postdrop/postdrop.c, postsuper/postsuper.c, sendmail/sendmail.c,
dnsblog/dnsblog.c, postkick/postkick.c, postlock/postlock.c,
qmgr/qmgr.c, qmqpd/qmqpd.c, trivial-rewrite/trivial-rewrite.c.
+
+20240129
+
+ Documentation: be more precise about server lookups with
+ MX or SRV records. File: smtp/smtp.c.
+
+ Documentation: postlogd is not a short-running process. It
+ wil keep running until it reaches the max_idle limit. File:
+ postlogd/postlogd.c.
+
+ Cleanup (no semantic change): in the mysql: and pgsql:
+ clients, made the hard-coded idle and retry timer settings
+ configurable, and updated the mysql_table(5) and pgsql_table(5)
+ manpages. Files: global/dict_mysql.c, global/dict_pgsql.c,
+ proto/mysql_table, proto/pgsql_table.
again at a later time. Delivery status reports are sent to the
<a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
- The SMTP+LMTP client looks up a list of mail exchanger addresses for
- the destination host, sorts the list by preference, and connects to
- each listed address until it finds a server that responds.
-
- When a server is not reachable, or when mail delivery fails due to a
- recoverable error condition, the SMTP+LMTP client will try to deliver
- the mail to an alternate host.
+ The server lookup strategy is different for SMTP and LMTP. The details
+ are given below under in the sections "SMTP DESTINATION SYNTAX" and
+ "LMTP DESTINATION SYNTAX".
After a successful mail transaction, a connection may be saved to the
<a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
can be enabled permanently for specific destinations.
<b>SMTP DESTINATION SYNTAX</b>
- The Postfix SMTP+LMTP client supports multiple destinations separated
- by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
- the following form:
+ The Postfix SMTP client supports multiple destinations separated by
+ comma or whitespace (Postfix 3.5 and later). Each destination is tried
+ in the specified order.
+
+ SMTP destinations have the following form:
<i>domainname</i>
- <i>domainname</i>:<i>port</i>
+ <i>domainname</i>:<i>service</i>
Look up the mail exchangers for the specified domain, and con-
- nect to the specified port (default: <b>smtp</b>).
+ nect to the specified service (default: <b>smtp</b>). Optionally, mail
+ exchangers may be looked up with SRV queries instead of MX; this
+ requires that <i>service</i> is given in symbolic form.
[<i>hostname</i>]
- [<i>hostname</i>]:<i>port</i>
- Look up the address(es) of the specified host, and connect to
- the specified port (default: <b>smtp</b>).
+ [<i>hostname</i>]:<i>service</i>
+ Look up the address(es) for the specified host, and connect to
+ the specified service (default: <b>smtp</b>).
[<i>address</i>]
- [<i>address</i>]:<i>port</i>
+ [<i>address</i>]:<i>service</i>
Connect to the host at the specified address, and connect to the
- specified port (default: <b>smtp</b>). An IPv6 address must be format-
- ted as [<b>ipv6</b>:<i>address</i>].
+ specified service (default: <b>smtp</b>). An IPv6 address must be for-
+ matted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
- The Postfix SMTP+LMTP client supports multiple destinations separated
- by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
- the following form:
+ The Postfix LMTP client supports multiple destinations separated by
+ comma or whitespace (Postfix 3.5 and later). Each destination is tried
+ in the specified order.
+
+ LMTP destinations have the following form:
<b>unix</b>:<i>pathname</i>
Connect to the local UNIX-domain server that is bound to the
specified <i>pathname</i>. If the process runs chrooted, an absolute
pathname is interpreted relative to the Postfix queue directory.
+ <b>inet</b>:<i>domainname</i>
+
+ <b>inet</b>:<i>domainname</i>:<i>service</i>
+ Look up the LMTP servers for the specified domain and service
+ (default: <b>lmtp</b>). This form is supported when SRV lookups are
+ enabled, and requires that <i>service</i> is in symbolic form.
+
<b>inet</b>:<i>hostname</i>
- <b>inet</b>:<i>hostname</i>:<i>port</i>
+ <b>inet</b>:<i>hostname</i>:<i>service</i>
+ Look up the address(es) for the specified host, and connect to
+ the specified service (default: <b>lmtp</b>). When SRV lookups are
+ enabled, use the form <b>[</b><i>hostname</i><b>]</b> to force address lookups.
<b>inet</b>:[<i>address</i>]
- <b>inet</b>:[<i>address</i>]:<i>port</i>
- Connect to the specified TCP port on the specified local or
- remote host. If no port is specified, connect to the port
- defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
- the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
- will be used. An IPv6 address must be formatted as
+ <b>inet</b>:[<i>address</i>]:<i>service</i>
+ Connect to the specified local or remote host and service
+ (default: <b>lmtp</b>). An IPv6 address must be formatted as
[<b>ipv6</b>:<i>address</i>].
<b>SINGLE-RECIPIENT DELIVERY</b>
- By default, the Postfix SMTP+LMTP client delivers mail to multiple
- recipients per delivery request. This is undesirable when prepending a
+ By default, the Postfix SMTP+LMTP client delivers mail to multiple
+ recipients per delivery request. This is undesirable when prepending a
<b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from
sending multiple recipients per delivery request, specify
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
- in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service.
<b>COMMAND ATTRIBUTE SYNTAX</b>
<b>flags=DORX</b> (optional)
Optional message processing flags.
- <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
- the envelope recipient address. Note: for this to work,
- the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
SINGLE-RECIPIENT DELIVERY above for details).
- The <b>D</b> flag also enforces loop detection: if a message
- already contains a <b>Delivered-To:</b> header with the same
- recipient address, then the message is returned as unde-
+ The <b>D</b> flag also enforces loop detection: if a message
+ already contains a <b>Delivered-To:</b> header with the same
+ recipient address, then the message is returned as unde-
liverable. The address comparison is case insensitive.
This feature is available as of Postfix 3.5.
<b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
the recipient address as given to Postfix. Note: for this
- to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
This feature is available as of Postfix 3.5.
This feature is available as of Postfix 3.5.
- <b>X</b> Indicates that the delivery is final. This flag affects
- the status reported in "success" DSN (delivery status
- notification) messages, and changes it from "relayed"
+ <b>X</b> Indicates that the delivery is final. This flag affects
+ the status reported in "success" DSN (delivery status
+ notification) messages, and changes it from "relayed"
into "delivered".
This feature is available as of Postfix 3.5.
<b>SECURITY</b>
- The SMTP+LMTP client is moderately security-sensitive. It
- talks to SMTP or LMTP servers and to DNS servers on the
- network. The SMTP+LMTP client can be run chrooted at fixed
- low privilege.
+ The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
+ or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
+ can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
- Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
- Corrupted message files are marked so that the queue manager can move
+ Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
LMTP connection) is not supported before Postfix 3.4.
- SMTP and LMTP connection reuse assumes that SASL credentials are valid
+ SMTP and LMTP connection reuse assumes that SASL credentials are valid
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
- Postfix versions 2.3 and later implement the SMTP and LMTP client with
- the same program, and choose the protocol and configuration parameters
+ Postfix versions 2.3 and later implement the SMTP and LMTP client with
+ the same program, and choose the protocol and configuration parameters
based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
- eter for the equivalent LMTP feature. This document describes only
+ eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before sending
- ".<CR><LF>" in order to work around the PIX firewall
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
"<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for CISCO PIX
+ A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
+ Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP servers one
+ A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code (go away,
+ Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
- case insensitive lists of EHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelining, starttls,
+ A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewriting in the
- Postfix SMTP client, typically to transform a locally valid
- address into a globally valid address when sending mail across
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- When the remote SMTP servername is a DNS CNAME, replace the
- servername with the result from CNAME expansion for the purpose
- of logging, SASL password lookup, TLS policy decisions, or TLS
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server address, with
- case insensitive lists of LHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelining, starttls,
+ A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server with the
- default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth-
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal-
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
- When a remote destination resolves to a combination of IPv4 and
+ When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
- The DNS query type (default: "ns") and DNS query name (default:
+ The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
- <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
- Optional setting that avoids lookups in the <b>services</b>(5) data-
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
- Enables discovery for the specified service(s) using DNS SRV
+ Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
- When SRV record lookup fails, fall back to MX or IP address
+ When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
- When SRV record lookup fails or no SRV record exists, fall back
- to MX or IP address lookup as if SRV record lookup was not
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the Postfix SMTP
+ Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user-
- name:password entry per sender, remote hostname or next-hop
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen-
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the remote SMTP
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
- client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif-
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
- passes through to the SASL plug-in implementation that is
+ passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client should use
+ The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail-
- ures with the same remote SMTP server hostname, username and
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authentication request
- with a 535 reply code, defer mail delivery instead of returning
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
- The delimiter between username and password in sasl_passwd_maps
+ The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be found in the
+ Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
+ The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read operations
+ Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer-
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format Certification Authority certificates
+ Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev-
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that offers STARTTLS,
+ Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with manda-
+ TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS session cache
+ The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
- client uses for TLS encrypted SMTP sessions with a verified
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate fingerprints
- for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
- The message digest algorithm used to construct remote SMTP
+ The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with oppor-
+ TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for-
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for-
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali-
- cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the SUBMIS-
+ Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
- A workaround for implementations that hang Postfix while shut-
+ A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
- The prioritized list of finite-field Diffie-Hellman ephemeral
+ The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
- The application name passed by Postfix to OpenSSL library ini-
+ The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
- Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
+ Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
earlier Postfix versions, the default was chosen by the MySQL
implementation (<b>utf8mb4</b> as of MySQL 8.0, <b>latin1</b> historically).
+ <b>idle_interval (default: 60)</b>
+ The number of seconds after which an idle database connection
+ will be closed.
+
+ This feature is available in Postfix 3.9 and later.
+
+ <b>retry_interval (default: 60)</b>
+ The number of seconds that a database connection will be skipped
+ after an error.
+
+ This feature is available in Postfix 3.9 and later.
+
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is
a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
The encoding used by the database client. The default setting
is:
encoding = UTF8
+
Historically, the database client was hard coded to use LATIN1
in an attempt to disable multibyte character support.
This feature is available in Postfix 3.8 and later.
+ <b>idle_interval (default: 60)</b>
+ The number of seconds after which an idle database connection
+ will be closed.
+
+ This feature is available in Postfix 3.9 and later.
+
+ <b>retry_interval (default: 60)</b>
+ The number of seconds that a database connection will be skipped
+ after an error.
+
+ This feature is available in Postfix 3.9 and later.
+
<b>query</b> The SQL query template used to search the database, where <b>%s</b> is
a substitute for the address Postfix is trying to resolve, e.g.
query = SELECT replacement FROM aliases WHERE mailbox = '%s'
</p>
<p>
-In the case of SMTP or LMTP delivery, specify one or more destinations
-in the form of a domain name, hostname, hostname:port, [hostname]:port,
-[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
-The form [hostname] turns off MX lookups. Multiple destinations are
-supported in Postfix 3.5 and later.
+In the case of SMTP delivery, specify one or more destinations in
+the form of a domain name, hostname, hostname:service, [hostname]:service,
+[hostaddress] or [hostaddress]:service, separated by comma or whitespace.
+The form [hostname] turns off MX or SRV lookups. Multiple destinations
+are supported in Postfix 3.5 and later. Each destination is tried
+in the specified order.
</p>
<p>
<a href="postqueue.1.html"><b>postqueue</b>(1)</a> and (Postfix >= 3.7) <a href="postlog.1.html"><b>postlog</b>(1)</a>.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="postlogd.8.html"><b>postlogd</b>(8)</a> pro-
- cesses run for only a limited amount of time. Use the command "<b>postfix</b>
- <b>reload</b>" to speed up a change.
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, because <a href="postlogd.8.html"><b>postlogd</b>(8)</a>
+ terminates only after reaching the <b><a href="postconf.5.html#max_idle">max_idle</a></b> time limit. Use the com-
+ mand "<b>postfix reload</b>" to speed up a change.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
again at a later time. Delivery status reports are sent to the
<a href="bounce.8.html"><b>bounce</b>(8)</a>, <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
- The SMTP+LMTP client looks up a list of mail exchanger addresses for
- the destination host, sorts the list by preference, and connects to
- each listed address until it finds a server that responds.
-
- When a server is not reachable, or when mail delivery fails due to a
- recoverable error condition, the SMTP+LMTP client will try to deliver
- the mail to an alternate host.
+ The server lookup strategy is different for SMTP and LMTP. The details
+ are given below under in the sections "SMTP DESTINATION SYNTAX" and
+ "LMTP DESTINATION SYNTAX".
After a successful mail transaction, a connection may be saved to the
<a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it may be used by any
can be enabled permanently for specific destinations.
<b>SMTP DESTINATION SYNTAX</b>
- The Postfix SMTP+LMTP client supports multiple destinations separated
- by comma or whitespace (Postfix 3.5 and later). SMTP destinations have
- the following form:
+ The Postfix SMTP client supports multiple destinations separated by
+ comma or whitespace (Postfix 3.5 and later). Each destination is tried
+ in the specified order.
+
+ SMTP destinations have the following form:
<i>domainname</i>
- <i>domainname</i>:<i>port</i>
+ <i>domainname</i>:<i>service</i>
Look up the mail exchangers for the specified domain, and con-
- nect to the specified port (default: <b>smtp</b>).
+ nect to the specified service (default: <b>smtp</b>). Optionally, mail
+ exchangers may be looked up with SRV queries instead of MX; this
+ requires that <i>service</i> is given in symbolic form.
[<i>hostname</i>]
- [<i>hostname</i>]:<i>port</i>
- Look up the address(es) of the specified host, and connect to
- the specified port (default: <b>smtp</b>).
+ [<i>hostname</i>]:<i>service</i>
+ Look up the address(es) for the specified host, and connect to
+ the specified service (default: <b>smtp</b>).
[<i>address</i>]
- [<i>address</i>]:<i>port</i>
+ [<i>address</i>]:<i>service</i>
Connect to the host at the specified address, and connect to the
- specified port (default: <b>smtp</b>). An IPv6 address must be format-
- ted as [<b>ipv6</b>:<i>address</i>].
+ specified service (default: <b>smtp</b>). An IPv6 address must be for-
+ matted as [<b>ipv6</b>:<i>address</i>].
<b>LMTP DESTINATION SYNTAX</b>
- The Postfix SMTP+LMTP client supports multiple destinations separated
- by comma or whitespace (Postfix 3.5 and later). LMTP destinations have
- the following form:
+ The Postfix LMTP client supports multiple destinations separated by
+ comma or whitespace (Postfix 3.5 and later). Each destination is tried
+ in the specified order.
+
+ LMTP destinations have the following form:
<b>unix</b>:<i>pathname</i>
Connect to the local UNIX-domain server that is bound to the
specified <i>pathname</i>. If the process runs chrooted, an absolute
pathname is interpreted relative to the Postfix queue directory.
+ <b>inet</b>:<i>domainname</i>
+
+ <b>inet</b>:<i>domainname</i>:<i>service</i>
+ Look up the LMTP servers for the specified domain and service
+ (default: <b>lmtp</b>). This form is supported when SRV lookups are
+ enabled, and requires that <i>service</i> is in symbolic form.
+
<b>inet</b>:<i>hostname</i>
- <b>inet</b>:<i>hostname</i>:<i>port</i>
+ <b>inet</b>:<i>hostname</i>:<i>service</i>
+ Look up the address(es) for the specified host, and connect to
+ the specified service (default: <b>lmtp</b>). When SRV lookups are
+ enabled, use the form <b>[</b><i>hostname</i><b>]</b> to force address lookups.
<b>inet</b>:[<i>address</i>]
- <b>inet</b>:[<i>address</i>]:<i>port</i>
- Connect to the specified TCP port on the specified local or
- remote host. If no port is specified, connect to the port
- defined as <b>lmtp</b> in <b>services</b>(4). If no such service is found,
- the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> configuration parameter (default value of 24)
- will be used. An IPv6 address must be formatted as
+ <b>inet</b>:[<i>address</i>]:<i>service</i>
+ Connect to the specified local or remote host and service
+ (default: <b>lmtp</b>). An IPv6 address must be formatted as
[<b>ipv6</b>:<i>address</i>].
<b>SINGLE-RECIPIENT DELIVERY</b>
- By default, the Postfix SMTP+LMTP client delivers mail to multiple
- recipients per delivery request. This is undesirable when prepending a
+ By default, the Postfix SMTP+LMTP client delivers mail to multiple
+ recipients per delivery request. This is undesirable when prepending a
<b>Delivered-to:</b> or <b>X-Original-To:</b> message header. To prevent Postfix from
sending multiple recipients per delivery request, specify
<b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a> = 1</b>
- in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
+ in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, where <i>transport</i> is the name in the first
column of the Postfix <a href="master.5.html"><b>master.cf</b></a> entry for this mail delivery service.
<b>COMMAND ATTRIBUTE SYNTAX</b>
<b>flags=DORX</b> (optional)
Optional message processing flags.
- <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
- the envelope recipient address. Note: for this to work,
- the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
+ <b>D</b> Prepend a "<b>Delivered-To:</b> <i>recipient</i>" message header with
+ the envelope recipient address. Note: for this to work,
+ the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must be 1 (see
SINGLE-RECIPIENT DELIVERY above for details).
- The <b>D</b> flag also enforces loop detection: if a message
- already contains a <b>Delivered-To:</b> header with the same
- recipient address, then the message is returned as unde-
+ The <b>D</b> flag also enforces loop detection: if a message
+ already contains a <b>Delivered-To:</b> header with the same
+ recipient address, then the message is returned as unde-
liverable. The address comparison is case insensitive.
This feature is available as of Postfix 3.5.
<b>O</b> Prepend an "<b>X-Original-To:</b> <i>recipient</i>" message header with
the recipient address as given to Postfix. Note: for this
- to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
+ to work, the <b><a href="postconf.5.html#transport_destination_recipient_limit"><i>transport</i>_destination_recipient_limit</a></b> must
be 1 (see SINGLE-RECIPIENT DELIVERY above for details).
This feature is available as of Postfix 3.5.
This feature is available as of Postfix 3.5.
- <b>X</b> Indicates that the delivery is final. This flag affects
- the status reported in "success" DSN (delivery status
- notification) messages, and changes it from "relayed"
+ <b>X</b> Indicates that the delivery is final. This flag affects
+ the status reported in "success" DSN (delivery status
+ notification) messages, and changes it from "relayed"
into "delivered".
This feature is available as of Postfix 3.5.
<b>SECURITY</b>
- The SMTP+LMTP client is moderately security-sensitive. It
- talks to SMTP or LMTP servers and to DNS servers on the
- network. The SMTP+LMTP client can be run chrooted at fixed
- low privilege.
+ The SMTP+LMTP client is moderately security-sensitive. It talks to SMTP
+ or LMTP servers and to DNS servers on the network. The SMTP+LMTP client
+ can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
- Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
- Corrupted message files are marked so that the queue manager can move
+ Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue for further inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
LMTP connection) is not supported before Postfix 3.4.
- SMTP and LMTP connection reuse assumes that SASL credentials are valid
+ SMTP and LMTP connection reuse assumes that SASL credentials are valid
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
- Postfix versions 2.3 and later implement the SMTP and LMTP client with
- the same program, and choose the protocol and configuration parameters
+ Postfix versions 2.3 and later implement the SMTP and LMTP client with
+ the same program, and choose the protocol and configuration parameters
based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
- eter for the equivalent LMTP feature. This document describes only
+ eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before sending
- ".<CR><LF>" in order to work around the PIX firewall
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
"<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for CISCO PIX
+ A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
+ Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP servers one
+ A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code (go away,
+ Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
- case insensitive lists of EHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelining, starttls,
+ A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewriting in the
- Postfix SMTP client, typically to transform a locally valid
- address into a globally valid address when sending mail across
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- When the remote SMTP servername is a DNS CNAME, replace the
- servername with the result from CNAME expansion for the purpose
- of logging, SASL password lookup, TLS policy decisions, or TLS
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server address, with
- case insensitive lists of LHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelining, starttls,
+ A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server with the
- default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth-
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal-
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
- When a remote destination resolves to a combination of IPv4 and
+ When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
- The DNS query type (default: "ns") and DNS query name (default:
+ The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
- <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
- Optional setting that avoids lookups in the <b>services</b>(5) data-
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
- Enables discovery for the specified service(s) using DNS SRV
+ Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
- When SRV record lookup fails, fall back to MX or IP address
+ When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
- When SRV record lookup fails or no SRV record exists, fall back
- to MX or IP address lookup as if SRV record lookup was not
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the Postfix SMTP
+ Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user-
- name:password entry per sender, remote hostname or next-hop
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen-
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the remote SMTP
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
- client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif-
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
- passes through to the SASL plug-in implementation that is
+ passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client should use
+ The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail-
- ures with the same remote SMTP server hostname, username and
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authentication request
- with a 535 reply code, defer mail delivery instead of returning
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
- The delimiter between username and password in sasl_passwd_maps
+ The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be found in the
+ Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
+ The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read operations
+ Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer-
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format Certification Authority certificates
+ Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev-
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that offers STARTTLS,
+ Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with manda-
+ TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS session cache
+ The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
- client uses for TLS encrypted SMTP sessions with a verified
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate fingerprints
- for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
- The message digest algorithm used to construct remote SMTP
+ The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with oppor-
+ TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for-
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for-
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali-
- cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the SUBMIS-
+ Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
- A workaround for implementations that hang Postfix while shut-
+ A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
- The prioritized list of finite-field Diffie-Hellman ephemeral
+ The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
- The application name passed by Postfix to OpenSSL library ini-
+ The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
- Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
+ Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
With earlier Postfix versions, the default was chosen by
the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0,
\fBlatin1\fR historically).
+.IP "\fBidle_interval (default: 60)\fR"
+The number of seconds after which an idle database connection
+will be closed.
+
+This feature is available in Postfix 3.9 and later.
+.IP "\fBretry_interval (default: 60)\fR"
+The number of seconds that a database connection will be
+skipped after an error.
+
+This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
.nf
encoding = UTF8
.fi
+
Historically, the database client was hard coded to use
LATIN1 in an attempt to disable multibyte character support.
This feature is available in Postfix 3.8 and later.
+.IP "\fBidle_interval (default: 60)\fR"
+The number of seconds after which an idle database connection
+will be closed.
+
+This feature is available in Postfix 3.9 and later.
+.IP "\fBretry_interval (default: 60)\fR"
+The number of seconds that a database connection will be
+skipped after an error.
+
+This feature is available in Postfix 3.9 and later.
.IP "\fBquery\fR"
The SQL query template used to search the database, where \fB%s\fR
is a substitute for the address Postfix is trying to resolve,
internal DNS uses no MX records, specify the name of the intranet
gateway host instead.
.PP
-In the case of SMTP or LMTP delivery, specify one or more destinations
-in the form of a domain name, hostname, hostname:port, [hostname]:port,
-[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
-The form [hostname] turns off MX lookups. Multiple destinations are
-supported in Postfix 3.5 and later.
+In the case of SMTP delivery, specify one or more destinations in
+the form of a domain name, hostname, hostname:service, [hostname]:service,
+[hostaddress] or [hostaddress]:service, separated by comma or whitespace.
+The form [hostname] turns off MX or SRV lookups. Multiple destinations
+are supported in Postfix 3.5 and later. Each destination is tried
+in the specified order.
.PP
If you're connected via UUCP, see the UUCP_README file for useful
information.
.nf
.ad
.fi
-Changes to \fBmain.cf\fR are picked up automatically, as
-\fBpostlogd\fR(8) processes run for only a limited amount
-of time. Use the command "\fBpostfix reload\fR" to speed
-up a change.
+Changes to \fBmain.cf\fR are not picked up automatically,
+because \fBpostlogd\fR(8) terminates only after reaching
+the \fBmax_idle\fR time limit.
+Use the command "\fBpostfix reload\fR" to speed up a change.
The text below provides only a parameter summary. See
\fBpostconf\fR(5) for more details including examples.
to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
appropriate.
-The SMTP+LMTP client looks up a list of mail exchanger addresses for
-the destination host, sorts the list by preference, and connects
-to each listed address until it finds a server that responds.
-
-When a server is not reachable, or when mail delivery fails due
-to a recoverable error condition, the SMTP+LMTP client will try to
-deliver the mail to an alternate host.
+The server lookup strategy is different for SMTP and LMTP.
+The details are given below under in the sections "SMTP
+DESTINATION SYNTAX" and "LMTP DESTINATION SYNTAX".
After a successful mail transaction, a connection may be saved
to the \fBscache\fR(8) connection cache server, so that it
.nf
.ad
.fi
-The Postfix SMTP+LMTP client supports multiple destinations
+The Postfix SMTP client supports multiple destinations
separated by comma or whitespace (Postfix 3.5 and later).
+Each destination is tried in the specified order.
+
SMTP destinations have the following form:
.IP \fIdomainname\fR
-.IP \fIdomainname\fR:\fIport\fR
+.IP \fIdomainname\fR:\fIservice\fR
Look up the mail exchangers for the specified domain, and
-connect to the specified port (default: \fBsmtp\fR).
+connect to the specified service (default: \fBsmtp\fR).
+Optionally, mail exchangers may be looked up with SRV queries
+instead of MX; this requires that \fIservice\fR is given
+in symbolic form.
.IP [\fIhostname\fR]
-.IP [\fIhostname\fR]:\fIport\fR
-Look up the address(es) of the specified host, and connect to
-the specified port (default: \fBsmtp\fR).
+.IP [\fIhostname\fR]:\fIservice\fR
+Look up the address(es) for the specified host, and connect to
+the specified service (default: \fBsmtp\fR).
.IP [\fIaddress\fR]
-.IP [\fIaddress\fR]:\fIport\fR
+.IP [\fIaddress\fR]:\fIservice\fR
Connect to the host at the specified address, and connect
-to the specified port (default: \fBsmtp\fR). An IPv6 address
+to the specified service (default: \fBsmtp\fR). An IPv6 address
must be formatted as [\fBipv6\fR:\fIaddress\fR].
.SH "LMTP DESTINATION SYNTAX"
.na
.nf
.ad
.fi
-The Postfix SMTP+LMTP client supports multiple destinations
+The Postfix LMTP client supports multiple destinations
separated by comma or whitespace (Postfix 3.5 and later).
+Each destination is tried in the specified order.
+
LMTP destinations have the following form:
.IP \fBunix\fR:\fIpathname\fR
Connect to the local UNIX\-domain server that is bound to the specified
\fIpathname\fR. If the process runs chrooted, an absolute pathname
is interpreted relative to the Postfix queue directory.
+.IP \fBinet\fR:\fIdomainname\fR
+.IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR
+Look up the LMTP servers for the specified domain and service
+(default: \fBlmtp\fR).
+This form is supported when SRV lookups are enabled, and
+requires that \fIservice\fR is in symbolic form.
.IP \fBinet\fR:\fIhostname\fR
-.IP \fBinet\fR:\fIhostname\fR:\fIport\fR
+.IP \fBinet\fR:\fIhostname\fR:\fIservice\fR
+Look up the address(es) for the specified host, and connect to
+the specified service (default: \fBlmtp\fR). When SRV lookups
+are enabled, use the form \fB[\fIhostname\fB]\fR to force
+address lookups.
.IP \fBinet\fR:[\fIaddress\fR]
-.IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR
-Connect to the specified TCP port on the specified local or
-remote host. If no port is specified, connect to the port defined as
-\fBlmtp\fR in \fBservices\fR(4).
-If no such service is found, the \fBlmtp_tcp_port\fR configuration
-parameter (default value of 24) will be used.
+.IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR
+Connect to the specified local or remote host and service
+(default: \fBlmtp\fR).
An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
.SH "SINGLE-RECIPIENT DELIVERY"
.na
.SH "SECURITY"
.na
.nf
+.ad
+.fi
The SMTP+LMTP client is moderately security\-sensitive. It
talks to SMTP or LMTP servers and to DNS servers on the
network. The SMTP+LMTP client can be run chrooted at fixed
# With earlier Postfix versions, the default was chosen by
# the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0,
# \fBlatin1\fR historically).
+# .IP "\fBidle_interval (default: 60)\fR"
+# The number of seconds after which an idle database connection
+# will be closed.
+#
+# This feature is available in Postfix 3.9 and later.
+# .IP "\fBretry_interval (default: 60)\fR"
+# The number of seconds that a database connection will be
+# skipped after an error.
+#
+# This feature is available in Postfix 3.9 and later.
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve,
# .nf
# encoding = UTF8
# .fi
+#
# Historically, the database client was hard coded to use
# LATIN1 in an attempt to disable multibyte character support.
#
# This feature is available in Postfix 3.8 and later.
+# .IP "\fBidle_interval (default: 60)\fR"
+# The number of seconds after which an idle database connection
+# will be closed.
+#
+# This feature is available in Postfix 3.9 and later.
+# .IP "\fBretry_interval (default: 60)\fR"
+# The number of seconds that a database connection will be
+# skipped after an error.
+#
+# This feature is available in Postfix 3.9 and later.
# .IP "\fBquery\fR"
# The SQL query template used to search the database, where \fB%s\fR
# is a substitute for the address Postfix is trying to resolve,
</p>
<p>
-In the case of SMTP or LMTP delivery, specify one or more destinations
-in the form of a domain name, hostname, hostname:port, [hostname]:port,
-[hostaddress] or [hostaddress]:port, separated by comma or whitespace.
-The form [hostname] turns off MX lookups. Multiple destinations are
-supported in Postfix 3.5 and later.
+In the case of SMTP delivery, specify one or more destinations in
+the form of a domain name, hostname, hostname:service, [hostname]:service,
+[hostaddress] or [hostaddress]:service, separated by comma or whitespace.
+The form [hostname] turns off MX or SRV lookups. Multiple destinations
+are supported in Postfix 3.5 and later. Each destination is tried
+in the specified order.
</p>
<p>
names Files smtpd smtpd hc
or access control limitations Files smtpd smtpd hc
spam the log with a warning message File tlsmgr tlsmgr c
+ Cleanup tlsmgr c fix 20240124 File tlsmgr tlsmgr c
+ MX or SRV records File smtp smtp c
+ a list of comma separated names Files smtpd smtpd hc
+ dnsblog dnsblog c postkick postkick c postlock postlock c
+ postdrop postdrop c postsuper postsuper c sendmail sendmail c
+ postlogd postlogd c
+ qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c
br br This will also reject email from services that use BDAT
RFC 2045 Sections 2 7 and 2 8 br br Such clients can be
to become a list of comma separated names br br This feature
+the form of a domain name hostname hostname service hostname service
+expected to become a list of comma separated names br br This
char *password;
char *dbname;
char *charset;
+ int retry_interval;
+ int idle_interval;
ARGV *hosts;
PLMYSQL *pldb;
HOST *active_host;
#define TYPEINET (1<<1)
#define RETRY_CONN_MAX 100
-#define RETRY_CONN_INTV 60 /* 1 minute */
-#define IDLE_CONN_INTV 60 /* 1 minute */
+#define DEF_RETRY_INTV 60 /* 1 minute */
+#define DEF_IDLE_INTV 60 /* 1 minute */
/* internal function declarations */
static PLMYSQL *plmysql_init(ARGV *);
static int plmysql_query(DICT_MYSQL *, const char *, VSTRING *, MYSQL_RES **);
static void plmysql_dealloc(PLMYSQL *);
static void plmysql_close_host(HOST *);
-static void plmysql_down_host(HOST *);
+static void plmysql_down_host(HOST *, int);
static void plmysql_connect_single(DICT_MYSQL *, HOST *);
static const char *dict_mysql_lookup(DICT *, const char *);
DICT *dict_mysql_open(const char *, int, int);
name, 0, query, dict_mysql_quote);
/* Check for potential dict_mysql_quote() failure. */
if (host->stat == STATFAIL) {
- plmysql_down_host(host);
+ plmysql_down_host(host, dict_mysql->retry_interval);
continue;
}
if (msg_verbose)
* See what we got.
*/
if (query_error) {
- plmysql_down_host(host);
+ plmysql_down_host(host, dict_mysql->retry_interval);
if (errno == 0)
errno = ENOTSUP;
if (first_result) {
dict_mysql->dict.type, dict_mysql->dict.name,
host->hostname);
event_request_timer(dict_mysql_event, (void *) host,
- IDLE_CONN_INTV);
+ dict_mysql->idle_interval);
break;
}
}
if (mysql_set_character_set(host->db, dict_mysql->charset) != 0) {
msg_warn("dict_mysql: mysql_set_character_set '%s' failed: %s",
dict_mysql->charset, mysql_error(host->db));
- plmysql_down_host(host);
+ plmysql_down_host(host, dict_mysql->retry_interval);
return;
}
if (msg_verbose)
} else {
msg_warn("connect to mysql server %s: %s",
host->hostname, mysql_error(host->db));
- plmysql_down_host(host);
+ plmysql_down_host(host, dict_mysql->retry_interval);
}
}
* plmysql_down_host - close a failed connection AND set a "stay away from
* this host" timer
*/
-static void plmysql_down_host(HOST *host)
+static void plmysql_down_host(HOST *host, int retry_interval)
{
mysql_close(host->db);
host->db = 0;
- host->ts = time((time_t *) 0) + RETRY_CONN_INTV;
+ host->ts = time((time_t *) 0) + retry_interval;
host->stat = STATFAIL;
event_cancel_timer(dict_mysql_event, (void *) host);
}
dict_mysql->password = cfg_get_str(p, "password", "", 0, 0);
dict_mysql->dbname = cfg_get_str(p, "dbname", "", 1, 0);
dict_mysql->charset = cfg_get_str(p, "charset", "utf8mb4", 1, 0);
+ dict_mysql->retry_interval = cfg_get_int(p, "retry_interval",
+ DEF_RETRY_INTV, 1, 0);
+ dict_mysql->idle_interval = cfg_get_int(p, "idle_interval",
+ DEF_IDLE_INTV, 1, 0);
dict_mysql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
dict_mysql->option_file = cfg_get_str(p, "option_file", NULL, 0, 0);
dict_mysql->option_group = cfg_get_str(p, "option_group", "client", 0, 0);
#define TYPECONNSTR (1<<2)
#define RETRY_CONN_MAX 100
-#define RETRY_CONN_INTV 60 /* 1 minute */
-#define IDLE_CONN_INTV 60 /* 1 minute */
+#define DEF_RETRY_INTV 60 /* 1 minute */
+#define DEF_IDLE_INTV 60 /* 1 minute */
typedef struct {
PGconn *db;
char *password;
char *dbname;
char *encoding;
+ int retry_interval;
+ int idle_interval;
char *table;
ARGV *hosts;
PLPGSQL *pldb;
static PGSQL_RES *plpgsql_query(DICT_PGSQL *, const char *, VSTRING *);
static void plpgsql_dealloc(PLPGSQL *);
static void plpgsql_close_host(HOST *);
-static void plpgsql_down_host(HOST *);
+static void plpgsql_down_host(HOST *, int);
static void plpgsql_connect_single(DICT_PGSQL *, HOST *);
static const char *dict_pgsql_lookup(DICT *, const char *);
DICT *dict_pgsql_open(const char *, int, int);
/* Check for potential dict_pgsql_quote() failure. */
if (host->stat == STATFAIL) {
- plpgsql_down_host(host);
+ plpgsql_down_host(host, dict_pgsql->retry_interval);
continue;
}
msg_info("dict_pgsql: successful query from host %s",
host->hostname);
event_request_timer(dict_pgsql_event, (void *) host,
- IDLE_CONN_INTV);
+ dict_pgsql->idle_interval);
return (res);
case PGRES_FATAL_ERROR:
msg_warn("pgsql query failed: fatal error from host %s: %s",
*/
if (res != 0)
PQclear(res);
- plpgsql_down_host(host);
+ plpgsql_down_host(host, dict_pgsql->retry_interval);
}
return (0);
if (host->db == NULL || PQstatus(host->db) != CONNECTION_OK) {
msg_warn("connect to pgsql server %s: %s",
host->hostname, PQerrorMessage(host->db));
- plpgsql_down_host(host);
+ plpgsql_down_host(host, dict_pgsql->retry_interval);
return;
}
if (PQsetClientEncoding(host->db, dict_pgsql->encoding) != 0) {
msg_warn("dict_pgsql: cannot set the encoding to %s, skipping %s",
dict_pgsql->encoding, host->hostname);
- plpgsql_down_host(host);
+ plpgsql_down_host(host, dict_pgsql->retry_interval);
return;
}
if (msg_verbose)
* plpgsql_down_host - close a failed connection AND set a "stay away from
* this host" timer.
*/
-static void plpgsql_down_host(HOST *host)
+static void plpgsql_down_host(HOST *host, int retry_interval)
{
if (host->db)
PQfinish(host->db);
host->db = 0;
- host->ts = time((time_t *) 0) + RETRY_CONN_INTV;
+ host->ts = time((time_t *) 0) + retry_interval;
host->stat = STATFAIL;
event_cancel_timer(dict_pgsql_event, (void *) host);
}
dict_pgsql->password = cfg_get_str(p, "password", "", 0, 0);
dict_pgsql->dbname = cfg_get_str(p, "dbname", "", 1, 0);
dict_pgsql->encoding = cfg_get_str(p, "encoding", "UTF8", 1, 0);
+ dict_pgsql->retry_interval = cfg_get_int(p, "retry_interval",
+ DEF_RETRY_INTV, 1, 0);
+ dict_pgsql->idle_interval = cfg_get_int(p, "idle_interval",
+ DEF_IDLE_INTV, 1, 0);
dict_pgsql->result_format = cfg_get_str(p, "result_format", "%s", 1, 0);
/*
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240125"
+#define MAIL_RELEASE_DATE "20240129"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
-/* Changes to \fBmain.cf\fR are picked up automatically, as
-/* \fBpostlogd\fR(8) processes run for only a limited amount
-/* of time. Use the command "\fBpostfix reload\fR" to speed
-/* up a change.
+/* Changes to \fBmain.cf\fR are not picked up automatically,
+/* because \fBpostlogd\fR(8) terminates only after reaching
+/* the \fBmax_idle\fR time limit.
+/* Use the command "\fBpostfix reload\fR" to speed up a change.
/*
/* The text below provides only a parameter summary. See
/* \fBpostconf\fR(5) for more details including examples.
/* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
/* appropriate.
/*
-/* The SMTP+LMTP client looks up a list of mail exchanger addresses for
-/* the destination host, sorts the list by preference, and connects
-/* to each listed address until it finds a server that responds.
-/*
-/* When a server is not reachable, or when mail delivery fails due
-/* to a recoverable error condition, the SMTP+LMTP client will try to
-/* deliver the mail to an alternate host.
+/* The server lookup strategy is different for SMTP and LMTP.
+/* The details are given below under in the sections "SMTP
+/* DESTINATION SYNTAX" and "LMTP DESTINATION SYNTAX".
/*
/* After a successful mail transaction, a connection may be saved
/* to the \fBscache\fR(8) connection cache server, so that it
/* SMTP DESTINATION SYNTAX
/* .ad
/* .fi
-/* The Postfix SMTP+LMTP client supports multiple destinations
+/* The Postfix SMTP client supports multiple destinations
/* separated by comma or whitespace (Postfix 3.5 and later).
+/* Each destination is tried in the specified order.
+/*
/* SMTP destinations have the following form:
/* .IP \fIdomainname\fR
-/* .IP \fIdomainname\fR:\fIport\fR
+/* .IP \fIdomainname\fR:\fIservice\fR
/* Look up the mail exchangers for the specified domain, and
-/* connect to the specified port (default: \fBsmtp\fR).
+/* connect to the specified service (default: \fBsmtp\fR).
+/* Optionally, mail exchangers may be looked up with SRV queries
+/* instead of MX; this requires that \fIservice\fR is given
+/* in symbolic form.
/* .IP [\fIhostname\fR]
-/* .IP [\fIhostname\fR]:\fIport\fR
-/* Look up the address(es) of the specified host, and connect to
-/* the specified port (default: \fBsmtp\fR).
+/* .IP [\fIhostname\fR]:\fIservice\fR
+/* Look up the address(es) for the specified host, and connect to
+/* the specified service (default: \fBsmtp\fR).
/* .IP [\fIaddress\fR]
-/* .IP [\fIaddress\fR]:\fIport\fR
+/* .IP [\fIaddress\fR]:\fIservice\fR
/* Connect to the host at the specified address, and connect
-/* to the specified port (default: \fBsmtp\fR). An IPv6 address
+/* to the specified service (default: \fBsmtp\fR). An IPv6 address
/* must be formatted as [\fBipv6\fR:\fIaddress\fR].
/* LMTP DESTINATION SYNTAX
/* .ad
/* .fi
-/* The Postfix SMTP+LMTP client supports multiple destinations
+/* The Postfix LMTP client supports multiple destinations
/* separated by comma or whitespace (Postfix 3.5 and later).
+/* Each destination is tried in the specified order.
+/*
/* LMTP destinations have the following form:
/* .IP \fBunix\fR:\fIpathname\fR
/* Connect to the local UNIX-domain server that is bound to the specified
/* \fIpathname\fR. If the process runs chrooted, an absolute pathname
/* is interpreted relative to the Postfix queue directory.
+/* .IP \fBinet\fR:\fIdomainname\fR
+/* .IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR
+/* Look up the LMTP servers for the specified domain and service
+/* (default: \fBlmtp\fR).
+/* This form is supported when SRV lookups are enabled, and
+/* requires that \fIservice\fR is in symbolic form.
/* .IP \fBinet\fR:\fIhostname\fR
-/* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR
+/* .IP \fBinet\fR:\fIhostname\fR:\fIservice\fR
+/* Look up the address(es) for the specified host, and connect to
+/* the specified service (default: \fBlmtp\fR). When SRV lookups
+/* are enabled, use the form \fB[\fIhostname\fB]\fR to force
+/* address lookups.
/* .IP \fBinet\fR:[\fIaddress\fR]
-/* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR
-/* Connect to the specified TCP port on the specified local or
-/* remote host. If no port is specified, connect to the port defined as
-/* \fBlmtp\fR in \fBservices\fR(4).
-/* If no such service is found, the \fBlmtp_tcp_port\fR configuration
-/* parameter (default value of 24) will be used.
+/* .IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR
+/* Connect to the specified local or remote host and service
+/* (default: \fBlmtp\fR).
/* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
/* SINGLE-RECIPIENT DELIVERY
/* .ad
/* This feature is available as of Postfix 3.5.
/* .RE
/* SECURITY
+/* .ad
+/* .fi
/* The SMTP+LMTP client is moderately security-sensitive. It
/* talks to SMTP or LMTP servers and to DNS servers on the
/* network. The SMTP+LMTP client can be run chrooted at fixed
projects / thirdparty / postfix.git / commitdiff
