RESET when the
- listen queue is full.
+ When a host sends RESET instead of SYN|ACK, try <i>count</i> times
+ before giving up. The default count is 1. Specify a larger count
+ in order to work around a problem with TCP/IP stacks that send
+ RESET when the listen queue is full.
- <b>-d</b> Don't disconnect after sending a message; send the
- next message over the same connection.
+ <b>-d</b> Don't disconnect after sending a message; send the next message
+ over the same connection.
<b>-f</b> <i>from</i>
- Use the specified sender address (default:
- <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ Use the specified sender address (default: <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
<b>-F</b> <i>file</i>
- Send the pre-formatted message header and body in
- the specified <i>file</i>, while prepending '.' before
- lines that begin with '.', and while appending CRLF
- after each line.
+ Send the pre-formatted message header and body in the specified
+ <i>file</i>, while prepending '.' before lines that begin with '.', and
+ while appending CRLF after each line.
<b>-l</b> <i>length</i>
- Send <i>length</i> bytes as message payload. The length
- does not include message headers.
+ Send <i>length</i> bytes as message payload. The length does not
+ include message headers.
<b>-L</b> Speak LMTP rather than SMTP.
Send the specified number of messages (default: 1).
<b>-M</b> <i><a href="postconf.5.html#myhostname">myhostname</a></i>
- Use the specified hostname or [address] in the HELO
- command and in the default sender and recipient
- addresses, instead of the machine hostname.
-
- <b>-N</b> Prepend a non-repeating sequence number to each
- recipient address. This avoids the artificial 100%
- hit rate in the resolve and rewrite client caches
- and exercises the trivial-rewrite daemon, better
- approximating Postfix performance under real-life
+ Use the specified hostname or [address] in the HELO command and
+ in the default sender and recipient addresses, instead of the
+ machine hostname.
+
+ <b>-N</b> Prepend a non-repeating sequence number to each recipient
+ address. This avoids the artificial 100% hit rate in the resolve
+ and rewrite client caches and exercises the trivial-rewrite dae-
+ mon, better approximating Postfix performance under real-life
work-loads.
- <b>-o</b> Old mode: don't send HELO, and don't send message
- headers.
+ <b>-o</b> Old mode: don't send HELO, and don't send message headers.
<b>-r</b> <i>recipient</i><b>_</b><i>count</i>
- Send the specified number of recipients per trans-
- action (default: 1). Recipient names are generated
- by prepending a number to the recipient address.
+ Send the specified number of recipients per transaction
+ (default: 1). Recipient names are generated by prepending a
+ number to the recipient address.
<b>-R</b> <i>interval</i>
- Wait for a random period of time 0 <= n <= interval
- between messages. Suspending one thread does not
- affect other delivery threads.
+ Wait for a random period of time 0 <= n <= interval between mes-
+ sages. Suspending one thread does not affect other delivery
+ threads.
<b>-s</b> <i>session</i><b>_</b><i>count</i>
- Run the specified number of SMTP sessions in paral-
- lel (default: 1).
+ Run the specified number of SMTP sessions in parallel (default:
+ 1).
<b>-S</b> <i>subject</i>
- Send mail with the named subject line (default:
- none).
+ Send mail with the named subject line (default: none).
- <b>-t</b> <i>to</i> Use the specified recipient address (default:
- <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
+ <b>-t</b> <i>to</i> Use the specified recipient address (default: <foo@<a href="postconf.5.html#myhostname">myhostname</a>>).
<b>-T</b> <i>windowsize</i>
- Override the default TCP window size. To work
- around broken TCP window scaling implementations,
- specify a value > 0 and < 65536.
+ Override the default TCP window size. To work around broken TCP
+ window scaling implementations, specify a value > 0 and < 65536.
- <b>-v</b> Make the program more verbose, for debugging pur-
- poses.
+ <b>-v</b> Make the program more verbose, for debugging purposes.
<b>-w</b> <i>interval</i>
- Wait a fixed time between messages. Suspending one
- thread does not affect other delivery threads.
+ Wait a fixed time between messages. Suspending one thread does
+ not affect other delivery threads.
[<b>inet:</b>]<i>host</i>[:<i>port</i>]
- Connect via TCP to host <i>host</i>, port <i>port</i>. The
- default port is <b>smtp</b>.
+ Connect via TCP to host <i>host</i>, port <i>port</i>. The default port is
+ <b>smtp</b>.
<b>unix:</b><i>pathname</i>
Connect to the UNIX-domain socket at <i>pathname</i>.
<a href="smtp-sink.1.html">smtp-sink(1)</a>, SMTP/LMTP message dump
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>smtp</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The Postfix SMTP+LMTP client implements the SMTP and LMTP
- mail delivery protocols. It processes message delivery
- requests from the queue manager. Each request specifies a
- queue file, a sender address, a domain or host to deliver
- to, and recipient information. This program expects to be
- run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The SMTP+LMTP client updates the queue file and marks
- recipients as finished, or it informs the queue manager
- that delivery should be tried again at a later time.
- Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
- <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
-
- The SMTP+LMTP client looks up a list of mail exchanger
- addresses for the destination host, sorts the list by
- preference, and connects to each listed address until it
- finds a server that responds.
-
- When a server is not reachable, or when mail delivery
- fails due to a recoverable error condition, the SMTP+LMTP
- client will try to deliver the mail to an alternate host.
-
- After a successful mail transaction, a connection may be
- saved to the <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it
- may be used by any SMTP+LMTP client for a subsequent
- transaction.
-
- By default, connection caching is enabled temporarily for
- destinations that have a high volume of mail in the active
- queue. Connection caching can be enabled permanently for
- specific destinations.
+ The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
+ protocols. It processes message delivery requests from the queue man-
+ ager. Each request specifies a queue file, a sender address, a domain
+ or host to deliver to, and recipient information. This program expects
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The SMTP+LMTP client updates the queue file and marks recipients as
+ finished, or it informs the queue manager that delivery should be tried
+ again at a later time. Delivery status reports are sent to the
+ <a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+ The SMTP+LMTP client looks up a list of mail exchanger addresses for
+ the destination host, sorts the list by preference, and connects to
+ each listed address until it finds a server that responds.
+
+ When a server is not reachable, or when mail delivery fails due to a
+ recoverable error condition, the SMTP+LMTP client will try to deliver
+ the mail to an alternate host.
+
+ After a successful mail transaction, a connection may be saved to the
+ <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
+ SMTP+LMTP client for a subsequent transaction.
+
+ By default, connection caching is enabled temporarily for destinations
+ that have a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. Connection caching
+ can be enabled permanently for specific destinations.
<b>SMTP DESTINATION SYNTAX</b>
SMTP destinations have the following form:
<i>domainname</i>
<i>domainname</i>:<i>port</i>
- Look up the mail exchangers for the specified
- domain, and connect to the specified port (default:
- <b>smtp</b>).
+ Look up the mail exchangers for the specified domain, and con-
+ nect to the specified port (default: <b>smtp</b>).
[<i>hostname</i>]
[<i>hostname</i>]:<i>port</i>
- Look up the address(es) of the specified host, and
- connect to the specified port (default: <b>smtp</b>).
+ Look up the address(es) of the specified host, and connect to
+ the specified port (default: <b>smtp</b>).
[<i>address</i>]
[<i>address</i>]:<i>port</i>
- Connect to the host at the specified address, and
- connect to the specified port (default: <b>smtp</b>). An
- IPv6 address must be formatted as [<b>ipv6</b>:<i>address</i>].
+ Connect to the host at the specified address, and connect to the
+ specified port (default: <b>smtp</b>). An IPv6 address must be format-
+ ted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
LMTP destinations have the following form:
<b>unix</b>:<i>pathname</i>
- Connect to the local UNIX-domain server that is
- bound to the specified <i>pathname</i>. If the process
- runs chrooted, an absolute pathname is interpreted
- relative to the Postfix queue directory.
+ Connect to the local UNIX-domain server that is bound to the
+ specified <i>pathname</i>. If the process runs chrooted, an absolute
+ pathname is interpreted relative to the Postfix queue directory.
<b>inet</b>:<i>hostname</i>
<b>inet</b>:[<i>address</i>]
<b>inet</b>:[<i>address</i>]:<i>port</i>
- Connect to the specified TCP port on the specified
- local or remote host. If no port is specified, con-
- nect to the port defined as <b>lmtp</b> in <b>services</b>(4).
- If no such service is found, the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> con-
- figuration parameter (default value of 24) will be
- used. An IPv6 address must be formatted as
+ Connect to the specified TCP port on the specified local or
+ remote host. If no port is specified, connect to the port
+ defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
+ the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
+ will be used. An IPv6 address must be formatted as
[<b>ipv6</b>:<i>address</i>].
<b>SECURITY</b>
- The SMTP+LMTP client is moderately security-sensitive. It
- talks to SMTP or LMTP servers and to DNS servers on the
- network. The SMTP+LMTP client can be run chrooted at fixed
- low privilege.
+ The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
+ or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
+ can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
- can move them to the <b>corrupt</b> queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
+ files are marked so that the queue manager can move them to the <b>corrupt</b>
+ queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces, protocol problems,
- and of other trouble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection caching does not work with TLS.
- The necessary support for TLS object passivation and re-
- activation does not exist without closing the session,
- which defeats the purpose.
+ SMTP and LMTP connection caching does not work with TLS. The necessary
+ support for TLS object passivation and re-activation does not exist
+ without closing the session, which defeats the purpose.
- SMTP and LMTP connection caching assumes that SASL creden-
- tials are valid for all destinations that map onto the
- same IP address and TCP port.
+ SMTP and LMTP connection caching assumes that SASL credentials are
+ valid for all destinations that map onto the same IP address and TCP
+ port.
<b>CONFIGURATION PARAMETERS</b>
- Before Postfix version 2.3, the LMTP client is a separate
- program that implements only a subset of the functionality
- available with SMTP: there is no support for TLS, and con-
- nections are cached in-process, making it ineffective when
- the client is used for multiple domains.
+ Before Postfix version 2.3, the LMTP client is a separate program that
+ implements only a subset of the functionality available with SMTP:
+ there is no support for TLS, and connections are cached in-process,
+ making it ineffective when the client is used for multiple domains.
- Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i>
- "mirror" parameter for the equivalent LMTP feature. This
- document describes only those LMTP-related parameters that
- aren't simply "mirror" parameters.
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
+ eter for the equivalent LMTP feature. This document describes only
+ those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b>
Never send EHLO at the start of an SMTP session.
<b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b>
- Defer mail delivery when no MX record resolves to
- an IP address.
+ Defer mail delivery when no MX record resolves to an IP address.
<b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (998)</b>
- The maximal length of message header and body lines
- that Postfix will send via SMTP.
+ The maximal length of message header and body lines that Postfix
+ will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before
- sending ".<CR><LF>" in order to work around the PIX
- firewall "<CR><LF>.<CR><LF>" bug.
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
+ "<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
- How long a message must be queued before the Post-
- fix SMTP client turns on the PIX firewall
- "<CR><LF>.<CR><LF>" bug workaround for delivery
- through firewalls with "smtp fixup" mode turned on.
+ How long a message must be queued before the Postfix SMTP client
+ turns on the PIX firewall "<CR><LF>.<CR><LF>" bug workaround for
+ delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for
- CISCO PIX firewall bugs.
+ A list that specifies zero or more workarounds for CISCO PIX
+ firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server
- address, with per-destination workarounds for CISCO
- PIX firewall bugs.
+ Lookup tables, indexed by the remote SMTP server address, with
+ per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM
-
and RCPT TO commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP
- servers one line at a time.
+ A mechanism to transform replies from remote SMTP servers one
+ line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
- Skip remote SMTP servers that greet with a 5XX sta-
- tus code.
+ Skip remote SMTP servers that greet with a 5XX status code.
<b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
- Do not wait for the response to the SMTP QUIT com-
- mand.
+ Do not wait for the response to the SMTP QUIT command.
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code
- (go away, try again later).
+ Skip SMTP servers that greet with a 4XX status code (go away,
+ try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server
- address, with case insensitive lists of EHLO key-
- words (pipelining, starttls, auth, etc.) that the
- Postfix SMTP client will ignore in the EHLO
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the Postfix SMTP
- client will ignore in the EHLO response from a
- remote SMTP server.
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewrit-
- ing in the Postfix SMTP client, typically to trans-
- form a locally valid address into a globally valid
- address when sending mail across the Internet.
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
+ the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- Allow DNS CNAME records to override the servername
- that the Postfix SMTP client uses for logging, SASL
- password lookup, TLS policy decisions, or TLS cer-
- tificate verification.
+ Allow DNS CNAME records to override the servername that the
+ Postfix SMTP client uses for logging, SASL password lookup, TLS
+ policy decisions, or TLS certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server
- address, with case insensitive lists of LHLO key-
- words (pipelining, starttls, auth, etc.) that the
- Postfix LMTP client will ignore in the LHLO
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the Postfix LMTP
- client will ignore in the LHLO response from a
- remote LMTP server.
+ A case insensitive list of LHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix LMTP client will ignore in the LHLO
+ response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server
- with the default setting "no", send no SASL autho-
- riZation ID (authzid); send only the SASL authenti-
- Cation ID (authcid) plus the authcid's password.
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
+ cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix
- SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the
- Postfix SMTP client.
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the
- Postfix SMTP client.
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix
- SMTP client.
+ Restricted <a href="header_checks.5.html"><b>body_checks</b>(5)</a> tables for the Postfix SMTP client.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP
- window scaling.
+ An optional workaround for routers that break TCP window scal-
+ ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time lim-
- its, from a time limit per read or write system
- call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line,
- SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to
- the MAIL FROM command in SASL-authenticated SMTP
- sessions.
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
- Disable the conversion of 8BITMIME format to 7BIT
- format.
+ Disable the conversion of 8BITMIME format to 7BIT format.
<b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
- The maximal length of MIME multipart boundary
- strings.
+ The maximal length of MIME multipart boundary strings.
<b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
- The maximal recursion level that the MIME processor
- will handle.
+ The maximal recursion level that the MIME processor will handle.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the
- Postfix SMTP server EHLO response announces XFOR-
- WARD support.
+ Send the non-standard XFORWARD command when the Postfix SMTP
+ server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
<b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
- client.
+ Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one
- username:password entry per remote hostname or
- domain, or sender address when sender-dependent
- authentication is enabled.
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per remote hostname or domain, or sender
+ address when sender-dependent authentication is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
- Postfix SMTP client SASL security options; as of
- Postfix 2.3 the list of available features depends
- on the SASL client implementation that is selected
- with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Postfix SMTP client SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL client implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the
- remote SMTP server's list of offered SASL mecha-
- nisms.
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
+ server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
- Enable sender-dependent authentication in the Post-
- fix SMTP client; this is available only with SASL
- authentication, and disables SMTP connection
- caching to ensure that mail from different senders
- will use the appropriate credentials.
+ Enable sender-dependent authentication in the Postfix SMTP
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
+ ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that the Post-
- fix SMTP client passes through to the SASL plug-in
- implementation that is selected with
- <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+ Implementation-specific information that the Postfix SMTP client
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
- should use for authentication.
+ The SASL plug-in type that the Postfix SMTP client should use
+ for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authen-
- tication failures with the same remote SMTP server
- hostname, username and password.
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
+ password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a>
- entry before it is removed.
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authenti-
- cation request with a 535 reply code, defer mail
- delivery instead of returning mail as undeliver-
- able.
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
+ mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to
- the MAIL FROM command in SASL-authenticated SMTP
- sessions.
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ command in SASL-authenticated SMTP sessions.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
-
found in the <a href="TLS_README.html">TLS_README</a> document.
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
- The default SMTP TLS security level for the Postfix
- SMTP client; when a non-empty value is specified,
- this overrides the obsolete parameters
- <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
+ The default SMTP TLS security level for the Postfix SMTP client;
+ when a non-empty value is specified, this overrides the obsolete
+ parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
- <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
- <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
- sessions.
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
- shake procedures.
+ Time limit for Postfix SMTP client write and read operations
+ during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs
- trusted to sign either remote SMTP server certifi-
- cates or intermediate CA certificates.
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
+ tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
- verify a remote SMTP server certificate.
+ Directory with PEM format certificate authority certificates
+ that the Postfix SMTP client uses to verify a remote SMTP server
+ certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
- in PEM format.
+ File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- client will use with mandatory TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
- List of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at all TLS security
- levels.
+ List of ciphers or cipher types to exclude from the Postfix SMTP
+ client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to
- exclude from the Postfix SMTP client cipher list at
- mandatory TLS security levels.
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
+ els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
- in PEM format.
+ File with the Postfix SMTP client DSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
- in PEM format.
+ File with the Postfix SMTP client DSA private key in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
- in PEM format.
+ File with the Postfix SMTP client RSA private key in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
- TLS activity.
+ Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
- for that server.
+ Log the hostname of a remote SMTP server that offers STARTTLS,
+ when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client
- TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
- obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
+ Optional lookup tables with the Postfix SMTP client TLS security
+ policy by next-hop destination; when a non-empty value is speci-
+ fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (!SSLv2)</b>
- List of SSL/TLS protocols that the Postfix SMTP
- client will use with mandatory TLS encryption.
+ List of SSL/TLS protocols that the Postfix SMTP client will use
+ with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
- The verification depth for remote SMTP server cer-
- tificates.
+ The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server
- certificate peername for the "secure" TLS security
- level.
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
- SMTP client TLS session cache.
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS ses-
- sion cache information.
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server
- certificate peername for the "verify" TLS security
- level.
+ How the Postfix SMTP client verifies the server certificate
+ peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
- number generator (PRNG).
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
- <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
- <b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
<b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "MEDIUM" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "LOW" or higher grade ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "EXPORT" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
- that provide authentication without encryption.
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
Available in Postfix version 2.4 and later:
- <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
- <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
- sessions with a verified server certificate.
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
+ server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate
- fingerprints for the "fingerprint" TLS security
- level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a></b> = fingerprint).
+ List of acceptable remote SMTP server certificate fingerprints
+ for the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (md5)</b>
- The message digest algorithm used to construct
- remote SMTP server certificate fingerprints.
+ The message digest algorithm used to construct remote SMTP
+ server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (!SSLv2)</b>
- List of TLS protocols that the Postfix SMTP client
- will exclude or include with opportunistic TLS
- encryption.
+ List of TLS protocols that the Postfix SMTP client will exclude
+ or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- client will use with opportunistic TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP client will
+ use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate
- in PEM format.
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
+ mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key
- in PEM format.
+ File with the Postfix SMTP client ECDSA private key in PEM for-
+ mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a
- TLS protocol vulnerability (CVE-2009-3555), where
- an attacker prepends malicious HELO, MAIL, RCPT,
- DATA commands to a Postfix SMTP client TLS session.
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ TLS session.
Available in Postfix version 2.8 and later:
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
- List or bit-mask of OpenSSL bug work-arounds to
- disable.
+ List or bit-mask of OpenSSL bug work-arounds to disable.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor
- certificates and/or public keys.
+ Zero or more PEM-format files with trust-anchor certificates
+ and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a
- hostname is not an alias and its address records
- lie in an unsigned zone.
+ Lookup the associated DANE TLSA RRset even when a hostname is
+ not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
- <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix
- TLS library.
+ <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> trust-anchor digest support in the Postfix TLS library.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
- The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">mas-
- ter.cf</a>.
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
- bility with Postfix versions before 2.3. Support for these
- will be removed in a future release.
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
- the mail in the clear.
+ Opportunistic mode: use TLS when a remote SMTP server announces
+ STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
- clear.
+ Enforcement mode: require that remote SMTP servers use TLS
+ encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the
- remote SMTP server hostname matches the information
- in the remote SMTP server certificate.
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
+ server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop destination and by
- remote SMTP server hostname.
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
+ name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP
- client TLS cipher list.
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
- <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
- transport.
+ <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
+ tion via the smtp message delivery transport.
- <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per message for
- the smtp message delivery transport.
+ <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipient_limit</a>)</b>
+ The maximal number of recipients per message for the smtp mes-
+ sage delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a
- TCP connection, or zero (use the operating system
- built-in time limit).
+ The Postfix SMTP client time limit for completing a TCP connec-
+ tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- HELO or EHLO command, and for receiving the initial
- remote SMTP server response.
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
+ response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The Postfix LMTP client time limit for sending the
- LHLO command, and for receiving the initial remote
- LMTP server response.
+ The Postfix LMTP client time limit for sending the LHLO command,
+ and for receiving the initial remote LMTP server response.
<b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- XFORWARD command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the XFORWARD com-
+ mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- MAIL FROM command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the MAIL FROM
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP RCPT TO command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP DATA command, and for receiving the remote
- SMTP server response.
+ The Postfix SMTP client time limit for sending the SMTP DATA
+ command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP message content.
+ The Postfix SMTP client time limit for sending the SMTP message
+ content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The Postfix SMTP client time limit for sending the
- SMTP ".", and for receiving the remote SMTP server
- response.
+ The Postfix SMTP client time limit for sending the SMTP ".", and
+ for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the
- QUIT command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the QUIT command,
+ and for receiving the remote SMTP server response.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP
- addresses that can result from Postfix SMTP client
- mail exchanger lookups, or zero (no limit).
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
+ (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before the Postfix SMTP client gives up or
- delivers to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
- limit).
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
+ <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The Postfix SMTP client time limit for sending the
- RSET command, and for receiving the remote SMTP
- server response.
+ The Postfix SMTP client time limit for sending the RSET command,
+ and for receiving the remote SMTP server response.
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep Postfix LMTP client connections open for up to
- $<a href="postconf.5.html#max_idle">max_idle</a> seconds.
+ Keep Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
- specified destinations.
+ Permanently enable SMTP connection caching for the specified
+ destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
- destination has a high volume of mail in the active
- queue.
+ Temporarily enable SMTP connection caching while a destination
+ has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
- The amount of time during which Postfix will use an
- SMTP connection repeatedly.
+ The amount of time during which Postfix will use an SMTP connec-
+ tion repeatedly.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
- When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
- open before it is closed.
+ When SMTP connection caching is enabled, the amount of time that
+ an unused SMTP client socket is kept open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
- receive operations.
+ Time limit for connection cache connect, send or receive opera-
+ tions.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time lim-
- its, from a time limit per read or write system
- call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line,
- SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number
- of times that an SMTP session may be reused before
- it is closed, or zero (no limit).
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
+ (no limit).
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
- resource, software or protocol errors.
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
- when it detects a "mail loops back to myself" error
- condition.
+ Where the Postfix SMTP client should deliver mail when it
+ detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
- clients.
+ Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail sys-
- tem receives mail on.
+ The network interface addresses that this mail system receives
+ mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use
- when making or accepting connections.
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support,
- assume that the server performs final delivery, and
- send "delivered" delivery status notifications
- instead of "relayed".
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
+ ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
- connects to.
+ The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
- address translation unit.
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
- The address type ("ipv6", "ipv4" or "any") that the
- Postfix SMTP client will try first, when a destina-
- tion has IPv6 and IPv4 addresses with equal MX
- preference.
+ The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
+ client will try first, when a destination has IPv6 and IPv4
+ addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
- IPv4 connection.
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
- IPv6 connection.
+ An optional numerical network address that the Postfix SMTP
+ client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
- mand.
+ The hostname to send in the SMTP EHLO or HELO command.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms the Postfix SMTP client uses to
- look up a host's IP address.
+ What mechanisms the Postfix SMTP client uses to look up a host's
+ IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
- addresses.
+ Randomize the order of equal-preference MX host addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
- that can't be found or that are unreachable.
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
- that can't be found or that are unreachable.
+ Optional list of relay hosts for SMTP destinations that can't be
+ found or that are unreachable.
<b>SEE ALSO</b>
<a href="generic.5.html">generic(5)</a>, output address rewriting
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>sendmail -bs</b>
<b>DESCRIPTION</b>
- The SMTP server accepts network connection requests and
- performs zero or more SMTP transactions per connection.
- Each received message is piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> dae-
- mon, and is placed into the <a href="QSHAPE_README.html#incoming_queue"><b>incoming</b> queue</a> as one single
- queue file. For this mode of operation, the program
- expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- Alternatively, the SMTP server be can run in stand-alone
- mode; this is traditionally obtained with "<b>sendmail -bs</b>".
- When the SMTP server runs stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
- privileges, it receives mail even while the mail system is
- not running, deposits messages directly into the <b>maildrop</b>
- queue, and disables the SMTP server's access policies. As
- of Postfix version 2.3, the SMTP server refuses to receive
- mail from the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b>
- privileges.
-
- The SMTP server implements a variety of policies for con-
- nection requests, and for parameters given to <b>HELO, ETRN,</b>
- <b>MAIL FROM, VRFY</b> and <b>RCPT TO</b> commands. They are detailed
- below and in the <a href="postconf.5.html"><b>main.cf</b></a> configuration file.
+ The SMTP server accepts network connection requests and performs zero
+ or more SMTP transactions per connection. Each received message is
+ piped through the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon, and is placed into the <b>incoming</b>
+ queue as one single queue file. For this mode of operation, the pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ Alternatively, the SMTP server be can run in stand-alone mode; this is
+ traditionally obtained with "<b>sendmail -bs</b>". When the SMTP server runs
+ stand-alone with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges, it receives mail even
+ while the mail system is not running, deposits messages directly into
+ the <b>maildrop</b> queue, and disables the SMTP server's access policies. As
+ of Postfix version 2.3, the SMTP server refuses to receive mail from
+ the network when it runs with non $<b><a href="postconf.5.html#mail_owner">mail_owner</a></b> privileges.
+
+ The SMTP server implements a variety of policies for connection
+ requests, and for parameters given to <b>HELO, ETRN, MAIL FROM, VRFY</b> and
+ <b>RCPT TO</b> commands. They are detailed below and in the <a href="postconf.5.html"><b>main.cf</b></a> configura-
+ tion file.
<b>SECURITY</b>
- The SMTP server is moderately security-sensitive. It talks
- to SMTP clients and to DNS servers on the network. The
- SMTP server can be run chrooted at fixed low privilege.
+ The SMTP server is moderately security-sensitive. It talks to SMTP
+ clients and to DNS servers on the network. The SMTP server can be run
+ chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces, protocol problems,
- policy violations, and of other trouble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces, protocol problems, policy violations, and
+ of other trouble.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtpd.8.html"><b>smtpd</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
- The following parameters work around implementation errors
- in other software, and/or allow you to override standards
- in order to prevent undesirable use.
+ The following parameters work around implementation errors in other
+ software, and/or allow you to override standards in order to prevent
+ undesirable use.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
- Enable inter-operability with remote SMTP clients
- that implement an obsolete version of the AUTH com-
- mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
+ Enable inter-operability with remote SMTP clients that implement
+ an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
Disable the SMTP VRFY command.
<b><a href="postconf.5.html#smtpd_noop_commands">smtpd_noop_commands</a> (empty)</b>
- List of commands that the Postfix SMTP server
- replies to with "250 Ok", without doing any syntax
- checks and without changing state.
+ List of commands that the Postfix SMTP server replies to with
+ "250 Ok", without doing any syntax checks and without changing
+ state.
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
- Require that addresses received in SMTP MAIL FROM
- and RCPT TO commands are enclosed with <>, and that
- those addresses do not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style com-
- ments or phrases.
+ Require that addresses received in SMTP MAIL FROM and RCPT TO
+ commands are enclosed with <>, and that those addresses do not
+ contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail
- from unknown sender addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
- is specified.
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ access restriction is specified.
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What remote SMTP clients the Postfix SMTP server
- will not offer AUTH support to.
+ What remote SMTP clients the Postfix SMTP server will not offer
+ AUTH support to.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP client
- address, with case insensitive lists of EHLO key-
- words (pipelining, starttls, auth, etc.) that the
- Postfix SMTP server will not send in the EHLO
- response to a remote SMTP client.
+ Lookup tables, indexed by the remote SMTP client address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP server will not send in the
+ EHLO response to a remote SMTP client.
<b><a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the Postfix SMTP
- server will not send in the EHLO response to a
- remote SMTP client.
+ A case insensitive list of EHLO keywords (pipelining, starttls,
+ auth, etc.) that the Postfix SMTP server will not send in the
+ EHLO response to a remote SMTP client.
<b><a href="postconf.5.html#smtpd_delay_open_until_valid_rcpt">smtpd_delay_open_until_valid_rcpt</a> (yes)</b>
- Postpone the start of an SMTP mail transaction
- until a valid RCPT TO command is received.
+ Postpone the start of an SMTP mail transaction until a valid
+ RCPT TO command is received.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
- Force the Postfix SMTP server to issue a TLS ses-
- sion id, even when TLS session caching is turned
- off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
+ Force the Postfix SMTP server to issue a TLS session id, even
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP
- window scaling.
+ An optional workaround for routers that break TCP window scal-
+ ing.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtpd_command_filter">smtpd_command_filter</a> (empty)</b>
- A mechanism to transform commands from remote SMTP
- clients.
+ A mechanism to transform commands from remote SMTP clients.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
- Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and
- <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> time limits, from a time
- limit per read or write system call, to a time
- limit to send or receive a complete record (an SMTP
- command line, SMTP response line, SMTP message con-
- tent line, or TLS protocol message).
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
+ content line, or TLS protocol message).
<b>ADDRESS REWRITING CONTROLS</b>
- See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed
- discussion of Postfix address rewriting.
+ See the <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> document for a detailed discussion of
+ Postfix address rewriting.
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
- content filtering, or address mapping.
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> (<a href="postconf.5.html#permit_inet_interfaces">permit_inet_interfaces</a>)</b>
- Rewrite message header addresses in mail from these
- clients and update incomplete addresses with the
- domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
- rewrite message headers from other clients at all,
- or rewrite message headers and update incomplete
- addresses with the domain specified in the
- <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
+ Rewrite message header addresses in mail from these clients and
+ update incomplete addresses with the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or
+ $<a href="postconf.5.html#mydomain">mydomain</a>; either don't rewrite message headers from other
+ clients at all, or rewrite message headers and update incomplete
+ addresses with the domain specified in the <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-
+ <a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a> parameter.
<b>BEFORE-SMTPD PROXY AGENT</b>
Available in Postfix version 2.10 and later:
<b><a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> (empty)</b>
- The name of the proxy protocol used by an optional
- before-smtpd proxy agent.
+ The name of the proxy protocol used by an optional before-smtpd
+ proxy agent.
<b><a href="postconf.5.html#smtpd_upstream_proxy_timeout">smtpd_upstream_proxy_timeout</a> (5s)</b>
- The time limit for the proxy protocol specified
-
with the <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
+ The time limit for the proxy protocol specified with the
+ <a href="postconf.5.html#smtpd_upstream_proxy_protocol">smtpd_upstream_proxy_protocol</a> parameter.
<b>AFTER QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 1.0, Postfix can be configured to send new
- mail to an external content filter AFTER the mail is
- queued. This content filter is expected to inject mail
- back into a (Postfix or other) MTA for further delivery.
- See the <a href="FILTER_README.html">FILTER_README</a> document for details.
+ As of version 1.0, Postfix can be configured to send new mail to an
+ external content filter AFTER the mail is queued. This content filter
+ is expected to inject mail back into a (Postfix or other) MTA for fur-
+ ther delivery. See the <a href="FILTER_README.html">FILTER_README</a> document for details.
<b><a href="postconf.5.html#content_filter">content_filter</a> (empty)</b>
- After the message is queued, send the entire mes-
- sage to the specified <i>transport:destination</i>.
+ After the message is queued, send the entire message to the
+ specified <i>transport:destination</i>.
<b>BEFORE QUEUE EXTERNAL CONTENT INSPECTION CONTROLS</b>
- As of version 2.1, the Postfix SMTP server can be config-
- ured to send incoming mail to a real-time SMTP-based con-
- tent filter BEFORE mail is queued. This content filter is
- expected to inject mail back into Postfix. See the
- <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
+ As of version 2.1, the Postfix SMTP server can be configured to send
+ incoming mail to a real-time SMTP-based content filter BEFORE mail is
+ queued. This content filter is expected to inject mail back into Post-
+ fix. See the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document for details on how to config-
ure and operate this feature.
<b><a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> (empty)</b>
- The hostname and TCP port of the mail filtering
- proxy server.
+ The hostname and TCP port of the mail filtering proxy server.
<b><a href="postconf.5.html#smtpd_proxy_ehlo">smtpd_proxy_ehlo</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- How the Postfix SMTP server announces itself to the
- proxy filter.
+ How the Postfix SMTP server announces itself to the proxy fil-
+ ter.
<b><a href="postconf.5.html#smtpd_proxy_options">smtpd_proxy_options</a> (empty)</b>
- List of options that control how the Postfix SMTP
- server communicates with a before-queue content
- filter.
+ List of options that control how the Postfix SMTP server commu-
+ nicates with a before-queue content filter.
<b><a href="postconf.5.html#smtpd_proxy_timeout">smtpd_proxy_timeout</a> (100s)</b>
- The time limit for connecting to a proxy filter and
- for sending or receiving information.
+ The time limit for connecting to a proxy filter and for sending
+ or receiving information.
<b>BEFORE QUEUE MILTER CONTROLS</b>
- As of version 2.3, Postfix supports the Sendmail version 8
- Milter (mail filter) protocol. These content filters run
- outside Postfix. They can inspect the SMTP command stream
- and the message content, and can request modifications
- before mail is queued. For details see the <a href="MILTER_README.html">MILTER_README</a>
- document.
+ As of version 2.3, Postfix supports the Sendmail version 8 Milter (mail
+ filter) protocol. These content filters run outside Postfix. They can
+ inspect the SMTP command stream and the message content, and can
+ request modifications before mail is queued. For details see the <a href="MILTER_README.html">MIL</a>-
+ <a href="MILTER_README.html">TER_README</a> document.
<b><a href="postconf.5.html#smtpd_milters">smtpd_milters</a> (empty)</b>
- A list of Milter (mail filter) applications for new
-
mail that arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
+ A list of Milter (mail filter) applications for new mail that
+ arrives via the Postfix <a href="smtpd.8.html"><b>smtpd</b>(8)</a> server.
<b><a href="postconf.5.html#milter_protocol">milter_protocol</a> (6)</b>
- The mail filter protocol version and optional pro-
- tocol extensions for communication with a Milter
- application; prior to Postfix 2.6 the default pro-
- tocol is 2.
+ The mail filter protocol version and optional protocol exten-
+ sions for communication with a Milter application; prior to
+ Postfix 2.6 the default protocol is 2.
<b><a href="postconf.5.html#milter_default_action">milter_default_action</a> (tempfail)</b>
- The default action when a Milter (mail filter)
- application is unavailable or mis-configured.
+ The default action when a Milter (mail filter) application is
+ unavailable or mis-configured.
<b><a href="postconf.5.html#milter_macro_daemon_name">milter_macro_daemon_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The {daemon_name} macro value for Milter (mail fil-
- ter) applications.
+ The {daemon_name} macro value for Milter (mail filter) applica-
+ tions.
<b><a href="postconf.5.html#milter_macro_v">milter_macro_v</a> ($<a href="postconf.5.html#mail_name">mail_name</a> $<a href="postconf.5.html#mail_version">mail_version</a>)</b>
- The {v} macro value for Milter (mail filter) appli-
- cations.
+ The {v} macro value for Milter (mail filter) applications.
<b><a href="postconf.5.html#milter_connect_timeout">milter_connect_timeout</a> (30s)</b>
- The time limit for connecting to a Milter (mail
- filter) application, and for negotiating protocol
- options.
+ The time limit for connecting to a Milter (mail filter) applica-
+ tion, and for negotiating protocol options.
<b><a href="postconf.5.html#milter_command_timeout">milter_command_timeout</a> (30s)</b>
- The time limit for sending an SMTP command to a
- Milter (mail filter) application, and for receiving
- the response.
+ The time limit for sending an SMTP command to a Milter (mail
+ filter) application, and for receiving the response.
<b><a href="postconf.5.html#milter_content_timeout">milter_content_timeout</a> (300s)</b>
- The time limit for sending message content to a
- Milter (mail filter) application, and for receiving
- the response.
+ The time limit for sending message content to a Milter (mail
+ filter) application, and for receiving the response.
<b><a href="postconf.5.html#milter_connect_macros">milter_connect_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after completion of an SMTP connec-
- tion.
+ The macros that are sent to Milter (mail filter) applications
+ after completion of an SMTP connection.
<b><a href="postconf.5.html#milter_helo_macros">milter_helo_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP HELO or EHLO command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP HELO or EHLO command.
<b><a href="postconf.5.html#milter_mail_macros">milter_mail_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP MAIL FROM command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP MAIL FROM command.
<b><a href="postconf.5.html#milter_rcpt_macros">milter_rcpt_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the SMTP RCPT TO command.
+ The macros that are sent to Milter (mail filter) applications
+ after the SMTP RCPT TO command.
<b><a href="postconf.5.html#milter_data_macros">milter_data_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to version 4 or higher
- Milter (mail filter) applications after the SMTP
- DATA command.
+ The macros that are sent to version 4 or higher Milter (mail
+ filter) applications after the SMTP DATA command.
<b><a href="postconf.5.html#milter_unknown_command_macros">milter_unknown_command_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to version 3 or higher
- Milter (mail filter) applications after an unknown
- SMTP command.
+ The macros that are sent to version 3 or higher Milter (mail
+ filter) applications after an unknown SMTP command.
<b><a href="postconf.5.html#milter_end_of_header_macros">milter_end_of_header_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the end of the message header.
+ The macros that are sent to Milter (mail filter) applications
+ after the end of the message header.
<b><a href="postconf.5.html#milter_end_of_data_macros">milter_end_of_data_macros</a> (see 'postconf -d' output)</b>
- The macros that are sent to Milter (mail filter)
- applications after the message end-of-data.
+ The macros that are sent to Milter (mail filter) applications
+ after the message end-of-data.
<b>GENERAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both built-in
- and external content filters.
+ The following parameters are applicable for both built-in and external
+ content filters.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
- Enable or disable recipient validation, built-in
- content filtering, or address mapping.
+ Enable or disable recipient validation, built-in content filter-
+ ing, or address mapping.
<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
- The following parameters are applicable for both before-
- queue and after-queue content filtering.
+ The following parameters are applicable for both before-queue and
+ after-queue content filtering.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> (empty)</b>
- What remote SMTP clients are allowed to use the
- XFORWARD feature.
+ What remote SMTP clients are allowed to use the XFORWARD fea-
+ ture.
<b>SASL AUTHENTICATION CONTROLS</b>
- Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenti-
- cate remote SMTP clients to the Postfix SMTP server, and
- to authenticate the Postfix SMTP client to a remote SMTP
- server. See the <a href="SASL_README.html">SASL_README</a> document for details.
+ Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
+ clients to the Postfix SMTP server, and to authenticate the Postfix
+ SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
+ details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
- Enable inter-operability with remote SMTP clients
- that implement an obsolete version of the AUTH com-
- mand (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
+ Enable inter-operability with remote SMTP clients that implement
+ an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
- Enable SASL authentication in the Postfix SMTP
- server.
+ Enable SASL authentication in the Postfix SMTP server.
<b><a href="postconf.5.html#smtpd_sasl_local_domain">smtpd_sasl_local_domain</a> (empty)</b>
- The name of the Postfix SMTP server's local SASL
- authentication realm.
+ The name of the Postfix SMTP server's local SASL authentication
+ realm.
<b><a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a> (noanonymous)</b>
- Postfix SMTP server SASL security options; as of
- Postfix 2.3 the list of available features depends
- on the SASL server implementation that is selected
- with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+ Postfix SMTP server SASL security options; as of Postfix 2.3 the
+ list of available features depends on the SASL server implemen-
+ tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
- Optional lookup table with the SASL login names
- that own sender (MAIL FROM) addresses.
+ Optional lookup table with the SASL login names that own sender
+ (MAIL FROM) addresses.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> (empty)</b>
- What remote SMTP clients the Postfix SMTP server
- will not offer AUTH support to.
+ What remote SMTP clients the Postfix SMTP server will not offer
+ AUTH support to.
Available in Postfix version 2.1 and 2.2:
<b><a href="postconf.5.html#smtpd_sasl_application_name">smtpd_sasl_application_name</a> (smtpd)</b>
- The application name that the Postfix SMTP server
- uses for SASL server initialization.
+ The application name that the Postfix SMTP server uses for SASL
+ server initialization.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_sasl_authenticated_header">smtpd_sasl_authenticated_header</a> (no)</b>
- Report the SASL authenticated user name in the
- <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received message header.
+ Report the SASL authenticated user name in the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> Received
+ message header.
<b><a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a> (smtpd)</b>
- Implementation-specific information that the Post-
- fix SMTP server passes through to the SASL plug-in
- implementation that is selected with
- <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
+ Implementation-specific information that the Postfix SMTP server
+ passes through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
<b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP server
- should use for authentication.
+ The SASL plug-in type that the Postfix SMTP server should use
+ for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#cyrus_sasl_config_path">cyrus_sasl_config_path</a> (empty)</b>
- Search path for Cyrus SASL application configura-
- tion files, currently used only to locate the
- $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
+ Search path for Cyrus SASL application configuration files, cur-
+ rently used only to locate the $<a href="postconf.5.html#smtpd_sasl_path">smtpd_sasl_path</a>.conf file.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
-
found in the <a href="TLS_README.html">TLS_README</a> document.
+ Detailed information about STARTTLS configuration may be found in the
+ <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
- The SMTP TLS security level for the Postfix SMTP
- server; when a non-empty value is specified, this
- overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
- <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
+ The SMTP TLS security level for the Postfix SMTP server; when a
+ non-empty value is specified, this overrides the obsolete param-
+ eters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
- <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
- <b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP server uses for TLS encrypted SMTP
- sessions.
+ <b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_security_options</a>)</b>
+ The SASL authentication security options that the Postfix SMTP
+ server uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (see 'postconf -d' output)</b>
- The time limit for Postfix SMTP server write and
- read operations during TLS startup and shutdown
- handshake procedures.
+ The time limit for Postfix SMTP server write and read operations
+ during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
- A file containing (PEM format) CA certificates of
- root CAs trusted to sign either remote SMTP client
- certificates or intermediate CA certificates.
+ A file containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a> (empty)</b>
- A directory containing (PEM format) CA certificates
- of root CAs trusted to sign either remote SMTP
- client certificates or intermediate CA certifi-
- cates.
+ A directory containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a> (yes)</b>
- Force the Postfix SMTP server to issue a TLS ses-
- sion id, even when TLS session caching is turned
- off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> is empty).
+ Force the Postfix SMTP server to issue a TLS session id, even
+ when TLS session caching is turned off (<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_ses</a>-
+ <a href="postconf.5.html#smtpd_tls_session_cache_database">sion_cache_database</a> is empty).
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
- Ask a remote SMTP client for a client certificate.
+ Ask a remote SMTP client for a client certificate.
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
- When TLS encryption is optional in the Postfix SMTP
- server, do not announce or accept SASL authentica-
- tion over unencrypted connections.
+ When TLS encryption is optional in the Postfix SMTP server, do
+ not announce or accept SASL authentication over unencrypted con-
+ nections.
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (9)</b>
- The verification depth for remote SMTP client cer-
- tificates.
+ The verification depth for remote SMTP client certificates.
<b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP server RSA certificate
- in PEM format.
+ File with the Postfix SMTP server RSA certificate in PEM format.
<b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
- List of ciphers or cipher types to exclude from the
- SMTP server cipher list at all TLS security levels.
+ List of ciphers or cipher types to exclude from the SMTP server
+ cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP server DSA certificate
- in PEM format.
+ File with the Postfix SMTP server DSA certificate in PEM format.
<b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
- File with DH parameters that the Postfix SMTP
- server should use with EDH ciphers.
+ File with DH parameters that the Postfix SMTP server should use
+ with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
- File with DH parameters that the Postfix SMTP
- server should use with EDH ciphers.
+ File with DH parameters that the Postfix SMTP server should use
+ with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
- File with the Postfix SMTP server DSA private key
- in PEM format.
+ File with the Postfix SMTP server DSA private key in PEM format.
<b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
- File with the Postfix SMTP server RSA private key
- in PEM format.
+ File with the Postfix SMTP server RSA private key in PEM format.
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP server logging of
- TLS activity.
+ Enable additional Postfix SMTP server logging of TLS activity.
<b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- server will use with mandatory TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP server will
+ use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to
- exclude from the Postfix SMTP server cipher list at
- mandatory TLS security levels.
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP server cipher list at mandatory TLS security lev-
+ els.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (!SSLv2)</b>
- The SSL/TLS protocols accepted by the Postfix SMTP
- server with mandatory TLS encryption.
+ The SSL/TLS protocols accepted by the Postfix SMTP server with
+ mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
- Request that the Postfix SMTP server produces
- Received: message headers that include information
- about the protocol and cipher used, as well as the
- remote SMTP client CommonName and client certifi-
- cate issuer CommonName.
+ Request that the Postfix SMTP server produces Received: message
+ headers that include information about the protocol and cipher
+ used, as well as the remote SMTP client CommonName and client
+ certificate issuer CommonName.
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
- With mandatory TLS encryption, require a trusted
- remote SMTP client certificate in order to allow
- TLS connections to proceed.
+ With mandatory TLS encryption, require a trusted remote SMTP
+ client certificate in order to allow TLS connections to proceed.
<b><a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> (no)</b>
- Run the Postfix SMTP server in the non-standard
- "wrapper" mode, instead of using the STARTTLS com-
- mand.
+ Run the Postfix SMTP server in the non-standard "wrapper" mode,
+ instead of using the STARTTLS command.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
- number generator (PRNG).
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
- <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
- <b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
<b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "MEDIUM" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "LOW" or higher grade ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "EXPORT" or higher grade
- ciphers.
+ The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
- that provide authentication without encryption.
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a> (md5)</b>
- The message digest algorithm to construct remote
- SMTP client-certificate fingerprints or public key
- fingerprints (Postfix 2.9 and later) for
- <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
+ The message digest algorithm to construct remote SMTP client-
+ certificate fingerprints or public key fingerprints (Postfix 2.9
+ and later) for <b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
- List of TLS protocols that the Postfix SMTP server
- will exclude or include with opportunistic TLS
- encryption.
+ List of TLS protocols that the Postfix SMTP server will exclude
+ or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
- The minimum TLS cipher grade that the Postfix SMTP
- server will use with opportunistic TLS encryption.
+ The minimum TLS cipher grade that the Postfix SMTP server will
+ use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP server ECDSA certificate
- in PEM format.
+ File with the Postfix SMTP server ECDSA certificate in PEM for-
+ mat.
<b><a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
- File with the Postfix SMTP server ECDSA private key
- in PEM format.
+ File with the Postfix SMTP server ECDSA private key in PEM for-
+ mat.
<b><a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> (see 'postconf -d' output)</b>
- The Postfix SMTP server security grade for
- ephemeral elliptic-curve Diffie-Hellman (EECDH) key
- exchange.
+ The Postfix SMTP server security grade for ephemeral elliptic-
+ curve Diffie-Hellman (EECDH) key exchange.
<b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
- The elliptic curve used by the Postfix SMTP server
- for sensibly strong ephemeral ECDH key exchange.
+ The elliptic curve used by the Postfix SMTP server for sensibly
+ strong ephemeral ECDH key exchange.
<b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
- The elliptic curve used by the Postfix SMTP server
- for maximally strong ephemeral ECDH key exchange.
+ The elliptic curve used by the Postfix SMTP server for maximally
+ strong ephemeral ECDH key exchange.
Available in Postfix version 2.8 and later:
<b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
- With SSLv3 and later, use the Postfix SMTP server's
- cipher preference order instead of the remote
- client's cipher preference order.
+ With SSLv3 and later, use the Postfix SMTP server's cipher pref-
+ erence order instead of the remote client's cipher preference
+ order.
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
- List or bit-mask of OpenSSL bug work-arounds to
- disable.
+ List or bit-mask of OpenSSL bug work-arounds to disable.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
- The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">mas-
- ter.cf</a>.
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
- bility with Postfix versions before 2.3. Support for these
- will be removed in a future release.
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
+ future release.
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
- Opportunistic TLS: announce STARTTLS support to
- remote SMTP clients, but do not require that
- clients use TLS encryption.
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
- Mandatory TLS: announce STARTTLS support to remote
- SMTP clients, and require that clients use TLS
- encryption.
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP
- server TLS cipher list.
+ Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+ cipher list.
<b>VERP SUPPORT CONTROLS</b>
- With VERP style delivery, each recipient of a message
- receives a customized copy of the message with his/her own
- recipient address encoded in the envelope sender address.
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
- details of Postfix support for variable envelope return
- path addresses. VERP style delivery is requested with the
- SMTP XVERP command or with the "sendmail -V" command-line
- option and is available in Postfix version 1.1 and later.
+ With VERP style delivery, each recipient of a message receives a cus-
+ tomized copy of the message with his/her own recipient address encoded
+ in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
+ uration and operation details of Postfix support for variable envelope
+ return path addresses. VERP style delivery is requested with the SMTP
+ XVERP command or with the "sendmail -V" command-line option and is
+ available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter
- characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
- and in SMTP commands.
+ The characters Postfix accepts as VERP delimiter characters on
+ the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- What remote SMTP clients are allowed to specify the
- XVERP command.
+ What remote SMTP clients are allowed to specify the XVERP com-
+ mand.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
- What remote SMTP clients are allowed to specify the
- XVERP command.
+ What remote SMTP clients are allowed to specify the XVERP com-
+ mand.
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
- the Postfix mail system. The methods vary from making the
- software log a lot of detail, to running some daemon pro-
- cesses under control of a call tracer or debugger.
+ The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
+ mail system. The methods vary from making the software log a lot of
+ detail, to running some daemon processes under control of a call tracer
+ or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
- <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a remote client or
+ server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
- in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of remote client or server hostname or network
+ address patterns that cause the verbose logging level to
+ increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
- resource, software or protocol errors.
+ The recipient of postmaster notifications about mail delivery
+ problems that are caused by policy, resource, software or proto-
+ col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
- Optional information that is appended after each
- Postfix SMTP server 4XX or 5XX response.
+ Optional information that is appended after each Postfix SMTP
+ server 4XX or 5XX response.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise
- be returned to the sender.
+ Safety net to keep mail queued that would otherwise be returned
+ to the sender.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
- What remote SMTP clients are allowed to use the
- XCLIENT feature.
+ What remote SMTP clients are allowed to use the XCLIENT feature.
Available in Postfix version 2.10 and later:
<b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b>
- Enable logging of the named "permit" actions in
- SMTP server access lists (by default, the SMTP
- server logs "reject" actions but not "permit"
- actions).
+ Enable logging of the named "permit" actions in SMTP server
+ access lists (by default, the SMTP server logs "reject" actions
+ but not "permit" actions).
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
- As of Postfix version 2.0, the SMTP server rejects mail
- for unknown recipients. This prevents the mail queue from
- clogging up with undeliverable MAILER-DAEMON messages.
- Additional information on this topic is in the
- <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
+ As of Postfix version 2.0, the SMTP server rejects mail for unknown
+ recipients. This prevents the mail queue from clogging up with undeliv-
+ erable MAILER-DAEMON messages. Additional information on this topic is
+ in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
- "User unknown" responses.
+ Display the name of the recipient table in the "User unknown"
+ responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message
- headers and envelopes.
+ Optional address mapping lookup tables for message headers and
+ envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for envelope
- and header recipient addresses.
+ Optional address mapping lookup tables for envelope and header
+ recipient addresses.
Parameters concerning known/unknown local recipients:
- <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
- <b>host)</b>
- The list of domains that are delivered via the
- $<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
+ <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
+ The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail sys-
- tem receives mail on.
+ The network interface addresses that this mail system receives
+ mail on.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
- address translation unit.
+ The network interface addresses that this mail system receives
+ mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use
- when making or accepting connections.
+ The Internet protocols Postfix will attempt to use when making
+ or accepting connections.
- <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
- <b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
- Lookup tables with all names or addresses of local
- recipients: a recipient address is local when its
- domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
- $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+ <b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
+ Lookup tables with all names or addresses of local recipients: a
+ recipient address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
+ <a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is local, and
- $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
- tables that does not match the recipient.
+ The numerical Postfix SMTP server response code when a recipient
+ address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
+ lookup tables that does not match the recipient.
- Parameters concerning known/unknown recipients of relay
- destinations:
+ Parameters concerning known/unknown recipients of relay destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
- What destination domains (and subdomains thereof)
- this system will relay mail to.
+ What destination domains (and subdomains thereof) this system
+ will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
- th
e domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server reply code when a
- recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
- <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
- tables that does not match the recipient address.
+ The numerical Postfix SMTP server reply code when a recipient
+ address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
+ address.
- Parameters concerning known/unknown recipients in virtual
- alias domains:
+ Parameters concerning known/unknown recipients in virtual alias
+ domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
- Postfix is final destination for the specified list
- of virtual alias domains, that is, domains for
- which all addresses are aliased to addresses in
- other local or remote domains.
+ Postfix is final destination for the specified list of virtual
+ alias domains, that is, domains for which all addresses are
+ aliased to addresses in other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail
- addresses or domains to other local or remote
- address.
+ Optional lookup tables that alias specific mail addresses or
+ domains to other local or remote address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient
- address matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
- <a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
- that does not match the recipient address.
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
+ address.
- Parameters concerning known/unknown recipients in virtual
- mailbox domains:
+ Parameters concerning known/unknown recipients in virtual mailbox
+ domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
- Postfix is final destination for the specified list
- of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
- <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
+ Postfix is final destination for the specified list of domains;
+ mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
+ transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
- th
e domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient
- address matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
- <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
- that does not match the recipient address.
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+ specifies a list of lookup tables that does not match the recip-
+ ient address.
<b>RESOURCE AND RATE CONTROLS</b>
- The following parameters limit resource usage by the SMTP
- server and/or control client request rates.
+ The following parameters limit resource usage by the SMTP server and/or
+ control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
- are reconstructed.
+ Upon input, long lines are chopped up into pieces of at most
+ this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
- The minimal amount of free space in bytes in the
- queue file system that is needed to receive mail.
+ The minimal amount of free space in bytes in the queue file sys-
+ tem that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including
- envelope information.
+ The maximal size in bytes of a message, including envelope
+ information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
- The maximal number of recipients that the Postfix
- SMTP server accepts per message delivery request.
+ The maximal number of recipients that the Postfix SMTP server
+ accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
- The time limit for sending a Postfix SMTP server
- response and for receiving a remote SMTP client
- request.
+ The time limit for sending a Postfix SMTP server response and
+ for receiving a remote SMTP client request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
- The maximal number of lines in the Postfix SMTP
- server command history before it is flushed upon
- receipt of EHLO, RSET, or end of DATA.
+ The maximal number of lines in the Postfix SMTP server command
+ history before it is flushed upon receipt of EHLO, RSET, or end
+ of DATA.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
- Attempt to look up the remote SMTP client hostname,
- and verify that the name matches the client IP
- address.
+ Attempt to look up the remote SMTP client hostname, and verify
+ that the name matches the client IP address.
- The per SMTP client connection count and request rate lim-
- its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
- vice, and are available in Postfix version 2.2 and later.
+ The per SMTP client connection count and request rate limits are imple-
+ mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
+ Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any client is
- allowed to make to this service.
+ How many simultaneous connections any client is allowed to make
+ to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
- The maximal number of connection attempts any
- client is allowed to make to this service per time
- unit.
+ The maximal number of connection attempts any client is allowed
+ to make to this service per time unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
- The maximal number of message delivery requests
- that any client is allowed to make to this service
- per time unit, regardless of whether or not Postfix
- actually accepts those messages.
+ The maximal number of message delivery requests that any client
+ is allowed to make to this service per time unit, regardless of
+ whether or not Postfix actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
- The maximal number of recipient addresses that any
- client is allowed to send to this service per time
- unit, regardless of whether or not Postfix actually
- accepts those recipients.
+ The maximal number of recipient addresses that any client is
+ allowed to send to this service per time unit, regardless of
+ whether or not Postfix actually accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from
- smtpd_client_*_count/rate_limit restrictions.
+ Clients that are excluded from smtpd_client_*_count/rate_limit
+ restrictions.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
- The maximal number of new (i.e., uncached) TLS ses-
- sions that a remote SMTP client is allowed to nego-
- tiate with this service per time unit.
+ The maximal number of new (i.e., uncached) TLS sessions that a
+ remote SMTP client is allowed to negotiate with this service per
+ time unit.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
- Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and
- <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> time limits, from a time
- limit per read or write system call, to a time
- limit to send or receive a complete record (an SMTP
- command line, SMTP response line, SMTP message con-
- tent line, or TLS protocol message).
+ Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
+ content line, or TLS protocol message).
<b>TARPIT CONTROLS</b>
- When a remote SMTP client makes errors, the Postfix SMTP
- server can insert delays before responding. This can help
- to slow down run-away software. The behavior is con-
- trolled by an error counter that counts the number of
- errors within an SMTP session that a client makes without
+ When a remote SMTP client makes errors, the Postfix SMTP server can
+ insert delays before responding. This can help to slow down run-away
+ software. The behavior is controlled by an error counter that counts
+ the number of errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
- With Postfix version 2.1 and later: the SMTP server
- response delay after a client has made more than
- $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
- $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
- mail.
+ With Postfix version 2.1 and later: the SMTP server response
+ delay after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+ errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
+ delivering mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
- The number of errors a remote SMTP client is
- allowed to make without delivering mail before the
- Postfix SMTP server slows down all its responses.
+ The number of errors a remote SMTP client is allowed to make
+ without delivering mail before the Postfix SMTP server slows
+ down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
- The maximal number of errors a remote SMTP client
- is allowed to make without delivering mail.
+ The maximal number of errors a remote SMTP client is allowed to
+ make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
- The number of junk commands (NOOP, VRFY, ETRN or
- RSET) that a remote SMTP client can send before the
- Postfix SMTP server starts to increment the error
- counter with each junk command.
+ The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
+ remote SMTP client can send before the Postfix SMTP server
+ starts to increment the error counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
- The number of recipients that a remote SMTP client
- can send in excess of the limit specified with
- $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
- server increments the per-session error count for
- each excess recipient.
+ The number of recipients that a remote SMTP client can send in
+ excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
+ before the Postfix SMTP server increments the per-session error
+ count for each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
- As of version 2.1, Postfix can be configured to delegate
- access policy decisions to an external server that runs
- outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
- more information.
+ As of version 2.1, Postfix can be configured to delegate access policy
+ decisions to an external server that runs outside Postfix. See the
+ file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
- The time after which an idle SMTPD policy service
- connection is closed.
+ The time after which an idle SMTPD policy service connection is
+ closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
- The time after which an active SMTPD policy service
- connection is closed.
+ The time after which an active SMTPD policy service connection
+ is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
- The time limit for connecting to, writing to or
- receiving from a delegated SMTPD policy server.
+ The time limit for connecting to, writing to or receiving from a
+ delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
- all the SMTP server access control features.
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
+ server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
- $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
- tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
- the ETRN command before evaluating
- $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
- tions.
+ Wait until the RCPT TO command before evaluating
+ $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
+ $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
+ before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
+ $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
- <b>put)</b>
- What Postfix features match subdomains of
- "domain.tld" automatically, instead of requiring an
- explicit ".domain.tld" pattern.
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ What Postfix features match subdomains of "domain.tld" automati-
+ cally, instead of requiring an explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
- applies in the context of a client connection
- request.
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
- Require that a remote SMTP client introduces itself
- with the HELO or EHLO command before sending the
- MAIL command or other commands that require EHLO
- negotiation.
+ Require that a remote SMTP client introduces itself with the
+ HELO or EHLO command before sending the MAIL command or other
+ commands that require EHLO negotiation.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
- applies in the context of a client HELO command.
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
- applies in the context of a client MAIL FROM com-
- mand.
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
- Optional restrictions that the Postfix SMTP server
- applies in the context of a client RCPT TO command,
-
after <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client RCPT TO command, after
+ <a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server
- applies in the context of a client ETRN command.
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client ETRN command.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients
- t
o destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
+ tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
- User-defined aliases for groups of access restric-
- tions.
+ User-defined aliases for groups of access restrictions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
- instead of the null sender address.
+ The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+ the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
- Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
- access feature to only domains whose primary MX
- hosts match the listed networks.
+ Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+ only domains whose primary MX hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
- Optional access restrictions that the Postfix SMTP
- server applies in the context of the SMTP DATA com-
- mand.
+ Optional access restrictions that the Postfix SMTP server
+ applies in the context of the SMTP DATA command.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of
- RBL reply templates.
+ What characters are allowed in $name expansions of RBL reply
+ templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail
- from unknown sender addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
- is specified.
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ access restriction is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail
- for unknown recipient addresses, even when no
- explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
- tion is specified.
+ Request that the Postfix SMTP server rejects mail for unknown
+ recipient addresses, even when no explicit
+ <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
- Optional access restrictions that the Postfix SMTP
- server applies in the context of the SMTP END-OF-
- DATA command.
+ Optional access restrictions that the Postfix SMTP server
+ applies in the context of the SMTP END-OF-DATA command.
Available in Postfix version 2.10 and later:
- <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">per</a>-</b>
- <b><a href="postconf.5.html#permit_sasl_authenticated">mit_sasl_authenticated</a>, <a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
- Access restrictions for mail relay control that the
- Postfix SMTP server applies in the context of the
- RCPT TO command, before <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restric</a>-
- <a href="postconf.5.html#smtpd_recipient_restrictions">tions</a>.
+ <b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
+ <b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
+ Access restrictions for mail relay control that the Postfix SMTP
+ server applies in the context of the RCPT TO command, before
+ <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered. This feature is requested via the reject_unveri-
- fied_sender and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is main-
- tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
- <a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure
- and operate the Postfix sender/recipient address verifica-
- tion service.
+ Postfix version 2.1 introduces sender and recipient address verifica-
+ tion. This feature is implemented by sending probe email messages that
+ are not actually delivered. This feature is requested via the
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is maintained by the
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+ mation about how to configure and operate the Postfix sender/recipient
+ address verification service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
- How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
- the completion of an address verification request
- in progress.
+ How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for the completion
+ of an address verification request in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
- The delay between queries for the completion of an
- address verification request in progress.
+ The delay between queries for the completion of an address veri-
+ fication request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
- The sender address to use in address verification
- probes; prior to Postfix 2.5 the default was "post-
- master".
+ The sender address to use in address verification probes; prior
+ to Postfix 2.5 the default was "postmaster".
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a recipient address is rejected by the
- <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
+ The numerical Postfix SMTP server response code when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a
- recipient address is rejected by the reject_unveri-
- fied_recipient restriction.
+ The numerical Postfix SMTP server response when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+ tion.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a sender address probe fails due to a tempo-
- rary error condition.
+ The numerical Postfix SMTP server response code when a sender
+ address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response when a
- recipient address probe fails due to a temporary
- error condition.
+ The numerical Postfix SMTP server response when a recipient
+ address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
- The Postfix SMTP server's reply when rejecting mail
-
with <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
+ The Postfix SMTP server's reply when rejecting mail with
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>.
<b><a href="postconf.5.html#unverified_recipient_reject_reason">unverified_recipient_reject_reason</a> (empty)</b>
- The Postfix SMTP server's reply when rejecting mail
-
with <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
+ The Postfix SMTP server's reply when rejecting mail with
+ <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
- <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
- <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
- The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unver</a>-
- <a href="postconf.5.html#reject_unverified_sender">ified_sender</a> fails due to a temporary error condi-
- tion.
+ <b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ fails due to a temporary error condition.
- <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
- <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
- The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unver</a>-
- <a href="postconf.5.html#reject_unverified_recipient">ified_recipient</a> fails due to a temporary error con-
- dition.
+ <b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ <a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
- The time between changes in the time-dependent por-
- tion of address verification probe sender
- addresses.
+ The time between changes in the time-dependent portion of
+ address verification probe sender addresses.
<b>ACCESS CONTROL RESPONSES</b>
- The following parameters control numerical SMTP reply
- codes and/or text responses.
+ The following parameters control numerical SMTP reply codes and/or text
+ responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code for
- an <a href="access.5.html"><b>access</b>(5)</a> map "reject" action.
+ The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
+ map "reject" action.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
- the "defer" restriction.
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is rejected by the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code
- when the client HELO or EHLO command parameter is
- rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
- restriction.
+ The numerical Postfix SMTP server response code when the client
+ HELO or EHLO command parameter is rejected by the
+ <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is blocked by the
- <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
- <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
- <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+ <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
+ <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
- The numerical Postfix SMTP server reply code when a
- client request is rejected by the
- <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
- <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
- restriction.
+ The numerical Postfix SMTP server reply code when a client
+ request is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+ <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a request is rejected by the <b>reject_plain-</b>
- <b>text_session</b> restriction.
+ The numerical Postfix SMTP server response code when a request
+ is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is rejected by
- the "reject" restriction.
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is rejected by the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code
- when a client request is rejected by the
- <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
+ The numerical Postfix SMTP server response code when a client
+ request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+ restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a sender or recipient address is rejected by
- the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
- <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
+ The numerical Postfix SMTP server response code when a sender or
+ recipient address is rejected by the
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when a client without valid address <=> name map-
- ping is rejected by the reject_unknown_client_host-
- name restriction.
+ The numerical Postfix SMTP server response code when a client
+ without valid address <=> name mapping is rejected by the
+ <a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code
- when the hostname specified with the HELO or EHLO
- command is rejected by the
+ The numerical Postfix SMTP server response code when the host-
+ name specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default Postfix SMTP server response template
- for a request that is rejected by an RBL-based
- restriction.
+ The default Postfix SMTP server response template for a request
+ that is rejected by an RBL-based restriction.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code
- when a remote SMTP client request is blocked by the
- <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
+ The numerical Postfix SMTP server response code when a remote
+ SMTP client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ <a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
Optional lookup tables with RBL response templates.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code for
- an <a href="access.5.html"><b>access</b>(5)</a> map "defer" action, including
- "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
+ The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
+ map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
+ "<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
<b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
- The Postfix SMTP server's action when a reject-type
- restriction fails due to a temporary error condi-
- tion.
+ The Postfix SMTP server's action when a reject-type restriction
+ fails due to a temporary error condition.
- <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_temp</a>-</b>
- <b><a href="postconf.5.html#reject_tempfail_action">fail_action</a>)</b>
- The Postfix SMTP server's action when
- <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> fails due to an tempo-
- rary error condition.
+ <b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
+ The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when
- <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
- <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> fail due to a tem-
- porary error condition.
+ The Postfix SMTP server's action when
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ fail due to a temporary error condition.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
- The location of all postfix administrative com-
- mands.
+ The location of all postfix administrative commands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that
- are generated by the mail system.
+ The sender address of postmaster notifications that are gener-
+ ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received:
- headers, in the SMTP greeting banner, and in
- bounced mail.
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" remote SMTP clients that have
- more privileges than "strangers".
+ The list of "trusted" remote SMTP clients that have more privi-
+ leges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
- ered to.
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name
- from its extension (example: user+foo), or a .for-
- ward file name from its extension (example: .for-
- ward+foo).
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
+ extension (example: .forward+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the
- SMTP greeting banner.
+ The text that follows the 220 status code in the SMTP greeting
+ banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that cause the Postfix SMTP server
- to immediately terminate the session with a 221
- code.
+ List of commands that cause the Postfix SMTP server to immedi-
+ ately terminate the session with a 221 code.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtpd_client_port_logging">smtpd_client_port_logging</a> (no)</b>
- Enable logging of the remote SMTP client port in
- addition to the hostname and IP address.
+ Enable logging of the remote SMTP client port in addition to the
+ hostname and IP address.
<b>SEE ALSO</b>
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="socketmap_table.html">socketmap</a>:unix:</b><i>pathname</i><b>:</b><i>name</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting. mail routing or policy lookup.
+ The Postfix mail system uses optional tables for address rewriting.
+ mail routing or policy lookup.
- The Postfix socketmap client expects TCP endpoint names of
- the form <b>inet:</b><i>host</i><b>:</b><i>port</i><b>:</b><i>name</i>, or UNIX-domain endponts of
- the form <b>unix:</b><i>pathname</i><b>:</b><i>name</i>. In both cases, <i>name</i> speci-
- fies the name field in a socketmap client request (see
- "REQUEST FORMAT" below).
+ The Postfix socketmap client expects TCP endpoint names of the form
+ <b>inet:</b><i>host</i><b>:</b><i>port</i><b>:</b><i>name</i>, or UNIX-domain endponts of the form <b>unix:</b><i>path-</i>
+ <i>name</i><b>:</b><i>name</i>. In both cases, <i>name</i> specifies the name field in a socketmap
+ client request (see "REQUEST FORMAT" below).
<b>PROTOCOL</b>
- Socketmaps use a simple protocol: the client sends one
- request, and the server sends one reply. Each request and
- reply are sent as one netstring object.
+ Socketmaps use a simple protocol: the client sends one request, and the
+ server sends one reply. Each request and reply are sent as one net-
+ string object.
<b>REQUEST FORMAT</b>
The socketmap protocol supports only the lookup request.
- Postfix will not generate partial search keys such as
- domain names without one or more subdomains, network
- addresses without one or more least-significant octets, or
- email addresses without the localpart, address extension
- or domain portion. This behavior is also found with <a href="cidr_table.5.html">cidr</a>:,
- <a href="pcre_table.5.html">pcre</a>:, and <a href="regexp_table.5.html">regexp</a>: tables.
+ Postfix will not generate partial search keys such as domain names
+ without one or more subdomains, network addresses without one or more
+ least-significant octets, or email addresses without the localpart,
+ address extension or domain portion. This behavior is also found with
+ <a href="cidr_table.5.html">cidr</a>:, <a href="pcre_table.5.html">pcre</a>:, and <a href="regexp_table.5.html">regexp</a>: tables.
<i>name</i> <<b>space</b>> <i>key</i>
Search the named socketmap for the specified key.
<b>REPLY FORMAT</b>
- The Postfix socketmap client requires that replies are not
- longer than 100000 characters (not including the netstring
- encapsulation). Replies must have the following form:
+ The Postfix socketmap client requires that replies are not longer than
+ 100000 characters (not including the netstring encapsulation). Replies
+ must have the following form:
<b>OK</b> <<b>space</b>> <i>data</i>
The requested data was found.
<b>TIMEOUT</b> <<b>space</b>> <i>reason</i>
<b>PERM</b> <<b>space</b>> <i>reason</i>
- The request failed. The reason, if non-empty, is
- descriptive text.
+ The request failed. The reason, if non-empty, is descriptive
+ text.
<b>SECURITY</b>
This map cannot be used for security-sensitive information,
The protocol limits are not yet configurable.
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
Socketmap support was introduced with Postfix version 2.10.
<b>spawn</b> [generic Postfix daemon options] command_attributes...
<b>DESCRIPTION</b>
- The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon provides the Postfix equivalent of
- <b>inetd</b>. It listens on a port as specified in the Postfix
- <a href="master.5.html"><b>master.cf</b></a> file and spawns an external command whenever a
- connection is established. The connection can be made
- over local IPC (such as UNIX-domain sockets) or over non-
- local IPC (such as TCP sockets). The command's standard
- input, output and error streams are connected directly to
- the communication endpoint.
-
- This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process
- manager.
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon provides the Postfix equivalent of <b>inetd</b>. It lis-
+ tens on a port as specified in the Postfix <a href="master.5.html"><b>master.cf</b></a> file and spawns an
+ external command whenever a connection is established. The connection
+ can be made over local IPC (such as UNIX-domain sockets) or over non-
+ local IPC (such as TCP sockets). The command's standard input, output
+ and error streams are connected directly to the communication endpoint.
+
+ This daemon expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
<b>COMMAND ATTRIBUTE SYNTAX</b>
- The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a>
- file at the end of a service definition. The syntax is as
- follows:
+ The external command attributes are given in the <a href="master.5.html"><b>master.cf</b></a> file at the
+ end of a service definition. The syntax is as follows:
<b>user</b>=<i>username</i> (required)
<b>user</b>=<i>username</i>:<i>groupname</i>
- The external command is executed with the rights of
- the specified <i>username</i>. The software refuses to
- execute commands with root privileges, or with the
- privileges of the mail system owner. If <i>groupname</i>
- is specified, the corresponding group ID is used
- instead of the group ID of <i>username</i>.
+ The external command is executed with the rights of the speci-
+ fied <i>username</i>. The software refuses to execute commands with
+ root privileges, or with the privileges of the mail system
+ owner. If <i>groupname</i> is specified, the corresponding group ID is
+ used instead of the group ID of <i>username</i>.
<b>argv</b>=<i>command</i>... (required)
- The command to be executed. This must be specified
- as the last command attribute. The command is exe-
- cuted directly, i.e. without interpretation of
- shell meta characters by a shell command inter-
- preter.
+ The command to be executed. This must be specified as the last
+ command attribute. The command is executed directly, i.e. with-
+ out interpretation of shell meta characters by a shell command
+ interpreter.
<b>BUGS</b>
- In order to enforce standard Postfix process resource con-
- trols, the <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon runs only one external command
- at a time. As such, it presents a noticeable overhead by
- wasting precious process resources. The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is
- expected to be replaced by a more structural solution.
+ In order to enforce standard Postfix process resource controls, the
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon runs only one external command at a time. As such, it
+ presents a noticeable overhead by wasting precious process resources.
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon is expected to be replaced by a more structural
+ solution.
<b>DIAGNOSTICS</b>
- The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Prob-
- lems are logged to <b>syslogd</b>(8).
+ The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged
+ to <b>syslogd</b>(8).
<b>SECURITY</b>
- This program needs root privilege in order to execute
- external commands as the specified user. It is therefore
- security sensitive. However the <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not
- talk to the external command and thus is not vulnerable to
- data-driven attacks.
+ This program needs root privilege in order to execute external commands
+ as the specified user. It is therefore security sensitive. However the
+ <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon does not talk to the external command and thus is not
+ vulnerable to data-driven attacks.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a>
- processes run for only a limited amount of time. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="spawn.8.html"><b>spawn</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
- In the text below, <i>transport</i> is the first field of the
-
entry in the <a href="master.5.html"><b>master.cf</b></a> file.
+ In the text below, <i>transport</i> is the first field of the entry in the
+ <a href="master.5.html"><b>master.cf</b></a> file.
<b>RESOURCE AND RATE CONTROL</b>
<b><a href="postconf.5.html#transport_time_limit"><i>transport</i>_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
- The amount of time the command is allowed to run
- before it is terminated.
+ The amount of time the command is allowed to run before it is
+ terminated.
- Postfix 2.4 and later support a suffix that speci-
- fies the time unit: s (seconds), m (minutes), h
- (hours), d (days), w (weeks). The default time unit
- is seconds.
+ Postfix 2.4 and later support a suffix that specifies the time
+ unit: s (seconds), m (minutes), h (hours), d (days), w (weeks).
+ The default time unit is seconds.
<b>MISCELLANEOUS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix
- process will export to non-Postfix processes.
+ The list of environment variables that a Postfix process will
+ export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue
- and most Postfix daemon processes.
+ The UNIX system account that owns the Postfix queue and most
+ Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - <a href="sqlite_table.5.html">sqlite</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format.
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format.
- Alternatively, lookup tables can be specified as SQLite
- databases. In order to use SQLite lookups, define an
-
SQLite source as a lookup table in <a href="postconf.5.html">main.cf</a>, for example:
+ Alternatively, lookup tables can be specified as SQLite databases. In
+ order to use SQLite lookups, define an SQLite source as a lookup table
+ in <a href="postconf.5.html">main.cf</a>, for example:
<a href="postconf.5.html#alias_maps">alias_maps</a> = <a href="sqlite_table.5.html">sqlite</a>:/etc/sqlite-aliases.cf
- The file /etc/postfix/sqlite-aliases.cf has the same for-
- mat as the Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the
- parameters described below.
+ The file /etc/postfix/sqlite-aliases.cf has the same format as the
+ Postfix <a href="postconf.5.html">main.cf</a> file, and can specify the parameters described below.
<b>BACKWARDS COMPATIBILITY</b>
- For compatibility with other Postfix lookup tables, SQLite
- parameters can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do
- that, specify as SQLite source a name that doesn't begin
- with a slash or a dot. The SQLite parameters will then be
- accessible as the name you've given the source in its def-
- inition, an underscore, and the name of the parameter.
- For example, if the map is specified as "<a href="sqlite_table.5.html">sqlite</a>:<i>sqlite-</i>
- <i>name</i>", the parameter "query" below would be defined in
- <a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
-
- Normally, the SQL query is specified via a single <b>query</b>
- parameter (described in more detail below). When this
- parameter is not specified in the map definition, Postfix
- reverts to an older interface, with the SQL query con-
- structed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
- <b>additional_conditions</b> parameters. The old interface will
- be gradually phased out. To migrate to the new interface
- set:
+ For compatibility with other Postfix lookup tables, SQLite parameters
+ can also be defined in <a href="postconf.5.html">main.cf</a>. In order to do that, specify as SQLite
+ source a name that doesn't begin with a slash or a dot. The SQLite
+ parameters will then be accessible as the name you've given the source
+ in its definition, an underscore, and the name of the parameter. For
+ example, if the map is specified as "<a href="sqlite_table.5.html">sqlite</a>:<i>sqlitename</i>", the parameter
+ "query" below would be defined in <a href="postconf.5.html">main.cf</a> as "<i>sqlitename</i>_query".
+
+ Normally, the SQL query is specified via a single <b>query</b> parameter
+ (described in more detail below). When this parameter is not specified
+ in the map definition, Postfix reverts to an older interface, with the
+ SQL query constructed from the <b>select_field</b>, <b>table</b>, <b>where_field</b> and
+ <b>additional_conditions</b> parameters. The old interface will be gradually
+ phased out. To migrate to the new interface set:
<b>query</b> = SELECT [<i>select</i><b>_</b><i>field</i>]
FROM [<i>table</i>]
WHERE [<i>where</i><b>_</b><i>field</i>] = '%s'
[<i>additional</i><b>_</b><i>conditions</i>]
- Insert the value, not the name, of each legacy parameter.
- Note that the <b>additional_conditions</b> parameter is optional
- and if not empty, will always start with <b>AND</b>.
+ Insert the value, not the name, of each legacy parameter. Note that the
+ <b>additional_conditions</b> parameter is optional and if not empty, will
+ always start with <b>AND</b>.
<b>LIST MEMBERSHIP</b>
- When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydes</a>-
- <a href="postconf.5.html#mydestination">tination</a>, $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it
- is important to understand that the table must store each
- list member as a separate key. The table lookup verifies
- the *existence* of the key. See "Postfix lists versus
- tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
+ When using SQL to store lists such as $<a href="postconf.5.html#mynetworks">mynetworks</a>, $<a href="postconf.5.html#mydestination">mydestination</a>,
+ $<a href="postconf.5.html#relay_domains">relay_domains</a>, $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, etc., it is important to under-
+ stand that the table must store each list member as a separate key. The
+ table lookup verifies the *existence* of the key. See "Postfix lists
+ versus tables" in the <a href="DATABASE_README.html">DATABASE_README</a> document for a discussion.
- Do NOT create tables that return the full list of domains
- in $<a href="postconf.5.html#mydestination">mydestination</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses
- in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
+ Do NOT create tables that return the full list of domains in $<a href="postconf.5.html#mydestination">mydesti</a>-
+ <a href="postconf.5.html#mydestination">nation</a> or $<a href="postconf.5.html#relay_domains">relay_domains</a> etc., or IP addresses in $<a href="postconf.5.html#mynetworks">mynetworks</a>.
- DO create tables with each matching item as a key and with
- an arbitrary value. With SQL databases it is not uncommon
- to return the key itself or a constant value.
+ DO create tables with each matching item as a key and with an arbitrary
+ value. With SQL databases it is not uncommon to return the key itself
+ or a constant value.
<b>SQLITE PARAMETERS</b>
<b>dbpath</b> The SQLite database file location. Example:
dbpath = customer_database
- <b>query</b> The SQL query template used to search the database,
- where <b>%s</b> is a substitute for the address Postfix is
- trying to resolve, e.g.
+ <b>query</b> The SQL query template used to search the database, where <b>%s</b> is
+ a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
- This parameter supports the following '%' expan-
- sions:
+ This parameter supports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the input key. SQL
- quoting is used to make sure that the input
- key does not add unexpected metacharacters.
-
- <b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the SQL
- quoted local part of the address. Other-
- wise, <b>%u</b> is replaced by the entire search
- string. If the localpart is empty, the
- query is suppressed and returns no results.
-
- <b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the SQL
- quoted domain part of the address. Other-
- wise, the query is suppressed and returns no
- results.
-
- <b>%[SUD]</b> The upper-case equivalents of the above
- expansions behave in the <b>query</b> parameter
- identically to their lower-case counter-
- parts. With the <b>result_format</b> parameter
- (see below), they expand the input key
- rather than the result value.
-
- <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by
- the corresponding most significant component
- of the input key's domain. If the input key
- is <i>user@mail.example.com</i>, then %1 is <b>com</b>, %2
- is <b>example</b> and %3 is <b>mail</b>. If the input key
- is unqualified or does not have enough
- domain components to satisfy all the speci-
- fied patterns, the query is suppressed and
- returns no results.
-
- The <b>domain</b> parameter described below limits the
- input keys to addresses in matching domains. When
- the <b>domain</b> parameter is non-empty, SQL queries for
- unqualified addresses or addresses in non-matching
- domains are suppressed and return no results.
-
- This parameter is available with Postfix 2.2. In
- prior releases the SQL query was built from the
- separate parameters: <b>select_field</b>, <b>table</b>,
- <b>where_field</b> and <b>additional_conditions</b>. The mapping
- from the old parameters to the equivalent query is:
+ <b>%s</b> This is replaced by the input key. SQL quoting is used
+ to make sure that the input key does not add unexpected
+ metacharacters.
+
+ <b>%u</b> When the input key is an address of the form user@domain,
+ <b>%u</b> is replaced by the SQL quoted local part of the
+ address. Otherwise, <b>%u</b> is replaced by the entire search
+ string. If the localpart is empty, the query is sup-
+ pressed and returns no results.
+
+ <b>%d</b> When the input key is an address of the form user@domain,
+ <b>%d</b> is replaced by the SQL quoted domain part of the
+ address. Otherwise, the query is suppressed and returns
+ no results.
+
+ <b>%[SUD]</b> The upper-case equivalents of the above expansions behave
+ in the <b>query</b> parameter identically to their lower-case
+ counter-parts. With the <b>result_format</b> parameter (see
+ below), they expand the input key rather than the result
+ value.
+
+ <b>%[1-9]</b> The patterns %1, %2, ... %9 are replaced by the corre-
+ sponding most significant component of the input key's
+ domain. If the input key is <i>user@mail.example.com</i>, then
+ %1 is <b>com</b>, %2 is <b>example</b> and %3 is <b>mail</b>. If the input key
+ is unqualified or does not have enough domain components
+ to satisfy all the specified patterns, the query is sup-
+ pressed and returns no results.
+
+ The <b>domain</b> parameter described below limits the input keys to
+ addresses in matching domains. When the <b>domain</b> parameter is non-
+ empty, SQL queries for unqualified addresses or addresses in
+ non-matching domains are suppressed and return no results.
+
+ This parameter is available with Postfix 2.2. In prior releases
+ the SQL query was built from the separate parameters:
+ <b>select_field</b>, <b>table</b>, <b>where_field</b> and <b>additional_conditions</b>. The
+ mapping from the old parameters to the equivalent query is:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The '%s' in the <b>WHERE</b> clause expands to the escaped
- search string. With Postfix 2.2 these legacy
- parameters are used if the <b>query</b> parameter is not
- specified.
+ The '%s' in the <b>WHERE</b> clause expands to the escaped search
+ string. With Postfix 2.2 these legacy parameters are used if
+ the <b>query</b> parameter is not specified.
NOTE: DO NOT put quotes around the query parameter.
<b>result_format (default: %s</b>)
- Format template applied to result attributes. Most
- commonly used to append (or prepend) text to the
- result. This parameter supports the following '%'
- expansions:
+ Format template applied to result attributes. Most commonly used
+ to append (or prepend) text to the result. This parameter sup-
+ ports the following '%' expansions:
<b>%%</b> This is replaced by a literal '%' character.
- <b>%s</b> This is replaced by the value of the result
- attribute. When result is empty it is
- skipped.
+ <b>%s</b> This is replaced by the value of the result attribute.
+ When result is empty it is skipped.
- <b>%u</b> When the result attribute value is an
- address of the form user@domain, <b>%u</b> is
- replaced by the local part of the address.
- When the result has an empty localpart it is
+ <b>%u</b> When the result attribute value is an address of the form
+ user@domain, <b>%u</b> is replaced by the local part of the
+ address. When the result has an empty localpart it is
skipped.
- <b>%d</b> When a result attribute value is an address
- of the form user@domain, <b>%d</b> is replaced by
- the domain part of the attribute value. When
- the result is unqualified it is skipped.
+ <b>%d</b> When a result attribute value is an address of the form
+ user@domain, <b>%d</b> is replaced by the domain part of the
+ attribute value. When the result is unqualified it is
+ skipped.
<b>%[SUD1-9]</b>
- The upper-case and decimal digit expansions
- interpolate the parts of the input key
- rather than the result. Their behavior is
- identical to that described with <b>query</b>, and
- in fact because the input key is known in
- advance, queries whose key does not contain
- all the information specified in the result
- template are suppressed and return no
- results.
-
- For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]"
- allows one to use a mailHost attribute as the basis
- of a <a href="transport.5.html">transport(5)</a> table. After applying the result
- format, multiple values are concatenated as comma
- separated strings. The expansion_limit and parame-
- ter explained below allows one to restrict the num-
- ber of values in the result, which is especially
- useful for maps that must return at most one value.
-
- The default value <b>%s</b> specifies that each result
- value should be used as is.
-
- This parameter is available with Postfix 2.2 and
- later.
+ The upper-case and decimal digit expansions interpolate
+ the parts of the input key rather than the result. Their
+ behavior is identical to that described with <b>query</b>, and
+ in fact because the input key is known in advance,
+ queries whose key does not contain all the information
+ specified in the result template are suppressed and
+ return no results.
+
+ For example, using "result_format = <a href="smtp.8.html">smtp</a>:[%s]" allows one to use
+ a mailHost attribute as the basis of a <a href="transport.5.html">transport(5)</a> table. After
+ applying the result format, multiple values are concatenated as
+ comma separated strings. The expansion_limit and parameter
+ explained below allows one to restrict the number of values in
+ the result, which is especially useful for maps that must return
+ at most one value.
+
+ The default value <b>%s</b> specifies that each result value should be
+ used as is.
+
+ This parameter is available with Postfix 2.2 and later.
NOTE: DO NOT put quotes around the result format!
<b>domain (default: no domain list)</b>
- This is a list of domain names, paths to files, or
- dictionaries. When specified, only fully qualified
- search keys with a *non-empty* localpart and a
- matching domain are eligible for lookup: 'user'
- lookups, bare domain lookups and "@domain" lookups
- are not performed. This can significantly reduce
- the query load on the SQLite server.
+ This is a list of domain names, paths to files, or dictionaries.
+ When specified, only fully qualified search keys with a *non-
+ empty* localpart and a matching domain are eligible for lookup:
+ 'user' lookups, bare domain lookups and "@domain" lookups are
+ not performed. This can significantly reduce the query load on
+ the SQLite server.
domain = postfix.org, <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/searchdomains
- It is best not to use SQL to store the domains eli-
- gible for SQL lookups.
+ It is best not to use SQL to store the domains eligible for SQL
+ lookups.
- This parameter is available with Postfix 2.2 and
- later.
+ This parameter is available with Postfix 2.2 and later.
- NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
- aliases, because the input keys are always unquali-
- fied.
+ NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> aliases, because
+ the input keys are always unqualified.
<b>expansion_limit (default: 0)</b>
- A limit on the total number of result elements
- returned (as a comma separated list) by a lookup
- against the map. A setting of zero disables the
- limit. Lookups fail with a temporary error if the
- limit is exceeded. Setting the limit to 1 ensures
- that lookups do not return multiple values.
+ A limit on the total number of result elements returned (as a
+ comma separated list) by a lookup against the map. A setting of
+ zero disables the limit. Lookups fail with a temporary error if
+ the limit is exceeded. Setting the limit to 1 ensures that
+ lookups do not return multiple values.
<b>OBSOLETE QUERY INTERFACE</b>
- This section describes an interface that is deprecated as
- of Postfix 2.2. It is replaced by the more general <b>query</b>
- interface described above. If the <b>query</b> parameter is
- defined, the legacy parameters described here ignored.
- Please migrate to the new interface as the legacy inter-
- face may be removed in a future release.
+ This section describes an interface that is deprecated as of Postfix
+ 2.2. It is replaced by the more general <b>query</b> interface described
+ above. If the <b>query</b> parameter is defined, the legacy parameters
+ described here ignored. Please migrate to the new interface as the
+ legacy interface may be removed in a future release.
- The following parameters can be used to fill in a SELECT
- template statement of the form:
+ The following parameters can be used to fill in a SELECT template
+ statement of the form:
SELECT [<b>select_field</b>]
FROM [<b>table</b>]
WHERE [<b>where_field</b>] = '%s'
[<b>additional_conditions</b>]
- The specifier %s is replaced by the search string, and is
- escaped so if it contains single quotes or other odd char-
- acters, it will not cause a parse error, or worse, a secu-
- rity problem.
+ The specifier %s is replaced by the search string, and is escaped so if
+ it contains single quotes or other odd characters, it will not cause a
+ parse error, or worse, a security problem.
<b>select_field</b>
The SQL "select" parameter. Example:
<a href="SQLITE_README.html">SQLITE_README</a>, Postfix SQLITE howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
SQLite support was introduced with Postfix version 2.8.
<b>postmap -q - <a href="tcp_table.5.html">tcp</a>:</b><i>host:port</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix mail system uses optional tables for address
- rewriting or mail routing. These tables are usually in <b>dbm</b>
- or <b>db</b> format. Alternatively, table lookups can be directed
- to a TCP server.
+ The Postfix mail system uses optional tables for address rewriting or
+ mail routing. These tables are usually in <b>dbm</b> or <b>db</b> format. Alterna-
+ tively, table lookups can be directed to a TCP server.
- To find out what types of lookup tables your Postfix sys-
- tem supports use the "<b>postconf -m</b>" command.
+ To find out what types of lookup tables your Postfix system supports
+ use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -q</b>" command as
- described in the SYNOPSIS above.
+ To test lookup tables, use the "<b>postmap -q</b>" command as described in the
+ SYNOPSIS above.
<b>PROTOCOL DESCRIPTION</b>
- The TCP map class implements a very simple protocol: the
- client sends a request, and the server sends one reply.
- Requests and replies are sent as one line of ASCII text,
- terminated by the ASCII newline character. Request and
- reply parameters (see below) are separated by whitespace.
+ The TCP map class implements a very simple protocol: the client sends a
+ request, and the server sends one reply. Requests and replies are sent
+ as one line of ASCII text, terminated by the ASCII newline character.
+ Request and reply parameters (see below) are separated by whitespace.
- Send and receive operations must complete in 100 seconds.
+ Send and receive operations must complete in 100 seconds.
<b>REQUEST FORMAT</b>
- Each request specifies a command, a lookup key, and possi-
- bly a lookup result.
+ Each request specifies a command, a lookup key, and possibly a lookup
+ result.
<b>get</b> SPACE <i>key</i> NEWLINE
Look up data under the specified key.
This request is currently not implemented.
<b>REPLY FORMAT</b>
- Each reply specifies a status code and text. Replies must
- be no longer than 4096 characters including the newline
- terminator.
+ Each reply specifies a status code and text. Replies must be no longer
+ than 4096 characters including the newline terminator.
<b>500</b> SPACE <i>text</i> NEWLINE
- In case of a lookup request, the requested data
- does not exist. In case of an update request, the
- request was rejected. The text describes the
- nature of the problem.
+ In case of a lookup request, the requested data does not exist.
+ In case of an update request, the request was rejected. The
+ text describes the nature of the problem.
<b>400</b> SPACE <i>text</i> NEWLINE
- This indicates an error condition. The text
- describes the nature of the problem. The client
- should retry the request later.
+ This indicates an error condition. The text describes the nature
+ of the problem. The client should retry the request later.
<b>200</b> SPACE <i>text</i> NEWLINE
- The request was successful. In the case of a lookup
- request, the text contains an encoded version of
- the requested data.
+ The request was successful. In the case of a lookup request, the
+ text contains an encoded version of the requested data.
<b>ENCODING</b>
- In request and reply parameters, the character %, each
- non-printing character, and each whitespace character must
- be replaced by %XX, where XX is the corresponding ASCII
- hexadecimal character value. The hexadecimal codes can be
- specified in any case (upper, lower, mixed).
+ In request and reply parameters, the character %, each non-printing
+ character, and each whitespace character must be replaced by %XX, where
+ XX is the corresponding ASCII hexadecimal character value. The hexadec-
+ imal codes can be specified in any case (upper, lower, mixed).
- The Postfix client always encodes a request. The server
- may omit the encoding as long as the reply is guaranteed
- to not contain the % or NEWLINE character.
+ The Postfix client always encodes a request. The server may omit the
+ encoding as long as the reply is guaranteed to not contain the % or
+ NEWLINE character.
<b>SECURITY</b>
- Do not use TCP lookup tables for security critical pur-
- poses. The client-server connection is not protected and
- the server is not authenticated.
+ Do not use TCP lookup tables for security critical purposes. The
+ client-server connection is not protected and the server is not authen-
+ ticated.
<b>BUGS</b>
Only the lookup method is currently implemented.
- The client does not hang up when the connection is idle
- for a long time.
+ The client does not hang up when the connection is idle for a long
+ time.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>tlsmgr</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> manages the Postfix TLS session caches. It
- stores and retrieves cache entries on request by <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes, and periodically removes entries
- that have expired.
-
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> also manages the PRNG (pseudo random number
- generator) pool. It answers queries by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and
- <a href="smtp.8.html"><b>smtp</b>(8)</a> processes to seed their internal PRNG pools.
-
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>'s PRNG pool is initially seeded from an
- external source (EGD, /dev/urandom, or regular file). It
- is updated at configurable pseudo-random intervals with
- data from the external source. It is updated periodically
- with data from TLS session cache entries and with the time
- of day, and is updated with the time of day whenever a
- process requests <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service.
-
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> saves the PRNG state to an exchange file
- periodically and when the process terminates, and reads
- the exchange file when initializing its PRNG.
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> manages the Postfix TLS session caches. It stores and
+ retrieves cache entries on request by <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes,
+ and periodically removes entries that have expired.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> also manages the PRNG (pseudo random number generator)
+ pool. It answers queries by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="smtp.8.html"><b>smtp</b>(8)</a> processes to seed
+ their internal PRNG pools.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>'s PRNG pool is initially seeded from an external source
+ (EGD, /dev/urandom, or regular file). It is updated at configurable
+ pseudo-random intervals with data from the external source. It is
+ updated periodically with data from TLS session cache entries and with
+ the time of day, and is updated with the time of day whenever a process
+ requests <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service.
+
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> saves the PRNG state to an exchange file periodically and
+ when the process terminates, and reads the exchange file when initial-
+ izing its PRNG.
<b>SECURITY</b>
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is not security-sensitive. The code that
- maintains the external and internal PRNG pools does not
- "trust" the data that it manipulates, and the code that
- maintains the TLS session cache does not touch the con-
- tents of the cached entries, except for seeding its inter-
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is not security-sensitive. The code that maintains the
+ external and internal PRNG pools does not "trust" the data that it
+ manipulates, and the code that maintains the TLS session cache does not
+ touch the contents of the cached entries, except for seeding its inter-
nal PRNG pool.
- The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> can be run chrooted and with reduced privi-
- leges. At process startup it connects to the entropy
- source and exchange file, and creates or truncates the
- optional TLS session cache files.
+ The <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> can be run chrooted and with reduced privileges. At
+ process startup it connects to the entropy source and exchange file,
+ and creates or truncates the optional TLS session cache files.
- With Postfix version 2.5 and later, the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> no
- longer uses root privileges when opening cache files.
- These files should now be stored under the Postfix-owned
- <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt to open a
- cache file under a non-Postfix directory is redirected to
- the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
+ With Postfix version 2.5 and later, the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> no longer uses root
+ privileges when opening cache files. These files should now be stored
+ under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a migration aid, an attempt
+ to open a cache file under a non-Postfix directory is redirected to the
+ Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to the syslog daemon.
<b>BUGS</b>
- There is no automatic means to limit the number of entries
- in the TLS session caches and/or the size of the TLS cache
- files.
+ There is no automatic means to limit the number of entries in the TLS
+ session caches and/or the size of the TLS cache files.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically,
- because <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> is a persistent processes. Use the com-
- mand "<b>postfix reload</b>" after a configuration change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, because <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ is a persistent processes. Use the command "<b>postfix reload</b>" after a
+ configuration change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>TLS SESSION CACHE</b>
<b><a href="postconf.5.html#lmtp_tls_loglevel">lmtp_tls_loglevel</a> (0)</b>
- The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a>
- configuration parameter.
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> configuration
+ parameter.
<b><a href="postconf.5.html#lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a> (empty)</b>
- The LMTP-specific version of the smtp_tls_ses-
- sion_cache_database configuration parameter.
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
+ configuration parameter.
<b><a href="postconf.5.html#lmtp_tls_session_cache_timeout">lmtp_tls_session_cache_timeout</a> (3600s)</b>
- The LMTP-specific version of the smtp_tls_ses-
- sion_cache_timeout configuration parameter.
+ The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a>
+ configuration parameter.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
- TLS activity.
+ Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
- SMTP client TLS session cache.
+ Name of the file containing the optional Postfix SMTP client TLS
+ session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS ses-
- sion cache information.
+ The expiration time of Postfix SMTP client TLS session cache
+ information.
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP server logging of
- TLS activity.
+ Enable additional Postfix SMTP server logging of TLS activity.
<b><a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
- SMTP server TLS session cache.
+ Name of the file containing the optional Postfix SMTP server TLS
+ session cache.
<b><a href="postconf.5.html#smtpd_tls_session_cache_timeout">smtpd_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP server TLS ses-
- sion cache information.
+ The expiration time of Postfix SMTP server TLS session cache
+ information.
<b>PSEUDO RANDOM NUMBER GENERATOR</b>
<b><a href="postconf.5.html#tls_random_source">tls_random_source</a> (see 'postconf -d' output)</b>
- The external entropy source for the in-memory
- <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> pseudo random number generator (PRNG)
- pool.
+ The external entropy source for the in-memory <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> pseudo
+ random number generator (PRNG) pool.
<b><a href="postconf.5.html#tls_random_bytes">tls_random_bytes</a> (32)</b>
- The number of bytes that <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> reads from
- $<a href="postconf.5.html#tls_random_source">tls_random_source</a> when (re)seeding the in-memory
- pseudo random number generator (PRNG) pool.
+ The number of bytes that <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> reads from $<a href="postconf.5.html#tls_random_source">tls_random_source</a>
+ when (re)seeding the in-memory pseudo random number generator
+ (PRNG) pool.
<b><a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a> (see 'postconf -d' output)</b>
- Name of the pseudo random number generator (PRNG)
-
state file that is maintained by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>.
+ Name of the pseudo random number generator (PRNG) state file
+ that is maintained by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>.
<b><a href="postconf.5.html#tls_random_prng_update_period">tls_random_prng_update_period</a> (3600s)</b>
- The time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to save the
- state of the pseudo random number generator (PRNG)
- to the file specified with $<a href="postconf.5.html#tls_random_exchange_name">tls_ran</a>-
- <a href="postconf.5.html#tls_random_exchange_name">dom_exchange_name</a>.
+ The time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to save the state of the
+ pseudo random number generator (PRNG) to the file specified with
+ $<a href="postconf.5.html#tls_random_exchange_name">tls_random_exchange_name</a>.
<b><a href="postconf.5.html#tls_random_reseed_period">tls_random_reseed_period</a> (3600s)</b>
- The maximal time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to
- re-seed the in-memory pseudo random number genera-
- tor (PRNG) pool from external sources.
+ The maximal time between attempts by <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> to re-seed the
+ in-memory pseudo random number generator (PRNG) pool from exter-
+ nal sources.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#data_directory">data_directory</a> (see 'postconf -d' output)</b>
- The directory with Postfix-writable data files (for
- example: caches, pseudo-random numbers).
+ The directory with Postfix-writable data files (for example:
+ caches, pseudo-random numbers).
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtp.8.html">smtp(8)</a>, Postfix SMTP client
<a href="TLS_README.html">TLS_README</a>, Postfix TLS configuration and operation
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.2.
<b>tlsproxy</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server implements a server-side TLS proxy.
- It is used by <a href="postscreen.8.html"><b>postscreen</b>(8)</a> to talk SMTP-over-TLS with
- remote SMTP clients that are not whitelisted (including
- clients whose whitelist status has expired), but it should
- also work for non-SMTP protocols.
+ The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server implements a server-side TLS proxy. It is used
+ by <a href="postscreen.8.html"><b>postscreen</b>(8)</a> to talk SMTP-over-TLS with remote SMTP clients that
+ are not whitelisted (including clients whose whitelist status has
+ expired), but it should also work for non-SMTP protocols.
- Although one <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process can serve multiple ses-
- sions at the same time, it is a good idea to allow the
- number of processes to increase with load, so that the
- service remains responsive.
+ Although one <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process can serve multiple sessions at the
+ same time, it is a good idea to allow the number of processes to
+ increase with load, so that the service remains responsive.
<b>PROTOCOL EXAMPLE</b>
- The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is agnostic of the application proto-
- col, and the example is easily adapted to other applica-
- tions.
-
- After receiving a valid remote SMTP client STARTTLS com-
- mand, the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server sends the remote SMTP
- client endpoint string, the requested role (server), and
- the requested timeout to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. <a href="postscreen.8.html"><b>postscreen</b>(8)</a> then
- receives a "TLS available" indication from <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>.
- If the TLS service is available, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends the
- remote SMTP client file descriptor to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>, and
- sends the plaintext 220 greeting to the remote SMTP
- client. This triggers TLS negotiations between the remote
- SMTP client and <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. Upon completion of the TLS-
- level handshake, <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> translates between plaintext
- from/to <a href="postscreen.8.html"><b>postscreen</b>(8)</a> and ciphertext to/from the remote
- SMTP client.
+ The example below concerns <a href="postscreen.8.html"><b>postscreen</b>(8)</a>. However, the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ server is agnostic of the application protocol, and the example is eas-
+ ily adapted to other applications.
+
+ After receiving a valid remote SMTP client STARTTLS command, the
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server sends the remote SMTP client endpoint string, the
+ requested role (server), and the requested timeout to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>.
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> then receives a "TLS available" indication from
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. If the TLS service is available, <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends the
+ remote SMTP client file descriptor to <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>, and sends the plain-
+ text 220 greeting to the remote SMTP client. This triggers TLS negoti-
+ ations between the remote SMTP client and <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>. Upon completion
+ of the TLS-level handshake, <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> translates between plaintext
+ from/to <a href="postscreen.8.html"><b>postscreen</b>(8)</a> and ciphertext to/from the remote SMTP client.
<b>SECURITY</b>
- The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is moderately security-sensitive.
- It talks to untrusted clients on the network. The process
- can be run chrooted at fixed low privilege.
+ The <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server is moderately security-sensitive. It talks to
+ untrusted clients on the network. The process can be run chrooted at
+ fixed low privilege.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> processes may run for a long time depending on
- mail server load. Use the command "<b>postfix reload</b>" to
- speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> pro-
+ cesses may run for a long time depending on mail server load. Use the
+ command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>STARTTLS SUPPORT CONTROLS</b>
<b><a href="postconf.5.html#tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> ($<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b>
- A file containing (PEM format) CA certificates of
- root CAs trusted to sign either remote SMTP client
- certificates or intermediate CA certificates.
+ A file containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
<b><a href="postconf.5.html#tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> ($<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b>
- A directory containing (PEM format) CA certificates
- of root CAs trusted to sign either remote SMTP
- client certificates or intermediate CA certifi-
- cates.
+ A directory containing (PEM format) CA certificates of root CAs
+ trusted to sign either remote SMTP client certificates or inter-
+ mediate CA certificates.
- <b><a href="postconf.5.html#tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a></b>
- <b>($<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_session_ids</a>)</b>
- Force the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server to issue a TLS
- session id, even when TLS session caching is turned
- off.
+ <b><a href="postconf.5.html#tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> ($<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_ses</a>-</b>
+ <b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">sion_ids</a>)</b>
+ Force the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server to issue a TLS session id,
+ even when TLS session caching is turned off.
<b><a href="postconf.5.html#tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> ($<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b>
- Ask a remote SMTP client for a client certificate.
+ Ask a remote SMTP client for a client certificate.
- <b><a href="postconf.5.html#tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> ($<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verify</a>-</b>
- <b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">depth</a>)</b>
- The verification depth for remote SMTP client cer-
- tificates.
+ <b><a href="postconf.5.html#tlsproxy_tls_ccert_verifydepth">tlsproxy_tls_ccert_verifydepth</a> ($<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a>)</b>
+ The verification depth for remote SMTP client certificates.
<b><a href="postconf.5.html#tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA cer-
- tificate in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA certificate in PEM
+ format.
<b><a href="postconf.5.html#tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b>
- The minimum TLS cipher grade that the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will use with opportunistic TLS
- encryption.
+ The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ will use with opportunistic TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA cer-
- tificate in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA certificate in PEM
+ format.
- <b><a href="postconf.5.html#tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a></b>
- <b>($<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b>
- File with DH parameters that the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server should use with EDH ciphers.
+ <b><a href="postconf.5.html#tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b>
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ should use with EDH ciphers.
- <b><a href="postconf.5.html#tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a></b>
- <b>($<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b>
- File with DH parameters that the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server should use with EDH ciphers.
+ <b><a href="postconf.5.html#tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b>
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ should use with EDH ciphers.
<b><a href="postconf.5.html#tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA pri-
- vate key in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA private key in PEM
+ format.
<b><a href="postconf.5.html#tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA cer-
- tificate in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA certificate in
+ PEM format.
<b><a href="postconf.5.html#tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA pri-
- vate key in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA private key in
+ PEM format.
<b><a href="postconf.5.html#tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> ($<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b>
- The Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server security grade for
- ephemeral elliptic-curve Diffie-Hellman (EECDH) key
- exchange.
+ The Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server security grade for ephemeral
+ elliptic-curve Diffie-Hellman (EECDH) key exchange.
<b><a href="postconf.5.html#tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b>
- List of ciphers or cipher types to exclude from the
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server cipher list at all TLS security
- levels.
+ List of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ server cipher list at all TLS security levels.
- <b><a href="postconf.5.html#tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> ($<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_finger</a>-</b>
- <b><a href="postconf.5.html#smtpd_tls_fingerprint_digest">print_digest</a>)</b>
- The message digest algorithm to construct remote
- SMTP client-certificate fingerprints.
+ <b><a href="postconf.5.html#tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> ($<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b>
+ The message digest algorithm to construct remote SMTP client-
+ certificate fingerprints.
<b><a href="postconf.5.html#tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA pri-
- vate key in PEM format.
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA private key in PEM
+ format.
<b><a href="postconf.5.html#tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> ($<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b>
- Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server log-
- ging of TLS activity.
+ Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server logging of TLS
+ activity.
- <b><a href="postconf.5.html#tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_manda</a>-</b>
- <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">tory_ciphers</a>)</b>
- The minimum TLS cipher grade that the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will use with mandatory TLS
- encryption.
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b>
+ The minimum TLS cipher grade that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ will use with mandatory TLS encryption.
- <b><a href="postconf.5.html#tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_manda</a>-</b>
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a>
($<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_manda</a>-</b>
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">tory_exclude_ciphers</a>)</b>
- Additional list of ciphers or cipher types to
- exclude from the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server cipher list at
- mandatory TLS security levels.
+ Additional list of ciphers or cipher types to exclude from the
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server cipher list at mandatory TLS security levels.
- <b><a href="postconf.5.html#tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_manda</a>-</b>
- <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">tory_protocols</a>)</b>
- The SSL/TLS protocols accepted by the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server with mandatory TLS encryption.
+ <b><a href="postconf.5.html#tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b>
+ The SSL/TLS protocols accepted by the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ with mandatory TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> ($<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b>
- List of TLS protocols that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
- server will exclude or include with opportunistic
- TLS encryption.
+ List of TLS protocols that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will
+ exclude or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> ($<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b>
- With mandatory TLS encryption, require a trusted
- remote SMTP client certificate in order to allow
- TLS connections to proceed.
+ With mandatory TLS encryption, require a trusted remote SMTP
+ client certificate in order to allow TLS connections to proceed.
<b><a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
- The SMTP TLS security level for the Postfix
- <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server; when a non-empty value is spec-
- ified, this overrides the obsolete parameters
- <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
+ The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server;
+ when a non-empty value is specified, this overrides the obsolete
+ parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
- The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in mas-
- ter.cf.
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
- These parameters are supported for compatibility with
- <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
+ These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
+ parameters.
<b><a href="postconf.5.html#tlsproxy_use_tls">tlsproxy_use_tls</a> ($<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>)</b>
- Opportunistic TLS: announce STARTTLS support to
- remote SMTP clients, but do not require that
- clients use TLS encryption.
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
+ clients, but do not require that clients use TLS encryption.
<b><a href="postconf.5.html#tlsproxy_enforce_tls">tlsproxy_enforce_tls</a> ($<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>)</b>
- Mandatory TLS: announce STARTTLS support to remote
- SMTP clients, and require that clients use TLS
- encryption.
+ Mandatory TLS: announce STARTTLS support to remote SMTP clients,
+ and require that clients use TLS encryption.
<b>RESOURCE CONTROLS</b>
<b><a href="postconf.5.html#tlsproxy_watchdog_timeout">tlsproxy_watchdog_timeout</a> (10s)</b>
- How much time a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process may take to
- process local or remote I/O before it is terminated
- by a built-in watchdog timer.
+ How much time a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> process may take to process local or
+ remote I/O before it is terminated by a built-in watchdog timer.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
syslogd(5), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.8.
<b>bounce</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with
- delivery status information. Each log file is named after
- the queue file that it corresponds to, and is kept in a
- queue subdirectory named after the service name in the
- <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>). This pro-
- gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
-
- The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service
- requests:
-
- <b>o</b> Append a recipient (non-)delivery status record to
- a per-message log file.
-
- <b>o</b> Enqueue a delivery status notification message,
- with a copy of a per-message log file and of the
- corresponding message. When the delivery status
- notification message is enqueued successfully, the
- per-message log file is deleted.
-
- The software does a best notification effort. A non-deliv-
- ery notification is sent even when the log file or the
- original message cannot be read.
-
- Optionally, a bounce (defer, trace) client can request
- that the per-message log file be deleted when the
- requested operation fails. This is used by clients that
- cannot retry transactions by themselves, and that depend
- on retry logic in their own client.
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with delivery sta-
+ tus information. Each log file is named after the queue file that it
+ corresponds to, and is kept in a queue subdirectory named after the
+ service name in the <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>).
+ This program expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to a per-message
+ log file.
+
+ <b>o</b> Enqueue a delivery status notification message, with a copy of a
+ per-message log file and of the corresponding message. When the
+ delivery status notification message is enqueued successfully,
+ the per-message log file is deleted.
+
+ The software does a best notification effort. A non-delivery notifica-
+ tion is sent even when the log file or the original message cannot be
+ read.
+
+ Optionally, a bounce (defer, trace) client can request that the per-
+ message log file be deleted when the requested operation fails. This
+ is used by clients that cannot retry transactions by themselves, and
+ that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
- <a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
- returned to the sender.
+ The recipient of undeliverable mail that cannot be returned to
+ the sender.
<b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
- Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
- can be read by Postfix versions before 2.0.
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that can be read by
+ Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
- mail that Postfix did not receive.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that Postfix did not deliver and of SMTP conversa-
+ tion transcripts of mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is
- sent in a non-delivery notification.
+ The maximal amount of original message text that is sent in a
+ non-delivery notification.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
- sage templates.
+ Pathname of a configuration file with bounce message templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that cannot be delivered
- within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
+ The recipient of postmaster notifications with the message head-
+ ers of mail that cannot be delivered within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a>
+ time units.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
- <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+ What categories of Postfix-generated mail are subject to before-
+ queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and
+ <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received:
- headers, in the SMTP greeting banner, and in
- bounced mail.
+ The mail system name that is displayed in Received: headers, in
+ the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
- postmaster.
+ The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>postmap -q - /etc/postfix/transport</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from
- email addresses to message delivery transports and next-
- hop destinations. Message delivery transports such as
- <b>local</b> or <b>smtp</b> are defined in the <a href="master.5.html"><b>master.cf</b></a> file, and next-
- hop destinations are typically hosts or domain names. The
- table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.
+ The optional <a href="transport.5.html"><b>transport</b>(5)</a> table specifies a mapping from email
+ addresses to message delivery transports and next-hop destinations.
+ Message delivery transports such as <b>local</b> or <b>smtp</b> are defined in the
+ <a href="master.5.html"><b>master.cf</b></a> file, and next-hop destinations are typically hosts or domain
+ names. The table is searched by the <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon.
- This mapping overrides the default <i>transport</i>:<i>nexthop</i>
- selection that is built into Postfix:
+ This mapping overrides the default <i>transport</i>:<i>nexthop</i> selection that is
+ built into Postfix:
<b><a href="postconf.5.html#local_transport">local_transport</a> (default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- This is the default for final delivery to domains
- listed with <b><a href="postconf.5.html#mydestination">mydestination</a></b>, and for [<i>ipaddress</i>] des-
- tinations that match <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
- <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. The default <i>nexthop</i> destination
- is the MTA hostname.
+ This is the default for final delivery to domains listed with
+ <b><a href="postconf.5.html#mydestination">mydestination</a></b>, and for [<i>ipaddress</i>] destinations that match
+ <b>$<a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or <b>$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. The default <i>nexthop</i> des-
+ tination is the MTA hostname.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (default: <a href="virtual.8.html">virtual</a>:)</b>
- This is the default for final delivery to domains
- listed with <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>. The default
- <i>nexthop</i> destination is the recipient domain.
+ This is the default for final delivery to domains listed with
+ <b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a></b>. The default <i>nexthop</i> destination is the
+ recipient domain.
<b><a href="postconf.5.html#relay_transport">relay_transport</a> (default: relay:)</b>
- This is the default for remote delivery to domains
- listed with <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing
- precedence, the <i>nexthop</i> destination is taken from
- <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>,
- <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
+ This is the default for remote delivery to domains listed with
+ <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing precedence, the <i>nexthop</i>
+ destination is taken from <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
<b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
- This is the default for remote delivery to other
- destinations. In order of decreasing precedence,
- the <i>nexthop</i> destination is taken from <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
- <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>, <a href="postconf.5.html#default_transport">default_transport</a></b>,
- <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from
- the recipient domain.
-
- Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
- file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/transport</b>" to rebuild an indexed
- file after changing the corresponding transport table.
-
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
-
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
+ This is the default for remote delivery to other destinations.
+ In order of decreasing precedence, the <i>nexthop</i> destination is
+ taken from <b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>,</b>
+ <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>,
+ or from the recipient domain.
+
+ Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/transport</b>" to rebuild an
+ indexed file after changing the corresponding transport table.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those case, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
- When <i>pattern</i> matches the recipient address or
- domain, use the corresponding <i>result</i>.
+ When <i>pattern</i> matches the recipient address or domain, use the
+ corresponding <i>result</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
- The <i>pattern</i> specifies an email address, a domain name, or
- a domain name hierarchy, as described in section "TABLE
- LOOKUP".
+ The <i>pattern</i> specifies an email address, a domain name, or a domain name
+ hierarchy, as described in section "TABLE LOOKUP".
- The <i>result</i> is of the form <i>transport:nexthop</i> and specifies
- how or where to deliver mail. This is described in section
- "RESULT FORMAT".
+ The <i>result</i> is of the form <i>transport:nexthop</i> and specifies how or where
+ to deliver mail. This is described in section "RESULT FORMAT".
<b>TABLE SEARCH ORDER</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user+extension@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user+extension@domain</i> through
- <i>transport</i> to <i>nexthop</i>.
+ Deliver mail for <i>user+extension@domain</i> through <i>transport</i> to <i>nex-</i>
+ <i>thop</i>.
<i>user@domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>user@domain</i> through <i>transport</i> to
- <i>nexthop</i>.
+ Deliver mail for <i>user@domain</i> through <i>transport</i> to <i>nexthop</i>.
<i>domain transport</i>:<i>nexthop</i>
- Deliver mail for <i>domain</i> through <i>transport</i> to <i>nex-</i>
- <i>thop</i>.
+ Deliver mail for <i>domain</i> through <i>transport</i> to <i>nexthop</i>.
<i>.domain transport</i>:<i>nexthop</i>
- Deliver mail for any subdomain of <i>domain</i> through
- <i>transport</i> to <i>nexthop</i>. This applies only when the
- string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration set-
- ting. Otherwise, a domain name matches itself and
- its subdomains.
+ Deliver mail for any subdomain of <i>domain</i> through <i>transport</i> to
+ <i>nexthop</i>. This applies only when the string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not
+ listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> configuration
+ setting. Otherwise, a domain name matches itself and its subdo-
+ mains.
<b>*</b> <i>transport</i>:<i>nexthop</i>
- The special pattern <b>*</b> represents any address (i.e.
- it functions as the wild-card pattern, and is
- unique to Postfix transport tables).
+ The special pattern <b>*</b> represents any address (i.e. it functions
+ as the wild-card pattern, and is unique to Postfix transport
+ tables).
- Note 1: the null recipient address is looked up as
- <b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-dae-
- mon@hostname).
+ Note 1: the null recipient address is looked up as
+ <b>$<a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>@<b>$<a href="postconf.5.html#myhostname">myhostname</a></b> (default: mailer-daemon@hostname).
- Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is
- available in Postfix 2.0 and later.
+ Note 2: <i>user@domain</i> or <i>user+extension@domain</i> lookup is available in
+ Postfix 2.0 and later.
<b>RESULT FORMAT</b>
- The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The
- <i>transport</i> field specifies a mail delivery transport such
- as <b>smtp</b> or <b>local</b>. The <i>nexthop</i> field specifies where and
- how to deliver mail.
+ The lookup result is of the form <i>transport</i><b>:</b><i>nexthop</i>. The <i>transport</i>
+ field specifies a mail delivery transport such as <b>smtp</b> or <b>local</b>. The
+ <i>nexthop</i> field specifies where and how to deliver mail.
- The transport field specifies the name of a mail delivery
- transport (the first name of a mail delivery service entry
- in the Postfix <a href="master.5.html"><b>master.cf</b></a> file).
+ The transport field specifies the name of a mail delivery transport
+ (the first name of a mail delivery service entry in the Postfix <a href="master.5.html"><b>mas-</b>
+ <b>ter.cf</b></a> file).
- The interpretation of the nexthop field is transport
- dependent. In the case of SMTP, specify a service on a
- non-default port as <i>host</i>:<i>service</i>, and disable MX (mail
- exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>. The []
- form is required when you specify an IP address instead of
- a hostname.
+ The interpretation of the nexthop field is transport dependent. In the
+ case of SMTP, specify a service on a non-default port as <i>host</i>:<i>service</i>,
+ and disable MX (mail exchanger) DNS lookups with [<i>host</i>] or [<i>host</i>]:<i>port</i>.
+ The [] form is required when you specify an IP address instead of a
+ hostname.
- A null <i>transport</i> and null <i>nexthop</i> result means "do not
- change": use the delivery transport and nexthop informa-
- tion that would be used when the entire transport table
- did not exist.
+ A null <i>transport</i> and null <i>nexthop</i> result means "do not change": use the
+ delivery transport and nexthop information that would be used when the
+ entire transport table did not exist.
- A non-null <i>transport</i> field with a null <i>nexthop</i> field
- resets the nexthop information to the recipient domain.
+ A non-null <i>transport</i> field with a null <i>nexthop</i> field resets the nexthop
+ information to the recipient domain.
- A null <i>transport</i> field with non-null <i>nexthop</i> field does
- not modify the transport information.
+ A null <i>transport</i> field with non-null <i>nexthop</i> field does not modify the
+ transport information.
<b>EXAMPLES</b>
- In order to deliver internal mail directly, while using a
- mail relay for all other mail, specify a null entry for
- internal destinations (do not change the delivery trans-
- port or the nexthop information) and specify a wildcard
- for all other destinations.
+ In order to deliver internal mail directly, while using a mail relay
+ for all other mail, specify a null entry for internal destinations (do
+ not change the delivery transport or the nexthop information) and spec-
+ ify a wildcard for all other destinations.
<b>my.domain :</b>
<b>.my.domain :</b>
<b>* <a href="smtp.8.html">smtp</a>:outbound-relay.my.domain</b>
- In order to send mail for <b>example.com</b> and its subdomains
- via the <b>uucp</b> transport to the UUCP host named <b>example</b>:
+ In order to send mail for <b>example.com</b> and its subdomains via the <b>uucp</b>
+ transport to the UUCP host named <b>example</b>:
<b>example.com uucp:example</b>
<b>.example.com uucp:example</b>
- When no nexthop host name is specified, the destination
- domain name is used instead. For example, the following
- directs mail for <i>user</i>@<b>example.com</b> via the <b>slow</b> transport
- to a mail exchanger for <b>example.com</b>. The <b>slow</b> transport
- could be configured to run at most one delivery process at
- a time:
+ When no nexthop host name is specified, the destination domain name is
+ used instead. For example, the following directs mail for <i>user</i>@<b>exam-</b>
+ <b>ple.com</b> via the <b>slow</b> transport to a mail exchanger for <b>example.com</b>.
+ The <b>slow</b> transport could be configured to run at most one delivery
+ process at a time:
<b>example.com slow:</b>
- When no transport is specified, Postfix uses the transport
- that matches the address domain class (see DESCRIPTION
- above). The following sends all mail for <b>example.com</b> and
- its subdomains to host <b>gateway.example.com</b>:
+ When no transport is specified, Postfix uses the transport that matches
+ the address domain class (see DESCRIPTION above). The following sends
+ all mail for <b>example.com</b> and its subdomains to host <b>gateway.exam-</b>
+ <b>ple.com</b>:
<b>example.com :[gateway.example.com]</b>
<b>.example.com :[gateway.example.com]</b>
- In the above example, the [] suppress MX lookups. This
- prevents mail routing loops when your machine is primary
- MX host for <b>example.com</b>.
+ In the above example, the [] suppress MX lookups. This prevents mail
+ routing loops when your machine is primary MX host for <b>example.com</b>.
- In the case of delivery via SMTP, one may specify <i>host-</i>
- <i>name</i>:<i>service</i> instead of just a host:
+ In the case of delivery via SMTP, one may specify <i>hostname</i>:<i>service</i>
+ instead of just a host:
<b>example.com <a href="smtp.8.html">smtp</a>:bar.example:2025</b>
- This directs mail for <i>user</i>@<b>example.com</b> to host <b>bar.example</b>
- port <b>2025</b>. Instead of a numerical port a symbolic name may
- be used. Specify [] around the hostname if MX lookups must
- be disabled.
+ This directs mail for <i>user</i>@<b>example.com</b> to host <b>bar.example</b> port <b>2025</b>.
+ Instead of a numerical port a symbolic name may be used. Specify []
+ around the hostname if MX lookups must be disabled.
The error mailer can be used to bounce mail:
<b>.example.com <a href="error.8.html">error</a>:mail for *.example.com is not deliverable</b>
- This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be
- bounced.
+ This causes all mail for <i>user</i>@<i>anything</i><b>.example.com</b> to be bounced.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus,
- <i>some.domain.hierarchy</i> is not looked up via its parent
- domains, nor is <i>user+foo@domain</i> looked up as <i>user@domain</i>.
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>some.domain.hierarchy</i> is not looked up
+ via its parent domains, nor is <i>user+foo@domain</i> looked up as
+ <i>user@domain</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
- The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> server disallows regular expression
- substitution of $1 etc. in regular expression lookup
- tables, because that could open a security hole (Postfix
- version 2.3 and later).
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> server disallows regular expression substitution
+ of $1 etc. in regular expression lookup tables, because that could open
+ a security hole (Postfix version 2.3 and later).
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
-
- Each lookup operation uses the entire recipient address
- once. Thus, <i>some.domain.hierarchy</i> is not looked up via
- its parent domains, nor is <i>user+foo@domain</i> looked up as
- <i>user@domain</i>.
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
+
+ Each lookup operation uses the entire recipient address once. Thus,
+ <i>some.domain.hierarchy</i> is not looked up via its parent domains, nor is
+ <i>user+foo@domain</i> looked up as <i>user@domain</i>.
Results are the same as with indexed file lookups.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
+ below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
+ details including examples.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a></b>
- The address that is looked up instead of the null
- sender address.
+ The address that is looked up instead of the null sender
+ address.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b>
- List of Postfix features that use <i>domain.tld</i> pat-
- terns to match <i>sub.domain.tld</i> (as opposed to
- requiring <i>.domain.tld</i> patterns).
+ List of Postfix features that use <i>domain.tld</i> patterns to match
+ <i>sub.domain.tld</i> (as opposed to requiring <i>.domain.tld</i> patterns).
<b><a href="postconf.5.html#transport_maps">transport_maps</a></b>
List of transport lookup tables.
<a href="FILTER_README.html">FILTER_README</a>, external content filter
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8)
<b>NAME</b>
- trivial-rewrite - Postfix address rewriting and resolving
- daemon
+ trivial-rewrite - Postfix address rewriting and resolving daemon
<b>SYNOPSIS</b>
<b>trivial-rewrite</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon processes three types of
- client service requests:
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon processes three types of client service
+ requests:
<b>rewrite</b> <i>context address</i>
- Rewrite an address to standard form, according to
- the address rewriting context:
-
- <b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myo</a>-</b>
- <b><a href="postconf.5.html#myorigin">rigin</a></b> or <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses;
- do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> pro-
- cessing as described below, and strip source
- routed addresses (<i>@site,@site:user@domain</i>)
+ Rewrite an address to standard form, according to the address
+ rewriting context:
+
+ <b>local</b> Append the domain names specified with <b>$<a href="postconf.5.html#myorigin">myorigin</a></b> or
+ <b>$<a href="postconf.5.html#mydomain">mydomain</a></b> to incomplete addresses; do <b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a></b> and
+ <b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a></b> processing as described below, and
+ strip source routed addresses (<i>@site,@site:user@domain</i>)
to <i>user@domain</i> form.
- <b>remote</b> Append the domain name specified with
- <b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b> to incomplete
- addresses. Otherwise the result is identical
- to that of the <b>local</b> address rewriting con-
- text. This prevents Postfix from appending
- the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> to spam from poorly written
- remote clients.
+ <b>remote</b> Append the domain name specified with <b>$<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_re</a>-</b>
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">write_domain</a></b> to incomplete addresses. Otherwise the
+ result is identical to that of the <b>local</b> address rewrit-
+ ing context. This prevents Postfix from appending the
+ local domain to spam from poorly written remote clients.
<b>resolve</b> <i>sender address</i>
- Resolve the address to a (<i>transport</i>, <i>nexthop</i>,
- <i>recipient</i>, <i>flags</i>) quadruple. The meaning of the
- results is as follows:
+ Resolve the address to a (<i>transport</i>, <i>nexthop</i>, <i>recipient</i>, <i>flags</i>)
+ quadruple. The meaning of the results is as follows:
<i>transport</i>
- The delivery agent to use. This is the first
-
field of an entry in the <a href="master.5.html"><b>master.cf</b></a> file.
+ The delivery agent to use. This is the first field of an
+ entry in the <a href="master.5.html"><b>master.cf</b></a> file.
<i>nexthop</i>
- The host to send to and optional delivery
- method information.
+ The host to send to and optional delivery method informa-
+ tion.
<i>recipient</i>
- The envelope recipient address that is
- passed on to <i>nexthop</i>.
+ The envelope recipient address that is passed on to <i>nex-</i>
+ <i>thop</i>.
- <i>flags</i> The address class, whether the address
- requires relaying, whether the address has
- problems, and whether the request failed.
+ <i>flags</i> The address class, whether the address requires relaying,
+ whether the address has problems, and whether the request
+ failed.
<b>verify</b> <i>sender address</i>
- Resolve the address for address verification pur-
- poses.
+ Resolve the address for address verification purposes.
<b>SERVER PROCESS MANAGEMENT</b>
- The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> servers run under control by the
- Postfix master server. Each server can handle multiple
- simultaneous connections. When all servers are busy while
- a client connects, the master creates a new server
- process, provided that the trivial-rewrite server process
- limit is not exceeded. Each trivial-rewrite server termi-
- nates after serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b> clients of after
- <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle time.
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> servers run under control by the Postfix master
+ server. Each server can handle multiple simultaneous connections.
+ When all servers are busy while a client connects, the master creates a
+ new server process, provided that the trivial-rewrite server process
+ limit is not exceeded. Each trivial-rewrite server terminates after
+ serving at least <b>$<a href="postconf.5.html#max_use">max_use</a></b> clients of after <b>$<a href="postconf.5.html#max_idle">max_idle</a></b> seconds of idle
+ time.
<b>STANDARDS</b>
- None. The command does not interact with the outside
- world.
+ None. The command does not interact with the outside world.
<b>SECURITY</b>
- The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon is not security sensitive.
- By default, this daemon does not talk to remote or local
- users. It can run at a fixed low privilege in a chrooted
- environment.
+ The <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> daemon is not security sensitive. By default,
+ this daemon does not talk to remote or local users. It can run at a
+ fixed low privilege in a chrooted environment.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- On busy mail systems a long time may pass before a <a href="postconf.5.html"><b>main.cf</b></a>
- change affecting <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> is picked up. Use the
- command "<b>postfix reload</b>" to speed up a change.
+ On busy mail systems a long time may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change
+ affecting <a href="trivial-rewrite.8.html"><b>trivial-rewrite</b>(8)</a> is picked up. Use the command "<b>postfix</b>
+ <b>reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>COMPATIBILITY CONTROLS</b>
<b><a href="postconf.5.html#resolve_dequoted_address">resolve_dequoted_address</a> (yes)</b>
- Resolve a recipient address safely instead of cor-
- rectly, by looking inside quotes.
+ Resolve a recipient address safely instead of correctly, by
+ looking inside quotes.
Available with Postfix version 2.1 and later:
<b><a href="postconf.5.html#resolve_null_domain">resolve_null_domain</a> (no)</b>
- Resolve an address that ends in the "@" null domain
- as if the local hostname were specified, instead of
- rejecting the address as invalid.
+ Resolve an address that ends in the "@" null domain as if the
+ local hostname were specified, instead of rejecting the address
+ as invalid.
Available with Postfix version 2.3 and later:
<b><a href="postconf.5.html#resolve_numeric_domain">resolve_numeric_domain</a> (no)</b>
- Resolve "user@ipaddress" as "user@[ipaddress]",
- instead of rejecting the address as invalid.
+ Resolve "user@ipaddress" as "user@[ipaddress]", instead of
+ rejecting the address as invalid.
Available with Postfix version 2.5 and later:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
- Allow a sender or recipient address to have `-' as
- the first character.
+ Allow a sender or recipient address to have `-' as the first
+ character.
<b>ADDRESS REWRITING CONTROLS</b>
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to
- come from, and that locally posted mail is deliv-
- ered to.
+ The domain name that locally-posted mail appears to come from,
+ and that locally posted mail is delivered to.
<b><a href="postconf.5.html#allow_percent_hack">allow_percent_hack</a> (yes)</b>
- Enable the rewriting of the form "user%domain" to
- "user@domain".
+ Enable the rewriting of the form "user%domain" to "user@domain".
<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a> (yes)</b>
- With locally submitted mail, append the string
- "@$<a href="postconf.5.html#myorigin">myorigin</a>" to mail addresses without domain
- information.
+ With locally submitted mail, append the string "@$<a href="postconf.5.html#myorigin">myorigin</a>" to
+ mail addresses without domain information.
<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a> (yes)</b>
- With locally submitted mail, append the string
- ".$<a href="postconf.5.html#mydomain">mydomain</a>" to addresses that have no ".domain"
- information.
+ With locally submitted mail, append the string ".$<a href="postconf.5.html#mydomain">mydomain</a>" to
+ addresses that have no ".domain" information.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name
- from its extension (example: user+foo), or a .for-
- ward file name from its extension (example: .for-
- ward+foo).
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
+ extension (example: .forward+foo).
<b><a href="postconf.5.html#swap_bangpath">swap_bangpath</a> (yes)</b>
- Enable the rewriting of "site!user" into
- "user@site".
+ Enable the rewriting of "site!user" into "user@site".
Available in Postfix 2.2 and later:
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients
- at all when this parameter is empty; otherwise, re-
- write message headers and append the specified
- domain name to incomplete addresses.
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
+ append the specified domain name to incomplete addresses.
<b>ROUTING CONTROLS</b>
- The following is applicable to Postfix version 2.0 and
- later. Earlier versions do not have support for: <a href="postconf.5.html#virtual_transport">vir</a>-
- <a href="postconf.5.html#virtual_transport">tual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>,
- <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+ The following is applicable to Postfix version 2.0 and later. Earlier
+ versions do not have support for: <a href="postconf.5.html#virtual_transport">virtual_transport</a>, <a href="postconf.5.html#relay_transport">relay_transport</a>,
+ <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#local_transport">local_transport</a> (<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The default mail delivery transport and next-hop
- destination for final delivery to domains listed
- with <a href="postconf.5.html#mydestination">mydestination</a>, and for [ipaddress] destina-
- tions that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
- <a href="postconf.5.html#proxy_interfaces">faces</a>.
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for
+ [ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
+ $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
- The default mail delivery transport and next-hop
- destination for final delivery to domains listed
- with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#relay_transport">relay_transport</a> (relay)</b>
- The default mail delivery transport and next-hop
- destination for remote delivery to domains listed
- with $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+ The default mail delivery transport and next-hop destination for
+ remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#default_transport">default_transport</a> (smtp)</b>
- The default mail delivery transport and next-hop
- destination for destinations that do not match
- $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
- <a href="postconf.5.html#proxy_interfaces">faces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail-
- box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
-
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
- <b>put)</b>
- What Postfix features match subdomains of
- "domain.tld" automatically, instead of requiring an
- explicit ".domain.tld" pattern.
+ The default mail delivery transport and next-hop destination for
+ destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+ $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail</a>-
+ <a href="postconf.5.html#virtual_mailbox_domains">box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
+ What Postfix features match subdomains of "domain.tld" automati-
+ cally, instead of requiring an explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#relayhost">relayhost</a> (empty)</b>
- The next-hop destination of non-local mail; over-
- rides non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses.
+ The next-hop destination of non-local mail; overrides non-local
+ domains in recipient addresses.
<b><a href="postconf.5.html#transport_maps">transport_maps</a> (empty)</b>
- Optional lookup tables with mappings from recipient
- address to (message delivery transport, next-hop
- destination).
+ Optional lookup tables with mappings from recipient address to
+ (message delivery transport, next-hop destination).
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> (empty)</b>
- A sender-dependent override for the global <a href="postconf.5.html#relayhost">relay</a>-
- <a href="postconf.5.html#relayhost">host</a> parameter setting.
+ A sender-dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
+ setting.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#empty_address_relayhost_maps_lookup_key">empty_address_relayhost_maps_lookup_key</a> (</b><><b>)</b>
- The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string
- that will be used instead of the null sender
- address.
+ The <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> search string that will be
+ used instead of the null sender address.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#empty_address_default_transport_maps_lookup_key">empty_address_default_transport_maps_lookup_key</a> (</b><><b>)</b>
- The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search
- string that will be used instead of the null sender
- address.
+ The <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> search string that
+ will be used instead of the null sender address.
<b><a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> (empty)</b>
- A sender-dependent override for the global
- <a href="postconf.5.html#default_transport">default_transport</a> parameter setting.
+ A sender-dependent override for the global <a href="postconf.5.html#default_transport">default_transport</a>
+ parameter setting.
<b>ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient
- address verification. This feature is implemented by
- sending probe email messages that are not actually deliv-
- ered. By default, address verification probes use the
- same route as regular mail. To override specific aspects
- of message routing for address verification probes, spec-
- ify one or more of the following:
+ Postfix version 2.1 introduces sender and recipient address verifica-
+ tion. This feature is implemented by sending probe email messages that
+ are not actually delivered. By default, address verification probes
+ use the same route as regular mail. To override specific aspects of
+ message routing for address verification probes, specify one or more of
+ the following:
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
- Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
+ ification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
- Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
- for address verification probes.
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
+ verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
- Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
+ ification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
- Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
- for address verification probes.
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
+ verification probes.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
+ tion probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
+ fication probes.
Available in Postfix version 2.3 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b>
- <b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b>
- Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
- parameter setting for address verification probes.
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
+ for address verification probes.
Available in Postfix version 2.7 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a></b>
- <b>($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>-
- <a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a> parameter setting for address verifica-
- tion probes.
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+ setting for address verification probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
- address.
+ The recipient of mail addressed to the null address.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
- Optional lookup tables with new contact information
- for users or domains that no longer exist.
+ Optional lookup tables with new contact information for users or
+ domains that no longer exist.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
- "User unknown" responses.
+ Display the name of the recipient table in the "User unknown"
+ responses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
- tings, and provide helpful suggestions.
+ Log warnings about problematic configuration settings, and pro-
+ vide helpful suggestions.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>verify</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a
- record of what recipient addresses are known to be deliv-
- erable or undeliverable.
+ The <a href="verify.8.html"><b>verify</b>(8)</a> address verification server maintains a record of what
+ recipient addresses are known to be deliverable or undeliverable.
- Addresses are verified by injecting probe messages into
- the Postfix queue. Probe messages are run through all the
- routing and rewriting machinery except for final delivery,
- and are discarded rather than being deferred or bounced.
+ Addresses are verified by injecting probe messages into the Postfix
+ queue. Probe messages are run through all the routing and rewriting
+ machinery except for final delivery, and are discarded rather than
+ being deferred or bounced.
- Address verification relies on the answer from the nearest
- MTA for the specified address, and will therefore not
- detect all undeliverable addresses.
+ Address verification relies on the answer from the nearest MTA for the
+ specified address, and will therefore not detect all undeliverable
+ addresses.
- The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by
- the Postfix master server. It maintains an optional per-
- sistent database. To avoid being interrupted by "postfix
- stop" in the middle of a database update, the process runs
- in a separate process group.
+ The <a href="verify.8.html"><b>verify</b>(8)</a> server is designed to run under control by the Postfix
+ master server. It maintains an optional persistent database. To avoid
+ being interrupted by "postfix stop" in the middle of a database update,
+ the process runs in a separate process group.
The <a href="verify.8.html"><b>verify</b>(8)</a> server implements the following requests:
<b>update</b> <i>address status text</i>
- Update the status and text of the specified
- address.
+ Update the status and text of the specified address.
<b>query</b> <i>address</i>
- Look up the <i>status</i> and <i>text</i> for the specified
- <i>address</i>. If the status is unknown, a probe is sent
- and an "in progress" status is returned.
+ Look up the <i>status</i> and <i>text</i> for the specified <i>address</i>. If the
+ status is unknown, a probe is sent and an "in progress" status
+ is returned.
<b>SECURITY</b>
- The address verification server is not security-sensitive.
- It does not talk to the network, and it does not talk to
- local users. The verify server can run chrooted at fixed
- low privilege.
-
- The address verification server can be coerced to store
- unlimited amounts of garbage. Limiting the cache expiry
- time trades one problem (disk space exhaustion) for
- another one (poor response time to client requests).
-
- With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server
- no longer uses root privileges when opening the
- <b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The file should now be
- stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
- migration aid, an attempt to open a cache file under a
- non-Postfix directory is redirected to the Postfix-owned
- <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
+ The address verification server is not security-sensitive. It does not
+ talk to the network, and it does not talk to local users. The verify
+ server can run chrooted at fixed low privilege.
+
+ The address verification server can be coerced to store unlimited
+ amounts of garbage. Limiting the cache expiry time trades one problem
+ (disk space exhaustion) for another one (poor response time to client
+ requests).
+
+ With Postfix version 2.5 and later, the <a href="verify.8.html"><b>verify</b>(8)</a> server no longer uses
+ root privileges when opening the <b><a href="postconf.5.html#address_verify_map">address_verify_map</a></b> cache file. The
+ file should now be stored under the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>. As a
+ migration aid, an attempt to open a cache file under a non-Postfix
+ directory is redirected to the Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a
+ warning is logged.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
- Address verification probe messages add additional traffic
- to the mail queue. Recipient verification may cause an
- increased load on down-stream servers in the case of a
- dictionary attack or a flood of backscatter bounces.
- Sender address verification may cause your site to be
- blacklisted by some providers.
+ Address verification probe messages add additional traffic to the mail
+ queue. Recipient verification may cause an increased load on down-
+ stream servers in the case of a dictionary attack or a flood of
+ backscatter bounces. Sender address verification may cause your site
+ to be blacklisted by some providers.
- If the persistent database ever gets corrupted then the
- world comes to an end and human intervention is needed.
- This violates a basic Postfix principle.
+ If the persistent database ever gets corrupted then the world comes to
+ an end and human intervention is needed. This violates a basic Postfix
+ principle.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as
- <a href="verify.8.html"><b>verify</b>(8)</a> processes are long-lived. Use the command "<b>post-</b>
- <b>fix reload</b>" after a configuration change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="verify.8.html"><b>verify</b>(8)</a> pro-
+ cesses are long-lived. Use the command "<b>postfix reload</b>" after a config-
+ uration change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>PROBE MESSAGE CONTROLS</b>
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
- The sender address to use in address verification
- probes; prior to Postfix 2.5 the default was "post-
- master".
+ The sender address to use in address verification probes; prior
+ to Postfix 2.5 the default was "postmaster".
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
- The time between changes in the time-dependent por-
- tion of address verification probe sender
- addresses.
+ The time between changes in the time-dependent portion of
+ address verification probe sender addresses.
<b>CACHE CONTROLS</b>
<b><a href="postconf.5.html#address_verify_map">address_verify_map</a> (see 'postconf -d' output)</b>
- Lookup table for persistent address verification
- status storage.
+ Lookup table for persistent address verification status storage.
<b><a href="postconf.5.html#address_verify_positive_expire_time">address_verify_positive_expire_time</a> (31d)</b>
- The time after which a successful probe expires
- from the address verification cache.
+ The time after which a successful probe expires from the address
+ verification cache.
<b><a href="postconf.5.html#address_verify_positive_refresh_time">address_verify_positive_refresh_time</a> (7d)</b>
- The time after which a successful address verifica-
- tion probe needs to be refreshed.
+ The time after which a successful address verification probe
+ needs to be refreshed.
<b><a href="postconf.5.html#address_verify_negative_cache">address_verify_negative_cache</a> (yes)</b>
- Enable caching of failed address verification probe
- results.
+ Enable caching of failed address verification probe results.
<b><a href="postconf.5.html#address_verify_negative_expire_time">address_verify_negative_expire_time</a> (3d)</b>
- The time after which a failed probe expires from
- the address verification cache.
+ The time after which a failed probe expires from the address
+ verification cache.
<b><a href="postconf.5.html#address_verify_negative_refresh_time">address_verify_negative_refresh_time</a> (3h)</b>
- The time after which a failed address verification
- probe needs to be refreshed.
+ The time after which a failed address verification probe needs
+ to be refreshed.
Available with Postfix 2.7 and later:
<b><a href="postconf.5.html#address_verify_cache_cleanup_interval">address_verify_cache_cleanup_interval</a> (12h)</b>
- The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address veri-
- fication database cleanup runs.
+ The amount of time between <a href="verify.8.html"><b>verify</b>(8)</a> address verification data-
+ base cleanup runs.
<b>PROBE MESSAGE ROUTING CONTROLS</b>
- By default, probe messages are delivered via the same
- route as regular messages. The following parameters can
- be used to override specific message routing mechanisms.
+ By default, probe messages are delivered via the same route as regular
+ messages. The following parameters can be used to override specific
+ message routing mechanisms.
<b><a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> ($<a href="postconf.5.html#relayhost">relayhost</a>)</b>
- Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verifica-
+ tion probes.
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for address veri-
+ fication probes.
<b><a href="postconf.5.html#address_verify_local_transport">address_verify_local_transport</a> ($<a href="postconf.5.html#local_transport">local_transport</a>)</b>
- Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#local_transport">local_transport</a> parameter setting for address ver-
+ ification probes.
<b><a href="postconf.5.html#address_verify_virtual_transport">address_verify_virtual_transport</a> ($<a href="postconf.5.html#virtual_transport">virtual_transport</a>)</b>
- Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting
- for address verification probes.
+ Overrides the <a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter setting for address
+ verification probes.
<b><a href="postconf.5.html#address_verify_relay_transport">address_verify_relay_transport</a> ($<a href="postconf.5.html#relay_transport">relay_transport</a>)</b>
- Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for
- address verification probes.
+ Overrides the <a href="postconf.5.html#relay_transport">relay_transport</a> parameter setting for address ver-
+ ification probes.
<b><a href="postconf.5.html#address_verify_default_transport">address_verify_default_transport</a> ($<a href="postconf.5.html#default_transport">default_transport</a>)</b>
- Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting
- for address verification probes.
+ Overrides the <a href="postconf.5.html#default_transport">default_transport</a> parameter setting for address
+ verification probes.
Available in Postfix 2.3 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a></b>
- <b>($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>)</b>
- Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
- parameter setting for address verification probes.
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> ($<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">dent_relayhost_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting
+ for address verification probes.
Available in Postfix 2.7 and later:
- <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a></b>
- <b>($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_trans</a>-
- <a href="postconf.5.html#sender_dependent_default_transport_maps">port_maps</a> parameter setting for address verifica-
- tion probes.
+ <b><a href="postconf.5.html#address_verify_sender_dependent_default_transport_maps">address_verify_sender_dependent_default_transport_maps</a> ($<a href="postconf.5.html#sender_dependent_default_transport_maps">sender_depen</a>-</b>
+ <b><a href="postconf.5.html#sender_dependent_default_transport_maps">dent_default_transport_maps</a>)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_default_transport_maps">sender_dependent_default_transport_maps</a> parameter
+ setting for address verification probes.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
This service was introduced with Postfix version 2.1.
<b>postmap -q - /etc/postfix/virtual</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The optional <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table rewrites recipient
- addresses for all local, all virtual, and all remote mail
- destinations. This is unlike the <a href="aliases.5.html"><b>aliases</b>(5)</a> table which
- is used only for <a href="local.8.html"><b>local</b>(8)</a> delivery. Virtual aliasing is
- recursive, and is implemented by the Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a>
- daemon before mail is queued.
+ The optional <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table rewrites recipient addresses for
+ all local, all virtual, and all remote mail destinations. This is
+ unlike the <a href="aliases.5.html"><b>aliases</b>(5)</a> table which is used only for <a href="local.8.html"><b>local</b>(8)</a> delivery.
+ Virtual aliasing is recursive, and is implemented by the Postfix
+ <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon before mail is queued.
The main applications of virtual aliasing are:
- <b>o</b> To redirect mail for one address to one or more
- addresses.
-
- <b>o</b> To implement virtual alias domains where all
- addresses are aliased to addresses in other
- domains.
-
- Virtual alias domains are not to be confused with
- the <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a> that are implemented
- with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent.
- With virtual mailbox domains, each recipient
- address can have its own mailbox.
-
- Virtual aliasing is applied only to recipient envelope
- addresses, and does not affect message headers. Use
- <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite header and envelope
- addresses in general.
-
- Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
- text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
- The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
- for fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/virtual</b>" to rebuild an indexed file
- after changing the corresponding text file.
-
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
-
- Alternatively, the table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those case, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
- or "TCP-BASED TABLES".
+ <b>o</b> To redirect mail for one address to one or more addresses.
+
+ <b>o</b> To implement virtual alias domains where all addresses are
+ aliased to addresses in other domains.
+
+ Virtual alias domains are not to be confused with the virtual
+ mailbox domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ mail delivery agent. With <a href="ADDRESS_CLASS_README.html#virtual_mailbox_class">virtual mailbox domains</a>, each recipi-
+ ent address can have its own mailbox.
+
+ Virtual aliasing is applied only to recipient envelope addresses, and
+ does not affect message headers. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite
+ header and envelope addresses in general.
+
+ Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a text file that
+ serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
+ in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
+ Execute the command "<b>postmap /etc/postfix/virtual</b>" to rebuild an
+ indexed file after changing the corresponding text file.
+
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
+
+ Alternatively, the table can be provided as a regular-expression map
+ where patterns are given as regular expressions, or lookups can be
+ directed to TCP-based server. In those case, the lookups are done in a
+ slightly different way as described below under "REGULAR EXPRESSION
+ TABLES" or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
- lookup fields can match both upper and lower case.
+ The search string is folded to lowercase before database lookup. As of
+ Postfix 2.3, the search string is not case folded with database types
+ such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose lookup fields can match both upper and
+ lower case.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern address, address, ...</i>
- When <i>pattern</i> matches a mail address, replace it by
- the corresponding <i>address</i>.
+ When <i>pattern</i> matches a mail address, replace it by the corre-
+ sponding <i>address</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
- is a `#'.
+ Empty lines and whitespace-only lines are ignored, as are lines
+ whose first non-whitespace character is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
- cal line.
+ A logical line starts with non-whitespace text. A line that
+ starts with whitespace continues a logical line.
<b>TABLE SEARCH ORDER</b>
- With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
- tried in the order as listed below:
+ With lookups from indexed files such as DB or DBM, or from networked
+ tables such as NIS, LDAP or SQL, patterns are tried in the order as
+ listed below:
<i>user</i>@<i>domain address, address, ...</i>
- Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
- form has the highest precedence.
+ Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This form has the
+ highest precedence.
<i>user address, address, ...</i>
- Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is
- equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
- <b><a href="postconf.5.html#mydestination">tination</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
+ Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is equal to
+ $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, or when it is
+ listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
- This functionality overlaps with functionality of
- the local <i>aliases</i>(5) database. The difference is
- that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping can be applied to non-local
- addresses.
+ This functionality overlaps with functionality of the local
+ <i>aliases</i>(5) database. The difference is that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping
+ can be applied to non-local addresses.
@<i>domain address, address, ...</i>
- Redirect mail for other users in <i>domain</i> to <i>address</i>.
- This form has the lowest precedence.
-
- Note: @<i>domain</i> is a wild-card. With this form, the
- Postfix SMTP server accepts mail for any recipient
- in <i>domain</i>, regardless of whether that recipient
- exists. This may turn your mail system into a
- backscatter source: Postfix first accepts mail for
- non-existent recipients and then tries to return
- that mail as "undeliverable" to the often forged
- sender address.
+ Redirect mail for other users in <i>domain</i> to <i>address</i>. This form
+ has the lowest precedence.
+
+ Note: @<i>domain</i> is a wild-card. With this form, the Postfix SMTP
+ server accepts mail for any recipient in <i>domain</i>, regardless of
+ whether that recipient exists. This may turn your mail system
+ into a backscatter source: Postfix first accepts mail for non-
+ existent recipients and then tries to return that mail as "unde-
+ liverable" to the often forged sender address.
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
- <b>o</b> When the result has the form @<i>otherdomain</i>, the
- result becomes the same <i>user</i> in <i>otherdomain</i>. This
- works only for the first address in a multi-address
- lookup result.
+ <b>o</b> When the result has the form @<i>otherdomain</i>, the result becomes
+ the same <i>user</i> in <i>otherdomain</i>. This works only for the first
+ address in a multi-address lookup result.
- <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
- to addresses without "@domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" to addresses
+ without "@domain".
- <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
- to addresses without ".domain".
+ <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" to addresses
+ without ".domain".
<b>ADDRESS EXTENSION</b>
- When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
- @<i>domain</i>.
+ When a mail address localpart contains the optional recipient delimiter
+ (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order becomes: <i>user+foo</i>@<i>domain</i>,
+ <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and @<i>domain</i>.
- The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
- whether an unmatched address extension (<i>+foo</i>) is propa-
- gated to the result of table lookup.
+ The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls whether an
+ unmatched address extension (<i>+foo</i>) is propagated to the result of table
+ lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
- Besides virtual aliases, the virtual alias table can also
- be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
- alias domain, all recipient addresses are aliased to
- addresses in other domains.
-
- Virtual alias domains are not to be confused with the vir-
- tual mailbox domains that are implemented with the Postfix
- <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
- domains, each recipient address can have its own mailbox.
-
- With a virtual alias domain, the virtual domain has its
- own user name space. Local (i.e. non-virtual) usernames
- are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
- local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
- as <i>localname@virtual-alias.domain</i>.
+ Besides virtual aliases, the virtual alias table can also be used to
+ implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual alias domain, all
+ recipient addresses are aliased to addresses in other domains.
+
+ Virtual alias domains are not to be confused with the virtual mailbox
+ domains that are implemented with the Postfix <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery
+ agent. With virtual mailbox domains, each recipient address can have
+ its own mailbox.
+
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its own user name
+ space. Local (i.e. non-virtual) usernames are not visible in a virtual
+ alias domain. In particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists
+ are not visible as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = <a href="DATABASE_README.html#types">hash</a>:/etc/postfix/virtual
- Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See
- the output from "<b>postconf -m</b>" for available database
- types.
+ Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. See the output
+ from "<b>postconf -m</b>" for available database types.
/etc/postfix/virtual:
<i>virtual-alias.domain anything</i> (right-hand content does not matter)
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
- The <i>virtual-alias.domain anything</i> entry is required for a
- <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
- <b>with "relay access denied", or bounces with "mail loops</b>
- <b>back to myself".</b>
+ The <i>virtual-alias.domain anything</i> entry is required for a virtual alias
+ domain. <b>Without this entry, mail is rejected with "relay access</b>
+ <b>denied", or bounces with "mail loops back to myself".</b>
- Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</b></a>
-
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
+ Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b>
+ or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
- With a virtual alias domain, the Postfix SMTP server
- accepts mail for <i>known-user@virtual-alias.domain</i>, and
- rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
- undeliverable.
+ With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the Postfix SMTP server accepts mail for
+ <i>known-user@virtual-alias.domain</i>, and rejects mail for <i>unknown-user</i>@<i>vir-</i>
+ <i>tual-alias.domain</i> as undeliverable.
- Instead of specifying the virtual alias domain name via
- the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
- the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
- This latter parameter uses the same syntax as the <a href="postconf.5.html"><b>main.cf</b></a>
- <b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
+ Instead of specifying the virtual alias domain name via the <b><a href="postconf.5.html#virtual_alias_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a></b> table, you may also specify it via the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#virtual_alias_domains">vir-</b>
+ <b>tual_alias_domains</a></b> configuration parameter. This latter parameter uses
+ the same syntax as the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
- the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
+ This section describes how the table lookups change when the table is
+ given in the form of regular expressions. For a description of regular
+ expression lookup table syntax, see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
- the entire address being looked up. Thus, <i>user@domain</i> mail
- addresses are not broken up into their <i>user</i> and <i>@domain</i>
- constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
- <i>foo</i>.
+ Each pattern is a regular expression that is applied to the entire
+ address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
+ ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
+ broken up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
- string.
+ Patterns are applied in the order as specified in the table, until a
+ pattern is found that matches the search string.
- Results are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
- the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
+ Results are the same as with indexed file lookups, with the additional
+ feature that parenthesized substrings from the pattern can be interpo-
+ lated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
- lookups are directed to a TCP-based server. For a descrip-
- tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
- <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.4.
+ This section describes how the table lookups change when lookups are
+ directed to a TCP-based server. For a description of the TCP
+ client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not
+ available up to and including Postfix version 2.4.
- Each lookup operation uses the entire address once. Thus,
- <i>user@domain</i> mail addresses are not broken up into their
- <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
- up into <i>user</i> and <i>foo</i>.
+ Each lookup operation uses the entire address once. Thus, <i>user@domain</i>
+ mail addresses are not broken up into their <i>user</i> and <i>@domain</i> con-
+ stituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
- to this topic. See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax
- details and for default values. Use the "<b>postfix reload</b>"
- command after a configuration change.
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this topic.
+ See the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file for syntax details and for default values.
+ Use the "<b>postfix reload</b>" command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
- List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
-
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
+ List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same syntax as the
+ <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
- A list of address rewriting or forwarding mecha-
- nisms that propagate an address extension from the
- original address to the result. Specify zero or
- more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
- <b>include</b>, or <b>generic</b>.
+ A list of address rewriting or forwarding mechanisms that propa-
+ gate an address extension from the original address to the
+ result. Specify zero or more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>for-</b>
+ <b>ward</b>, <b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
- The network interface addresses that this system
- receives mail on. You need to stop and start Post-
- fix when this parameter changes.
+ The network interface addresses that this system receives mail
+ on. You need to stop and start Postfix when this parameter
+ changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
- List of domains that this mail system considers
- local.
+ List of domains that this mail system considers local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
- The domain that is appended to any address that
- does not have a domain.
+ The domain that is appended to any address that does not have a
+ domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
- Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
- addresses.
+ Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> addresses.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
- Other interfaces that this machine receives mail on
- by way of a proxy agent or network address transla-
- tor.
+ Other interfaces that this machine receives mail on by way of a
+ proxy agent or network address translator.
<b>SEE ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue mail
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
Wietse Venema
<b>virtual</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is designed for virtual mail
- hosting services. Originally based on the Postfix <a href="local.8.html"><b>local</b>(8)</a>
- delivery agent, this agent looks up recipients with map
- lookups of their full recipient address, instead of using
- hard-coded unix password file lookups of the address local
- part only.
-
- This delivery agent only delivers mail. Other features
- such as mail forwarding, out-of-office notifications,
- etc., must be configured via virtual_alias maps or via
- similar lookup mechanisms.
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is designed for virtual mail hosting ser-
+ vices. Originally based on the Postfix <a href="local.8.html"><b>local</b>(8)</a> delivery agent, this
+ agent looks up recipients with map lookups of their full recipient
+ address, instead of using hard-coded unix password file lookups of the
+ address local part only.
+
+ This delivery agent only delivers mail. Other features such as mail
+ forwarding, out-of-office notifications, etc., must be configured via
+ virtual_alias maps or via similar lookup mechanisms.
<b>MAILBOX LOCATION</b>
- The mailbox location is controlled by the <b><a href="postconf.5.html#virtual_mailbox_base">virtual_mail</a>-</b>
- <b><a href="postconf.5.html#virtual_mailbox_base">box_base</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b> configuration parameters
- (see below). The <b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a></b> table is indexed by
- the recipient address as described under TABLE SEARCH
- ORDER below.
+ The mailbox location is controlled by the <b><a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a></b> and <b><a href="postconf.5.html#virtual_mailbox_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a></b> configuration parameters (see below). The <b><a href="postconf.5.html#virtual_mailbox_maps">vir-</b>
+ <b>tual_mailbox_maps</a></b> table is indexed by the recipient address as
+ described under TABLE SEARCH ORDER below.
The mailbox pathname is constructed as follows:
where <i>recipient</i> is the full recipient address.
<b>UNIX MAILBOX FORMAT</b>
- When the mailbox location does not end in <b>/</b>, the message
- is delivered in UNIX mailbox format. This format stores
- multiple messages in one textfile.
-
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a "<b>From</b> <i>sender</i>
- <i>time</i><b>_</b><i>stamp</i>" envelope header to each message, prepends a
- <b>Delivered-To:</b> message header with the envelope recipient
- address, prepends an <b>X-Original-To:</b> header with the recip-
- ient address as given to Postfix, prepends a <b>Return-Path:</b>
- message header with the envelope sender address, prepends
- a > character to lines beginning with "<b>From</b> ", and appends
- an empty line.
-
- The mailbox is locked for exclusive access while delivery
- is in progress. In case of problems, an attempt is made to
- truncate the mailbox to its original length.
+ When the mailbox location does not end in <b>/</b>, the message is delivered
+ in UNIX mailbox format. This format stores multiple messages in one
+ textfile.
+
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" enve-
+ lope header to each message, prepends a <b>Delivered-To:</b> message header
+ with the envelope recipient address, prepends an <b>X-Original-To:</b> header
+ with the recipient address as given to Postfix, prepends a <b>Return-Path:</b>
+ message header with the envelope sender address, prepends a > character
+ to lines beginning with "<b>From</b> ", and appends an empty line.
+
+ The mailbox is locked for exclusive access while delivery is in
+ progress. In case of problems, an attempt is made to truncate the mail-
+ box to its original length.
<b>QMAIL MAILDIR FORMAT</b>
- When the mailbox location ends in <b>/</b>, the message is deliv-
- ered in qmail <b>maildir</b> format. This format stores one mes-
- sage per file.
+ When the mailbox location ends in <b>/</b>, the message is delivered in qmail
+ <b>maildir</b> format. This format stores one message per file.
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a <b>Delivered-To:</b>
- message header with the final envelope recipient address,
- prepends an <b>X-Original-To:</b> header with the recipient
- address as given to Postfix, and prepends a <b>Return-Path:</b>
- message header with the envelope sender address.
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends a <b>Delivered-To:</b> message header
+ with the final envelope recipient address, prepends an <b>X-Original-To:</b>
+ header with the recipient address as given to Postfix, and prepends a
+ <b>Return-Path:</b> message header with the envelope sender address.
- By definition, <b>maildir</b> format does not require applica-
- tion-level file locking during mail delivery or retrieval.
+ By definition, <b>maildir</b> format does not require application-level file
+ locking during mail delivery or retrieval.
<b>MAILBOX OWNERSHIP</b>
- Mailbox ownership is controlled by the <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b>
- and <b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a></b> lookup tables, which are indexed with
- the full recipient address. Each table provides a string
- with the numerical user and group ID, respectively.
+ Mailbox ownership is controlled by the <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b> and <b><a href="postconf.5.html#virtual_gid_maps">vir</a>-</b>
+ <b><a href="postconf.5.html#virtual_gid_maps">tual_gid_maps</a></b> lookup tables, which are indexed with the full recipient
+ address. Each table provides a string with the numerical user and group
+ ID, respectively.
- The <b><a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a></b> parameter imposes a lower bound on
- numerical user ID values that may be specified in any <b><a href="postconf.5.html#virtual_uid_maps">vir</a>-</b>
- <b><a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a></b>.
+ The <b><a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a></b> parameter imposes a lower bound on numerical
+ user ID values that may be specified in any <b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a></b>.
<b>CASE FOLDING</b>
- All delivery decisions are made using the full recipient
- address, folded to lower case. See also the next section
- for a few exceptions with optional address extensions.
+ All delivery decisions are made using the full recipient address,
+ folded to lower case. See also the next section for a few exceptions
+ with optional address extensions.
<b>TABLE SEARCH ORDER</b>
- Normally, a lookup table is specified as a text file that
- serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an
- indexed file in <b>dbm</b> or <b>db</b> format, is used for fast search-
- ing by the mail system.
+ Normally, a lookup table is specified as a text file that serves as
+ input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file in <b>dbm</b> or
+ <b>db</b> format, is used for fast searching by the mail system.
- The search order is as follows. The search stops upon the
- first successful lookup.
+ The search order is as follows. The search stops upon the first suc-
+ cessful lookup.
- <b>o</b> When the recipient has an optional address exten-
- sion the <i>user+extension@domain.tld</i> address is
- looked up first.
+ <b>o</b> When the recipient has an optional address extension the
+ <i>user+extension@domain.tld</i> address is looked up first.
- With Postfix versions before 2.1, the optional
- address extension is always ignored.
+ With Postfix versions before 2.1, the optional address extension
+ is always ignored.
- <b>o</b> The <i>user@domain.tld</i> address, without address exten-
- sion, is looked up next.
+ <b>o</b> The <i>user@domain.tld</i> address, without address extension, is
+ looked up next.
<b>o</b> Finally, the recipient <i>@domain</i> is looked up.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
- indexed files.
+ When the table is provided via other means such as NIS, LDAP or SQL,
+ the same lookups are done as for ordinary indexed files.
- Alternatively, a table can be provided as a regular-
- expression map where patterns are given as regular expres-
- sions. In that case, only the full recipient address is
- given to the regular-expression map.
+ Alternatively, a table can be provided as a regular-expression map
+ where patterns are given as regular expressions. In that case, only the
+ full recipient address is given to the regular-expression map.
<b>SECURITY</b>
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is not security sensitive,
- provided that the lookup tables with recipient user/group
- ID information are adequately protected. This program is
- not designed to run chrooted.
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent is not security sensitive, provided that
+ the lookup tables with recipient user/group ID information are ade-
+ quately protected. This program is not designed to run chrooted.
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent disallows regular expression
- substitution of $1 etc. in regular expression lookup
- tables, because that would open a security hole.
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent disallows regular expression substitution
+ of $1 etc. in regular expression lookup tables, because that would open
+ a security hole.
- The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent will silently ignore
- requests to use the <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server. Instead it will
- open the table directly. Before Postfix version 2.2, the
- virtual delivery agent will terminate with a fatal error.
+ The <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server. Instead it will open the table directly. Before
+ Postfix version 2.2, the virtual delivery agent will terminate with a
+ fatal error.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
- Mail bounces when the recipient has no mailbox or when the
- recipient is over disk quota. In all other cases, mail for
- an existing recipient is deferred and a warning is logged.
+ Mail bounces when the recipient has no mailbox or when the recipient is
+ over disk quota. In all other cases, mail for an existing recipient is
+ deferred and a warning is logged.
- Problems and transactions are logged to <b>syslogd</b>(8). Cor-
- rupted message files are marked so that the queue manager
- can move them to the <b>corrupt</b> queue afterwards.
+ Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
+ files are marked so that the queue manager can move them to the <b>corrupt</b>
+ queue afterwards.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
- the postmaster is notified of bounces and of other trou-
- ble.
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ ter is notified of bounces and of other trouble.
<b>BUGS</b>
- This delivery agent supports address extensions in email
- addresses and in lookup table keys, but does not propagate
- address extension information to the result of table
- lookup.
+ This delivery agent supports address extensions in email addresses and
+ in lookup table keys, but does not propagate address extension informa-
+ tion to the result of table lookup.
- Postfix should have lookup tables that can return multiple
- result attributes. In order to avoid the inconvenience of
- maintaining three tables, use an LDAP or MYSQL database.
+ Postfix should have lookup tables that can return multiple result
+ attributes. In order to avoid the inconvenience of maintaining three
+ tables, use an LDAP or MYSQL database.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="virtual.8.html"><b>vir-</b></a>
- <a href="virtual.8.html"><b>tual</b>(8)</a> processes run for only a limited amount of time.
- Use the command "<b>postfix reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="virtual.8.html"><b>virtual</b>(8)</a> processes
+ run for only a limited amount of time. Use the command "<b>postfix reload</b>"
+ to speed up a change.
- The text below provides only a parameter summary. See
- <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ more details including examples.
<b>MAILBOX DELIVERY CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_base">virtual_mailbox_base</a> (empty)</b>
- A prefix that the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent
- prepends to all pathname results from $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
- <a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> table lookups.
+ A prefix that the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent prepends to all
+ pathname results from $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> table lookups.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in
- th
e domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ Optional lookup tables with all valid addresses in the domains
+ that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#virtual_minimum_uid">virtual_minimum_uid</a> (100)</b>
- The minimum user ID value that the <a href="virtual.8.html"><b>virtual</b>(8)</a>
- delivery agent accepts as a result from $<a href="postconf.5.html#virtual_uid_maps">vir</a>-
- <a href="postconf.5.html#virtual_uid_maps">tual_uid_maps</a> table lookup.
+ The minimum user ID value that the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent
+ accepts as a result from $<a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> table lookup.
<b><a href="postconf.5.html#virtual_uid_maps">virtual_uid_maps</a> (empty)</b>
- Lookup tables with the per-recipient user ID that
- the <a href="virtual.8.html"><b>virtual</b>(8)</a> delivery agent uses while writing to
- the recipient's mailbox.
+ Lookup tables with the per-recipient user ID that the <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ delivery agent uses while writing to the recipient's mailbox.
<b><a href="postconf.5.html#virtual_gid_maps">virtual_gid_maps</a> (empty)</b>
- Lookup tables with the per-recipient group ID for
- <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox delivery.
+ Lookup tables with the per-recipient group ID for <a href="virtual.8.html"><b>virtual</b>(8)</a>
+ mailbox delivery.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
- Postfix is final destination for the specified list
- of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
- <a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
+ Postfix is final destination for the specified list of domains;
+ mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
+ transport.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
- The default mail delivery transport and next-hop
- destination for final delivery to domains listed
- with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+ The default mail delivery transport and next-hop destination for
+ final delivery to domains listed with $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by
- its recipient.
+ Defer delivery when a mailbox file is not owned by its recipi-
+ ent.
<b>LOCKING CONTROLS</b>
<b><a href="postconf.5.html#virtual_mailbox_lock">virtual_mailbox_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before
- attempting delivery.
+ How to lock a UNIX-style <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox before attempting
+ delivery.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
- The maximal number of attempts to acquire an exclu-
-
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The maximal number of attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
-
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+ The time between attempts to acquire an exclusive lock on a
+ mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox
- lockfile is removed.
+ The time after which a stale exclusive mailbox lockfile is
+ removed.
<b>RESOURCE AND RATE CONTROLS</b>
- <b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the virtual message delivery
- transport.
+ <b><a href="postconf.5.html#virtual_destination_concurrency_limit">virtual_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
+ The maximal number of parallel deliveries to the same destina-
+ tion via the virtual message delivery transport.
- <b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
- <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per message for
- the virtual message delivery transport.
+ <b><a href="postconf.5.html#virtual_destination_recipient_limit">virtual_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
+ The maximal number of recipients per message for the virtual
+ message delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_limit">virtual_mailbox_limit</a> (51200000)</b>
- The maximal size in bytes of an individual <a href="virtual.8.html"><b>vir-</b></a>
- <a href="virtual.8.html"><b>tual</b>(8)</a> mailbox or maildir file, or zero (no
- limit).
+ The maximal size in bytes of an individual <a href="virtual.8.html"><b>virtual</b>(8)</a> mailbox or
+ maildir file, or zero (no limit).
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
- <a href="master.5.html">master.cf</a> configuration files.
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
- built-in watchdog timer.
+ How much time a Postfix daemon process may take to handle a
+ request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
- point when logging sub-second delay values.
+ The maximal number of digits after the decimal point when log-
+ ging sub-second delay values.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information
- over an internal communication channel.
+ The time limit for sending or receiving information over an
+ internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
- before terminating voluntarily.
+ The maximum amount of time that an idle Postfix daemon process
+ waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
- nating voluntarily.
+ The maximal number of incoming connections that a Postfix daemon
+ process will service before terminating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
- process.
+ The process ID of a Postfix command or daemon process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
- process.
+ The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
- tory.
+ The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
- becomes, for example, "postfix/smtpd".
+ The mail system name that is prepended to the process name in
+ syslog records, so that "smtpd" becomes, for example, "post-
+ fix/smtpd".
<b>SEE ALSO</b>
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
syslogd(8), system logging
<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or
+ "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate this information.
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
- software.
+ The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- This delivery agent was originally based on the Postfix
- local delivery agent. Modifications mainly consisted of
- removing code that either was not applicable or that was
- not safe in this context: aliases, ~user/.forward files,
- delivery to "|command" or to /file/name.
+ This delivery agent was originally based on the Postfix local delivery
+ agent. Modifications mainly consisted of removing code that either was
+ not applicable or that was not safe in this context: aliases,
+ ~user/.forward files, delivery to "|command" or to /file/name.
- The <b>Delivered-To:</b> message header appears in the <b>qmail</b> sys-
- tem by Daniel Bernstein.
+ The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
+ Bernstein.
- The <b>maildir</b> structure appears in the <b>qmail</b> system by
- Daniel Bernstein.
+ The <b>maildir</b> structure appears in the <b>qmail</b> system by Daniel Bernstein.
<b>AUTHOR(S)</b>
Wietse Venema
.fi
\fBManaging main.cf:\fR
-\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR]
[\fB-C \fIclass,...\fR] [\fIparameter ...\fR]
-\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR]
\fIparameter\fB=\fIvalue ...\fR
-\fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR]
\fIparameter ...\fR
-\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR]
\fIparameter ...\fR
\fBManaging master.cf service entries:\fR
-\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR]\fI ...\fR]
-\fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype\fB=\fIvalue ...\fR
-\fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype ...\fR
-\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype ...\fR
\fBManaging master.cf service fields:\fR
-\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
-\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR
\fBManaging master.cf service parameters:\fR
-\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
[\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
-\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR
-\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
\fIservice\fB/\fItype\fB/\fIparameter ...\fR
\fBManaging bounce message templates:\fR
-\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
[\fItemplate_file\fR]
-\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+\fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
[\fItemplate_file\fR]
\fBManaging other configuration:\fR
\fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR]
-[\fB-c \fIconf_dir\fR]
+[\fB-c \fIconfig_dir\fR]
.SH DESCRIPTION
.ad
.fi
line (in shell language: "").
This feature is available with Postfix 2.3 and later.
-.IP "\fB-c \fIconf_dir\fR"
+.IP "\fB-c \fIconfig_dir\fR"
The \fBmain.cf\fR configuration file is in the named directory
instead of the default configuration directory.
.IP "\fB-C \fIclass,...\fR"
.SH "README FILES"
.na
.nf
+.ad
+.fi
Use "\fBpostconf readme_directory\fR" or "\fBpostconf
html_directory\fR" to locate this information.
+.nf
+.na
MULTI_INSTANCE_README, Postfix multi-instance management
.SH "HISTORY"
.na
#!/bin/sh
-# Crude script to convert formatted manual pages to HTML
+# Crude script to convert formatted manpages to HTML. Requires GROFF_NO_SGR.
while :
do
s/>/\>/g
s;_\b\([^_]\);<i>\1</i>;g
s;.\b\(.\);<b>\1</b>;g
- # Why change nroff to hard-coded ANSI escape sequences?
+
+ # Begin incomplete workarounds for grotty SGR escape sequences.
#/'$ESC'\[0m$/{
# /'$ESC'\[1m[^'$ESC']*'$ESC'\[0m$/{
# # Here, ESC[0m means end-of-bold.
#s;'$ESC'\[24m;</i>;g
# Undo gratuitous whitespace changes.
#s;\( *\)\(</[bi]>\);\2\1;g
- # End nroff ANSI escape sequence workarounds.
+ # End workarounds for grotty SGR escape sequences.
+
s;</i>\( *\)<i>;\1;g
s;</b>\( *\)<b>;\1;g
-' "$@" | egrep -v 'postconf (readme|html)_direc|tory</b>" *to *locate *this'
+
+ # Skip the redundant readme/html_directory blurb. The
+ # document names that follow will be hyperlinked.
+ /^<b>README FILES/{
+ h
+ N
+ N
+ g
+ }
+' "$@"
echo '</pre> </body> </html>'
s;\baddress_verify_virtual_transport\b;<a href="postconf.5.html#address_verify_virtual_transport">$&</a>;g;
s;\balias_database\b;<a href="postconf.5.html#alias_database">$&</a>;g;
s;\balias_maps\b;<a href="postconf.5.html#alias_maps">$&</a>;g;
- s;\ballow_mail_to_commands\b;<a href="postconf.5.html#allow_mail_to_commands">$&</a>;g;
+ s;\ballow_mail_to_com
[-</bB>]*\n*[ <bB>]*mands\b;<a href="postconf.5.html#allow_mail_to_commands">$&</a>;g;
s;\ballow_mail_to_files\b;<a href="postconf.5.html#allow_mail_to_files">$&</a>;g;
s;\ballow_min_user\b;<a href="postconf.5.html#allow_min_user">$&</a>;g;
s;\ballow_percent_hack\b;<a href="postconf.5.html#allow_percent_hack">$&</a>;g;
s;\bbounce_queue_lifetime\b;<a href="postconf.5.html#bounce_queue_lifetime">$&</a>;g;
s;\bbounce_service_name\b;<a href="postconf.5.html#bounce_service_name">$&</a>;g;
s;\bbounce_size_limit\b;<a href="postconf.5.html#bounce_size_limit">$&</a>;g;
- s;\bbounce_template_file\b;<a href="postconf.5.html#bounce_template_file">$&</a>;g;
+ s;\bbounce_tem
[-</bB>]*\n* *[<bB>]*plate_file\b;<a href="postconf.5.html#bounce_template_file">$&</a>;g;
s;\bbroken_sasl_auth_clients\b;<a href="postconf.5.html#broken_sasl_auth_clients">$&</a>;g;
s;\bcanonical_classes\b;<a href="postconf.5.html#canonical_classes">$&</a>;g;
s;\bcanonical_maps\b;<a href="postconf.5.html#canonical_maps">$&</a>;g;
s;\bnon_smtpd_milters\b;<a href="postconf.5.html#non_smtpd_milters">$&</a>;g;
s;\bcleanup_service_name\b;<a href="postconf.5.html#cleanup_service_name">$&</a>;g;
s;\bcommand_execu[-</bB>]*\n* *[<bB>]*tion_direc[-</bB>]*\n* *[<bB>]*tory\b;<a href="postconf.5.html#command_execution_directory">$&</a>;g;
- s;\bexecu[-</bB>]*\n* *[<bB>]*tion_directory_expansion_filter\b;<a href="postconf.5.html#execution_directory_expansion_filter">$&</a>;g;
+ s;\bexecu[-</bB>]*\n* *[<bB>]*tion_direc
[-</bB>]*\n* *[<bB>]*tory_expansion_filter\b;<a href="postconf.5.html#execution_directory_expansion_filter">$&</a>;g;
s;\banvil_status_update_time\b;<a href="postconf.5.html#anvil_status_update_time">$&</a>;g;
s;\bcommand_direc[-</bB>]*\n* *[<bB>]*tory\b;<a href="postconf.5.html#command_directory">$&</a>;g;
s;\bcommand_expan[-</bB>]*\n* *[<bB>]*sion_filter\b;<a href="postconf.5.html#command_expansion_filter">$&</a>;g;
s;\bcommand_time_limit\b;<a href="postconf.5.html#command_time_limit">$&</a>;g;
- s;\bconfig_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#config_directory">$&</a>;g;
+ s;\bcon
[-</bB>]*\n*[ <bB>]*fig_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#config_directory">$&</a>;g;
s;\bcon[-</bB>]*\n*[ <bB>]*tent_filter\b;<a href="postconf.5.html#content_filter">$&</a>;g;
s;\bdata_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#data_directory">$&</a>;g;
s;\bdae[-</bB>]*\n*[ <bB>]*mon_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#daemon_directory">$&</a>;g;
s;\bdefault_deliv[-</Bb>]*\n* *[<Bb>]*ery_slot_discount\b;<a href="postconf.5.html#default_delivery_slot_discount">$&</a>;g;
s;\bdefault_deliv[-</Bb>]*\n* *[<Bb>]*ery_slot_loan\b;<a href="postconf.5.html#default_delivery_slot_loan">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_concur[-</Bb>]*\n* *[<Bb>]*rency_limit\b;<a href="postconf.5.html#default_destination_concurrency_limit">$&</a>;g;
- s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#default_destination_recipient_limit">$&</a>;g;
+ s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_recip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_limit\b;<a href="postconf.5.html#default_destination_recipient_limit">$&</a>;g;
s;\bdefault_extra_recipi[-</bB>]*\n* *[<bB>]*ent_limit\b;<a href="postconf.5.html#default_extra_recipient_limit">$&</a>;g;
s;\bdefault_minimum_deliv[-</Bb>]*\n* *[<Bb>]*ery_slots\b;<a href="postconf.5.html#default_minimum_delivery_slots">$&</a>;g;
s;\bdefault_privs\b;<a href="postconf.5.html#default_privs">$&</a>;g;
s;\bdefault_transport\b;<a href="postconf.5.html#default_transport">$&</a>;g;
s;\bsender[-</bB>]*\n* *[<bB>]*_de[-</bB>]*\n* *[<bB>]*pen[-</bB>]*\n* *[<bB>]*dent_de[-</bB>]*\n* *[<bB>]*fault[-</bB>]*\n* *[<bB>]*_trans[-</bB>]*\n* *[<bB>]*port[-</bB>]*\n* *[<bB>]*_maps\b;<a href="postconf.5.html#sender_dependent_default_transport_maps">$&</a>;g;
s;\bempty_address_default_transport_maps_lookup_key\b;<a href="postconf.5.html#empty_address_default_transport_maps_lookup_key">$&</a>;g;
- s;\bdefault_verp_delimiters\b;<a href="postconf.5.html#default_verp_delimiters">$&</a>;g;
+ s;\bdefault_verp_delim
[-</bB>]*\n* *[<bB>]*iters\b;<a href="postconf.5.html#default_verp_delimiters">$&</a>;g;
s;\bdefer_code\b;<a href="postconf.5.html#defer_code">$&</a>;g;
s;\bdefer_service_name\b;<a href="postconf.5.html#defer_service_name">$&</a>;g;
s;\bdefer_transports\b;<a href="postconf.5.html#defer_transports">$&</a>;g;
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
s;\binet_inter[-</bB>]*\n*[ <bB>]*faces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
s;\binet_protocols\b;<a href="postconf.5.html#inet_protocols">$&</a>;g;
- s;\binitial_desti[-</bB>]*\n*[ <bB>]*nation_concurrency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
+ s;\binitial_desti[-</bB>]*\n*[ <bB>]*nation_concur
[-</bB>]*\n*[ <bB>]*rency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
s;\binvalid_hostname_reject_code\b;<a href="postconf.5.html#invalid_hostname_reject_code">$&</a>;g;
s;\bipc_idle\b;<a href="postconf.5.html#ipc_idle">$&</a>;g;
s;\bipc_timeout\b;<a href="postconf.5.html#ipc_timeout">$&</a>;g;
s;\blmtp_tcp_port\b;<a href="postconf.5.html#lmtp_tcp_port">$&</a>;g;
s;\blmtp_xforward_timeout\b;<a href="postconf.5.html#lmtp_xforward_timeout">$&</a>;g;
s;\blocal_command_shell\b;<a href="postconf.5.html#local_command_shell">$&</a>;g;
- s;\blocal_destination_concurrency_limit\b;<a href="postconf.5.html#local_destination_concurrency_limit">$&</a>;g;
- s;\blocal_destination_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#local_destination_recipient_limit">$&</a>;g;
+ s;\blocal_destina
[-</bB>]*\n* *[<bB>]*tion_concurrency_limit\b;<a href="postconf.5.html#local_destination_concurrency_limit">$&</a>;g;
+ s;\blocal_destina
[-</bB>]*\n* *[<bB>]*tion_recip[-</bB>]*\n* *[<bB>]*ient_limit\b;<a href="postconf.5.html#local_destination_recipient_limit">$&</a>;g;
s;\blocal_recip[-</bB>]*\n* *[<bB>]*ient_maps\b;<a href="postconf.5.html#local_recipient_maps">$&</a>;g;
s;\blocal_transport\b;<a href="postconf.5.html#local_transport">$&</a>;g;
s;\bluser_relay\b;<a href="postconf.5.html#luser_relay">$&</a>;g;
- s;\blocal_header_rewrite_clients\b;<a href="postconf.5.html#local_header_rewrite_clients">$&</a>;g;
+ s;\blocal_header_re
[-</bB>]*\n* *[<bB>]*write_clients\b;<a href="postconf.5.html#local_header_rewrite_clients">$&</a>;g;
s;\bmail_name\b;<a href="postconf.5.html#mail_name">$&</a>;g;
s;\bmail_owner\b;<a href="postconf.5.html#mail_owner">$&</a>;g;
s;\bmail_release_date\b;<a href="postconf.5.html#mail_release_date">$&</a>;g;
s;\bmanpage_directory\b;<a href="postconf.5.html#manpage_directory">$&</a>;g;
s;\bmaps_rbl_domains\b;<a href="postconf.5.html#maps_rbl_domains">$&</a>;g;
s;\bmaps_rbl_reject_code\b;<a href="postconf.5.html#maps_rbl_reject_code">$&</a>;g;
- s;\bmasquerade_classes\b;<a href="postconf.5.html#masquerade_classes">$&</a>;g;
- s;\bmasquerade_domains\b;<a href="postconf.5.html#masquerade_domains">$&</a>;g;
- s;\bmasquerade_exceptions\b;<a href="postconf.5.html#masquerade_exceptions">$&</a>;g;
+ s;\bmasquer
[-</bB>]*\n* *[<bB>]*ade_classes\b;<a href="postconf.5.html#masquerade_classes">$&</a>;g;
+ s;\bmasquer
[-</bB>]*\n* *[<bB>]*ade_domains\b;<a href="postconf.5.html#masquerade_domains">$&</a>;g;
+ s;\bmasquer
[-</bB>]*\n* *[<bB>]*ade_exceptions\b;<a href="postconf.5.html#masquerade_exceptions">$&</a>;g;
s;\bmaster_service_disable\b;<a href="postconf.5.html#master_service_disable">$&</a>;g;
s;\bmax_idle\b;<a href="postconf.5.html#max_idle">$&</a>;g;
s;\bmax_use\b;<a href="postconf.5.html#max_use">$&</a>;g;
s;\bpermit_mx_backup_networks\b;<a href="postconf.5.html#permit_mx_backup_networks">$&</a>;g;
s;\bpickup_service_name\b;<a href="postconf.5.html#pickup_service_name">$&</a>;g;
s;\bplaintext_reject_code\b;<a href="postconf.5.html#plaintext_reject_code">$&</a>;g;
- s;\bpostmulti_start_commands\b;<a href="postconf.5.html#postmulti_start_commands">$&</a>;g;
- s;\bpostmulti_stop_commands\b;<a href="postconf.5.html#postmulti_stop_commands">$&</a>;g;
- s;\bpost
multi_con[-</bB>]*\n* *[<bB>]*trol_commands\b;<a href="postconf.5.html#postmulti_control_commands">$&</a>;g;
+ s;\bpost
[-</bB>]*\n* *[<bB>]*multi_start_commands\b;<a href="postconf.5.html#postmulti_start_commands">$&</a>;g;
+ s;\bpost
[-</bB>]*\n* *[<bB>]*multi_stop_commands\b;<a href="postconf.5.html#postmulti_stop_commands">$&</a>;g;
+ s;\bpost
[-</bB>]*\n* *[<bB>]*multi_con[-</bB>]*\n* *[<bB>]*trol_com[-</bB>]*\n* *[<bB>]*mands\b;<a href="postconf.5.html#postmulti_control_commands">$&</a>;g;
s;\bprepend_delivered_header\b;<a href="postconf.5.html#prepend_delivered_header">$&</a>;g;
s;\bprocess_id\b;<a href="postconf.5.html#process_id">$&</a>;g;
s;\bprocess_id_directory\b;<a href="postconf.5.html#process_id_directory">$&</a>;g;
s;\bqmgr_ipc_timeout\b;<a href="postconf.5.html#qmgr_ipc_timeout">$&</a>;g;
s;\bqmqpd_authorized_clients\b;<a href="postconf.5.html#qmqpd_authorized_clients">$&</a>;g;
- s;\bdefault_desti
nation_concur[-</Bb>]*\n* *[<Bb>]*rency_negative_feedback\b;<a href="postconf.5.html#default_destination_concurrency_negative_feedback">$&</a>;g;
- s;\bdefault_desti
nation_concur[-</Bb>]*\n* *[<Bb>]*rency_positive_feedback\b;<a href="postconf.5.html#default_destination_concurrency_positive_feedback">$&</a>;g;
- s;\bdefault_desti
nation_con[-</Bb>]*\n* *[<Bb>]*currency_failed_cohort_limit\b;<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">$&</a>;g;
+ s;\bdefault_desti
[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_concur[-</Bb>]*\n* *[<Bb>]*rency_negative_feedback\b;<a href="postconf.5.html#default_destination_concurrency_negative_feedback">$&</a>;g;
+ s;\bdefault_desti
[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_concur[-</Bb>]*\n* *[<Bb>]*rency_positive_feedback\b;<a href="postconf.5.html#default_destination_concurrency_positive_feedback">$&</a>;g;
+ s;\bdefault_desti
[-</Bb>]*\n* *[<Bb>]*na[-</Bb>]*\n* *[<Bb>]*tion_con[-</Bb>]*\n* *[<Bb>]*currency_failed_cohort_limit\b;<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">$&</a>;g;
s;\bdestination_concurrency_feedback_debug\b;<a href="postconf.5.html#destination_concurrency_feedback_debug">$&</a>;g;
s;\bdefault_destina[-</Bb>]*\n* *[<Bb>]*tion_rate_delay\b;<a href="postconf.5.html#default_destination_rate_delay">$&</a>;g;
s;\brbl_reply_maps\b;<a href="postconf.5.html#rbl_reply_maps">$&</a>;g;
s;\breadme_directory\b;<a href="postconf.5.html#readme_directory">$&</a>;g;
s;\breceive_override_options\b;<a href="postconf.5.html#receive_override_options">$&</a>;g;
- s;\bremote_header_rewrite_domain\b;<a href="postconf.5.html#remote_header_rewrite_domain">$&</a>;g;
+ s;\bremote_header_re
[-</bB>]*\n* *[<bB>]*write_domain\b;<a href="postconf.5.html#remote_header_rewrite_domain">$&</a>;g;
s;\bno_unknown_recip[-</bB>]*\n* *[<bB>]*ient_checks\b;<a href="postconf.5.html#no_unknown_recipient_checks">$&</a>;g;
s;\bno_address_mappings\b;<a href="postconf.5.html#no_address_mappings">$&</a>;g;
s;\bno_header_body_checks\b;<a href="postconf.5.html#no_header_body_checks">$&</a>;g;
s;\bno_milters\b;<a href="postconf.5.html#no_milters">$&</a>;g;
- s;\brecip[-</bB>]*\n* *[<bB>]*ient_bcc_maps\b;<a href="postconf.5.html#recipient_bcc_maps">$&</a>;g;
- s;\brecip[-</bB>]*\n* *[<bB>]*ient_canoni[-</bB>]*\n* *[<bB>]*cal_classes\b;<a href="postconf.5.html#recipient_canonical_classes">$&</a>;g;
- s;\brecip[-</bB>]*\n* *[<bB>]*ient_canoni[-</bB>]*\n* *[<bB>]*cal_maps\b;<a href="postconf.5.html#recipient_canonical_maps">$&</a>;g;
- s;\brecip[-</bB>]*\n* *[<bB>]*ient_delim[-</bB>]*\n* *[<bB>]*iter\b;<a href="postconf.5.html#recipient_delimiter">$&<\/a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_bcc_maps\b;<a href="postconf.5.html#recipient_bcc_maps">$&</a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_canoni[-</bB>]*\n* *[<bB>]*cal_classes\b;<a href="postconf.5.html#recipient_canonical_classes">$&</a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_canoni[-</bB>]*\n* *[<bB>]*cal_maps\b;<a href="postconf.5.html#recipient_canonical_maps">$&</a>;g;
+ s;\brecip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_delim[-</bB>]*\n* *[<bB>]*iter\b;<a href="postconf.5.html#recipient_delimiter">$&<\/a>;g;
s;\breject_code\b;<a href="postconf.5.html#reject_code">$&</a>;g;
s;\breject_temp[-</bB>]*\n* *[<bB>]*fail_action\b;<a href="postconf.5.html#reject_tempfail_action">$&</a>;g;
s;\brelay_clientcerts\b;<a href="postconf.5.html#relay_clientcerts">$&</a>;g;
s;\bsender_bcc_maps\b;<a href="postconf.5.html#sender_bcc_maps">$&</a>;g;
s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;
s;\bsender_canonical_maps\b;<a href="postconf.5.html#sender_canonical_maps">$&</a>;g;
- s;\bsender_de[-</bB>]*\n* *[<bB>]*pendent_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_dependent_relayhost_maps">$&</a>;g;
+ s;\bsender_de[-</bB>]*\n* *[<bB>]*pen
[-</bB>]*\n* *[<bB>]*dent_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_dependent_relayhost_maps">$&</a>;g;
s;\bempty_address_relayhost_maps_lookup_key\b;<a href="postconf.5.html#empty_address_relayhost_maps_lookup_key">$&</a>;g;
s;\bsendmail_path\b;<a href="postconf.5.html#sendmail_path">$&</a>;g;
s;\bsendmail_fix_line_endings\b;<a href="postconf.5.html#sendmail_fix_line_endings">$&</a>;g;
s;\bsmtpd_autho[-</bB>]*\n*[ <bB>]*rized_xclient_hosts\b;<a href="postconf.5.html#smtpd_authorized_xclient_hosts">$&</a>;g;
s;\bsmtpd_autho[-</bB>]*\n*[ <bB>]*rized_xforward_hosts\b;<a href="postconf.5.html#smtpd_authorized_xforward_hosts">$&</a>;g;
s;\bsmtpd_ban[-</bB>]*\n*[ <bB>]*ner\b;<a href="postconf.5.html#smtpd_banner">$&</a>;g;
- s;\bsmtpd_client_connection_count_limit\b;<a href="postconf.5.html#smtpd_client_connection_count_limit">$&</a>;g;
+ s;\bsmtpd_client_connec
[-</bB>]*\n*[ <bB>]*tion_count_limit\b;<a href="postconf.5.html#smtpd_client_connection_count_limit">$&</a>;g;
s;\bsmtpd_client_event_limit_exceptions\b;<a href="postconf.5.html#smtpd_client_event_limit_exceptions">$&</a>;g;
- s;\bsmtpd_client_connection_rate_limit\b;<a href="postconf.5.html#smtpd_client_connection_rate_limit">$&</a>;g;
+ s;\bsmtpd_client_connec
[-</bB>]*\n*[ <bB>]*tion_rate_limit\b;<a href="postconf.5.html#smtpd_client_connection_rate_limit">$&</a>;g;
s;\bsmtpd_client_message_rate_limit\b;<a href="postconf.5.html#smtpd_client_message_rate_limit">$&</a>;g;
s;\bsmtpd_client_port_logging\b;<a href="postconf.5.html#smtpd_client_port_logging">$&</a>;g;
s;\bsmtpd_client_recipient_rate_limit\b;<a href="postconf.5.html#smtpd_client_recipient_rate_limit">$&</a>;g;
s;\bsmtp_tls_secure_cert_match\b;<a href="postconf.5.html#smtp_tls_secure_cert_match">$&</a>;g;
s;\bsmtp_tls_trust_anchor_file\b;<a href="postconf.5.html#smtp_tls_trust_anchor_file">$&</a>;g;
s;\bsmtp_tls_scert_verifydepth\b;<a href="postconf.5.html#smtp_tls_scert_verifydepth">$&</a>;g;
- s;\bsmtp_tls_security_level\b;<a href="postconf.5.html#smtp_tls_security_level">$&</a>;g;
+ s;\bsmtp_tls_secu
[-</Bb>]*\n* *[<Bb>]*rity_level\b;<a href="postconf.5.html#smtp_tls_security_level">$&</a>;g;
s;\bsmtp_tls_session_cache_database\b;<a href="postconf.5.html#smtp_tls_session_cache_database">$&</a>;g;
s;\bsmtp_tls_session_cache_timeout\b;<a href="postconf.5.html#smtp_tls_session_cache_timeout">$&</a>;g;
s;\bsmtp_tls_block_early_mail_reply\b;<a href="postconf.5.html#smtp_tls_block_early_mail_reply">$&</a>;g;
s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;
- s;\bsmtpd_starttls_timeout\b;<a href="postconf.5.html#smtpd_starttls_timeout">$&</a>;g;
+ s;\bsmtpd_start
[-</bB>]*\n* *[<bB>]*tls_timeout\b;<a href="postconf.5.html#smtpd_starttls_timeout">$&</a>;g;
s;\bsmtpd_tls_CAfile\b;<a href="postconf.5.html#smtpd_tls_CAfile">$&</a>;g;
s;\bsmtpd_tls_CApath\b;<a href="postconf.5.html#smtpd_tls_CApath">$&</a>;g;
s;\bsmtpd_tls_ask_ccert\b;<a href="postconf.5.html#smtpd_tls_ask_ccert">$&</a>;g;
s;\bsmtpd_tls_req_ccert\b;<a href="postconf.5.html#smtpd_tls_req_ccert">$&</a>;g;
s;\bsmtpd_tls_ses[-</bB>]*\n*[ <bB>]*sion_cache_database\b;<a href="postconf.5.html#smtpd_tls_session_cache_database">$&</a>;g;
s;\bsmtpd_tls_ses[-</bB>]*\n*[ <bB>]*sion_cache_timeout\b;<a href="postconf.5.html#smtpd_tls_session_cache_timeout">$&</a>;g;
- s;\bsmtpd_tls_always_issue_session_ids\b;<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">$&</a>;g;
+ s;\bsmtpd_tls_always_issue_ses
[-</bB>]*\n*[ <bB>]*sion_ids\b;<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">$&</a>;g;
s;\bsmtpd_tls_wrappermode\b;<a href="postconf.5.html#smtpd_tls_wrappermode">$&</a>;g;
s;\bsmtpd_use_tls\b;<a href="postconf.5.html#smtpd_use_tls">$&</a>;g;
s;\bsmtpd_reject_footer\b;<a href="postconf.5.html#smtpd_reject_footer">$&</a>;g;
s/[<bB>]*cleanup[<\/bB>]*\(8\)/<a href="cleanup.8.html">$&<\/a>/g;
s/[<bB>]*defer[<\/bB>]*\(8\)/<a href="defer.8.html">$&<\/a>/g;
s/[<bB>]*dis[-<\/bB>]*\n* *[<bB>]*card[<\/bB>]*\(8\)/<a href="discard.8.html">$&<\/a>/g;
- s/[<bB>]*dnsblog[<\/bB>]*\(8\)/<a href="dnsblog.8.html">$&<\/a>/g;
+ s/[<bB>]*dns
[-<\/Bb>]*\n* *[<Bb>]*blog[<\/bB>]*\(8\)/<a href="dnsblog.8.html">$&<\/a>/g;
s/[<bB>]*error[<\/bB>]*\(8\)/<a href="error.8.html">$&<\/a>/g;
s/[<bB>]*flush[<\/bB>]*\(8\)/<a href="flush.8.html">$&<\/a>/g;
s/[<bB>]*lmtp[<\/bB>]*\(8\)/<a href="lmtp.8.html">$&<\/a>/g;
s/[<bB>]*postmap[<\/bB>]*\(1\)/<a href="postmap.1.html">$&<\/a>/g;
s/[<bB>]*postmulti[<\/bB>]*\(1\)/<a href="postmulti.1.html">$&<\/a>/g;
s/[<bB>]*postqueue[<\/bB>]*\(1\)/<a href="postqueue.1.html">$&<\/a>/g;
- s/[<bB>]*postsuper[<\/bB>]*\(1\)/<a href="postsuper.1.html">$&<\/a>/g;
+ s/[<bB>]*post
[-<\/bB>]*\n*[ <bB>]*super[<\/bB>]*\(1\)/<a href="postsuper.1.html">$&<\/a>/g;
s/[<bB>]*post[-<\/bB>]*\n*[ <bB>]*tls-finger[<\/bB>]*\(1\)/<a href="posttls-finger.1.html">$&<\/a>/g;
s/[<bB>]*send[-<\/bB>]*\n*[ <bB>]*mail[<\/bB>]*\(1\)/<a href="sendmail.1.html">$&<\/a>/g;
s/[<bB>]*smtp-[<\/bB>]*\n* *[<bB>]*source[<\/bB>]*\(1\)/<a href="smtp-source.1.html">$&<\/a>/g;
s/[<bB>]*nisplus[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="nisplus_table.5.html">$&<\/a>/g;
s/[<bB>]*pcre[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="pcre_table.5.html">$&<\/a>/g;
s/[<bB>]*pgsql[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="pgsql_table.5.html">$&<\/a>/g;
- s/[<bB>]*postconf[<\/bB>]*\(5\)/<a href="postconf.5.html">$&<\/a>/g;
+ s/[<bB>]*post
[-<\/Bb>]*\n* *[<Bb>]*conf[<\/bB>]*\(5\)/<a href="postconf.5.html">$&<\/a>/g;
s/[<bB>]*postfix-wrapper[<\/bB>]*\(5\)/<a href="postfix-wrapper.5.html">$&<\/a>/g;
s/[<bB>]*prox[-<\/bB>]*\n*[ <bB>]*ymap[<\/bB>]*\(8\)/<a href="proxymap.8.html">$&<\/a>/g;
s/[<bB>]*reg[-<\/bB>]*\n*[ <bB>]*exp[<\/bBiI>]*_[<\/iIbB>]*ta[-<\/bB>]*\n*[ <bB>]*ble[<\/bB>]*\(5\)/<a href="regexp_table.5.html">$&<\/a>/g;
s;\bcheck_policy_service\b;<a href="postconf.5.html#check_policy_service">$&</a>;g;
s;\bdefer_if_permit\b;<a href="postconf.5.html#defer_if_permit">$&</a>;g;
s;\bdefer_if_reject\b;<a href="postconf.5.html#defer_if_reject">$&</a>;g;
- s;\breject_multi_recip[-</bB>]*\n* *[<bB>]*ient_bounce\b;<a href="postconf.5.html#reject_multi_recipient_bounce">$&</a>;g;
+ s;\breject_multi_recip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent_bounce\b;<a href="postconf.5.html#reject_multi_recipient_bounce">$&</a>;g;
s;\breject_plaintext_session\b;<a href="postconf.5.html#reject_plaintext_session">$&</a>;g;
s;\breject_unauth_pipelining\b;<a href="postconf.5.html#reject_unauth_pipelining">$&</a>;g;
s;\bwarn_if_reject\b;<a href="postconf.5.html#warn_if_reject">$&</a>;g;
s;\breject_non_fqdn_helo_hostname\b;<a href="postconf.5.html#reject_non_fqdn_helo_hostname">$&</a>;g;
s;\breject_non_fqdn_hostname\b;<a href="postconf.5.html#reject_non_fqdn_helo_hostname">$&</a>;g;
s;\breject_rhsbl_helo\b;<a href="postconf.5.html#reject_rhsbl_helo">$&</a>;g;
- s;\breject_unknown_helo_hostname\b;<a href="postconf.5.html#reject_unknown_helo_hostname">$&</a>;g;
+ s;\breject_unknown_helo_host
[-</bB>]*\n* *[<bB>]*name\b;<a href="postconf.5.html#reject_unknown_helo_hostname">$&</a>;g;
s;\breject_unknown_hostname\b;<a href="postconf.5.html#reject_unknown_helo_hostname">$&</a>;g;
# Access restrictions - sender
s;\bdefer_unauth_destination\b;<a href="postconf.5.html#defer_unauth_destination">$&</a>;g;
s;\breject_unknown_recipi[-</bB>]*\n*[ <bB>]*ent_domain\b;<a href="postconf.5.html#reject_unknown_recipient_domain">$&</a>;g;
s;\breject_unlisted_recip[-</bB>]*\n* *[<bB>]*ient\b;<a href="postconf.5.html#reject_unlisted_recipient">$&</a>;g;
- s;\breject_unver[-</bB>]*\n*[ <bB>]*ified_recip[-</bB>]*\n* *[<bB>]*ient\b;<a href="postconf.5.html#reject_unverified_recipient">$&</a>;g;
+ s;\breject_unver[-</bB>]*\n*[ <bB>]*ified_recip[-</bB>]*\n* *[<bB>]*i
[-</bB>]*\n* *[<bB>]*ent\b;<a href="postconf.5.html#reject_unverified_recipient">$&</a>;g;
# Access restrictions - etrn
# Multi-instance support
s;\bmulti_instance_directo[-</bB>]*\n*[ <bB>]*ries\b;<a href="postconf.5.html#multi_instance_directories">$&</a>;g;
- s;\bmulti_instance_wrapper\b;<a href="postconf.5.html#multi_instance_wrapper">$&</a>;g;
+ s;\bmulti_instance_wrap
[-</bB>]*\n* *[<bB>]*per\b;<a href="postconf.5.html#multi_instance_wrapper">$&</a>;g;
s;\bmulti_instance_group\b;<a href="postconf.5.html#multi_instance_group">$&</a>;g;
s;\bmulti_instance_name\b;<a href="postconf.5.html#multi_instance_name">$&</a>;g;
s;\bmulti_instance_enable\b;<a href="postconf.5.html#multi_instance_enable">$&</a>;g;
s;\bpostscreen_dnsbl_whitelist_thresh[-</bB>]*\n* *[<bB>]*old\b;<a href="postconf.5.html#postscreen_dnsbl_whitelist_threshold">$&</a>;g;
s;\bpostscreen_dnsbl_action\b;<a href="postconf.5.html#postscreen_dnsbl_action">$&</a>;g;
s;\bpostscreen_dnsbl_ttl\b;<a href="postconf.5.html#postscreen_dnsbl_ttl">$&</a>;g;
- s;\bpostscreen_for[-</bB>]*\n*[ <bB>]*bidden_commands\b;<a href="postconf.5.html#postscreen_forbidden_commands">$&</a>;g;
+ s;\bpostscreen_for[-</bB>]*\n*[ <bB>]*bid
[-</bB>]*\n* *[<bB>]*den_commands\b;<a href="postconf.5.html#postscreen_forbidden_commands">$&</a>;g;
s;\bpostscreen_helo_required\b;<a href="postconf.5.html#postscreen_helo_required">$&</a>;g;
s;\bpostscreen_non_smtp_command_enable\b;<a href="postconf.5.html#postscreen_non_smtp_command_enable">$&</a>;g;
s;\bpostscreen_non_smtp_command_action\b;<a href="postconf.5.html#postscreen_non_smtp_command_action">$&</a>;g;
individual sessions may be infeasible given a sufficiently-strong
key agreement method. </p>
+<p> Forward secrecy protects network communication in the absence
+of active attacks, i.e. no forged DNS replies, and no forged TLS
+server certificates. If active attacks are a concern, then you will
+need to authenticate the remote SMTP server in a secure manner.
+For example, by the fingerprint of the public key or certificate.
+Conventional PKI relies on too many trusted parties. </p>
+
<p> Topics covered in this document: </p>
<ul>
<li><a href="#client_fs">Forward Secrecy in the Postfix SMTP Client</a>
+<li><a href="#test">How do I know that it works?</a>
+
<li><a href="#credits"> Credits </a>
</ul>
<blockquote>
<pre>
- main.cf:
- # Postfix ≥ 2.6
- smtpd_tls_eecdh_grade = strong
- # All versions of Postfix:
- smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
- smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
+/etc/postfix/main.cf:
+ # Postfix ≥ 2.6
+ smtpd_tls_eecdh_grade = strong
+ # All versions of Postfix:
+ smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
+ smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
</pre>
</blockquote>
<blockquote>
<pre>
-master.cf:
- submission inet n - n - - smtpd
- # Some submission clients may not yet do 2048-bit EDH, if such
- # clients use your MSA, configure 1024-bit EDH instead:
- -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
- -o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- ...
+/etc/postfix/master.cf:
+ submission inet n - n - - smtpd
+ # Some submission clients may not yet do 2048-bit EDH, if such
+ # clients use your MSA, configure 1024-bit EDH instead:
+ -o smtpd_tls_dh1024_param_file=${config_directory}/dh1024.pem
+ -o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ ...
+</pre>
+</blockquote>
+
+<h2><a name="test">How do I know that it works? </a> </h2>
+
+<p> Postfix reports TLS connection information in several ways: </p>
+
+<ul>
+
+<li> <p> With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1",
+the Postfix SMTP client and server will log information about, among
+others, the remote peer certificate or public-key verification
+status, the negotiated cipher, and key lengths. The general logfile
+format is: </p>
+
+<blockquote>
+<pre>
+postfix/smtp[xxx]: Trusted TLS connection established to host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits)
+
+postfix/smtpd[xxx]: Untrusted TLS connection established from host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits)
+</pre>
+</blockquote>
+
+<li> <p> With "smtpd_tls_received_header = yes", the Postfix SMTP
+server will record similar information in the Received: header in
+the form of comments (text inside parentheses). The general format
+is: </p>
+
+<blockquote>
+<pre>
+Received: from host.example.com (host.example.com [192.168.0.2])
+ (using TLSv1 with cipher XXX (YYY/ZZZ bits))
+ (Client CN "host.example.com", Issuer "Wietse Venema" (not verified))
+</pre>
+</blockquote>
+
+</ul>
+
+<p> There are dozens of ciphers that support forward secrecy. What
+follows is the beginning of a list of 51 ciphers available with
+OpenSSL 1.0.1e: </p>
+
+<blockquote>
+<pre>
+$ openssl ciphers -v \
+ 'aNULL:-aNULL:kEECDH:kEDH:+RC4:!eNULL:!EXPORT:!LOW:@STRENGTH' |
+ awk '{printf "%-32s %s\n", $1, $3}'
+AECDH-AES256-SHA Kx=ECDH
+ECDHE-RSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-GCM-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA384 Kx=ECDH
+ECDHE-ECDSA-AES256-SHA384 Kx=ECDH
+ECDHE-RSA-AES256-SHA Kx=ECDH
+ECDHE-ECDSA-AES256-SHA Kx=ECDH
+ADH-AES256-GCM-SHA384 Kx=DH
+ADH-AES256-SHA256 Kx=DH
+ADH-AES256-SHA Kx=DH
+ADH-CAMELLIA256-SHA Kx=DH
+DHE-DSS-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-GCM-SHA384 Kx=DH
+DHE-RSA-AES256-SHA256 Kx=DH
+...
</pre>
</blockquote>
cron
dhparam
inadvisably
+ADH
+AECDH
+CN
+DSS
+ECDHE
+GCM
+Jnicke's
+Kx
+PKI
+XXX
+YYY
+ZZZ
+kEECDH
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
-/* Yorktown Heights, NY 10532, USA
+/* Yorktown Heights, NY 10598, USA
/*
/* John Hensley
/* john@sunislelodge.com
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
-/* Yorktown Heights, NY 10532, USA
+/* Yorktown Heights, NY 10598, USA
/*--*/
#endif
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20131220"
+#define MAIL_RELEASE_DATE "20131221"
#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT
/* .fi
/* \fBManaging main.cf:\fR
/*
-/* \fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR [\fB-dfhnopvx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fB-C \fIclass,...\fR] [\fIparameter ...\fR]
/*
-/* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR [\fB-epv\fR] [\fB-c \fIconfig_dir\fR]
/* \fIparameter\fB=\fIvalue ...\fR
/*
-/* \fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-#\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR]
/* \fIparameter ...\fR
/*
-/* \fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-X\fR [\fB-pv\fR] [\fB-c \fIconfig_dir\fR]
/* \fIparameter ...\fR
/*
/* \fBManaging master.cf service entries:\fR
/*
-/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-M\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR]\fI ...\fR]
/*
-/* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-M\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype\fB=\fIvalue ...\fR
/*
-/* \fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-M#\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype ...\fR
/*
-/* \fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-MX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype ...\fR
/*
/* \fBManaging master.cf service fields:\fR
/*
-/* \fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-F\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIfield\fR]]\fI ...\fR]
/*
-/* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-F\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype\fB/\fIfield\fB=\fIvalue ...\fR
/*
/* \fBManaging master.cf service parameters:\fR
/*
-/* \fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-P\fR [\fB-fovx\fR] [\fB-c \fIconfig_dir\fR]
/* [\fIservice\fR[\fB/\fItype\fR[\fB/\fIparameter\fR]]\fI ...\fR]
/*
-/* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-P\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype\fB/\fIparameter\fB=\fIvalue ...\fR
/*
-/* \fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-PX\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
/* \fIservice\fB/\fItype\fB/\fIparameter ...\fR
/*
/* \fBManaging bounce message templates:\fR
/*
-/* \fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-b\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
/* [\fItemplate_file\fR]
/*
-/* \fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconf_dir\fR]
+/* \fBpostconf\fR \fB-t\fR [\fB-v\fR] [\fB-c \fIconfig_dir\fR]
/* [\fItemplate_file\fR]
/*
/* \fBManaging other configuration:\fR
/*
/* \fBpostconf\fR \fB-a\fR|\fB-A\fR|\fB-l\fR|\fB-m\fR [\fB-v\fR]
-/* [\fB-c \fIconf_dir\fR]
+/* [\fB-c \fIconfig_dir\fR]
/* DESCRIPTION
/* By default, the \fBpostconf\fR(1) command displays the
/* values of \fBmain.cf\fR configuration parameters, and warns
/* line (in shell language: "").
/*
/* This feature is available with Postfix 2.3 and later.
-/* .IP "\fB-c \fIconf_dir\fR"
+/* .IP "\fB-c \fIconfig_dir\fR"
/* The \fBmain.cf\fR configuration file is in the named directory
/* instead of the default configuration directory.
/* .IP "\fB-C \fIclass,...\fR"
/* postfix(1), Postfix control program
/* postfix-wrapper(5), Postfix multi-instance API
/* README FILES
+/* .ad
+/* .fi
/* Use "\fBpostconf readme_directory\fR" or "\fBpostconf
/* html_directory\fR" to locate this information.
+/* .nf
+/* .na
/* MULTI_INSTANCE_README, Postfix multi-instance management
/* HISTORY
/* .ad
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
INCL =
LIB = libtls.a
-TESTPROG= tls_dh tls_mgr tls_rsa
+TESTPROG= tls_dh tls_mgr tls_rsa tls_dane
-LIBS = ../../lib/libglobal.a ../../lib/libutil.a
+LIBS = ../../lib/libglobal.a ../../lib/libutil.a ../../lib/libdns.a
LIB_DIR = ../../lib
INC_DIR = ../../include
MAKES =
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
+tls_dane: $(LIB) $(LIBS)
+ mv $@.o junk
+ $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
+ mv junk $@.o
+
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \
SSL_CTX_set_cert_verify_callback(ctx, 0, 0);
}
+#ifdef TEST
+
+#include <unistd.h>
+#include <stdarg.h>
+
+#include <mail_params.h>
+#include <mail_conf.h>
+#include <msg_vstream.h>
+
+/* Cut/paste from OpenSSL 1.0.1: ssl/ssl_cert.c */
+
+static int ssl_verify_cert_chain(SSL *s, x509_stack_t *sk)
+{
+ X509 *x;
+ int i;
+ X509_STORE_CTX ctx;
+
+ if ((sk == NULL) || (sk_X509_num(sk) == 0))
+ return (0);
+
+ x = sk_X509_value(sk, 0);
+ if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
+ SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
+ return (0);
+ }
+ X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
+ X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server");
+ X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
+
+ if (s->verify_callback)
+ X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
+ if (s->ctx->app_verify_callback != NULL)
+ i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
+ else
+ i = X509_verify_cert(&ctx);
+
+ s->verify_result = ctx.error;
+ X509_STORE_CTX_cleanup(&ctx);
+
+ return (i);
+}
+
+static void add_tlsa(TLS_DANE *dane, char *argv[])
+{
+ char *digest;
+ X509 *cert = 0;
+ BIO *bp;
+ unsigned char *buf;
+ unsigned char *buf2;
+ int len;
+ uint8_t u = atoi(argv[1]);
+ uint8_t s = atoi(argv[2]);
+ const char *mdname = argv[3];
+ EVP_PKEY *pkey;
+
+ if ((bp = BIO_new_file(argv[4], "r")) == NULL)
+ msg_fatal("error opening %s: %m", argv[4]);
+ if (!PEM_read_bio_X509(bp, &cert, 0, 0)) {
+ tls_print_errors();
+ msg_fatal("error loading certificate from %s: %m", argv[4]);
+ }
+ BIO_free(bp);
+
+ /*
+ * Extract ASN.1 DER form of certificate or public key.
+ */
+ switch (s) {
+ case DNS_TLSA_SELECTOR_FULL_CERTIFICATE:
+ len = i2d_X509(cert, NULL);
+ buf2 = buf = (unsigned char *) mymalloc(len);
+ i2d_X509(cert, &buf2);
+ if (!*mdname)
+ ta_cert_insert(dane, cert);
+ break;
+ case DNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
+ pkey = X509_get_pubkey(cert);
+ len = i2d_PUBKEY(pkey, NULL);
+ buf2 = buf = (unsigned char *) mymalloc(len);
+ i2d_PUBKEY(pkey, &buf2);
+ if (!*mdname)
+ ta_pkey_insert(dane, pkey);
+ EVP_PKEY_free(pkey);
+ break;
+ }
+ OPENSSL_assert(buf2 - buf == len);
+
+ digest = tls_data_fprint((char *) buf, len, *mdname ? mdname : signalg);
+ dane_add(dane, u, s, *mdname ? mdname : signalg, digest);
+ myfree((char *) digest);
+ myfree((char *) buf);
+}
+
+static x509_stack_t *load_chain(const char *chainfile)
+{
+ BIO *bp;
+ char *name = 0;
+ char *header = 0;
+ unsigned char *data = 0;
+ long len;
+ int count;
+ char *errtype = 0; /* if error: cert or pkey? */
+ x509_stack_t *chain;
+ typedef X509 *(*d2i_X509_t) (X509 **, const unsigned char **, long);
+
+ if ((chain = sk_X509_new_null()) == 0) {
+ perror("malloc");
+ exit(1);
+ }
+
+ /*
+ * On each call, PEM_read() wraps a stdio file in a BIO_NOCLOSE bio,
+ * calls PEM_read_bio() and then frees the bio. It is just as easy to
+ * open a BIO as a stdio file, so we use BIOs and call PEM_read_bio()
+ * directly.
+ */
+ if ((bp = BIO_new_file(chainfile, "r")) == NULL) {
+ fprintf(stderr, "error opening chainfile: %s: %m\n", chainfile);
+ exit(1);
+ }
+ /* Don't report old news */
+ ERR_clear_error();
+
+ for (count = 0;
+ errtype == 0 && PEM_read_bio(bp, &name, &header, &data, &len);
+ ++count) {
+ const unsigned char *p = data;
+
+ if (strcmp(name, PEM_STRING_X509) == 0
+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ d2i_X509_t d;
+ X509 *cert;
+
+ d = strcmp(name, PEM_STRING_X509_TRUSTED) ? d2i_X509_AUX : d2i_X509;
+ if ((cert = d(0, &p, len)) == 0 || (p - data) != len)
+ errtype = "certificate";
+ else if (sk_X509_push(chain, cert) == 0) {
+ perror("malloc");
+ exit(1);
+ }
+ } else {
+ fprintf(stderr, "unexpected chain file object: %s\n", name);
+ exit(1);
+ }
+
+ /*
+ * If any of these were null, PEM_read() would have failed.
+ */
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
+ }
+ BIO_free(bp);
+
+ if (errtype) {
+ tls_print_errors();
+ fprintf(stderr, "error reading: %s: malformed %s", chainfile, errtype);
+ exit(1);
+ }
+ if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
+ /* Reached end of PEM file */
+ ERR_clear_error();
+ if (count > 0)
+ return chain;
+ fprintf(stderr, "no certificates found in: %s\n", chainfile);
+ exit(1);
+ }
+ /* Some other PEM read error */
+ tls_print_errors();
+ fprintf(stderr, "error reading: %s\n", chainfile);
+ exit(1);
+}
+
+static void usage(const char *progname)
+{
+ fprintf(stderr, "Usage: %s certificate-usage selector matching-type"
+ " certfile \\\n\t\tCAfile chainfile hostname [certname ...]\n",
+ progname);
+ fprintf(stderr, " where, certificate-usage = TLSA certificate usage,\n");
+ fprintf(stderr, "\t selector = TLSA selector,\n");
+ fprintf(stderr, "\t matching-type = empty string or OpenSSL digest algorithm name,\n");
+ fprintf(stderr, "\t PEM certfile provides certificate association data,\n");
+ fprintf(stderr, "\t PEM CAfile contains any usage 0/1 trusted roots,\n");
+ fprintf(stderr, "\t PEM chainfile = server chain file to verify\n");
+ fprintf(stderr, "\t hostname = destination hostname,\n");
+ fprintf(stderr, "\t each certname augments the hostname for name checks.\n");
+ exit(1);
+}
+
+/* match_servername - match servername against pattern */
+
+static int match_servername(const char *certid, ARGV *margv)
+{
+ const char *domain;
+ const char *parent;
+ int match_subdomain;
+ int i;
+ int idlen;
+ int domlen;
+
+ /*
+ * Match the certid against each pattern until we find a match.
+ */
+ for (i = 0; i < margv->argc; ++i) {
+ match_subdomain = 0;
+ domain = margv->argv[i];
+ if (*domain == '.' && domain[1] != '\0') {
+ ++domain;
+ match_subdomain = 1;
+ }
+
+ /*
+ * Sub-domain match: certid is any sub-domain of hostname.
+ */
+ if (match_subdomain) {
+ if ((idlen = strlen(certid)) > (domlen = strlen(domain)) + 1
+ && certid[idlen - domlen - 1] == '.'
+ && !strcasecmp(certid + (idlen - domlen), domain))
+ return (1);
+ else
+ continue;
+ }
+
+ /*
+ * Exact match and initial "*" match. The initial "*" in a certid
+ * matches one (if var_tls_multi_label is false) or more hostname
+ * components under the condition that the certid contains multiple
+ * hostname components.
+ */
+ if (!strcasecmp(certid, domain)
+ || (certid[0] == '*' && certid[1] == '.' && certid[2] != 0
+ && (parent = strchr(domain, '.')) != 0
+ && (idlen = strlen(certid + 1)) <= (domlen = strlen(parent))
+ && strcasecmp(var_tls_multi_wildcard == 0 ? parent :
+ parent + domlen - idlen,
+ certid + 1) == 0))
+ return (1);
+ }
+ return (0);
+}
+
+static void check_name(TLS_SESS_STATE *tctx, X509 *cert, ARGV *margs)
+{
+ char *cn;
+ int matched = 0;
+ general_name_stack_t *gens;
+
+ if (SSL_get_verify_result(tctx->con) != X509_V_OK)
+ return;
+
+ tctx->peer_status |= TLS_CERT_FLAG_TRUSTED;
+
+ gens = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0);
+ if (gens) {
+ int has_dnsname = 0;
+ int num_gens = sk_GENERAL_NAME_num(gens);
+ int i;
+
+ for (i = 0; !matched && i < num_gens; ++i) {
+ const GENERAL_NAME *gn = sk_GENERAL_NAME_value(gens, i);
+ const char *dnsname;
+
+ if (gn->type != GEN_DNS)
+ continue;
+ has_dnsname = 1;
+ tctx->peer_status |= TLS_CERT_FLAG_ALTNAME;
+ dnsname = tls_dns_name(gn, tctx);
+ if (dnsname && *dnsname
+ && (matched = match_servername(dnsname, margs)) != 0)
+ tctx->peer_status |= TLS_CERT_FLAG_MATCHED;
+ }
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ if (has_dnsname)
+ return;
+ }
+ cn = tls_peer_CN(cert, tctx);
+ if (match_servername(cn, margs))
+ tctx->peer_status |= TLS_CERT_FLAG_MATCHED;
+ myfree(cn);
+}
+
+static void check_print(TLS_SESS_STATE *tctx, X509 *cert)
+{
+ if (TLS_DANE_HASEE(tctx->dane)
+ && tls_dane_match(tctx, TLS_DANE_EE, cert, 0))
+ tctx->peer_status |= TLS_CERT_FLAG_TRUSTED | TLS_CERT_FLAG_MATCHED;
+}
+
+static void check_peer(TLS_SESS_STATE *tctx, X509 *cert, int argc, char **argv)
+{
+ ARGV match;
+
+ tctx->peer_status |= TLS_CERT_FLAG_PRESENT;
+ check_print(tctx, cert);
+ if (!TLS_CERT_IS_MATCHED(tctx)) {
+ match.argc = argc;
+ match.argv = argv;
+ check_name(tctx, cert, &match);
+ }
+}
+
+static SSL_CTX *ctx_init(const char *CAfile)
+{
+ SSL_CTX *client_ctx;
+
+ tls_param_init();
+ tls_check_version();
+
+ SSL_load_error_strings();
+ SSL_library_init();
+
+ if (!tls_validate_digest(LN_sha1))
+ msg_fatal("%s digest algorithm not available", LN_sha1);
+
+ if (TLScontext_index < 0)
+ if ((TLScontext_index = SSL_get_ex_new_index(0, 0, 0, 0, 0)) < 0)
+ msg_fatal("Cannot allocate SSL application data index");
+
+ ERR_clear_error();
+ if ((client_ctx = SSL_CTX_new(SSLv23_client_method())) == 0)
+ msg_fatal("cannot allocate client SSL_CTX");
+ SSL_CTX_set_verify_depth(client_ctx, 5);
+
+ if (tls_set_ca_certificate_info(client_ctx, CAfile, "") < 0) {
+ tls_print_errors();
+ msg_fatal("cannot load CAfile: %s", CAfile);
+ }
+ SSL_CTX_set_verify(client_ctx, SSL_VERIFY_NONE,
+ tls_verify_certificate_callback);
+ return (client_ctx);
+}
+
+int main(int argc, char *argv[])
+{
+ SSL_CTX *ssl_ctx;
+ TLS_SESS_STATE *tctx;
+ x509_stack_t *chain;
+
+ var_procname = mystrdup(basename(argv[0]));
+ set_mail_conf_str(VAR_PROCNAME, var_procname);
+ msg_vstream_init(var_procname, VSTREAM_OUT);
+
+ if (argc < 8)
+ usage(argv[0]);
+
+ ssl_ctx = ctx_init(argv[5]);
+ if (!tls_dane_avail())
+ msg_fatal("DANE TLSA support not available");
+
+ tctx = tls_alloc_sess_context(TLS_LOG_NONE, argv[7]);
+ tctx->namaddr = argv[7];
+ tctx->mdalg = LN_sha1;
+ tctx->dane = tls_dane_alloc();
+
+ if ((tctx->con = SSL_new(ssl_ctx)) == 0
+ || !SSL_set_ex_data(tctx->con, TLScontext_index, tctx)) {
+ tls_print_errors();
+ msg_fatal("Error allocating SSL connection");
+ }
+ SSL_set_connect_state(tctx->con);
+ add_tlsa((TLS_DANE *) tctx->dane, argv);
+ tls_dane_set_callback(ssl_ctx, tctx);
+
+ /* Verify saved server chain */
+ chain = load_chain(argv[6]);
+ ssl_verify_cert_chain(tctx->con, chain);
+ check_peer(tctx, sk_X509_value(chain, 0), argc - 7, argv + 7);
+ tls_print_errors();
+
+ msg_info("%s %s", TLS_CERT_IS_MATCHED(tctx) ? "Verified" :
+ TLS_CERT_IS_TRUSTED(tctx) ? "Trusted" : "Untrusted", argv[7]);
+
+ return (TLS_CERT_IS_MATCHED(tctx) ? 0 : 1);
+}
+
+#endif /* TEST */
+
#endif /* USE_TLS */
--- /dev/null
+#! /bin/bash
+
+set -e
+
+DOMAIN=example.com
+HOST=mail.${DOMAIN}
+TEST=./tls_dane
+
+key() {
+ local key=$1; shift
+
+ if [ ! -f "${key}.pem" ]; then
+ openssl genpkey 2>/dev/null \
+ -paramfile <(openssl ecparam -name prime256v1) \
+ -out "${key}.pem"
+ fi
+}
+
+req() {
+ local cn=$1; shift
+
+ openssl req -new -sha256 -key "${key}.pem" 2>/dev/null \
+ -config <(printf "[req]\n%s\n%s\n[dn]\nCN=%s\n" \
+ "prompt = no" "distinguished_name = dn" "${cn}")
+}
+
+req_nocn() {
+ openssl req -new -sha256 -subj / -key "${key}.pem" 2>/dev/null \
+ -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \
+ "distinguished_name = dn")
+}
+
+cert() {
+ local cert=$1; shift
+ local exts=$1; shift
+
+ openssl x509 -req -sha256 -out "${cert}.pem" 2>/dev/null \
+ -extfile <(printf "%s\n" "$exts") "$@"
+}
+
+genroot() {
+ local cn=$1; shift
+ local key=$1; shift
+ local cert=$1; shift
+ local skid=$1; shift
+ local akid=$1; shift
+
+ exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
+ key "$key"
+ req "$cn" |
+ cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days 30
+}
+
+genca() {
+ local cn=$1; shift
+ local key=$1; shift
+ local cert=$1; shift
+ local skid=$1; shift
+ local akid=$1; shift
+ local ca=$1; shift
+ local cakey=$1; shift
+
+ exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true")
+ key "$key"
+ req "$cn" |
+ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+ -set_serial 2 -days 30 "$@"
+}
+
+genee() {
+ local cn=$1; shift
+ local key=$1; shift
+ local cert=$1; shift
+ local ca=$1; shift
+ local cakey=$1; shift
+
+ exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+ "subjectKeyIdentifier = hash" \
+ "authorityKeyIdentifier = keyid, issuer" \
+ "basicConstraints = CA:false" \
+ "extendedKeyUsage = serverAuth" \
+ "subjectAltName = @alts" "DNS=${cn}")
+ key "$key"
+ req "$cn" |
+ cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \
+ -set_serial 2 -days 30 "$@"
+}
+
+genss() {
+ local cn=$1; shift
+ local key=$1; shift
+ local cert=$1; shift
+
+ exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+ "subjectKeyIdentifier = hash" \
+ "authorityKeyIdentifier = keyid, issuer" \
+ "basicConstraints = CA:true" \
+ "extendedKeyUsage = serverAuth" \
+ "subjectAltName = @alts" "DNS=${cn}")
+ key "$key"
+ req "$cn" |
+ cert "$cert" "$exts" -set_serial 1 -days 30 -signkey "${key}.pem" "$@"
+}
+
+gennocn() {
+ local key=$1; shift
+ local cert=$1; shift
+
+ key "$key"
+ req_nocn |
+ cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@"
+}
+
+runtest() {
+ local desc=$1; shift
+ local usage=$1; shift
+ local selector=$1; shift
+ local mtype=$1; shift
+ local tlsa=$1; shift
+ local ca=$1; shift
+ local chain=$1; shift
+ local digest
+
+ case $mtype in
+ 0) digest="";;
+ 1) digest=sha256;;
+ 2) digest=sha512;;
+ *) echo "bad mtype: $mtype"; exit 1;;
+ esac
+
+ printf "%d %d %d %-24s %s: " "$usage" "$selector" "$mtype" "$tlsa" "$desc"
+
+ if [ -n "$ca" ]; then ca="$ca.pem"; fi
+ "$TEST" "$usage" "$selector" "$digest" "$tlsa.pem" "$ca" "$chain.pem" \
+ "$@" > /dev/null
+}
+
+checkpass() { runtest "$@" && { echo pass; } || { echo fail; exit 1; }; }
+checkfail() { runtest "$@" && { echo fail; exit 1; } || { echo pass; }; }
+
+#---------
+
+genss "$HOST" sskey sscert
+gennocn akey acert
+
+# Tests that might depend on akid/skid chaining
+#
+for rakid in "" \
+ "authorityKeyIdentifier = keyid,issuer" \
+ "authorityKeyIdentifier = issuer" \
+ "authorityKeyIdentifier = keyid"
+do
+for cakid in "" \
+ "authorityKeyIdentifier = keyid,issuer" \
+ "authorityKeyIdentifier = issuer" \
+ "authorityKeyIdentifier = keyid"
+do
+for rskid in "" "subjectKeyIdentifier = hash"
+do
+for caskid in "" "subjectKeyIdentifier = hash"
+do
+
+genroot "Root CA" rootkey rootcert "$rskid" "$rakid"
+genca "CA 1" cakey1 cacert1 "$caskid" "$cakid" rootcert rootkey
+genca "CA 2" cakey2 cacert2 "$caskid" "$cakid" cacert1 cakey1
+genee "$HOST" eekey eecert cacert2 cakey2
+cat eecert.pem cacert2.pem cacert1.pem rootcert.pem > chain.pem
+cat eecert.pem cacert2.pem cacert1.pem > chain1.pem
+
+for s in 0 1
+do
+ checkpass "OOB root TA" 2 "$s" 0 rootcert "" chain1 "$HOST"
+ checkpass "OOB TA" 2 "$s" 0 cacert2 "" eecert "$HOST"
+ checkpass "in-chain root TA" 2 "$s" 1 rootcert "" chain "$HOST"
+
+ for m in 0 1 2
+ do
+ checkpass "valid TA" 2 "$s" "$m" rootcert "" chain "$HOST"
+ for ca in "cacert1" "cacert2"; do
+ checkpass "valid TA" 2 "$s" "$m" "$ca" "" chain "$HOST"
+ checkpass "valid TA" 2 "$s" "$m" "$ca" "" chain1 "$HOST"
+ checkpass "valid TA+CA" 2 "$s" "$m" "$ca" rootcert chain1 "$HOST"
+ checkpass "sub-domain" 2 "$s" "$m" "$ca" "" chain1 whatever ".$DOMAIN"
+ checkfail "wrong name" 2 "$s" "$m" "$ca" "" chain1 "whatever"
+ done
+ done
+done
+
+done
+done
+done
+done
+
+# These tests don't depend in the akid/skid chaining:
+#
+for s in 0 1
+do
+ checkfail "missing TA" 2 "$s" 1 rootcert "" chain1 "$HOST"
+ for m in 0 1 2
+ do
+ checkpass "depth 0 TA" 2 "$s" "$m" sscert "" sscert "$HOST"
+ checkfail "non-TA" 2 "$s" "$m" eecert rootcert chain "$HOST"
+ checkfail "depth 0 TA namecheck" 2 "$s" "$m" sscert sscert sscert whatever
+
+ checkpass "valid EE" 3 "$s" "$m" eecert "" chain whatever
+ checkpass "key-only EE" 3 "$s" "$m" acert "" acert whatever
+ checkfail "wrong EE" 3 "$s" "$m" cacert2 "" chain whatever
+ done
+done
+
+rm -f *.pem
/* VSTRING *buf;
/* int len;
/*
-/* int tls_mgr_policy(cache_type, cachable)
+/* int tls_mgr_policy(cache_type, cachable, timeout)
/* const char *cache_type;
/* int *cachable;
+/* int *timeout;
/*
/* int tls_mgr_update(cache_type, cache_id, buf, len)
/* const char *cache_type;
/* .IP cachable
/* Pointer to int, set non-zero if the requested cache_type
/* is enabled.
+/* .IP timeout
+/* Pointer to int, returns the cache entry timeout.
/* .IP cache_id
/* The session cache lookup key.
/* .IP buf
if (COMMAND(argv, "policy", 2)) {
int cachable;
+ int timeout;
- status = tls_mgr_policy(argv->argv[1], &cachable);
- vstream_printf("status=%d cachable=%d\n", status, cachable);
+ status = tls_mgr_policy(argv->argv[1], &cachable, &timeout);
+ vstream_printf("status=%d cachable=%d timeout=%d\n",
+ status, cachable, timeout);
} else if (COMMAND(argv, "seed", 2)) {
VSTRING *buf = vstring_alloc(10);
VSTRING *hex = vstring_alloc(10);
projects / thirdparty / postfix.git / commitdiff
