instead of appending mail to a deleted file. To minimize
the use of this workaround, Postfix now by default creates
mailbox dotlock files on all systems, and creates dotlock
- files before opening mailbox files. Files: util/sys_defs.h.
+ files before opening mailbox files. Files: util/sys_defs.h,
+ global/mbox_open.c.
20070301
records or content encoding records with other mail. File:
global/rec_type.h.
+20070321
+
+ Bugfix (introduced 20070224): local(8) or virtual(8) could
+ log a misleading error message after failure to open a
+ mailbox file. File: global/mbox_open.c.
+
+ Bugfix (code should have been updated 20070104): the proxymap
+ client did not propagate changes in case folding flags.
+ Currently, nothing in Postfix uses this functionality.
+ File: global/dict_proxy.c.
+
Wish list:
Bind all deliveries to the same local delivery process,
* QSHAPE_README: Bottleneck analysis
* TUNING_README: Performance tuning
* DEBUG_README: Debugging strategies
- * Error messages (*)
C\bCo\bon\bnt\bte\ben\bnt\bt i\bin\bns\bsp\bpe\bec\bct\bti\bio\bon\bn
M\bMa\bai\bil\bli\bin\bng\bg l\bli\bis\bst\bt s\bsu\bup\bpp\bpo\bor\brt\bt
- * qmail/ezmlm support (*)
* VERP_README: VERP Support
S\bSp\bpe\bec\bci\bif\bfi\bic\bc e\ben\bnv\bvi\bir\bro\bon\bnm\bme\ben\bnt\bts\bs
* LINUX_README: Linux issues
* NFS_README: NFS issues
- * ULTRIX_README: Ultrix support
O\bOt\bth\bhe\ber\br m\bma\bai\bil\bl d\bde\bel\bli\biv\bve\ber\bry\by a\bag\bge\ben\bnt\bts\bs
- * Cyrus (*)
* MAILDROP_README: Maildrop
- * LMTP (*)
O\bOt\bth\bhe\ber\br t\bto\bop\bpi\bic\bcs\bs
* XCLIENT_README: XCLIENT Command
* XFORWARD_README: XFORWARD Command
-(*) These documents will be made available via http://www.postfix.org/ and
-mirror sites.
-
* The list of domains that are a member of the class: for example, all local
domains, or all relay domains.
- * The default delivery method. For example, the local or smtp delivery agent.
- This helps to keep Postfix configurations simple.
+ * The default delivery transport. For example, the local, virtual or relay
+ delivery transport (delivery transports are defined in master.cf). This
+ helps to keep Postfix configurations simple, by avoiding the need for
+ explicit routing information in transport maps.
* The list of valid recipient addresses for that address class. The Postfix
SMTP server rejects invalid recipients with "User unknown in <name of
Recipient address verification is relatively straightforward and there are no
surprises. If a recipient probe fails, then Postfix rejects mail for the
recipient address. If a recipient probe succeeds, then Postfix accepts mail for
-the recipient address.
+the recipient address. However, recipient address verification probes can
+increase the load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as
the same performance improvement as with a shared connection cache, non-shared
connections need to be kept open for a longer time.
- Internet <-- smtp(8) <-> scache(8) <-> smtp(8) --> Internet
-
-
The scache(8) server, introduced with Postfix version 2.2, maintains the shared
connection cache. With Postfix version 2.2, only the smtp(8) client has support
to access this cache.
+ /-- smtp(8) --> Internet
+
+ qmgr(8) |
+ |
+ \-- | smtp(8) --> Internet
+ |
+ ^
+ |
+
+ scache(8)
+
When SMTP connection caching is enabled (see next section), the smtp(8) client
does not disconnect after a mail transaction, but gives the connection to the
scache(8) server which keeps the connection open for a limited amount of time.
lookups" below.
* You can use Berkeley DB files with fixed lookup strings for simple address
rewriting operations and you can use regular expression tables for the more
- complicated work.
+ complicated work. In other words, you don't have to put everything into the
+ same table.
P\bPo\bos\bst\btf\bfi\bix\bx l\bli\bis\bst\bts\bs v\bve\ber\brs\bsu\bus\bs t\bta\bab\bbl\ble\bes\bs
is because commands such as postmap(1) or postalias(1) overwrite existing
files. If the update fails in the middle then you have no usable database, and
Postfix will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because CDB database rebuilds are atomic.
+available with Postfix 2.2 and later: CDB creates a new file, and renames the
+file upon successful completion.
With multi-file databases such as DBM, there is no simple solution. With
Berkeley DB and other "one file" databases, it is possible to add some extra
B\bBu\bui\bil\bld\bdi\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx o\bon\bn s\bsy\bys\bst\bte\bem\bms\bs w\bwi\bit\bth\bho\bou\but\bt B\bBe\ber\brk\bke\bel\ble\bey\by D\bDB\bB
-Many commercial UNIXes ship without Berkeley DB support. Examples are Solaris,
-HP-UX, IRIX, UNIXWARE. In order to build Postfix with Berkeley DB support you
-need to download and install the source code from http://www.sleepycat.com/
+Some UNIXes ship without Berkeley DB support; for historical reasons these use
+DBM files instead. A problem with DBM files is that they can store only limited
+amounts of data. To build Postfix with Berkeley DB support you need to download
+and install the source code from http://www.oracle.com/database/berkeley-db/.
Warning: some Linux system libraries use Berkeley DB, as do some third-party
libraries such as SASL. If you compile Postfix with a different Berkeley DB
implementation, then every Postfix program will dump core because either the
-system library, SASL library, or Postfix itself ends up using the wrong
+system library, the SASL library, or Postfix itself ends up using the wrong
version.
The more recent Berkeley DB versions have a compile-time switch, "--with-
can co-exist in the same application. Although wasteful, this may be the only
way to keep things from falling apart.
-To build Postfix after you installed the Berkeley DB from http://
-www.sleepycat.com/, use something like:
+To build Postfix after you installed the Berkeley DB from source code, use
+something like:
% make tidy
% make makefiles CCARGS="-DHAS_DB -I/usr/local/BerkeleyDB/include" \
% make makefiles .... AUXLIBS="... -lpthread"
-More information is available at http://www.sleepycat.com/.
+More information is available at http://www.oracle.com/database/berkeley-db/.
configuration file settings that you can fix. Postfix cannot proceed until
this is fixed.
- * "e\ber\brr\bro\bor\br" reports a fatal or non-fatal error condition. Postfix cannot
- proceed until this is fixed.
+ * "e\ber\brr\bro\bor\br" reports an error condition. For safety reasons, a Postfix process
+ will terminate when more than 13 of these happen.
* "w\bwa\bar\brn\bni\bin\bng\bg" indicates a non-fatal error. These are problems that you may not
be able to fix (such as a broken DNS server elsewhere on the network) but
Mail Delivery Status Report will be mailed to <your login name>.
These reports contain information that is generated by Postfix delivery agents.
-Since these run as daemon processes and do not interact with users directly,
+Since these run as daemon processes that cannot interact with users directly,
the result is sent as mail to the sender of the test message. The format of
these reports is practically identical to that of ordinary non-delivery
notifications.
R\bRe\bec\bco\bor\brd\bd t\bth\bhe\be S\bSM\bMT\bTP\bP s\bse\bes\bss\bsi\bio\bon\bn w\bwi\bit\bth\bh a\ba n\bne\bet\btw\bwo\bor\brk\bk s\bsn\bni\bif\bff\bfe\ber\br
This example uses t\btc\bcp\bpd\bdu\bum\bmp\bp. In order to record a conversation you need to
-specify a large enough buffer with the "-s" option or else you will miss some
+specify a large enough buffer with the "-\b-s\bs" option or else you will miss some
or all of the packet payload.
- # t\btc\bcp\bpd\bdu\bum\bmp\bp -\b-w\bw /\b/f\bfi\bil\ble\be/\b/n\bna\bam\bme\be -\b-s\bs 2\b20\b00\b00\b0 h\bho\bos\bst\bt e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm a\ban\bnd\bd p\bpo\bor\brt\bt 2\b25\b5
+ # t\btc\bcp\bpd\bdu\bum\bmp\bp -\b-w\bw /\b/f\bfi\bil\ble\be/\b/n\bna\bam\bme\be -\b-s\bs 0\b0 h\bho\bos\bst\bt e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm a\ban\bnd\bd p\bpo\bor\brt\bt 2\b25\b5
+
+Older tcpdump versions don't support "-\b-s\bs 0\b0"; in that case, use "-\b-s\bs 2\b20\b00\b00\b0"
+instead.
Run this for a while, stop with Ctrl-C when done. To view the data use a binary
-viewer, or e\bet\bth\bhe\ber\bre\bea\bal\bl, or use my t\btc\bcp\bpd\bdu\bum\bmp\bpx\bx utility that is available from ftp://
-ftp.porcupine.org/pub/debugging/.
+viewer, e\bet\bth\bhe\ber\bre\bea\bal\bl, or good old l\ble\bes\bss\bs.
M\bMa\bak\bki\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx d\bda\bae\bem\bmo\bon\bn p\bpr\bro\bog\bgr\bra\bam\bms\bs m\bmo\bor\bre\be v\bve\ber\brb\bbo\bos\bse\be
Append one or more "-\b-v\bv" options to selected daemon definitions in /etc/postfix/
master.cf and type "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd". This will cause a lot of activity to be
-logged to the syslog daemon. Example:
+logged to the syslog daemon. For example, to make the Postfix SMTP server
+process more verbose:
/etc/postfix/master.cf:
smtp inet n - n - - smtpd -v
-This makes the Postfix SMTP server more verbose. To diagnose problems with
-address rewriting one would specify a "-\b-v\bv" option for the cleanup(8) and/or
-trivial-rewrite(8) daemon, and to diagnose problems with mail delivery one
-would specify a "-\b-v\bv" option for the qmgr(8) or oqmgr(8) queue manager, or for
-the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
+To diagnose problems with address rewriting specify a "-\b-v\bv" option for the
+cleanup(8) and/or trivial-rewrite(8) daemon, and to diagnose problems with mail
+delivery specify a "-\b-v\bv" option for the qmgr(8) or oqmgr(8) queue manager, or
+for the lmtp(8), local(8), pipe(8), smtp(8), or virtual(8) delivery agent.
M\bMa\ban\bnu\bua\bal\bll\bly\by t\btr\bra\bac\bci\bin\bng\bg a\ba P\bPo\bos\bst\btf\bfi\bix\bx d\bda\bae\bem\bmo\bon\bn p\bpr\bro\boc\bce\bes\bss\bs
* Postfix logging. See the text at the top of the DEBUG_README document to
find out where logging is stored. Please do not frustrate the helpers by
- word wrapping the logging.
+ word wrapping the logging. If the logging is more than a few kbytes of
+ text, consider posting an URL on a web or ftp site.
* Consider using a test email address so that you don't have to reveal email
addresses or passwords of innocent people.
- * If you can't use a test email address, please anonymize information
- consistently. Replace each letter by "A", each digit by "D" so that the
- helpers can still recognize syntactical errors.
+ * If you can't use a test email address, please anonymize email addresses and
+ host names consistently. Replace each letter by "A", each digit by "D" so
+ that the helpers can still recognize syntactical errors.
- * Output from "p\bpo\bos\bst\btc\bco\bon\bnf\bf -\b-n\bn". Please do not send your main.cf file or 400+
+ * Output from "p\bpo\bos\bst\btc\bco\bon\bnf\bf -\b-n\bn". Please do not send your main.cf file, or 500+
lines of p\bpo\bos\bst\btc\bco\bon\bnf\bf output.
* Better, provide output from the p\bpo\bos\bst\btf\bfi\bin\bng\bge\ber\br tool. This can be found at http:
* If the problem is about too much mail in the queue, consider including
output from the q\bqs\bsh\bha\bap\bpe\be tool, as described in the QSHAPE_README file.
- * If the problem is protocol related (connections time out or an SMTP server
+ * If the problem is protocol related (connections time out, or an SMTP server
complains about syntax errors etc.) consider recording a session with
t\btc\bcp\bpd\bdu\bum\bmp\bp, as described in the DEBUG_README document.
confused with the message ID, which identifies the message content.
The implementation of DSN support involves extra parameters to the SMTP MAIL
-FROM and RCPT TO commands, as well as new Postfix sendmail command line options
+FROM and RCPT TO commands, as well as two Postfix sendmail command line options
that provide a sub-set of the functions of the extra SMTP command parameters.
This document has information on the following topics:
s\bse\ber\brv\bve\ber\br. The mail is not delivered via the connection that was used for sending
ETRN.
-Postfix versions before 1.0 (also known as version 20010228) implemented the
-ETRN command in an inefficient manner: they simply attempted to deliver all
-queued mail. This is slow on mail servers that queue mail for many customers.
-
As of version 1.0, Postfix has a fast ETRN implementation that does not require
Postfix to examine every queue file. Instead, Postfix maintains a record of
what queue files contain mail for destinations that are configured for ETRN
the ETRN service. Client commands are shown in bold font.
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
- q\bqu\bui\bit\bt
+ Q\bQU\bUI\bIT\bT
221 Bye
As mentioned in the introduction, the mail is delivered by connecting to the
The Postfix operator can request delivery for a specific customer by using the
command "sendmail -qRdestination" and, with Postfix version 1.1 and later,
-"postqueue -sdestination".
+"postqueue -sdestination". Access to this feature is controlled with the
+authorized_flush_users configuration parameter (Postfix version 2.2 and later).
H\bHo\bow\bw P\bPo\bos\bst\btf\bfi\bix\bx f\bfa\bas\bst\bt E\bET\bTR\bRN\bN w\bwo\bor\brk\bks\bs
* The flush(8) daemon maintains per-destination logfiles with queue file
names. When a request to "deliver mail now" arrives, Postfix will attempt
to deliver all recipients in the queue files that have mail for the
- destination in question. This does not perform well when queue files have
- recipients in many different domains.
+ destination in question. This does not perform well with queue files that
+ have recipients in many different domains, such as queue files with
+ outbound mailing list traffic.
* The flush(8) daemon maintains per-destination logfiles only for
- destinations listed with $fast_flush_domains. With other destinations it
- not possible to trigger delivery with "sendmail -qRdestination" or, with
- Postfix version 1.1 and later, "postqueue -sdestination".
+ destinations listed with $fast_flush_domains. With other destinations you
+ cannot request delivery with "sendmail -qRdestination" or, with Postfix
+ version 1.1 and later, "postqueue -sdestination".
* Up to and including early versions of Postfix version 2.1, the "fast flush"
service may not deliver some messages if the request to "deliver mail now"
dead domains, and the list of message delivery transports specified with
the defer_transports configuration parameter.
+ * Up to and including Postfix version 2.3, the "fast flush" service may not
+ deliver some messages if the request to "deliver mail now" arrives while an
+ incoming queue scan is already in progress.
+
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx f\bfa\bas\bst\bt E\bET\bTR\bRN\bN s\bse\ber\brv\bvi\bic\bce\be
The behavior of the flush(8) daemon is controlled by parameters in the main.cf
client), and type the commands shown in boldface:
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
where "some.customer.domain" is the name of a domain that has a non-empty
The text in bold face stands for the commands that you type:
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn s\bso\bom\bme\be.\b.o\bot\bth\bhe\ber\br.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN s\bso\bom\bme\be.\b.o\bot\bth\bhe\ber\br.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
250 Queuing started
This time, the "ETRN"" command should trigger NO mail deliveries at all. If
destination.
220 my.server.tld ESMTP Postfix
- h\bhe\bel\blo\bo m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
+ H\bHE\bEL\bLO\bO m\bmy\by.\b.c\bcl\bli\bie\ben\bnt\bt.\b.t\btl\bld\bd
250 Ok
- e\bet\btr\brn\bn n\bno\bot\bt.\b.a\ba.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
+ E\bET\bTR\bRN\bN n\bno\bot\bt.\b.a\ba.\b.c\bcu\bus\bst\bto\bom\bme\ber\br.\b.d\bdo\bom\bma\bai\bin\bn
459 <not.a.customer.domain>: service unavailable
In this case, Postfix should reject the request as shown above.
everything: receiving, filtering and delivering mail. Applications that use two
separate Postfix instances will be covered by a later version of this document.
-The after-queue content filter is not to be confused with the approach that is
-described in the SMTPD_PROXY_README document, where incoming SMTP mail is
-filtered BEFORE it is stored into the Postfix queue.
+The after-queue content filter is not to be confused with the approaches
+described in the SMTPD_PROXY_README or MILTER_README documents, where incoming
+SMTP mail is filtered BEFORE it is stored into the Postfix queue.
This document describes two approaches to content filter all email, as well as
several options to filter mail selectively:
P\bPr\bri\bin\bnc\bci\bip\bpl\ble\bes\bs o\bof\bf o\bop\bpe\ber\bra\bat\bti\bio\bon\bn
-An external content filter receives unfiltered mail from Postfix (as described
-further below) and does one of the following:
+An after-queue content filter receives unfiltered mail from Postfix (as
+described further below) and can do one of the following:
1. Re-inject the mail back into Postfix, perhaps after changing content and/or
destination.
- 2. Reject the mail (by sending a suitable status code back to Postfix).
- Postfix will return the mail to the sender.
+ 2. Discard or quarantine the mail.
+
+ 3. Reject the mail (by sending a suitable status code back to Postfix).
+ Postfix will send the mail back to the sender address.
NOTE: in this time of mail worms and forged spam, it is a VERY BAD IDEA to send
viruses back to the sender address, because the sender address is almost
S\bSi\bim\bmp\bpl\ble\be c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br e\bex\bxa\bam\bmp\bpl\ble\be
-The first example is simple to set up. Postfix receives unfiltered mail from
-the network with the smtpd(8) server, and delivers unfiltered mail to a content
+The first example is simple to set up, but has major limitations that will be
+addressed in a second example. Postfix receives unfiltered mail from the
+network with the smtpd(8) server, and delivers unfiltered mail to a content
filter with the Postfix pipe(8) delivery agent. The content filter injects
filtered mail back into Postfix with the Postfix sendmail(1) command, so that
Postfix can deliver it to the final destination.
Notes:
- * Line 8: The -G option does nothing before Postfix 2.3, otherwise it
- disables address rewriting of message headers.
+ * Line 8: The -G option says the filter output is not a local mail
+ submission: don't do silly things like appending the local domain name to
+ addresses in message headers. This option does nothing before Postfix
+ version 2.3.
* Line 8: The -i option says don't stop reading input when a line contains
"." only.
* Line 8: NEVER NEVER NEVER use the "-t" command-line option here. It will
- mis-deliver mail, like sending mailing list mail back to the mailing list.
+ mis-deliver mail, like sending messages from a mailing list back to the
+ mailing list.
* Line 21: The idea is to first capture the message to file and then run the
content through a third-party content filter program.
- * Line 22: If the mail cannot be captured to file, mail delivery is deferred
- by terminating with exit status 75 (EX_TEMPFAIL). Postfix places the
- message in the deferred mail queue and tries again later.
+ * Line 22: If the message cannot be captured to file, mail delivery is
+ deferred by terminating with exit status 75 (EX_TEMPFAIL). Postfix places
+ the message in the deferred mail queue and tries again later.
* Line 25: You will need to specify a real content filter program here that
receives the content on standard input.
* Line 26: If the content filter program finds a problem, the mail is bounced
- by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will return
- the message to the sender as undeliverable.
+ by terminating with exit status 69 (EX_UNAVAILABLE). Postfix will send the
+ message back to the sender as undeliverable mail.
- * Note: in this time of mail worms and spam, it is a BAD IDEA to send known
+ * NOTE: in this time of mail worms and spam, it is a BAD IDEA to send known
viruses or spam back to the sender, because that address is likely to be
- forged. It is safer to discard known to be bad content and to quarantine
- suspicious content so that it can be inspected by a human being.
+ forged. It is safer to discard known viruses and to quarantine suspicious
+ content so that it can be inspected by a human being.
* Line 28: If the content is OK, it is given as input to the Postfix sendmail
command, and the exit status of the filter command is whatever exit status
I suggest that you first run this script by hand until you are satisfied with
the results. Run it with a real message (headers+body) as input:
- % /path/to/script -f sender recipient... <message-file
+ % /path/to/script -f sender -- recipient... <message-file
Once you're satisfied with the content filtering script:
smtp inet ...other stuff here, do not change... smtpd
-o content_filter=filter:dummy
- The "content_filter" line causes Postfix to add one content filter request
- record to each incoming mail message, with content "filter:dummy". This
- record overrides the normal mail routing and causes mail to be given to the
- content filter instead.
+ The "-o content_filter" line causes Postfix to add one content filter
+ request record to each incoming mail message, with content "filter:dummy".
+ This record overrides the normal mail routing and causes mail to be given
+ to the content filter instead.
The content_filter configuration parameter accepts the same syntax as the
right-hand side in a Postfix transport table.
* Edit the master.cf file, remove the "-o content_filter=filter:dummy" text
from the entry that defines the Postfix SMTP server.
- * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter information from
+ * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter request records from
existing queue files.
* Execute another "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd".
content filter 10025
The example given here filters all mail, including mail that arrives via SMTP
-and mail that is locally submitted via the Postfix sendmail command. See
-examples near the end of this document for how to exclude local users from
-filtering, or how to configure a destination dependent content filter.
+and mail that is locally submitted via the Postfix sendmail command (local
+submissions enter Postfix via the pickup(8) server; to keep the figure simple
+we omit local submission details). See examples near the end of this document
+for how to exclude local users from filtering, or how to configure a
+destination dependent content filter.
You can expect to lose about a factor of two in Postfix performance for mail
that arrives and leaves via SMTP, provided that the content filter creates no
* The "-o disable_mime_output_conversion=yes" is a workaround that prevents
the breaking of domainkeys and other digital signatures. This is needed
because some SMTP-based content filters don't announce 8BITMIME support,
- even though they can handle it just fine.
+ even though they can handle 8-bit mail.
* The "-o smtp_generic_maps=" is a workaround that prevents local address
rewriting with generic(5) maps. Such rewriting should happen only when mail
user handles all potentially dangerous mail content - that is why it should
be a separate account.
+ * By default, Postfix will terminate a command that runs longer than
+ command_time_limit seconds (default: 1000s). This is a safety measure that
+ prevents filters from running forever.
+
If you want to have your filter listening on port localhost:10025 instead of
Postfix, then you must run your filter as a stand-alone program, and must not
use the Postfix spawn service.
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
- * Note: do not use spaces around the "=" or "," characters.
+ * NOTE: do not use spaces around the "=" or "," characters.
- * Note: the SMTP server must not have a smaller process limit than the
+ * NOTE: the SMTP server must not have a smaller process limit than the
"filter" master.cf entry.
* The "-o content_filter=" overrides main.cf settings, and requests no
content filtering for mail from the content filter. This is required or
- else mail will stay in the content filtering loop.
+ else mail will loop.
* The "-o receive_override_options" overrides main.cf settings to avoid
duplicating work that was already done before the content filter. These
o We specify "no_milters" to disable Milter applications (this option is
available only in Postfix 2.3 and later).
- o We don't specify "no_address_mapping" here. This enables virtual alias
+ o We don't specify "no_address_mappings" here. This enables virtual alias
expansion, canonical mappings, address masquerading, and other address
mappings after the content filter. The main.cf setting of
"receive_override_options" disables these mappings before the content
content_filter = scan:localhost:10025
receive_override_options = no_address_mappings
- * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter information from
+ * Execute "p\bpo\bos\bst\bts\bsu\bup\bpe\ber\br -\b-r\br A\bAL\bLL\bL" to remove content filter request records from
existing queue files.
* Execute another "p\bpo\bos\bst\btf\bfi\bix\bx r\bre\bel\blo\boa\bad\bd".
1\b1 -\b- P\bPu\bur\brp\bpo\bos\bse\be o\bof\bf t\bth\bhi\bis\bs d\bdo\boc\bcu\bum\bme\ben\bnt\bt
-This is a bootstrap document that helps you get Postfix up and running from
-scratch with the minimal number of steps. If you are using a pre-compiled
-version of Postfix, you should be reading the general Postfix documentation
-which aims to describe the system in more detail. This bootstrap document
-should not be considered part of the general Postfix documentation.
+If you are using a pre-compiled version of Postfix, you should start with
+BASIC_CONFIGURATION_README and the general documentation referenced by it.
+INSTALL is only a bootstrap document to get Postfix up and running from scratch
+with the minimal number of steps; it should not be considered part of the
+general documentation.
This document describes how to build, install and configure a Postfix system so
that it can do one of the following:
% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
% setenv MANPATH "`pwd`/man:$MANPATH"
-Of particular interest is the postconf(5) manual page that lists all the 400+
+Of particular interest is the postconf(5) manual page that lists all the 500+
configuration parameters. The HTML version of this text makes it easy to
navigate around.
OSF1.V3 - OSF1.V5 (Digital UNIX)
Reliant UNIX 5.x
Rhapsody 5.x
- SunOS 4.1.4 (July 2006)
- SunOS 5.4 - 5.9 (Solaris 2.4..9)
+ SunOS 4.1.4 (March 2007)
+ SunOS 5.4 - 5.10 (Solaris 2.4..10)
Ultrix 4.x (well, that was long ago)
or something closely resemblant.
4\b4.\b.1\b1 -\b- G\bGe\bet\btt\bti\bin\bng\bg s\bst\bta\bar\brt\bte\bed\bd
On Solaris, the "make" command and other utilities for software development are
-in /usr/ccs/bin, so you MUST have /usr/ccs/bin in your command search path.
+in /usr/ccs/bin, so you MUST have /usr/ccs/bin in your command search path. If
+these files do not exist, install the development packages first. See the
+Solaris FAQ item "Which packages do I need to install to support a C
+compiler?".
If you need to build Postfix for multiple architectures, use the "lndir"
command to build a shadow tree with symbolic links to the source files. "lndir"
4\b4.\b.5\b5 -\b- S\bSu\bup\bpp\bpo\bor\brt\bt f\bfo\bor\br t\bth\bho\bou\bus\bsa\ban\bnd\bds\bs o\bof\bf p\bpr\bro\boc\bce\bes\bss\bse\bes\bs
-In order to build Postfix for very large applications, where you expect to run
-more than 1000 mail delivery processes, you may need to override the definition
-of the FD_SETSIZE macro to make select() work correctly:
+The number of connections that Postfix can manage simultaneously is limited by
+the number of processes that it can run. This number in turn is limited by the
+number of files and sockets that a single process can open. For example, the
+Postfix queue manager has a separate connection to each delivery process, and
+the anvil(8) server has one connection per smtpd(8) process.
+
+Postfix version 2.4 and later have no built-in limits on the number of open
+files or sockets, when compiled on systems that support one of the following:
+
+ * BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
+ * Solaris 8 /dev/poll,
+ * Linux 2.6 epoll(4).
+
+With other Postfix versions or operating systems, the number of file
+descriptors per process is limited by the value of the FD_SETSIZE macro. If you
+expect to run more than 1000 mail delivery processes, you may need to override
+the definition of the FD_SETSIZE macro to make select() work correctly:
% make makefiles CCARGS=-DFD_SETSIZE=2048
not allowed) and overriding the __FD_SETSIZE macro. Beware, undocumented
interfaces can change at any time and without warning.
+But wait, there is more: none of this will work unless the operating system is
+configured to handle thousands of connections. See the TUNING_README guide for
+examples of how to increase the number of open sockets or files.
+
4\b4.\b.6\b6 -\b- C\bCo\bom\bmp\bpi\bil\bli\bin\bng\bg P\bPo\bos\bst\btf\bfi\bix\bx,\b, a\bat\bt l\bla\bas\bst\bt
If the command
This text describes how to install Postfix from source code. See the
PACKAGE_README file if you are building a package for distribution to other
-systems. See auxiliary/MacOSX/README-INSTALL.OSX for information about
-installing Postfix from source on Mac OS X.
+systems.
6\b6.\b.1\b1 -\b- S\bSa\bav\bve\be e\bex\bxi\bis\bst\bti\bin\bng\bg S\bSe\ben\bnd\bdm\bma\bai\bil\bl b\bbi\bin\bna\bar\bri\bie\bes\bs
IMPORTANT: if you are REPLACING an existing Sendmail installation with Postfix,
you may need to keep the old sendmail program running for some time in order to
-flush the mail queue. As superuser, execute the following commands (your
-sendmail, newaliases and mailq programs may be in a different place):
+flush the mail queue.
+
+ * Some systems implement a mail switch mechanism where different MTAs
+ (Postfix, Sendmail, etc.) can be installed at the same time, while only one
+ of them is actually being used. Examples of such switching mechanisms are
+ the FreeBSD mailwrapper(8) or the Linux mail switch. In this case you
+ should try to "flip" the switch to "Postfix" before installing Postfix.
+
+ * If your system has no mail switch mechanism, execute the following commands
+ (your sendmail, newaliases and mailq programs may be in a different place):
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# make upgrade (non-interactive version, for upgrades)
+ * The interactive version ("make install") asks for pathnames for Postfix
+ data and program files, and stores your preferences in the main.cf file. I\bIf\bf
+ y\byo\bou\bu d\bdo\bon\bn'\b't\bt w\bwa\ban\bnt\bt P\bPo\bos\bst\btf\bfi\bix\bx t\bto\bo o\bov\bve\ber\brw\bwr\bri\bit\bte\be n\bno\bon\bn-\b-P\bPo\bos\bst\btf\bfi\bix\bx "\b"s\bse\ben\bnd\bdm\bma\bai\bil\bl"\b",\b, "\b"m\bma\bai\bil\blq\bq"\b" a\ban\bnd\bd
+ "\b"n\bne\bew\bwa\bal\bli\bia\bas\bse\bes\bs"\b" f\bfi\bil\ble\bes\bs,\b, s\bsp\bpe\bec\bci\bif\bfy\by p\bpa\bat\bth\bhn\bna\bam\bme\bes\bs t\bth\bha\bat\bt e\ben\bnd\bd i\bin\bn "\b".\b.p\bpo\bos\bst\btf\bfi\bix\bx"\b".
+
* The non-interactive version ("make upgrade") needs the /etc/postfix/main.cf
file from a previous installation. If the file does not exist, use
interactive installation ("make install") instead.
- * The interactive version offers suggestions for pathnames that you can
- override interactively, and stores your preferences in /etc/postfix/main.cf
- for convenient future upgrades.
-
6\b6.\b.4\b4 -\b- C\bCo\bon\bnf\bfi\big\bgu\bur\bre\be P\bPo\bos\bst\btf\bfi\bix\bx
Proceed to the section on how you wish to run Postfix on your particular
address. Simply configure your mail user agent to directly invoke the Postfix
sendmail program.
+To create a virtual network interface address, study your system ifconfig
+manual page. The command syntax could be any of:
+
+ # i
\bif
\bfc
\bco
\bon
\bnf
\bfi
\big
\bg l
\ble
\be0
\b0:
\b:1
\b1 <
\b<a
\bad
\bdd
\bdr
\bre
\bes
\bss
\bs>
\b> n
\bne
\bet
\btm
\bma
\bas
\bsk
\bk <
\b<m
\bma
\bas
\bsk
\bk>
\b> u
\bup
\bp
+ # i
\bif
\bfc
\bco
\bon
\bnf
\bfi
\big
\bg e
\ben
\bn0
\b0 a
\bal
\bli
\bia
\bas
\bs <
\b<a
\bad
\bdd
\bdr
\bre
\bes
\bss
\bs>
\b> n
\bne
\bet
\btm
\bma
\bas
\bsk
\bk 2
\b25
\b55
\b5.
\b.2
\b25
\b55
\b5.
\b.2
\b25
\b55
\b5.
\b.2
\b25
\b55
\b5
+
In the /etc/postfix/main.cf file, I would specify
/etc/postfix/main.cf:
E\bEx\bxa\bam\bmp\bpl\ble\be:\b: e\bex\bxp\bpa\ban\bnd\bdi\bin\bng\bg L\bLD\bDA\bAP\bP g\bgr\bro\bou\bup\bps\bs
-LDAP is frequently used to store group member information, and Postfix supports
-expanding a group's email address to the list of email addresses of the group
-members. There are a number of ways of handling LDAP groups, which will be
-illustrated via the mock LDAP entries and implied schema below. This shows two
-group entries "agroup" and "bgroup" and four user entries "auser", "buser",
-"cuser" and "duser". The group "agroup" has the users "auser" (1) and "buser"
-(2) as members via DN references in the multi-valued attribute "memberdn", and
-direct email addresses of two external users "auser@example.org" (3) and
+LDAP is frequently used to store group member information. There are a number
+of ways of handling LDAP groups. We will show a few examples in order of
+increasing complexity, but owing to the number of independent variables, we can
+only present a tiny portion of the solution space. We show how to:
+
+ 1. query groups as lists of addresses;
+
+ 2. query groups as lists of user objects containing addresses;
+
+ 3. forward special lists unexpanded to a separate list server, for moderation
+ or other processing;
+
+ 4. handle complex schemas by controlling expansion and by treating leaf nodes
+ specially, using features that are new in Postfix 2.4.
+
+The example LDAP entries and implied schema below show two group entries
+("agroup" and "bgroup") and four user entries ("auser", "buser", "cuser" and
+"duser"). The group "agroup" has the users "auser" (1) and "buser" (2) as
+members via DN references in the multi-valued attribute "memberdn", and direct
+email addresses of two external users "auser@example.org" (3) and
"buser@example.org" (4) stored in the multi-valued attribute "memberaddr". The
same is true of "bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also
has a "maildrop" attribute of "bgroup@mlm.example.com" (5):
tables using postmap(1) with the "-q" option, before deploying them into
production use in main.cf.
-Our second use case also expands "memberdn" attributes (1), (2), (6) and (7),
-follows the DN references and returns the "maildrop" of the referenced user
-entries. Here we use the "special_result_attribute" setting from ldap_table(5)
-to designate the "memberdn" attribute as holding DNs of the desired member
-entries. The "result_attribute" setting selects which attributes are returned
-from the selected DNs. It is important to choose a result attribute that is not
-also present in the group object, because result attributes are collected from
-both the group and the member DNs. In this case we choose "maildrop" and assume
-for the moment that groups never have a "maildrop" (the "bgroup" "maildrop"
-attribute is for a different use case). The returned data for "auser" and
-"buser" is from items (11) and (13) in the mock data.
+Our second use case instead expands "memberdn" attributes (1), (2), (6) and
+(7), follows the DN references and returns the "maildrop" of the referenced
+user entries. Here we use the "special_result_attribute" setting from
+ldap_table(5) to designate the "memberdn" attribute as holding DNs of the
+desired member entries. The "result_attribute" setting selects which attributes
+are returned from the selected DNs. It is important to choose a result
+attribute that is not also present in the group object, because result
+attributes are collected from both the group and the member DNs. In this case
+we choose "maildrop" and assume for the moment that groups never have a
+"maildrop" (the "bgroup" "maildrop" attribute is for a different use case). The
+returned data for "auser" and "buser" is from items (11) and (13) in the
+example data.
special.cf:
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q agroup@example.com ldap:special.cf
-
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
Note: if the desired member object result attribute is always also present in
-the group, you get suprising results, the expansion also returns the address of
-the group. This is a known limitation of Postfix releases prior to 2.4, and is
-addressed in the new with Postfix 2.4 "leaf_result_attribute" feature described
-in ldap_table(5).
+the group, you get surprising results: the expansion also returns the address
+of the group. This is a known limitation of Postfix releases prior to 2.4, and
+is addressed in the new with Postfix 2.4 "leaf_result_attribute" feature
+described in ldap_table(5).
Our third use case has some groups that are expanded immediately, and other
groups that are forwarded to a dedicated mailing list manager host for delayed
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
auser@mailhub.example.com
$ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
-
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
$ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
bgroup@mlm.example.com
* Liviu Daia with further refinements from Jose Luis Tallon and Victor
Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.
+ * Gunnar Wrobel provided a first implementation of a feature to limit LDAP
+ search results to leaf nodes only. Victor generalized this into the Postfix
+ 2.4 "leaf_result_attribute" feature.
And of course Wietse.
B\bBe\ber\brk\bke\bel\ble\bey\by D\bDB\bB i\bis\bss\bsu\bue\bes\bs
-Warning: if you can't compile Postfix because the file "db.h" isn't found, then
-you MUST install the Berkeley DB development package (name: db???-devel-???)
-that matches your system library. You can find out what is installed with the
-rpm command. For example:
+If you can't compile Postfix because the file "db.h" isn't found, then you MUST
+install the Berkeley DB development package (name: db???-devel-???) that
+matches your system library. You can find out what is installed with the rpm
+command. For example:
$ r\brp\bpm\bm -\b-q\bqf\bf /\b/u\bus\bsr\br/\b/l\bli\bib\bb/\b/l\bli\bib\bbd\bdb\bb.\b.s\bso\bo
db4-4.3.29-2
This means that you need to install db4-devel-4.3.29-2 (on some systems,
-specify /lib/libdb.so in the rpm query).
+specify "r\brp\bpm\bm -\b-q\bqf\bf /\b/l\bli\bib\bb/\b/l\bli\bib\bbd\bdb\bb.\b.s\bso\bo" instead).
DO NOT download some Berkeley DB version from the network. Every Postfix
program will dump core when it is built with a different Berkeley DB version
P\bPr\bro\boc\bcm\bma\bai\bil\bl i\bis\bss\bsu\bue\bes\bs
On RedHat Linux 7.1 and later p\bpr\bro\boc\bcm\bma\bai\bil\bl no longer has permission to write the
-mail spool directory. Workaround: chmod 1777 /var/spool/mail.
+mail spool directory. Workaround:
+
+ # chmod 1777 /var/spool/mail
S\bSy\bys\bsl\blo\bog\bgd\bd p\bpe\ber\brf\bfo\bor\brm\bma\ban\bnc\bce\be
local_recipient_maps =
That is, an empty value. With this setting, the Postfix SMTP server will not
-reject mail with "User unknown in local recipient table".
+reject mail with "User unknown in local recipient table". D\bDo\bon\bn'\b't\bt d\bdo\bo t\bth\bhi\bis\bs o\bon\bn
+s\bsy\bys\bst\bte\bem\bms\bs t\bth\bha\bat\bt r\bre\bec\bce\bei\biv\bve\be m\bma\bai\bil\bl d\bdi\bir\bre\bec\bct\btl\bly\by f\bfr\bro\bom\bm t\bth\bhe\be I\bIn\bnt\bte\ber\brn\bne\bet\bt.\b. W\bWi\bit\bth\bh t\bto\bod\bda\bay\by'\b's\bs w\bwo\bor\brm\bms\bs a\ban\bnd\bd
+v\bvi\bir\bru\bus\bse\bes\bs,\b, P\bPo\bos\bst\btf\bfi\bix\bx w\bwi\bil\bll\bl b\bbe\bec\bco\bom\bme\be a\ba b\bba\bac\bck\bks\bsc\bca\bat\btt\bte\ber\br s\bso\bou\bur\brc\bce\be:\b: i\bit\bt a\bac\bcc\bce\bep\bpt\bts\bs m\bma\bai\bil\bl f\bfo\bor\br n\bno\bon\bn-\b-
+e\bex\bxi\bis\bst\bte\ben\bnt\bt r\bre\bec\bci\bip\bpi\bie\ben\bnt\bts\bs a\ban\bnd\bd t\bth\bhe\ben\bn t\btr\bri\bie\bes\bs t\bto\bo r\bre\bet\btu\bur\brn\bn t\bth\bha\bat\bt m\bma\bai\bil\bl a\bas\bs "\b"u\bun\bnd\bde\bel\bli\biv\bve\ber\bra\bab\bbl\ble\be"\b" t\bto\bo
+t\bth\bhe\be o\bof\bft\bte\ben\bn f\bfo\bor\brg\bge\bed\bd s\bse\ben\bnd\bde\ber\br a\bad\bdd\bdr\bre\bes\bss\bs.
W\bWh\bhe\ben\bn y\byo\bou\bu n\bne\bee\bed\bd t\bto\bo c\bch\bha\ban\bng\bge\be t\bth\bhe\be l\blo\boc\bca\bal\bl_\b_r\bre\bec\bci\bip\bpi\bie\ben\bnt\bt_\b_m\bma\bap\bps\bs s\bse\bet\btt\bti\bin\bng\bg i\bin\bn m\bma\bai\bin\bn.\b.c\bcf\bf
directories.
The following example shows how to use maildrop for some.domain and for
-someother.domain.
+someother.domain. The example comes in two parts.
+
+Part 1 describes changes to the main.cf file:
1 /etc/postfix/main.cf:
2 maildrop_destination_recipient_limit = 1
Note: Do not use the postfix user as the maildrop user.
+Part 2 describes changes to the master.cf file:
+
/etc/postfix/master.cf:
maildrop unix - n n - - pipe
flags=ODRhu user=vmail argv=/path/to/maildrop -d ${recipient}
The reason for adding Milter support to Postfix is that there exists a large
collection of applications, not only to block unwanted mail, but also to verify
-authenticity (examples: SenderID+SPF and Domain keys) or to digitally sign mail
-(example: Domain keys). Having yet another Postfix-specific version of all that
-software is a poor use of human and system resources.
+authenticity (examples: Domain keys identified mail, SenderID+SPF and Domain
+keys) or to digitally sign mail (examples: Domain keys identified mail, Domain
+keys). Having yet another Postfix-specific version of all that software is a
+poor use of human and system resources.
Postfix version 2.4 implements all the requests of Sendmail version 8 Milter
protocols up to version 4, including message body replacement (body replacement
such a library, but Sendmail does.
On some Linux and *BSD distributions, the Sendmail libmilter library is
-installed by default. With this, applications such as dk-milter and sid-milter
-build out of the box without requiring any tinkering:
+installed by default. With this, applications such as dkim-milter and sid-
+milter build out of the box without requiring any tinkering:
- $ g\bgz\bzc\bca\bat\bt d\bdk\bk-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz.\b.t\bta\bar\br.\b.g\bgz\bz |\b| t\bta\bar\br x\bxf\bf -\b-
- $ c\bcd\bd d\bdk\bk-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz
+ $ g\bgz\bzc\bca\bat\bt d\bdk\bki\bim\bm-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz.\b.t\bta\bar\br.\b.g\bgz\bz |\b| t\bta\bar\br x\bxf\bf -\b-
+ $ c\bcd\bd d\bdk\bki\bim\bm-\b-m\bmi\bil\blt\bte\ber\br-\b-x\bx.\b.y\by.\b.z\bz
$ m\bma\bak\bke\be
[...lots of output omitted...]
To run a Milter application, see the documentation of the filter for options. A
typical command looks like this:
- # /\b/s\bso\bom\bme\be/\b/w\bwh\bhe\ber\bre\be/\b/d\bdk\bk-\b-f\bfi\bil\blt\bte\ber\br -\b-u\bu u\bus\bse\ber\bri\bid\bd -\b-p\bp i\bin\bne\bet\bt:\b:p\bpo\bor\brt\btn\bnu\bum\bmb\bbe\ber\br@\b@l\blo\boc\bca\bal\blh\bho\bos\bst\bt .\b..\b..\b.o\bot\bth\bhe\ber\br
+ # /\b/s\bso\bom\bme\be/\b/w\bwh\bhe\ber\bre\be/\b/d\bdk\bki\bim\bm-\b-f\bfi\bil\blt\bte\ber\br -\b-u\bu u\bus\bse\ber\bri\bid\bd -\b-p\bp i\bin\bne\bet\bt:\b:p\bpo\bor\brt\btn\bnu\bum\bmb\bbe\ber\br@\b@l\blo\boc\bca\bal\blh\bho\bos\bst\bt .\b..\b..\b.o\bot\bth\bhe\ber\br
o\bop\bpt\bti\bio\bon\bns\bs.\b..\b..\b.
Please specify a userid value that isn't used for other applications (not
X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-
msgid>
- This happens because some Milter applications expect that the queue ID is
+ This happens because those Milter applications expect that the queue ID is
known before the MTA accepts the MAIL FROM (sender) command. Postfix, on
the other hand, does not choose a queue file name until after it accepts
- the first valid RCPT TO (recipient) command. Postfix queue file names must
+ the first valid RCPT TO (recipient) command (Postfix queue file names must
be unique across multiple directories, so the name can't be chosen before
- the file is created. If multiple messages were to use the same queue ID
- simultaneously, mail would be lost.
+ the file is created; if multiple messages were to use the same queue ID
+ simultaneously, mail would be lost).
- To work around the ugly message header from Milter applications, we add a
- little code to the Milter source to look up the queue ID after Postfix
- receives the end of the message.
+If you experience the ugly header problem, see if a recent version of the
+Milter application fixes it. For example, current versions of dkim-filter and
+dk-filter already have code that looks up the Postfix queue ID at a later
+protocol stage.
- o Edit the filter source file (typically named dk-filter/dk-filter.c or
- similar).
+To fix the ugly message header with sid-filter applications, we change the
+source code, so that it does the queue ID lookup after Postfix receives the end
+of the message.
- o Look up the mlfi_eom() function and add code near the top shown as b\bbo\bol\bld\bd
- text below:
+ * Edit the filter source file (named sid-filter/sid-filter.c).
- dfc = cc->cctx_msg;
- assert(dfc != NULL);
+ * Look up the smfilter table and replace mlfi_eoh by NULL.
- /\b/*\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b. *\b*/\b/
- i\bif\bf (\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, J\bJO\bOB\bBI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b)
- {\b{
- c\bch\bha\bar\br *\b*j\bjo\bob\bbi\bid\bd =\b= s\bsm\bmf\bfi\bi_\b_g\bge\bet\bts\bsy\bym\bmv\bva\bal\bl(\b(c\bct\btx\bx,\b, "\b"i\bi"\b")\b);\b;
- i\bif\bf (\b(j\bjo\bob\bbi\bid\bd !\b!=\b= 0\b0)\b)
- d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
- }\b}
+ * Look up the mlfi_eom() function and add code near the top that calls
+ mlfi_eoh() as shown by the b\bbo\bol\bld\bd text below:
- /* get hostname; used in the X header and in new MIME boundaries */
+ assert(ctx != NULL);
+ #endif /* !DEBUG */
- NOTES:
+ r\bre\bet\bt =\b= m\bml\blf\bfi\bi_\b_e\beo\boh\bh(\b(c\bct\btx\bx)\b);\b;
+ i\bif\bf (\b(r\bre\bet\bt !\b!=\b= S\bSM\bMF\bFI\bIS\bS_\b_C\bCO\bON\bNT\bTI\bIN\bNU\bUE\bE)\b)
+ r\bre\bet\btu\bur\brn\bn r\bre\bet\bt;\b;
- o Different mail filters use slightly different names for variables. If
- the above code does not compile, look for the code at the start of the
- mlfi_eoh() routine.
+NOTES:
- o This fixes only the ugly message header, but not the WARNING message.
- Fortunately, dk-filter logs that message only once.
+ * This was tested with sid-milter-0.2.10 and sid-milter-0.2.14.
- With some Milter applications we can fix both the WARNING and the "unknown-
- msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the
- WARNING) until the end of the message.
+ * This fixes only the ugly message header, but not the WARNING message.
+ Fortunately, sid-milter logs that message only once.
- o Edit the filter source file (typically named sid-filter/sid-filter.c or
- similar).
+To fix the ugly message header with other Milter applications, you will need to
+do something like this:
- o Look up the smfilter table and replace mlfi_eoh (or whatever routine
- logs the WARNING) by NULL.
+ * Edit the filter source file (typically named xxx-filter/xxx-filter.c or
+ similar).
- o Look up the mlfi_eom() function and add code near the top that calls
- mlfi_eoh() as shown by the b\bbo\bol\bld\bd text below:
+ * Look up the mlfi_eom() function and add code near the top shown as b\bbo\bol\bld\bd
+ text below:
- assert(ctx != NULL);
- #endif /* !DEBUG */
+ dfc = cc->cctx_msg;
+ assert(dfc != NULL);
- r\bre\bet\bt =\b= m\bml\blf\bfi\bi_\b_e\beo\boh\bh(\b(c\bct\btx\bx)\b);\b;
- i\bif\bf (\b(r\bre\bet\bt !\b!=\b= S\bSM\bMF\bFI\bIS\bS_\b_C\bCO\bON\bNT\bTI\bIN\bNU\bUE\bE)\b)
- r\bre\bet\btu\bur\brn\bn r\bre\bet\bt;\b;
+ /\b/*\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b. *\b*/\b/
+ i\bif\bf (\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, J\bJO\bOB\bBI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b) {\b{
+ c\bch\bha\bar\br *\b*j\bjo\bob\bbi\bid\bd =\b= s\bsm\bmf\bfi\bi_\b_g\bge\bet\bts\bsy\bym\bmv\bva\bal\bl(\b(c\bct\btx\bx,\b, "\b"i\bi"\b")\b);\b;
+ i\bif\bf (\b(j\bjo\bob\bbi\bid\bd !\b!=\b= 0\b0)\b)
+ d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
+ }\b}
- This works with sid-milter-0.2.10. Other Milter applications will dump core
- when you do this.
+ /* get hostname; used in the X header and in new MIME boundaries */
+
+NOTES:
+
+ * Different mail filters use slightly different names for variables. If the
+ above code does not compile, look for the code at the start of the mlfi_eoh
+ () routine.
+
+ * This fixes only the ugly message header, but not the WARNING message.
+ Fortunately, many Milters log that message only once.
L\bLi\bim\bmi\bit\bta\bat\bti\bio\bon\bns\bs
application name: st_optionneg[134563840]: 0x3d does not fulfill action
requirements 0x1e
- The solution is to use a Postfix version that supports the missing
- functionality.
+ The solution is to use Postfix version 2.4 or later.
* Most Milter configuration options are global. Future Postfix versions may
support per-Milter timeouts, per-Milter error handling, etc.
When delivering mail to a destination with multiple mail servers,
connection caching can help to skip over a non-responding server, and thus
- dramatically speed up delivery.
+ dramatically speed up delivery. SMTP connection caching is available in
+ Postfix version 2.2 and later. More information about this feature is in
+ the CONNECTION_CACHE_README document.
- smtp(8) <-> scache(8) <-> smtp(8)
-
+ /-- smtp(8) --> Internet
+
+ qmgr(8) |
+ |
+ \-- | smtp(8) --> Internet
+ |
+ ^
+ |
+
+ scache(8)
* The showq(8) servers list the Postfix queue status. This is the queue
listing service that does the work for the mailq(1) and postqueue(1)
G\bGe\ben\bne\ber\bra\bal\bl d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bns\bs:\b: p\bpl\ble\bea\bas\bse\be p\bpr\bro\bov\bvi\bid\bde\be a\ba s\bsm\bma\bal\bll\bl d\bde\bef\bfa\bau\bul\blt\bt m\bma\bai\bin\bn.\b.c\bcf\bf f\bfi\bil\ble\be
The installed main.cf file must be small. PLEASE resist the temptation to list
-all 400+ parameters in the main.cf file. Postfix is supposed to be easy to
-configure. Listing all 400+ in main.cf defeats the purpose. It is an invitation
-for hobbyists to make random changes without understanding what they do, and
-gets them into endless trouble.
+all parameters in the main.cf file. Postfix is supposed to be easy to
+configure. Listing all parameters in main.cf defeats the purpose. It is an
+invitation for hobbyists to make random changes without understanding what they
+do, and gets them into endless trouble.
G\bGe\ben\bne\ber\bra\bal\bl d\bdi\bis\bst\btr\bri\bib\bbu\but\bti\bio\bon\bns\bs:\b: p\bpl\ble\bea\bas\bse\be i\bin\bnc\bcl\blu\bud\bde\be R\bRE\bEA\bAD\bDM\bME\bE o\bor\br H\bHT\bTM\bML\bL f\bfi\bil\ble\bes\bs
www.openspf.org/Software.
Policy delegation is now the preferred method for adding policies to Postfix.
-It's much easier to develop a new feature in few lines of Perl, than trying to
-do the same in C code. The difference in performance will be unnoticeable
-except in the most demanding environments. On active systems a policy daemon
-process is used multiple times, for up to $max_use incoming SMTP connections.
+It's much easier to develop a new feature in few lines of Perl, Python, Ruby,
+or TCL, than trying to do the same in C code. The difference in performance
+will be unnoticeable except in the most demanding environments. On active
+systems a policy daemon process is used multiple times, for up to $max_use
+incoming SMTP connections.
This document covers the following topics:
how the client was authenticated via TLS. These attributes are empty in
case of no certificate authentication. As of Postfix 2.2.11 these attribute
values are encoded as xtext: some characters are represented by +XX, where
- XX is the two-digit hecadecimal representation of the character value.
+ XX is the two-digit hexadecimal representation of the character value.
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the
1. Re-inject the mail back into Postfix via SMTP, perhaps after changing its
content and/or destination.
- 2. Reject the mail by sending a suitable SMTP status code back to Postfix.
+ 2. Discard or quarantine the mail.
+
+ 3. Reject the mail by sending a suitable SMTP status code back to Postfix.
Postfix passes the status back to the remote SMTP client. This way, Postfix
does not have to send a bounce message.
from using up all 20 SMTP server processes. This limit is not necessary if
you receive all mail from a trusted relay host.
- Note: this setting is ignored by the stable Postfix 2.1 release. The
- feature will be available only in the experimental release until Postfix
- 2.2.
+ Note: this setting is available in Postfix version 2.2 and later. Earlier
+ Postfix versions will ignore it.
* The "-o smtpd_proxy_filter=127.0.0.1:10025" tells the before filter SMTP
server that it should give incoming mail to the content filter that listens
is used selectively, only with destinations explicitly configured for TLS.
You can disable TLS for a subset of destinations, while leaving it enabled for
-the rest. With the Postfix 2.3+ TLS policy table, specify the "none" security
-level. With the obsolete per-site table, specify the "NONE" keyword.
+the rest. With the Postfix 2.3 and later TLS policy table, specify the "none"
+security level. With the obsolete per-site table, specify the "NONE" keyword.
O\bOp\bpp\bpo\bor\brt\btu\bun\bni\bis\bst\bti\bic\bc T\bTL\bLS\bS
warning written to the mail logs.
You can enable opportunistic TLS just for selected destinations. With the
-Postfix 2.3+ TLS policy table, specify the "may" security level. With the
-obsolete per-site table, specify the "MAY" keyword.
+Postfix 2.3 and later TLS policy table, specify the "may" security level. With
+the obsolete per-site table, specify the "MAY" keyword.
This is the most common security level for TLS protected SMTP sessions,
stronger security is not generally available and, if needed, is typically only
security level.
You can enable mandatory TLS encryption just for specific destinations. With
-the Postfix 2.3+ TLS policy table, specify the "encrypt" security level. With
-the obsolete per-site table, specify the "MUST_NOPEERMATCH" keyword. While the
-obsolete approach still works with Postfix 2.3, it is strongly discouraged:
-users of Postfix 2.3+ should use the new TLS policy settings.
+the Postfix 2.3 and later TLS policy table, specify the "encrypt" security
+level. With the obsolete per-site table, specify the "MUST_NOPEERMATCH"
+keyword. While the obsolete approach still works with Postfix 2.3, it is
+strongly discouraged: users of Postfix 2.3 and later should use the new TLS
+policy settings.
Examples:
.example.com encrypt
Postfix 2.2 syntax (no support for sub-domains without resorting to regexp
-tables). With Postfix 2.3+, do not use the obsolete per-site table.
+tables). With Postfix 2.3 and later, do not use the obsolete per-site table.
/etc/postfix/main.cf:
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
Instead, use the destination (for example, "[example.net]:587"), as the per-
site table lookup key (a recipient domain or MX-enabled transport nexthop with
no port suffix may look like a bare hostname, but is still a suitable
-destination). With Postfix 2.3+, do not use the obsolete per-site table; use
-the new policy table instead.
+destination). With Postfix 2.3 and later, do not use the obsolete per-site
+table; use the new policy table instead.
/etc/postfix/main.cf:
smtp_tls_per_site = hash:/etc/postfix/tls_per_site
configuration instead.
You can enable mandatory server certificate verification just for specific
-destinations. With the Postfix 2.3+ TLS policy table, specify the "verify"
-security level. With the obsolete per-site table, specify the "MUST" keyword.
-While the obsolete approach still works with Postfix 2.3, it is strongly
-discouraged: users of Postfix 2.3+ should use the new TLS policy settings.
+destinations. With the Postfix 2.3 and later TLS policy table, specify the
+"verify" security level. With the obsolete per-site table, specify the "MUST"
+keyword. While the obsolete approach still works with Postfix 2.3, it is
+strongly discouraged: users of Postfix 2.3 and later should use the new TLS
+policy settings.
Example:
necessary STARTTLS support.
You can enable secure TLS verification just for specific destinations. With the
-Postfix 2.3+ TLS policy table, specify the "secure" security level. With the
-obsolete per-site table, specify the "MUST" keyword and harden the certificate
-verification against DNS forgery. While the obsolete approach still works with
-Postfix 2.3, it is strongly discouraged: users of Postfix 2.3+ should use the
-new TLS policy settings.
+Postfix 2.3 and later TLS policy table, specify the "secure" security level.
+With the obsolete per-site table, specify the "MUST" keyword and harden the
+certificate verification against DNS forgery. While the obsolete approach still
+works with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3 and
+later should use the new TLS policy settings.
Examples:
/etc/postfix/tls_policy:
[tls.example.com] secure match=tls.example.com
-Postfix 2.2.9+ syntax:
+Postfix 2.2.9 and later syntax:
N\bNo\bot\bte\be:\b: Avoid policy lookups with the bare hostname (for example,
"tls.example.com"). Instead, use the destination (for example, "
[tls.example.com]") as the per-site table lookup key (a recipient domain or MX-
enabled transport nexthop with no port suffix may look like a bare hostname,
-but is still a suitable destination). With Postfix 2.3+, do not use the
-obsolete per-site table; use the new policy table instead.
+but is still a suitable destination). With Postfix 2.3 and later, do not use
+the obsolete per-site table; use the new policy table instead.
/etc/postfix/main.cf:
smtp_cname_overrides_servername = no
nexthop (enclosed in [] with a possible ":port" suffix) as the per-site table
lookup key (a recipient domain or MX-enabled transport nexthop with no port
suffix may look like a bare hostname, but is still a suitable destination).
-With Postfix 2.3+, use of the obsolete approach documented here is strongly
-discouraged: use the new policy table instead.
+With Postfix 2.3 and later, use of the obsolete approach documented here is
+strongly discouraged: use the new policy table instead.
Starting with Postfix 2.3, the underlying TLS enforcement levels are common to
the obsolete per-site table and the new policy table. The main.cf
For a general discussion of TLS security for SMTP see TLS limitations above.
What follows applies only to Postfix 2.2.9 and subsequent Postfix 2.2 patch
-levels. Do not use this approach with Postfix 2.3+; instead see the
+levels. Do not use this approach with Postfix 2.3 and later; instead see the
instructions under secure server certificate verification.
As long as no secure DNS lookup mechanism is available, false hostnames in MX
M\bMe\bea\bas\bsu\bur\bre\bes\bs a\bag\bga\bai\bin\bns\bst\bt c\bcl\bli\bie\ben\bnt\bts\bs t\bth\bha\bat\bt m\bma\bak\bke\be t\bto\boo\bo m\bma\ban\bny\by c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bns\bs
-Note: the anvil(8) service was introduced with Postfix version 2.2.
+Note: these features use the Postfix anvil(8) service, introduced with Postfix
+version 2.2.
The Postfix smtpd(8) server can limit the number of simultaneous connections
-from the same SMTP client, as well as the number of connections that a client
-is allowed to make per unit time. These statistics are maintained by the anvil
-(8) server (translation: if anvil(8) breaks, then connection limits stop
-working).
-
-IMPORTANT: These limits are designed to protect the smtpd(8) server against
-flagrant abuse. Do not use these limits to regulate legitimate traffic: mail
-will suffer grotesque delays if you do so.
-
- * An SMTP client may make up to $smtpd_client_connection_count_limit
- simultaneous connections (default: 50). This is half the default process
- limit.
-
- * An SMTP client may make up to $smtpd_client_message_rate_limit message
- delivery requests per unit time (default: no limit).
-
- * An SMTP client may send up to $smtpd_client_recipient_rate_limit recipient
- addresses per unit time (default: no limit).
-
- * An SMTP client may make up to $smtpd_client_connection_rate_limit
- connections per unit time (default: no limit).
-
- * These limits are not applied to SMTP clients in the networks specified with
- $smtpd_client_event_limit_exceptions (default: clients in $mynetworks may
- make an unlimited number of connections).
-
- * The anvil_rate_time_unit parameter specifies the time unit over which
- client connection rates are computed (default: 60s).
+from the same SMTP client, as well as the connection rate and the rate of
+certain SMTP commands from the same client. These statistics are maintained by
+the anvil(8) server (translation: if anvil(8) breaks, then connection limits
+stop working).
+
+IMPORTANT: These limits must not be used to regulate legitimate traffic: mail
+will suffer grotesque delays if you do so. The limits are designed to protect
+the smtpd(8) server against abuse by out-of-control clients.
+
+ smtpd_client_connection_count_limit (default: 50)
+ The maximum number of connections than an SMTP client may make
+ simultaneously.
+ smtpd_client_connection_rate_limit (default: no limit)
+ The maximum number of connections that an SMTP client may make in the
+ time interval specified with anvil_rate_time_unit (default: 60s).
+ smtpd_client_message_rate_limit (default: no limit)
+ The maximum number of message delivery requests that an SMTP client may
+ make in the time interval specified with anvil_rate_time_unit (default:
+ 60s).
+ smtpd_client_recipient_rate_limit (default: no limit)
+ The maximum number of recipient addresses that an SMTP client may
+ specify in the time interval specified with anvil_rate_time_unit
+ (default: 60s).
+ smtpd_client_new_tls_session_rate_limit (default: no limit)
+ The maximum number of new TLS sessions (without using the TLS session
+ cache) that an SMTP client may negotiate in the time interval specified
+ with anvil_rate_time_unit (default: 60s).
+ smtpd_client_event_limit_exceptions (default: $mynetworks)
+ SMTP clients that are excluded from connection and rate limits
+ specified above.
G\bGe\ben\bne\ber\bra\bal\bl m\bma\bai\bil\bl d\bde\bel\bli\biv\bve\ber\bry\by p\bpe\ber\brf\bfo\bor\brm\bma\ban\bnc\bce\be t\bti\bip\bps\bs
limit delivery concurrency to the same recipient: if the recipient has an
expensive shell command in her .forward file, or if the recipient is a
mailing list manager, you don't want to run too many instances of those
- processes the same time.
+ processes at the same time.
* The default smtp_destination_concurrency_limit of 20 seems enough to
noticeably load a system without bringing it to its knees. Be careful when
This process is governed by a bunch of little parameters.
- queue_run_delay (default: 1000 seconds)
+ queue_run_delay (default: 300 seconds; before Postfix 2.4: 1000s)
How often the queue manager scans the queue for deferred mail.
- minimal_backoff_time (default: 1000 seconds)
+ minimal_backoff_time (default: 300 seconds; before Postfix 2.4: 1000s)
The minimal amount of time a message won't be looked at, and the
minimal amount of time to stay away from a "dead" destination.
maximal_backoff_time (default: 4000 seconds)
When mail is being deferred frequently, fixing the problem is always better
than increasing the frequency of delivery attempts. However, if you can control
only the delivery attempt frequency, consider using a dedicated fallback_relay
-"graveyard" machine for bad destinations so that they do not ruin the
-performance of normal mail deliveries.
+"graveyard" machine for bad destinations, so that these destinations do not
+ruin the performance of normal mail deliveries.
T\bTu\bun\bni\bin\bng\bg t\bth\bhe\be n\bnu\bum\bmb\bbe\ber\br o\bof\bf P\bPo\bos\bst\btf\bfi\bix\bx p\bpr\bro\boc\bce\bes\bss\bse\bes\bs
When Postfix opens too many files or sockets, processes will abort with fatal
errors, and the system may log "file table full" errors.
+ * Depending on your Postfix and operating system versions you may need to
+ recompile Postfix if you need more than 1024 file descriptors per process:
+
+ o No recompilation is needed for Postfix version 2.4 and later, when it
+ was compiled for systems that support BSD kqueue(2) (FreeBSD 4.1,
+ NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or Linux 2.6 epoll(4).
+
+ o Otherwise, Postfix needs to be recompiled to override the default
+ FD_SETSIZE value.
+
* Reduce the number of processes as described under "Tuning the number of
Postfix processes" above. Fewer processes need fewer open files and
sockets.
sure to verify the following information with your system tuning guide:
o Some FreeBSD kernel parameters can be specified in /boot/loader.conf,
- and some can be changed with sysctl commands. Which is which depends on
- the version.
+ and some can be specified in /etc/sysctl.conf or changed with sysctl
+ commands. Which is which depends on the version.
kern.ipc.maxsockets="5000"
kern.ipc.nmbclusters="65536"
kern.maxfiles="16384"
kern.maxfilesperproc="16384"
- o Linux kernel parameters can be specified in /etc/sysctl.conf and can
- also be changed with sysctl commands:
+ o Linux kernel parameters can be specified in /etc/sysctl.conf or changed
+ with sysctl commands:
fs.file-max=16384
kernel.threads-max=2048
+++ /dev/null
-#!/bin/sh
-
-# Gerben Wierda, Oct 2001. Adapted from an existing example. I waive every
-# copyright on this and I also do not give any warranty.
-
-# Updated Sepember 29, 2002
-# To work properly, the POSTFIX variable needs to be set to -YES-
-# in /etc/hostconfig
-
-. /etc/rc.common
-
-if [ "${POSTFIX:=-NO-}" = "-YES-" -a "${MAILSERVER:=-NO-}" = "-YES-" ]
-then
- ConsoleMessage "Cannot run concurrent postfix and sendmail"
- sleep 2
- exit
-fi
-
-##
-# Start mail server
-##
-
-if [ "$1" == "start" ]
-then
- if [ "${POSTFIX:=-NO-}" = "-YES-" ]
- then
- ConsoleMessage "Starting Postfix mail services"
- /usr/sbin/postfix start
- fi
-elif [ "$1" == "stop" ]
-then
- ConsoleMessage "Stopping Postfix mail services"
- /usr/sbin/postfix stop
-elif [ "$1" == "restart" ]
-then
- if [ "${POSTFIX:=-NO-}" = "-YES-" ]
- then
- ConsoleMessage "Reloading Postfix configuration"
- /usr/sbin/postfix reload
- else
- ConsoleMessage "Stopping Postfix mail services"
- /usr/sbin/postfix stop
- fi
-fi
-
-
+++ /dev/null
-{
- Description = "Postfix mail server";
- Provides = ("SMTP");
- Requires = ("Resolver");
- Uses = ("Network Time", "NFS");
- Preference = "None";
- Messages =
- {
- start = "Starting Postfix";
- stop = "Stopping Postfix";
- restart = "Reloading Postfix Configuration";
- };
-}
+++ /dev/null
-# Adapted from an existing example by Gerben Wierda, Oct 2001. I waive every
-# copyright on this and I also do not give any warranty.
-
-Let's start with the important warning:
-
-DO NOT USE THE MULTIPLE USERS APPLICATION TO CREATE THE POSTFIX USER!
-
-NOTE: Mac OS X as of version 10.3 comes with Postfix as the standard mailer
-and it is supported in Server Admin on Mac OS X 10.3 Server . The instructions
-below therefore only apply for Mac OS X 10.2.8.
-
-NOTE: As of 29 September 2002, these instructions and the scripts have changed
-to make the solution more robust for Apple updates.
-
-Run the commands below in the order that they are presented
-
-A. INSTALLING POSTFIX for the first time and selecting it as the active
- Mail Transfer Agent (MTA):
-
- # All these commands are written to be run from this directory.
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- # Prepare for reactivating sendmail
- sudo ./backup-sendmail-binaries
-
- # this creates the necessary users & groups for proper operation
- # of postfix:
- sudo ./niscript
-
- # Install postfix:
- # When the script asks you for setgid (the default will be no) tell it
- # maildrop
- (cd ../..; sudo make install)
-
- # Prepare for reactivating postfix
- sudo ./backup-postfix-binaries
-
- # edit /etc/postfix/main.cf to suit your requirements
- ### add your own commands here ###
-
- # Activate postfix startup at boot time. Deactivates sendmail.
- sudo ./activate-postfix
-
- # Test. Read INSTALL for a series of suggested tests.
-
-B. DEACTIVATING POSTFIX
-
- # Deactivate postfix startup at boot time
- sudo ./deactivate-postfix
-
-C. RESTORING Sendmail as the MTA when Postfix is the active MTA
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- # Deactivate postfix startup at boot time
- sudo ./deactivate-postfix
-
- sudo ./activate-sendmail
-
- # Restart your computer
-
-D. RESTORING postfix as the MTA when Sendmail is the active MTA
-
- # NOTE: The first time you activate postfix you have to follow
- # the steps of A.
-
- # This repairs the previous Oct 2001 setup if any
- sudo ./repair-oldsetup
-
- sudo ./activate-postfix
-
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-# Activate binaries
-if [ ! -e ${POSTFIXBACKUPDIR}/sendmail ]
-then
- echo "Something is wrong: there is no existing postfix binary backup"
- exit 1;
-else
- echo "Restoring postfix versions of sendmail programs from backup..."
- (cd ${POSTFIXBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
- (cd ${POSTFIXBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
- (cd ${POSTFIXBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
-fi
-
-if [ -e "${PSI}" ]
-then
- echo "Postfix StartupItem already exists."
-else
- if [ -e "${PSIDISABLED}" ]
- then
- echo "Reinstating disabled Postfix StartupItem..."
- mv "${PSIDISABLED}" "${PSI}"
- else
- echo "Installing new default Postfix StartupItem..."
- cp -R Postfix.StartupItem "${PSI}"
- fi
-fi
-
-# De-activate sendmail in /etc/hostconfig
-/usr/bin/perl -pi -e 's/MAILSERVER=-YES-/MAILSERVER=-NO-/g' /etc/hostconfig
-# Activate postfix in /etc/hostconfig
-if /usr/bin/grep '^POSTFIX=-NO-' /etc/hostconfig >/dev/null 2>&1; then
- /usr/bin/perl -pi -e 's/POSTFIX=-NO-/POSTFIX=-YES-/g' /etc/hostconfig
-else
- echo "POSTFIX=-YES-" >>/etc/hostconfig
-fi
-
-/usr/sbin/postfix start
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-. ./deactivate-postfix
-
-# Activate binaries
-if [ ! -e ${SENDMAILBACKUPDIR}/sendmail ]
-then
- echo "Something is wrong: there is no existing sendmail binary backup"
- exit 1;
-else
- echo "Restoring sendmail versions of sendmail programs from backup..."
- (cd ${SENDMAILBACKUPDIR}; tar cf - sendmail) | (cd /usr/sbin; tar xf -)
- (cd ${SENDMAILBACKUPDIR}; tar cf - newaliases) | (cd /usr/bin; tar xf -)
- (cd ${SENDMAILBACKUPDIR}; tar cf - mailq) | (cd /usr/bin; tar xf -)
-fi
-
-# Activate sendmail in /etc/hostconfig
-/usr/bin/perl -pi -e 's/MAILSERVER=-NO-/MAILSERVER=-YES-/g' /etc/hostconfig
-
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-# We use tar, as we do not know beforehand if we are dealing with real
-# files or symbolic links. Since we use tar, we cannot change filenames
-# we need to create a directory to hold our backup binaries.
-
-. ./defines
-
-if [ ! -d ${POSTFIXBACKUPDIR} ]
-then
- mkdir -p ${POSTFIXBACKUPDIR}
-fi
-
-(cd /usr/sbin; tar cf - sendmail) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - newaliases) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - mailq) | (cd ${POSTFIXBACKUPDIR}; tar xf -)
-
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-# We use tar, as we do not know beforehand if we are dealing with real
-# files or symbolic links. Since we use tar, we cannot change filenames
-# we need to create a directory to hold our backup binaries.
-
-. ./defines
-
-if [ ! -d ${SENDMAILBACKUPDIR} ]
-then
- mkdir -p ${SENDMAILBACKUPDIR}
-fi
-
-(cd /usr/sbin; tar cf - sendmail) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - newaliases) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-(cd /usr/bin; tar cf - mailq) | (cd ${SENDMAILBACKUPDIR}; tar xf -)
-
+++ /dev/null
-#!/bin/sh
-
-# Written by Gerben Wierda, Sep 2002. I waive every copyright on this and
-# I also do not give any warranty.
-
-. ./defines
-
-if [ -e "${PSI}" ]
-then
- mv "${PSI}" "${PSIDISABLED}"
-fi
-
-# De-activate postfix in /etc/hostconfig
-/usr/bin/perl -pi -e 's/POSTFIX=-YES-/POSTFIX=-NO-/g' /etc/hostconfig
-
-/usr/sbin/postfix stop >/dev/null 2>&1
+++ /dev/null
-#! /bin/sh
-
-# Written by Gerben Wierda, Oct 2001. I waive every copyright on this and
-# I also do not give any warranty.
-
-SIDIR="/Library/StartupItems"
-
-PSI="${SIDIR}/Postfix"
-PSIDISABLED="${PSI}.disabled"
-
-POSTFIXBACKUPDIR=/usr/sbin/.postfixbackup
-SENDMAILBACKUPDIR=/usr/sbin/.sendmailbackup
+++ /dev/null
-#!/usr/bin/perl
-
-# niscript.pl by Gerben Wierda <gerben_wierda@rna.nl>
-
-# This little script is an adaptation of the original niscript sh script by
-# Joe Block <jpb@creol.ucf.edu>
-# instead of using fixed uid/gid and thus not robust if you run it on a
-# system where groups and/or users have been added, this script checks
-# if the users/groups are there and if not creates them with free id's.
-
-# 17 Jul 2002 GW: Fixed two bugs
-# 1. Typo in createuser would always have uid 88 for postfix
-# 2. Add to netinfo domain . instead of / so that it also works on systems
-# where the / domain is actually network-wide (not very useful to add
-# a postfix user to all systems in that netinfo domain...)
-
-print <<_WARNING
-
-This script massages your netinfo database. This can severely break
-your system. If your netinfo database breaks, you get to keep the parts.
-
-No Warranty. Really.
-
-This script tries to create two groups (if they do not already exist):
-- postfix
-- maildrop
-and tries to create a user (if it does not already exist)
-- postfix
-which is member of group postfix.
-
-_WARNING
-;
-
-# The script starts to look at id 88 (both for user and group) and up to 65535
-# It dies if no free id is found.
-
-my $postfixgid = undef;
-my $maildropgid = undef;
-my $postfixuid = undef;
-
-# First create
-
-my @groups = readgroups();
-foreach $group (@groups) {
- (my $groupname, undef, my $gid, undef) = split( ':', $group);
- if ($groupname eq 'postfix') {
- warn "You already have a postfix group (with gid $gid)\n";
- $postfixgid = $gid;
- }
- if ($groupname eq 'maildrop') {
- warn "You already have a maildrop group (with gid $gid)\n";
- $maildropgid = $gid;
- }
-}
-
-if (not defined $postfixgid) {
- $postfixgid = creategroup( 'postfix');
-}
-
-if (not defined $maildropgid) {
- $maildropgid = creategroup( 'maildrop');
-}
-
-my @users = readusers();
-foreach $user (@users) {
- (my $username, undef, my $uid, undef) = split( ':', $user);
- if ($username eq 'postfix') {
- warn "You already have a postfix user (with uid $uid)\n";
- $postfixuid = $uid;
- }
-}
-
-if (not defined $postfixuid) {
- $postfixuid = createuser( 'postfix', '"Postfix User"',
- '/usr/bin/false', '/etc/postfix',
- $postfixgid);
- addusertogroup( 'postfix', 'postfix');
-}
-
-warn "\n";
-
-sub creategroup
-{
- my $name = shift;
- open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
- my @groups=<NIDUMP>;
- close( NIDUMP);
-
- my $tryno;
- NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
- foreach my $group (@groups) {
- (my $groupname, undef, my $gid, undef) =
- split( ':', $group);
- next NEXTNO if $gid == $tryno;
- }
- last NEXTNO;
- }
- die "Cannot find free gid\n" if $tryno == 65536;
- warn "Will create $name as gid $tryno\n";
- system "niutil -create . /groups/$name";
- system "niutil -createprop . /groups/$name name $name";
- system "niutil -createprop . /groups/$name gid $tryno";
- system "niutil -createprop . /groups/$name passwd '*'";
- return $tryno;
-}
-
-sub addusertogroup
-{
- my $user = shift;
- my $group = shift;
- system "niutil -appendprop . /groups/$group users $user";
-}
-
-sub readgroups
-{
- open( NIDUMP, "nidump group .|") or die "Cannot run nidump\n";
- my @groups=<NIDUMP>;
- close( NIDUMP);
- return @groups;
-}
-
-sub readusers
-{
- my @passwd;
- open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
- @passwd=<NIDUMP>;
- close( NIDUMP);
- return @passwd;
-}
-
-sub createuser
-{
- my $name = shift;
- my $realname = shift;
- my $shell = shift;
- my $home = shift;
- my $gid = shift;
-
- open( NIDUMP, "nidump passwd .|") or die "Cannot run nidump\n";
- my @passwds=<NIDUMP>;
- close( NIDUMP);
-
- my $tryno;
- NEXTNO: for ($tryno = 88; $tryno <= 65535; $tryno++) {
- foreach my $passwd (@passwds) {
- (my $passwdname, undef, my $uid, undef) =
- split( ':', $passwd);
- next NEXTNO if $uid == $tryno;
- }
- last NEXTNO;
- }
- die "Cannot find free uid\n" if $tryno == 65536;
- warn "Will create $name as uid $tryno\n";
- system "niutil -create . /users/$name";
- system "niutil -createprop . /users/$name realname $realname";
- system "niutil -createprop . /users/$name shell $shell";
- system "niutil -createprop . /users/$name uid $tryno";
- system "niutil -createprop . /users/$name gid $gid";
- system "niutil -createprop . /users/$name home $home";
- system "niutil -createprop . /users/$name _shadow_passwd";
- system "niutil -createprop . /users/$name passwd '*'";
- return $tryno;
-}
-
+++ /dev/null
-#!/bin/sh
-
-if [ -d /System/Library/DisabledStartupItems/Sendmail ]
-then
- mv /System/Library/DisabledStartupItems/Sendmail /System/Library/StartupItems
- rmdir /System/Library/DisabledStartupItems/Sendmail
- rm -rf /System/Library/StartupItems/Postfix
-fi
# postmap -q - /etc/postfix/access <inputfile
#
# DESCRIPTION
-# The Postfix SMTP server supports access control on remote
-# SMTP client information: host names, network addresses,
-# and envelope sender or recipient addresses. See
-# header_checks(5) or body_checks(5) for access control on
-# the content of email messages.
-#
-# Normally, the access(5) table is specified as a text file
-# that serves as input to the postmap(1) command. The
-# result, an indexed file in dbm or db format, is used for
-# fast searching by the mail system. Execute the command
-# "postmap /etc/postfix/access" to rebuild an indexed file
+# This document describes access control on remote SMTP
+# client information: host names, network addresses, and
+# envelope sender or recipient addresses; it is implemented
+# by the Postfix SMTP server. See header_checks(5) or
+# body_checks(5) for access control on the content of email
+# messages.
+#
+# Normally, the access(5) table is specified as a text file
+# that serves as input to the postmap(1) command. The
+# result, an indexed file in dbm or db format, is used for
+# fast searching by the mail system. Execute the command
+# "postmap /etc/postfix/access" to rebuild an indexed file
# after changing the corresponding text file.
#
-# When the table is provided via other means such as NIS,
-# LDAP or SQL, the same lookups are done as for ordinary
+# When the table is provided via other means such as NIS,
+# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
-# Alternatively, the table can be provided as a regular-
+# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
-# sions, or lookups can be directed to TCP-based server. In
-# those cases, the lookups are done in a slightly different
-# way as described below under "REGULAR EXPRESSION TABLES"
+# sions, or lookups can be directed to TCP-based server. In
+# those cases, the lookups are done in a slightly different
+# way as described below under "REGULAR EXPRESSION TABLES"
# or "TCP-BASED TABLES".
#
# CASE FOLDING
-# The search string is folded to lowercase before database
-# lookup. As of Postfix 2.3, the search string is not case
-# folded with database types such as regexp: or pcre: whose
+# The search string is folded to lowercase before database
+# lookup. As of Postfix 2.3, the search string is not case
+# folded with database types such as regexp: or pcre: whose
# lookup fields can match both upper and lower case.
#
# TABLE FORMAT
# address, perform the corresponding action.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A logical line starts with non-whitespace text. A
-# line that starts with whitespace continues a logi-
+# A logical line starts with non-whitespace text. A
+# line that starts with whitespace continues a logi-
# cal line.
#
# EMAIL ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, patterns are
+# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain
# Matches the specified mail address.
#
# domain.tld
-# Matches domain.tld as the domain part of an email
+# Matches domain.tld as the domain part of an email
# address.
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
-# figuration setting (note that this is the default
-# for some versions of Postfix). Otherwise, specify
-# .domain.tld (note the initial dot) in order to
+# the Postfix parent_domain_matches_subdomains con-
+# figuration setting (note that this is the default
+# for some versions of Postfix). Otherwise, specify
+# .domain.tld (note the initial dot) in order to
# match subdomains.
#
-# user@ Matches all mail addresses with the specified user
+# user@ Matches all mail addresses with the specified user
# part.
#
-# Note: lookup of the null sender address is not possible
-# with some types of lookup table. By default, Postfix uses
-# <> as the lookup key for such addresses. The value is
-# specified with the smtpd_null_access_lookup_key parameter
+# Note: lookup of the null sender address is not possible
+# with some types of lookup table. By default, Postfix uses
+# <> as the lookup key for such addresses. The value is
+# specified with the smtpd_null_access_lookup_key parameter
# in the Postfix main.cf file.
#
# EMAIL ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
-# ient delimiter (e.g., user+foo@domain), the lookup order
-# becomes: user+foo@domain, user@domain, domain, user+foo@,
+# ient delimiter (e.g., user+foo@domain), the lookup order
+# becomes: user+foo@domain, user@domain, domain, user+foo@,
# and user@.
#
# HOST NAME/ADDRESS PATTERNS
# With lookups from indexed files such as DB or DBM, or from
-# networked tables such as NIS, LDAP or SQL, the following
+# networked tables such as NIS, LDAP or SQL, the following
# lookup patterns are examined in the order as listed:
#
# domain.tld
#
# The pattern domain.tld also matches subdomains, but
# only when the string smtpd_access_maps is listed in
-# the Postfix parent_domain_matches_subdomains con-
+# the Postfix parent_domain_matches_subdomains con-
# figuration setting. Otherwise, specify .domain.tld
-# (note the initial dot) in order to match subdo-
+# (note the initial dot) in order to match subdo-
# mains.
#
# net.work.addr.ess
#
# net.work
#
-# net Matches the specified IPv4 host address or subnet-
-# work. An IPv4 host address is a sequence of four
+# net Matches the specified IPv4 host address or subnet-
+# work. An IPv4 host address is a sequence of four
# decimal octets separated by ".".
#
-# Subnetworks are matched by repeatedly truncating
+# Subnetworks are matched by repeatedly truncating
# the last ".octet" from the remote IPv4 host address
-# string until a match is found in the access table,
+# string until a match is found in the access table,
# or until further truncation is not possible.
#
-# NOTE 1: The information in the access map should be
-# in canonical form, with unnecessary null characters
-# eliminated. Address information must not be
-# enclosed with "[]" characters.
+# NOTE 1: The access map lookup key must be in canon-
+# ical form: do not specify unnecessary null charac-
+# ters, and do not enclose network address informa-
+# tion with "[]" characters.
#
-# NOTE 2: use the cidr lookup table type to specify
+# NOTE 2: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
#
# net:work
#
-# net Matches the specified IPv6 host address or subnet-
-# work. An IPv6 host address is a sequence of three
-# to eight hexadecimal octet pairs separated by ":".
+# net Matches the specified IPv6 host address or subnet-
+# work. An IPv6 host address is a sequence of three
+# to eight hexadecimal octet pairs separated by ":".
#
-# Subnetworks are matched by repeatedly truncating
-# the last ":octetpair" from the remote IPv6 host
+# Subnetworks are matched by repeatedly truncating
+# the last ":octetpair" from the remote IPv6 host
# address string until a match is found in the access
# table, or until further truncation is not possible.
#
# the string representation of the IPv6 host address.
# Thus, not all the ":" subnetworks will be tried.
#
-# NOTE 2: The information in the access map should be
-# in canonical form, with unnecessary null characters
-# eliminated. Address information must not be
-# enclosed with "[]" characters.
+# NOTE 2: The access map lookup key must be in canon-
+# ical form: do not specify unnecessary null charac-
+# ters, and do not enclose network address informa-
+# tion with "[]" characters.
#
-# NOTE 3: use the cidr lookup table type to specify
+# NOTE 3: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
#
# all-numerical
# An all-numerical result is treated as OK. This for-
-# mat is generated by address-based relay authoriza-
+# mat is generated by address-based relay authoriza-
# tion schemes such as pop-before-smtp.
#
# REJECT ACTIONS
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When no code is specified
-# at the beginning of the text below, Postfix inserts a
-# default enhanced status code of "5.7.1" in the case of
-# reject actions, and "4.7.1" in the case of defer actions.
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When no code is specified
+# at the beginning of the text below, Postfix inserts a
+# default enhanced status code of "5.7.1" in the case of
+# reject actions, and "4.7.1" in the case of defer actions.
# See "ENHANCED STATUS CODES" below.
#
# 4NN text
#
# 5NN text
-# Reject the address etc. that matches the pattern,
+# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
-# text. 4NN means "try again later", while 5NN means
+# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
-# The reply code "421" causes Postfix to disconnect
+# The reply code "421" causes Postfix to disconnect
# immediately (Postfix version 2.3 and later).
#
# REJECT optional text...
-# Reject the address etc. that matches the pattern.
-# Reply with $reject_code optional text... when the
-# optional text is specified, otherwise reply with a
+# Reject the address etc. that matches the pattern.
+# Reply with $reject_code optional text... when the
+# optional text is specified, otherwise reply with a
# generic error response message.
#
# DEFER_IF_REJECT optional text...
-# Defer the request if some later restriction would
-# result in a REJECT action. Reply with "450 4.7.1
-# optional text... when the optional text is speci-
+# Defer the request if some later restriction would
+# result in a REJECT action. Reply with "450 4.7.1
+# optional text... when the optional text is speci-
# fied, otherwise reply with a generic error response
# message.
#
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
-# Defer the request if some later restriction would
-# result in a an explicit or implicit PERMIT action.
-# Reply with "450 4.7.1 optional text... when the
-# optional text is specified, otherwise reply with a
+# Defer the request if some later restriction would
+# result in a an explicit or implicit PERMIT action.
+# Reply with "450 4.7.1 optional text... when the
+# optional text is specified, otherwise reply with a
# generic error response message.
#
# This feature is available in Postfix 2.1 and later.
# reject_unauth_destination, and so on).
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action currently affects all recipients
-# of the message. To discard only one recipient
-# without discarding the entire message, use the
+# Note: this action currently affects all recipients
+# of the message. To discard only one recipient
+# without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
# service.
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the lookup key was not found. This
-# prevents Postfix from trying substrings of the
-# lookup key (such as a subdomain name, or a network
+# DUNNO Pretend that the lookup key was not found. This
+# prevents Postfix from trying substrings of the
+# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
-# After the message is queued, send the entire mes-
+# After the message is queued, send the entire mes-
# sage through the specified external content filter.
-# The transport:destination syntax is described in
-# the transport(5) manual page. More information
-# about external content filters is in the Postfix
+# The transport:destination syntax is described in
+# the transport(5) manual page. More information
+# about external content filters is in the Postfix
# FILTER_README file.
#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and currently affects all
-# recipients of the message.
+# Note: this action overrides the content_filter set-
+# ting, and currently affects all recipients of the
+# message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Place the message on the hold queue, where it will
-# sit until someone either deletes it or releases it
-# for delivery. Log the optional text if specified,
+# Place the message on the hold queue, where it will
+# sit until someone either deletes it or releases it
+# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer. Use "postsuper -H" only for mail that will
+# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
-# Note: this action currently affects all recipients
+# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
-# Prepend the specified message header to the mes-
-# sage. When more than one PREPEND action executes,
-# the first prepended header appears before the sec-
+# Prepend the specified message header to the mes-
+# sage. When more than one PREPEND action executes,
+# the first prepended header appears before the sec-
# ond etc. prepended header.
#
-# Note: this action must execute before the message
-# content is received; it cannot execute in the con-
+# Note: this action must execute before the message
+# content is received; it cannot execute in the con-
# text of smtpd_end_of_data_restrictions.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# After the message is queued, send the message to
+# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
-# Note: this action overrides the FILTER action, and
+# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
-# client information and if available, with helo,
+# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# ENHANCED STATUS CODES
-# Postfix version 2.3 and later support enhanced status
-# codes as defined in RFC 3463. When an enhanced status
-# code is specified in an access table, it is subject to
-# modification. The following transformations are needed
-# when the same access table is used for client, helo,
-# sender, or recipient access restrictions; they happen
+# Postfix version 2.3 and later support enhanced status
+# codes as defined in RFC 3463. When an enhanced status
+# code is specified in an access table, it is subject to
+# modification. The following transformations are needed
+# when the same access table is used for client, helo,
+# sender, or recipient access restrictions; they happen
# regardless of whether Postfix replies to a MAIL FROM, RCPT
# TO or other SMTP command.
#
-# o When a sender address matches a REJECT action, the
-# Postfix SMTP server will transform a recipient DSN
-# status (e.g., 4.1.1-4.1.6) into the corresponding
+# o When a sender address matches a REJECT action, the
+# Postfix SMTP server will transform a recipient DSN
+# status (e.g., 4.1.1-4.1.6) into the corresponding
# sender DSN status, and vice versa.
#
-# o When non-address information matches a REJECT
-# action (such as the HELO command argument or the
-# client hostname/address), the Postfix SMTP server
-# will transform a sender or recipient DSN status
-# into a generic non-address DSN status (e.g.,
+# o When non-address information matches a REJECT
+# action (such as the HELO command argument or the
+# client hostname/address), the Postfix SMTP server
+# will transform a sender or recipient DSN status
+# into a generic non-address DSN status (e.g.,
# 4.0.0).
#
# REGULAR EXPRESSION TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
-# a description of regular expression lookup table syntax,
+# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
-# Each pattern is a regular expression that is applied to
+# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
-# cation, that string is an entire client hostname, an
+# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
-# user@domain mail addresses are not broken up into their
+# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
-# Patterns are applied in the order as specified in the ta-
-# ble, until a pattern is found that matches the search
+# Patterns are applied in the order as specified in the ta-
+# ble, until a pattern is found that matches the search
# string.
#
-# Actions are the same as with indexed file lookups, with
-# the additional feature that parenthesized substrings from
+# Actions are the same as with indexed file lookups, with
+# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
-# This section describes how the table lookups change when
+# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.4.
#
-# Each lookup operation uses the entire query string once.
-# Depending on the application, that string is an entire
+# Each lookup operation uses the entire query string once.
+# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
-# mail address. Thus, no parent domain or parent network
-# search is done, user@domain mail addresses are not broken
-# up into their user@ and domain constituent parts, nor is
+# mail address. Thus, no parent domain or parent network
+# search is done, user@domain mail addresses are not broken
+# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
-# The following example uses an indexed file, so that the
-# order of table entries does not matter. The example per-
-# mits access by the client at address 1.2.3.4 but rejects
-# all other clients in 1.2.3.0/24. Instead of hash lookup
-# tables, some systems use dbm. Use the command "postconf
-# -m" to find out what lookup tables Postfix supports on
+# The following example uses an indexed file, so that the
+# order of table entries does not matter. The example per-
+# mits access by the client at address 1.2.3.4 but rejects
+# all other clients in 1.2.3.0/24. Instead of hash lookup
+# tables, some systems use dbm. Use the command "postconf
+# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
# editing the file.
#
# BUGS
-# The table format does not understand quoting conventions.
+# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
# transport(5), transport:nexthop syntax
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# HEADER_CHECKS(5) HEADER_CHECKS(5)
#
# NAME
-# header_checks - Postfix built-in header/body inspection
+# header_checks - Postfix built-in content inspection
#
# SYNOPSIS
# header_checks = pcre:/etc/postfix/header_checks
# nested_header_checks = pcre:/etc/postfix/nested_header_checks
# body_checks = pcre:/etc/postfix/body_checks
#
-# postmap -fq "string" pcre:/etc/postfix/filename
-# postmap -fq - pcre:/etc/postfix/filename <inputfile
+# postmap -q "string" pcre:/etc/postfix/filename
+# postmap -q - pcre:/etc/postfix/filename <inputfile
#
# DESCRIPTION
-# The Postfix cleanup(8) server supports access control on
-# the content of message headers and message body lines.
-# See access(5) for access control on remote SMTP client
+# This document describes access control on the content of
+# message headers and message body lines; it is implemented
+# by the Postfix cleanup(8) server before mail is queued.
+# See access(5) for access control on remote SMTP client
# information.
#
-# Each message header or message body line is compared
-# against a list of patterns. When a match is found the
+# Each message header or message body line is compared
+# against a list of patterns. When a match is found the
# corresponding action is executed, and the matching process
-# is repeated for the next message header or message body
+# is repeated for the next message header or message body
# line.
#
-# For examples, see the EXAMPLES section at the end of this
+# For examples, see the EXAMPLES section at the end of this
# manual page.
#
# Postfix header or body_checks are designed to stop a flood
-# of mail from worms or viruses; they do not decode attach-
-# ments, and they do not unzip archives. See the documents
-# referenced below in the README FILES section if you need
+# of mail from worms or viruses; they do not decode attach-
+# ments, and they do not unzip archives. See the documents
+# referenced below in the README FILES section if you need
# more sophisticated content analysis.
#
# Postfix supports four built-in content inspection classes:
#
# header_checks
-# These are applied to initial message headers
-# (except for the headers that are processed with
+# These are applied to initial message headers
+# (except for the headers that are processed with
# mime_header_checks).
#
# mime_header_checks (default: $header_checks)
-# These are applied to MIME related message headers
+# These are applied to MIME related message headers
# only.
#
# This feature is available in Postfix 2.0 and later.
#
# nested_header_checks (default: $header_checks)
-# These are applied to message headers of attached
-# email messages (except for the headers that are
+# These are applied to message headers of attached
+# email messages (except for the headers that are
# processed with mime_header_checks).
#
# This feature is available in Postfix 2.0 and later.
#
# body_checks
-# These are applied to all other content, including
+# These are applied to all other content, including
# multi-part message boundaries.
#
# With Postfix versions before 2.0, all content after
# tent.
#
# Note: message headers are examined one logical header at a
-# time, even when a message header spans multiple lines.
+# time, even when a message header spans multiple lines.
# Body lines are always examined one line at a time.
#
# TABLE FORMAT
-# This document assumes that header and body_checks rules
-# are specified in the form of Postfix regular expression
-# lookup tables. Usually the best performance is obtained
+# This document assumes that header and body_checks rules
+# are specified in the form of Postfix regular expression
+# lookup tables. Usually the best performance is obtained
# with pcre (Perl Compatible Regular Expression) tables, but
-# the slower regexp (POSIX regular expressions) support is
-# more widely available. Use the command "postconf -m" to
-# find out what lookup table types your Postfix system sup-
+# the slower regexp (POSIX regular expressions) support is
+# more widely available. Use the command "postconf -m" to
+# find out what lookup table types your Postfix system sup-
# ports.
#
# The general format of Postfix regular expression tables is
-# given below. For a discussion of specific pattern or
-# flags syntax, see pcre_table(5) or regexp_table(5),
+# given below. For a discussion of specific pattern or
+# flags syntax, see pcre_table(5) or regexp_table(5),
# respectively.
#
# /pattern/flags action
-# When pattern matches the input string, execute the
-# corresponding action. See below for a list of pos-
+# When pattern matches the input string, execute the
+# corresponding action. See below for a list of pos-
# sible actions.
#
# !/pattern/flags action
-# When pattern does not match the input string, exe-
+# When pattern does not match the input string, exe-
# cute the corresponding action.
#
# if /pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string also
-# matches pattern. The if..endif can nest.
+# if and endif, if and only if the same input string
+# also matches pattern. The if..endif can nest.
#
-# Note: do not prepend whitespace to patterns inside
+# Note: do not prepend whitespace to patterns inside
# if..endif.
#
# if !/pattern/flags
#
# endif Match the input string against the patterns between
-# if and endif, if and only if the input string does
-# not match pattern. The if..endif can nest.
+# if and endif, if and only if the same input string
+# does not match pattern. The if..endif can nest.
#
# blank lines and comments
-# Empty lines and whitespace-only lines are ignored,
-# as are lines whose first non-whitespace character
+# Empty lines and whitespace-only lines are ignored,
+# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
-# A pattern/action line starts with non-whitespace
-# text. A line that starts with whitespace continues
+# A pattern/action line starts with non-whitespace
+# text. A line that starts with whitespace continues
# a logical line.
#
# TABLE SEARCH ORDER
-# For each line of message input, the patterns are applied
-# in the order as specified in the table. When a pattern is
-# found that matches the input line, the corresponding
-# action is executed and then the next input line is
+# For each line of message input, the patterns are applied
+# in the order as specified in the table. When a pattern is
+# found that matches the input line, the corresponding
+# action is executed and then the next input line is
# inspected.
#
# TEXT SUBSTITUTION
-# Substitution of substrings from the matched expression
-# into the action string is possible using the conventional
-# Perl syntax ($1, $2, etc.). The macros in the result
-# string may need to be written as ${n} or $(n) if they
+# Substitution of substrings from the matched expression
+# into the action string is possible using the conventional
+# Perl syntax ($1, $2, etc.). The macros in the result
+# string may need to be written as ${n} or $(n) if they
# aren't followed by whitespace.
#
-# Note: since negated patterns (those preceded by !) return
+# Note: since negated patterns (those preceded by !) return
# a result when the expression does not match, substitutions
# are not available for negated patterns.
#
# case for consistency with other Postfix documentation.
#
# DISCARD optional text...
-# Claim successful delivery and silently discard the
-# message. Log the optional text if specified, oth-
+# Claim successful delivery and silently discard the
+# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients. To discard only one recip-
# ient without discarding the entire message, use the
# transport(5) table to direct mail to the discard(8)
#
# This feature is available in Postfix 2.0 and later.
#
-# DUNNO Pretend that the input line did not match any pat-
-# tern, and inspect the next input line. This action
+# DUNNO Pretend that the input line did not match any pat-
+# tern, and inspect the next input line. This action
# can be used to shorten the table search.
#
-# For backwards compatibility reasons, Postfix also
-# accepts OK but it is (and always has been) treated
+# For backwards compatibility reasons, Postfix also
+# accepts OK but it is (and always has been) treated
# as DUNNO.
#
# This feature is available in Postfix 2.1 and later.
#
# FILTER transport:destination
-# Write a content filter request to the queue file
-# and inspect the next input line. After the com-
-# plete message is received it will be sent through
+# Write a content filter request to the queue file,
+# and inspect the next input line. After the com-
+# plete message is received it will be sent through
# the specified external content filter. More infor-
-# mation about external content filters is in the
+# mation about external content filters is in the
# Postfix FILTER_README file.
#
-# Note: this action overrides the main.cf con-
-# tent_filter setting, and affects all recipients of
-# the message. In the case that multiple FILTER
-# actions fire, only the last one is executed.
+# Note: this action overrides the content_filter set-
+# ting, and affects all recipients of the message. In
+# the case that multiple FILTER actions fire, only
+# the last one is executed.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
-# Arrange for the message to be placed on the hold
-# queue, and inspect the next input line. The mes-
-# sage remains on hold until someone either deletes
-# it or releases it for delivery. Log the optional
+# Arrange for the message to be placed on the hold
+# queue, and inspect the next input line. The mes-
+# sage remains on hold until someone either deletes
+# it or releases it for delivery. Log the optional
# text if specified, otherwise log a generic message.
#
-# Mail that is placed on hold can be examined with
-# the postcat(1) command, and can be destroyed or
+# Mail that is placed on hold can be examined with
+# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
-# Note: use "postsuper -r" to release mail that was
-# kept on hold for a significant fraction of $maxi-
+# Note: use "postsuper -r" to release mail that was
+# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
-# longer. Use "postsuper -H" only for mail that will
+# longer. Use "postsuper -H" only for mail that will
# not expire within a few delivery attempts.
#
-# Note: this action affects all recipients of the
+# Note: this action affects all recipients of the
# message.
#
# This feature is available in Postfix 2.0 and later.
#
-# IGNORE Delete the current line from the input and inspect
+# IGNORE Delete the current line from the input, and inspect
# the next input line.
#
# PREPEND text...
-# Prepend one line with the specified text and
+# Prepend one line with the specified text, and
# inspect the next input line.
#
# Notes:
#
-# o The prepended text is output on a separate
+# o The prepended text is output on a separate
# line, immediately before the input that
# triggered the PREPEND action.
#
# o The prepended text is not considered part of
-# the input stream: it is not subject to
+# the input stream: it is not subject to
# header/body checks or address rewriting, and
# it does not affect the way that Postfix adds
# missing message headers.
#
# o When prepending text before a message header
-# line, the prepended text must begin with a
+# line, the prepended text must begin with a
# valid message header label.
#
# o This action cannot be used to prepend multi-
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
-# Write a message redirection request to the queue
-# file and inspect the next input line. After the
+# Write a message redirection request to the queue
+# file, and inspect the next input line. After the
# message is queued, it will be sent to the specified
# address instead of the intended recipient(s).
#
-# Note: this action overrides the FILTER action, and
-# affects all recipients of the message. If multiple
-# REDIRECT actions fire, only the last one is exe-
+# Note: this action overrides the FILTER action, and
+# affects all recipients of the message. If multiple
+# REDIRECT actions fire, only the last one is exe-
# cuted.
#
# This feature is available in Postfix 2.1 and later.
#
# REPLACE text...
-# Replace the current line with the specified text
+# Replace the current line with the specified text,
# and inspect the next input line.
#
# This feature is available in Postfix 2.2 and later.
-# The description below applies to Postfix 2.2.2 and
+# The description below applies to Postfix 2.2.2 and
# later.
#
# Notes:
#
-# o When replacing a message header line, the
-# replacement text must begin with a valid
+# o When replacing a message header line, the
+# replacement text must begin with a valid
# header label.
#
-# o The replaced text remains part of the input
-# stream. Unlike the result from the PREPEND
-# action, a replaced message header may be
-# subject to address rewriting and may affect
-# the way that Postfix adds missing message
+# o The replaced text remains part of the input
+# stream. Unlike the result from the PREPEND
+# action, a replaced message header may be
+# subject to address rewriting and may affect
+# the way that Postfix adds missing message
# headers.
#
# REJECT optional text...
-# Reject the entire message. Reply with optional
+# Reject the entire message. Reply with optional
# text... when the optional text is specified, other-
# wise reply with a generic error message.
#
-# Note: this action disables further header or
-# body_checks inspection of the current message and
+# Note: this action disables further header or
+# body_checks inspection of the current message and
# affects all recipients.
#
# Postfix version 2.3 and later support enhanced sta-
# enhanced status code of "5.7.1".
#
# WARN optional text...
-# Log a warning with the optional text... (or log a
-# generic message) and inspect the next input line.
+# Log a warning with the optional text... (or log a
+# generic message), and inspect the next input line.
# This action is useful for debugging and for testing
# a pattern before applying more drastic actions.
#
# BUGS
-# Many people overlook the main limitations of header and
-# body_checks rules. These rules operate on one logical
-# message header or one body line at a time, and a decision
-# made for one line is not carried over to the next line.
-# If text in the message body is encoded (RFC 2045) then the
-# rules have to specified for the encoded form. Likewise,
-# when message headers are encoded (RFC 2047) then the rules
-# need to be specified for the encoded form.
-#
-# Message headers added by the cleanup(8) daemon itself are
+# Many people overlook the main limitations of header and
+# body_checks rules.
+#
+# o These rules operate on one logical message header
+# or one body line at a time. A decision made for one
+# line is not carried over to the next line.
+#
+# o If text in the message body is encoded (RFC 2045)
+# then the rules have to specified for the encoded
+# form.
+#
+# o Likewise, when message headers are encoded (RFC
+# 2047) then the rules need to be specified for the
+# encoded form.
+#
+# Message headers added by the cleanup(8) daemon itself are
# excluded from inspection. Examples of such message headers
# are From:, To:, Message-ID:, Date:.
#
-# Message headers deleted by the cleanup(8) daemon will be
+# Message headers deleted by the cleanup(8) daemon will be
# examined before they are deleted. Examples are: Bcc:, Con-
# tent-Length:, Return-Path:.
#
# body_checks
# Lookup tables with content filter rules for message
# body lines. These filters see one physical line at
-# a time, in chunks of at most $line_length_limit
+# a time, in chunks of at most $line_length_limit
# bytes.
#
# body_checks_size_limit
-# The amount of content per message body segment
+# The amount of content per message body segment
# (attachment) that is subjected to $body_checks fil-
# tering.
#
#
# nested_header_checks (default: $header_checks)
# Lookup tables with content filter rules for message
-# header lines: respectively, these are applied to
-# the initial message headers (not including MIME
-# headers), to the MIME headers anywhere in the mes-
-# sage, and to the initial headers of attached mes-
+# header lines: respectively, these are applied to
+# the initial message headers (not including MIME
+# headers), to the MIME headers anywhere in the mes-
+# sage, and to the initial headers of attached mes-
# sages.
#
-# Note: these filters see one logical message header
-# at a time, even when a message header spans multi-
-# ple lines. Message headers that are longer than
+# Note: these filters see one logical message header
+# at a time, even when a message header spans multi-
+# ple lines. Message headers that are longer than
# $header_size_limit characters are truncated.
#
# disable_mime_input_processing
-# While receiving mail, give no special treatment to
-# MIME related message headers; all text after the
+# While receiving mail, give no special treatment to
+# MIME related message headers; all text after the
# initial message headers is considered to be part of
-# the message body. This means that header_checks is
-# applied to all the initial message headers, and
+# the message body. This means that header_checks is
+# applied to all the initial message headers, and
# that body_checks is applied to the remainder of the
# message.
#
-# Note: when used in this manner, body_checks will
-# process a multi-line message header one line at a
+# Note: when used in this manner, body_checks will
+# process a multi-line message header one line at a
# time.
#
# EXAMPLES
-# Header pattern to block attachments with bad file name
+# Header pattern to block attachments with bad file name
# extensions.
#
# /etc/postfix/main.cf:
# RFC 2047, message header encoding for non-ASCII text
#
# README FILES
-# Use "postconf readme_directory" or "postconf html_direc-
+# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# CONTENT_INSPECTION_README, Postfix content inspection overview
# BACKSCATTER_README, blocking returned forged mail
#
# LICENSE
-# The Secure Mailer license must be distributed with this
+# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
$readme_directory/PACKAGE_README:f:root:-:644
$readme_directory/PCRE_README:f:root:-:644
$readme_directory/PGSQL_README:f:root:-:644
-$readme_directory/QMQP_README:f:root:-:644
+$readme_directory/QMQP_README:f:root:-:644:o
$readme_directory/QSHAPE_README:f:root:-:644
$readme_directory/RELEASE_NOTES:f:root:-:644
$readme_directory/RESTRICTION_CLASS_README:f:root:-:644
$html_directory/CDB_README.html:f:root:-:644
$html_directory/CONNECTION_CACHE_README.html:f:root:-:644
$html_directory/CONTENT_INSPECTION_README.html:f:root:-:644
-$html_directory/CYRUS_README.html:f:root:-:644
+$html_directory/CYRUS_README.html:f:root:-:644:o
$html_directory/DATABASE_README.html:f:root:-:644
$html_directory/DB_README.html:f:root:-:644
$html_directory/DEBUG_README.html:f:root:-:644
$html_directory/PACKAGE_README.html:f:root:-:644
$html_directory/PCRE_README.html:f:root:-:644
$html_directory/PGSQL_README.html:f:root:-:644
-$html_directory/QMQP_README.html:f:root:-:644
+$html_directory/QMQP_README.html:f:root:-:644:o
$html_directory/QSHAPE_README.html:f:root:-:644
$html_directory/RESTRICTION_CLASS_README.html:f:root:-:644
$html_directory/SASL_README.html:f:root:-:644
$html_directory/TLS_LEGACY_README.html:f:root:-:644
$html_directory/TLS_README.html:f:root:-:644
$html_directory/TUNING_README.html:f:root:-:644
-$html_directory/ULTRIX_README.html:f:root:-:644
+$html_directory/ULTRIX_README.html:f:root:-:644:o
$html_directory/UUCP_README.html:f:root:-:644
$html_directory/VERP_README.html:f:root:-:644
$html_directory/VIRTUAL_README.html:f:root:-:644
$html_directory/canonical.5.html:f:root:-:644
$html_directory/cidr_table.5.html:f:root:-:644
$html_directory/cleanup.8.html:f:root:-:644
-$html_directory/defer.8.html:f:root:-:644
+$html_directory/defer.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/discard.8.html:f:root:-:644
$html_directory/error.8.html:f:root:-:644
$html_directory/flush.8.html:f:root:-:644
$html_directory/master.8.html:f:root:-:644
$html_directory/mysql_table.5.html:f:root:-:644
$html_directory/nisplus_table.5.html:f:root:-:644
-$html_directory/newaliases.1.html:f:root:-:644
+$html_directory/newaliases.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/oqmgr.8.html:f:root:-:644
$html_directory/pcre_table.5.html:f:root:-:644
$html_directory/pgsql_table.5.html:f:root:-:644
$html_directory/qmqpd.8.html:f:root:-:644
$html_directory/regexp_table.5.html:f:root:-:644
$html_directory/relocated.5.html:f:root:-:644
-$html_directory/sendmail.1.html:f:root:-:644
+$html_directory/sendmail.1.html:h:$html_directory/mailq.1.html:-:644
$html_directory/showq.8.html:f:root:-:644
$html_directory/smtp-sink.1.html:f:root:-:644
$html_directory/smtp-source.1.html:f:root:-:644
-$html_directory/smtp.8.html:f:root:-:644
+$html_directory/smtp.8.html:h:$html_directory/lmtp.8.html:-:644
$html_directory/smtpd.8.html:f:root:-:644
$html_directory/spawn.8.html:f:root:-:644
$html_directory/tcp_table.5.html:f:root:-:644
-$html_directory/trace.8.html:f:root:-:644
+$html_directory/trace.8.html:h:$html_directory/bounce.8.html:-:644
$html_directory/transport.5.html:f:root:-:644
$html_directory/trivial-rewrite.8.html:f:root:-:644
$html_directory/verify.8.html:f:root:-:644
}
$INFO stopping the Postfix mail system
kill `sed 1q pid/master.pid`
- for i in 6 5 4 3 2 1
+ for i in 5 4 3 2 1
do
$daemon_directory/master -t && exit 0
- $INFO waiting for the Postfix mail system to terminate - $i
+ $INFO waiting for the Postfix mail system to terminate
sleep 1
done
$WARN stopping the Postfix mail system with force
--- /dev/null
+See http://www.openspf.org/Software for the current version of the
+SPF policy daemon for Postfix.
+
+SPF support is also available via MILTER plugins, such as sid-milter
+at http://sourceforge.net/projects/sid-milter/ which implements both
+SenderID and SPF.
+++ /dev/null
-#!/usr/bin/perl
-
-# postfix-policyd-spf
-# http://www.openspf.org
-# version 1.07
-# $Id$
-
-use Fcntl;
-use Sys::Syslog qw(:DEFAULT setlogsock);
-use strict;
-
-# ----------------------------------------------------------
-# configuration
-# ----------------------------------------------------------
-
-# to use SPF, install Mail::SPF::Query from CPAN or from the SPF website at http://www.openspf.org/downloads.html
-
- my @HANDLERS;
- push @HANDLERS, "testing";
- push @HANDLERS, "sender_permitted_from"; use Mail::SPF::Query;
-
-my $VERBOSE = 0;
-
-my $DEFAULT_RESPONSE = "DUNNO";
-
-#
-# Syslogging options for verbose mode and for fatal errors.
-# NOTE: comment out the $syslog_socktype line if syslogging does not
-# work on your system.
-#
-
-my $syslog_socktype = 'unix'; # inet, unix, stream, console
-my $syslog_facility = "mail";
-my $syslog_options = "pid";
-my $syslog_priority = "info";
-my $syslog_ident = "postfix/policy-spf";
-
-# ----------------------------------------------------------
-# minimal documentation
-# ----------------------------------------------------------
-
-#
-# Usage: smtpd-policy.pl [-v]
-#
-# Demo delegated Postfix SMTPD policy server.
-# This server implements SPF.
-# Another server implements greylisting.
-# Postfix has a pluggable policy server architecture.
-# You can call one or both from Postfix.
-#
-# The SPF handler uses Mail::SPF::Query to do the heavy lifting.
-#
-# This documentation assumes you have read Postfix's README_FILES/SMTPD_POLICY_README
-#
-# Logging is sent to syslogd.
-#
-# How it works: each time a Postfix SMTP server process is started
-# it connects to the policy service socket, and Postfix runs one
-# instance of this PERL script. By default, a Postfix SMTP server
-# process terminates after 100 seconds of idle time, or after serving
-# 100 clients. Thus, the cost of starting this PERL script is smoothed
-# out over time.
-#
-# To run this from /etc/postfix/master.cf:
-#
-# policy unix - n n - - spawn
-# user=nobody argv=/usr/bin/perl /usr/libexec/postfix/smtpd-policy.pl
-#
-# To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
-#
-# smtpd_recipient_restrictions =
-# ...
-# reject_unauth_destination
-# check_policy_service unix:private/policy
-# ...
-#
-# NOTE: specify check_policy_service AFTER reject_unauth_destination
-# or else your system can become an open relay.
-#
-# To test this script by hand, execute:
-#
-# % perl smtpd-policy.pl
-#
-# Each query is a bunch of attributes. Order does not matter, and
-# the demo script uses only a few of all the attributes shown below:
-#
-# request=smtpd_access_policy
-# protocol_state=RCPT
-# protocol_name=SMTP
-# helo_name=some.domain.tld
-# queue_id=8045F2AB23
-# sender=foo@bar.tld
-# recipient=bar@foo.tld
-# client_address=1.2.3.4
-# client_name=another.domain.tld
-# [empty line]
-#
-# The policy server script will answer in the same style, with an
-# attribute list followed by a empty line:
-#
-# action=dunno
-# [empty line]
-#
-
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_address=208.210.125.227
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: client_name=newbabe.mengwong.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: helo_name=newbabe.mengwong.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_name=ESMTP
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: protocol_state=RCPT
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: queue_id=
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: recipient=mengwong@dumbo.pobox.com
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: request=smtpd_access_policy
-# Jul 23 18:43:29 dumbo/dumbo policyd[21171]: Attribute: sender=mengwong@newbabe.mengwong.com
-
-# ----------------------------------------------------------
-# initialization
-# ----------------------------------------------------------
-
-#
-# Log an error and abort.
-#
-sub fatal_exit {
- syslog(err => "fatal_exit: @_");
- syslog(warning => "fatal_exit: @_");
- syslog(info => "fatal_exit: @_");
- die "fatal: @_";
-}
-
-#
-# Unbuffer standard output.
-#
-select((select(STDOUT), $| = 1)[0]);
-
-#
-# This process runs as a daemon, so it can't log to a terminal. Use
-# syslog so that people can actually see our messages.
-#
-setlogsock $syslog_socktype;
-openlog $syslog_ident, $syslog_options, $syslog_facility;
-
-# ----------------------------------------------------------
-# main
-# ----------------------------------------------------------
-
-#
-# Receive a bunch of attributes, evaluate the policy, send the result.
-#
-my %attr;
-while (<STDIN>) {
- chomp;
- if (/=/) { my ($k, $v) = split (/=/, $_, 2); $attr{$k} = $v; next }
- elsif (length) { syslog(warning => sprintf("warning: ignoring garbage: %.100s", $_)); next; }
-
- if ($VERBOSE) {
- for (sort keys %attr) {
- syslog(debug => "Attribute: %s=%s", $_, $attr{$_});
- }
- }
-
- fatal_exit ("unrecognized request type: '$attr{request}'") unless $attr{request} eq "smtpd_access_policy";
-
- my $action = $DEFAULT_RESPONSE;
- my %responses;
- foreach my $handler (@HANDLERS) {
- no strict 'refs';
- my $response = $handler->(attr=>\%attr);
- syslog(debug => "handler %s: %s", $handler, $response);
- if ($response and $response !~ /^dunno/i) {
- syslog(info => "handler %s: %s is decisive.", $handler, $response);
- $action = $response; last;
- }
- }
-
- syslog(info => "decided action=%s", $action);
-
- print STDOUT "action=$action\n\n";
- %attr = ();
-}
-
-# ----------------------------------------------------------
-# plugin: SPF
-# ----------------------------------------------------------
-sub sender_permitted_from {
- local %_ = @_;
- my %attr = %{ $_{attr} };
-
- my $query = eval { new Mail::SPF::Query (ip =>$attr{client_address},
- sender=>$attr{sender},
- helo =>$attr{helo_name}) };
- if ($@) {
- syslog(info => "%s: Mail::SPF::Query->new(%s, %s, %s) failed: %s",
- $attr{queue_id}, $attr{client_address}, $attr{sender}, $attr{helo_name}, $@);
- return "DUNNO";
- }
- my ($result, $smtp_comment, $header_comment) = $query->result();
-
- syslog(info => "%s: SPF %s: smtp_comment=%s, header_comment=%s",
- $attr{queue_id}, $result, $smtp_comment, $header_comment);
-
- if ($result eq "fail") { return "REJECT $smtp_comment"; }
- elsif ($result eq "error") { return "DEFER_IF_PERMIT $smtp_comment"; }
- else { return "PREPEND Received-SPF: $result ($header_comment)"; }
-}
-
-# ----------------------------------------------------------
-# plugin: testing
-# ----------------------------------------------------------
-sub testing {
- local %_ = @_;
- my %attr = %{ $_{attr} };
-
- if (lc address_stripped($attr{sender}) eq
- lc address_stripped($attr{recipient})
- and
- $attr{recipient} =~ /policyblock/) {
-
- syslog(info => "%s: testing: will block as requested", $attr{queue_id});
- return "REJECT smtpd-policy blocking $attr{recipient}";
- }
- else {
- syslog(info => "%s: testing: stripped sender=%s, stripped rcpt=%s",
- $attr{queue_id},
- address_stripped($attr{sender}),
- address_stripped($attr{recipient}),
- );
-
- }
- return "DUNNO";
-}
-
-sub address_stripped {
- # my $foo = localpart_lhs('foo+bar@baz.com'); # returns 'foo@baz.com'
- my $string = shift;
- for ($string) {
- s/[+-].*\@/\@/;
- }
- return $string;
-}
<li> <p> The list of domains that are a member of the class: for
example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
-<li> <p> The default delivery method. For example, the local or
-smtp delivery agent. This helps to keep Postfix configurations
-simple. </p>
+<li> <p> The default delivery transport. For example, the local,
+virtual or relay delivery transport (delivery transports are defined
+in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple,
+by avoiding the need for explicit routing information in transport
+maps. </p>
<li> <p> The list of valid recipient addresses for that address
class. The Postfix SMTP server rejects invalid recipients with
<a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
<li> <p> The mail delivery transport is specified with the
-<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b>
local:$<a href="postconf.5.html#myhostname">myhostname</a></b>
+<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b>
<a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a></b>
for delivery with the <a href="local.8.html">local(8)</a> delivery agent. </p>
</ul>
unknown local recipients. See the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> file hints
and tips. </p>
-<li> <p> Introduction of the relay delivery transport in master.cf.
+<li> <p> Introduction of the relay delivery transport in <a href="master.5.html">master.cf</a>.
This helps to avoid mail delivery scheduling problems on inbound
mail relays when there is a lot of outbound mail, but may require
that you update your "<a href="postconf.5.html#defer_transports">defer_transports</a>" setting. </p>
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
-succeeds, then Postfix accepts mail for the recipient address. </p>
+succeeds, then Postfix accepts mail for the recipient address.
+However, recipient address verification probes can increase the
+load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
+<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
+maintains the shared connection cache. With Postfix version 2.2,
+only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
+
<blockquote>
<table>
-<tr> <td> Internet <-- </td> <td align="center" bgcolor="#f0f0ff">
-<br> <a href="smtp.8.html">smtp(8)</a> <br> </td> <td> <tt> <-> </tt> </td> <td
-align="center" bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> </td>
-<td> <tt> <-> </tt> </td> <td align="center" bgcolor="#f0f0ff">
-<br> <a href="smtp.8.html">smtp(8)</a> <br> </td> <td> --> Internet </td>
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+</tr>
+
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
+<td> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
</table>
</blockquote>
-<p> The <a href="scache.8.html">scache(8)</a> server, introduced with Postfix version 2.2,
-maintains the shared connection cache. With Postfix version 2.2,
-only the <a href="smtp.8.html">smtp(8)</a> client has support to access this cache. </p>
-
<p> When SMTP connection caching is enabled (see next section), the
<a href="smtp.8.html">smtp(8)</a> client does not disconnect after a mail transaction, but
gives the connection to the <a href="scache.8.html">scache(8)</a> server which keeps the
-connection open for a limited amount of time. </p>
+connection open for a limited amount of time. </p>
<p> After handing over the open connection to the <a href="scache.8.html">scache(8)</a> server,
the <a href="smtp.8.html">smtp(8)</a> client continues with some other mail delivery request.
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> = yes
</pre>
IP address), </p>
<li> <p> if mail is sent via a <a href="postconf.5.html#relayhost">relay host</a>: a <a href="postconf.5.html#relayhost">relay host</a> name (without
-the [] or non-default TCP port), as specified in main.cf or in the
+the [] or non-default TCP port), as specified in <a href="postconf.5.html">main.cf</a> or in the
transport map, </p>
<li> <p> a /file/name with domain names and/or <a href="postconf.5.html#relayhost">relay host</a> names as
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = $<a href="postconf.5.html#relayhost">relayhost</a>
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = hotmail.com, ...
<a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> = static:all (<i>not recommended</i>)
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix Cyrus Howto</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
-
-<hr>
-
-<p> This document will be made available via <a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
-
-</body>
-
-</html>
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
-tables for the more complicated work.
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
</ul>
<a href="postmap.1.html">postmap(1)</a> or <a href="postalias.1.html">postalias(1)</a> overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
-database rebuilds are atomic. </p>
+available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
+creates a new file, and renames the file upon successful completion.
+</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
-<p> Many commercial UNIXes ship without Berkeley DB support. Examples
-are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
+<p> Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
Berkeley DB support you need to download and install the source
-code from <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a> </p>
+code from <a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
-program will dump core because either the system library, SASL
+program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
-<a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>, use something like: </p>
+source code, use something like: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> More information is available at <a href="http://www.sleepycat.com/">http://www.sleepycat.com/</a>. </p>
+<p> More information is available at
+<a href="http://www.oracle.com/database/berkeley-db/">http://www.oracle.com/database/berkeley-db/</a>. </p>
</body>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
-<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
-Postfix cannot proceed until this is fixed. </p>
+<li> <p> "<b>error</b>" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
</ul>
<p> These reports contain information that is generated by Postfix
-delivery agents. Since these run as daemon processes and do not
+delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
-you need to specify a large enough buffer with the "-s" option or
-else you will miss some or all of the packet payload. </p>
+you need to specify a large enough buffer with the "<b>-s</b>"
+option or else you will miss some or all of the packet payload.
+</p>
<blockquote>
<pre>
-# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
+# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
+<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
+use "<b>-s 2000</b>" instead. </p>
+
<p> Run this for a while, stop with Ctrl-C when done. To view the
-data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
-utility that is available from <a href="ftp://ftp.porcupine.org/pub/debugging/">ftp://ftp.porcupine.org/pub/debugging/</a>.
+data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/<a href="master.5.html">master.cf</a> and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
-Example: </p>
+For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> This makes the Postfix SMTP server more verbose. To diagnose
-problems with address rewriting one would specify a "<b>-v</b>"
+<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the <a href="cleanup.8.html">cleanup(8)</a> and/or <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> daemon, and to
-diagnose problems with mail delivery one would specify a "<b>-v</b>"
+diagnose problems with mail delivery specify a "<b>-v</b>"
option for the <a href="qmgr.8.html">qmgr(8)</a> or <a href="qmgr.8.html">oqmgr(8)</a> queue manager, or for the <a href="lmtp.8.html">lmtp(8)</a>,
<a href="local.8.html">local(8)</a>, <a href="pipe.8.html">pipe(8)</a>, <a href="smtp.8.html">smtp(8)</a>, or <a href="virtual.8.html">virtual(8)</a> delivery agent. </p>
<li> <p> Postfix logging. See the text at the top of the <a href="DEBUG_README.html">DEBUG_README</a>
document to find out where logging is stored. Please do not frustrate
-the helpers by word wrapping the logging. </p>
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
-information consistently. Replace each letter by "A", each digit
+email addresses and host names consistently. Replace each letter
+by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
-<a href="postconf.5.html">main.cf</a> file or 400+ lines of <b>postconf</b> output. </p>
+<a href="postconf.5.html">main.cf</a> file, or 500+ lines of <b>postconf</b> output. </p>
-<li> <p> Better, provide output from the <b>postfinger</b> tool.
+<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at <a href="http://ftp.wl0.org/SOURCES/postfinger">http://ftp.wl0.org/SOURCES/postfinger</a>. </p>
<li> <p> If the problem is SASL related, consider including the
including output from the <b>qshape</b> tool, as described in the
<a href="QSHAPE_README.html">QSHAPE_README</a> file. </p>
-<li> <p> If the problem is protocol related (connections time out
+<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>
</ul>
<p> The implementation of DSN support involves extra parameters to
-the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>
not delivered via the connection that was used for sending ETRN.
</p>
-<p> Postfix versions before 1.0 (also known as version 20010228)
-implemented the ETRN command in an inefficient manner: they simply
-attempted to deliver all queued mail. This is slow on mail servers
-that queue mail for many customers. </p>
-
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
-<b>quit</b>
+<b>QUIT</b>
221 Bye
</pre>
</blockquote>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
+Access to this feature is controlled with the <a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a>
+configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
-perform well when queue files have recipients in many different
-domains. </p>
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+</p>
<li> <p> The <a href="flush.8.html">flush(8)</a> daemon maintains per-destination logfiles
only for destinations listed with $<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a>. With other
-destinations it not possible to trigger delivery with "sendmail
+destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
the list of message delivery transports specified with the
<a href="postconf.5.html#defer_transports">defer_transports</a> configuration parameter. </p>
+<li> <p> Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an <a href="QSHAPE_README.html#incoming_queue">incoming queue</a> scan is already in progress.
+</p>
+
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
<p> The behavior of the <a href="flush.8.html">flush(8)</a> daemon is controlled by parameters
-in the main.cf configuration file. </p>
+in the <a href="postconf.5.html">main.cf</a> configuration file. </p>
<p> By default, Postfix "fast ETRN" service is available only for
destinations that Postfix is willing to relay mail to: </p>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>
<a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, reject
</pre>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> = $<a href="postconf.5.html#relay_domains">relay_domains</a>, some.other.domain
</pre>
</blockquote>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> =
</pre>
</blockquote>
<blockquote>
<pre>
- 1 /etc/postfix/master.cf:
+ 1 /etc/postfix/<a href="master.5.html">master.cf</a>:
2 # =============================================================
3 # service type private unpriv chroot wakeup maxproc command
4 # (yes) (yes) (yes) (never) (100)
7 relay unix - - n - - smtp
8 etrn-only unix - - n - - smtp
9
-10 /etc/postfix/main.cf:
+10 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
11 <a href="postconf.5.html#relay_domains">relay_domains</a> = customer.tld ...other domains...
12 <a href="postconf.5.html#defer_transports">defer_transports</a> = etrn-only
13 <a href="postconf.5.html#transport_maps">transport_maps</a> = hash:/etc/postfix/transport
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.other.customer.domain</b>
+<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn not.a.customer.domain</b>
+<b>ETRN not.a.customer.domain</b>
459 <not.a.customer.domain>: service unavailable
</pre>
</blockquote>
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
-approach that is described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> document,
+approaches described in the <a href="SMTPD_PROXY_README.html">SMTPD_PROXY_README</a> or <a href="MILTER_README.html">MILTER_README</a>
+documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
<h2><a name="principles">Principles of operation</a> </h2>
-<p> An external content filter receives unfiltered mail from Postfix
-(as described further below) and does one of the following: </p>
+<p> An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
+<li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail (by sending a suitable status code back to
- Postfix). Postfix will return the mail to the sender. </p>
+ Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
<h2><a name="simple_filter">Simple content filter example</a></h2>
-<p> The first example is simple to set up. Postfix receives
+<p> The first example is simple to set up, but has major limitations
+that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the <a href="smtpd.8.html">smtpd(8)</a> server, and
delivers unfiltered mail to a content filter with the Postfix
<a href="pipe.8.html">pipe(8)</a> delivery agent. The content filter injects filtered mail
<ul>
-<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
-otherwise it disables address rewriting of message headers. </p>
+<li> <p> Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers. This option does
+nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
-here. It will mis-deliver mail, like sending mailing list mail back
-to the mailing list. </p>
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
-<li> <p> Line 22: If the mail cannot be captured to file, mail
+<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
-Postfix will return the message to the sender as undeliverable.
+Postfix will send the message back to the sender as undeliverable
+mail.
</p>
-<li> <p> Note: in this time of mail worms and spam, it is a BAD
+<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
-address is likely to be forged. It is safer to discard known to be
-bad content and to quarantine suspicious content so that it can
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
<blockquote>
<pre>
-% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
</pre>
</blockquote>
-o <a href="postconf.5.html#content_filter">content_filter</a>=filter:dummy
</pre>
-<p> The "<a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
+<p> The "
-o <a href="postconf.5.html#content_filter">content_filter</a>" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
-sendmail command. See examples near the end of this document for
+sendmail command (local submissions enter Postfix via the <a href="pickup.8.html">pickup(8)</a>
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
<li> <p> The "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
-8BITMIME support, even though they can handle it just fine. </p>
+8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o <a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a>=" is a workaround that prevents
local address rewriting with <a href="generic.5.html">generic(5)</a> maps. Such rewriting should
dangerous mail content - that is why it should be a separate account.
</p>
+<li> <p> By default, Postfix will terminate a command that runs
+longer than <a href="postconf.5.html#command_time_limit">command_time_limit</a> seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. </p>
+
</ul>
<p> If you want to have your filter listening on port localhost:10025
<ul>
-<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
+<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
-<li> <p> Note: the SMTP server must not have a smaller process
+<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" <a href="master.5.html">master.cf</a> entry. </p>
<li> <p> The "-o <a href="postconf.5.html#content_filter">content_filter</a>=" overrides <a href="postconf.5.html">main.cf</a> settings, and
requests no content filtering for mail from the content filter.
-This is required or else mail will stay in the content filtering
-loop. </p>
+This is required or else mail will loop. </p>
<li> <p> The "-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>" overrides <a href="postconf.5.html">main.cf</a> settings
to avoid duplicating work that was already done before the content
<li> <p> We specify "<a href="postconf.5.html#no_milters">no_milters</a>" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
- <li> <p> We don't specify "no_address_mapping" here. This
+ <li> <p> We don't specify "<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The <a href="postconf.5.html">main.cf</a> setting of "<a href="postconf.5.html#receive_override_options">receive_override_options</a>"
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<h2> <a name="1">1 - Purpose of this document</a> </h2>
-<p> This is a bootstrap document that helps you get Postfix up and
-running from scratch with the minimal number of steps. If you are
-using a pre-compiled version of Postfix, you should be reading the
-general Postfix documentation which aims to describe the system in
-more detail. This bootstrap document should not be considered part
-of the general Postfix documentation. </p>
+<p> If you are using a pre-compiled version of Postfix, you should
+start with <a href="BASIC_CONFIGURATION_README.html">BASIC_CONFIGURATION_README</a> and the general documentation
+referenced by it. <a href="INSTALL.html">INSTALL</a> is only a bootstrap document to get
+Postfix up and running from scratch with the minimal number of
+steps; it should not be considered part of the general documentation.
+</p>
<p> This document describes how to build, install and configure a
Postfix system so that it can do one of the following: </p>
</blockquote>
<p> Of particular interest is the <a href="postconf.5.html">postconf(5)</a> manual page that
-lists all the 400+ configuration parameters. The HTML version of
+lists all the 500+ configuration parameters. The HTML version of
this text makes it easy to navigate around. </p>
<p> All Postfix source files have their own built-in manual page.
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
Rhapsody 5.x <br>
-SunOS 4.1.4 (July 2006) <br>
-SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
+SunOS 4.1.4 (March 2007) <br>
+SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
</p>
</blockquote>
<p> On Solaris, the "make" command and other utilities for software
development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
-your command search path. </p>
+your command search path. If these files do not exist, install the
+development packages first. See the Solaris FAQ item "<a
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2">Which
+packages do I need to install to support a C compiler?</a>". </p>
<p> If you need to build Postfix for multiple architectures, use the
"lndir" command to build a shadow tree with symbolic links to the
<h3>4.5 - Support for thousands of processes</h3>
-<p> In order to build Postfix for very large applications, where you
-expect to run more than 1000 mail delivery processes, you may need to
-override the definition of the FD_SETSIZE macro to make select()
-work correctly: </p>
+<p> The number of connections that Postfix can manage simultaneously
+is limited by the number of processes that it can run. This number
+in turn is limited by the number of files and sockets that a single
+process can open. For example, the Postfix queue manager has a
+separate connection to each delivery process, and the <a href="anvil.8.html">anvil(8)</a>
+server has one connection per <a href="smtpd.8.html">smtpd(8)</a> process. </p>
+
+<p> Postfix version 2.4 and later have no built-in limits on the
+number of open files or sockets, when compiled on systems that
+support one of the following: </p>
+
+<ul>
+
+<li> BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
+
+<li> Solaris 8 /dev/poll,
+
+<li> Linux 2.6 epoll(4).
+
+</ul>
+
+
+<p> With other Postfix versions or operating systems, the number
+of file descriptors per process is limited by the value of the
+FD_SETSIZE macro. If you expect to run more than 1000 mail delivery
+processes, you may need to override the definition of the FD_SETSIZE
+macro to make select() work correctly: </p>
<blockquote>
<pre>
overriding the __FD_SETSIZE macro. Beware, undocumented interfaces
can change at any time and without warning. </p>
+<p> But wait, there is more: none of this will work unless the
+operating system is configured to handle thousands of connections.
+See the <a href="TUNING_README.html">TUNING_README</a> guide for examples of how to increase the
+number of open sockets or files. </p>
+
<h3>4.6 - Compiling Postfix, at last</h3>
<p> If the command </p>
<p> This text describes how to install Postfix from source code.
See the <a href="PACKAGE_README.html">PACKAGE_README</a> file if you are building a package for
-distribution to other systems. See auxiliary/MacOSX/README-<a href="INSTALL.html">INSTALL</a>.OSX
-for information about installing Postfix from source on Mac OS X.
-</p>
+distribution to other systems. </p>
<h3>6.1 - Save existing Sendmail binaries</h3>
<p> <a name="save">IMPORTANT</a>: if you are REPLACING an existing
Sendmail installation with Postfix, you may need to keep the old
sendmail program running for some time in order to flush the mail
-queue. As superuser, execute the following commands (your sendmail,
-newaliases and mailq programs may be in a different place): </p>
+queue. </p>
+
+<ul>
+
+<li> <p> Some systems implement a mail switch mechanism where
+different MTAs (Postfix, Sendmail, etc.) can be installed at the
+same time, while only one of them is actually being used. Examples
+of such switching mechanisms are the FreeBSD mailwrapper(8) or the
+Linux mail switch. In this case you should try to "flip" the switch
+to "Postfix" before installing Postfix. </p>
+
+<li> <p> If your system has no mail switch mechanism, execute the
+following commands (your sendmail, newaliases and mailq programs
+may be in a different place): </p>
-<blockquote>
<pre>
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
/usr/bin/mailq.OFF
</pre>
-</blockquote>
+
+</ul>
<h3>6.2 - Create account and groups</h3>
<ul>
+<li> <p> The interactive version ("make install") asks for pathnames
+for Postfix data and program files, and stores your preferences in
+the <a href="postconf.5.html">main.cf</a> file. <b> If you don't want Postfix to overwrite
+non-Postfix "sendmail", "mailq" and "newaliases" files, specify
+pathnames that end in ".postfix"</b>. </p>
+
<li> <p> The non-interactive version ("make upgrade") needs the
/etc/postfix/<a href="postconf.5.html">main.cf</a> file from a previous installation. If the file
does not exist, use interactive installation ("make install")
instead. </p>
-<li> <p> The interactive version offers suggestions for pathnames
-that you can override interactively, and stores your preferences
-in /etc/postfix/<a href="postconf.5.html">main.cf</a> for convenient future upgrades. </p>
-
</ul>
<h3>6.4 - Configure Postfix</h3>
Postfix on a virtual interface address. Simply configure your mail
user agent to directly invoke the Postfix sendmail program. </p>
+<p> To create a virtual network interface address, study your
+system ifconfig manual page. The command syntax could be any
+of: </p>
+
+<blockquote>
+<pre>
+# <b>ifconfig le0:1 <address> netmask <mask> up</b>
+# <b>ifconfig en0 alias <address> netmask 255.255.255.255</b>
+</pre>
+</blockquote>
+
<p> In the /etc/postfix/<a href="postconf.5.html">main.cf</a> file, I would specify </p>
<blockquote>
<h2><a name="example_group">Example: expanding LDAP groups</a></h2>
-<p> LDAP is frequently used to store group member information, and Postfix
-supports expanding a group's email address to the list of email addresses
-of the group members. There are a number of ways of handling LDAP groups,
-which will be illustrated via the mock LDAP entries and implied schema
-below. This shows two group entries "agroup" and "bgroup" and four
-user entries "auser", "buser", "cuser" and "duser". The group "agroup"
-has the users "auser" (1) and "buser" (2) as members via DN references
-in the multi-valued attribute "memberdn", and direct email addresses of
-two external users "auser@example.org" (3) and "buser@example.org" (4)
-stored in the multi-valued attribute "memberaddr". The same is true of
-"bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also has a
-"maildrop" attribute of "bgroup@mlm.example.com" (5): </p>
+<p>
+LDAP is frequently used to store group member information. There are a
+number of ways of handling LDAP groups. We will show a few examples in
+order of increasing complexity, but owing to the number of independent
+variables, we can only present a tiny portion of the solution space.
+We show how to:
+</p>
+
+<ol>
+
+<li> <p> query groups as lists of addresses; </p>
+
+<li> <p> query groups as lists of user objects containing addresses; </p>
+
+<li> <p> forward special lists unexpanded to a separate list server,
+for moderation or other processing; </p>
+
+<li> <p> handle complex schemas by controlling expansion and by treating
+leaf nodes specially, using features that are new in Postfix 2.4. </p>
+
+</ol>
+
+<p>
+The example LDAP entries and implied schema below show two group entries
+("agroup" and "bgroup") and four user entries ("auser", "buser", "cuser"
+and "duser"). The group "agroup" has the users "auser" (1) and "buser" (2)
+as members via DN references in the multi-valued attribute "memberdn", and
+direct email addresses of two external users "auser@example.org" (3) and
+"buser@example.org" (4) stored in the multi-valued attribute "memberaddr".
+The same is true of "bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but
+"bgroup" also has a "maildrop" attribute of "bgroup@mlm.example.com"
+(5): </p>
<blockquote>
<pre>
Always check tables using <a href="postmap.1.html">postmap(1)</a> with the "-q" option, before
deploying them into production use in <a href="postconf.5.html">main.cf</a>. </p>
-<p> Our second use case also expands "memberdn" attributes (1), (2),
+<p> Our second use case instead expands "memberdn" attributes (1), (2),
(6) and (7), follows the DN references and returns the "maildrop" of the
referenced user entries. Here we use the "special_result_attribute"
setting from <a href="ldap_table.5.html">ldap_table(5)</a> to designate the "memberdn" attribute
the group and the member DNs. In this case we choose "maildrop" and
assume for the moment that groups never have a "maildrop" (the "bgroup"
"maildrop" attribute is for a different use case). The returned data for
-"auser" and "buser" is from items (11) and (13) in the mock data. </p>
+"auser" and "buser" is from items (11) and (13) in the example data. </p>
<blockquote>
<pre>
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:special.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
</pre>
</blockquote>
<p> Note: if the desired member object result attribute is always also
-present in the group, you get suprising results, the expansion also
+present in the group, you get surprising results: the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in <a href="ldap_table.5.html">ldap_table(5)</a>. </p>
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q auser@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
auser@mailhub.example.com
$ postmap -q agroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
$ postmap -q bgroup@example.com <a href="ldap_table.5.html">ldap</a>:no_expand.cf <a href="ldap_table.5.html">ldap</a>:expand.cf
bgroup@mlm.example.com
</pre>
Victor Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+<li>Gunnar Wrobel provided a first implementation of a feature to
+limit LDAP search results to leaf nodes only. Victor generalized
+this into the Postfix 2.4 "leaf_result_attribute" feature. </li>
+
</ul>
And of course Wietse.
<h2>Berkeley DB issues</h2>
-<p> Warning: if you can't compile Postfix because the file "db.h"
+<p> If you can't compile Postfix because the file "db.h"
isn't found, then you MUST install the Berkeley DB development
package (name: db???-devel-???) that matches your system library.
You can find out what is installed with the rpm command. For example:
</blockquote>
<p> This means that you need to install db4-devel-4.3.29-2 (on
-some systems, specify <tt>/lib/libdb.so</tt> in the rpm query). </p>
+some systems, specify "<b>rpm -qf /lib/libdb.so</b>" instead). </p>
<p> DO NOT download some Berkeley DB version from the network.
Every Postfix program will dump core when it is built with a different
<p> On RedHat Linux 7.1 and later <b>procmail</b> no longer has
permission
-to write the mail spool directory. Workaround: chmod 1777
-/var/spool/mail.
-</p>
+to write the mail spool directory. Workaround: </p>
+
+<blockquote>
+<pre>
+# chmod 1777 /var/spool/mail
+</pre>
+</blockquote>
<h2>Syslogd performance</h2>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>
</pre>
</blockquote>
<blockquote>
<pre>
-/etc/postfix/main.cf:
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
</blockquote>
<p> That is, an empty value. With this setting, the Postfix SMTP
server will not reject mail with "User unknown in local recipient
-table". </p>
+table". <b> Don't do this on systems that receive mail directly
+from the Internet. With today's worms and viruses, Postfix will
+become a backscatter source: it accepts mail for non-existent
+recipients and then tries to return that mail as "undeliverable"
+to the often forged sender address</b>. </p>
<h2><a name="change">When you need to change the local_recipient_maps
setting in main.cf</a></h2>
<li> <p> Problem: you don't use the default Postfix <a href="local.8.html">local(8)</a>
delivery agent for domains matching $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a>,
or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. For example, you redefined the
- "<a href="postconf.5.html#local_transport">local_transport</a>" setting in main.cf. </p>
+ "<a href="postconf.5.html#local_transport">local_transport</a>" setting in <a href="postconf.5.html">main.cf</a>. </p>
<p> Solution: your <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> setting needs to specify
a database that lists all the known user names or addresses
specify: </p>
<pre>
-/etc/postfix/main.cf
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a> localhost.$<a href="postconf.5.html#mydomain">mydomain</a> localhost ...
<a href="postconf.5.html#local_transport">local_transport</a> = virtual
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
non-UNIX users: </p>
<pre>
-/etc/postfix/main.cf
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> = <a href="proxymap.8.html">proxy</a>:unix:passwd.byname, $<a href="postconf.5.html#alias_maps">alias_maps</a>,
<the database with non-UNIX accounts>
</pre>
</p>
<pre>
-/etc/postfix/main.cf
+/etc/postfix/<a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> =
</pre>
recipients that don't have UNIX home directories. </p>
<p> The following example shows how to use maildrop for some.domain
-and for someother.domain. </p>
+and for someother.domain. The example comes in two parts. </p>
+
+<p> Part 1 describes changes to the <a href="postconf.5.html">main.cf</a> file: </p>
<blockquote>
<pre>
<p> Note: Do not use the postfix user as the maildrop user. </p>
+<p> Part 2 describes changes to the <a href="master.5.html">master.cf</a> file: </p>
+
<blockquote>
<pre>
/etc/postfix/<a href="master.5.html">master.cf</a>:
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
-or to digitally sign mail (example: <a
+or to digitally sign mail (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
-<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
+<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
-$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
-$ <b>cd dk-milter-<i>x.y.z</i></b>
+$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
<blockquote>
<pre>
-# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
+# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
</pre>
</blockquote>
-<p> This happens because some Milter applications expect that the
+<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
-TO (recipient) command. Postfix queue file names must be unique
+TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
-file is created. If multiple messages were to use the same queue
-ID <i>simultaneously</i>, mail would be lost. </p>
+file is created; if multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost). </p>
-<p> To work around the ugly message header from Milter applications,
-we add a little code to the Milter source to look up the queue ID
-after Postfix receives the end of the message. </p>
+</ul>
+
+<p> If you experience the ugly header problem, see if a recent
+version of the Milter application fixes it. For example, current
+versions of dkim-filter and dk-filter already have code that looks
+up the Postfix queue ID at a later protocol stage. </p>
+
+<p> To fix the ugly message header with sid-filter applications,
+we change the source code, so that it does the queue ID lookup after
+Postfix receives the end of the message. </p>
<ul>
-<li> <p> Edit the filter source file (typically named
-<tt>dk-filter/dk-filter.c</tt> or similar). </p>
+<li> <p> Edit the filter source file (named
+<tt>sid-filter/sid-filter.c</tt>). </p>
+
+<li> <p> Look up the <tt>smfilter</tt> table and replace
+<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
+</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top shown as <b>bold</b> text below: </p>
+the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
+text below: </p>
</ul>
<blockquote>
<pre>
-dfc = cc->cctx_msg;
-assert(dfc != NULL);
+ assert(ctx != NULL);
+#endif /* !DEBUG */
<b>
-/* Determine the job ID for logging. */
-if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
- char *jobid = smfi_getsymval(ctx, "i");
- if (jobid != 0)
- dfc->mctx_jobid = jobid;
-}</b>
-
-/* get hostname; used in the X header and in new MIME boundaries */
+ ret = mlfi_eoh(ctx);
+ if (ret != SMFIS_CONTINUE)
+ return ret;</b>
</pre>
</blockquote>
<ul>
-<li> <p> Different mail filters use slightly different names for
-variables. If the above code does not compile, look for the code
-at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
-message. Fortunately, dk-filter logs that message only once. </p>
+message. Fortunately, sid-milter logs that message only once. </p>
</ul>
-<p> With some Milter applications we can fix both the WARNING and
-the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
-(or whatever routine logs the WARNING) until the end of the message.
-</p>
+<p> To fix the ugly message header with other Milter applications,
+you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
-<tt>sid-filter/sid-filter.c</tt> or similar). </p>
-
-<li> <p> Look up the <tt>smfilter</tt> table and replace
-<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
-</p>
+<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
-text below: </p>
+the top shown as <b>bold</b> text below: </p>
</ul>
<blockquote>
<pre>
- assert(ctx != NULL);
-#endif /* !DEBUG */
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
- ret = mlfi_eoh(ctx);
- if (ret != SMFIS_CONTINUE)
- return ret;</b>
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
+ char *jobid = smfi_getsymval(ctx, "i");
+ if (jobid != 0)
+ dfc->mctx_jobid = jobid;
+}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This works with sid-milter-0.2.10. Other Milter applications
-will dump core when you do this. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, many Milters log that message only once. </p>
</ul>
</pre>
</blockquote>
-<p> The solution is to use a Postfix version that supports the
-missing functionality. </p>
+<p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,
defer.8.html: bounce.8.html
rm -f $@
- ln -s $? $@
+ ln $? $@
discard.8.html: ../src/discard/discard.c
PATH=../mantools:$$PATH; \
lmtp.8.html: smtp.8.html
rm -f $@
- ln -s $? $@
+ ln $? $@
local.8.html: ../src/local/local.c
PATH=../mantools:$$PATH; \
trace.8.html: bounce.8.html
rm -f $@
- ln -s $? $@
+ ln $? $@
trivial-rewrite.8.html: ../src/trivial-rewrite/trivial-rewrite.c
PATH=../mantools:$$PATH; \
mailq.1.html: sendmail.1.html
rm -f $@
- ln -s $? $@
+ ln $? $@
newaliases.1.html: sendmail.1.html
PATH=../mantools:$$PATH; \
rm -f $@
- ln -s $? $@
+ ln $? $@
smtp-source.1.html: ../src/smtpstone/smtp-source.c
PATH=../mantools:$$PATH; \
<p> When delivering mail to a destination with multiple mail servers,
connection caching can help to skip over a non-responding server,
-and thus dramatically speed up delivery. </p>
+and thus dramatically speed up delivery. SMTP connection caching
+is available in Postfix version 2.2 and later. More information
+about this feature is in the <a href="CONNECTION_CACHE_README.html">CONNECTION_CACHE_README</a> document. </p>
<table>
-<tr> <td align="center" bgcolor="#f0f0ff"> <br> <a href="smtp.8.html">smtp(8)</a> <br>
- </td> <td> <tt> <-> </tt> </td> <td align="center"
-bgcolor="#f0f0ff"> <br> <a href="scache.8.html">scache(8)</a> <br> </td> <td> <tt>
-<-> </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br>
-<a href="smtp.8.html">smtp(8)</a> <br> </td>
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td colspan="2"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> <a href="qmgr.8.html">qmgr(8)</a> </td> <td> </td>
+<td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+</tr>
+
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> <a href="smtp.8.html">smtp(8)</a> </td> <td align="left"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
+<td> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> <a href="scache.8.html">scache(8)</a> </td> </tr>
</table>
<h2>General distributions: please provide a small default main.cf
file</h2>
-<p> The installed main.cf file must be small. PLEASE resist the
-temptation to list all 400+ parameters in the main.cf file. Postfix
-is supposed to be easy to configure. Listing all 400+ in main.cf
+<p> The installed <a href="postconf.5.html">main.cf</a> file must be small. PLEASE resist the
+temptation to list all parameters in the <a href="postconf.5.html">main.cf</a> file. Postfix
+is supposed to be easy to configure. Listing all parameters in <a href="postconf.5.html">main.cf</a>
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>
<p> You will be prompted for installation parameters. Specify an
install_root directory other than /. The <a href="postconf.5.html#mail_owner">mail_owner</a> and <a href="postconf.5.html#setgid_group">setgid_group</a>
-installation parameter settings will be recorded in the main.cf
+installation parameter settings will be recorded in the <a href="postconf.5.html">main.cf</a>
file, but they won't take effect until the package is unpacked and
installed on the destination machine. </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix qmail and ezmlm support</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix qmail and ezmlm support</h1>
-
-<hr>
-
-<p> This document will be made available via <a href="http://www.postfix.org/">http://www.postfix.org/</a>. </p>
-
-</body>
-
-</html>
<p> Policy delegation is now the preferred method for adding policies
to Postfix. It's much easier to develop a new feature in few lines
-of Perl, than trying to do the same in C code. The difference in
+of Perl, Python, Ruby, or TCL, than trying to do the same in C code.
+The difference in
performance will be unnoticeable except in the most demanding
environments. On active systems a policy daemon process is used
multiple times, for up to $<a href="postconf.5.html#max_use">max_use</a> incoming SMTP connections. </p>
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
- two-digit hecadecimal representation of the character value.
+ two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
<li> <p> Re-inject the mail back into Postfix via SMTP, perhaps
after changing its content and/or destination. </p>
+ <li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail by sending a suitable SMTP status code
back to Postfix. Postfix passes the status back to the remote
SMTP client. This way, Postfix does not have to send a bounce
This limit is not necessary if you receive all mail from a
trusted <a href="postconf.5.html#relayhost">relay host</a>. </p>
- <p> Note: this setting is ignored by the stable Postfix 2.1
- release. The feature will be available only in the experimental
- release until Postfix 2.2. </p>
+ <p> Note: this setting is available in Postfix version 2.2 and
+ later. Earlier Postfix versions will ignore it. </p>
<li> <p> The "-o <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>=127.0.0.1:10025" tells the
before filter SMTP server that it should give incoming mail to
for TLS. </p>
<p> You can disable TLS for a subset of destinations, while leaving
-it enabled for the rest. With the Postfix 2.3
+ TLS <a
+it enabled for the rest. With the Postfix 2.3
and later TLS <a
href="#client_tls_policy">policy table</a>, specify the "none"
security level. With the obsolete <a href="#client_tls_obs">per-site</a>
table, specify the "NONE" keyword. </p>
be ignored with a warning written to the mail logs. </p>
<p> You can enable opportunistic TLS just for selected destinations. With
-the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy table</a>,
+the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy table</a>,
specify the "may" security level. With the obsolete <a
href="#client_tls_obs">per-site</a> table, specify the "MAY" keyword.</p>
TLS encryption as the default security level. </p>
<p> You can enable mandatory TLS encryption just for specific destinations.
-With the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy
+With the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy
table</a>, specify the "encrypt" security level. With the
obsolete <a href="#client_tls_obs">per-site</a> table, specify the
"MUST_NOPEERMATCH" keyword. While the obsolete approach still works
-with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3+
+with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3 and later
should use the new TLS policy settings. </p>
<p> Examples: </p>
</blockquote>
<p> Postfix 2.2 syntax (no support for sub-domains without resorting to
-regexp tables). With Postfix 2.3
+, do not use the obsolete <a
+regexp tables). With Postfix 2.3
and later, do not use the obsolete <a
href="#client_tls_obs">per-site</a> table. </p>
<blockquote>
use the destination (for example, "[example.net]:587"), as the <a
href="#client_tls_obs">per-site</a> table lookup key (a recipient domain
or MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
do not use the obsolete <a href="#client_tls_obs">per-site</a> table;
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
</p>
<p> You can enable mandatory server certificate verification just
-for specific destinations. With the Postfix 2.3
+ TLS <a
+for specific destinations. With the Postfix 2.3
and later TLS <a
href="#client_tls_policy">policy table</a>, specify the "verify"
security level. With the obsolete <a href="#client_tls_obs">per-site</a>
table, specify the "MUST" keyword. While the obsolete approach
still works with Postfix 2.3, it is strongly discouraged: users of
-Postfix 2.3+ should use the new TLS policy settings. </p>
+Postfix 2.3 and later should use the new TLS policy settings. </p>
<p> Example: </p>
STARTTLS support. </p>
<p> You can enable secure TLS verification just for specific destinations.
-With the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy table</a>,
+With the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy table</a>,
specify the "secure" security level. With the obsolete
<a href="#client_tls_obs">per-site</a> table, specify the "MUST"
keyword and <a href="#client_tls_harden">harden</a> the certificate
verification against DNS forgery. While the obsolete approach still
-works with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3+
+works with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3
+and later
should use the new TLS policy settings. </p>
<p> Examples: </p>
</pre>
</blockquote>
-<p> Postfix 2.2.9+ syntax: </p>
+<p> Postfix 2.2.9 and later syntax: </p>
<p> <b>Note:</b> Avoid policy lookups with the bare hostname (for
example, "tls.example.com"). Instead, use the destination (for
example, "[tls.example.com]") as the <a
href="#client_tls_obs">per-site</a> table lookup key (a recipient domain
or MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
do not use the obsolete <a href="#client_tls_obs">per-site</a> table;
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
full destination nexthop (enclosed in [] with a possible ":port"
suffix) as the per-site table lookup key (a recipient domain or
MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
use of the obsolete approach documented here is strongly discouraged:
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
<p> For a general discussion of TLS security for SMTP see <a
href="#client_tls_limits">TLS limitations</a> above. What follows applies
only to Postfix 2.2.9 and subsequent Postfix 2.2 patch levels. Do
-not use this approach with Postfix 2.3+; instead see the instructions under <a
+not use this approach with Postfix 2.3
+and later; instead see the instructions under <a
href="#client_tls_secure">secure</a> server certificate verification. </p>
<p> As long as no secure DNS lookup mechanism is available, false
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: the <a href="anvil.8.html">anvil(8)</a> service was introduced with Postfix version
-2.2. </p>
+<p> Note: these features use the Postfix <a href="anvil.8.html">anvil(8)</a> service, introduced
+with Postfix version 2.2. </p>
<p> The Postfix <a href="smtpd.8.html">smtpd(8)</a> server can limit the number of simultaneous
-connections from the same SMTP client, as well as the number of
-connections that a client is allowed to make per unit time.
+connections from the same SMTP client, as well as the connection
+rate and the rate of certain SMTP commands from the same client.
These statistics are maintained by the <a href="anvil.8.html">anvil(8)</a> server (translation:
if <a href="anvil.8.html">anvil(8)</a> breaks, then connection limits stop working). </p>
-<p> IMPORTANT: These limits are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server
-against flagrant abuse. Do not use these limits to regulate legitimate
-traffic: mail will suffer grotesque delays if you do so. </p>
+<p> IMPORTANT: These limits must not be used to regulate legitimate
+traffic: mail will suffer grotesque delays if you do so. The limits
+are designed to protect the <a href="smtpd.8.html">smtpd(8)</a> server against abuse by
+out-of-control clients. </p>
-<ul>
+<blockquote>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>
-simultaneous connections (default: 50). This is half the default
-process limit. </p>
+<dl>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a>
-message delivery requests per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (default: 50) </dt> <dd>
+The maximum number of connections than an SMTP client may make
+simultaneously. </dd>
-<li> <p> An SMTP client may send up to $<a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a>
-recipient addresses per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of connections that an SMTP client may make
+in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
+60s). </dd>
-<li> <p> An SMTP client may make up to $<a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a>
-connections per unit time (default: no limit). </p>
+<dt> <a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (default: no limit) </dt> <dd>
+The maximum number of message delivery requests that an SMTP client
+may make in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
-<li> <p> These limits are not applied to SMTP clients in the networks
-specified with $<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default:
-clients in $<a href="postconf.5.html#mynetworks">mynetworks</a> may make an unlimited number of connections).
+<dt> <a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (default: no limit) </dt>
+<dd> The maximum number of recipient addresses that an SMTP client
+may specify in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a>
+(default: 60s). </dd>
-<li> <p> The <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> parameter specifies the time
-unit over which client connection rates are computed (default:
-60s).
+<dt> <a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (default: no limit)
+</dt> <dd> The maximum number of new TLS sessions (without using
+the TLS session cache) that an SMTP client may negotiate in the
+time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default: 60s).
+</dd>
-</ul>
+<dt> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)
+</dt> <dd> SMTP clients that are excluded from connection and rate
+limits specified above. </dd>
+
+</dl>
+
+</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
-the same time. </p>
+at the same time. </p>
<li> <p> The default <a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> of 20 seems
enough to noticeably load a system without bringing it to its knees.
<dl>
-<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 1000 seconds) </dt> <dd> How often
+<dt> <a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (default: 300 seconds; before Postfix 2.4:
+1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
-<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 1000 seconds) </dt> <dd> The
+<dt> <a href="postconf.5.html#minimal_backoff_time">minimal_backoff_time</a> (default: 300 seconds; before Postfix
+2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated <a href="postconf.5.html#fallback_relay">fallback_relay</a> "graveyard" machine for
-bad destinations so that they do not ruin the performance of normal
+bad destinations, so that these destinations do not ruin the
+performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
<ul>
+<li> <p> Depending on your Postfix and operating system versions
+you may need to recompile Postfix if you need more than 1024 file
+descriptors per process: </p>
+
+<ul> <li> <p> No recompilation is needed for Postfix version 2.4
+and later, when it was compiled for systems that support BSD kqueue(2)
+(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
+Linux 2.6 epoll(4). </p>
+
+<li> <p> Otherwise, Postfix needs to be recompiled to override the
+default FD_SETSIZE value. </p>
+
+</ul>
+
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
-/boot/loader.conf, and some can be changed with sysctl commands.
+/boot/loader.conf, and some can be specified in /etc/sysctl.conf
+or changed with sysctl commands.
Which is which depends on the version.
</p>
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
-and can also be changed with sysctl commands: </p>
+or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
-href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix and Ultrix </title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
-
-<hr>
-
-<h2> Postfix on Ultrix </h2>
-
-<p> This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. </p>
-
-<p> The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. </p>
-
-<blockquote>
-
-<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. </p>
-
-<p> . . . </p>
-
-<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps. I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-<p> . . . </p>
-
-<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. </p>
-
-<p> I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly? </p>
-
-</blockquote>
-
-<p> To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble. </p>
-
-<p> To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. </p>
-
-</body>
-
-</html>
<b>postmap -q - /etc/postfix/access</b> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix SMTP server supports access control on remote
- SMTP client information: host names, network addresses,
- and envelope sender or recipient addresses. See
- <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on
- the content of email messages.
-
- Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
- that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
- result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
- fast searching by the mail system. Execute the command
- "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
+ This document describes access control on remote SMTP
+ client information: host names, network addresses, and
+ envelope sender or recipient addresses; it is implemented
+ by the Postfix SMTP server. See <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) or
+ <b><a href="postconf.5.html#body_checks">body_checks</a></b>(5) for access control on the content of email
+ messages.
+
+ Normally, the <a href="access.5.html"><b>access</b>(5)</a> table is specified as a text file
+ that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The
+ result, an indexed file in <b>dbm</b> or <b>db</b> format, is used for
+ fast searching by the mail system. Execute the command
+ "<b>postmap /etc/postfix/access</b>" to rebuild an indexed file
after changing the corresponding text file.
- When the table is provided via other means such as NIS,
- LDAP or SQL, the same lookups are done as for ordinary
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
indexed files.
- Alternatively, the table can be provided as a regular-
+ Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
- sions, or lookups can be directed to TCP-based server. In
- those cases, the lookups are done in a slightly different
- way as described below under "REGULAR EXPRESSION TABLES"
+ sions, or lookups can be directed to TCP-based server. In
+ those cases, the lookups are done in a slightly different
+ way as described below under "REGULAR EXPRESSION TABLES"
or "TCP-BASED TABLES".
<b>CASE FOLDING</b>
- The search string is folded to lowercase before database
- lookup. As of Postfix 2.3, the search string is not case
- folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
+ The search string is folded to lowercase before database
+ lookup. As of Postfix 2.3, the search string is not case
+ folded with database types such as <a href="regexp_table.5.html">regexp</a>: or <a href="pcre_table.5.html">pcre</a>: whose
lookup fields can match both upper and lower case.
<b>TABLE FORMAT</b>
address, perform the corresponding <i>action</i>.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A logical line starts with non-whitespace text. A
- line that starts with whitespace continues a logi-
+ A logical line starts with non-whitespace text. A
+ line that starts with whitespace continues a logi-
cal line.
<b>EMAIL ADDRESS PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, patterns are
+ networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain</i>
Matches the specified mail address.
<i>domain.tld</i>
- Matches <i>domain.tld</i> as the domain part of an email
+ Matches <i>domain.tld</i> as the domain part of an email
address.
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
- figuration setting (note that this is the default
- for some versions of Postfix). Otherwise, specify
- <i>.domain.tld</i> (note the initial dot) in order to
+ the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
+ figuration setting (note that this is the default
+ for some versions of Postfix). Otherwise, specify
+ <i>.domain.tld</i> (note the initial dot) in order to
match subdomains.
- <i>user</i>@ Matches all mail addresses with the specified user
+ <i>user</i>@ Matches all mail addresses with the specified user
part.
- Note: lookup of the null sender address is not possible
- with some types of lookup table. By default, Postfix uses
- <> as the lookup key for such addresses. The value is
- specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b> parameter
+ Note: lookup of the null sender address is not possible
+ with some types of lookup table. By default, Postfix uses
+ <> as the lookup key for such addresses. The value is
+ specified with the <b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a></b> parameter
in the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>EMAIL ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
- ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
- becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
+ ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
+ becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>domain</i>, <i>user+foo</i>@,
and <i>user</i>@.
<b>HOST NAME/ADDRESS PATTERNS</b>
With lookups from indexed files such as DB or DBM, or from
- networked tables such as NIS, LDAP or SQL, the following
+ networked tables such as NIS, LDAP or SQL, the following
lookup patterns are examined in the order as listed:
<i>domain.tld</i>
The pattern <i>domain.tld</i> also matches subdomains, but
only when the string <b>smtpd_access_maps</b> is listed in
- the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
+ the Postfix <b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a></b> con-
figuration setting. Otherwise, specify <i>.domain.tld</i>
- (note the initial dot) in order to match subdo-
+ (note the initial dot) in order to match subdo-
mains.
<i>net.work.addr.ess</i>
<i>net.work</i>
- <i>net</i> Matches the specified IPv4 host address or subnet-
- work. An IPv4 host address is a sequence of four
+ <i>net</i> Matches the specified IPv4 host address or subnet-
+ work. An IPv4 host address is a sequence of four
decimal octets separated by ".".
- Subnetworks are matched by repeatedly truncating
+ Subnetworks are matched by repeatedly truncating
the last ".octet" from the remote IPv4 host address
- string until a match is found in the access table,
+ string until a match is found in the access table,
or until further truncation is not possible.
- NOTE 1: The information in the access map should be
- in canonical form, with unnecessary null characters
- eliminated. Address information must not be
- enclosed with "[]" characters.
+ NOTE 1: The access map lookup key must be in canon-
+ ical form: do not specify unnecessary null charac-
+ ters, and do not enclose network address informa-
+ tion with "[]" characters.
- NOTE 2: use the <b>cidr</b> lookup table type to specify
+ NOTE 2: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
details.
<i>net:work</i>
- <i>net</i> Matches the specified IPv6 host address or subnet-
- work. An IPv6 host address is a sequence of three
- to eight hexadecimal octet pairs separated by ":".
+ <i>net</i> Matches the specified IPv6 host address or subnet-
+ work. An IPv6 host address is a sequence of three
+ to eight hexadecimal octet pairs separated by ":".
- Subnetworks are matched by repeatedly truncating
- the last ":octetpair" from the remote IPv6 host
+ Subnetworks are matched by repeatedly truncating
+ the last ":octetpair" from the remote IPv6 host
address string until a match is found in the access
table, or until further truncation is not possible.
the string representation of the IPv6 host address.
Thus, not all the ":" subnetworks will be tried.
- NOTE 2: The information in the access map should be
- in canonical form, with unnecessary null characters
- eliminated. Address information must not be
- enclosed with "[]" characters.
+ NOTE 2: The access map lookup key must be in canon-
+ ical form: do not specify unnecessary null charac-
+ ters, and do not enclose network address informa-
+ tion with "[]" characters.
- NOTE 3: use the <b>cidr</b> lookup table type to specify
+ NOTE 3: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for
details.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
- mat is generated by address-based relay authoriza-
+ mat is generated by address-based relay authoriza-
tion schemes such as pop-before-smtp.
<b>REJECT ACTIONS</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
- at the beginning of the <i>text</i> below, Postfix inserts a
- default enhanced status code of "5.7.1" in the case of
- reject actions, and "4.7.1" in the case of defer actions.
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When no code is specified
+ at the beginning of the <i>text</i> below, Postfix inserts a
+ default enhanced status code of "5.7.1" in the case of
+ reject actions, and "4.7.1" in the case of defer actions.
See "ENHANCED STATUS CODES" below.
<b>4</b><i>NN text</i>
<b>5</b><i>NN text</i>
- Reject the address etc. that matches the pattern,
+ Reject the address etc. that matches the pattern,
and respond with the numerical three-digit code and
- text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
+ text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
"do not try again".
- The reply code "421" causes Postfix to disconnect
+ The reply code "421" causes Postfix to disconnect
immediately (Postfix version 2.3 and later).
<b>REJECT</b> <i>optional text...</i>
- Reject the address etc. that matches the pattern.
- Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
- optional text is specified, otherwise reply with a
+ Reject the address etc. that matches the pattern.
+ Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
+ optional text is specified, otherwise reply with a
generic error response message.
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a REJECT action. Reply with "<b>450 4.7.1</b>
- <i>optional text...</i> when the optional text is speci-
+ Defer the request if some later restriction would
+ result in a REJECT action. Reply with "<b>450 4.7.1</b>
+ <i>optional text...</i> when the optional text is speci-
fied, otherwise reply with a generic error response
message.
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
- Defer the request if some later restriction would
- result in a an explicit or implicit PERMIT action.
- Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
- optional text is specified, otherwise reply with a
+ Defer the request if some later restriction would
+ result in a an explicit or implicit PERMIT action.
+ Reply with "<b>450 4.7.1</b> <i>optional text...</i> when the
+ optional text is specified, otherwise reply with a
generic error response message.
This feature is available in Postfix 2.1 and later.
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action currently affects all recipients
- of the message. To discard only one recipient
- without discarding the entire message, use the
+ Note: this action currently affects all recipients
+ of the message. To discard only one recipient
+ without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
service.
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the lookup key was not found. This
- prevents Postfix from trying substrings of the
- lookup key (such as a subdomain name, or a network
+ <b>DUNNO</b> Pretend that the lookup key was not found. This
+ prevents Postfix from trying substrings of the
+ lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
- After the message is queued, send the entire mes-
+ After the message is queued, send the entire mes-
sage through the specified external content filter.
- The <i>transport:destination</i> syntax is described in
- the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
- about external content filters is in the Postfix
+ The <i>transport:destination</i> syntax is described in
+ the <a href="transport.5.html"><b>transport</b>(5)</a> manual page. More information
+ about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
- Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
- recipients of the message.
+ Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and currently affects all recipients of the
+ message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Place the message on the <b>hold</b> queue, where it will
- sit until someone either deletes it or releases it
- for delivery. Log the optional text if specified,
+ Place the message on the <b>hold</b> queue, where it will
+ sit until someone either deletes it or releases it
+ for delivery. Log the optional text if specified,
otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
+ longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts.
- Note: this action currently affects all recipients
+ Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
- Prepend the specified message header to the mes-
- sage. When more than one PREPEND action executes,
- the first prepended header appears before the sec-
+ Prepend the specified message header to the mes-
+ sage. When more than one PREPEND action executes,
+ the first prepended header appears before the sec-
ond etc. prepended header.
- Note: this action must execute before the message
- content is received; it cannot execute in the con-
+ Note: this action must execute before the message
+ content is received; it cannot execute in the con-
text of <b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a></b>.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- After the message is queued, send the message to
+ After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
- Note: this action overrides the FILTER action, and
+ Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
Log a warning with the optional text, together with
- client information and if available, with helo,
+ client information and if available, with helo,
sender, recipient and protocol information.
This feature is available in Postfix 2.1 and later.
<b>ENHANCED STATUS CODES</b>
- Postfix version 2.3 and later support enhanced status
- codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
- code is specified in an access table, it is subject to
- modification. The following transformations are needed
- when the same access table is used for client, helo,
- sender, or recipient access restrictions; they happen
+ Postfix version 2.3 and later support enhanced status
+ codes as defined in <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a>. When an enhanced status
+ code is specified in an access table, it is subject to
+ modification. The following transformations are needed
+ when the same access table is used for client, helo,
+ sender, or recipient access restrictions; they happen
regardless of whether Postfix replies to a MAIL FROM, RCPT
TO or other SMTP command.
- <b>o</b> When a sender address matches a REJECT action, the
- Postfix SMTP server will transform a recipient DSN
- status (e.g., 4.1.1-4.1.6) into the corresponding
+ <b>o</b> When a sender address matches a REJECT action, the
+ Postfix SMTP server will transform a recipient DSN
+ status (e.g., 4.1.1-4.1.6) into the corresponding
sender DSN status, and vice versa.
- <b>o</b> When non-address information matches a REJECT
- action (such as the HELO command argument or the
- client hostname/address), the Postfix SMTP server
- will transform a sender or recipient DSN status
- into a generic non-address DSN status (e.g.,
+ <b>o</b> When non-address information matches a REJECT
+ action (such as the HELO command argument or the
+ client hostname/address), the Postfix SMTP server
+ will transform a sender or recipient DSN status
+ into a generic non-address DSN status (e.g.,
4.0.0).
<b>REGULAR EXPRESSION TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
+ a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
+ cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
- <i>user@domain</i> mail addresses are not broken up into their
+ <i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
- Patterns are applied in the order as specified in the ta-
- ble, until a pattern is found that matches the search
+ Patterns are applied in the order as specified in the ta-
+ ble, until a pattern is found that matches the search
string.
- Actions are the same as with indexed file lookups, with
- the additional feature that parenthesized substrings from
+ Actions are the same as with indexed file lookups, with
+ the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.4.
- Each lookup operation uses the entire query string once.
- Depending on the application, that string is an entire
+ Each lookup operation uses the entire query string once.
+ Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
- mail address. Thus, no parent domain or parent network
- search is done, <i>user@domain</i> mail addresses are not broken
- up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
+ mail address. Thus, no parent domain or parent network
+ search is done, <i>user@domain</i> mail addresses are not broken
+ up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
- The following example uses an indexed file, so that the
- order of table entries does not matter. The example per-
- mits access by the client at address 1.2.3.4 but rejects
- all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
- tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
- <b>-m</b>" to find out what lookup tables Postfix supports on
+ The following example uses an indexed file, so that the
+ order of table entries does not matter. The example per-
+ mits access by the client at address 1.2.3.4 but rejects
+ all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
+ tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
+ <b>-m</b>" to find out what lookup tables Postfix supports on
your system.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
editing the file.
<b>BUGS</b>
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
In this preliminary implementation, a count (or rate) lim-
ited server can have only one remote client at a time. If
- a server reports multiple simultaneous clients, all but
- the last reported client are ignored.
+ a server reports multiple simultaneous clients, state is
+ kept only for the last reported client.
The <a href="anvil.8.html"><b>anvil</b>(8)</a> server automatically discards client request
information after it expires. To prevent the <a href="anvil.8.html"><b>anvil</b>(8)</a>
<b>o</b> Append a recipient (non-)delivery status record to
a per-message log file.
- <b>o</b> Enqueue a bounce message, with a copy of a per-mes-
- sage log file and of the corresponding message.
- When the bounce message is enqueued successfully,
- the per-message log file is deleted.
+ <b>o</b> Enqueue a delivery status notification message,
+ with a copy of a per-message log file and of the
+ corresponding message. When the delivery status
+ notification message is enqueued successfully, the
+ per-message log file is deleted.
The software does a best notification effort. A non-deliv-
- ery notification is sent even when the log file or the
+ ery notification is sent even when the log file or the
original message cannot be read.
- Optionally, a bounce (defer, trace) client can request
- that the per-message log file be deleted when the
- requested operation fails. This is used by clients that
- cannot retry transactions by themselves, and that depend
+ Optionally, a bounce (defer, trace) client can request
+ that the per-message log file be deleted when the
+ requested operation fails. This is used by clients that
+ cannot retry transactions by themselves, and that depend
on retry logic in their own client.
<b>STANDARDS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
<a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
Use the command "<b>postfix reload</b>" to speed up a change.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
- The recipient of undeliverable mail that cannot be
+ The recipient of undeliverable mail that cannot be
returned to the sender.
<b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
- Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
can be read by Postfix versions before 2.0.
<b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
+ The recipient of postmaster notifications with the
message headers of mail that Postfix did not
- deliver and of SMTP conversation transcripts of
+ deliver and of SMTP conversation transcripts of
mail that Postfix did not receive.
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
sent in a non-delivery notification.
<b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
- Pathname of a configuration file with bounce mes-
+ Pathname of a configuration file with bounce mes-
sage templates.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications with the
- message headers of mail that cannot be delivered
+ The recipient of postmaster notifications with the
+ message headers of mail that cannot be delivered
within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
<b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive
+ The time between attempts to acquire an exclusive
lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are sub-
- ject to before-queue content inspection by
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
bounced mail.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for an incoming connection
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of incoming connections that a
- Postfix daemon process will service before termi-
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
nating voluntarily.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
- The location of the Postfix top-level queue direc-
+ The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>FILES</b>
syslogd(8), system logging
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
redundant zero characters.
Note: address information may be enclosed inside
- "[]" but this form is not recommended.
+ "[]" but this form is not required.
IPv6 support is available in Postfix 2.2 and later.
+++ /dev/null
-bounce.8.html
\ No newline at end of file
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - bounce(8) </title>
+</head> <body> <pre>
+BOUNCE(8) BOUNCE(8)
+
+<b>NAME</b>
+ bounce - Postfix delivery status reports
+
+<b>SYNOPSIS</b>
+ <b>bounce</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with
+ delivery status information. Each log file is named after
+ the queue file that it corresponds to, and is kept in a
+ queue subdirectory named after the service name in the
+ <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>). This pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service
+ requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to
+ a per-message log file.
+
+ <b>o</b> Enqueue a delivery status notification message,
+ with a copy of a per-message log file and of the
+ corresponding message. When the delivery status
+ notification message is enqueued successfully, the
+ per-message log file is deleted.
+
+ The software does a best notification effort. A non-deliv-
+ ery notification is sent even when the log file or the
+ original message cannot be read.
+
+ Optionally, a bounce (defer, trace) client can request
+ that the per-message log file be deleted when the
+ requested operation fails. This is used by clients that
+ cannot retry transactions by themselves, and that depend
+ on retry logic in their own client.
+
+<b>STANDARDS</b>
+ <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
+ <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
+ <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8).
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
+ <a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
+ Use the command "<b>postfix reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See
+ <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be
+ returned to the sender.
+
+ <b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
+ can be read by Postfix versions before 2.0.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the
+ message headers of mail that Postfix did not
+ deliver and of SMTP conversation transcripts of
+ mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is
+ sent in a non-delivery notification.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce mes-
+ sage templates.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
+ built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the
+ message headers of mail that cannot be delivered
+ within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclu-
+ sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive
+ lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information
+ over an internal communication channel.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received:
+ headers, in the SMTP greeting banner, and in
+ bounced mail.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the
+ postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue direc-
+ tory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
+ becomes, for example, "postfix/smtpd".
+
+<b>FILES</b>
+ /var/spool/postfix/bounce/* non-delivery records
+ /var/spool/postfix/defer/* non-delivery records
+ /var/spool/postfix/trace/* delivery status records
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce message template format
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ BOUNCE(8)
+</pre> </body> </html>
HEADER_CHECKS(5) HEADER_CHECKS(5)
<b>NAME</b>
- <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in header/body inspection
+ <a href="postconf.5.html#header_checks">header_checks</a> - Postfix built-in content inspection
<b>SYNOPSIS</b>
<b><a href="postconf.5.html#header_checks">header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/header_checks</b>
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/nested_header_checks</b>
<b><a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks</b>
- <b>postmap -
fq "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
- <b>postmap -
fq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+ <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
- The Postfix <a href="cleanup.8.html"><b>cleanup</b>(8)</a> server supports access control on
- the content of message headers and message body lines.
- See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
+ This document describes access control on the content of
+ message headers and message body lines; it is implemented
+ by the Postfix <a href="cleanup.8.html">cleanup(8)</a> server before mail is queued.
+ See <a href="access.5.html"><b>access</b>(5)</a> for access control on remote SMTP client
information.
- Each message header or message body line is compared
- against a list of patterns. When a match is found the
+ Each message header or message body line is compared
+ against a list of patterns. When a match is found the
corresponding action is executed, and the matching process
- is repeated for the next message header or message body
+ is repeated for the next message header or message body
line.
- For examples, see the EXAMPLES section at the end of this
+ For examples, see the EXAMPLES section at the end of this
manual page.
Postfix header or <a href="postconf.5.html#body_checks">body_checks</a> are designed to stop a flood
- of mail from worms or viruses; they do not decode attach-
- ments, and they do not unzip archives. See the documents
- referenced below in the README FILES section if you need
+ of mail from worms or viruses; they do not decode attach-
+ ments, and they do not unzip archives. See the documents
+ referenced below in the README FILES section if you need
more sophisticated content analysis.
Postfix supports four built-in content inspection classes:
<b><a href="postconf.5.html#header_checks">header_checks</a></b>
- These are applied to initial message headers
- (except for the headers that are processed with
+ These are applied to initial message headers
+ (except for the headers that are processed with
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
<b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to MIME related message headers
+ These are applied to MIME related message headers
only.
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
- These are applied to message headers of attached
- email messages (except for the headers that are
+ These are applied to message headers of attached
+ email messages (except for the headers that are
processed with <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>).
This feature is available in Postfix 2.0 and later.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
- These are applied to all other content, including
+ These are applied to all other content, including
multi-part message boundaries.
With Postfix versions before 2.0, all content after
tent.
Note: message headers are examined one logical header at a
- time, even when a message header spans multiple lines.
+ time, even when a message header spans multiple lines.
Body lines are always examined one line at a time.
<b>TABLE FORMAT</b>
- This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
- are specified in the form of Postfix regular expression
- lookup tables. Usually the best performance is obtained
+ This document assumes that header and <a href="postconf.5.html#body_checks">body_checks</a> rules
+ are specified in the form of Postfix regular expression
+ lookup tables. Usually the best performance is obtained
with <b>pcre</b> (Perl Compatible Regular Expression) tables, but
- the slower <b>regexp</b> (POSIX regular expressions) support is
- more widely available. Use the command "<b>postconf -m</b>" to
- find out what lookup table types your Postfix system sup-
+ the slower <b>regexp</b> (POSIX regular expressions) support is
+ more widely available. Use the command "<b>postconf -m</b>" to
+ find out what lookup table types your Postfix system sup-
ports.
The general format of Postfix regular expression tables is
- given below. For a discussion of specific pattern or
- flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
+ given below. For a discussion of specific pattern or
+ flags
syntax, see <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a> or <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a>,
respectively.
<b>/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> matches the input string, execute the
- corresponding <i>action</i>. See below for a list of pos-
+ When <i>pattern</i> matches the input string, execute the
+ corresponding <i>action</i>. See below for a list of pos-
sible actions.
<b>!/</b><i>pattern</i><b>/</b><i>flags action</i>
- When <i>pattern</i> does <b>not</b> match the input string, exe-
+ When <i>pattern</i> does <b>not</b> match the input string, exe-
cute the corresponding <i>action</i>.
<b>if /</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string also
- matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>if</b> and <b>endif</b>, if and only if the same input string
+ also matches <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
- Note: do not prepend whitespace to patterns inside
+ Note: do not prepend whitespace to patterns inside
<b>if</b>..<b>endif</b>.
<b>if !/</b><i>pattern</i><b>/</b><i>flags</i>
<b>endif</b> Match the input string against the patterns between
- <b>if</b> and <b>endif</b>, if and only if the input string does
- <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
+ <b>if</b> and <b>endif</b>, if and only if the same input string
+ does <b>not</b> match <i>pattern</i>. The <b>if</b>..<b>endif</b> can nest.
blank lines and comments
- Empty lines and whitespace-only lines are ignored,
- as are lines whose first non-whitespace character
+ Empty lines and whitespace-only lines are ignored,
+ as are lines whose first non-whitespace character
is a `#'.
multi-line text
- A pattern/action line starts with non-whitespace
- text. A line that starts with whitespace continues
+ A pattern/action line starts with non-whitespace
+ text. A line that starts with whitespace continues
a logical line.
<b>TABLE SEARCH ORDER</b>
- For each line of message input, the patterns are applied
- in the order as specified in the table. When a pattern is
- found that matches the input line, the corresponding
- action is executed and then the next input line is
+ For each line of message input, the patterns are applied
+ in the order as specified in the table. When a pattern is
+ found that matches the input line, the corresponding
+ action is executed and then the next input line is
inspected.
<b>TEXT SUBSTITUTION</b>
- Substitution of substrings from the matched expression
- into the <i>action</i> string is possible using the conventional
- Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
- string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
+ Substitution of substrings from the matched expression
+ into the <i>action</i> string is possible using the conventional
+ Perl syntax (<b>$1</b>, <b>$2</b>, etc.). The macros in the result
+ string may need to be written as <b>${n}</b> or <b>$(n)</b> if they
aren't followed by whitespace.
- Note: since negated patterns (those preceded by <b>!</b>) return
+ Note: since negated patterns (those preceded by <b>!</b>) return
a result when the expression does not match, substitutions
are not available for negated patterns.
case for consistency with other Postfix documentation.
<b>DISCARD</b> <i>optional text...</i>
- Claim successful delivery and silently discard the
- message. Log the optional text if specified, oth-
+ Claim successful delivery and silently discard the
+ message. Log the optional text if specified, oth-
erwise log a generic message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients. To discard only one recip-
ient without discarding the entire message, use the
<a href="transport.5.html">transport(5)</a> table to direct mail to the <a href="discard.8.html">discard(8)</a>
This feature is available in Postfix 2.0 and later.
- <b>DUNNO</b> Pretend that the input line did not match any pat-
- tern, and inspect the next input line. This action
+ <b>DUNNO</b> Pretend that the input line did not match any pat-
+ tern, and inspect the next input line. This action
can be used to shorten the table search.
- For backwards compatibility reasons, Postfix also
- accepts <b>OK</b> but it is (and always has been) treated
+ For backwards compatibility reasons, Postfix also
+ accepts <b>OK</b> but it is (and always has been) treated
as <b>DUNNO</b>.
This feature is available in Postfix 2.1 and later.
<b>FILTER</b> <i>transport:destination</i>
- Write a content filter request to the queue file
- and inspect the next input line. After the com-
- plete message is received it will be sent through
+ Write a content filter request to the queue file,
+ and inspect the next input line. After the com-
+ plete message is received it will be sent through
the specified external content filter. More infor-
- mation about external content filters is in the
+ mation about external content filters is in the
Postfix <a href="FILTER_README.html">FILTER_README</a> file.
- Note: this action overrides the <a href="postconf.5.html"><b>main.cf</a> <a href="postconf.5.html#content_filter">con</a>-</b>
- <b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and affects all recipients of
- the message. In the case that multiple <b>FILTER</b>
- actions fire, only the last one is executed.
+ Note: this action overrides the <b><a href="postconf.5.html#content_filter">content_filter</a></b> set-
+ ting, and affects all recipients of the message. In
+ the case that multiple <b>FILTER</b> actions fire, only
+ the last one is executed.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
- Arrange for the message to be placed on the <b>hold</b>
- queue, and inspect the next input line. The mes-
- sage remains on <b>hold</b> until someone either deletes
- it or releases it for delivery. Log the optional
+ Arrange for the message to be placed on the <b>hold</b>
+ queue, and inspect the next input line. The mes-
+ sage remains on <b>hold</b> until someone either deletes
+ it or releases it for delivery. Log the optional
text if specified, otherwise log a generic message.
- Mail that is placed on hold can be examined with
- the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
+ Mail that is placed on hold can be examined with
+ the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
- Note: use "<b>postsuper -r</b>" to release mail that was
- kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
+ Note: use "<b>postsuper -r</b>" to release mail that was
+ kept
on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
- longer. Use "<b>postsuper -H</b>" only for mail that will
+ longer. Use "<b>postsuper -H</b>" only for mail that will
not expire within a few delivery attempts.
- Note: this action affects all recipients of the
+ Note: this action affects all recipients of the
message.
This feature is available in Postfix 2.0 and later.
- <b>IGNORE</b> Delete the current line from the input and inspect
+ <b>IGNORE</b> Delete the current line from the input, and inspect
the next input line.
<b>PREPEND</b> <i>text...</i>
- Prepend one line with the specified text and
+ Prepend one line with the specified text, and
inspect the next input line.
Notes:
- <b>o</b> The prepended text is output on a separate
+ <b>o</b> The prepended text is output on a separate
line, immediately before the input that
triggered the <b>PREPEND</b> action.
<b>o</b> The prepended text is not considered part of
- the input stream: it is not subject to
+ the input stream: it is not subject to
header/body checks or address rewriting, and
it does not affect the way that Postfix adds
missing message headers.
<b>o</b> When prepending text before a message header
- line, the prepended text must begin with a
+ line, the prepended text must begin with a
valid message header label.
<b>o</b> This action cannot be used to prepend multi-
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
- Write a message redirection request to the queue
- file and inspect the next input line. After the
+ Write a message redirection request to the queue
+ file, and inspect the next input line. After the
message is queued, it will be sent to the specified
address instead of the intended recipient(s).
- Note: this action overrides the <b>FILTER</b> action, and
- affects all recipients of the message. If multiple
- <b>REDIRECT</b> actions fire, only the last one is exe-
+ Note: this action overrides the <b>FILTER</b> action, and
+ affects all recipients of the message. If multiple
+ <b>REDIRECT</b> actions fire, only the last one is exe-
cuted.
This feature is available in Postfix 2.1 and later.
<b>REPLACE</b> <i>text...</i>
- Replace the current line with the specified text
+ Replace the current line with the specified text,
and inspect the next input line.
This feature is available in Postfix 2.2 and later.
- The description below applies to Postfix 2.2.2 and
+ The description below applies to Postfix 2.2.2 and
later.
Notes:
- <b>o</b> When replacing a message header line, the
- replacement text must begin with a valid
+ <b>o</b> When replacing a message header line, the
+ replacement text must begin with a valid
header label.
- <b>o</b> The replaced text remains part of the input
- stream. Unlike the result from the <b>PREPEND</b>
- action, a replaced message header may be
- subject to address rewriting and may affect
- the way that Postfix adds missing message
+ <b>o</b> The replaced text remains part of the input
+ stream. Unlike the result from the <b>PREPEND</b>
+ action, a replaced message header may be
+ subject to address rewriting and may affect
+ the way that Postfix adds missing message
headers.
<b>REJECT</b> <i>optional text...</i>
- Reject the entire message. Reply with <i>optional</i>
+ Reject the entire message. Reply with <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error message.
- Note: this action disables further header or
- <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
+ Note: this action disables further header or
+ <a href="postconf.5.html#body_checks">body_checks</a> inspection of the current message and
affects all recipients.
Postfix version 2.3 and later support enhanced sta-
enhanced status code of "5.7.1".
<b>WARN</b> <i>optional text...</i>
- Log a warning with the <i>optional text...</i> (or log a
- generic message) and inspect the next input line.
+ Log a warning with the <i>optional text...</i> (or log a
+ generic message), and inspect the next input line.
This action is useful for debugging and for testing
a pattern before applying more drastic actions.
<b>BUGS</b>
- Many people overlook the main limitations of header and
- <a href="postconf.5.html#body_checks">body_checks</a> rules. These rules operate on one logical
- message header or one body line at a time, and a decision
- made for one line is not carried over to the next line.
- If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>) then the
- rules have to specified for the encoded form. Likewise,
- when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC 2047</a>) then the rules
- need to be specified for the encoded form.
-
- Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
+ Many people overlook the main limitations of header and
+ <a href="postconf.5.html#body_checks">body_checks</a> rules.
+
+ <b>o</b> These rules operate on one logical message header
+ or one body line at a time. A decision made for one
+ line is not carried over to the next line.
+
+ <b>o</b> If text in the message body is encoded (<a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a>)
+ then the rules have to specified for the encoded
+ form.
+
+ <b>o</b> Likewise, when message headers are encoded (<a href="http://www.faqs.org/rfcs/rfc2047.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2047.html">2047</a>) then the rules need to be specified for the
+ encoded form.
+
+ Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are
excluded from inspection. Examples of such message headers
are <b>From:</b>, <b>To:</b>, <b>Message-ID:</b>, <b>Date:</b>.
- Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
+ Message headers deleted by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon will be
examined before they are deleted. Examples are: <b>Bcc:, Con-</b>
<b>tent-Length:</b>, <b>Return-Path:</b>.
<b><a href="postconf.5.html#body_checks">body_checks</a></b>
Lookup tables with content filter rules for message
body lines. These filters see one physical line at
- a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
+ a
time, in chunks of at most <b>$<a href="postconf.5.html#line_length_limit">line_length_limit</a></b>
bytes.
<b><a href="postconf.5.html#body_checks_size_limit">body_checks_size_limit</a></b>
- The amount of content per message body segment
+ The amount of content per message body segment
(attachment) that is subjected to <b>$<a href="postconf.5.html#body_checks">body_checks</a></b> fil-
tering.
<b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b> (default: <b>$<a href="postconf.5.html#header_checks">header_checks</a></b>)
Lookup tables with content filter rules for message
- header lines: respectively, these are applied to
- the initial message headers (not including MIME
- headers), to the MIME headers anywhere in the mes-
- sage, and to the initial headers of attached mes-
+ header lines: respectively, these are applied to
+ the initial message headers (not including MIME
+ headers), to the MIME headers anywhere in the mes-
+ sage, and to the initial headers of attached mes-
sages.
- Note: these filters see one logical message header
- at a time, even when a message header spans multi-
- ple lines. Message headers that are longer than
+ Note: these filters see one logical message header
+ at a time, even when a message header spans multi-
+ ple lines. Message headers that are longer than
<b>$<a href="postconf.5.html#header_size_limit">header_size_limit</a></b> characters are truncated.
<b><a href="postconf.5.html#disable_mime_input_processing">disable_mime_input_processing</a></b>
- While receiving mail, give no special treatment to
- MIME related message headers; all text after the
+ While receiving mail, give no special treatment to
+ MIME related message headers; all text after the
initial message headers is considered to be part of
- the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
- applied to all the initial message headers, and
+ the message body. This means that <b><a href="postconf.5.html#header_checks">header_checks</a></b> is
+ applied to all the initial message headers, and
that <b><a href="postconf.5.html#body_checks">body_checks</a></b> is applied to the remainder of the
message.
- Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
- process a multi-line message header one line at a
+ Note: when used in this manner, <b><a href="postconf.5.html#body_checks">body_checks</a></b> will
+ process a multi-line message header one line at a
time.
<b>EXAMPLES</b>
- Header pattern to block attachments with bad file name
+ Header pattern to block attachments with bad file name
extensions.
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="BACKSCATTER_README.html">BACKSCATTER_README</a>, blocking returned forged mail
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
<li> <a href="DEBUG_README.html"> Debugging strategies </a>
-<li> Error messages (*)
-
</ul>
<p><strong>Content inspection </strong></p>
<ul>
-<li> qmail/ezmlm support (*)
-
<li> <a href="VERP_README.html"> VERP Support </a>
</ul>
<li> <a href="NFS_README.html"> NFS issues </a>
-<li> <a href="ULTRIX_README.html"> Ultrix support </a>
-
</ul>
<p><strong> Other mail delivery agents </strong></p>
<ul>
-<li> Cyrus (*)
-
<li> <a href="MAILDROP_README.html"> Maildrop </a>
-<li> LMTP (*)
-
</ul>
<p><strong> Other topics </strong></p>
</td>
-<tr> <td colspan="3"> <font size="-1"> (*) These documents will be
-made available via <a href="http://www.postfix.org/">
-http://www.postfix.org/</a> and mirror sites. </font> </td> </tr>
-
</table>
</body>
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (RFC
- 2253) quoted local part of the address.
+ user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (RFC
- 2253) quoted domain part of the address.
+ user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2253.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2253.html">2253</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
key does not add unexpected metacharacters.
<b>%u</b> When the input key is an address of the form
- user@domain, <b>%u</b> is replaced by the (RFC
- 2254) quoted local part of the address.
+ user@domain, <b>%u</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted local part of the address.
Otherwise, <b>%u</b> is replaced by the entire
search string. If the localpart is empty,
the search is suppressed and returns no
results.
<b>%d</b> When the input key is an address of the form
- user@domain, <b>%d</b> is replaced by the (RFC
- 2254) quoted domain part of the address.
+ user@domain, <b>%d</b> is replaced by the (<a href="http://www.faqs.org/rfcs/rfc2254.html">RFC</a>
+ <a href="http://www.faqs.org/rfcs/rfc2254.html">2254</a>) quoted domain part of the address.
Otherwise, the search is suppressed and
returns no results.
is <b>example</b> and %3 is <b>mail</b>. If the input key
is unqualified or does not have enough
domain components to satisfy all the speci-
- fied patterns, the saerch is suppressed and
+ fied patterns, the search is suppressed and
returns no results.
The above %1, ..., %9 expansions are avail-
+++ /dev/null
-smtp.8.html
\ No newline at end of file
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - smtp(8) </title>
+</head> <body> <pre>
+SMTP(8) SMTP(8)
+
+<b>NAME</b>
+ smtp - Postfix SMTP+LMTP client
+
+<b>SYNOPSIS</b>
+ <b>smtp</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The Postfix SMTP+LMTP client implements the SMTP and LMTP
+ mail delivery protocols. It processes message delivery
+ requests from the queue manager. Each request specifies a
+ queue file, a sender address, a domain or host to deliver
+ to, and recipient information. This program expects to be
+ run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The SMTP+LMTP client updates the queue file and marks
+ recipients as finished, or it informs the queue manager
+ that delivery should be tried again at a later time.
+ Delivery status reports are sent to the <a href="bounce.8.html"><b>bounce</b>(8)</a>,
+ <a href="defer.8.html"><b>defer</b>(8)</a> or <a href="trace.8.html"><b>trace</b>(8)</a> daemon as appropriate.
+
+ The SMTP+LMTP client looks up a list of mail exchanger
+ addresses for the destination host, sorts the list by
+ preference, and connects to each listed address until it
+ finds a server that responds.
+
+ When a server is not reachable, or when mail delivery
+ fails due to a recoverable error condition, the SMTP+LMTP
+ client will try to deliver the mail to an alternate host.
+
+ After a successful mail transaction, a connection may be
+ saved to the <a href="scache.8.html"><b>scache</b>(8)</a> connection cache server, so that it
+ may be used by any SMTP+LMTP client for a subsequent
+ transaction.
+
+ By default, connection caching is enabled temporarily for
+ destinations that have a high volume of mail in the active
+ queue. Connection caching can be enabled permanently for
+ specific destinations.
+
+<b>SMTP DESTINATION SYNTAX</b>
+ SMTP destinations have the following form:
+
+ <i>domainname</i>
+
+ <i>domainname</i>:<i>port</i>
+ Look up the mail exchangers for the specified
+ domain, and connect to the specified port (default:
+ <b>smtp</b>).
+
+ [<i>hostname</i>]
+
+ [<i>hostname</i>]:<i>port</i>
+ Look up the address(es) of the specified host, and
+ connect to the specified port (default: <b>smtp</b>).
+
+ [<i>address</i>]
+
+ [<i>address</i>]:<i>port</i>
+ Connect to the host at the specified address, and
+ connect to the specified port (default: <b>smtp</b>). An
+ IPv6 address must be formatted as [<b>ipv6</b>:<i>address</i>].
+
+<b>LMTP DESTINATION SYNTAX</b>
+ LMTP destinations have the following form:
+
+ <b>unix</b>:<i>pathname</i>
+ Connect to the local UNIX-domain server that is
+ bound to the specified <i>pathname</i>. If the process
+ runs chrooted, an absolute pathname is interpreted
+ relative to the Postfix queue directory.
+
+ <b>inet</b>:<i>hostname</i>
+
+ <b>inet:</b><i>hostname</i>:<i>port</i>
+
+ <b>inet</b>:[<i>address</i>]
+
+ <b>inet</b>:[<i>address</i>]:<i>port</i>
+ Connect to the specified TCP port on the specified
+ local or remote host. If no port is specified, con-
+ nect to the port defined as <b>lmtp</b> in <b>services</b>(4).
+ If no such service is found, the <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a></b> con-
+ figuration parameter (default value of 24) will be
+ used. An IPv6 address must be formatted as
+ [<b>ipv6</b>:<i>address</i>].
+
+<b>SECURITY</b>
+ The SMTP+LMTP client is moderately security-sensitive. It
+ talks to SMTP or LMTP servers and to DNS servers on the
+ network. The SMTP+LMTP client can be run chrooted at fixed
+ low privilege.
+
+<b>STANDARDS</b>
+ <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
+ <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
+ <a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
+ <a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
+ <a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
+ <a href="http://www.faqs.org/rfcs/rfc2034.html">RFC 2034</a> (SMTP Enhanced Error Codes)
+ <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (MIME: Format of Internet Message Bodies)
+ <a href="http://www.faqs.org/rfcs/rfc2046.html">RFC 2046</a> (MIME: Media Types)
+ <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
+ <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> (SMTP protocol)
+ <a href="http://www.faqs.org/rfcs/rfc2920.html">RFC 2920</a> (SMTP Pipelining)
+ <a href="http://www.faqs.org/rfcs/rfc3207.html">RFC 3207</a> (STARTTLS command)
+ <a href="http://www.faqs.org/rfcs/rfc3461.html">RFC 3461</a> (SMTP DSN Extension)
+ <a href="http://www.faqs.org/rfcs/rfc3463.html">RFC 3463</a> (Enhanced Status Codes)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8). Cor-
+ rupted message files are marked so that the queue manager
+ can move them to the <b>corrupt</b> queue for further inspection.
+
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter,
+ the postmaster is notified of bounces, protocol problems,
+ and of other trouble.
+
+<b>BUGS</b>
+ SMTP and LMTP connection caching does not work with TLS.
+ The necessary support for TLS object passivation and re-
+ activation does not exist without closing the session,
+ which defeats the purpose.
+
+ SMTP and LMTP connection caching assumes that SASL creden-
+ tials are valid for all destinations that map onto the
+ same IP address and TCP port.
+
+<b>CONFIGURATION PARAMETERS</b>
+ Before Postfix version 2.3, the LMTP client is a separate
+ program that implements only a subset of the functionality
+ available with SMTP: there is no support for TLS, and con-
+ nections are cached in-process, making it ineffective when
+ the client is used for multiple domains.
+
+ Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i>
+ "mirror" parameter for the equivalent LMTP feature. This
+ document describes only those LMTP-related parameters that
+ aren't simply "mirror" parameters.
+
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ processes run for only a limited amount of time. Use the
+ command "<b>postfix reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See
+ <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+
+<b>COMPATIBILITY CONTROLS</b>
+ <b><a href="postconf.5.html#ignore_mx_lookup_error">ignore_mx_lookup_error</a> (no)</b>
+ Ignore DNS MX lookups that produce no response.
+
+ <b><a href="postconf.5.html#smtp_always_send_ehlo">smtp_always_send_ehlo</a> (yes)</b>
+ Always send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_never_send_ehlo">smtp_never_send_ehlo</a> (no)</b>
+ Never send EHLO at the start of an SMTP session.
+
+ <b><a href="postconf.5.html#smtp_defer_if_no_mx_address_found">smtp_defer_if_no_mx_address_found</a> (no)</b>
+ Defer mail delivery when no MX record resolves to
+ an IP address.
+
+ <b><a href="postconf.5.html#smtp_line_length_limit">smtp_line_length_limit</a> (990)</b>
+ The maximal length of message header and body lines
+ that Postfix will send via SMTP.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
+ How long the Postfix SMTP client pauses before
+ sending ".<CR><LF>" in order to work around the PIX
+ firewall "<CR><LF>.<CR><LF>" bug.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
+ How long a message must be queued before the Post-
+ fix SMTP client turns on the PIX firewall
+ "<CR><LF>.<CR><LF>" bug workaround for delivery
+ through firewalls with "smtp fixup" mode turned on.
+
+ <b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
+ A list that specifies zero or more workarounds for
+ CISCO PIX firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server
+ address, with per-destination workarounds for CISCO
+ PIX firewall bugs.
+
+ <b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
+ Quote addresses in SMTP MAIL FROM and RCPT TO com-
+ mands as required by <a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a>.
+
+ <b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
+ Skip SMTP servers that greet with a 5XX status code
+ (go away, do not try again later).
+
+ <b><a href="postconf.5.html#smtp_skip_quit_response">smtp_skip_quit_response</a> (yes)</b>
+ Do not wait for the response to the SMTP QUIT com-
+ mand.
+
+ Available in Postfix version 2.0 and earlier:
+
+ <b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
+ Skip SMTP servers that greet with a 4XX status code
+ (go away, try again later).
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote SMTP server
+ address, with case insensitive lists of EHLO key-
+ words (pipelining, starttls, auth, etc.) that the
+ Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
+ A case insensitive list of EHLO keywords (pipelin-
+ ing, starttls, auth, etc.) that the Postfix SMTP
+ client will ignore in the EHLO response from a
+ remote SMTP server.
+
+ <b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
+ Optional lookup tables that perform address rewrit-
+ ing in the SMTP client, typically to transform a
+ locally valid address into a globally valid address
+ when sending mail across the Internet.
+
+ Available in Postfix version 2.2.9 and later:
+
+ <b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
+ Allow DNS CNAME records to override the servername
+ that the Postfix SMTP client uses for logging, SASL
+ password lookup, TLS policy decisions, or TLS cer-
+ tificate verification.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
+ Lookup tables, indexed by the remote LMTP server
+ address, with case insensitive lists of LHLO key-
+ words (pipelining, starttls, auth, etc.) that the
+ LMTP client will ignore in the LHLO response from a
+ remote LMTP server.
+
+ <b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
+ A case insensitive list of LHLO keywords (pipelin-
+ ing, starttls, auth, etc.) that the LMTP client
+ will ignore in the LHLO response from a remote LMTP
+ server.
+
+<b>MIME PROCESSING CONTROLS</b>
+ Available in Postfix version 2.0 and later:
+
+ <b><a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a> (no)</b>
+ Disable the conversion of 8BITMIME format to 7BIT
+ format.
+
+ <b><a href="postconf.5.html#mime_boundary_length_limit">mime_boundary_length_limit</a> (2048)</b>
+ The maximal length of MIME multipart boundary
+ strings.
+
+ <b><a href="postconf.5.html#mime_nesting_limit">mime_nesting_limit</a> (100)</b>
+ The maximal recursion level that the MIME processor
+ will handle.
+
+<b>EXTERNAL CONTENT INSPECTION CONTROLS</b>
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
+ Send the non-standard XFORWARD command when the
+ Postfix SMTP server EHLO response announces XFOR-
+ WARD support.
+
+<b>SASL AUTHENTICATION CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_sasl_auth_enable">smtp_sasl_auth_enable</a> (no)</b>
+ Enable SASL authentication in the Postfix SMTP
+ client.
+
+ <b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
+ Optional SMTP client lookup tables with one user-
+ name:password entry per remote hostname or domain,
+ or sender address when sender-dependent authentica-
+ tion is enabled.
+
+ <b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
+ SASL security options; as of Postfix 2.3 the list
+ of available features depends on the SASL client
+ implementation that is selected with
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
+ If non-empty, a Postfix SMTP client filter for the
+ remote SMTP server's list of offered SASL mecha-
+ nisms.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
+ Enable sender-dependent authentication in the Post-
+ fix SMTP client; this is available only with SASL
+ authentication, and disables SMTP connection
+ caching to ensure that mail from different senders
+ will use the appropriate credentials.
+
+ <b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
+ Implementation-specific information that is passed
+ through to the SASL plug-in implementation that is
+ selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
+
+ <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
+ The SASL plug-in type that the Postfix SMTP client
+ should use for authentication.
+
+<b>STARTTLS SUPPORT CONTROLS</b>
+ Detailed information about STARTTLS configuration may be
+ found in the <a href="TLS_README.html">TLS_README</a> document.
+
+ <b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
+ The default SMTP TLS security level for the Postfix
+ SMTP client; when a non-empty value is specified,
+ this overrides the obsolete parameters
+ <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
+ <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
+ <b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
+ sessions.
+
+ <b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
+ shake procedures.
+
+ <b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
+ certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
+ verify a remote SMTP server certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
+ File with the Postfix SMTP client RSA certificate
+ in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP
+ client will use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
+ List of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at all TLS security
+ levels.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
+ Additional list of ciphers or cipher types to
+ exclude from the SMTP client cipher list at manda-
+ tory TLS security levels.
+
+ <b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
+ File with the Postfix SMTP client DSA certificate
+ in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
+ File with the Postfix SMTP client DSA private key
+ in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
+ File with the Postfix SMTP client RSA private key
+ in PEM format.
+
+ <b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
+ Enable additional Postfix SMTP client logging of
+ TLS activity.
+
+ <b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
+ for that server.
+
+ <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client
+ TLS security policy by next-hop destination; when a
+ non-empty value is specified, this overrides the
+ obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
+
+ <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
+ List of TLS protocols that the Postfix SMTP client
+ will use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
+ The verification depth for remote SMTP server cer-
+ tificates.
+
+ <b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
+ The server certificate peername verification method
+ for the "secure" TLS security level.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
+ Name of the file containing the optional Postfix
+ SMTP client TLS session cache.
+
+ <b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
+ The expiration time of Postfix SMTP client TLS ses-
+ sion cache information.
+
+ <b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
+ The server certificate peername verification method
+ for the "verify" TLS security level.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ server in order to seed its internal pseudo random
+ number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
+ <b>(ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)</b>
+ The OpenSSL cipherlist for "HIGH" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)</b>
+ The OpenSSL cipherlist for "MEDIUM" or higher grade
+ ciphers.
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (ALL:!EXPORT:+RC4:@STRENGTH)</b>
+ The OpenSSL cipherlist for "LOW" or higher grade
+ ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
+ The OpenSSL cipherlist for "EXPORT" or higher grade
+ ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers
+ that provide authentication without encryption.
+
+ Available in Postfix version 2.4 and later:
+
+ <b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
+ <b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
+ sessions with a verified server certificate.
+
+<b>OBSOLETE STARTTLS CONTROLS</b>
+ The following configuration parameters exist for compati-
+ bility with Postfix versions before 2.3. Support for these
+ will be removed in a future release.
+
+ <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
+ Opportunistic mode: use TLS when a remote SMTP
+ server announces STARTTLS support, otherwise send
+ the mail in the clear.
+
+ <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
+ Enforcement mode: require that remote SMTP servers
+ use TLS encryption, and never send mail in the
+ clear.
+
+ <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
+ With mandatory TLS encryption, require that the
+ remote SMTP server hostname matches the information
+ in the remote SMTP server certificate.
+
+ <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
+ Optional lookup tables with the Postfix SMTP client
+ TLS usage policy by next-hop destination and by
+ remote SMTP server hostname.
+
+ <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix < 2.3 control for the Postfix SMTP
+ client TLS cipher list.
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
+ transport.
+
+ <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
+ <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
+ The maximal number of recipients per delivery via
+ the smtp message delivery transport.
+
+ <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
+ The SMTP client time limit for completing a TCP
+ connection, or zero (use the operating system
+ built-in time limit).
+
+ <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
+ response.
+
+ <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
+ The LMTP client time limit for sending the LHLO
+ command, and for receiving the initial server
+ response.
+
+ <b><a href="postconf.5.html#smtp_xforward_timeout">smtp_xforward_timeout</a> (300s)</b>
+ The SMTP client time limit for sending the XFORWARD
+ command, and for receiving the server response.
+
+ <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
+ response.
+
+ <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
+ response.
+
+ <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
+ response.
+
+ <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
+ The SMTP client time limit for sending the SMTP
+ message content.
+
+ <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
+ The SMTP client time limit for sending the SMTP
+ ".", and for receiving the server response.
+
+ <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
+ The SMTP client time limit for sending the QUIT
+ command, and for receiving the server response.
+
+ Available in Postfix version 2.1 and later:
+
+ <b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
+ The maximal number of MX (mail exchanger) IP
+ addresses that can result from mail exchanger
+ lookups, or zero (no limit).
+
+ <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
+ back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
+
+ <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
+ The SMTP client time limit for sending the RSET
+ command, and for receiving the server response.
+
+ Available in Postfix version 2.2 and earlier:
+
+ <b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
+ Keep Postfix LMTP client connections open for up to
+ $<a href="postconf.5.html#max_idle">max_idle</a> seconds.
+
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
+ Permanently enable SMTP connection caching for the
+ specified destinations.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
+ Temporarily enable SMTP connection caching while a
+ destination has a high volume of mail in the active
+ queue.
+
+ <b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
+ The amount of time during which Postfix will use an
+ SMTP connection repeatedly.
+
+ <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
+ When SMTP connection caching is enabled, the amount
+ of time that an unused SMTP client socket is kept
+ open before it is closed.
+
+ Available in Postfix version 2.3 and later:
+
+ <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
+ Time limit for connection cache connect, send or
+ receive operations.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
+ <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
+ in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+ <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
+ resource, software or protocol errors.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the
+ postmaster.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
+ Where the Postfix SMTP client should deliver mail
+ when it detects a "mail loops back to myself" error
+ condition.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
+ built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
+ The maximal number of digits after the decimal
+ point when logging sub-second delay values.
+
+ <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
+ Disable DNS lookups in the Postfix SMTP and LMTP
+ clients.
+
+ <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
+ The network interface addresses that this mail sys-
+ tem receives mail on.
+
+ <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
+ The Internet protocols Postfix will attempt to use
+ when making or accepting connections.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information
+ over an internal communication channel.
+
+ <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
+ The default TCP port that the Postfix LMTP client
+ connects to.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
+ The network interface addresses that this mail sys-
+ tem receives mail on by way of a proxy or network
+ address translation unit.
+
+ <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
+ IPv4 connection.
+
+ <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
+ IPv6 connection.
+
+ <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the SMTP EHLO or HELO com-
+ mand.
+
+ <b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
+ The hostname to send in the LMTP LHLO command.
+
+ <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
+ What mechanisms when the Postfix SMTP client uses
+ to look up a host's IP address.
+
+ <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
+ Randomize the order of equal-preference MX host
+ addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
+ becomes, for example, "postfix/smtpd".
+
+ Available with Postfix 2.2 and earlier:
+
+ <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
+ Optional list of relay hosts for SMTP destinations
+ that can't be found or that are unreachable.
+
+ Available with Postfix 2.3 and later:
+
+ <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
+ Optional list of relay hosts for SMTP destinations
+ that can't be found or that are unreachable.
+
+<b>SEE ALSO</b>
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="bounce.8.html">bounce(8)</a>, delivery status reports
+ <a href="scache.8.html">scache(8)</a>, connection cache server
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ <a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ syslogd(8), system logging
+
+<b>README FILES</b>
+ <a href="SASL_README.html">SASL_README</a>, Postfix SASL howto
+ <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ Command pipelining in cooperation with:
+ Jon Ribbens
+ Oaktree Internet Solutions Ltd.,
+ Internet House,
+ Canal Basin,
+ Coventry,
+ CV1 4LY, United Kingdom.
+
+ SASL support originally by:
+ Till Franke
+ SuSE Rhein/Main AG
+ 65760 Eschborn, Germany
+
+ Connection caching in cooperation with:
+ Victor Duchovni
+ Morgan Stanley
+
+ TLS support originally by:
+ Lutz Jaenicke
+ BTU Cottbus
+ Allgemeine Elektrotechnik
+ Universitaetsplatz 3-4
+ D-03044 Cottbus, Germany
+
+ SMTP(8)
+</pre> </body> </html>
+++ /dev/null
-sendmail.1.html
\ No newline at end of file
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - sendmail(1) </title>
+</head> <body> <pre>
+SENDMAIL(1) SENDMAIL(1)
+
+<b>NAME</b>
+ sendmail - Postfix to Sendmail compatibility interface
+
+<b>SYNOPSIS</b>
+ <b>sendmail</b> [<i>option ...</i>] [<i>recipient ...</i>]
+
+ <b>mailq</b>
+ <b>sendmail -bp</b>
+
+ <b>newaliases</b>
+ <b>sendmail -I</b>
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to
+ Sendmail compatibility interface. For the sake of compat-
+ ibility with existing applications, some Sendmail command-
+ line options are recognized but silently ignored.
+
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from stan-
+ dard input until EOF or until it reads a line with only a
+ <b>.</b> character, and arranges for delivery. Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command to create a
+ queue file in the <b>maildrop</b> directory.
+
+ Specific command aliases are provided for other common
+ modes of operation:
+
+ <b>mailq</b> List the mail queue. Each entry shows the queue
+ file ID, message size, arrival time, sender, and
+ the recipients that still need to be delivered. If
+ mail could not be delivered upon the last attempt,
+ the reason for failure is shown. This mode of oper-
+ ation is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a>
+ command.
+
+ <b>newaliases</b>
+ Initialize the alias database. If no input file is
+ specified (with the <b>-oA</b> option, see below), the
+ program processes the file(s) specified with the
+ <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parameter. If no
+ alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b>
+ configuration parameter. This mode of operation is
+ implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias
+ database update becomes visible. Use the "<b>postfix</b>
+ <b>reload</b>" command to eliminate this delay.
+
+ These and other features can be selected by specifying the
+ appropriate combination of command-line options. Some fea-
+ tures are controlled by parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
+ ration file.
+
+ The following options are recognized:
+
+ <b>-Am</b> (ignored)
+
+ <b>-Ac</b> (ignored)
+ Postfix sendmail uses the same configuration file
+ regardless of whether or not a message is an ini-
+ tial submission.
+
+ <b>-B</b> <i>body</i><b>_</b><i>type</i>
+ The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
+
+ <b>-bd</b> Go into daemon mode. This mode of operation is
+ implemented by executing the "<b>postfix start</b>" com-
+ mand.
+
+ <b>-bh</b> (ignored)
+
+ <b>-bH</b> (ignored)
+ Postfix has no persistent host status database.
+
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
+ mand above.
+
+ <b>-bm</b> Read mail from standard input and arrange for
+ delivery. This is the default mode of operation.
+
+ <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
+
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
+ from standard input, and write responses to stan-
+ dard output. In stand-alone SMTP server mode, mail
+ relaying and other access controls are disabled by
+ default. To enable them, run the process as the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
+
+ This mode of operation is implemented by running
+ the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+
+ <b>-bv</b> Do not collect or deliver a message. Instead, send
+ an email report after verifying each recipient
+ address. This is useful for testing address
+ rewriting and routing configurations.
+
+ This feature is available in Postfix version 2.1
+ and later.
+
+ <b>-C</b> <i>config</i><b>_</b><i>file</i>
+
+ <b>-C</b> <i>config</i><b>_</b><i>dir</i>
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of
+ its parent directory. This information is ignored
+ with Postfix versions before 2.3.
+
+ With all Postfix versions, you can specify a direc-
+ tory pathname with the MAIL_CONFIG environment
+ variable to override the location of configuration
+ files.
+
+ <b>-F</b> <i>full</i><b>_</b><i>name</i>
+ Set the sender full name. This overrides the NAME
+ environment variable, and is used only with mes-
+ sages that have no <b>From:</b> message header.
+
+ <b>-f</b> <i>sender</i>
+ Set the envelope sender address. This is the
+ address where delivery problems are sent to. With
+ Postfix versions before 2.1, the <b>Errors-To:</b> message
+ header overrides the error return address.
+
+ <b>-G</b> Gateway (relay) submission, as opposed to initial
+ user submission. Either do not rewrite addresses
+ at all, or update incomplete addresses with the
+ domain information specified with <b>remote_header_re-</b>
+ <b>write_domain</b>.
+
+ This option is ignored before Postfix version 2.3.
+
+ <b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configura-
+ tion parameter instead.
+
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
+ mand above.
+
+ <b>-i</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
+ input.
+
+ <b>-L</b> <i>label</i> (ignored)
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configura-
+ tion parameter instead.
+
+ <b>-m</b> (ignored)
+ Backwards compatibility.
+
+ <b>-N</b> <i>dsn</i> (default: 'delay, failure')
+ Delivery status notification control. Specify
+ either a comma-separated list with one or more of
+ <b>failure</b> (send notification when delivery fails),
+ <b>delay</b> (send notification when delivery is delayed),
+ or <b>success</b> (send notification when the message is
+ delivered); or specify <b>never</b> (don't send any noti-
+ fications at all).
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-n</b> (ignored)
+ Backwards compatibility.
+
+ <b>-oA</b><i>alias</i><b>_</b><i>database</i>
+ Non-default alias database. Specify <i>pathname</i> or
+ <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+
+ <b>-O</b> <i>option=value</i> (ignored)
+ Backwards compatibility.
+
+ <b>-o7</b> (ignored)
+
+ <b>-o8</b> (ignored)
+ To send 8-bit or binary content, use an appropriate
+ MIME encapsulation and specify the appropriate <b>-B</b>
+ command-line option.
+
+ <b>-oi</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
+ input.
+
+ <b>-om</b> (ignored)
+ The sender is never eliminated from alias etc.
+ expansions.
+
+ <b>-o</b> <i>x value</i> (ignored)
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
+ ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-r</b> <i>sender</i>
+ Set the envelope sender address. This is the
+ address where delivery problems are sent to. With
+ Postfix versions before 2.1, the <b>Errors-To:</b> message
+ header overrides the error return address.
+
+ <b>-R</b> <i>return</i><b>_</b><i>limit</i> (ignored)
+ Limit the size of bounced mail. Use the
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b> configuration parameter instead.
+
+ <b>-q</b> Attempt to deliver all queued mail. This is imple-
+ mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ Warning: flushing undeliverable mail frequently
+ will result in poor delivery performance of all
+ other mail.
+
+ <b>-q</b><i>interval</i> (ignored)
+ The interval between queue runs. Use the
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
+
+ <b>-qI</b><i>queueid</i>
+ Schedule immediate delivery of mail with the speci-
+ fied queue ID. This option is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
+ with Postfix version 2.4 and later.
+
+ <b>-qR</b><i>site</i>
+ Schedule immediate delivery of all mail that is
+ queued for the named <i>site</i>. This option accepts only
+ <i>site</i> names that are eligible for the "fast flush"
+ service, and is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
+ mation about the "fast flush" service.
+
+ <b>-qS</b><i>site</i>
+ This command is not implemented. Use the slower
+ "<b>sendmail -q</b>" command instead.
+
+ <b>-t</b> Extract recipients from message headers. These are
+ added to any recipients specified on the command
+ line.
+
+ With Postfix versions prior to 2.1, this option
+ requires that no recipient addresses are specified
+ on the command line.
+
+ <b>-U</b> (ignored)
+ Initial user submission.
+
+ <b>-V</b> <i>envid</i>
+ Specify the envelope ID for notification by servers
+ that support DSN.
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
+ Variable Envelope Return Path. Given an envelope
+ sender address of the form <i>owner-listname</i>@<i>origin</i>,
+ each recipient <i>user</i>@<i>domain</i> receives mail with a
+ personalized envelope sender address.
+
+ By default, the personalized envelope sender
+ address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
+ default <b>+</b> and <b>=</b> characters are configurable with
+ the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration parame-
+ ter.
+
+ <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter
+ characters, instead of the characters specified
+ with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
+ parameter.
+
+ <b>-v</b> Send an email report of the first delivery attempt
+ (Postfix versions 2.1 and later). Mail delivery
+ always happens in the background. When multiple <b>-v</b>
+ options are given, enable verbose logging for
+ debugging purposes.
+
+ <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters instead.
+
+<b>SECURITY</b>
+ By design, this program is not set-user (or group) id.
+ However, it must handle data from untrusted, possibly
+ remote, users. Thus, the usual precautions need to be
+ taken against malicious inputs.
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b> (value does not matter)
+ Enable verbose logging for debugging purposes.
+
+ <b>MAIL_DEBUG</b> (value does not matter)
+ Enable debugging with an external command, as spec-
+ ified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
+ parameter.
+
+ <b>NAME</b> The sender full name. This is used only with mes-
+ sages that have no <b>From:</b> message header. See also
+ the <b>-F</b> option above.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ to this program. The text below provides only a parameter
+ summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
+ ples.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble
+ shoot a Postfix system.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix dae-
+ mon program is invoked with the -D option.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
+ <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
+ in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+<b>ACCESS CONTROLS</b>
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (static:anyone)</b>
+ List of users who are authorized to flush the
+ queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (static:anyone)</b>
+ List of users who are authorized to view the queue.
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (static:anyone)</b>
+ List of users who are authorized to submit mail
+ with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
+ leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is
+ sent in a non-delivery notification.
+
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child
+ process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child
+ process.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers
+ that is allowed in the primary message headers.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
+ manager.
+
+<b>FAST FLUSH CONTROLS</b>
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
+ details for the Postfix "fast flush" service.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for
+ per-destination logfiles with mail that is queued
+ to those destinations.
+
+<b>VERP CONTROLS</b>
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
+ details of Postfix support for variable envelope return
+ path addresses.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter
+ characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+ and in SMTP commands.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
+ updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative com-
+ mands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and
+ daemon programs.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives the mes-
+ sage headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
+ Report mail delivery errors to the address speci-
+ fied with the non-standard Errors-To: message
+ header, instead of the envelope sender address
+ (this feature is removed with Postfix version 2.2,
+ is turned off by default with Postfix version 2.1,
+ and is always turned on with older Postfix ver-
+ sions).
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue
+ and most Postfix daemon processes.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue direc-
+ tory.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients
+ at all when this parameter is empty; otherwise, re-
+ write message headers and append the specified
+ domain name to incomplete addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
+ becomes, for example, "postfix/smtpd".
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+ /etc/postfix, configuration files
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, mail pickup daemon
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="postsuper.1.html">postsuper(1)</a>, queue maintenance
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, mail system control
+ <a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ SENDMAIL(1)
+</pre> </body> </html>
+++ /dev/null
-sendmail.1.html
\ No newline at end of file
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - sendmail(1) </title>
+</head> <body> <pre>
+SENDMAIL(1) SENDMAIL(1)
+
+<b>NAME</b>
+ sendmail - Postfix to Sendmail compatibility interface
+
+<b>SYNOPSIS</b>
+ <b>sendmail</b> [<i>option ...</i>] [<i>recipient ...</i>]
+
+ <b>mailq</b>
+ <b>sendmail -bp</b>
+
+ <b>newaliases</b>
+ <b>sendmail -I</b>
+
+<b>DESCRIPTION</b>
+ The Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command implements the Postfix to
+ Sendmail compatibility interface. For the sake of compat-
+ ibility with existing applications, some Sendmail command-
+ line options are recognized but silently ignored.
+
+ By default, Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> reads a message from stan-
+ dard input until EOF or until it reads a line with only a
+ <b>.</b> character, and arranges for delivery. Postfix <a href="sendmail.1.html"><b>send-</b></a>
+ <a href="sendmail.1.html"><b>mail</b>(1)</a> relies on the <a href="postdrop.1.html"><b>postdrop</b>(1)</a> command to create a
+ queue file in the <b>maildrop</b> directory.
+
+ Specific command aliases are provided for other common
+ modes of operation:
+
+ <b>mailq</b> List the mail queue. Each entry shows the queue
+ file ID, message size, arrival time, sender, and
+ the recipients that still need to be delivered. If
+ mail could not be delivered upon the last attempt,
+ the reason for failure is shown. This mode of oper-
+ ation is implemented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a>
+ command.
+
+ <b>newaliases</b>
+ Initialize the alias database. If no input file is
+ specified (with the <b>-oA</b> option, see below), the
+ program processes the file(s) specified with the
+ <b><a href="postconf.5.html#alias_database">alias_database</a></b> configuration parameter. If no
+ alias database type is specified, the program uses
+ the type specified with the <b><a href="postconf.5.html#default_database_type">default_database_type</a></b>
+ configuration parameter. This mode of operation is
+ implemented by running the <a href="postalias.1.html"><b>postalias</b>(1)</a> command.
+
+ Note: it may take a minute or so before an alias
+ database update becomes visible. Use the "<b>postfix</b>
+ <b>reload</b>" command to eliminate this delay.
+
+ These and other features can be selected by specifying the
+ appropriate combination of command-line options. Some fea-
+ tures are controlled by parameters in the <a href="postconf.5.html"><b>main.cf</b></a> configu-
+ ration file.
+
+ The following options are recognized:
+
+ <b>-Am</b> (ignored)
+
+ <b>-Ac</b> (ignored)
+ Postfix sendmail uses the same configuration file
+ regardless of whether or not a message is an ini-
+ tial submission.
+
+ <b>-B</b> <i>body</i><b>_</b><i>type</i>
+ The message body MIME type: <b>7BIT</b> or <b>8BITMIME</b>.
+
+ <b>-bd</b> Go into daemon mode. This mode of operation is
+ implemented by executing the "<b>postfix start</b>" com-
+ mand.
+
+ <b>-bh</b> (ignored)
+
+ <b>-bH</b> (ignored)
+ Postfix has no persistent host status database.
+
+ <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
+ mand above.
+
+ <b>-bm</b> Read mail from standard input and arrange for
+ delivery. This is the default mode of operation.
+
+ <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
+
+ <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
+ from standard input, and write responses to stan-
+ dard output. In stand-alone SMTP server mode, mail
+ relaying and other access controls are disabled by
+ default. To enable them, run the process as the
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a></b> user.
+
+ This mode of operation is implemented by running
+ the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
+
+ <b>-bv</b> Do not collect or deliver a message. Instead, send
+ an email report after verifying each recipient
+ address. This is useful for testing address
+ rewriting and routing configurations.
+
+ This feature is available in Postfix version 2.1
+ and later.
+
+ <b>-C</b> <i>config</i><b>_</b><i>file</i>
+
+ <b>-C</b> <i>config</i><b>_</b><i>dir</i>
+ The path name of the Postfix <a href="postconf.5.html"><b>main.cf</b></a> file, or of
+ its parent directory. This information is ignored
+ with Postfix versions before 2.3.
+
+ With all Postfix versions, you can specify a direc-
+ tory pathname with the MAIL_CONFIG environment
+ variable to override the location of configuration
+ files.
+
+ <b>-F</b> <i>full</i><b>_</b><i>name</i>
+ Set the sender full name. This overrides the NAME
+ environment variable, and is used only with mes-
+ sages that have no <b>From:</b> message header.
+
+ <b>-f</b> <i>sender</i>
+ Set the envelope sender address. This is the
+ address where delivery problems are sent to. With
+ Postfix versions before 2.1, the <b>Errors-To:</b> message
+ header overrides the error return address.
+
+ <b>-G</b> Gateway (relay) submission, as opposed to initial
+ user submission. Either do not rewrite addresses
+ at all, or update incomplete addresses with the
+ domain information specified with <b>remote_header_re-</b>
+ <b>write_domain</b>.
+
+ This option is ignored before Postfix version 2.3.
+
+ <b>-h</b> <i>hop</i><b>_</b><i>count</i> (ignored)
+ Hop count limit. Use the <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a></b> configura-
+ tion parameter instead.
+
+ <b>-I</b> Initialize alias database. See the <b>newaliases</b> com-
+ mand above.
+
+ <b>-i</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
+ input.
+
+ <b>-L</b> <i>label</i> (ignored)
+ The logging label. Use the <b><a href="postconf.5.html#syslog_name">syslog_name</a></b> configura-
+ tion parameter instead.
+
+ <b>-m</b> (ignored)
+ Backwards compatibility.
+
+ <b>-N</b> <i>dsn</i> (default: 'delay, failure')
+ Delivery status notification control. Specify
+ either a comma-separated list with one or more of
+ <b>failure</b> (send notification when delivery fails),
+ <b>delay</b> (send notification when delivery is delayed),
+ or <b>success</b> (send notification when the message is
+ delivered); or specify <b>never</b> (don't send any noti-
+ fications at all).
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-n</b> (ignored)
+ Backwards compatibility.
+
+ <b>-oA</b><i>alias</i><b>_</b><i>database</i>
+ Non-default alias database. Specify <i>pathname</i> or
+ <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
+
+ <b>-O</b> <i>option=value</i> (ignored)
+ Backwards compatibility.
+
+ <b>-o7</b> (ignored)
+
+ <b>-o8</b> (ignored)
+ To send 8-bit or binary content, use an appropriate
+ MIME encapsulation and specify the appropriate <b>-B</b>
+ command-line option.
+
+ <b>-oi</b> When reading a message from standard input, don't
+ treat a line with only a <b>.</b> character as the end of
+ input.
+
+ <b>-om</b> (ignored)
+ The sender is never eliminated from alias etc.
+ expansions.
+
+ <b>-o</b> <i>x value</i> (ignored)
+ Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
+ ration parameter in <a href="postconf.5.html"><b>main.cf</b></a> instead.
+
+ <b>-r</b> <i>sender</i>
+ Set the envelope sender address. This is the
+ address where delivery problems are sent to. With
+ Postfix versions before 2.1, the <b>Errors-To:</b> message
+ header overrides the error return address.
+
+ <b>-R</b> <i>return</i><b>_</b><i>limit</i> (ignored)
+ Limit the size of bounced mail. Use the
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a></b> configuration parameter instead.
+
+ <b>-q</b> Attempt to deliver all queued mail. This is imple-
+ mented by executing the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command.
+
+ Warning: flushing undeliverable mail frequently
+ will result in poor delivery performance of all
+ other mail.
+
+ <b>-q</b><i>interval</i> (ignored)
+ The interval between queue runs. Use the
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a></b> configuration parameter instead.
+
+ <b>-qI</b><i>queueid</i>
+ Schedule immediate delivery of mail with the speci-
+ fied queue ID. This option is implemented by exe-
+ cuting the <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command, and is available
+ with Postfix version 2.4 and later.
+
+ <b>-qR</b><i>site</i>
+ Schedule immediate delivery of all mail that is
+ queued for the named <i>site</i>. This option accepts only
+ <i>site</i> names that are eligible for the "fast flush"
+ service, and is implemented by executing the
+ <a href="postqueue.1.html"><b>postqueue</b>(1)</a> command. See <a href="flush.8.html"><b>flush</b>(8)</a> for more infor-
+ mation about the "fast flush" service.
+
+ <b>-qS</b><i>site</i>
+ This command is not implemented. Use the slower
+ "<b>sendmail -q</b>" command instead.
+
+ <b>-t</b> Extract recipients from message headers. These are
+ added to any recipients specified on the command
+ line.
+
+ With Postfix versions prior to 2.1, this option
+ requires that no recipient addresses are specified
+ on the command line.
+
+ <b>-U</b> (ignored)
+ Initial user submission.
+
+ <b>-V</b> <i>envid</i>
+ Specify the envelope ID for notification by servers
+ that support DSN.
+
+ This feature is available in Postfix 2.3 and later.
+
+ <b>-XV</b> (Postfix 2.2 and earlier: <b>-V</b>)
+ Variable Envelope Return Path. Given an envelope
+ sender address of the form <i>owner-listname</i>@<i>origin</i>,
+ each recipient <i>user</i>@<i>domain</i> receives mail with a
+ personalized envelope sender address.
+
+ By default, the personalized envelope sender
+ address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
+ default <b>+</b> and <b>=</b> characters are configurable with
+ the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration parame-
+ ter.
+
+ <b>-XV</b><i>xy</i> (Postfix 2.2 and earlier: <b>-V</b><i>xy</i>)
+ As <b>-XV</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter
+ characters, instead of the characters specified
+ with the <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a></b> configuration
+ parameter.
+
+ <b>-v</b> Send an email report of the first delivery attempt
+ (Postfix versions 2.1 and later). Mail delivery
+ always happens in the background. When multiple <b>-v</b>
+ options are given, enable verbose logging for
+ debugging purposes.
+
+ <b>-X</b> <i>log</i><b>_</b><i>file</i> (ignored)
+ Log mailer traffic. Use the <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></b> and
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a></b> configuration parameters instead.
+
+<b>SECURITY</b>
+ By design, this program is not set-user (or group) id.
+ However, it must handle data from untrusted, possibly
+ remote, users. Thus, the usual precautions need to be
+ taken against malicious inputs.
+
+<b>DIAGNOSTICS</b>
+ Problems are logged to <b>syslogd</b>(8) and to the standard
+ error stream.
+
+<b>ENVIRONMENT</b>
+ <b>MAIL_CONFIG</b>
+ Directory with Postfix configuration files.
+
+ <b>MAIL_VERBOSE</b> (value does not matter)
+ Enable verbose logging for debugging purposes.
+
+ <b>MAIL_DEBUG</b> (value does not matter)
+ Enable debugging with an external command, as spec-
+ ified with the <b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration
+ parameter.
+
+ <b>NAME</b> The sender full name. This is used only with mes-
+ sages that have no <b>From:</b> message header. See also
+ the <b>-F</b> option above.
+
+<b>CONFIGURATION PARAMETERS</b>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ to this program. The text below provides only a parameter
+ summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including exam-
+ ples.
+
+<b>TROUBLE SHOOTING CONTROLS</b>
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble
+ shoot a Postfix system.
+
+ <b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
+ The external command to execute when a Postfix dae-
+ mon program is invoked with the -D option.
+
+ <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
+ <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+
+ <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
+ in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+
+<b>ACCESS CONTROLS</b>
+ Available in Postfix version 2.2 and later:
+
+ <b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (static:anyone)</b>
+ List of users who are authorized to flush the
+ queue.
+
+ <b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (static:anyone)</b>
+ List of users who are authorized to view the queue.
+
+ <b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (static:anyone)</b>
+ List of users who are authorized to submit mail
+ with the <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command (and with the privi-
+ leged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper command).
+
+<b>RESOURCE AND RATE CONTROLS</b>
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is
+ sent in a non-delivery notification.
+
+ <b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
+ The maximal number of attempts to fork() a child
+ process.
+
+ <b><a href="postconf.5.html#fork_delay">fork_delay</a> (1s)</b>
+ The delay between attempts to fork() a child
+ process.
+
+ <b><a href="postconf.5.html#hopcount_limit">hopcount_limit</a> (50)</b>
+ The maximal number of Received: message headers
+ that is allowed in the primary message headers.
+
+ <b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (version dependent)</b>
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue
+ manager.
+
+<b>FAST FLUSH CONTROLS</b>
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation
+ details for the Postfix "fast flush" service.
+
+ <b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
+ Optional list of destinations that are eligible for
+ per-destination logfiles with mail that is queued
+ to those destinations.
+
+<b>VERP CONTROLS</b>
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
+ details of Postfix support for variable envelope return
+ path addresses.
+
+ <b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
+ The two default VERP delimiter characters.
+
+ <b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
+ The characters Postfix accepts as VERP delimiter
+ characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
+ and in SMTP commands.
+
+<b>MISCELLANEOUS CONTROLS</b>
+ <b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are
+ updated with "<b>newaliases</b>" or with "<b>sendmail -bi</b>".
+
+ <b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
+ The location of all postfix administrative com-
+ mands.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
+
+ <b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
+ The directory with Postfix support programs and
+ daemon programs.
+
+ <b><a href="postconf.5.html#default_database_type">default_database_type</a> (see 'postconf -d' output)</b>
+ The default database type for use in <a href="newaliases.1.html"><b>newaliases</b>(1)</a>,
+ <a href="postalias.1.html"><b>postalias</b>(1)</a> and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
+
+ <b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
+ The time after which the sender receives the mes-
+ sage headers of mail that is still queued.
+
+ <b><a href="postconf.5.html#enable_errors_to">enable_errors_to</a> (no)</b>
+ Report mail delivery errors to the address speci-
+ fied with the non-standard Errors-To: message
+ header, instead of the envelope sender address
+ (this feature is removed with Postfix version 2.2,
+ is turned off by default with Postfix version 2.1,
+ and is always turned on with older Postfix ver-
+ sions).
+
+ <b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
+ The UNIX system account that owns the Postfix queue
+ and most Postfix daemon processes.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue direc-
+ tory.
+
+ <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
+ Don't rewrite message headers from remote clients
+ at all when this parameter is empty; otherwise, re-
+ write message headers and append the specified
+ domain name to incomplete addresses.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
+ becomes, for example, "postfix/smtpd".
+
+<b>FILES</b>
+ /var/spool/postfix, mail queue
+ /etc/postfix, configuration files
+
+<b>SEE ALSO</b>
+ <a href="pickup.8.html">pickup(8)</a>, mail pickup daemon
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="smtpd.8.html">smtpd(8)</a>, SMTP server
+ <a href="flush.8.html">flush(8)</a>, fast flush service
+ <a href="postsuper.1.html">postsuper(1)</a>, queue maintenance
+ <a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
+ <a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
+ <a href="postfix.1.html">postfix(1)</a>, mail system control
+ <a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ <a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
+ <a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
+ <a href="VERP_README.html">VERP_README</a>, Postfix VERP howto
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ SENDMAIL(1)
+</pre> </body> </html>
<b>o</b> Postfix NIS+ map names use "<b>;</b>" instead of "<b>,</b>",
because the latter character is special in the
- Postfix main.cf file. Postfix replaces "<b>;</b>" charac-
+ Postfix <a href="postconf.5.html">main.cf</a> file. Postfix replaces "<b>;</b>" charac-
ters in the map name by "<b>,</b>" before making NIS+
queries.
Cambridge
CB10 1SB, UK
- Based on the NIS client code:
-
Adopted and adapted by:
Wietse Venema
IBM T.J. Watson Research
pcre_table - format of Postfix PCRE tables
<b>SYNOPSIS</b>
- <b>postmap -
fq "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -q "</b><i>string</i><b>" <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i>
- <b>postmap -
fq - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+ <b>postmap -q - <a href="pcre_table.5.html">pcre</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address
To find out what types of lookup tables your Postfix sys-
tem supports use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -fq</b>" command as
+ To test lookup tables, use the "<b>postmap -q</b>" command as
described in the SYNOPSIS above.
+<b>COMPATIBILITY</b>
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
+ to query a table that contains case sensitive patterns.
+ Patterns are case insensitive by default.
+
<b>TABLE FORMAT</b>
The general form of a PCRE table is:
</p>
<p>
-This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the <a href="anvil.8.html">anvil(8)</a> service which is available
+in Postfix version 2.2 and later.
</p>
<p>
</p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
-but this form is not recommended here. </p>
+but this form is not required here. </p>
<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
</DD>
<DT><b><a name="minimal_backoff_time">minimal_backoff_time</a>
-(default: version dependent)</b></DT><DD>
+(default: 300s)</b></DT><DD>
+
+<p>
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
<p>
-The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
-<p> With Postfix 2.4 the default value was reduced from 1000s to
-300s. </p>
-
<p> This parameter should be set greater than or equal to
$<a href="postconf.5.html#queue_run_delay">queue_run_delay</a>. See also $<a href="postconf.5.html#maximal_backoff_time">maximal_backoff_time</a>. </p>
</DD>
<DT><b><a name="queue_run_delay">queue_run_delay</a>
-(default: version dependent)</b></DT><DD>
-
-<p>
-The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager.
-</p>
+(default: 300s)</b></DT><DD>
<p>
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
-but this form is not recommended here. </p>
+but this form is not required here. </p>
</DD>
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
In the policy table, multiple protocols must be separated by colons,
-as attribute values may not contain whitespace or commas. </p>
+as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
P.O. Box 830688, MC34
Richardson, TX 75083, USA
+ IPv6 support originally by:
+ Mark Huizer, Eindhoven University, The Netherlands
+ Jun-ichiro 'itojun' Hagino, KAME project, Japan
+ The Linux PLD project
+ Dean Strik, Eindhoven University, The Netherlands
+
POSTFIX(1)
</pre> </body> </html>
postlog - Postfix-compatible logging utility
<b>SYNOPSIS</b>
- <b>postlog</b> [<b>-iv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>]
- [<b>-p</b> <i>priority</i><b>] [-t</b> <i>tag</i>] [<i>text...</i>]
+ <b>postlog</b> [<b>-iv</b>] [<b>-c</b> <i>config</i><b>_</b><i>dir</i>] [<b>-p</b> <i>priority</i><b>] [-t</b> <i>tag</i>]
+ [<i>text...</i>]
<b>DESCRIPTION</b>
- The <a href="postlog.1.html"><b>postlog</b>(1)</a> command implements a Postfix-compatible
- logging interface for use in, for example, shell scripts.
+ The <a href="postlog.1.html"><b>postlog</b>(1)</a> command implements a Postfix-compatible
+ logging interface for use in, for example, shell scripts.
- By default, <a href="postlog.1.html"><b>postlog</b>(1)</a> logs the <i>text</i> given on the command
+ By default, <a href="postlog.1.html"><b>postlog</b>(1)</a> logs the <i>text</i> given on the command
line as one record. If no <i>text</i> is specified on the command
- line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads from standard input and logs each
+ line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads from standard input and logs each
input line as one record.
- Logging is sent to <b>syslogd</b>(8); when the standard error
- stream is connected to a terminal, logging is sent there
+ Logging is sent to <b>syslogd</b>(8); when the standard error
+ stream is connected to a terminal, logging is sent there
as well.
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named
directory instead of the default configuration
directory.
<b>-i</b> Include the process ID in the logging tag.
<b>-p</b> <i>priority</i>
- Specifies the logging severity: <b>info</b> (default),
+ Specifies the logging severity: <b>info</b> (default),
<b>warn</b>, <b>error</b>, <b>fatal</b>, or <b>panic</b>.
<b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying
- name that appears at the beginning of each logging
- record. A default tag is used when none is speci-
+ name that appears at the beginning of each logging
+ record. A default tag is used when none is speci-
fied.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
- tiple <b>-v</b> options make the software increasingly
+ tiple <b>-v</b> options make the software increasingly
verbose.
<b>ENVIRONMENT</b>
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant
to this program.
- The text below provides only a parameter summary. See
+ The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b>SEE ALSO</b>
syslogd(8), syslog daemon
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
regexp_table - format of Postfix regular expression tables
<b>SYNOPSIS</b>
- <b>postmap -
fq "</b><i>string</i><b>" <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i>
+ <b>postmap -q "</b><i>string</i><b>" <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i>
- <b>postmap -
fq - <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
+ <b>postmap -q - <a href="regexp_table.5.html">regexp</a>:/etc/postfix/</b><i>filename</i> <<i>inputfile</i>
<b>DESCRIPTION</b>
The Postfix mail system uses optional tables for address
To find out what types of lookup tables your Postfix sys-
tem supports use the "<b>postconf -m</b>" command.
- To test lookup tables, use the "<b>postmap -fq</b>" command as
+ To test lookup tables, use the "<b>postmap -q</b>" command as
described in the SYNOPSIS above.
+<b>COMPATIBILITY</b>
+ With Postfix version 2.2 and earlier specify "<b>postmap -fq</b>"
+ to query a table that contains case sensitive patterns.
+ Patterns are case insensitive by default.
+
<b>TABLE FORMAT</b>
The general form of a Postfix regular expression table is:
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
-<b>BUGS</b>
- The <a href="showq.8.html"><b>showq</b>(8)</a> daemon runs at a fixed low privilege; conse-
- quently, it cannot extract information from queue files in
- the <b>maildrop</b> directory.
-
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="showq.8.html"><b>showq</b>(8)</a>
processes run for only a limited amount of time. Use the
the client is used for multiple domains.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i>
- "ghost" parameter for the equivalent LMTP feature. This
+ "mirror" parameter for the equivalent LMTP feature. This
document describes only those LMTP-related parameters that
- aren't simply "ghost" parameters.
+ aren't simply "mirror" parameters.
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a>
processes run for only a limited amount of time. Use the
+++ /dev/null
-bounce.8.html
\ No newline at end of file
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html> <head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+<title> Postfix manual - bounce(8) </title>
+</head> <body> <pre>
+BOUNCE(8) BOUNCE(8)
+
+<b>NAME</b>
+ bounce - Postfix delivery status reports
+
+<b>SYNOPSIS</b>
+ <b>bounce</b> [generic Postfix daemon options]
+
+<b>DESCRIPTION</b>
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon maintains per-message log files with
+ delivery status information. Each log file is named after
+ the queue file that it corresponds to, and is kept in a
+ queue subdirectory named after the service name in the
+ <a href="master.5.html"><b>master.cf</b></a> file (either <b>bounce</b>, <b>defer</b> or <b>trace</b>). This pro-
+ gram expects to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+
+ The <a href="bounce.8.html"><b>bounce</b>(8)</a> daemon processes two types of service
+ requests:
+
+ <b>o</b> Append a recipient (non-)delivery status record to
+ a per-message log file.
+
+ <b>o</b> Enqueue a delivery status notification message,
+ with a copy of a per-message log file and of the
+ corresponding message. When the delivery status
+ notification message is enqueued successfully, the
+ per-message log file is deleted.
+
+ The software does a best notification effort. A non-deliv-
+ ery notification is sent even when the log file or the
+ original message cannot be read.
+
+ Optionally, a bounce (defer, trace) client can request
+ that the per-message log file be deleted when the
+ requested operation fails. This is used by clients that
+ cannot retry transactions by themselves, and that depend
+ on retry logic in their own client.
+
+<b>STANDARDS</b>
+ <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc2045.html">RFC 2045</a> (Format of Internet Message Bodies)
+ <a href="http://www.faqs.org/rfcs/rfc2822.html">RFC 2822</a> (ARPA Internet Text Messages)
+ <a href="http://www.faqs.org/rfcs/rfc3462.html">RFC 3462</a> (Delivery Status Notifications)
+ <a href="http://www.faqs.org/rfcs/rfc3464.html">RFC 3464</a> (Delivery Status Notifications)
+ <a href="http://www.faqs.org/rfcs/rfc3834.html">RFC 3834</a> (Auto-Submitted: message header)
+
+<b>DIAGNOSTICS</b>
+ Problems and transactions are logged to <b>syslogd</b>(8).
+
+<b>CONFIGURATION PARAMETERS</b>
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as
+ <a href="bounce.8.html"><b>bounce</b>(8)</a> processes run for only a limited amount of time.
+ Use the command "<b>postfix reload</b>" to speed up a change.
+
+ The text below provides only a parameter summary. See
+ <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
+
+ <b><a href="postconf.5.html#2bounce_notice_recipient">2bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of undeliverable mail that cannot be
+ returned to the sender.
+
+ <b><a href="postconf.5.html#backwards_bounce_logfile_compatibility">backwards_bounce_logfile_compatibility</a> (yes)</b>
+ Produce additional <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile records that
+ can be read by Postfix versions before 2.0.
+
+ <b><a href="postconf.5.html#bounce_notice_recipient">bounce_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the
+ message headers of mail that Postfix did not
+ deliver and of SMTP conversation transcripts of
+ mail that Postfix did not receive.
+
+ <b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
+ The maximal amount of original message text that is
+ sent in a non-delivery notification.
+
+ <b><a href="postconf.5.html#bounce_template_file">bounce_template_file</a> (empty)</b>
+ Pathname of a configuration file with bounce mes-
+ sage templates.
+
+ <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ <a href="master.5.html">master.cf</a> configuration files.
+
+ <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
+ built-in watchdog timer.
+
+ <b><a href="postconf.5.html#delay_notice_recipient">delay_notice_recipient</a> (postmaster)</b>
+ The recipient of postmaster notifications with the
+ message headers of mail that cannot be delivered
+ within $<a href="postconf.5.html#delay_warning_time">delay_warning_time</a> time units.
+
+ <b><a href="postconf.5.html#deliver_lock_attempts">deliver_lock_attempts</a> (20)</b>
+ The maximal number of attempts to acquire an exclu-
+ sive lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
+ The time between attempts to acquire an exclusive
+ lock on a mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
+
+ <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
+ The time limit for sending or receiving information
+ over an internal communication channel.
+
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
+ <b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
+ The mail system name that is displayed in Received:
+ headers, in the SMTP greeting banner, and in
+ bounced mail.
+
+ <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
+ The maximum amount of time that an idle Postfix
+ daemon process waits for an incoming connection
+ before terminating voluntarily.
+
+ <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
+ The maximal number of incoming connections that a
+ Postfix daemon process will service before termi-
+ nating voluntarily.
+
+ <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
+ The list of error classes that are reported to the
+ postmaster.
+
+ <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
+ The process ID of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
+ The process name of a Postfix command or daemon
+ process.
+
+ <b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
+ The location of the Postfix top-level queue direc-
+ tory.
+
+ <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
+ The syslog facility of Postfix logging.
+
+ <b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
+ becomes, for example, "postfix/smtpd".
+
+<b>FILES</b>
+ /var/spool/postfix/bounce/* non-delivery records
+ /var/spool/postfix/defer/* non-delivery records
+ /var/spool/postfix/trace/* delivery status records
+
+<b>SEE ALSO</b>
+ <a href="bounce.5.html">bounce(5)</a>, bounce message template format
+ <a href="qmgr.8.html">qmgr(8)</a>, queue manager
+ <a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="master.8.html">master(8)</a>, process manager
+ syslogd(8), system logging
+
+<b>LICENSE</b>
+ The Secure Mailer license must be distributed with this
+ software.
+
+<b>AUTHOR(S)</b>
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
+
+ BOUNCE(8)
+</pre> </body> </html>
University of Texas at Dallas
P.O. Box 830688, MC34
Richardson, TX 75083, USA
+
+IPv6 support originally by:
+Mark Huizer, Eindhoven University, The Netherlands
+Jun-ichiro 'itojun' Hagino, KAME project, Japan
+The Linux PLD project
+Dean Strik, Eindhoven University, The Netherlands
.na
.nf
.fi
+.ad
\fBpostlog\fR [\fB-iv\fR] [\fB-c \fIconfig_dir\fR]
- [\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR]
+[\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR]
.SH DESCRIPTION
.ad
.fi
.SH DESCRIPTION
.ad
.fi
-The Postfix SMTP server supports access control on remote
-SMTP client information: host names, network addresses, and
-envelope sender
-or recipient addresses. See \fBheader_checks\fR(5) or
+This document describes access control on remote SMTP client
+information: host names, network addresses, and envelope
+sender or recipient addresses; it is implemented by the
+Postfix SMTP server. See \fBheader_checks\fR(5) or
\fBbody_checks\fR(5) for access control on the content of
email messages.
match is found in the access table, or until further
truncation is not possible.
-NOTE 1: The information in the access map should be in
-canonical form, with unnecessary null characters eliminated.
-Address information must not be enclosed with "[]" characters.
+NOTE 1: The access map lookup key must be in canonical form:
+do not specify unnecessary null characters, and do not
+enclose network address information with "[]" characters.
NOTE 2: use the \fBcidr\fR lookup table type to specify
network/netmask patterns. See \fBcidr_table\fR(5) for details.
string representation of the IPv6 host address. Thus, not
all the ":" subnetworks will be tried.
-NOTE 2: The information in the access map should be in
-canonical form, with unnecessary null characters eliminated.
-Address information must not be enclosed with "[]" characters.
+NOTE 2: The access map lookup key must be in canonical form:
+do not specify unnecessary null characters, and do not
+enclose network address information with "[]" characters.
NOTE 3: use the \fBcidr\fR lookup table type to specify
network/netmask patterns. See \fBcidr_table\fR(5) for details.
More information
about external content filters is in the Postfix FILTER_README file.
.sp
-Note: this action overrides the \fBmain.cf content_filter\fR setting,
+Note: this action overrides the \fBcontent_filter\fR setting,
and currently affects all recipients of the message.
.sp
This feature is available in Postfix 2.0 and later.
will be matched regardless of redundant zero characters.
Note: address information may be enclosed inside "[]" but
-this form is not recommended.
+this form is not required.
IPv6 support is available in Postfix 2.2 and later.
.IP "\fInetwork_address result\fR"
.SH NAME
header_checks
\-
-Postfix built-in header/body inspection
+Postfix built-in content inspection
.SH "SYNOPSIS"
.na
.nf
.br
\fBbody_checks = pcre:/etc/postfix/body_checks\fR
.sp
-\fBpostmap -fq "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
.br
-\fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
-The Postfix \fBcleanup\fR(8) server supports access control
-on the content of message headers and message body lines.
+This document describes access control on the content of
+message headers and message body lines; it is implemented
+by the Postfix cleanup(8) server before mail is queued.
See \fBaccess\fR(5) for access control on remote SMTP client
information.
.IP "\fBif /\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
-and \fBendif\fR, if and only if the input string also matches
-\fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+and \fBendif\fR, if and only if the same input string also
+matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
.sp
Note: do not prepend whitespace to patterns inside
\fBif\fR..\fBendif\fR.
.IP "\fBif !/\fIpattern\fB/\fIflags\fR"
.IP "\fBendif\fR"
Match the input string against the patterns between \fBif\fR
-and \fBendif\fR, if and only if the input string does \fBnot\fR
-match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+and \fBendif\fR, if and only if the same input string does
+\fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
+can nest.
.IP "blank lines and comments"
Empty lines and whitespace-only lines are ignored, as
are lines whose first non-whitespace character is a `#'.
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBFILTER \fItransport:destination\fR"
-Write a content filter request to the queue file and
+Write a content filter request to the queue file, and
inspect the next input line.
After the complete message is received it will be sent through
the specified external content filter. More information about
external content filters is in the Postfix FILTER_README file.
.sp
-Note: this action overrides the \fBmain.cf content_filter\fR setting,
+Note: this action overrides the \fBcontent_filter\fR setting,
and affects all recipients of the message. In the case that multiple
\fBFILTER\fR actions fire, only the last one is executed.
.sp
.sp
This feature is available in Postfix 2.0 and later.
.IP \fBIGNORE\fR
-Delete the current line from the input and inspect
+Delete the current line from the input, and inspect
the next input line.
.IP "\fBPREPEND \fItext...\fR"
-Prepend one line with the specified text and inspect the next
+Prepend one line with the specified text, and inspect the next
input line.
.sp
Notes:
.IP
This feature is available in Postfix 2.1 and later.
.IP "\fBREDIRECT \fIuser@domain\fR"
-Write a message redirection request to the queue file and
+Write a message redirection request to the queue file, and
inspect the next input line. After the message is queued,
it will be sent to the specified address instead of the
intended recipient(s).
.sp
This feature is available in Postfix 2.1 and later.
.IP "\fBREPLACE \fItext...\fR"
-Replace the current line with the specified text and inspect the next
+Replace the current line with the specified text, and inspect the next
input line.
.sp
This feature is available in Postfix 2.2 and later. The
"5.7.1".
.IP "\fBWARN \fIoptional text...\fR
Log a warning with the \fIoptional text...\fR (or log a
-generic message) and inspect the next input line. This
+generic message), and inspect the next input line. This
action is useful for debugging and for testing a pattern
before applying more drastic actions.
.SH BUGS
.ad
.fi
Many people overlook the main limitations of header and body_checks
-rules. These rules operate on one logical message header or one body
-line at a time, and a decision made for one line is not carried over
-to the next line. If text in the message body is encoded
+rules.
+.IP \(bu
+These rules operate on one logical message header or one body
+line at a time. A decision made for one line is not carried over
+to the next line.
+.IP \(bu
+If text in the message body is encoded
(RFC 2045) then the rules have to specified for the encoded
-form. Likewise, when message headers are encoded (RFC
+form.
+.IP \(bu
+Likewise, when message headers are encoded (RFC
2047) then the rules need to be specified for the encoded
form.
-
+.PP
Message headers added by the \fBcleanup\fR(8) daemon itself
are excluded from inspection. Examples of such message headers
are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
%2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
unqualified or does not have enough domain components to satisfy
-all the specified patterns, the saerch is suppressed and returns
+all the specified patterns, the search is suppressed and returns
no results.
.IP
The above %1, ..., %9 expansions are available with Postfix 2.2
Cambridge
CB10 1SB, UK
-Based on the NIS client code:
-
Adopted and adapted by:
Wietse Venema
IBM T.J. Watson Research
.SH "SYNOPSIS"
.na
.nf
-\fBpostmap -fq "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+\fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
-\fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+\fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
-To test lookup tables, use the "\fBpostmap -fq\fR" command as
+To test lookup tables, use the "\fBpostmap -q\fR" command as
described in the SYNOPSIS above.
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+-fq\fR" to query a table that contains case sensitive
+patterns. Patterns are case insensitive by default.
.SH "TABLE FORMAT"
.na
.nf
The time unit over which client connection rates and other rates
are calculated.
.PP
-This feature is implemented by the \fBanvil\fR(8) service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the \fBanvil\fR(8) service which is available
+in Postfix version 2.2 and later.
.PP
The default interval is relatively short. Because of the high
frequency of updates, the \fBanvil\fR(8) server uses volatile memory
Note 1: you need to stop and start Postfix when this parameter changes.
.PP
Note 2: address information may be enclosed inside [],
-but this form is not recommended here.
+but this form is not required here.
.PP
When inet_interfaces specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
Postfix refuses mail that is nested deeper than the specified limit.
.PP
This feature is available in Postfix 2.0 and later.
-.SH minimal_backoff_time (default: version dependent)
-The minimal time between attempts to deliver a deferred message.
+.SH minimal_backoff_time (default: 300s)
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+.PP
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
.PP
-With Postfix 2.4 the default value was reduced from 1000s to
-300s.
-.PP
This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time.
.PP
.PP
With Postfix versions 2.0 and earlier, a queue_minfree value of
zero means there is no minimum required amount of free space.
-.SH queue_run_delay (default: version dependent)
-The time between deferred queue scans by the queue manager.
-.PP
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+.SH queue_run_delay (default: 300s)
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
.PP
This parameter should be set less than or equal to
$minimal_backoff_time. See also $maximal_backoff_time.
inet_interfaces documentation for more detail.
.PP
Note 2: address information may be enclosed inside [],
-but this form is not recommended here.
+but this form is not required here.
.SH smtp_bind_address6 (default: empty)
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
.SH "SYNOPSIS"
.na
.nf
-\fBpostmap -fq "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR
+\fBpostmap -q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR
-\fBpostmap -fq - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+\fBpostmap -q - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
.SH DESCRIPTION
.ad
.fi
To find out what types of lookup tables your Postfix system
supports use the "\fBpostconf -m\fR" command.
-To test lookup tables, use the "\fBpostmap -fq\fR" command as
-described in the SYNOPSIS above.
+To test lookup tables, use the "\fBpostmap -q\fR" command
+as described in the SYNOPSIS above.
+.SH "COMPATIBILITY"
+.na
+.nf
+.ad
+.fi
+With Postfix version 2.2 and earlier specify "\fBpostmap
+-fq\fR" to query a table that contains case sensitive
+patterns. Patterns are case insensitive by default.
.SH "TABLE FORMAT"
.na
.nf
In this preliminary implementation, a count (or rate) limited server
can have only one remote client at a time. If a server reports
-multiple simultaneous clients, all but the last reported client
-are ignored.
+multiple simultaneous clients, state is kept only for the last
+reported client.
The \fBanvil\fR(8) server automatically discards client
request information after it expires. To prevent the
Append a recipient (non-)delivery status record to a per-message
log file.
.IP \(bu
-Enqueue a bounce message, with a copy of a per-message log file
-and of the corresponding message. When the bounce message is
+Enqueue a delivery status notification message, with a copy
+of a per-message log file and of the corresponding message.
+When the delivery status notification message is
enqueued successfully, the per-message log file is deleted.
.PP
The software does a best notification effort. A non-delivery
.ad
.fi
Problems and transactions are logged to \fBsyslogd\fR(8).
-.SH BUGS
-.ad
-.fi
-The \fBshowq\fR(8) daemon runs at a fixed low privilege; consequently,
-it cannot extract information from queue files in the
-\fBmaildrop\fR directory.
.SH "CONFIGURATION PARAMETERS"
.na
.nf
when the client is used for multiple domains.
Most smtp_\fIxxx\fR configuration parameters have an
-lmtp_\fIxxx\fR "ghost" parameter for the equivalent LMTP
+lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
feature. This document describes only those LMTP-related
-parameters that aren't simply "ghost" parameters.
+parameters that aren't simply "mirror" parameters.
Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
processes run for only a limited amount of time. Use the command
{
Again:
- if (/-[<\/bB>]*$/) {
+ if (/(-[<\/bB>]*|RFC)$/) {
$_ .= "\n";
$len1 = length;
$_ .= <>;
s;\bmilter_unknown_command_macros\b;<a href="postconf.5.html#milter_unknown_command_macros">$&</a>;g;
s;\bmilter_end_of_data_macros\b;<a href="postconf.5.html#milter_end_of_data_macros">$&</a>;g;
- # Split *README, parameter or restriction hyperlinks across line breaks
+ # Hyperlink URLs and RFC documents
+
+ s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
+ s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
+ s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
+
+ # Split README/RFC/parameter/restriction hyperlinks that span line breaks
s/(<a href="[^"]*">)([-A-Za-z0-9_]*)\b([-<\/bB>]*\n *[<bB>]*)\b([-A-Za-z0-9_]*)(<\/a>)/$1$2$5$3$1$4$5/;
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
s/(<a href="[^"]*">)([<bB>]*[-a-zA-Z0-9._]*[<bB>]*)<\/a>\1/$1$2/g;
- # Hyperlink URLs and RFC documents
-
- s/(http:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
- s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
- s/\bRFC *([1-9]\d*)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc$1.html">$&<\/a>/;
-
# Hyperlink phrases not in headers.
if (/<\/*h\d>/) {
esac) || exit 1
continue;;
- # Hard link
-
- h) eval dest_path=$install_root$path
- check_parent $dest_path || exit 1
- eval source_path=$install_root$source
- compare_or_hardlink $source_path $dest_path || exit 1
+ # Hard link. Skip files that are not installed.
+
+ h) eval echo $path | (IFS=/ read prefix file; test "$prefix" = "no" || (
+ eval dest_path=$install_root$path
+ check_parent $dest_path || exit 1
+ eval source_path=$install_root$source
+ compare_or_hardlink $source_path $dest_path || exit 1
+ )) || exit 1
continue;;
- # Symbolic link
+ # Symbolic link. Skip files that are not installed.
- l) eval dest_path=$install_root$path
- check_parent $dest_path || exit 1
- eval source_path=$install_root$source
- compare_or_symlink $source_path $dest_path || exit 1
+ l) eval echo $path | (IFS=/ read prefix file; test "$prefix" = "no" || (
+ eval dest_path=$install_root$path
+ check_parent $dest_path || exit 1
+ eval source_path=$install_root$source
+ compare_or_symlink $source_path $dest_path || exit 1
+ )) || exit 1
continue;;
*) echo $0: Error: unknown type $type for $path in conf/postfix-files 1>&2
<li> <p> The list of domains that are a member of the class: for
example, all local domains, or all relay domains. </p>
-<li> <p> The default delivery method. For example, the local or
-smtp delivery agent. This helps to keep Postfix configurations
-simple. </p>
+<li> <p> The default delivery transport. For example, the local,
+virtual or relay delivery transport (delivery transports are defined
+in master.cf). This helps to keep Postfix configurations simple,
+by avoiding the need for explicit routing information in transport
+maps. </p>
<li> <p> The list of valid recipient addresses for that address
class. The Postfix SMTP server rejects invalid recipients with
<p> Recipient address verification is relatively straightforward
and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
-succeeds, then Postfix accepts mail for the recipient address. </p>
+succeeds, then Postfix accepts mail for the recipient address.
+However, recipient address verification probes can increase the
+load on down-stream MTAs when you're being flooded by backscatter
+bounces, or when some spammer is mounting a dictionary attack. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
the same performance improvement as with a shared connection cache,
non-shared connections need to be kept open for a longer time. </p>
+<p> The scache(8) server, introduced with Postfix version 2.2,
+maintains the shared connection cache. With Postfix version 2.2,
+only the smtp(8) client has support to access this cache. </p>
+
<blockquote>
<table>
-<tr> <td> Internet <-- </td> <td align="center" bgcolor="#f0f0ff">
-<br> smtp(8) <br> </td> <td> <tt> <-> </tt> </td> <td
-align="center" bgcolor="#f0f0ff"> <br> scache(8) <br> </td>
-<td> <tt> <-> </tt> </td> <td align="center" bgcolor="#f0f0ff">
-<br> smtp(8) <br> </td> <td> --> Internet </td>
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
+<td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+</tr>
+
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
+<td> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> scache(8) </td> </tr>
</table>
</blockquote>
-<p> The scache(8) server, introduced with Postfix version 2.2,
-maintains the shared connection cache. With Postfix version 2.2,
-only the smtp(8) client has support to access this cache. </p>
-
<p> When SMTP connection caching is enabled (see next section), the
smtp(8) client does not disconnect after a mail transaction, but
gives the connection to the scache(8) server which keeps the
-connection open for a limited amount of time. </p>
+connection open for a limited amount of time. </p>
<p> After handing over the open connection to the scache(8) server,
the smtp(8) client continues with some other mail delivery request.
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix Cyrus Howto</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix Cyrus Howto</h1>
-
-<hr>
-
-<p> This document will be made available via http://www.postfix.org/. </p>
-
-</body>
-
-</html>
<li> You can use Berkeley DB files with fixed lookup strings for
simple address rewriting operations and you can use regular expression
-tables for the more complicated work.
+tables for the more complicated work. In other words, you don't
+have to put everything into the same table.
</ul>
postmap(1) or postalias(1) overwrite existing files. If the update
fails in the middle then you have no usable database, and Postfix
will stop working. This is not an issue with the CDB database type
-available with Postfix 2.2 and later, because <a href="CDB_README.html">CDB</a>
-database rebuilds are atomic. </p>
+available with Postfix 2.2 and later: <a href="CDB_README.html">CDB</a>
+creates a new file, and renames the file upon successful completion.
+</p>
<p> With multi-file databases such as DBM, there is no simple
solution. With Berkeley DB and other "one file" databases, it is
<h2><a name="no_db">Building Postfix on systems without Berkeley
DB</a></h2>
-<p> Many commercial UNIXes ship without Berkeley DB support. Examples
-are Solaris, HP-UX, IRIX, UNIXWARE. In order to build Postfix with
+<p> Some UNIXes ship without Berkeley DB support; for historical
+reasons these use DBM files instead. A problem with DBM files is
+that they can store only limited amounts of data. To build Postfix
+with
Berkeley DB support you need to download and install the source
-code from http://www.sleepycat.com/ </p>
+code from http://www.oracle.com/database/berkeley-db/. </p>
<p> Warning: some Linux system libraries use Berkeley DB, as do
some third-party libraries such as SASL. If you compile Postfix
with a different Berkeley DB implementation, then every Postfix
-program will dump core because either the system library, SASL
+program will dump core because either the system library, the SASL
library, or Postfix itself ends up using the wrong version. </p>
<p>The more recent Berkeley DB versions have a compile-time switch,
falling apart. </p>
<p> To build Postfix after you installed the Berkeley DB from
-http://www.sleepycat.com/, use something like: </p>
+source code, use something like: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> More information is available at http://www.sleepycat.com/. </p>
+<p> More information is available at
+http://www.oracle.com/database/berkeley-db/. </p>
</body>
permissions, incorrect configuration file settings that you can
fix. Postfix cannot proceed until this is fixed. </p>
-<li> <p> "<b>error</b>" reports a fatal or non-fatal error condition.
-Postfix cannot proceed until this is fixed. </p>
+<li> <p> "<b>error</b>" reports an error condition. For safety
+reasons, a Postfix process will terminate when more than 13 of these
+happen. </p>
<li> <p> "<b>warning</b>" indicates a non-fatal error. These are
problems that you may not be able to fix (such as a broken DNS
</ul>
<p> These reports contain information that is generated by Postfix
-delivery agents. Since these run as daemon processes and do not
+delivery agents. Since these run as daemon processes that cannot
interact with users directly, the result is sent as mail to the
sender of the test message. The format of these reports is practically
identical to that of ordinary non-delivery notifications. </p>
<h2><a name="sniffer">Record the SMTP session with a network sniffer</a></h2>
<p> This example uses <b>tcpdump</b>. In order to record a conversation
-you need to specify a large enough buffer with the "-s" option or
-else you will miss some or all of the packet payload. </p>
+you need to specify a large enough buffer with the "<b>-s</b>"
+option or else you will miss some or all of the packet payload.
+</p>
<blockquote>
<pre>
-# <b>tcpdump -w /file/name -s 2000 host example.com and port 25</b>
+# <b>tcpdump -w /file/name -s 0 host example.com and port 25</b>
</pre>
</blockquote>
+<p> Older tcpdump versions don't support "<b>-s 0</b>"; in that case,
+use "<b>-s 2000</b>" instead. </p>
+
<p> Run this for a while, stop with Ctrl-C when done. To view the
-data use a binary viewer, or <b>ethereal</b>, or use my <b>tcpdumpx</b>
-utility that is available from ftp://ftp.porcupine.org/pub/debugging/.
+data use a binary viewer, <b>ethereal</b>, or good old <b>less</b>.
</p>
<h2><a name="verbose">Making Postfix daemon programs more verbose</a></h2>
<p> Append one or more "<b>-v</b>" options to selected daemon
definitions in /etc/postfix/master.cf and type "<b>postfix reload</b>".
This will cause a lot of activity to be logged to the syslog daemon.
-Example: </p>
+For example, to make the Postfix SMTP server process more verbose: </p>
<blockquote>
<pre>
</pre>
</blockquote>
-<p> This makes the Postfix SMTP server more verbose. To diagnose
-problems with address rewriting one would specify a "<b>-v</b>"
+<p> To diagnose problems with address rewriting specify a "<b>-v</b>"
option for the cleanup(8) and/or trivial-rewrite(8) daemon, and to
-diagnose problems with mail delivery one would specify a "<b>-v</b>"
+diagnose problems with mail delivery specify a "<b>-v</b>"
option for the qmgr(8) or oqmgr(8) queue manager, or for the lmtp(8),
local(8), pipe(8), smtp(8), or virtual(8) delivery agent. </p>
<li> <p> Postfix logging. See the text at the top of the DEBUG_README
document to find out where logging is stored. Please do not frustrate
-the helpers by word wrapping the logging. </p>
+the helpers by word wrapping the logging. If the logging is more
+than a few kbytes of text, consider posting an URL on a web or ftp
+site. </p>
<li> <p> Consider using a test email address so that you don't have
to reveal email addresses or passwords of innocent people. </p>
<li> <p> If you can't use a test email address, please anonymize
-information consistently. Replace each letter by "A", each digit
+email addresses and host names consistently. Replace each letter
+by "A", each digit
by "D" so that the helpers can still recognize syntactical errors.
</p>
<li> <p> Output from "<b>postconf -n</b>". Please do not send your
-main.cf file or 400+ lines of <b>postconf</b> output. </p>
+main.cf file, or 500+ lines of <b>postconf</b> output. </p>
-<li> <p> Better, provide output from the <b>postfinger</b> tool.
+<li> <p> Better, provide output from the <b>postfinger</b> tool.
This can be found at http://ftp.wl0.org/SOURCES/postfinger. </p>
<li> <p> If the problem is SASL related, consider including the
including output from the <b>qshape</b> tool, as described in the
QSHAPE_README file. </p>
-<li> <p> If the problem is protocol related (connections time out
+<li> <p> If the problem is protocol related (connections time out,
or an SMTP server complains about syntax errors etc.) consider
recording a session with <b>tcpdump</b>, as described in the <a
href="#sniffer">DEBUG_README</a> document. </ul>
</ul>
<p> The implementation of DSN support involves extra parameters to
-the SMTP MAIL FROM and RCPT TO commands, as well as new Postfix
+the SMTP MAIL FROM and RCPT TO commands, as well as two Postfix
sendmail command line options that provide a sub-set of the functions
of the extra SMTP command parameters. </p>
not delivered via the connection that was used for sending ETRN.
</p>
-<p> Postfix versions before 1.0 (also known as version 20010228)
-implemented the ETRN command in an inefficient manner: they simply
-attempted to deliver all queued mail. This is slow on mail servers
-that queue mail for many customers. </p>
-
<p> As of version 1.0, Postfix has a fast ETRN implementation that
does not require Postfix to examine every queue file. Instead,
Postfix maintains a record of what queue files contain mail for
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
-<b>quit</b>
+<b>QUIT</b>
221 Bye
</pre>
</blockquote>
<p> The Postfix operator can request delivery for a specific customer
by using the command "sendmail -qR<i>destination</i>" and, with
Postfix version 1.1 and later, "postqueue -s<i>destination</i>".
+Access to this feature is controlled with the authorized_flush_users
+configuration parameter (Postfix version 2.2 and later).
</p>
<h2><a name="how">How Postfix fast ETRN works</a></h2>
with queue file names. When a request to "deliver mail now" arrives,
Postfix will attempt to deliver all recipients in the queue files
that have mail for the destination in question. This does not
-perform well when queue files have recipients in many different
-domains. </p>
+perform well with queue files that have recipients in many different
+domains, such as queue files with outbound mailing list traffic.
+</p>
<li> <p> The flush(8) daemon maintains per-destination logfiles
only for destinations listed with $fast_flush_domains. With other
-destinations it not possible to trigger delivery with "sendmail
+destinations you cannot request delivery with "sendmail
-qR<i>destination</i>" or, with Postfix version 1.1 and later,
"postqueue -s<i>destination</i>". </p>
the list of message delivery transports specified with the
defer_transports configuration parameter. </p>
+<li> <p> Up to and including Postfix version 2.3, the "fast flush"
+service may not deliver some messages if the request to "deliver
+mail now" arrives while an incoming queue scan is already in progress.
+</p>
+
</ul>
<h2><a name="config">Configuring the Postfix fast ETRN service</a></h2>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.customer.domain</b>
+<b>ETRN some.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn some.other.customer.domain</b>
+<b>ETRN some.other.customer.domain</b>
250 Queuing started
</pre>
</blockquote>
<blockquote>
<pre>
220 my.server.tld ESMTP Postfix
-<b>helo my.client.tld</b>
+<b>HELO my.client.tld</b>
250 Ok
-<b>etrn not.a.customer.domain</b>
+<b>ETRN not.a.customer.domain</b>
459 <not.a.customer.domain>: service unavailable
</pre>
</blockquote>
be covered by a later version of this document. </p>
<p> The after-queue content filter is not to be confused with the
-approach that is described in the SMTPD_PROXY_README document,
+approaches described in the SMTPD_PROXY_README or MILTER_README
+documents,
where incoming SMTP mail is filtered BEFORE it is stored into the
Postfix queue. </p>
<h2><a name="principles">Principles of operation</a> </h2>
-<p> An external content filter receives unfiltered mail from Postfix
-(as described further below) and does one of the following: </p>
+<p> An after-queue content filter receives unfiltered mail from Postfix
+(as described further below) and can do one of the following: </p>
<ol>
<li> <p> Re-inject the mail back into Postfix, perhaps after changing
content and/or destination. </p>
+<li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail (by sending a suitable status code back to
- Postfix). Postfix will return the mail to the sender. </p>
+ Postfix). Postfix will send the mail back to the sender address. </p>
</ol>
<h2><a name="simple_filter">Simple content filter example</a></h2>
-<p> The first example is simple to set up. Postfix receives
+<p> The first example is simple to set up, but has major limitations
+that will be addressed in a second example. Postfix receives
unfiltered mail from the network with the smtpd(8) server, and
delivers unfiltered mail to a content filter with the Postfix
pipe(8) delivery agent. The content filter injects filtered mail
<ul>
-<li> <p> Line 8: The -G option does nothing before Postfix 2.3,
-otherwise it disables address rewriting of message headers. </p>
+<li> <p> Line 8: The -G option says the filter output is not a local
+mail submission: don't do silly things like appending the local
+domain name to addresses in message headers. This option does
+nothing before Postfix version 2.3. </p>
<li> <p> Line 8: The -i option says don't stop reading input when
a line contains "." only. </p>
<li> <p> Line 8: NEVER NEVER NEVER use the "-t" command-line option
-here. It will mis-deliver mail, like sending mailing list mail back
-to the mailing list. </p>
+here. It will mis-deliver mail, like sending messages from a mailing
+list back to the mailing list. </p>
<li> <p> Line 21: The idea is to first capture the message to
file and then run the content through a third-party content filter
program. </p>
-<li> <p> Line 22: If the mail cannot be captured to file, mail
+<li> <p> Line 22: If the message cannot be captured to file, mail
delivery is deferred by terminating with exit status 75 (EX_TEMPFAIL).
Postfix places the message in the deferred mail queue and tries
again later. </p>
<li> <p> Line 26: If the content filter program finds a problem,
the mail is bounced by terminating with exit status 69 (EX_UNAVAILABLE).
-Postfix will return the message to the sender as undeliverable.
+Postfix will send the message back to the sender as undeliverable
+mail.
</p>
-<li> <p> Note: in this time of mail worms and spam, it is a BAD
+<li> <p> NOTE: in this time of mail worms and spam, it is a BAD
IDEA to send known viruses or spam back to the sender, because that
-address is likely to be forged. It is safer to discard known to be
-bad content and to quarantine suspicious content so that it can
+address is likely to be forged. It is safer to discard known viruses
+and to quarantine suspicious content so that it can
be inspected by a human being. </p>
<li> <p> Line 28: If the content is OK, it is given as input to
<blockquote>
<pre>
-% /path/to/script -f sender recipient... <message-file
+% /path/to/script -f sender -- recipient... <message-file
</pre>
</blockquote>
-o content_filter=filter:dummy
</pre>
-<p> The "content_filter" line causes Postfix to add one content
+<p> The "-o content_filter" line causes Postfix to add one content
filter request record to each incoming mail message, with content
"filter:dummy". This record overrides the normal mail routing
and causes mail to be given to the content filter instead. </p>
Postfix SMTP server. </p>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<p> The example given here filters all mail, including mail that
arrives via SMTP and mail that is locally submitted via the Postfix
-sendmail command. See examples near the end of this document for
+sendmail command (local submissions enter Postfix via the pickup(8)
+server; to keep the figure simple we omit local submission details).
+See examples near the end of this document for
how to exclude local users from filtering, or how to configure a
destination dependent content filter. </p>
<li> <p> The "-o disable_mime_output_conversion=yes" is a workaround
that prevents the breaking of domainkeys and other digital signatures.
This is needed because some SMTP-based content filters don't announce
-8BITMIME support, even though they can handle it just fine. </p>
+8BITMIME support, even though they can handle 8-bit mail. </p>
<li> <p> The "-o smtp_generic_maps=" is a workaround that prevents
local address rewriting with generic(5) maps. Such rewriting should
dangerous mail content - that is why it should be a separate account.
</p>
+<li> <p> By default, Postfix will terminate a command that runs
+longer than command_time_limit seconds (default: 1000s). This is a
+safety measure that prevents filters from running forever. </p>
+
</ul>
<p> If you want to have your filter listening on port localhost:10025
<ul>
-<li> <p> Note: do not use spaces around the "=" or "," characters. </p>
+<li> <p> NOTE: do not use spaces around the "=" or "," characters. </p>
-<li> <p> Note: the SMTP server must not have a smaller process
+<li> <p> NOTE: the SMTP server must not have a smaller process
limit than the "filter" master.cf entry. </p>
<li> <p> The "-o content_filter=" overrides main.cf settings, and
requests no content filtering for mail from the content filter.
-This is required or else mail will stay in the content filtering
-loop. </p>
+This is required or else mail will loop. </p>
<li> <p> The "-o receive_override_options" overrides main.cf settings
to avoid duplicating work that was already done before the content
<li> <p> We specify "no_milters" to disable Milter applications
(this option is available only in Postfix 2.3 and later). </p>
- <li> <p> We don't specify "no_address_mapping" here. This
+ <li> <p> We don't specify "no_address_mappings" here. This
enables virtual alias expansion, canonical mappings, address
masquerading, and other address mappings after the content
filter. The main.cf setting of "receive_override_options"
</blockquote>
<li> <p> Execute "<b>postsuper -r ALL</b>" to remove content
-filter information from existing queue files. </p>
+filter request records from existing queue files. </p>
<li> <p> Execute another "<b>postfix reload</b>". </p>
<h2> <a name="1">1 - Purpose of this document</a> </h2>
-<p> This is a bootstrap document that helps you get Postfix up and
-running from scratch with the minimal number of steps. If you are
-using a pre-compiled version of Postfix, you should be reading the
-general Postfix documentation which aims to describe the system in
-more detail. This bootstrap document should not be considered part
-of the general Postfix documentation. </p>
+<p> If you are using a pre-compiled version of Postfix, you should
+start with BASIC_CONFIGURATION_README and the general documentation
+referenced by it. INSTALL is only a bootstrap document to get
+Postfix up and running from scratch with the minimal number of
+steps; it should not be considered part of the general documentation.
+</p>
<p> This document describes how to build, install and configure a
Postfix system so that it can do one of the following: </p>
</blockquote>
<p> Of particular interest is the postconf(5) manual page that
-lists all the 400+ configuration parameters. The HTML version of
+lists all the 500+ configuration parameters. The HTML version of
this text makes it easy to navigate around. </p>
<p> All Postfix source files have their own built-in manual page.
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
Rhapsody 5.x <br>
-SunOS 4.1.4 (July 2006) <br>
-SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
+SunOS 4.1.4 (March 2007) <br>
+SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
</p>
</blockquote>
<p> On Solaris, the "make" command and other utilities for software
development are in /usr/ccs/bin, so you MUST have /usr/ccs/bin in
-your command search path. </p>
+your command search path. If these files do not exist, install the
+development packages first. See the Solaris FAQ item "<a
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q6.2">Which
+packages do I need to install to support a C compiler?</a>". </p>
<p> If you need to build Postfix for multiple architectures, use the
"lndir" command to build a shadow tree with symbolic links to the
<h3>4.5 - Support for thousands of processes</h3>
-<p> In order to build Postfix for very large applications, where you
-expect to run more than 1000 mail delivery processes, you may need to
-override the definition of the FD_SETSIZE macro to make select()
-work correctly: </p>
+<p> The number of connections that Postfix can manage simultaneously
+is limited by the number of processes that it can run. This number
+in turn is limited by the number of files and sockets that a single
+process can open. For example, the Postfix queue manager has a
+separate connection to each delivery process, and the anvil(8)
+server has one connection per smtpd(8) process. </p>
+
+<p> Postfix version 2.4 and later have no built-in limits on the
+number of open files or sockets, when compiled on systems that
+support one of the following: </p>
+
+<ul>
+
+<li> BSD kqueue(2) (FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9),
+
+<li> Solaris 8 /dev/poll,
+
+<li> Linux 2.6 epoll(4).
+
+</ul>
+
+
+<p> With other Postfix versions or operating systems, the number
+of file descriptors per process is limited by the value of the
+FD_SETSIZE macro. If you expect to run more than 1000 mail delivery
+processes, you may need to override the definition of the FD_SETSIZE
+macro to make select() work correctly: </p>
<blockquote>
<pre>
overriding the __FD_SETSIZE macro. Beware, undocumented interfaces
can change at any time and without warning. </p>
+<p> But wait, there is more: none of this will work unless the
+operating system is configured to handle thousands of connections.
+See the TUNING_README guide for examples of how to increase the
+number of open sockets or files. </p>
+
<h3>4.6 - Compiling Postfix, at last</h3>
<p> If the command </p>
<p> This text describes how to install Postfix from source code.
See the PACKAGE_README file if you are building a package for
-distribution to other systems. See auxiliary/MacOSX/README-INSTALL.OSX
-for information about installing Postfix from source on Mac OS X.
-</p>
+distribution to other systems. </p>
<h3>6.1 - Save existing Sendmail binaries</h3>
<p> <a name="save">IMPORTANT</a>: if you are REPLACING an existing
Sendmail installation with Postfix, you may need to keep the old
sendmail program running for some time in order to flush the mail
-queue. As superuser, execute the following commands (your sendmail,
-newaliases and mailq programs may be in a different place): </p>
+queue. </p>
+
+<ul>
+
+<li> <p> Some systems implement a mail switch mechanism where
+different MTAs (Postfix, Sendmail, etc.) can be installed at the
+same time, while only one of them is actually being used. Examples
+of such switching mechanisms are the FreeBSD mailwrapper(8) or the
+Linux mail switch. In this case you should try to "flip" the switch
+to "Postfix" before installing Postfix. </p>
+
+<li> <p> If your system has no mail switch mechanism, execute the
+following commands (your sendmail, newaliases and mailq programs
+may be in a different place): </p>
-<blockquote>
<pre>
# mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
# mv /usr/bin/newaliases /usr/bin/newaliases.OFF
# chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF \
/usr/bin/mailq.OFF
</pre>
-</blockquote>
+
+</ul>
<h3>6.2 - Create account and groups</h3>
<ul>
+<li> <p> The interactive version ("make install") asks for pathnames
+for Postfix data and program files, and stores your preferences in
+the main.cf file. <b> If you don't want Postfix to overwrite
+non-Postfix "sendmail", "mailq" and "newaliases" files, specify
+pathnames that end in ".postfix"</b>. </p>
+
<li> <p> The non-interactive version ("make upgrade") needs the
/etc/postfix/main.cf file from a previous installation. If the file
does not exist, use interactive installation ("make install")
instead. </p>
-<li> <p> The interactive version offers suggestions for pathnames
-that you can override interactively, and stores your preferences
-in /etc/postfix/main.cf for convenient future upgrades. </p>
-
</ul>
<h3>6.4 - Configure Postfix</h3>
Postfix on a virtual interface address. Simply configure your mail
user agent to directly invoke the Postfix sendmail program. </p>
+<p> To create a virtual network interface address, study your
+system ifconfig manual page. The command syntax could be any
+of: </p>
+
+<blockquote>
+<pre>
+# <b>ifconfig le0:1 <address> netmask <mask> up</b>
+# <b>ifconfig en0 alias <address> netmask 255.255.255.255</b>
+</pre>
+</blockquote>
+
<p> In the /etc/postfix/main.cf file, I would specify </p>
<blockquote>
<h2><a name="example_group">Example: expanding LDAP groups</a></h2>
-<p> LDAP is frequently used to store group member information, and Postfix
-supports expanding a group's email address to the list of email addresses
-of the group members. There are a number of ways of handling LDAP groups,
-which will be illustrated via the mock LDAP entries and implied schema
-below. This shows two group entries "agroup" and "bgroup" and four
-user entries "auser", "buser", "cuser" and "duser". The group "agroup"
-has the users "auser" (1) and "buser" (2) as members via DN references
-in the multi-valued attribute "memberdn", and direct email addresses of
-two external users "auser@example.org" (3) and "buser@example.org" (4)
-stored in the multi-valued attribute "memberaddr". The same is true of
-"bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but "bgroup" also has a
-"maildrop" attribute of "bgroup@mlm.example.com" (5): </p>
+<p>
+LDAP is frequently used to store group member information. There are a
+number of ways of handling LDAP groups. We will show a few examples in
+order of increasing complexity, but owing to the number of independent
+variables, we can only present a tiny portion of the solution space.
+We show how to:
+</p>
+
+<ol>
+
+<li> <p> query groups as lists of addresses; </p>
+
+<li> <p> query groups as lists of user objects containing addresses; </p>
+
+<li> <p> forward special lists unexpanded to a separate list server,
+for moderation or other processing; </p>
+
+<li> <p> handle complex schemas by controlling expansion and by treating
+leaf nodes specially, using features that are new in Postfix 2.4. </p>
+
+</ol>
+
+<p>
+The example LDAP entries and implied schema below show two group entries
+("agroup" and "bgroup") and four user entries ("auser", "buser", "cuser"
+and "duser"). The group "agroup" has the users "auser" (1) and "buser" (2)
+as members via DN references in the multi-valued attribute "memberdn", and
+direct email addresses of two external users "auser@example.org" (3) and
+"buser@example.org" (4) stored in the multi-valued attribute "memberaddr".
+The same is true of "bgroup" and "cuser"/"duser" (6)/(7)/(8)/(9), but
+"bgroup" also has a "maildrop" attribute of "bgroup@mlm.example.com"
+(5): </p>
<blockquote>
<pre>
Always check tables using postmap(1) with the "-q" option, before
deploying them into production use in main.cf. </p>
-<p> Our second use case also expands "memberdn" attributes (1), (2),
+<p> Our second use case instead expands "memberdn" attributes (1), (2),
(6) and (7), follows the DN references and returns the "maildrop" of the
referenced user entries. Here we use the "special_result_attribute"
setting from ldap_table(5) to designate the "memberdn" attribute
the group and the member DNs. In this case we choose "maildrop" and
assume for the moment that groups never have a "maildrop" (the "bgroup"
"maildrop" attribute is for a different use case). The returned data for
-"auser" and "buser" is from items (11) and (13) in the mock data. </p>
+"auser" and "buser" is from items (11) and (13) in the example data. </p>
<blockquote>
<pre>
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q agroup@example.com ldap:special.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
</pre>
</blockquote>
<p> Note: if the desired member object result attribute is always also
-present in the group, you get suprising results, the expansion also
+present in the group, you get surprising results: the expansion also
returns the address of the group. This is a known limitation of Postfix
releases prior to 2.4, and is addressed in the new with Postfix 2.4
"leaf_result_attribute" feature described in ldap_table(5). </p>
...
search_base = dc=example, dc=com
query_filter = mail=%s
- result_attribute = memberaddr, maildrop
+ result_attribute = maildrop
special_result_attribute = memberdn
$ postmap -q auser@example.com ldap:no_expand.cf ldap:expand.cf
auser@mailhub.example.com
$ postmap -q agroup@example.com ldap:no_expand.cf ldap:expand.cf
- auser@mailhub.example.com,buser@mailhub.example.com,auser@example.org,buser@example.org
+ auser@mailhub.example.com,buser@mailhub.example.com
$ postmap -q bgroup@example.com ldap:no_expand.cf ldap:expand.cf
bgroup@mlm.example.com
</pre>
Victor Duchovni developed the common query, result_format, domain and
expansion_limit interface for LDAP, MySQL and PosgreSQL.</li>
+<li>Gunnar Wrobel provided a first implementation of a feature to
+limit LDAP search results to leaf nodes only. Victor generalized
+this into the Postfix 2.4 "leaf_result_attribute" feature. </li>
+
</ul>
And of course Wietse.
<h2>Berkeley DB issues</h2>
-<p> Warning: if you can't compile Postfix because the file "db.h"
+<p> If you can't compile Postfix because the file "db.h"
isn't found, then you MUST install the Berkeley DB development
package (name: db???-devel-???) that matches your system library.
You can find out what is installed with the rpm command. For example:
</blockquote>
<p> This means that you need to install db4-devel-4.3.29-2 (on
-some systems, specify <tt>/lib/libdb.so</tt> in the rpm query). </p>
+some systems, specify "<b>rpm -qf /lib/libdb.so</b>" instead). </p>
<p> DO NOT download some Berkeley DB version from the network.
Every Postfix program will dump core when it is built with a different
<p> On RedHat Linux 7.1 and later <b>procmail</b> no longer has
permission
-to write the mail spool directory. Workaround: chmod 1777
-/var/spool/mail.
-</p>
+to write the mail spool directory. Workaround: </p>
+
+<blockquote>
+<pre>
+# chmod 1777 /var/spool/mail
+</pre>
+</blockquote>
<h2>Syslogd performance</h2>
<p> That is, an empty value. With this setting, the Postfix SMTP
server will not reject mail with "User unknown in local recipient
-table". </p>
+table". <b> Don't do this on systems that receive mail directly
+from the Internet. With today's worms and viruses, Postfix will
+become a backscatter source: it accepts mail for non-existent
+recipients and then tries to return that mail as "undeliverable"
+to the often forged sender address</b>. </p>
<h2><a name="change">When you need to change the local_recipient_maps
setting in main.cf</a></h2>
+++ /dev/null
-See the files in auxiliary/MacOSX for hints and tips to set up
-Postfix.
recipients that don't have UNIX home directories. </p>
<p> The following example shows how to use maildrop for some.domain
-and for someother.domain. </p>
+and for someother.domain. The example comes in two parts. </p>
+
+<p> Part 1 describes changes to the main.cf file: </p>
<blockquote>
<pre>
<p> Note: Do not use the postfix user as the maildrop user. </p>
+<p> Part 2 describes changes to the master.cf file: </p>
+
<blockquote>
<pre>
/etc/postfix/master.cf:
<p> The reason for adding Milter support to Postfix is that there
exists a large collection of applications, not only to block unwanted
mail, but also to verify authenticity (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
-or to digitally sign mail (example: <a
+or to digitally sign mail (examples: <a
+href="http://sourceforge.net/projects/dkim-milter/">Domain keys
+identified mail</a>, <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> On some Linux and *BSD distributions, the Sendmail libmilter
library is installed by default. With this, applications such as
-<a href="http://sourceforge.net/projects/dk-milter/">dk-milter</a>
+<a href="http://sourceforge.net/projects/dkim-milter/">dkim-milter</a>
and <a href="http://sourceforge.net/projects/sid-milter/">sid-milter</a>
build out of the box without requiring any tinkering:</p>
<blockquote>
<pre>
-$ <b>gzcat dk-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
-$ <b>cd dk-milter-<i>x.y.z</i></b>
+$ <b>gzcat dkim-milter-<i>x.y.z</i>.tar.gz | tar xf -</b>
+$ <b>cd dkim-milter-<i>x.y.z</i></b>
$ <b>make</b>
[...<i>lots of output omitted</i>...]
</pre>
<blockquote>
<pre>
-# <b>/some/where/dk-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
+# <b>/some/where/dkim-filter -u <i>userid</i> -p inet:<i>portnumber</i>@localhost ...<i>other options</i>...</b>
</pre>
</blockquote>
</pre>
</blockquote>
-<p> This happens because some Milter applications expect that the
+<p> This happens because those Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
-TO (recipient) command. Postfix queue file names must be unique
+TO (recipient) command (Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
-file is created. If multiple messages were to use the same queue
-ID <i>simultaneously</i>, mail would be lost. </p>
+file is created; if multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost). </p>
-<p> To work around the ugly message header from Milter applications,
-we add a little code to the Milter source to look up the queue ID
-after Postfix receives the end of the message. </p>
+</ul>
+
+<p> If you experience the ugly header problem, see if a recent
+version of the Milter application fixes it. For example, current
+versions of dkim-filter and dk-filter already have code that looks
+up the Postfix queue ID at a later protocol stage. </p>
+
+<p> To fix the ugly message header with sid-filter applications,
+we change the source code, so that it does the queue ID lookup after
+Postfix receives the end of the message. </p>
<ul>
-<li> <p> Edit the filter source file (typically named
-<tt>dk-filter/dk-filter.c</tt> or similar). </p>
+<li> <p> Edit the filter source file (named
+<tt>sid-filter/sid-filter.c</tt>). </p>
+
+<li> <p> Look up the <tt>smfilter</tt> table and replace
+<tt>mlfi_eoh</tt> by <tt>NULL</tt>.
+</p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top shown as <b>bold</b> text below: </p>
+the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
+text below: </p>
</ul>
<blockquote>
<pre>
-dfc = cc->cctx_msg;
-assert(dfc != NULL);
+ assert(ctx != NULL);
+#endif /* !DEBUG */
<b>
-/* Determine the job ID for logging. */
-if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
- char *jobid = smfi_getsymval(ctx, "i");
- if (jobid != 0)
- dfc->mctx_jobid = jobid;
-}</b>
-
-/* get hostname; used in the X header and in new MIME boundaries */
+ ret = mlfi_eoh(ctx);
+ if (ret != SMFIS_CONTINUE)
+ return ret;</b>
</pre>
</blockquote>
<ul>
-<li> <p> Different mail filters use slightly different names for
-variables. If the above code does not compile, look for the code
-at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+<li> <p> This was tested with sid-milter-0.2.10 and sid-milter-0.2.14. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
-message. Fortunately, dk-filter logs that message only once. </p>
+message. Fortunately, sid-milter logs that message only once. </p>
</ul>
-<p> With some Milter applications we can fix both the WARNING and
-the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
-(or whatever routine logs the WARNING) until the end of the message.
-</p>
+<p> To fix the ugly message header with other Milter applications,
+you will need to do something like this: </p>
<ul>
<li> <p> Edit the filter source file (typically named
-<tt>sid-filter/sid-filter.c</tt> or similar). </p>
-
-<li> <p> Look up the <tt>smfilter</tt> table and replace
-<tt>mlfi_eoh</tt> (or whatever routine logs the WARNING) by NULL.
-</p>
+<tt>xxx-filter/xxx-filter.c</tt> or similar). </p>
<li> <p> Look up the <tt>mlfi_eom()</tt> function and add code near
-the top that calls <tt>mlfi_eoh()</tt> as shown by the <b>bold</b>
-text below: </p>
+the top shown as <b>bold</b> text below: </p>
</ul>
<blockquote>
<pre>
- assert(ctx != NULL);
-#endif /* !DEBUG */
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
- ret = mlfi_eoh(ctx);
- if (ret != SMFIS_CONTINUE)
- return ret;</b>
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
+ char *jobid = smfi_getsymval(ctx, "i");
+ if (jobid != 0)
+ dfc->mctx_jobid = jobid;
+}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This works with sid-milter-0.2.10. Other Milter applications
-will dump core when you do this. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, many Milters log that message only once. </p>
</ul>
</pre>
</blockquote>
-<p> The solution is to use a Postfix version that supports the
-missing functionality. </p>
+<p> The solution is to use Postfix version 2.4 or later. </p>
<li> <p> Most Milter configuration options are global. Future Postfix
versions may support per-Milter timeouts, per-Milter error handling,
../html/CDB_README.html \
../html/CONNECTION_CACHE_README.html \
../html/CONTENT_INSPECTION_README.html \
- ../html/CYRUS_README.html \
../html/DATABASE_README.html ../html/DB_README.html \
../html/DEBUG_README.html \
../html/DSN_README.html \
../html/MYSQL_README.html ../html/NFS_README.html \
../html/OVERVIEW.html \
../html/PACKAGE_README.html ../html/PCRE_README.html \
- ../html/PGSQL_README.html ../html/QMQP_README.html \
+ ../html/PGSQL_README.html \
../html/QSHAPE_README.html \
../html/RESTRICTION_CLASS_README.html ../html/SASL_README.html \
../html/SCHEDULER_README.html ../html/SMTPD_ACCESS_README.html \
../html/STANDARD_CONFIGURATION_README.html \
../html/TLS_README.html ../html/TLS_LEGACY_README.html \
../html/TUNING_README.html \
- ../html/UUCP_README.html ../html/ULTRIX_README.html \
+ ../html/UUCP_README.html \
../html/VERP_README.html ../html/VIRTUAL_README.html \
../html/XCLIENT_README.html ../html/XFORWARD_README.html \
../html/postconf.5.html
../README_FILES/CDB_README \
../README_FILES/CONNECTION_CACHE_README \
../README_FILES/CONTENT_INSPECTION_README \
- ../README_FILES/CYRUS_README \
../README_FILES/DATABASE_README ../README_FILES/DB_README \
../README_FILES/DEBUG_README \
../README_FILES/DSN_README \
../README_FILES/MYSQL_README ../README_FILES/NFS_README \
../README_FILES/OVERVIEW \
../README_FILES/PACKAGE_README ../README_FILES/PCRE_README \
- ../README_FILES/PGSQL_README ../README_FILES/QMQP_README \
+ ../README_FILES/PGSQL_README \
../README_FILES/QSHAPE_README \
../README_FILES/RESTRICTION_CLASS_README \
../README_FILES/SASL_README ../README_FILES/SCHEDULER_README \
../README_FILES/STANDARD_CONFIGURATION_README \
../README_FILES/TLS_README ../README_FILES/TLS_LEGACY_README \
../README_FILES/TUNING_README \
- ../README_FILES/UUCP_README ../README_FILES/ULTRIX_README \
+ ../README_FILES/UUCP_README \
../README_FILES/VERP_README ../README_FILES/VIRTUAL_README \
../README_FILES/XCLIENT_README ../README_FILES/XFORWARD_README \
../README_FILES/AAAREADME
<p> When delivering mail to a destination with multiple mail servers,
connection caching can help to skip over a non-responding server,
-and thus dramatically speed up delivery. </p>
+and thus dramatically speed up delivery. SMTP connection caching
+is available in Postfix version 2.2 and later. More information
+about this feature is in the CONNECTION_CACHE_README document. </p>
<table>
-<tr> <td align="center" bgcolor="#f0f0ff"> <br> smtp(8) <br>
- </td> <td> <tt> <-> </tt> </td> <td align="center"
-bgcolor="#f0f0ff"> <br> scache(8) <br> </td> <td> <tt>
-<-> </tt> </td> <td align="center" bgcolor="#f0f0ff"> <br>
-smtp(8) <br> </td>
+<tr> <td> </td> <td> <tt> /-- </tt> </td> <td align="center"
+colspan="3" bgcolor="#f0f0ff"> smtp(8) </td> <td colspan="2"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td align="center" bgcolor="#f0f0ff"> qmgr(8) </td> <td> </td>
+<td align="center" rowspan="3"> </td> <td align="center"
+rowspan="3"><tt>|<br>|<br>|<br>|<br>v</tt></td> <td> </td>
+</tr>
+
+<tr> <td> </td> <td> <tt> \-- </tt> </td> <td align="center"
+colspan="2" bgcolor="#f0f0ff"> smtp(8) </td> <td align="left"> <tt>
+--> </tt> Internet </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center"><tt>^<br>|</tt></td>
+<td> </td> </tr>
+
+<tr> <td colspan="3"> </td> <td align="center" colspan="3"
+bgcolor="#f0f0ff"> scache(8) </td> </tr>
</table>
file</h2>
<p> The installed main.cf file must be small. PLEASE resist the
-temptation to list all 400+ parameters in the main.cf file. Postfix
-is supposed to be easy to configure. Listing all 400+ in main.cf
+temptation to list all parameters in the main.cf file. Postfix
+is supposed to be easy to configure. Listing all parameters in main.cf
defeats the purpose. It is an invitation for hobbyists to make
random changes without understanding what they do, and gets them
into endless trouble. </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix qmail and ezmlm support</title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix qmail and ezmlm support</h1>
-
-<hr>
-
-<p> This document will be made available via http://www.postfix.org/. </p>
-
-</body>
-
-</html>
<p> Policy delegation is now the preferred method for adding policies
to Postfix. It's much easier to develop a new feature in few lines
-of Perl, than trying to do the same in C code. The difference in
+of Perl, Python, Ruby, or TCL, than trying to do the same in C code.
+The difference in
performance will be unnoticeable except in the most demanding
environments. On active systems a policy daemon process is used
multiple times, for up to $max_use incoming SMTP connections. </p>
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
- two-digit hecadecimal representation of the character value.
+ two-digit hexadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
<li> <p> Re-inject the mail back into Postfix via SMTP, perhaps
after changing its content and/or destination. </p>
+ <li> <p> Discard or quarantine the mail. </p>
+
<li> <p> Reject the mail by sending a suitable SMTP status code
back to Postfix. Postfix passes the status back to the remote
SMTP client. This way, Postfix does not have to send a bounce
This limit is not necessary if you receive all mail from a
trusted relay host. </p>
- <p> Note: this setting is ignored by the stable Postfix 2.1
- release. The feature will be available only in the experimental
- release until Postfix 2.2. </p>
+ <p> Note: this setting is available in Postfix version 2.2 and
+ later. Earlier Postfix versions will ignore it. </p>
<li> <p> The "-o smtpd_proxy_filter=127.0.0.1:10025" tells the
before filter SMTP server that it should give incoming mail to
for TLS. </p>
<p> You can disable TLS for a subset of destinations, while leaving
-it enabled for the rest. With the Postfix 2.3
+ TLS <a
+it enabled for the rest. With the Postfix 2.3
and later TLS <a
href="#client_tls_policy">policy table</a>, specify the "none"
security level. With the obsolete <a href="#client_tls_obs">per-site</a>
table, specify the "NONE" keyword. </p>
be ignored with a warning written to the mail logs. </p>
<p> You can enable opportunistic TLS just for selected destinations. With
-the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy table</a>,
+the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy table</a>,
specify the "may" security level. With the obsolete <a
href="#client_tls_obs">per-site</a> table, specify the "MAY" keyword.</p>
TLS encryption as the default security level. </p>
<p> You can enable mandatory TLS encryption just for specific destinations.
-With the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy
+With the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy
table</a>, specify the "encrypt" security level. With the
obsolete <a href="#client_tls_obs">per-site</a> table, specify the
"MUST_NOPEERMATCH" keyword. While the obsolete approach still works
-with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3+
+with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3 and later
should use the new TLS policy settings. </p>
<p> Examples: </p>
</blockquote>
<p> Postfix 2.2 syntax (no support for sub-domains without resorting to
-regexp tables). With Postfix 2.3
+, do not use the obsolete <a
+regexp tables). With Postfix 2.3
and later, do not use the obsolete <a
href="#client_tls_obs">per-site</a> table. </p>
<blockquote>
use the destination (for example, "[example.net]:587"), as the <a
href="#client_tls_obs">per-site</a> table lookup key (a recipient domain
or MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
do not use the obsolete <a href="#client_tls_obs">per-site</a> table;
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
</p>
<p> You can enable mandatory server certificate verification just
-for specific destinations. With the Postfix 2.3
+ TLS <a
+for specific destinations. With the Postfix 2.3
and later TLS <a
href="#client_tls_policy">policy table</a>, specify the "verify"
security level. With the obsolete <a href="#client_tls_obs">per-site</a>
table, specify the "MUST" keyword. While the obsolete approach
still works with Postfix 2.3, it is strongly discouraged: users of
-Postfix 2.3+ should use the new TLS policy settings. </p>
+Postfix 2.3 and later should use the new TLS policy settings. </p>
<p> Example: </p>
STARTTLS support. </p>
<p> You can enable secure TLS verification just for specific destinations.
-With the Postfix 2.3
+ TLS <a href="#client_tls_policy">policy table</a>,
+With the Postfix 2.3
and later TLS <a href="#client_tls_policy">policy table</a>,
specify the "secure" security level. With the obsolete
<a href="#client_tls_obs">per-site</a> table, specify the "MUST"
keyword and <a href="#client_tls_harden">harden</a> the certificate
verification against DNS forgery. While the obsolete approach still
-works with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3+
+works with Postfix 2.3, it is strongly discouraged: users of Postfix 2.3
+and later
should use the new TLS policy settings. </p>
<p> Examples: </p>
</pre>
</blockquote>
-<p> Postfix 2.2.9+ syntax: </p>
+<p> Postfix 2.2.9 and later syntax: </p>
<p> <b>Note:</b> Avoid policy lookups with the bare hostname (for
example, "tls.example.com"). Instead, use the destination (for
example, "[tls.example.com]") as the <a
href="#client_tls_obs">per-site</a> table lookup key (a recipient domain
or MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
do not use the obsolete <a href="#client_tls_obs">per-site</a> table;
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
full destination nexthop (enclosed in [] with a possible ":port"
suffix) as the per-site table lookup key (a recipient domain or
MX-enabled transport nexthop with no port suffix may look like a bare
-hostname, but is still a suitable <i>destination</i>). With Postfix 2.3+,
+hostname, but is still a suitable <i>destination</i>). With Postfix 2.3
+and later,
use of the obsolete approach documented here is strongly discouraged:
use the new <a href="#client_tls_policy">policy table</a> instead. </p>
<p> For a general discussion of TLS security for SMTP see <a
href="#client_tls_limits">TLS limitations</a> above. What follows applies
only to Postfix 2.2.9 and subsequent Postfix 2.2 patch levels. Do
-not use this approach with Postfix 2.3+; instead see the instructions under <a
+not use this approach with Postfix 2.3
+and later; instead see the instructions under <a
href="#client_tls_secure">secure</a> server certificate verification. </p>
<p> As long as no secure DNS lookup mechanism is available, false
<h2><a name="conn_limit">Measures against clients that make too many connections</a></h2>
-<p> Note: the anvil(8) service was introduced with Postfix version
-2.2. </p>
+<p> Note: these features use the Postfix anvil(8) service, introduced
+with Postfix version 2.2. </p>
<p> The Postfix smtpd(8) server can limit the number of simultaneous
-connections from the same SMTP client, as well as the number of
-connections that a client is allowed to make per unit time.
+connections from the same SMTP client, as well as the connection
+rate and the rate of certain SMTP commands from the same client.
These statistics are maintained by the anvil(8) server (translation:
if anvil(8) breaks, then connection limits stop working). </p>
-<p> IMPORTANT: These limits are designed to protect the smtpd(8) server
-against flagrant abuse. Do not use these limits to regulate legitimate
-traffic: mail will suffer grotesque delays if you do so. </p>
+<p> IMPORTANT: These limits must not be used to regulate legitimate
+traffic: mail will suffer grotesque delays if you do so. The limits
+are designed to protect the smtpd(8) server against abuse by
+out-of-control clients. </p>
-<ul>
+<blockquote>
-<li> <p> An SMTP client may make up to $smtpd_client_connection_count_limit
-simultaneous connections (default: 50). This is half the default
-process limit. </p>
+<dl>
-<li> <p> An SMTP client may make up to $smtpd_client_message_rate_limit
-message delivery requests per unit time (default: no limit). </p>
+<dt> smtpd_client_connection_count_limit (default: 50) </dt> <dd>
+The maximum number of connections than an SMTP client may make
+simultaneously. </dd>
-<li> <p> An SMTP client may send up to $smtpd_client_recipient_rate_limit
-recipient addresses per unit time (default: no limit). </p>
+<dt> smtpd_client_connection_rate_limit (default: no limit) </dt>
+<dd> The maximum number of connections that an SMTP client may make
+in the time interval specified with anvil_rate_time_unit (default:
+60s). </dd>
-<li> <p> An SMTP client may make up to $smtpd_client_connection_rate_limit
-connections per unit time (default: no limit). </p>
+<dt> smtpd_client_message_rate_limit (default: no limit) </dt> <dd>
+The maximum number of message delivery requests that an SMTP client
+may make in the time interval specified with anvil_rate_time_unit
+(default: 60s). </dd>
-<li> <p> These limits are not applied to SMTP clients in the networks
-specified with $smtpd_client_event_limit_exceptions (default:
-clients in $mynetworks may make an unlimited number of connections).
+<dt> smtpd_client_recipient_rate_limit (default: no limit) </dt>
+<dd> The maximum number of recipient addresses that an SMTP client
+may specify in the time interval specified with anvil_rate_time_unit
+(default: 60s). </dd>
-<li> <p> The anvil_rate_time_unit parameter specifies the time
-unit over which client connection rates are computed (default:
-60s).
+<dt> smtpd_client_new_tls_session_rate_limit (default: no limit)
+</dt> <dd> The maximum number of new TLS sessions (without using
+the TLS session cache) that an SMTP client may negotiate in the
+time interval specified with anvil_rate_time_unit (default: 60s).
+</dd>
-</ul>
+<dt> smtpd_client_event_limit_exceptions (default: $mynetworks)
+</dt> <dd> SMTP clients that are excluded from connection and rate
+limits specified above. </dd>
+
+</dl>
+
+</blockquote>
<h2><a name="mailing_tips">General mail delivery performance tips</a></h2>
to the same recipient: if the recipient has an expensive shell
command in her .forward file, or if the recipient is a mailing list
manager, you don't want to run too many instances of those processes
-the same time. </p>
+at the same time. </p>
<li> <p> The default smtp_destination_concurrency_limit of 20 seems
enough to noticeably load a system without bringing it to its knees.
<dl>
-<dt> queue_run_delay (default: 1000 seconds) </dt> <dd> How often
+<dt> queue_run_delay (default: 300 seconds; before Postfix 2.4:
+1000s) </dt> <dd> How often
the queue manager scans the queue for deferred mail. </dd>
-<dt> minimal_backoff_time (default: 1000 seconds) </dt> <dd> The
+<dt> minimal_backoff_time (default: 300 seconds; before Postfix
+2.4: 1000s) </dt> <dd> The
minimal amount of time a message won't be looked at, and the minimal
amount of time to stay away from a "dead" destination. </dd>
always better than increasing the frequency of delivery attempts.
However, if you can control only the delivery attempt frequency,
consider using a dedicated fallback_relay "graveyard" machine for
-bad destinations so that they do not ruin the performance of normal
+bad destinations, so that these destinations do not ruin the
+performance of normal
mail deliveries. </p>
<h2><a name="proc_limit">Tuning the number of Postfix processes</a></h2>
<ul>
+<li> <p> Depending on your Postfix and operating system versions
+you may need to recompile Postfix if you need more than 1024 file
+descriptors per process: </p>
+
+<ul> <li> <p> No recompilation is needed for Postfix version 2.4
+and later, when it was compiled for systems that support BSD kqueue(2)
+(FreeBSD 4.1, NetBSD 2.0, OpenBSD 2.9), Solaris 8 /dev/poll, or
+Linux 2.6 epoll(4). </p>
+
+<li> <p> Otherwise, Postfix needs to be recompiled to override the
+default FD_SETSIZE value. </p>
+
+</ul>
+
<li> <p> Reduce the number of processes as described under "<a
href="#proc_limit">Tuning the number of Postfix processes</a>" above.
Fewer processes need fewer open files and sockets. </p>
<ul>
<li> <p> Some FreeBSD kernel parameters can be specified in
-/boot/loader.conf, and some can be changed with sysctl commands.
+/boot/loader.conf, and some can be specified in /etc/sysctl.conf
+or changed with sysctl commands.
Which is which depends on the version.
</p>
</pre>
<li> <p> Linux kernel parameters can be specified in /etc/sysctl.conf
-and can also be changed with sysctl commands: </p>
+or changed with sysctl commands: </p>
<pre>
fs.file-max=16384
<li> <p> Solaris kernel parameters can be specified in /etc/system,
as described in the <a
-href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.46">Solaris
+href="http://www.science.uva.nl/pub/solaris/solaris2.html#q3.48">Solaris
FAQ</a> entry titled "How can I increase the number of file
descriptors per process?" </p>
+++ /dev/null
-<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-
-<html>
-
-<head>
-
-<title>Postfix and Ultrix </title>
-
-<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
-
-</head>
-
-<body>
-
-<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix and Ultrix </h1>
-
-<hr>
-
-<h2> Postfix on Ultrix </h2>
-
-<p> This document is probably only of historical value, because
-Ultrix version 4 dates from the early 1990s. However, as long as
-Wietse keeps Postfix alive for SunOS 4, it is likely to run on
-Ultrix 4 with very little change. Feedback is welcome if anyone
-actually still uses Postfix on any version of Ultrix. </p>
-
-<p> The source of this document is an email message by Christian von Roques
-that was sent on Jun 2, 1999. </p>
-
-<blockquote>
-
-<p> I've upgraded the MTA of our DECstation-3100 running Ultrix4.3a to
-postfix-19990317-pl05 and am sending you the patches I needed to get
-it running under Ultrix. </p>
-
-<p> . . . </p>
-
-<p> One of the bugs of Ultrix's /bin/sh is that shell-variables
-set in arguments of `:' expand to garbage if expanded in here-documents.
-Using a different shell helps. I needed to replace all calls of
-``sh .../makedefs'' by ``$(SHELL) .../makedefs'' in all the
-Makefile.in and am now able to use ``make SHELL=/bin/sh5'' or zsh.
-
-<p> . . . </p>
-
-<p> Ultrix's FD_SET_SIZE is 4096, but getdtablesize()
-returns 64 by default, if not increased when building a new
-kernel. getrlimit() doesn't know RLIMIT_NOFILE. This makes
-event_init() always log the warning: `could allocate space for
-only 64 open files'. </p>
-
-<p> I just reduced the threshold from 256 to 64, but this is not good.
-The initial problem still remains: How to disable this warning on
-Ultrix without making the source ugly? </p>
-
-</blockquote>
-
-<p> To work around the first problem, all the Makefile.in files
-have been updated to use `$(SHELL)' instead of `sh'. So you only
-need to supply a non-default shell in order to eliminate Ultrix
-shell trouble. </p>
-
-<p> To work around the latter, util/sys_defs.h was updated for
-Ultrix, with a default FD_SETSIZE of 100. This should be sufficient
-for a workstation. Even in 1999, no-one would run a major mail hub
-on Ultrix 4. </p>
-
-</body>
-
-</html>
#
# \fBpostmap -q - /etc/postfix/access <\fIinputfile\fR
# DESCRIPTION
-# The Postfix SMTP server supports access control on remote
-# SMTP client information: host names, network addresses, and
-# envelope sender
-# or recipient addresses. See \fBheader_checks\fR(5) or
+# This document describes access control on remote SMTP client
+# information: host names, network addresses, and envelope
+# sender or recipient addresses; it is implemented by the
+# Postfix SMTP server. See \fBheader_checks\fR(5) or
# \fBbody_checks\fR(5) for access control on the content of
# email messages.
#
# match is found in the access table, or until further
# truncation is not possible.
#
-# NOTE 1: The information in the access map should be in
-# canonical form, with unnecessary null characters eliminated.
-# Address information must not be enclosed with "[]" characters.
+# NOTE 1: The access map lookup key must be in canonical form:
+# do not specify unnecessary null characters, and do not
+# enclose network address information with "[]" characters.
#
# NOTE 2: use the \fBcidr\fR lookup table type to specify
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
# string representation of the IPv6 host address. Thus, not
# all the ":" subnetworks will be tried.
#
-# NOTE 2: The information in the access map should be in
-# canonical form, with unnecessary null characters eliminated.
-# Address information must not be enclosed with "[]" characters.
+# NOTE 2: The access map lookup key must be in canonical form:
+# do not specify unnecessary null characters, and do not
+# enclose network address information with "[]" characters.
#
# NOTE 3: use the \fBcidr\fR lookup table type to specify
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
# More information
# about external content filters is in the Postfix FILTER_README file.
# .sp
-# Note: this action overrides the \fBmain.cf content_filter\fR setting,
+# Note: this action overrides the \fBcontent_filter\fR setting,
# and currently affects all recipients of the message.
# .sp
# This feature is available in Postfix 2.0 and later.
# will be matched regardless of redundant zero characters.
#
# Note: address information may be enclosed inside "[]" but
-# this form is not recommended.
+# this form is not required.
#
# IPv6 support is available in Postfix 2.2 and later.
# .IP "\fInetwork_address result\fR"
# NAME
# header_checks 5
# SUMMARY
-# Postfix built-in header/body inspection
+# Postfix built-in content inspection
# SYNOPSIS
# \fBheader_checks = pcre:/etc/postfix/header_checks\fR
# .br
# .br
# \fBbody_checks = pcre:/etc/postfix/body_checks\fR
# .sp
-# \fBpostmap -fq "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+# \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
# .br
-# \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
-# The Postfix \fBcleanup\fR(8) server supports access control
-# on the content of message headers and message body lines.
+# This document describes access control on the content of
+# message headers and message body lines; it is implemented
+# by the Postfix cleanup(8) server before mail is queued.
# See \fBaccess\fR(5) for access control on remote SMTP client
# information.
#
# .IP "\fBif /\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
-# and \fBendif\fR, if and only if the input string also matches
-# \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+# and \fBendif\fR, if and only if the same input string also
+# matches \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
# .sp
# Note: do not prepend whitespace to patterns inside
# \fBif\fR..\fBendif\fR.
# .IP "\fBif !/\fIpattern\fB/\fIflags\fR"
# .IP "\fBendif\fR"
# Match the input string against the patterns between \fBif\fR
-# and \fBendif\fR, if and only if the input string does \fBnot\fR
-# match \fIpattern\fR. The \fBif\fR..\fBendif\fR can nest.
+# and \fBendif\fR, if and only if the same input string does
+# \fBnot\fR match \fIpattern\fR. The \fBif\fR..\fBendif\fR
+# can nest.
# .IP "blank lines and comments"
# Empty lines and whitespace-only lines are ignored, as
# are lines whose first non-whitespace character is a `#'.
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBFILTER \fItransport:destination\fR"
-# Write a content filter request to the queue file and
+# Write a content filter request to the queue file, and
# inspect the next input line.
# After the complete message is received it will be sent through
# the specified external content filter. More information about
# external content filters is in the Postfix FILTER_README file.
# .sp
-# Note: this action overrides the \fBmain.cf content_filter\fR setting,
+# Note: this action overrides the \fBcontent_filter\fR setting,
# and affects all recipients of the message. In the case that multiple
# \fBFILTER\fR actions fire, only the last one is executed.
# .sp
# .sp
# This feature is available in Postfix 2.0 and later.
# .IP \fBIGNORE\fR
-# Delete the current line from the input and inspect
+# Delete the current line from the input, and inspect
# the next input line.
# .IP "\fBPREPEND \fItext...\fR"
-# Prepend one line with the specified text and inspect the next
+# Prepend one line with the specified text, and inspect the next
# input line.
# .sp
# Notes:
# .IP
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREDIRECT \fIuser@domain\fR"
-# Write a message redirection request to the queue file and
+# Write a message redirection request to the queue file, and
# inspect the next input line. After the message is queued,
# it will be sent to the specified address instead of the
# intended recipient(s).
# .sp
# This feature is available in Postfix 2.1 and later.
# .IP "\fBREPLACE \fItext...\fR"
-# Replace the current line with the specified text and inspect the next
+# Replace the current line with the specified text, and inspect the next
# input line.
# .sp
# This feature is available in Postfix 2.2 and later. The
# "5.7.1".
# .IP "\fBWARN \fIoptional text...\fR
# Log a warning with the \fIoptional text...\fR (or log a
-# generic message) and inspect the next input line. This
+# generic message), and inspect the next input line. This
# action is useful for debugging and for testing a pattern
# before applying more drastic actions.
# BUGS
# Many people overlook the main limitations of header and body_checks
-# rules. These rules operate on one logical message header or one body
-# line at a time, and a decision made for one line is not carried over
-# to the next line. If text in the message body is encoded
+# rules.
+# .IP \(bu
+# These rules operate on one logical message header or one body
+# line at a time. A decision made for one line is not carried over
+# to the next line.
+# .IP \(bu
+# If text in the message body is encoded
# (RFC 2045) then the rules have to specified for the encoded
-# form. Likewise, when message headers are encoded (RFC
+# form.
+# .IP \(bu
+# Likewise, when message headers are encoded (RFC
# 2047) then the rules need to be specified for the encoded
# form.
-#
+# .PP
# Message headers added by the \fBcleanup\fR(8) daemon itself
# are excluded from inspection. Examples of such message headers
# are \fBFrom:\fR, \fBTo:\fR, \fBMessage-ID:\fR, \fBDate:\fR.
# input key is \fIuser@mail.example.com\fR, then %1 is \fBcom\fR,
# %2 is \fBexample\fR and %3 is \fBmail\fR. If the input key is
# unqualified or does not have enough domain components to satisfy
-# all the specified patterns, the saerch is suppressed and returns
+# all the specified patterns, the search is suppressed and returns
# no results.
# .IP
# The above %1, ..., %9 expansions are available with Postfix 2.2
# Cambridge
# CB10 1SB, UK
#
-# Based on the NIS client code:
-#
# Adopted and adapted by:
# Wietse Venema
# IBM T.J. Watson Research
# SUMMARY
# format of Postfix PCRE tables
# SYNOPSIS
-# \fBpostmap -fq "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
+# \fBpostmap -q "\fIstring\fB" pcre:/etc/postfix/\fIfilename\fR
#
-# \fBpostmap -fq - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+# \fBpostmap -q - pcre:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
# The Postfix mail system uses optional tables for address
# rewriting or mail routing. These tables are usually in
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
#
-# To test lookup tables, use the "\fBpostmap -fq\fR" command as
+# To test lookup tables, use the "\fBpostmap -q\fR" command as
# described in the SYNOPSIS above.
+# COMPATIBILITY
+# .ad
+# .fi
+# With Postfix version 2.2 and earlier specify "\fBpostmap
+# -fq\fR" to query a table that contains case sensitive
+# patterns. Patterns are case insensitive by default.
# TABLE FORMAT
# .ad
# .fi
</p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
-but this form is not recommended here. </p>
+but this form is not required here. </p>
<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
The maximal size in bytes of a message, including envelope information.
</p>
-%PARAM minimal_backoff_time version dependent
+%PARAM minimal_backoff_time 300s
+
+<p>
+The minimal time between attempts to deliver a deferred message;
+prior to Postfix 2.4 the default value was 1000s.
+</p>
<p>
-The minimal time between attempts to deliver a deferred message.
This parameter also limits the time an unreachable destination is
kept in the short-term, in-memory, destination status cache.
</p>
-<p> With Postfix 2.4 the default value was reduced from 1000s to
-300s. </p>
-
<p> This parameter should be set greater than or equal to
$queue_run_delay. See also $maximal_backoff_time. </p>
zero means there is no minimum required amount of free space.
</p>
-%PARAM queue_run_delay version dependent
+%PARAM queue_run_delay 300s
<p>
-The time between deferred queue scans by the queue manager.
-</p>
-
-<p>
-With Postfix 2.4 the default value was reduced from 1000s to 300s.
+The time between deferred queue scans by the queue manager;
+prior to Postfix 2.4 the default value was 1000s.
</p>
<p> This parameter should be set less than or equal to
inet_interfaces documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
-but this form is not recommended here. </p>
+but this form is not required here. </p>
%PARAM smtp_bind_address6
</p>
<p>
-This feature is implemented by the anvil(8) service which is not
-part of the stable Postfix version 2.1 release.
+This feature is implemented by the anvil(8) service which is available
+in Postfix version 2.2 and later.
</p>
<p>
smtp_tls_mandatory_ciphers parameter and the optional "protocols"
keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
In the policy table, multiple protocols must be separated by colons,
-as attribute values may not contain whitespace or commas. </p>
+as attribute values may not contain whitespace or commas. </dd>
<dt><b>verify</b></dt> <dd>Mandatory TLS verification. At this security
level, DNS MX lookups are trusted to be secure enough, and the name
# SUMMARY
# format of Postfix regular expression tables
# SYNOPSIS
-# \fBpostmap -fq "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR
+# \fBpostmap -q "\fIstring\fB" regexp:/etc/postfix/\fIfilename\fR
#
-# \fBpostmap -fq - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
+# \fBpostmap -q - regexp:/etc/postfix/\fIfilename\fR <\fIinputfile\fR
# DESCRIPTION
# The Postfix mail system uses optional tables for address
# rewriting or mail routing. These tables are usually in
# To find out what types of lookup tables your Postfix system
# supports use the "\fBpostconf -m\fR" command.
#
-# To test lookup tables, use the "\fBpostmap -fq\fR" command as
-# described in the SYNOPSIS above.
+# To test lookup tables, use the "\fBpostmap -q\fR" command
+# as described in the SYNOPSIS above.
+# COMPATIBILITY
+# .ad
+# .fi
+# With Postfix version 2.2 and earlier specify "\fBpostmap
+# -fq\fR" to query a table that contains case sensitive
+# patterns. Patterns are case insensitive by default.
# TABLE FORMAT
# .ad
# .fi
xxxxx
yy
zz
+AAAREADME
+API
+DAEMONs
+DHE
+DSL
+DataBase
+EMSTP
+EST
+HTTPS
+JOBIDUNKNOWN
+Jänicke
+Koetter
+Leandro
+MSA
+MUAs
+Netinfo
+ODRhu
+Outlook's
+PQexec
+Procontrol
+REJECTs
+Requeuing
+SDBM
+SSLv
+Santi
+Sirainen
+TCL
+TEMPFAILs
+TLSv
+Tallon
+Tinycdb
+Tokarev
+Wrobel
+aNULL
+agroup
+alloc
+antiantivirus
+apps
+arandom
+arounds
+auser
+beb
+bgroup
+buser
+callouts
+cctx
+cli
+cname
+corpit
+cuser
+ddd
+dfc
+dkim
+dmS
+domainkeys
+duser
+epoll
+esmtp
+exim
+gssapi
+heraccount
+herisp
+hisaccount
+hisisp
+ietf
+imc
+interoperate
+keysize
+koetter
+kqueue
+ldapgroup
+libcdb
+libdb
+lpr
+mailwrapper
+mctx
+memberaddr
+memberdn
+mjt
+mlm
+msa
+myisp
+myname
+netinfo
+nisplus
+noatime
+nopeer
+obs
+openspf
+orig
+passdb
+patrick
+preloading
+rpm
+saslfinger
+securetls
+spamware
+systemtype
+tinycdb
+unencoded
+uniquename
+william
+xxxxxxx
+yulszqocfzsficvzzju
+yyyyyy
+zzzzzz
/*
/* In this preliminary implementation, a count (or rate) limited server
/* can have only one remote client at a time. If a server reports
-/* multiple simultaneous clients, all but the last reported client
-/* are ignored.
+/* multiple simultaneous clients, state is kept only for the last
+/* reported client.
/*
/* The \fBanvil\fR(8) server automatically discards client
/* request information after it expires. To prevent the
/* Append a recipient (non-)delivery status record to a per-message
/* log file.
/* .IP \(bu
-/* Enqueue a bounce message, with a copy of a per-message log file
-/* and of the corresponding message. When the bounce message is
+/* Enqueue a delivery status notification message, with a copy
+/* of a per-message log file and of the corresponding message.
+/* When the delivery status notification message is
/* enqueued successfully, the per-message log file is deleted.
/* .PP
/* The software does a best notification effort. A non-delivery
VSTREAM *stream;
int status;
int count = 0;
+ int request_flags;
/*
* The client and server live in separate processes that may start and
*/
VSTRING_RESET(dict_proxy->result);
VSTRING_TERMINATE(dict_proxy->result);
+ request_flags = (dict_proxy->in_flags & DICT_FLAG_RQST_MASK)
+ | (dict->flags & DICT_FLAG_RQST_MASK);
for (;;) {
stream = clnt_stream_access(proxy_stream);
errno = 0;
if (attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_STR, MAIL_ATTR_REQ, PROXY_REQ_LOOKUP,
ATTR_TYPE_STR, MAIL_ATTR_TABLE, dict->name,
- ATTR_TYPE_INT, MAIL_ATTR_FLAGS, dict_proxy->in_flags,
+ ATTR_TYPE_INT, MAIL_ATTR_FLAGS, request_flags,
ATTR_TYPE_STR, MAIL_ATTR_KEY, key,
ATTR_TYPE_END) != 0
|| vstream_fflush(stream)
if (msg_verbose)
msg_info("%s: table=%s flags=%s key=%s -> status=%d result=%s",
myname, dict->name,
- dict_flags_str(dict_proxy->in_flags), key,
+ dict_flags_str(request_flags), key,
status, STR(dict_proxy->result));
switch (status) {
case PROXY_STAT_BAD:
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20070320"
+#define MAIL_RELEASE_DATE "20070325"
#define MAIL_VERSION_NUMBER "2.4"
#ifdef SNAPSHOT
*/
if ((fp = safe_open(path, flags | O_NONBLOCK, mode, st,
chown_uid, chown_gid, why->reason)) == 0) {
+ dsb_status(why, mbox_dsn(errno, def_dsn));
if (locked & MBOX_DOT_LOCK)
dot_unlockfile(path);
- dsb_status(why, mbox_dsn(errno, def_dsn));
return (0);
}
close_on_exec(vstream_fileno(fp), CLOSE_ON_EXEC);
/* University of Texas at Dallas
/* P.O. Box 830688, MC34
/* Richardson, TX 75083, USA
+/*
+/* IPv6 support originally by:
+/* Mark Huizer, Eindhoven University, The Netherlands
+/* Jun-ichiro 'itojun' Hagino, KAME project, Japan
+/* The Linux PLD project
+/* Dean Strik, Eindhoven University, The Netherlands
/*--*/
/* System library. */
/* Postfix-compatible logging utility
/* SYNOPSIS
/* .fi
+/* .ad
/* \fBpostlog\fR [\fB-iv\fR] [\fB-c \fIconfig_dir\fR]
-/* [\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR]
+/* [\fB-p \fIpriority\fB] [\fB-t \fItag\fR] [\fItext...\fR]
/* DESCRIPTION
/* The \fBpostlog\fR(1) command implements a Postfix-compatible logging
/* interface for use in, for example, shell scripts.
/* outside world.
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
-/* BUGS
-/* The \fBshowq\fR(8) daemon runs at a fixed low privilege; consequently,
-/* it cannot extract information from queue files in the
-/* \fBmaildrop\fR directory.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* when the client is used for multiple domains.
/*
/* Most smtp_\fIxxx\fR configuration parameters have an
-/* lmtp_\fIxxx\fR "ghost" parameter for the equivalent LMTP
+/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
/* feature. This document describes only those LMTP-related
-/* parameters that aren't simply "ghost" parameters.
+/* parameters that aren't simply "mirror" parameters.
/*
/* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
/* processes run for only a limited amount of time. Use the command
if ((newloc = mail_addr_find(relocated_maps, STR(nextrcpt),
IGNORE_ADDR_EXTENSION)) != 0) {
vstring_strcpy(channel, MAIL_SERVICE_ERROR);
- vstring_sprintf(nexthop, "User has moved to %s", newloc);
+ /* 5.1.6 is the closest match, but not perfect. */
+ vstring_sprintf(nexthop, "5.1.6 User has moved to %s", newloc);
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_RELOCATED_MAPS);
*flags |= RESOLVE_FLAG_FAIL;
#define NATIVE_NEWALIAS_PATH "/usr/bin/newaliases"
#define NATIVE_COMMAND_DIR "/usr/sbin"
#define NATIVE_DAEMON_DIR "/usr/libexec/postfix"
+#define SOCKADDR_SIZE socklen_t
+#define SOCKOPT_SIZE socklen_t
#endif
/*
projects / thirdparty / postfix.git / commitdiff
