sites that used permit_mx_backup to authorize all their
incoming mail.
-20051122
-
- Feature: sender_relayhost_maps, lookup tables that specify
- a per-sender override for the relayhost parameter setting.
- This is an extended version of a patch by Mathias Hasselmann.
- Files: trivial-rewrite/resolve.c, trivial-rewrite/transport.c,
+20051122-24
+
+ Feature: sender_dependent_relayhost_maps, lookup tables that specify
+ a sender-dependent override for the relayhost parameter
+ setting. The lookup is done in the trivial-rewrite server,
+ instead of the queue manager where it does not belong.
+ Files: global/resolve_clnt.c, global/tok822_resolve.c,
+ trivial-rewrite/resolve.c, trivial-rewrite/transport.c,
*qmgr/qmgr_message.c.
- Feature: address_verify_sender_relayhost_maps, for consistency
- with the other address_verify_mumble parameters.
+ Also: address_verify_sender_dependent_relayhost_maps for completeness.
20051124
- Feature: smtp_per_sender_auth, to enable per-sender SASL
- authentication. This disables SMTP connection caching to
- ensure that mail from different senders will be delivered
- with the appropriate credentials. This is an extended version
- of a patch by Mathias Hasselmann. Files: smtp/smtp_connect.c,
- smtp/smtp_sasl_glue.c.
+ Feature: specify "smtp_sender_dependent_authentication = yes" to
+ enable sender-dependent SASL passwords. This disables SMTP
+ connection caching to ensure that mail from different senders
+ is delivered with the appropriate credentials. This is an
+ extended version of a patch by Mathias Hasselmann. Files:
+ smtp/smtp_connect.c, smtp/smtp_sasl_glue.c.
Open problems:
First, the address_verify_relayhost parameter allows you to override the
relayhost setting, and the address_verify_transport_maps parameter allows you
-to override the transport_maps setting.
+to override the transport_maps setting. The
+address_verify_sender_dependent_relayhost_maps parameter does the same for
+sender-dependent relayhost selection.
Second, each address class is given its own address verification version of the
message delivery transport, as shown in the table below. Address classes are
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding.
-Major changes with snapshot 20051124
+Incompatibility with snapshot 20051125
+======================================
+
+You MUST stop and restart Postfix, because the address resolver
+protocol has changed. If you don't stop and restart Postfix, you
+will have an endless stream of warning messages with "problem talking
+to service rewrite: Unknown error: 0" and "warning: unexpected
+attribute address in input from rewrite socket".
+
+Major changes with snapshot 20051125
====================================
This snapshot adds support for sender-dependent ISP accounts.
-- Per-sender relayhost support, with the sender_relayhost_maps
- feature. The maps are searched with the sender address and with
- the sender @domain. The result overrides the global relayhost
- setting, but otherwise has identical behavior.
+- Sender-dependent smarthost lookup tables. The maps are searched
+ with the sender address and with the sender @domain. The result
+ overrides the global relayhost setting, but otherwise has identical
+ behavior. See the postconf(5) manual page for more details.
- Example: sender_relayhost_maps = hash:/etc/postfix/sender_relay
+ Example:
+ /etc/postfix/main.cf:
+ sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
-- Per-sender SASL authentication support. This disables SMTP
+- Sender-dependent SASL authentication support. This disables SMTP
connection caching to ensure that mail from different senders
- will use the correct authentication credentials.
-
- Example: smtp_per_sender_authentication = yes
+ will use the correct authentication credentials. The SMTP SASL
+ password file is first searched by sender address, and then by
+ the remote domain and hostname as usual.
+
+ Example:
+ /etc/postfix/main.cf:
+ smtp_sasl_auth_enable = yes
+ smtp_sender_dependent_authentication = yes
+ smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
Incompatibility with snapshot 20051121
======================================
# This is the default for remote delivery to domains
# listed with relay_domains. In order of decreasing
# precedence, the nexthop destination is taken from
-# relay_transport, sender_relayhost_maps, relayhost,
-# or from the recipient domain.
+# relay_transport, sender_dependent_relayhost_maps,
+# relayhost, or from the recipient domain.
#
# default_transport (default: smtp:)
# This is the default for remote delivery to other
# destinations. In order of decreasing precedence,
# the nexthop destination is taken from
-# default_transport, sender_relayhost_maps, relay-
-# host, or from the recipient domain.
+# default_transport, sender_dependent_relayhost_maps,
+# relayhost, or from the recipient domain.
#
# Normally, the transport(5) table is specified as a text
# file that serves as input to the postmap(1) command. The
with an unreplyable sender address. </p>
<p> The technique may also be useful to block mail for undeliverable
-recipients, for example on a mail relay host that does not have a
+recipients, for example on a mail <a href="postconf.5.html#relayhost">relay host</a> that does not have a
list of all the valid recipient addresses. This prevents undeliverable
junk mail from entering the queue, so that Postfix doesn't have to
waste resources trying to send MAILER-DAEMON messages back. </p>
<p> First, the <a href="postconf.5.html#address_verify_relayhost">address_verify_relayhost</a> parameter allows you to
override the <a href="postconf.5.html#relayhost">relayhost</a> setting, and the <a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a>
-parameter allows you to override the <a href="postconf.5.html#transport_maps">transport_maps</a> setting. </p>
+parameter allows you to override the <a href="postconf.5.html#transport_maps">transport_maps</a> setting.
+The <a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> parameter
+does the same for sender-dependent <a href="postconf.5.html#relayhost">relayhost</a> selection. </p>
<p> Second, each address class is given its own address verification
version of the message delivery transport, as shown in the table
<p>
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for address verification
-probes.
+probes. This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
</DD>
-<DT><b><a name="address_verify_sender_relayhost_maps">address_verify_sender_relayhost_maps</a>
+<DT><b><a name="address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a>
(default: empty)</b></DT><DD>
<p>
-Overrides the <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> parameter setting for address
+Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> parameter setting for address
verification probes.
</p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
<p>
<p>
This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is not
-part of the stable Postfix 2.1 release.
+part of the stable Postfix version 2.1 release.
</p>
<p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
(default: empty)</b></DT><DD>
<p> Pathname of a configuration file with bounce message templates.
-These override the <a href="bounce.8.html">bounce(8)</a> server built-in templates of delivery
-status notification (DSN) messages for undeliverable mail, for
-delayed mail, for successful delivery, or for mail delivery
-verification. </p>
+These override the built-in templates of delivery status notification
+(DSN) messages for undeliverable mail, for delayed mail, successful
+delivery, or delivery verification. The <a href="bounce.5.html">bounce(5)</a> manual page
+describes how to edit and test template files. </p>
<p> Template message body text may contain $name references to
Postfix configuration parameters. The result of $name expansion can
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
<p>
<dd>The numerical SMTP response code, as specified with the
<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
-reply. With Postfix 2.3 and later this information may be followed
+reply. With Postfix version 2.3 and later this information may be followed
by an <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> enhanced status code. </dd>
<dt><b>$rbl_domain</b></dt>
(default: smtp)</b></DT><DD>
<p>
-The default mail delivery transport for domains that do not match
-$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>,
-$<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
-This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
+The default mail delivery transport and next-hop destination for
+destinations that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
+$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>,
+or $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of decreasing precedence, the nexthop
+destination is taken from $<a href="postconf.5.html#default_transport">default_transport</a>,
+$<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or from the recipient
+domain. This information can be overruled with the <a href="transport.5.html">transport(5)</a>
+table.
</p>
<p>
<p> Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
-sender address (this feature is removed with Postfix 2.2, is
-turned off by default with Postfix 2.1, and is always turned on
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
with older Postfix versions). </p>
generates empty original recipient queue file records. </p>
<p> This feature is available in Postfix 2.1 and later. With Postfix
-2.0, support for the X-Original-To message header is always turned
+version 2.0, support for the X-Original-To message header is always turned
on. Postfix versions before 2.0 have no support for the X-Original-To
message header. </p>
<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later.
+Postfix version 2.1 and later.
</p>
<p>
</p>
<p>
-This feature was removed in Postfix 2.1.
+This feature was removed in Postfix version 2.1.
</p>
<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later. </p>
+Postfix version 2.1 and later. </p>
</DD>
<p> The network interface addresses that this mail system receives
mail on. Specify "all" to receive mail on all network
interfaces (default), and "loopback-only" to receive mail
-on loopback network interfaces only (Postfix 2.2 and later). The
+on loopback network interfaces only (Postfix version 2.2 and later). The
parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
</p>
<pre>
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT)
-<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix 2.2 and later)
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only (Postfix version 2.2 and later)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1
-<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix 2.2 and later)
+<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1, [::1] (Postfix version 2.2 and later)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1
</pre>
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
on whether the operating system implements IPv6. </p>
-<p> This feature is available in Postfix version 2.2 and later. </p>
+<p> This feature is available in Postfix 2.2 and later. </p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
<DT><b><a name="local_transport">local_transport</a>
(default: <a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b></DT><DD>
-<p> The default mail delivery transport for domains that match
-$<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. This
-information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
+<p> The default mail delivery transport and next-hop destination
+for final delivery to domains listed with <a href="postconf.5.html#mydestination">mydestination</a>, and for
+[ipaddress] destinations that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+This information can be overruled with the <a href="transport.5.html">transport(5)</a> table. </p>
<p>
By default, local mail is delivered to the transport called "local",
<p>
When this parameter value is changed you need to re-run "<b>postfix
-set-permissions</b>" (with Postfix 2.0 and earlier:
+set-permissions</b>" (with Postfix version 2.0 and earlier:
"<b>/etc/postfix/post-install set-permissions</b>".
</p>
<dt><b>CLIENT_ADDRESS</b></dt>
-<dd>Remote client network address. Available in Postfix 2.2 and
+<dd>Remote client network address. Available in Postfix version 2.2 and
later. </dd>
<dt><b>CLIENT_HELO</b></dt>
-<dd>Remote client EHLO command parameter. Available in Postfix 2.2
+<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
and later.</dd>
<dt><b>CLIENT_HOSTNAME</b></dt>
-<dd>Remote client hostname. Available in Postfix 2.2 and later.
+<dd>Remote client hostname. Available in Postfix version 2.2 and later.
</dd>
<dt><b>CLIENT_PROTOCOL</b></dt>
-<dd>Remote client protocol. Available in Postfix 2.2 and later.
+<dd>Remote client protocol. Available in Postfix version 2.2 and later.
</dd>
<dt><b>DOMAIN</b></dt>
<dt><b>SASL_METHOD</b></dt>
<dd>SASL authentication method specified in the remote client AUTH
-command. Available in Postfix 2.2 and later. </dd>
+command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_SENDER</b></dt>
<dd>SASL sender address specified in the remote client MAIL FROM
-command. Available in Postfix 2.2 and later. </dd>
+command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_USER</b></dt>
<dd>SASL username specified in the remote client AUTH command.
-Available in Postfix 2.2 and later. </dd>
+Available in Postfix version 2.2 and later. </dd>
<dt><b>SENDER</b></dt>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
<p>
</p>
<p>
-By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands
+By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands
when the amount of free space is less than 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>.
To specify a higher minimum free space limit, specify a <a href="postconf.5.html#queue_minfree">queue_minfree</a>
value that is at least 1.5*$<a href="postconf.5.html#message_size_limit">message_size_limit</a>.
an appropriate <a href="access.5.html">access(5)</a> policy for each client.
See <a href="RESTRICTION_CLASS_README.html">RESTRICTION_CLASS_README</a>.</p>
-<p>This feature is available with Postfix 2.2.</p>
+<p>This feature is available with Postfix version 2.2.</p>
</DD>
by the queue manager. The message delivery transport name is the
first field in the entry in the master.cf file. </p>
-<p> This feature is available in Postfix version 2.0 and later. </p>
+<p> This feature is available in Postfix 2.0 and later. </p>
</DD>
<a href="postconf.5.html#relay_destination_concurrency_limit">relay_destination_concurrency_limit</a> from concurrency per domain
into concurrency per recipient. </p>
-<p> This feature is available in Postfix version 2.0 and later. </p>
+<p> This feature is available in Postfix 2.0 and later. </p>
</DD>
(default: relay)</b></DT><DD>
<p>
-The default mail delivery transport and next-hop information for
-domains that match the $<a href="postconf.5.html#relay_domains">relay_domains</a> parameter value. This
-information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
+The default mail delivery transport and next-hop destination for
+remote delivery to domains listed with $<a href="postconf.5.html#relay_domains">relay_domains</a>. In order of
+decreasing precedence, the nexthop destination is taken from
+$<a href="postconf.5.html#relay_transport">relay_transport</a>, $<a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>, $<a href="postconf.5.html#relayhost">relayhost</a>, or
+from the recipient domain. This information can be overruled with
+the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
(default: empty)</b></DT><DD>
<p>
-The default host to send non-local mail to when no entry is matched
-in the optional <a href="transport.5.html">transport(5)</a> table. When no <a href="postconf.5.html#relayhost">relayhost</a> is given,
-mail is routed directly to the destination.
+The next-hop destination of non-local mail; overrides non-local
+domains in recipient addresses. This information is overruled with
+<a href="postconf.5.html#relay_transport">relay_transport</a>, <a href="postconf.5.html#default_transport">default_transport</a>, <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+and with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
local hostname were specified, instead of rejecting the address as
invalid. </p>
-<p> This feature is available in Postfix version 2.1 and later.
+<p> This feature is available in Postfix 2.1 and later.
Earlier versions always resolve the null domain as the local
hostname. </p>
(default: no)</b></DT><DD>
<p>
-This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a>
-in Postfix 2.3.
+This parameter should not be used. It was replaced by <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+in Postfix version 2.3.
</p>
</DD>
-<DT><b><a name="sender_relayhost_maps">sender_relayhost_maps</a>
+<DT><b><a name="sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
(default: empty)</b></DT><DD>
-<p> A sender-
specific override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
+<p> A sender-
dependent override for the global <a href="postconf.5.html#relayhost">relayhost</a> parameter
setting. The tables are searched by the sender address and by the
-sender @domain. </p>
+sender @domain. This information is overruled with <a href="postconf.5.html#relay_transport">relay_transport</a>,
+<a href="postconf.5.html#default_transport">default_transport</a> and with the <a href="transport.5.html">transport(5)</a> table. </p>
<p>
This feature is available in Postfix 2.3 and later.
<p>
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need
-to re-run "<b>postfix set-permissions</b>" (with Postfix 2.0 and
+to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
earlier: "<b>/etc/postfix/post-install set-permissions</b>".
</p>
bind to when making an IPv6 connection.
</p>
-<p> This feature is available in Postfix version 2.2 and later. </p>
+<p> This feature is available in Postfix 2.2 and later. </p>
<p>
This can be specified in the main.cf file for all SMTP clients, or
divided by the total number of MX hosts. </p>
<p> The solution uses connection caching in a way that differs from
-Postfix 2.2. By limiting the amount of time during which a connection
+Postfix version 2.2. By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
latency for a slow delivery. Note that hosts may accept thousands
of messages over a single connection within the default connection
reuse time limit. This number is much larger than the default Postfix
-2.2 limit of 10 messages per cached connection. It may prove necessary
+version 2.2 limit of 10 messages per cached connection. It may prove necessary
to lower the limit to avoid interoperability issues with MTAs that
exhibit bugs when many messages are delivered via a single connection.
A lower reuse time limit risks losing the benefit of connection
<p>
The maximal number of MX (mail exchanger) IP addresses that can
result from mail exchanger lookups, or zero (no limit). Prior to
-Postfix 2.3, this limit was disabled by default.
+Postfix version 2.3, this limit was disabled by default.
</p>
<p>
<p> The maximal number of SMTP sessions per delivery request before
giving up or delivering to a fall-back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no
limit). This restriction ignores sessions that fail to complete the
-SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
-complete the EHLO and TLS handshake (Postfix 2.3 and later). </p>
+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p>
<p> This feature is available in Postfix 2.1 and later. </p>
<a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> parameter. </p>
-</DD>
-
-<DT><b><a name="smtp_per_sender_authentication">smtp_per_sender_authentication</a>
-(default: no)</b></DT><DD>
-
-<p>
-Enable per-sender authentication in the SMTP client; this is available
-only with SASL authentication, and disables SMTP connection caching
-to ensure that mail from different senders will use the appropriate
-credentials.
-</p>
-
-<p>
-This feature is available in Postfix 2.3 and later.
-</p>
-
-
</DD>
<DT><b><a name="smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a>
<p>
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain (or per sender address, when per-sender
-authentication is enabled). If no username:password entry is found,
+per remote hostname or domain, or sender address when sender-dependent
+authentication is enabled. If no username:password entry is found,
then the Postfix SMTP client will not
attempt to authenticate to the remote host.
</p>
</p>
+</DD>
+
+<DT><b><a name="smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a>
+(default: no)</b></DT><DD>
+
+<p>
+Enable sender-dependent authentication in the SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials. </p>
+
+<p>
+This feature is available in Postfix 2.3 and later.
+</p>
+
+
</DD>
<DT><b><a name="smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a>
immediately.
</p>
-<p> This feature is available in Postfix version 2.0 and earlier.
+<p> This feature is available in Postfix 2.0 and earlier.
Later Postfix versions always skip SMTP servers that greet with a
4XX status code. </p>
<p> By default, no clients are allowed to specify XVERP. </p>
-<p> This parameter was renamed with Postfix 2.1. The default value
-is backwards compatible with Postfix 2.0. </p>
+<p> This parameter was renamed with Postfix version 2.1. The default value
+is backwards compatible with Postfix version 2.0. </p>
<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
<dd>When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
-<a href="access.5.html">access(5)</a> database. This feature is available with Postfix 2.2.</dd>
+<a href="access.5.html">access(5)</a> database. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
-allowed to relay. This feature is available with Postfix 2.2.</dd>
+allowed to relay. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
<dd>Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
-in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. This feature is available with Postfix 2.2.</dd>
+in $<a href="postconf.5.html#relay_clientcerts">relay_clientcerts</a>. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the reversed client network address is
The <a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> parameter specifies the response
code for rejected requests (default: 450). The reply is always 450
in case the address->name lookup failed due to a temporary
-problem. <br> This feature is available in Postfix version 2.3 and
+problem. <br> This feature is available in Postfix 2.3 and
later. </dd>
</dl>
<dd>Defer the request if some later restriction would result in an
explicit or implicit PERMIT action. This is useful when a blacklisting
feature fails due to a temporary problem. This feature is available
-in Postfix 2.1 and later. </dd>
+in Postfix version 2.1 and later. </dd>
<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>
<dd>Defer the request if some later restriction would result in a
REJECT action. This is useful when a whitelisting feature fails
due to a temporary problem. This feature is available in Postfix
-2.1 and later. </dd>
+version 2.1 and later. </dd>
<dt><b><a name="permit">permit</a></b></dt>
<DT><b><a name="smtpd_error_sleep_time">smtpd_error_sleep_time</a>
(default: 1s)</b></DT><DD>
-<p>With Postfix 2.1 and later: the SMTP server response delay after
+<p>With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and
fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering mail.
</p>
-<p>With Postfix 2.0 and earlier: the SMTP server delay before
+<p>With Postfix version 2.0 and earlier: the SMTP server delay before
sending a reject (4xx or 5xx) response, when the client has made
fewer than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors without delivering
mail. </p>
554); the <a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> parameter specifies the default server
reply; and the <a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> parameter specifies tables with server
replies indexed by <i>rbl_domain</i>. This feature is available
-in Postfix 2.0 and later.</dd>
+in Postfix version 2.0 and later.</dd>
<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>
<dd>Reject the request when Postfix is not final destination for
the recipient address, and the RCPT TO address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later). <br> The
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the response code
for rejected requests (default: 450). The response is always 450
in case of a temporary DNS error.</dd>
-<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix 2.0: check_recipient_maps)</dt>
+<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>
<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
<dd>Reject the request when Postfix is not final destination for
the sender address, and the MAIL FROM address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later). <br> The
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
<a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> parameter specifies the response code
for rejected requests (default: 450). The response is always 450
in case of a temporary DNS error. </dd>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = static:all". </p>
<p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
<p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
<p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix
-2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
+
version 2.0 and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>
(default: virtual)</b></DT><DD>
<p>
-The default mail delivery transport for domains that match the
-$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> parameter value. This information can
-be overruled with the <a href="transport.5.html">transport(5)</a> table.
+The default mail delivery transport and next-hop destination for
+final delivery to domains listed with <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+
This information can be overruled with the <a href="transport.5.html">transport(5)</a> table.
</p>
<p>
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
Optional SMTP client lookup tables with one user-
- name:password entry per remote hostname or domain
- (or per sender, when per-sender authentication is
- enabled).
+ name:password entry per remote hostname or domain,
+ or sender address when sender-dependent authentica-
+ tion is enabled.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
What authentication mechanisms the Postfix SMTP
Available in Postfix version 2.3 and later:
- <b><a href="postconf.5.html#smtp_per_sender_authentication">smtp_per_sender_authentication</a> (no)</b>
- Enable per-sender authentication in the SMTP
+ <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
+ Enable sender-dependent authentication in the SMTP
client; this is available only with SASL authenti-
cation, and disables SMTP connection caching to
ensure that mail from different senders will use
This is the default for remote delivery to domains
listed with <b><a href="postconf.5.html#relay_domains">relay_domains</a></b>. In order of decreasing
precedence, the <i>nexthop</i> destination is taken from
- <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relayhost</a></b>,
- or from the recipient domain.
+ <b><a href="postconf.5.html#relay_transport">relay_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>,
+ <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
<b><a href="postconf.5.html#default_transport">default_transport</a> (default: <a href="smtp.8.html">smtp</a>:)</b>
This is the default for remote delivery to other
destinations. In order of decreasing precedence,
the <i>nexthop</i> destination is taken from
- <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a></b>, <b><a href="postconf.5.html#relayhost">relay</a>-</b>
- <b><a href="postconf.5.html#relayhost">host</a></b>, or from the recipient domain.
+ <b><a href="postconf.5.html#default_transport">default_transport</a></b>, <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a></b>,
+ <b><a href="postconf.5.html#relayhost">relayhost</a></b>, or from the recipient domain.
Normally, the <a href="transport.5.html"><b>transport</b>(5)</a> table is specified as a text
file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
<i>.domain transport</i>:<i>nexthop</i>
Deliver mail for any subdomain of <i>domain</i> through
<i>transport</i> to <i>nexthop</i>. This applies only when the
- string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b>par-</b>
- <b>ent_domain_matches_subdomains</b> configuration set-
+ string <b><a href="postconf.5.html#transport_maps">transport_maps</a></b> is not listed in the <b><a href="postconf.5.html#parent_domain_matches_subdomains">par</a>-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">ent_domain_matches_subdomains</a></b> configuration set-
ting. Otherwise, a domain name matches itself and
its subdomains.
the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> to spam from poorly written
remote clients.
- <b>resolve</b> <i>address</i>
- Resolve an address to a (<i>transport</i>, <i>nexthop</i>, <i>recip-</i>
- <i>ient</i>, <i>flags</i>) quadruple. The meaning of the results
- is as follows:
+ <b>resolve</b> <i>sender address</i>
+ Resolve the address to a (<i>transport</i>, <i>nexthop</i>,
+ <i>recipient</i>, <i>flags</i>) quadruple. The meaning of the
+ results is as follows:
<i>transport</i>
The delivery agent to use. This is the first
requires relaying, whether the address has
problems, and whether the request failed.
- <b>verify</b> <i>address</i>
- Resolve an address for address verification pur-
+ <b>verify</b> <i>sender address</i>
+ Resolve the address for address verification pur-
poses.
<b>SERVER PROCESS MANAGEMENT</b>
<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> or <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#local_transport">local_transport</a> (<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The default mail delivery transport for domains
- that match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
- $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
+ The default mail delivery transport and next-hop
+ destination for final delivery to domains listed
+ with <a href="postconf.5.html#mydestination">mydestination</a>, and for [ipaddress] destina-
+ tions that match $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
+ <a href="postconf.5.html#proxy_interfaces">faces</a>.
<b><a href="postconf.5.html#virtual_transport">virtual_transport</a> (virtual)</b>
- The default mail delivery transport for domains
- that match the $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> parameter
- value.
+ The default mail delivery transport and next-hop
+ destination for final delivery to domains listed
+ with <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#relay_transport">relay_transport</a> (relay)</b>
The default mail delivery transport and next-hop
- information for domains that match the
- $<a href="postconf.5.html#relay_domains">relay_domains</a> parameter value.
+ destination for remote delivery to domains listed
+ with $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#default_transport">default_transport</a> (smtp)</b>
- The default mail delivery transport for domains
- that do not match $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
- $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">vir</a>-
- <a href="postconf.5.html#virtual_mailbox_domains">tual_mailbox_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
+ The default mail delivery transport and next-hop
+ destination for destinations that do not match
+ $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>, $<a href="postconf.5.html#proxy_interfaces">proxy_inter</a>-
+ <a href="postconf.5.html#proxy_interfaces">faces</a>, $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mail-
+ box_domains</a>, or $<a href="postconf.5.html#relay_domains">relay_domains</a>.
- <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
+ <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#relayhost">relayhost</a> (empty)</b>
- The default host to send non-local mail to when no
- entry is matched in the optional <a href="transport.5.html"><b>transport</b>(5)</a> ta-
- ble.
+ The next-hop destination of non-local mail; over-
+ rides non-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a> in recipient addresses.
<b><a href="postconf.5.html#transport_maps">transport_maps</a> (empty)</b>
Optional lookup tables with mappings from recipient
Available in Postfix version 2.3 and later:
- <b><a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> (empty)</b>
- A sender-specific override for the global <a href="postconf.5.html#relayhost">relayhost</a>
- parameter setting.
+ <b><a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a> (empty)</b>
+ A sender-dependent override for the global <a href="postconf.5.html#relayhost">relay</a>-
+ <a href="postconf.5.html#relayhost">host</a> parameter setting.
<b>ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and recipient
Overrides the <a href="postconf.5.html#relayhost">relayhost</a> parameter setting for
address verification probes.
- <b><a href="postconf.5.html#address_verify_sender_relayhost_maps">address_verify_sender_relayhost_maps</a> (empty)</b>
- Overrides the <a href="postconf.5.html#sender_relayhost_maps">sender_relayhost_maps</a> parameter set-
- ting for address verification probes.
-
<b><a href="postconf.5.html#address_verify_transport_maps">address_verify_transport_maps</a> ($<a href="postconf.5.html#transport_maps">transport_maps</a>)</b>
- Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
+ Overrides the <a href="postconf.5.html#transport_maps">transport_maps</a> parameter setting for
address verification probes.
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">address_verify_sender_dependent_relayhost_maps</a> (empty)</b>
+ Overrides the <a href="postconf.5.html#sender_dependent_relayhost_maps">sender_dependent_relayhost_maps</a>
+ parameter setting for address verification probes.
+
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix main.cf and
+ The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#empty_address_recipient">empty_address_recipient</a> (MAILER-DAEMON)</b>
- The recipient of mail addressed to the null
+ The recipient of mail addressed to the null
address.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
for users or domains that no longer exist.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the
+ Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration set-
+ Log warnings about problematic configuration set-
tings, and provide helpful suggestions.
<b>SEE ALSO</b>
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, Postfix address verification
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
This feature is available in Postfix 2.1 and later.
.SH address_verify_relayhost (default: $relayhost)
Overrides the relayhost parameter setting for address verification
-probes.
+probes. This information can be overruled with the \fBtransport\fR(5) table.
.PP
This feature is available in Postfix 2.1 and later.
.SH address_verify_sender (default: postmaster)
.ft R
.PP
This feature is available in Postfix 2.1 and later.
-.SH address_verify_sender_relayhost_maps (default: empty)
-Overrides the sender_relayhost_maps parameter setting for address
+.SH address_verify_sender_dependent_relayhost_maps (default: empty)
+Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
.PP
This feature is available in Postfix 2.3 and later.
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.PP
Example:
are calculated.
.PP
This feature is implemented by the \fBanvil\fR(8) service which is not
-part of the stable Postfix 2.1 release.
+part of the stable Postfix version 2.1 release.
.PP
The default interval is relatively short. Because of the high
frequency of updates, the \fBanvil\fR(8) server uses volatile memory
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.SH append_dot_mydomain (default: yes)
With locally submitted mail, append the string ".$mydomain" to
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.SH application_event_drain_time (default: 100s)
How long the \fBpostkick\fR(1) command waits for a request to enter the
proportionally.
.SH bounce_template_file (default: empty)
Pathname of a configuration file with bounce message templates.
-These override the \fBbounce\fR(8) server built-in templates of delivery
-status notification (DSN) messages for undeliverable mail, for
-delayed mail, for successful delivery, or for mail delivery
-verification.
+These override the built-in templates of delivery status notification
+(DSN) messages for undeliverable mail, for delayed mail, successful
+delivery, or delivery verification. The \fBbounce\fR(5) manual page
+describes how to edit and test template files.
.PP
Template message body text may contain $name references to
Postfix configuration parameters. The result of $name expansion can
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.PP
Examples:
The numerical SMTP response code, as specified with the
maps_rbl_reject_code configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
-reply. With Postfix 2.3 and later this information may be followed
+reply. With Postfix version 2.3 and later this information may be followed
by an RFC 3463 enhanced status code.
.IP "\fB$rbl_domain\fR"
The RBL domain where $rbl_what is blacklisted.
to the respective transports. See also default_extra_recipient_limit
and qmgr_message_recipient_minimum.
.SH default_transport (default: smtp)
-The default mail delivery transport for domains that do not match
-$mydestination, $inet_interfaces, $proxy_interfaces,
-$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains.
-This information can be overruled with the \fBtransport\fR(5) table.
+The default mail delivery transport and next-hop destination for
+destinations that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains. In order of decreasing precedence, the nexthop
+destination is taken from $default_transport,
+$sender_dependent_relayhost_maps, $relayhost, or from the recipient
+domain. This information can be overruled with the \fBtransport\fR(5)
+table.
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
.SH enable_errors_to (default: no)
Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
-sender address (this feature is removed with Postfix 2.2, is
-turned off by default with Postfix 2.1, and is always turned on
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
with older Postfix versions).
.SH enable_original_recipient (default: yes)
Enable support for the X-Original-To message header. This header
generates empty original recipient queue file records.
.PP
This feature is available in Postfix 2.1 and later. With Postfix
-2.0, support for the X-Original-To message header is always turned
+version 2.0, support for the X-Original-To message header is always turned
on. Postfix versions before 2.0 have no support for the X-Original-To
message header.
.SH error_notice_recipient (default: postmaster)
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later.
+Postfix version 2.1 and later.
.PP
Example:
.PP
The maximal number of recipient addresses that Postfix will extract
from message headers when mail is submitted with "\fBsendmail -t\fR".
.PP
-This feature was removed in Postfix 2.1.
+This feature was removed in Postfix version 2.1.
.SH fallback_relay (default: empty)
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable.
.PP
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later.
+Postfix version 2.1 and later.
.SH in_flow_delay (default: 1s)
Time to pause before accepting a new message, when the message
arrival rate exceeds the message delivery rate. This feature is
The network interface addresses that this mail system receives
mail on. Specify "all" to receive mail on all network
interfaces (default), and "loopback-only" to receive mail
-on loopback network interfaces only (Postfix 2.2 and later). The
+on loopback network interfaces only (Postfix version 2.2 and later). The
parameter also controls delivery of mail to user@[ip.address].
.PP
Note 1: you need to stop and start Postfix when this parameter changes.
.na
.ft C
inet_interfaces = all (DEFAULT)
-inet_interfaces = loopback-only (Postfix 2.2 and later)
+inet_interfaces = loopback-only (Postfix version 2.2 and later)
inet_interfaces = 127.0.0.1
-inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later)
+inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
inet_interfaces = 192.168.1.2, 127.0.0.1
.fi
.ad
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
on whether the operating system implements IPv6.
.PP
-This feature is available in Postfix version 2.2 and later.
+This feature is available in Postfix 2.2 and later.
.PP
Note: you MUST stop and start Postfix after changing this
parameter.
.ad
.ft R
.SH local_transport (default: local:$myhostname)
-The default mail delivery transport for domains that match
-$mydestination, $inet_interfaces or $proxy_interfaces. This
-information can be overruled with the \fBtransport\fR(5) table.
+The default mail delivery transport and next-hop destination
+for final delivery to domains listed with mydestination, and for
+[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
+This information can be overruled with the \fBtransport\fR(5) table.
.PP
By default, local mail is delivered to the transport called "local",
which is just the name of a service that is defined the master.cf file.
or daemon. PLEASE USE A DEDICATED USER ID AND GROUP ID.
.PP
When this parameter value is changed you need to re-run "\fBpostfix
-set-permissions\fR" (with Postfix 2.0 and earlier:
+set-permissions\fR" (with Postfix version 2.0 and earlier:
"\fB/etc/postfix/post-install set-permissions\fR".
.SH mail_release_date (default: see "postconf -d" output)
The Postfix release date, in "YYYYMMDD" format.
.PP
The following environment variables are exported to the command:
.IP "\fBCLIENT_ADDRESS\fR"
-Remote client network address. Available in Postfix 2.2 and
+Remote client network address. Available in Postfix version 2.2 and
later.
.IP "\fBCLIENT_HELO\fR"
-Remote client EHLO command parameter. Available in Postfix 2.2
+Remote client EHLO command parameter. Available in Postfix version 2.2
and later.
.IP "\fBCLIENT_HOSTNAME\fR"
-Remote client hostname. Available in Postfix 2.2 and later.
+Remote client hostname. Available in Postfix version 2.2 and later.
.IP "\fBCLIENT_PROTOCOL\fR"
-Remote client protocol. Available in Postfix 2.2 and later.
+Remote client protocol. Available in Postfix version 2.2 and later.
.IP "\fBDOMAIN\fR"
The domain part of the recipient address.
.IP "\fBEXTENSION\fR"
The full recipient address.
.IP "\fBSASL_METHOD\fR"
SASL authentication method specified in the remote client AUTH
-command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
.IP "\fBSASL_SENDER\fR"
SASL sender address specified in the remote client MAIL FROM
-command. Available in Postfix 2.2 and later.
+command. Available in Postfix version 2.2 and later.
.IP "\fBSASL_USER\fR"
SASL username specified in the remote client AUTH command.
-Available in Postfix 2.2 and later.
+Available in Postfix version 2.2 and later.
.IP "\fBSENDER\fR"
The full sender address.
.IP "\fBSHELL\fR"
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.PP
Example:
that is needed to receive mail. This is currently used by the SMTP
server to decide if it will accept any mail at all.
.PP
-By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands
+By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands
when the amount of free space is less than 1.5*$message_size_limit.
To specify a higher minimum free space limit, specify a queue_minfree
value that is at least 1.5*$message_size_limit.
an appropriate \fBaccess\fR(5) policy for each client.
See RESTRICTION_CLASS_README.
.PP
-This feature is available with Postfix 2.2.
+This feature is available with Postfix version 2.2.
.SH relay_destination_concurrency_limit (default: $default_destination_concurrency_limit)
The maximal number of parallel deliveries to the same destination
via the relay message delivery transport. This limit is enforced
by the queue manager. The message delivery transport name is the
first field in the entry in the master.cf file.
.PP
-This feature is available in Postfix version 2.0 and later.
+This feature is available in Postfix 2.0 and later.
.SH relay_destination_recipient_limit (default: $default_destination_recipient_limit)
The maximal number of recipients per delivery via the relay
message delivery transport. This limit is enforced by the queue
relay_destination_concurrency_limit from concurrency per domain
into concurrency per recipient.
.PP
-This feature is available in Postfix version 2.0 and later.
+This feature is available in Postfix 2.0 and later.
.SH relay_domains (default: $mydestination)
What destination domains (and subdomains thereof) this system
will relay mail to. Subdomain matching is controlled with the
.PP
This feature is available in Postfix 2.0 and later.
.SH relay_transport (default: relay)
-The default mail delivery transport and next-hop information for
-domains that match the $relay_domains parameter value. This
-information can be overruled with the \fBtransport\fR(5) table.
+The default mail delivery transport and next-hop destination for
+remote delivery to domains listed with $relay_domains. In order of
+decreasing precedence, the nexthop destination is taken from
+$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
+from the recipient domain. This information can be overruled with
+the \fBtransport\fR(5) table.
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
.PP
This feature is available in Postfix 2.0 and later.
.SH relayhost (default: empty)
-The default host to send non-local mail to when no entry is matched
-in the optional \fBtransport\fR(5) table. When no relayhost is given,
-mail is routed directly to the destination.
+The next-hop destination of non-local mail; overrides non-local
+domains in recipient addresses. This information is overruled with
+relay_transport, default_transport, sender_dependent_relayhost_maps
+and with the \fBtransport\fR(5) table.
.PP
On an intranet, specify the organizational domain name. If your
internal DNS uses no MX records, specify the name of the intranet
local hostname were specified, instead of rejecting the address as
invalid.
.PP
-This feature is available in Postfix version 2.1 and later.
+This feature is available in Postfix 2.1 and later.
Earlier versions always resolve the null domain as the local
hostname.
.PP
.SH sample_directory (default: /etc/postfix)
The name of the directory with example Postfix configuration files.
.SH sender_based_routing (default: no)
-This parameter should not be used. It was replaced by sender_relayhost_maps
-in Postfix 2.3.
+This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
+in Postfix version 2.3.
.SH sender_bcc_maps (default: empty)
Optional BCC (blind carbon-copy) address lookup tables, indexed
by sender address. The BCC address (multiple results are not
.fi
.ad
.ft R
-.SH sender_relayhost_maps (default: empty)
-A sender-specific override for the global relayhost parameter
+.SH sender_dependent_relayhost_maps (default: empty)
+A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the sender address and by the
-sender @domain.
+sender @domain. This information is overruled with relay_transport,
+default_transport and with the \fBtransport\fR(5) table.
.PP
This feature is available in Postfix 2.3 and later.
.SH sendmail_path (default: see "postconf -d" output)
.SH setgid_group (default: postdrop)
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need
-to re-run "\fBpostfix set-permissions\fR" (with Postfix 2.0 and
+to re-run "\fBpostfix set-permissions\fR" (with Postfix version 2.0 and
earlier: "\fB/etc/postfix/post-install set-permissions\fR".
.SH show_user_unknown_table_name (default: yes)
Display the name of the recipient table in the "User unknown"
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
.PP
-This feature is available in Postfix version 2.2 and later.
+This feature is available in Postfix 2.2 and later.
.PP
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
divided by the total number of MX hosts.
.PP
The solution uses connection caching in a way that differs from
-Postfix 2.2. By limiting the amount of time during which a connection
+Postfix version 2.2. By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
latency for a slow delivery. Note that hosts may accept thousands
of messages over a single connection within the default connection
reuse time limit. This number is much larger than the default Postfix
-2.2 limit of 10 messages per cached connection. It may prove necessary
+version 2.2 limit of 10 messages per cached connection. It may prove necessary
to lower the limit to avoid interoperability issues with MTAs that
exhibit bugs when many messages are delivered via a single connection.
A lower reuse time limit risks losing the benefit of connection
.SH smtp_mx_address_limit (default: 5)
The maximal number of MX (mail exchanger) IP addresses that can
result from mail exchanger lookups, or zero (no limit). Prior to
-Postfix 2.3, this limit was disabled by default.
+Postfix version 2.3, this limit was disabled by default.
.PP
This feature is available in Postfix 2.1 and later.
.SH smtp_mx_session_limit (default: 2)
The maximal number of SMTP sessions per delivery request before
giving up or delivering to a fall-back relay host, or zero (no
limit). This restriction ignores sessions that fail to complete the
-SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
-complete the EHLO and TLS handshake (Postfix 2.3 and later).
+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix version 2.3 and later).
.PP
This feature is available in Postfix 2.1 and later.
.SH smtp_never_send_ehlo (default: no)
Never send EHLO at the start of an SMTP session. See also the
smtp_always_send_ehlo parameter.
-.SH smtp_per_sender_authentication (default: no)
-Enable per-sender authentication in the SMTP client; this is available
-only with SASL authentication, and disables SMTP connection caching
-to ensure that mail from different senders will use the appropriate
-credentials.
-.PP
-This feature is available in Postfix 2.3 and later.
.SH smtp_pix_workaround_delay_time (default: 10s)
How long the Postfix SMTP client pauses before sending
".<CR><LF>" in order to work around the PIX firewall
.ft R
.SH smtp_sasl_password_maps (default: empty)
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain (or per sender address, when per-sender
-authentication is enabled). If no username:password entry is found,
+per remote hostname or domain, or sender address when sender-dependent
+authentication is enabled. If no username:password entry is found,
then the Postfix SMTP client will not
attempt to authenticate to the remote host.
.PP
localhost[127.0.0.1] etc.
.PP
This feature is available in Postfix 2.1 and later.
+.SH smtp_sender_dependent_authentication (default: no)
+Enable sender-dependent authentication in the SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH smtp_skip_4xx_greeting (default: yes)
Skip SMTP servers that greet with a 4XX status code (go away, try
again later).
"smtp_skip_4xx_greeting = no" if Postfix should defer delivery
immediately.
.PP
-This feature is available in Postfix version 2.0 and earlier.
+This feature is available in Postfix 2.0 and earlier.
Later Postfix versions always skip SMTP servers that greet with a
4XX status code.
.SH smtp_skip_5xx_greeting (default: yes)
.PP
By default, no clients are allowed to specify XVERP.
.PP
-This parameter was renamed with Postfix 2.1. The default value
-is backwards compatible with Postfix 2.0.
+This parameter was renamed with Postfix version 2.1. The default value
+is backwards compatible with Postfix version 2.0.
.PP
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
.IP "\fBcheck_ccert_access \fItype:table\fR\fR"
When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
-\fBaccess\fR(5) database. This feature is available with Postfix 2.2.
+\fBaccess\fR(5) database. This feature is available with Postfix version 2.2.
.IP "\fBcheck_client_access \fItype:table\fR\fR"
Search the specified access database for the client hostname,
parent domains, client IP address, or networks obtained by stripping
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
-allowed to relay. This feature is available with Postfix 2.2.
+allowed to relay. This feature is available with Postfix version 2.2.
.IP "\fBpermit_tls_clientcerts\fR"
Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
-in $relay_clientcerts. This feature is available with Postfix 2.2.
+in $relay_clientcerts. This feature is available with Postfix version 2.2.
.IP "\fBreject_rbl_client \fIrbl_domain=d.d.d.d\fR\fR"
Reject the request when the reversed client network address is
listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR
in case the address->name lookup failed due to a temporary
problem.
.br
-This feature is available in Postfix version 2.3 and
+This feature is available in Postfix 2.3 and
later.
.PP
In addition, you can use any of the following
Defer the request if some later restriction would result in an
explicit or implicit PERMIT action. This is useful when a blacklisting
feature fails due to a temporary problem. This feature is available
-in Postfix 2.1 and later.
+in Postfix version 2.1 and later.
.IP "\fBdefer_if_reject\fR"
Defer the request if some later restriction would result in a
REJECT action. This is useful when a whitelisting feature fails
due to a temporary problem. This feature is available in Postfix
-2.1 and later.
+version 2.1 and later.
.IP "\fBpermit\fR"
Permit the request. This restriction is useful at the end of
a restriction list, to make the default policy explicit.
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.SH smtpd_error_sleep_time (default: 1s)
-With Postfix 2.1 and later: the SMTP server response delay after
+With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $smtpd_soft_error_limit errors, and
fewer than $smtpd_hard_error_limit errors, without delivering mail.
.PP
-With Postfix 2.0 and earlier: the SMTP server delay before
+With Postfix version 2.0 and earlier: the SMTP server delay before
sending a reject (4xx or 5xx) response, when the client has made
fewer than $smtpd_soft_error_limit errors without delivering
mail.
554); the default_rbl_reply parameter specifies the default server
reply; and the rbl_reply_maps parameter specifies tables with server
replies indexed by \fIrbl_domain\fR. This feature is available
-in Postfix 2.0 and later.
+in Postfix version 2.0 and later.
.IP "\fBreject_unauth_destination\fR"
Reject the request unless one of the following is true:
.IP \(bu
Reject the request when Postfix is not final destination for
the recipient address, and the RCPT TO address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later).
+a zero-length MX hostname (Postfix version 2.3 and later).
.br
The
unknown_address_reject_code parameter specifies the response code
for rejected requests (default: 450). The response is always 450
in case of a temporary DNS error.
-.IP "\fBreject_unlisted_recipient\fR (with Postfix 2.0: check_recipient_maps)"
+.IP "\fBreject_unlisted_recipient\fR (with Postfix version 2.0: check_recipient_maps)"
Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
smtpd_reject_unlisted_recipient parameter description for details.
Reject the request when Postfix is not final destination for
the sender address, and the MAIL FROM address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later).
+a zero-length MX hostname (Postfix version 2.3 and later).
.br
The
unknown_address_reject_code parameter specifies the response code
The message is received from the network, and the
remote_header_rewrite_domain parameter specifies a non-empty value.
.PP
-To get the behavior before Postfix 2.2, specify
+To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all".
.PP
Example:
in the ADDRESS_CLASS_README file
.PP
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
.PP
The default value is $virtual_alias_maps so that you can keep all
information about virtual alias domains in one place. If you have
manipulations see the ADDRESS_REWRITING_README document.
.PP
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
.PP
If you use this feature with indexed files, run "\fBpostmap
/etc/postfix/virtual\fR" after changing the file.
configuration parameter.
.PP
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
.SH virtual_mailbox_limit (default: 51200000)
The maximal size in bytes of an individual mailbox or maildir file,
or zero (no limit).
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix
-2.0 and later, this is replaced by separate controls: virtual_alias_domains
+version 2.0 and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps.
.SH virtual_minimum_uid (default: 100)
The minimum user ID value that the \fBvirtual\fR(8) delivery agent accepts
values less than this will be rejected, and the message will be
deferred.
.SH virtual_transport (default: virtual)
-The default mail delivery transport for domains that match the
-$virtual_mailbox_domains parameter value. This information can
-be overruled with the \fBtransport\fR(5) table.
+The default mail delivery transport and next-hop destination for
+final delivery to domains listed with virtual_mailbox_domains.
+This information can be overruled with the \fBtransport\fR(5) table.
.PP
Specify a string of the form \fItransport:nexthop\fR, where \fItransport\fR
is the name of a mail delivery transport defined in master.cf.
This is the default for remote delivery to domains listed
with \fBrelay_domains\fR. In order of decreasing precedence,
the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
-\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
recipient domain.
.IP "\fBdefault_transport (default: smtp:)\fR"
This is the default for remote delivery to other destinations.
In order of decreasing precedence, the \fInexthop\fR
destination is taken from \fBdefault_transport\fR,
-\fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+\fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
recipient domain.
.PP
Normally, the \fBtransport\fR(5) table is specified as a text file
Enable SASL authentication in the Postfix SMTP client.
.IP "\fBsmtp_sasl_password_maps (empty)\fR"
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain (or per sender, when per-sender
-authentication is enabled).
+per remote hostname or domain, or sender address when sender-dependent
+authentication is enabled.
.IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
What authentication mechanisms the Postfix SMTP client is allowed
to use.
server's list of offered SASL mechanisms.
.PP
Available in Postfix version 2.3 and later:
-.IP "\fBsmtp_per_sender_authentication (no)\fR"
-Enable per-sender authentication in the SMTP client; this is available
-only with SASL authentication, and disables SMTP connection caching
-to ensure that mail from different senders will use the appropriate
-credentials.
+.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
+Enable sender-dependent authentication in the SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials.
.SH "STARTTLS SUPPORT CONTROLS"
.na
.nf
Postfix from appending the local domain to spam from poorly
written remote clients.
.RE
-.IP "\fBresolve \fIaddress\fR"
-Resolve an address to a (\fItransport\fR, \fInexthop\fR,
+.IP "\fBresolve \fIsender\fR \fIaddress\fR"
+Resolve the address to a (\fItransport\fR, \fInexthop\fR,
\fIrecipient\fR, \fIflags\fR) quadruple. The meaning of
the results is as follows:
.RS
The address class, whether the address requires relaying,
whether the address has problems, and whether the request failed.
.RE
-.IP "\fBverify \fIaddress\fR"
-Resolve an address for address verification purposes.
+.IP "\fBverify \fIsender\fR \fIaddress\fR"
+Resolve the address for address verification purposes.
.SH "SERVER PROCESS MANAGEMENT"
.na
.nf
relay_transport, virtual_alias_domains, virtual_mailbox_domains
or proxy_interfaces.
.IP "\fBlocal_transport (local:$myhostname)\fR"
-The default mail delivery transport for domains that match
-$mydestination, $inet_interfaces or $proxy_interfaces.
+The default mail delivery transport and next-hop destination
+for final delivery to domains listed with mydestination, and for
+[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
.IP "\fBvirtual_transport (virtual)\fR"
-The default mail delivery transport for domains that match the
-$virtual_mailbox_domains parameter value.
+The default mail delivery transport and next-hop destination for
+final delivery to domains listed with virtual_mailbox_domains.
.IP "\fBrelay_transport (relay)\fR"
-The default mail delivery transport and next-hop information for
-domains that match the $relay_domains parameter value.
+The default mail delivery transport and next-hop destination for
+remote delivery to domains listed with $relay_domains.
.IP "\fBdefault_transport (smtp)\fR"
-The default mail delivery transport for domains that do not match
-$mydestination, $inet_interfaces, $proxy_interfaces,
-$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains.
+The default mail delivery transport and next-hop destination for
+destinations that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains.
.IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
What Postfix features match subdomains of "domain.tld" automatically,
instead of requiring an explicit ".domain.tld" pattern.
.IP "\fBrelayhost (empty)\fR"
-The default host to send non-local mail to when no entry is matched
-in the optional \fBtransport\fR(5) table.
+The next-hop destination of non-local mail; overrides non-local
+domains in recipient addresses.
.IP "\fBtransport_maps (empty)\fR"
Optional lookup tables with mappings from recipient address to
(message delivery transport, next-hop destination).
.PP
Available in Postfix version 2.3 and later:
-.IP "\fBsender_relayhost_maps (empty)\fR"
-A sender-specific override for the global relayhost parameter
+.IP "\fBsender_dependent_relayhost_maps (empty)\fR"
+A sender-dependent override for the global relayhost parameter
setting.
.SH "ADDRESS VERIFICATION CONTROLS"
.na
.IP "\fBaddress_verify_relayhost ($relayhost)\fR"
Overrides the relayhost parameter setting for address verification
probes.
-.IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR"
-Overrides the sender_relayhost_maps parameter setting for address
-verification probes.
.IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
Overrides the transport_maps parameter setting for address verification
probes.
+.PP
+Available in Postfix version 2.3 and later:
+.IP "\fBaddress_verify_sender_dependent_relayhost_maps (empty)\fR"
+Overrides the sender_dependent_relayhost_maps parameter setting for address
+verification probes.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
s;\baddress_verify_positive_refresh_time\b;<a href="postconf.5.html#address_verify_positive_refresh_time">$&</a>;g;
s;\baddress_verify_relay_transport\b;<a href="postconf.5.html#address_verify_relay_transport">$&</a>;g;
s;\baddress_verify_relay[-</bB>]*\n*[ <bB>]*host\b;<a href="postconf.5.html#address_verify_relayhost">$&</a>;g;
- s;\baddress_verify_sender_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#address_verify_sender_relayhost_maps">$&</a>;g;
+ s;\baddress_verify_sender_dependent_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#address_verify_sender_dependent_relayhost_maps">$&</a>;g;
s;\baddress_verify_sender\b;<a href="postconf.5.html#address_verify_sender">$&</a>;g;
s;\baddress_verify_service_name\b;<a href="postconf.5.html#address_verify_service_name">$&</a>;g;
s;\baddress_verify_transport_maps\b;<a href="postconf.5.html#address_verify_transport_maps">$&</a>;g;
s;\bmime_nesting_limit\b;<a href="postconf.5.html#mime_nesting_limit">$&</a>;g;
s;\bminimal_backoff_time\b;<a href="postconf.5.html#minimal_backoff_time">$&</a>;g;
s;\bmulti_recip[-</bB>]*\n* *[<bB>]*ient_bounce_reject_code\b;<a href="postconf.5.html#multi_recipient_bounce_reject_code">$&</a>;g;
- s;\bmydes[-</bB>]*\n*[ <bB>]*tina[-</bB>]*\n*[ <bB>]*tion\b;<a href="postconf.5.html#mydestination">$&</a>;g;
+ s;\bmydes[-</bB>]*\n*[ <bB>]*ti
[-</bB>]*\n*[ <bB>]*na[-</bB>]*\n*[ <bB>]*tion\b;<a href="postconf.5.html#mydestination">$&</a>;g;
s;\bmydo[-</bB>]*\n* *[<bB>]*main\b;<a href="postconf.5.html#mydomain">$&</a>;g;
s;\bmyhostname\b;<a href="postconf.5.html#myhostname">$&</a>;g;
s;\bmynet[-</bB>]*\n* *[<bB>]*works\b;<a href="postconf.5.html#mynetworks">$&</a>;g;
s;\bnon_fqdn_reject_code\b;<a href="postconf.5.html#non_fqdn_reject_code">$&</a>;g;
s;\bnotify_classes\b;<a href="postconf.5.html#notify_classes">$&</a>;g;
s;\bowner_request_special\b;<a href="postconf.5.html#owner_request_special">$&</a>;g;
- s;\bparent_domain_matches_subdomains\b;<a href="postconf.5.html#parent_domain_matches_subdomains">$&</a>;g;
+ s;\bpar
[-</bB>]*\n* *[<bB>]*ent_domain_matches_subdomains\b;<a href="postconf.5.html#parent_domain_matches_subdomains">$&</a>;g;
s;\bpermit_mx_backup_networks\b;<a href="postconf.5.html#permit_mx_backup_networks">$&</a>;g;
s;\bpickup_service_name\b;<a href="postconf.5.html#pickup_service_name">$&</a>;g;
s;\bprepend_delivered_header\b;<a href="postconf.5.html#prepend_delivered_header">$&</a>;g;
s;\bsender_bcc_maps\b;<a href="postconf.5.html#sender_bcc_maps">$&</a>;g;
s;\bsender_canonical_classes\b;<a href="postconf.5.html#sender_canonical_classes">$&</a>;g;
s;\bsender_canonical_maps\b;<a href="postconf.5.html#sender_canonical_maps">$&</a>;g;
- s;\bsender_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_relayhost_maps">$&</a>;g;
+ s;\bsender_dependent_relay[-</bB>]*\n*[ <bB>]*host_maps\b;<a href="postconf.5.html#sender_dependent_relayhost_maps">$&</a>;g;
s;\bsendmail_path\b;<a href="postconf.5.html#sendmail_path">$&</a>;g;
s;\bservice_throttle_time\b;<a href="postconf.5.html#service_throttle_time">$&</a>;g;
s;\bsetgid_group\b;<a href="postconf.5.html#setgid_group">$&</a>;g;
s;\bsmtp_mx_address_limit\b;<a href="postconf.5.html#smtp_mx_address_limit">$&</a>;g;
s;\bsmtp_mx_session_limit\b;<a href="postconf.5.html#smtp_mx_session_limit">$&</a>;g;
s;\bsmtp_never_send_ehlo\b;<a href="postconf.5.html#smtp_never_send_ehlo">$&</a>;g;
- s;\bsmtp_per_sender_authentication\b;<a href="postconf.5.html#smtp_per_sender_authentication">$&</a>;g;
+ s;\bsmtp_sender_depen[-</bB>]*\n*[ <bB>]*dent_authentication\b;<a href="postconf.5.html#smtp_sender_dependent_authentication">$&</a>;g;
s;\bsmtp_pix_workaround_delay_time\b;<a href="postconf.5.html#smtp_pix_workaround_delay_time">$&</a>;g;
s;\bsmtp_pix_workaround_threshold_time\b;<a href="postconf.5.html#smtp_pix_workaround_threshold_time">$&</a>;g;
s;\bsmtp_quit_timeout\b;<a href="postconf.5.html#smtp_quit_timeout">$&</a>;g;
<p> First, the address_verify_relayhost parameter allows you to
override the relayhost setting, and the address_verify_transport_maps
-parameter allows you to override the transport_maps setting. </p>
+parameter allows you to override the transport_maps setting.
+The address_verify_sender_dependent_relayhost_maps parameter
+does the same for sender-dependent relayhost selection. </p>
<p> Second, each address class is given its own address verification
version of the message delivery transport, as shown in the table
<p>
Overrides the relayhost parameter setting for address verification
-probes.
+probes. This information can be overruled with the transport(5) table.
</p>
<p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
<p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
<p>
<dd>The numerical SMTP response code, as specified with the
maps_rbl_reject_code configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
-reply. With Postfix 2.3 and later this information may be followed
+reply. With Postfix version 2.3 and later this information may be followed
by an RFC 3463 enhanced status code. </dd>
<dt><b>$rbl_domain</b></dt>
%PARAM default_transport smtp
<p>
-The default mail delivery transport for domains that do not match
-$mydestination, $inet_interfaces, $proxy_interfaces,
-$virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains.
-This information can be overruled with the transport(5) table.
+The default mail delivery transport and next-hop destination for
+destinations that do not match $mydestination, $inet_interfaces,
+$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+or $relay_domains. In order of decreasing precedence, the nexthop
+destination is taken from $default_transport,
+$sender_dependent_relayhost_maps, $relayhost, or from the recipient
+domain. This information can be overruled with the transport(5)
+table.
</p>
<p>
generates empty original recipient queue file records. </p>
<p> This feature is available in Postfix 2.1 and later. With Postfix
-2.0, support for the X-Original-To message header is always turned
+version 2.0, support for the X-Original-To message header is always turned
on. Postfix versions before 2.0 have no support for the X-Original-To
message header. </p>
<p>
Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later.
+Postfix version 2.1 and later.
</p>
<p>
<p> Specify a list of names and/or name=value pairs, separated by
whitespace or comma. The name=value form is supported with
-Postfix 2.1 and later. </p>
+Postfix version 2.1 and later. </p>
%PARAM in_flow_delay 1s
<p> The network interface addresses that this mail system receives
mail on. Specify "all" to receive mail on all network
interfaces (default), and "loopback-only" to receive mail
-on loopback network interfaces only (Postfix 2.2 and later). The
+on loopback network interfaces only (Postfix version 2.2 and later). The
parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
</p>
<pre>
inet_interfaces = all (DEFAULT)
-inet_interfaces = loopback-only (Postfix 2.2 and later)
+inet_interfaces = loopback-only (Postfix version 2.2 and later)
inet_interfaces = 127.0.0.1
-inet_interfaces = 127.0.0.1, [::1] (Postfix 2.2 and later)
+inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later)
inet_interfaces = 192.168.1.2, 127.0.0.1
</pre>
"all" is equivalent to "ipv4, ipv6" or "ipv4", depending
on whether the operating system implements IPv6. </p>
-<p> This feature is available in Postfix version 2.2 and later. </p>
+<p> This feature is available in Postfix 2.2 and later. </p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
%PARAM local_transport local:$myhostname
-<p> The default mail delivery transport for domains that match
-$mydestination, $inet_interfaces or $proxy_interfaces. This
-information can be overruled with the transport(5) table. </p>
+<p> The default mail delivery transport and next-hop destination
+for final delivery to domains listed with mydestination, and for
+[ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
+This information can be overruled with the transport(5) table. </p>
<p>
By default, local mail is delivered to the transport called "local",
<p>
When this parameter value is changed you need to re-run "<b>postfix
-set-permissions</b>" (with Postfix 2.0 and earlier:
+set-permissions</b>" (with Postfix version 2.0 and earlier:
"<b>/etc/postfix/post-install set-permissions</b>".
</p>
<dt><b>CLIENT_ADDRESS</b></dt>
-<dd>Remote client network address. Available in Postfix 2.2 and
+<dd>Remote client network address. Available in Postfix version 2.2 and
later. </dd>
<dt><b>CLIENT_HELO</b></dt>
-<dd>Remote client EHLO command parameter. Available in Postfix 2.2
+<dd>Remote client EHLO command parameter. Available in Postfix version 2.2
and later.</dd>
<dt><b>CLIENT_HOSTNAME</b></dt>
-<dd>Remote client hostname. Available in Postfix 2.2 and later.
+<dd>Remote client hostname. Available in Postfix version 2.2 and later.
</dd>
<dt><b>CLIENT_PROTOCOL</b></dt>
-<dd>Remote client protocol. Available in Postfix 2.2 and later.
+<dd>Remote client protocol. Available in Postfix version 2.2 and later.
</dd>
<dt><b>DOMAIN</b></dt>
<dt><b>SASL_METHOD</b></dt>
<dd>SASL authentication method specified in the remote client AUTH
-command. Available in Postfix 2.2 and later. </dd>
+command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_SENDER</b></dt>
<dd>SASL sender address specified in the remote client MAIL FROM
-command. Available in Postfix 2.2 and later. </dd>
+command. Available in Postfix version 2.2 and later. </dd>
<dt><b>SASL_USER</b></dt>
<dd>SASL username specified in the remote client AUTH command.
-Available in Postfix 2.2 and later. </dd>
+Available in Postfix version 2.2 and later. </dd>
<dt><b>SENDER</b></dt>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
</p>
<p>
-By default, the Postfix 2.1 SMTP server rejects MAIL FROM commands
+By default, the Postfix version 2.1 SMTP server rejects MAIL FROM commands
when the amount of free space is less than 1.5*$message_size_limit.
To specify a higher minimum free space limit, specify a queue_minfree
value that is at least 1.5*$message_size_limit.
%PARAM relayhost
<p>
-The default host to send non-local mail to when no entry is matched
-in the optional transport(5) table. When no relayhost is given,
-mail is routed directly to the destination.
+The next-hop destination of non-local mail; overrides non-local
+domains in recipient addresses. This information is overruled with
+relay_transport, default_transport, sender_dependent_relayhost_maps
+and with the transport(5) table.
</p>
<p>
local hostname were specified, instead of rejecting the address as
invalid. </p>
-<p> This feature is available in Postfix version 2.1 and later.
+<p> This feature is available in Postfix 2.1 and later.
Earlier versions always resolve the null domain as the local
hostname. </p>
bind to when making an IPv6 connection.
</p>
-<p> This feature is available in Postfix version 2.2 and later. </p>
+<p> This feature is available in Postfix 2.2 and later. </p>
<p>
This can be specified in the main.cf file for all SMTP clients, or
divided by the total number of MX hosts. </p>
<p> The solution uses connection caching in a way that differs from
-Postfix 2.2. By limiting the amount of time during which a connection
+Postfix version 2.2. By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
latency for a slow delivery. Note that hosts may accept thousands
of messages over a single connection within the default connection
reuse time limit. This number is much larger than the default Postfix
-2.2 limit of 10 messages per cached connection. It may prove necessary
+version 2.2 limit of 10 messages per cached connection. It may prove necessary
to lower the limit to avoid interoperability issues with MTAs that
exhibit bugs when many messages are delivered via a single connection.
A lower reuse time limit risks losing the benefit of connection
by the queue manager. The message delivery transport name is the
first field in the entry in the master.cf file. </p>
-<p> This feature is available in Postfix version 2.0 and later. </p>
+<p> This feature is available in Postfix 2.0 and later. </p>
%PARAM relay_destination_recipient_limit $default_destination_recipient_limit
relay_destination_concurrency_limit from concurrency per domain
into concurrency per recipient. </p>
-<p> This feature is available in Postfix version 2.0 and later. </p>
+<p> This feature is available in Postfix 2.0 and later. </p>
%PARAM smtp_destination_concurrency_limit $default_destination_concurrency_limit
<p>
The maximal number of MX (mail exchanger) IP addresses that can
result from mail exchanger lookups, or zero (no limit). Prior to
-Postfix 2.3, this limit was disabled by default.
+Postfix version 2.3, this limit was disabled by default.
</p>
<p>
<p> The maximal number of SMTP sessions per delivery request before
giving up or delivering to a fall-back relay host, or zero (no
limit). This restriction ignores sessions that fail to complete the
-SMTP initial handshake (Postfix 2.2 and earlier) or that fail to
-complete the EHLO and TLS handshake (Postfix 2.3 and later). </p>
+SMTP initial handshake (Postfix version 2.2 and earlier) or that fail to
+complete the EHLO and TLS handshake (Postfix version 2.3 and later). </p>
<p> This feature is available in Postfix 2.1 and later. </p>
<p>
Optional SMTP client lookup tables with one username:password entry
-per remote hostname or domain (or per sender address, when per-sender
-authentication is enabled). If no username:password entry is found,
+per remote hostname or domain, or sender address when sender-dependent
+authentication is enabled. If no username:password entry is found,
then the Postfix SMTP client will not
attempt to authenticate to the remote host.
</p>
immediately.
</p>
-<p> This feature is available in Postfix version 2.0 and earlier.
+<p> This feature is available in Postfix 2.0 and earlier.
Later Postfix versions always skip SMTP servers that greet with a
4XX status code. </p>
<p> By default, no clients are allowed to specify XVERP. </p>
-<p> This parameter was renamed with Postfix 2.1. The default value
-is backwards compatible with Postfix 2.0. </p>
+<p> This parameter was renamed with Postfix version 2.1. The default value
+is backwards compatible with Postfix version 2.0. </p>
<p> Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
<dd>When the remote SMTP client certificate is verified successfully,
use the client certificate fingerprint as lookup key for the specified
-access(5) database. This feature is available with Postfix 2.2.</dd>
+access(5) database. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt>
verified successfully. This option must be used only if a special
CA issues the certificates and only this CA is listed as trusted
CA, otherwise all clients with a recognized certificate would be
-allowed to relay. This feature is available with Postfix 2.2.</dd>
+allowed to relay. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="permit_tls_clientcerts">permit_tls_clientcerts</a></b></dt>
<dd>Permit the request when the remote SMTP client certificate is
verified successfully, and the certificate fingerprint is listed
-in $relay_clientcerts. This feature is available with Postfix 2.2.</dd>
+in $relay_clientcerts. This feature is available with Postfix version 2.2.</dd>
<dt><b><a name="reject_rbl_client">reject_rbl_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
<dd>Reject the request when the reversed client network address is
The unknown_client_reject_code parameter specifies the response
code for rejected requests (default: 450). The reply is always 450
in case the address->name lookup failed due to a temporary
-problem. <br> This feature is available in Postfix version 2.3 and
+problem. <br> This feature is available in Postfix 2.3 and
later. </dd>
#<dt><b><a name="reject_unknown_forward_client_hostname">reject_unknown_forward_client_hostname</a></b></dt>
<dd>Defer the request if some later restriction would result in an
explicit or implicit PERMIT action. This is useful when a blacklisting
feature fails due to a temporary problem. This feature is available
-in Postfix 2.1 and later. </dd>
+in Postfix version 2.1 and later. </dd>
<dt><b><a name="defer_if_reject">defer_if_reject</a></b></dt>
<dd>Defer the request if some later restriction would result in a
REJECT action. This is useful when a whitelisting feature fails
due to a temporary problem. This feature is available in Postfix
-2.1 and later. </dd>
+version 2.1 and later. </dd>
<dt><b><a name="permit">permit</a></b></dt>
<ul>
<li><p>When the error counter is less than $smtpd_soft_error_limit the
-Postfix SMTP server replies immediately (Postfix 2.0 and earlier
+Postfix SMTP server replies immediately (Postfix version 2.0 and earlier
delay their 4xx or 5xx error response). </p>
<li><p>When the error counter reaches $smtpd_soft_error_limit, the Postfix
%PARAM smtpd_error_sleep_time 1s
-<p>With Postfix 2.1 and later: the SMTP server response delay after
+<p>With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $smtpd_soft_error_limit errors, and
fewer than $smtpd_hard_error_limit errors, without delivering mail.
</p>
-<p>With Postfix 2.0 and earlier: the SMTP server delay before
+<p>With Postfix version 2.0 and earlier: the SMTP server delay before
sending a reject (4xx or 5xx) response, when the client has made
fewer than $smtpd_soft_error_limit errors without delivering
mail. </p>
554); the default_rbl_reply parameter specifies the default server
reply; and the rbl_reply_maps parameter specifies tables with server
replies indexed by <i>rbl_domain</i>. This feature is available
-in Postfix 2.0 and later.</dd>
+in Postfix version 2.0 and later.</dd>
<dt><b><a name="reject_unauth_destination">reject_unauth_destination</a></b></dt>
<dd>Reject the request when Postfix is not final destination for
the recipient address, and the RCPT TO address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later). <br> The
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
unknown_address_reject_code parameter specifies the response code
for rejected requests (default: 450). The response is always 450
in case of a temporary DNS error.</dd>
-<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix 2.0: check_recipient_maps)</dt>
+<dt><b><a name="reject_unlisted_recipient">reject_unlisted_recipient</a></b> (with Postfix version 2.0: check_recipient_maps)</dt>
<dd> Reject the request when the RCPT TO address is not listed in
the list of valid recipients for its domain class. See the
<dd>Reject the request when Postfix is not final destination for
the sender address, and the MAIL FROM address has no DNS A or MX
record, or when it has a malformed MX record such as a record with
-a zero-length MX hostname (Postfix 2.3 and later). <br> The
+a zero-length MX hostname (Postfix version 2.3 and later). <br> The
unknown_address_reject_code parameter specifies the response code
for rejected requests (default: 450). The response is always 450
in case of a temporary DNS error. </dd>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
<p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
<p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
<p>
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
%PARAM append_dot_mydomain yes
</ul>
-<p> To get the behavior before Postfix 2.2, specify
+<p> To get the behavior before Postfix version 2.2, specify
"local_header_rewrite_clients = static:all". </p>
%PARAM application_event_drain_time 100s
<p> Report mail delivery errors to the address specified with the
non-standard Errors-To: message header, instead of the envelope
-sender address (this feature is removed with Postfix 2.2, is
-turned off by default with Postfix 2.1, and is always turned on
+sender address (this feature is removed with Postfix version 2.2, is
+turned off by default with Postfix version 2.1, and is always turned on
with older Postfix versions). </p>
%PARAM extract_recipient_limit 10240
</p>
<p>
-This feature was removed in Postfix 2.1.
+This feature was removed in Postfix version 2.1.
</p>
%PARAM anvil_rate_time_unit 60s
<p>
This feature is implemented by the anvil(8) service which is not
-part of the stable Postfix 2.1 release.
+part of the stable Postfix version 2.1 release.
</p>
<p>
describes configuration and operation details of Postfix support
for variable envelope return path addresses. VERP style delivery
is requested with the SMTP XVERP command or with the "<b>sendmail
--V</b>" command-line option and is available in Postfix version
+-V</b>" command-line option and is available in Postfix
1.1 and later.
</p>
%PARAM relay_transport relay
<p>
-The default mail delivery transport and next-hop information for
-domains that match the $relay_domains parameter value. This
-information can be overruled with the transport(5) table.
+The default mail delivery transport and next-hop destination for
+remote delivery to domains listed with $relay_domains. In order of
+decreasing precedence, the nexthop destination is taken from
+$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or
+from the recipient domain. This information can be overruled with
+the transport(5) table.
</p>
<p>
%PARAM sender_based_routing no
<p>
-This parameter should not be used. It was replaced by sender_relayhost_maps
-in Postfix 2.3.
+This parameter should not be used. It was replaced by sender_dependent_relayhost_maps
+in Postfix version 2.3.
</p>
%PARAM sendmail_path see "postconf -d" output
<p>
The group ownership of set-gid Postfix commands and of group-writable
Postfix directories. When this parameter value is changed you need
-to re-run "<b>postfix set-permissions</b>" (with Postfix 2.0 and
+to re-run "<b>postfix set-permissions</b>" (with Postfix version 2.0 and
earlier: "<b>/etc/postfix/post-install set-permissions</b>".
</p>
<p>
This feature is available in Postfix 2.0 and later. The default
-value is backwards compatible with Postfix 1.1.
+value is backwards compatible with Postfix version 1.1.
</p>
%PARAM virtual_mailbox_limit 51200000
%PARAM virtual_transport virtual
<p>
-The default mail delivery transport for domains that match the
-$virtual_mailbox_domains parameter value. This information can
-be overruled with the transport(5) table.
+The default mail delivery transport and next-hop destination for
+final delivery to domains listed with virtual_mailbox_domains.
+This information can be overruled with the transport(5) table.
</p>
<p>
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix
-2.0 and later, this is replaced by separate controls: virtual_alias_domains
+version 2.0 and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps. </p>
%PARAM smtp_discard_ehlo_keywords
an appropriate access(5) policy for each client.
See RESTRICTION_CLASS_README.</p>
-<p>This feature is available with Postfix 2.2.</p>
+<p>This feature is available with Postfix version 2.2.</p>
%PARAM smtpd_tls_cipherlist
%PARAM bounce_template_file empty
<p> Pathname of a configuration file with bounce message templates.
-These override the bounce(8) server built-in templates of delivery
-status notification (DSN) messages for undeliverable mail, for
-delayed mail, for successful delivery, or for mail delivery
-verification. </p>
+These override the built-in templates of delivery status notification
+(DSN) messages for undeliverable mail, for delayed mail, successful
+delivery, or delivery verification. The bounce(5) manual page
+describes how to edit and test template files. </p>
<p> Template message body text may contain $name references to
Postfix configuration parameters. The result of $name expansion can
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM sender_relayhost_maps empty
+%PARAM sender_dependent_relayhost_maps empty
-<p> A sender-specific override for the global relayhost parameter
+<p> A sender-dependent override for the global relayhost parameter
setting. The tables are searched by the sender address and by the
-sender @domain. </p>
+sender @domain. This information is overruled with relay_transport,
+default_transport and with the transport(5) table. </p>
<p>
This feature is available in Postfix 2.3 and later.
</p>
-%PARAM address_verify_sender_relayhost_maps empty
+%PARAM address_verify_sender_dependent_relayhost_maps empty
<p>
-Overrides the sender_relayhost_maps parameter setting for address
+Overrides the sender_dependent_relayhost_maps parameter setting for address
verification probes.
</p>
This feature is available in Postfix 2.3 and later.
</p>
-%PARAM smtp_per_sender_authentication no
+%PARAM smtp_sender_dependent_authentication no
<p>
-Enable per-sender authentication in the SMTP client; this is available
-only with SASL authentication, and disables SMTP connection caching
-to ensure that mail from different senders will use the appropriate
-credentials.
-</p>
+Enable sender-dependent authentication in the SMTP client; this is
+available only with SASL authentication, and disables SMTP connection
+caching to ensure that mail from different senders will use the
+appropriate credentials. </p>
<p>
This feature is available in Postfix 2.3 and later.
# This is the default for remote delivery to domains listed
# with \fBrelay_domains\fR. In order of decreasing precedence,
# the \fInexthop\fR destination is taken from \fBrelay_transport\fR,
-# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
# recipient domain.
# .IP "\fBdefault_transport (default: smtp:)\fR"
# This is the default for remote delivery to other destinations.
# In order of decreasing precedence, the \fInexthop\fR
# destination is taken from \fBdefault_transport\fR,
-# \fBsender_relayhost_maps\fR, \fBrelayhost\fR, or from the
+# \fBsender_dependent_relayhost_maps\fR, \fBrelayhost\fR, or from the
# recipient domain.
# .PP
# Normally, the \fBtransport\fR(5) table is specified as a text file
tp->origin, tp->class, key);
msg_warn("please reduce time unit \"%s\" of \"%s\" "
"in %s template", bd->suffix, key, tp->class);
+ msg_warn("for instructions see the bounce(5) manual");
}
if (buf == 0)
buf = vstring_alloc(10);
#define DEF_RELAYHOST ""
extern char *var_relayhost;
-#define VAR_SND_RELAY_MAPS "sender_relayhost_maps"
+#define VAR_SND_RELAY_MAPS "sender_dependent_relayhost_maps"
#define DEF_SND_RELAY_MAPS ""
extern char *var_snd_relay_maps;
#define DEF_VRFY_RELAYHOST "$" VAR_RELAYHOST
extern char *var_vrfy_relayhost;
-#define VAR_VRFY_RELAY_MAPS "address_verify_sender_relayhost_maps"
+#define VAR_VRFY_RELAY_MAPS "address_verify_sender_dependent_relayhost_maps"
#define DEF_VRFY_RELAY_MAPS "$" VAR_SND_RELAY_MAPS
extern char *var_vrfy_relay_maps;
extern char *var_bounce_tmpl;
/*
- * Per-sender authentication.
+ * Sender-dependent authentication.
*/
-#define VAR_SMTP_SENDER_AUTH "smtp_per_sender_authentication"
+#define VAR_SMTP_SENDER_AUTH "smtp_sender_dependent_authentication"
#define DEF_SMTP_SENDER_AUTH 0
extern bool var_smtp_sender_auth;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20051124"
+#define MAIL_RELEASE_DATE "20051125"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT
/* const char *address;
/* RESOLVE_REPLY *reply;
/*
+/* void resolve_clnt_query_from(sender, address, reply)
+/* const char *sender;
+/* const char *address;
+/* RESOLVE_REPLY *reply;
+/*
/* void resolve_clnt_verify(address, reply)
/* const char *address;
/* RESOLVE_REPLY *reply;
/*
+/* void resolve_clnt_verify_from(sender, address, reply)
+/* const char *sender;
+/* const char *address;
+/* RESOLVE_REPLY *reply;
+/*
/* void resolve_clnt_free(reply)
/* RESOLVE_REPLY *reply;
/* DESCRIPTION
/* resolve_clnt_verify() implements an alternative version that can
/* be used for address verification.
/*
+/* resolve_clnt_query_from() and resolve_clnt_verify_from()
+/* allow the caller to supply sender context that will be used
+/* for sender-dependent relayhost lookup.
+/*
/* In the resolver reply, the flags member is the bit-wise OR of
/* zero or more of the following:
/* .IP RESOLVE_FLAG_FINAL
/* The address resolved to something that has invalid syntax.
/* .IP RESOLVE_FLAG_FAIL
/* The request could not be completed.
-/* .IP RESOLVE_FLAG_SMARTHOST
-/* The client may override the next-hop host with per-sender
-/* relay host information.
/* .PP
/* In addition, the address domain class is returned by setting
/* one of the following flags (this is preliminary code awaiting
extern CLNT_STREAM *rewrite_clnt_stream;
static VSTRING *last_class;
+static VSTRING *last_sender;
static VSTRING *last_addr;
static RESOLVE_REPLY last_reply;
/* resolve_clnt - resolve address to (transport, next hop, recipient) */
-void resolve_clnt(const char *class, const char *addr, RESOLVE_REPLY *reply)
+void resolve_clnt(const char *class, const char *sender,
+ const char *addr, RESOLVE_REPLY *reply)
{
char *myname = "resolve_clnt";
VSTREAM *stream;
*/
if (last_addr == 0) {
last_class = vstring_alloc(10);
+ last_sender = vstring_alloc(10);
last_addr = vstring_alloc(100);
resolve_clnt_init(&last_reply);
}
#define IFSET(flag, text) ((reply->flags & (flag)) ? (text) : "")
if (*addr && strcmp(addr, STR(last_addr)) == 0
- && strcmp(class, STR(last_class)) == 0) {
+ && strcmp(class, STR(last_class)) == 0
+ && strcmp(sender, STR(last_sender)) == 0) {
vstring_strcpy(reply->transport, STR(last_reply.transport));
vstring_strcpy(reply->nexthop, STR(last_reply.nexthop));
vstring_strcpy(reply->recipient, STR(last_reply.recipient));
reply->flags = last_reply.flags;
if (msg_verbose)
- msg_info("%s: cached: `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
- myname, addr, STR(reply->transport),
+ msg_info("%s: cached: `%s' -> `%s' -> transp=`%s' host=`%s' rcpt=`%s' flags=%s%s%s%s class=%s%s%s%s%s",
+ myname, sender, addr, STR(reply->transport),
STR(reply->nexthop), STR(reply->recipient),
IFSET(RESOLVE_FLAG_FINAL, "final"),
IFSET(RESOLVE_FLAG_ROUTED, "routed"),
errno = 0;
if (attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_REQ, class,
+ ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
ATTR_TYPE_STR, MAIL_ATTR_ADDR, addr,
ATTR_TYPE_END) != 0
|| vstream_fflush(stream)
* Update the cache.
*/
vstring_strcpy(last_class, class);
+ vstring_strcpy(last_sender, sender);
vstring_strcpy(last_addr, addr);
vstring_strcpy(last_reply.transport, STR(reply->transport));
vstring_strcpy(last_reply.nexthop, STR(reply->nexthop));
#define RESOLVE_FLAG_ROUTED (1<<1) /* routed destination */
#define RESOLVE_FLAG_ERROR (1<<2) /* bad destination syntax */
#define RESOLVE_FLAG_FAIL (1<<3) /* request failed */
-#define RESOLVE_FLAG_SMARTHOST (1<<4) /* smarthost route */
#define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */
#define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */
VSTRING *nexthop;
VSTRING *recipient;
int flags;
-} RESOLVE_REPLY;
+} RESOLVE_REPLY;
extern void resolve_clnt_init(RESOLVE_REPLY *);
-extern void resolve_clnt(const char *, const char *, RESOLVE_REPLY *);
+extern void resolve_clnt(const char *, const char *, const char *, RESOLVE_REPLY *);
extern void resolve_clnt_free(RESOLVE_REPLY *);
-#define resolve_clnt_query(a, r) resolve_clnt(RESOLVE_REGULAR, (a), (r))
-#define resolve_clnt_verify(a, r) resolve_clnt(RESOLVE_VERIFY, (a), (r))
+#define RESOLVE_NULL_FROM ""
+
+#define resolve_clnt_query(a, r) \
+ resolve_clnt(RESOLVE_REGULAR, RESOLVE_NULL_FROM, (a), (r))
+#define resolve_clnt_verify(a, r) \
+ resolve_clnt(RESOLVE_VERIFY, RESOLVE_NULL_FROM, (a), (r))
+
+#define resolve_clnt_query_from(f, a, r) \
+ resolve_clnt(RESOLVE_REGULAR, (f), (a), (r))
+#define resolve_clnt_verify_from(f, a, r) \
+ resolve_clnt(RESOLVE_VERIFY, (f), (a), (r))
#define RESOLVE_CLNT_ASSIGN(reply, transport, nexthop, recipient) { \
(reply).transport = (transport); \
/*
* tok822_resolve.c
*/
-extern void tok822_resolve(TOK822 *, RESOLVE_REPLY *);
+#define tok822_resolve(t, r) tok822_resolve_from(RESOLVE_NULL_FROM, (t), (r))
+
+extern void tok822_resolve_from(const char *, TOK822 *, RESOLVE_REPLY *);
/* LICENSE
/* .ad
/* void tok822_resolve(addr, reply)
/* TOK822 *addr;
/* RESOLVE_REPLY *reply;
+/*
+/* void tok822_resolve_from(sender, addr, reply)
+/* const char *sender;
+/* TOK822 *addr;
+/* RESOLVE_REPLY *reply;
/* DESCRIPTION
/* tok822_resolve() takes an address token tree and finds out the
/* transport to deliver via, the next-hop host on that transport,
/* and the recipient relative to that host.
+/*
+/* tok822_resolve_from() allows the caller to specify sender context
+/* that will be used to look up sender-dependent relayhost information.
/* SEE ALSO
/* resolve_clnt(3) basic resolver client interface
/* LICENSE
/* tok822_resolve - address rewriting interface */
-void tok822_resolve(TOK822 *addr, RESOLVE_REPLY *reply)
+void tok822_resolve_from(const char *sender, TOK822 *addr,
+ RESOLVE_REPLY *reply)
{
VSTRING *intern_form = vstring_alloc(100);
* Shipping string forms is much simpler than shipping parse trees.
*/
tok822_internalize(intern_form, addr->head, TOK822_STR_DEFL);
- resolve_clnt_query(vstring_str(intern_form), reply);
+ resolve_clnt_query_from(sender, vstring_str(intern_form), reply);
if (msg_verbose)
- msg_info("tok822_resolve: addr=%s -> chan=%s, host=%s, rcpt=%s",
+ msg_info("tok822_resolve: from=%s addr=%s -> chan=%s, host=%s, rcpt=%s",
+ sender,
vstring_str(intern_form), vstring_str(reply->transport),
vstring_str(reply->nexthop), vstring_str(reply->recipient));
int var_proc_limit;
bool var_verp_bounce_off;
int var_qmgr_clog_warn_time;
-char *var_snd_relay_maps;
-char *var_vrfy_relay_maps;
static QMGR_SCAN *qmgr_incoming;
static QMGR_SCAN *qmgr_deferred;
-MAPS *qmgr_snd_relay_maps;
-MAPS *qmgr_vrfy_relay_maps;
-
/* qmgr_deferred_run_event - queue manager heartbeat */
static void qmgr_deferred_run_event(int unused_event, char *dummy)
static void qmgr_pre_init(char *unused_name, char **unused_argv)
{
flush_init();
- if (*var_snd_relay_maps)
- qmgr_snd_relay_maps =
- maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0);
- if (*var_vrfy_relay_maps)
- qmgr_vrfy_relay_maps =
- maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0);
}
/* qmgr_post_init - post-jail initialization */
{
static CONFIG_STR_TABLE str_table[] = {
VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
- VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
- VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
*/
#include <recipient_list.h>
#include <dsn.h>
-#include <maps.h> /* Grr.. sender relay maps */
/*
* The queue manager is built around lots of mutually-referring structures.
extern void qmgr_scan_request(QMGR_SCAN *, int);
extern char *qmgr_scan_next(QMGR_SCAN *);
- /*
- * qmgr.c
- */
-extern MAPS *qmgr_snd_relay_maps;
-extern MAPS *qmgr_vrfy_relay_maps;
-
/* LICENSE
/* .ad
/* .fi
#include <split_addr.h>
#include <dsn_mask.h>
#include <dsn_attr_map.h>
-#include <mail_addr_find.h>
/* Client stubs. */
/* qmgr_resolve_one - resolve or skip one recipient */
static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient,
- const char *addr, RESOLVE_REPLY *reply,
- int do_snd_relay_maps)
+ const char *addr, RESOLVE_REPLY *reply)
{
- MAPS *snd_relay_maps;
- const char *smarthost;
DSN dsn;
-#define NO_SENDER_RELAY_MAPS 0
-#define DO_SENDER_RELAY_MAPS 1
-
- if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) {
- snd_relay_maps = qmgr_snd_relay_maps;
- resolve_clnt_query(addr, reply);
- } else {
- snd_relay_maps = qmgr_vrfy_relay_maps;
- resolve_clnt_verify(addr, reply);
- }
+ if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0)
+ resolve_clnt_query_from(message->sender, addr, reply);
+ else
+ resolve_clnt_verify_from(message->sender, addr, reply);
if (reply->flags & RESOLVE_FLAG_FAIL) {
qmgr_defer_recipient(message, recipient,
DSN_SMTP(&dsn, "4.3.0",
"bad address syntax"));
return (-1);
} else {
-
- /*
- * The next-hop destination may be replaced by the per-sender relay
- * host.
- *
- * XXX This violates the principle that qmgr does no map lookups. Map
- * changes require process restart which is bad for queue manager
- * performance.
- */
- if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps
- && message->sender[0] && snd_relay_maps) {
- if ((smarthost = mail_addr_find(snd_relay_maps, message->sender,
- (char **) 0)) != 0) {
- if (msg_verbose)
- msg_info("using smart host %s for sender %s",
- smarthost, message->sender);
- vstring_strcpy(reply->nexthop, smarthost);
- } else if (dict_errno != 0) {
- qmgr_defer_recipient(message, recipient,
- DSN_SMTP(&dsn, "4.3.0",
- "451 address resolver failure",
- "address resolver failure"));
- return (-1);
- }
- }
return (0);
}
}
reply.recipient);
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply,
- NO_SENDER_RELAY_MAPS) < 0)
+ recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
*/
else {
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply,
- DO_SENDER_RELAY_MAPS) < 0)
+ recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
int var_proc_limit;
bool var_verp_bounce_off;
int var_qmgr_clog_warn_time;
-char *var_snd_relay_maps;
-char *var_vrfy_relay_maps;
static QMGR_SCAN *qmgr_incoming;
static QMGR_SCAN *qmgr_deferred;
-MAPS *qmgr_snd_relay_maps;
-MAPS *qmgr_vrfy_relay_maps;
-
/* qmgr_deferred_run_event - queue manager heartbeat */
static void qmgr_deferred_run_event(int unused_event, char *dummy)
static void qmgr_pre_init(char *unused_name, char **unused_argv)
{
flush_init();
- if (*var_snd_relay_maps)
- qmgr_snd_relay_maps =
- maps_create(VAR_SND_RELAY_MAPS, var_snd_relay_maps, 0);
- if (*var_vrfy_relay_maps)
- qmgr_vrfy_relay_maps =
- maps_create(VAR_VRFY_RELAY_MAPS, var_vrfy_relay_maps, 0);
}
/* qmgr_post_init - post-jail initialization */
{
static CONFIG_STR_TABLE str_table[] = {
VAR_DEFER_XPORTS, DEF_DEFER_XPORTS, &var_defer_xports, 0, 0,
- VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
- VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
0,
};
static CONFIG_TIME_TABLE time_table[] = {
*/
#include <recipient_list.h>
#include <dsn.h>
-#include <maps.h> /* Grr.. sender relay maps */
/*
* The queue manager is built around lots of mutually-referring structures.
extern void qmgr_scan_request(QMGR_SCAN *, int);
extern char *qmgr_scan_next(QMGR_SCAN *);
- /*
- * qmgr.c
- */
-extern MAPS *qmgr_snd_relay_maps;
-extern MAPS *qmgr_vrfy_relay_maps;
-
/* LICENSE
/* .ad
/* .fi
#include <split_addr.h>
#include <dsn_mask.h>
#include <dsn_attr_map.h>
-#include <mail_addr_find.h>
/* Client stubs. */
/* qmgr_resolve_one - resolve or skip one recipient */
static int qmgr_resolve_one(QMGR_MESSAGE *message, RECIPIENT *recipient,
- const char *addr, RESOLVE_REPLY *reply,
- int do_snd_relay_maps)
+ const char *addr, RESOLVE_REPLY *reply)
{
- MAPS *snd_relay_maps;
- const char *smarthost;
DSN dsn;
-#define NO_SENDER_RELAY_MAPS 0
-#define DO_SENDER_RELAY_MAPS 1
-
- if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0) {
- snd_relay_maps = qmgr_snd_relay_maps;
- resolve_clnt_query(addr, reply);
- } else {
- snd_relay_maps = qmgr_vrfy_relay_maps;
- resolve_clnt_verify(addr, reply);
- }
+ if ((message->tflags & DEL_REQ_FLAG_MTA_VRFY) == 0)
+ resolve_clnt_query_from(message->sender, addr, reply);
+ else
+ resolve_clnt_verify_from(message->sender, addr, reply);
if (reply->flags & RESOLVE_FLAG_FAIL) {
qmgr_defer_recipient(message, recipient,
DSN_SMTP(&dsn, "4.3.0",
"bad address syntax"));
return (-1);
} else {
-
- /*
- * The next-hop destination may be replaced by the per-sender relay
- * host.
- *
- * XXX This violates the principle that qmgr does no map lookups. Map
- * changes require process restart which is bad for queue manager
- * performance.
- */
- if ((reply->flags & RESOLVE_FLAG_SMARTHOST) && do_snd_relay_maps
- && message->sender[0] && snd_relay_maps) {
- if ((smarthost = mail_addr_find(snd_relay_maps, message->sender,
- (char **) 0)) != 0) {
- if (msg_verbose)
- msg_info("using smart host %s for sender %s",
- smarthost, message->sender);
- vstring_strcpy(reply->nexthop, smarthost);
- } else if (dict_errno != 0) {
- qmgr_defer_recipient(message, recipient,
- DSN_SMTP(&dsn, "4.3.0",
- "451 address resolver failure",
- "address resolver failure"));
- return (-1);
- }
- }
return (0);
}
}
reply.recipient);
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply,
- NO_SENDER_RELAY_MAPS) < 0)
+ recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
*/
else {
if (qmgr_resolve_one(message, recipient,
- recipient->address, &reply,
- DO_SENDER_RELAY_MAPS) < 0)
+ recipient->address, &reply) < 0)
continue;
if (!STREQ(recipient->address, STR(reply.recipient)))
RECIPIENT_UPDATE(recipient->address, STR(reply.recipient));
/* Enable SASL authentication in the Postfix SMTP client.
/* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
/* Optional SMTP client lookup tables with one username:password entry
-/* per remote hostname or domain (or per sender, when per-sender
-/* authentication is enabled).
+/* per remote hostname or domain, or sender address when sender-dependent
+/* authentication is enabled.
/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
/* What authentication mechanisms the Postfix SMTP client is allowed
/* to use.
/* server's list of offered SASL mechanisms.
/* .PP
/* Available in Postfix version 2.3 and later:
-/* .IP "\fBsmtp_per_sender_authentication (no)\fR"
-/* Enable per-sender authentication in the SMTP client; this is available
-/* only with SASL authentication, and disables SMTP connection caching
-/* to ensure that mail from different senders will use the appropriate
-/* credentials.
+/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
+/* Enable sender-dependent authentication in the SMTP client; this is
+/* available only with SASL authentication, and disables SMTP connection
+/* caching to ensure that mail from different senders will use the
+/* appropriate credentials.
/* STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
bool var_smtp_use_tls;
bool var_smtp_enforce_tls;
char *var_smtp_tls_per_site;
+
#ifdef USE_TLS
int var_smtp_starttls_tmout;
char *var_smtp_sasl_tls_opts;
bool var_smtp_tls_enforce_peername;
int var_smtp_tls_scert_vd;
bool var_smtp_tls_note_starttls_offer;
+
#endif
char *var_smtp_generic_maps;
TLScontext_t *tls_context; /* TLS session state */
#endif
+ SMTP_STATE *state; /* back link */
} SMTP_SESSION;
extern SMTP_SESSION *smtp_session_alloc(VSTREAM *, const char *, const char *,
* queue manager. This is turned temporarily when a destination has a
* high volume of mail in the active queue.
*
- * XXX Disable connection caching when per-sender credentials are
- * enabled. We must not send someone elses mail over an authenticated
- * connection, and we must not send mail that requires authentication
- * over a connection that wasn't authenticated.
+ * XXX Disable connection caching when sender-dependent authentication
+ * is enabled. We must not send someone elses mail over an
+ * authenticated connection, and we must not send mail that requires
+ * authentication over a connection that wasn't authenticated.
*/
if (cpp == sites->argv
&& !var_smtp_sender_auth
|| (session = smtp_reuse_addr(state, addr, port)) == 0)
session = smtp_connect_addr(dest, addr, port, why, sess_flags);
if ((state->session = session) != 0) {
+ session->state = state;
if (addr->pref == domain_best_pref)
session->features |= SMTP_FEATURE_BEST_MX;
/* Don't count handshake errors towards the session limit. */
int smtp_sasl_passwd_lookup(SMTP_SESSION *session)
{
char *myname = "smtp_sasl_passwd_lookup";
+ SMTP_STATE *state = session->state;
const char *value;
char *passwd;
* but didn't canonicalize the TCP port, and did not append the port to
* the MX hostname.
*/
- if ((var_sender_auth
+ if ((var_smtp_sender_auth && state->request->sender[0]
&& (value = mail_addr_find(smtp_sasl_passwd_map,
state->request->sender, (char **) 0)) != 0)
|| (value = maps_find(smtp_sasl_passwd_map, session->host, 0)) != 0
char *mech_list;
char *save_mech;
char *mech;
- int ret;
/*
* Use server's mechanisms if no filter specified
session->tls_use_tls = 1;
}
#endif
+ session->state = 0;
debug_peer_check(host, addr);
return (session);
}
transport.o: ../../include/match_parent_style.h
transport.o: ../../include/msg.h
transport.o: ../../include/mymalloc.h
-transport.o: ../../include/resolve_clnt.h
transport.o: ../../include/split_at.h
transport.o: ../../include/stringops.h
transport.o: ../../include/strip_addr.h
/* resolve_addr - resolve address according to rule set */
-static void resolve_addr(RES_CONTEXT *rp, char *addr,
+static void resolve_addr(RES_CONTEXT *rp, char *sender, char *addr,
VSTRING *channel, VSTRING *nexthop,
VSTRING *nextrcpt, int *flags)
{
char *local;
char *oper;
char *junk;
+ const char *relay;
*flags = 0;
vstring_strcpy(channel, "CHANNEL NOT UPDATED");
* highest precedence to transport associated nexthop information.
*
* Otherwise, with relay or other non-local destinations, the relayhost
- * setting overrides the recipient domain name, and the per-sender
+ * setting overrides the recipient domain name, and the sender-dependent
* relayhost overrides both.
*
* XXX Nag if the recipient domain is listed in multiple domain lists. The
}
/*
- * With off-host delivery, per-sender or global relayhost
- * override the recipient domain. The per-sender override is done
- * in the client, and permission to do so is is signaled with the
- * SMARTHOST flag. This is technically incorrect, but avoids the
- * need to change the resolver client protocol for something that
- * is irrelevant for most resolver clients, and that most Postfix
- * sites will never need.
+ * With off-host delivery, sender-dependent or global relayhost
+ * override the recipient domain.
*/
- *flags |= RESOLVE_FLAG_SMARTHOST;
- if (*RES_PARAM_VALUE(rp->relayhost))
+ if (rp->snd_relay_info && *sender
+ && (relay = mail_addr_find(rp->snd_relay_info, sender,
+ (char **) 0)) != 0)
+ vstring_strcpy(nexthop, relay);
+ else if (*RES_PARAM_VALUE(rp->relayhost))
vstring_strcpy(nexthop, RES_PARAM_VALUE(rp->relayhost));
else
vstring_strcpy(nexthop, rcpt_domain);
* force mail for any domain in $mydestination/${proxy,inet}_interfaces
* to share the same queue.
*/
- if ((destination = split_at(STR(channel), ':')) != 0 && *destination) {
+ if ((destination = split_at(STR(channel), ':')) != 0 && *destination)
vstring_strcpy(nexthop, destination);
- *flags &= ~RESOLVE_FLAG_SMARTHOST;
- }
/*
* Sanity checks.
* XXX Don't override the virtual alias class (error:User unknown) result.
*/
if (rp->transport_info && !(*flags & RESOLVE_CLASS_ALIAS)) {
- if (transport_lookup(rp->transport_info, flags, STR(nextrcpt),
+ if (transport_lookup(rp->transport_info, STR(nextrcpt),
rcpt_domain, channel, nexthop) == 0
&& dict_errno != 0) {
msg_warn("%s lookup failure", rp->transport_maps_name);
static VSTRING *nexthop;
static VSTRING *nextrcpt;
static VSTRING *query;
+static VSTRING *sender;
/* resolve_proto - read request and send reply */
int flags;
if (attr_scan(stream, ATTR_FLAG_STRICT,
+ ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
ATTR_TYPE_STR, MAIL_ATTR_ADDR, query,
- ATTR_TYPE_END) != 1)
+ ATTR_TYPE_END) != 2)
return (-1);
- resolve_addr(context, STR(query),
+ resolve_addr(context, STR(sender), STR(query),
channel, nexthop, nextrcpt, &flags);
if (msg_verbose)
- msg_info("%s -> (`%s' `%s' `%s' `%d')", STR(query), STR(channel),
+ msg_info("`%s' -> `%s' -> (`%s' `%s' `%s' `%d')",
+ STR(sender), STR(query), STR(channel),
STR(nexthop), STR(nextrcpt), flags);
attr_print(stream, ATTR_FLAG_NONE,
void resolve_init(void)
{
+ sender = vstring_alloc(100);
query = vstring_alloc(100);
channel = vstring_alloc(100);
nexthop = vstring_alloc(100);
/* void transport_post_init(info)
/* TRANSPORT_INFO *info;
/*
-/* int transport_lookup(info, res_flags, address, rcpt_domain,
-/* channel, nexthop)
+/* int transport_lookup(info, address, rcpt_domain, channel, nexthop)
/* TRANSPORT_INFO *info;
-/* int *res_flags;
/* const char *address;
/* const char *rcpt_domain;
/* VSTRING *channel;
/*
/* transport_lookup() finds the channel and nexthop for the given
/* domain, and returns 1 if something was found. Otherwise, 0
-/* is returned. The res_flags SMARTHOST bit is reset when the nexthop
-/* information is updated.
+/* is returned.
/* DIAGNOSTICS
/* The global \fIdict_errno\fR is non-zero when the lookup
/* should be tried again.
#include <maps.h>
#include <match_parent_style.h>
#include <mail_proto.h>
-#include <resolve_clnt.h>
/* Application-specific. */
static void update_entry(const char *new_channel, const char *new_nexthop,
const char *rcpt_domain, VSTRING *channel,
- VSTRING *nexthop, int *res_flags)
+ VSTRING *nexthop)
{
/*
* side of ":" is the transport table equivalent of a NOOP.
*/
if (*new_channel == 0) { /* :[nexthop] */
- if (*new_nexthop != 0) {
+ if (*new_nexthop != 0)
vstring_strcpy(nexthop, new_nexthop);
- *res_flags &= ~RESOLVE_FLAG_SMARTHOST;
- }
}
/*
vstring_strcpy(nexthop, rcpt_domain);
else
vstring_strcpy(nexthop, "Address is undeliverable");
- *res_flags &= ~RESOLVE_FLAG_SMARTHOST;
}
}
/* find_transport_entry - look up and parse transport table entry */
-static int find_transport_entry(TRANSPORT_INFO *tp, int *res_flags,
- const char *key,
- const char *rcpt_domain,
- int map_flags,
- VSTRING *channel,
- VSTRING *nexthop)
+static int find_transport_entry(TRANSPORT_INFO *tp, const char *key,
+ const char *rcpt_domain, int flags,
+ VSTRING *channel, VSTRING *nexthop)
{
char *saved_value;
const char *host;
*
* XXX Should report lookup failure status to caller instead of aborting.
*/
- if ((value = maps_find(tp->transport_path, key, map_flags)) == 0)
+ if ((value = maps_find(tp->transport_path, key, flags)) == 0)
return (NOTFOUND);
/*
saved_value = mystrdup(value);
host = split_at(saved_value, ':');
update_entry(saved_value, host ? host : "", rcpt_domain,
- channel, nexthop, res_flags);
+ channel, nexthop);
myfree(saved_value);
return (FOUND);
}
{
VSTRING *channel = vstring_alloc(10);
VSTRING *nexthop = vstring_alloc(10);
- int dummy;
/*
* Technically, the wildcard lookup pattern is redundant. A static map
#define FULL 0
#define PARTIAL DICT_FLAG_FIXED
- if (find_transport_entry(tp, &dummy, WILDCARD, "",
- FULL, channel, nexthop)) {
+ if (find_transport_entry(tp, WILDCARD, "", FULL, channel, nexthop)) {
tp->transport_errno = 0;
if (tp->wildcard_channel)
vstring_free(tp->wildcard_channel);
/* transport_lookup - map a transport domain */
-int transport_lookup(TRANSPORT_INFO *tp, int *res_flags, const char *addr,
+int transport_lookup(TRANSPORT_INFO *tp, const char *addr,
const char *rcpt_domain,
VSTRING *channel, VSTRING *nexthop)
{
if ((ratsign = strrchr(full_addr, '@')) == 0 || ratsign[1] == 0)
msg_panic("transport_lookup: bad address: \"%s\"", full_addr);
- if (find_transport_entry(tp, res_flags, full_addr, rcpt_domain,
- FULL, channel, nexthop))
+ if (find_transport_entry(tp, full_addr, rcpt_domain, FULL, channel, nexthop))
RETURN_FREE(FOUND);
if (dict_errno != 0)
RETURN_FREE(NOTFOUND);
*/
if ((stripped_addr = strip_addr(full_addr, DISCARD_EXTENSION,
*var_rcpt_delim)) != 0) {
- found = find_transport_entry(tp, res_flags, stripped_addr, rcpt_domain,
- PARTIAL, channel, nexthop);
+ found = find_transport_entry(tp, stripped_addr, rcpt_domain, PARTIAL,
+ channel, nexthop);
myfree(stripped_addr);
if (found)
* with regular expressions.
*/
for (name = ratsign + 1; *name != 0; name = next) {
- if (find_transport_entry(tp, res_flags, name, rcpt_domain,
- PARTIAL, channel, nexthop))
+ if (find_transport_entry(tp, name, rcpt_domain, PARTIAL, channel, nexthop))
RETURN_FREE(FOUND);
if (dict_errno != 0)
RETURN_FREE(NOTFOUND);
RETURN_FREE(NOTFOUND);
} else if (tp->wildcard_channel) {
update_entry(STR(tp->wildcard_channel), STR(tp->wildcard_nexthop),
- rcpt_domain, channel, nexthop, res_flags);
+ rcpt_domain, channel, nexthop);
RETURN_FREE(FOUND);
}
extern TRANSPORT_INFO *transport_pre_init(const char *, const char *);
extern void transport_post_init(TRANSPORT_INFO *);
-extern int transport_lookup(TRANSPORT_INFO *, int *, const char *, const char *, VSTRING *, VSTRING *);
+extern int transport_lookup(TRANSPORT_INFO *, const char *, const char *, VSTRING *, VSTRING *);
extern void transport_free(TRANSPORT_INFO *);
/* LICENSE
/* Postfix from appending the local domain to spam from poorly
/* written remote clients.
/* .RE
-/* .IP "\fBresolve \fIaddress\fR"
-/* Resolve an address to a (\fItransport\fR, \fInexthop\fR,
+/* .IP "\fBresolve \fIsender\fR \fIaddress\fR"
+/* Resolve the address to a (\fItransport\fR, \fInexthop\fR,
/* \fIrecipient\fR, \fIflags\fR) quadruple. The meaning of
/* the results is as follows:
/* .RS
/* The address class, whether the address requires relaying,
/* whether the address has problems, and whether the request failed.
/* .RE
-/* .IP "\fBverify \fIaddress\fR"
-/* Resolve an address for address verification purposes.
+/* .IP "\fBverify \fIsender\fR \fIaddress\fR"
+/* Resolve the address for address verification purposes.
/* SERVER PROCESS MANAGEMENT
/* .ad
/* .fi
/* relay_transport, virtual_alias_domains, virtual_mailbox_domains
/* or proxy_interfaces.
/* .IP "\fBlocal_transport (local:$myhostname)\fR"
-/* The default mail delivery transport for domains that match
-/* $mydestination, $inet_interfaces or $proxy_interfaces.
+/* The default mail delivery transport and next-hop destination
+/* for final delivery to domains listed with mydestination, and for
+/* [ipaddress] destinations that match $inet_interfaces or $proxy_interfaces.
/* .IP "\fBvirtual_transport (virtual)\fR"
-/* The default mail delivery transport for domains that match the
-/* $virtual_mailbox_domains parameter value.
+/* The default mail delivery transport and next-hop destination for
+/* final delivery to domains listed with virtual_mailbox_domains.
/* .IP "\fBrelay_transport (relay)\fR"
-/* The default mail delivery transport and next-hop information for
-/* domains that match the $relay_domains parameter value.
+/* The default mail delivery transport and next-hop destination for
+/* remote delivery to domains listed with $relay_domains.
/* .IP "\fBdefault_transport (smtp)\fR"
-/* The default mail delivery transport for domains that do not match
-/* $mydestination, $inet_interfaces, $proxy_interfaces,
-/* $virtual_alias_domains, $virtual_mailbox_domains, or $relay_domains.
+/* The default mail delivery transport and next-hop destination for
+/* destinations that do not match $mydestination, $inet_interfaces,
+/* $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains,
+/* or $relay_domains.
/* .IP "\fBparent_domain_matches_subdomains (see 'postconf -d' output)\fR"
/* What Postfix features match subdomains of "domain.tld" automatically,
/* instead of requiring an explicit ".domain.tld" pattern.
/* .IP "\fBrelayhost (empty)\fR"
-/* The default host to send non-local mail to when no entry is matched
-/* in the optional \fBtransport\fR(5) table.
+/* The next-hop destination of non-local mail; overrides non-local
+/* domains in recipient addresses.
/* .IP "\fBtransport_maps (empty)\fR"
/* Optional lookup tables with mappings from recipient address to
/* (message delivery transport, next-hop destination).
/* .PP
/* Available in Postfix version 2.3 and later:
-/* .IP "\fBsender_relayhost_maps (empty)\fR"
-/* A sender-specific override for the global relayhost parameter
+/* .IP "\fBsender_dependent_relayhost_maps (empty)\fR"
+/* A sender-dependent override for the global relayhost parameter
/* setting.
/* ADDRESS VERIFICATION CONTROLS
/* .ad
/* .IP "\fBaddress_verify_relayhost ($relayhost)\fR"
/* Overrides the relayhost parameter setting for address verification
/* probes.
-/* .IP "\fBaddress_verify_sender_relayhost_maps (empty)\fR"
-/* Overrides the sender_relayhost_maps parameter setting for address
-/* verification probes.
/* .IP "\fBaddress_verify_transport_maps ($transport_maps)\fR"
/* Overrides the transport_maps parameter setting for address verification
/* probes.
+/* .PP
+/* Available in Postfix version 2.3 and later:
+/* .IP "\fBaddress_verify_sender_dependent_relayhost_maps (empty)\fR"
+/* Overrides the sender_dependent_relayhost_maps parameter setting for address
+/* verification probes.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
int var_show_unk_rcpt_table;
int var_resolve_nulldom;
char *var_remote_rwr_domain;
+char *var_snd_relay_maps;
/*
* Shadow personality for address verification.
char *var_vrfy_relay_xport;
char *var_vrfy_def_xport;
char *var_vrfy_relayhost;
+char *var_vrfy_relay_maps;
/*
* Different resolver personalities depending on the kind of request.
VAR_RELAY_TRANSPORT, &var_relay_transport,
VAR_DEF_TRANSPORT, &var_def_transport,
VAR_RELAYHOST, &var_relayhost,
+ VAR_SND_RELAY_MAPS, &var_snd_relay_maps, 0,
VAR_TRANSPORT_MAPS, &var_transport_maps, 0
};
VAR_VRFY_RELAY_XPORT, &var_vrfy_relay_xport,
VAR_VRFY_DEF_XPORT, &var_vrfy_def_xport,
VAR_VRFY_RELAYHOST, &var_vrfy_relayhost,
+ VAR_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0,
VAR_VRFY_XPORT_MAPS, &var_vrfy_xport_maps, 0
};
resolve_verify.transport_info =
transport_pre_init(resolve_verify.transport_maps_name,
RES_PARAM_VALUE(resolve_verify.transport_maps));
+ if (*RES_PARAM_VALUE(resolve_regular.snd_relay_maps))
+ resolve_regular.snd_relay_info =
+ maps_create(resolve_regular.snd_relay_maps_name,
+ RES_PARAM_VALUE(resolve_regular.snd_relay_maps), 0);
+ if (*RES_PARAM_VALUE(resolve_verify.snd_relay_maps))
+ resolve_verify.snd_relay_info =
+ maps_create(resolve_verify.snd_relay_maps_name,
+ RES_PARAM_VALUE(resolve_verify.snd_relay_maps), 0);
}
/* post_jail_init - initialize after entering chroot jail */
VAR_VRFY_DEF_XPORT, DEF_VRFY_DEF_XPORT, &var_vrfy_def_xport, 1, 0,
VAR_VRFY_RELAYHOST, DEF_VRFY_RELAYHOST, &var_vrfy_relayhost, 0, 0,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0,
+ VAR_SND_RELAY_MAPS, DEF_SND_RELAY_MAPS, &var_snd_relay_maps, 0, 0,
+ VAR_VRFY_RELAY_MAPS, DEF_VRFY_RELAY_MAPS, &var_vrfy_relay_maps, 0, 0,
0,
};
static CONFIG_BOOL_TABLE bool_table[] = {
char **def_transport; /* default transport:nexthop */
const char *relayhost_name; /* name of variable */
char **relayhost; /* for relay and default transport */
+ const char *snd_relay_maps_name; /* name of variable */
+ char **snd_relay_maps; /* maptype:mapname */
+ MAPS *snd_relay_info; /* handle */
const char *transport_maps_name; /* name of variable */
char **transport_maps; /* maptype:mapname */
struct TRANSPORT_INFO *transport_info; /* handle */
projects / thirdparty / postfix.git / commitdiff
