-TBH_TABLE
-TBINATTR
-TBINATTR_INFO
+-Tbind_props
-TBINHASH
-TBINHASH_INFO
-TBIO
-TBOUNCE_TIME_PARAMETER
-TCFG_PARSER
-TCIDR_MATCH
+-Tcipher_probe_t
-TCLEANUP_REGION
--TCLEANUP_STATE
-TCLEANUP_STAT_DETAIL
+-TCLEANUP_STATE
-TCLIENT_LIST
-TCLNT_STREAM
-TCONFIG_BOOL_FN_TABLE
-TCRYPTO_EX_DATA
-TCTABLE
-TCTABLE_ENTRY
+-Td2i_X509_t
+-Tdane_digest
-TDB_COMMON_CTX
--TDELIVERED_HDR_INFO
-TDELIVER_ATTR
+-TDELIVERED_HDR_INFO
-TDELIVER_REQUEST
-TDELTA_TIME
-TDICT
-TEVP_PKEY
-TEXPAND_ATTR
-TFILE
+-Tfilter_ctx
-TFORWARD_INFO
+-Tgeneral_name_stack_t
-THBC_ACTION_CALL_BACKS
-THBC_CALL_BACKS
-THBC_CHECKS
-THOST
-THTABLE
-THTABLE_INFO
+-Tiana_digest
-TINET_ADDR_LIST
-TINET_PROTO_INFO
-TINSTANCE
-TINST_SELECTION
-TINT32_TYPE
--TINTV
-TINT_TABLE
+-TINTV
-TJMP_BUF_WRAPPER
-TLDAP
--TLDAPMessage
-TLDAP_CONN
+-TLDAPMessage
-TLIB_DP
-TLIB_FN
-TLMTP_ATTR
-TMAC_EXP_OP_INFO
-TMAC_HEAD
-TMAC_PARSE
+-TMAI_HOSTADDR_STR
+-TMAI_HOSTNAME_STR
-TMAIL_ADDR_MAP_TEST
-TMAIL_PRINT
-TMAIL_SCAN
-TMAIL_STREAM
-TMAIL_VERSION
--TMAI_HOSTADDR_STR
--TMAI_HOSTNAME_STR
-TMAI_SERVNAME_STR
-TMAI_SERVPORT_STR
-TMAPS
-TMDB_val
-TMILTER
-TMILTER8
--TMILTERS
-TMILTER_MACROS
-TMILTER_MSG_CONTEXT
+-TMILTERS
-TMIME_ENCODING
-TMIME_INFO
-TMIME_STACK
-TNAME_CODE
-TNAME_MASK
-TNBBIO
+-Toff_t
-TOPTIONS
-TPCF_DBMS_INFO
-TPCF_EVAL_CTX
-TPCF_SERVICE_PATTERN
-TPCF_STRING_NV
-TPEER_NAME
+-Tpem_load_state_t
-TPGSQL_NAME
-TPICKUP_INFO
-TPIPE_ATTR
-TPIPE_STATE
-TPLMYSQL
-TPLPGSQL
--TPOSTMAP_KEY_STATE
-TPOST_MAIL_FCLOSE_STATE
-TPOST_MAIL_STATE
+-TPOSTMAP_KEY_STATE
-TPRIVATE_STR_TABLE
-TPSC_CALL_BACK_ENTRY
-TPSC_CLIENT_INFO
-TRECIPIENT
-TRECIPIENT_LIST
-TREC_TYPE_NAME
+-Tregex_t
+-Tregmatch_t
+-TRES_CONTEXT
-TRESOLVE_REPLY
-TRESPONSE
-TREST_TABLE
--TRES_CONTEXT
-TRWR_CONTEXT
+-Tsasl_conn_t
+-Tsasl_secret_t
-TSCACHE
-TSCACHE_CLNT
-TSCACHE_MULTI
-TSCAN_INFO
-TSCAN_OBJ
-TSESSION
+-Tsfsistat
-TSHARED_PATH
+-Tsigset_t
-TSINGLE_SERVER
-TSINK_COMMAND
-TSINK_STATE
+-Tsize_t
-TSLMDB
-TSMFICTX
+-TSM_STATE
+-TSMTP_ADDR
+-TSMTP_CMD
-TSMTPD_CMD
-TSMTPD_DEFER
-TSMTPD_ENDPT_LOOKUP_INFO
-TSMTPD_STATE
-TSMTPD_TOKEN
-TSMTPD_XFORWARD_ATTR
--TSMTP_ADDR
--TSMTP_CMD
-TSMTP_ITERATOR
-TSMTP_RESP
-TSMTP_SASL_AUTH_CACHE
-TSMTP_TLS_POLICY
-TSMTP_TLS_SESS
-TSMTP_TLS_SITE_POLICY
--TSM_STATE
+-Tsockaddr
-TSOCKADDR_SIZE
-TSPAWN_ATTR
+-Tssize_t
-TSSL
+-Tssl_cipher_stack_t
+-Tssl_comp_stack_t
-TSSL_CTX
-TSSL_SESSION
-TSTATE
-TSTRING_LIST
-TSTRING_TABLE
-TSYS_EXITS_DETAIL
--TTLSMGR_SCACHE
--TTLSP_STATE
+-Ttime_t
+-Ttlsa_filter
-TTLS_APPL_STATE
-TTLS_CERTS
-TTLS_CLIENT_INIT_PROPS
-TTLS_CLIENT_START_PROPS
+-TTLScontext_t
-TTLS_DANE
+-TTLSMGR_SCACHE
+-TTLS_PARAMS
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
+-TTLSP_STATE
-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_TLSA
-TTLS_USAGE
-TTLS_VINFO
--TTLScontext_t
-TTOK822
-TTRANSPORT_INFO
-TTRIGGER_SERVER
-TWATCHDOG
-TWATCH_FD
-TX509
--TX509V3_CTX
-TX509_EXTENSION
-TX509_NAME
+-Tx509_stack_t
-TX509_STORE_CTX
+-TX509V3_CTX
-TXSASL_CLIENT
-TXSASL_CLIENT_CREATE_ARGS
-TXSASL_CLIENT_IMPL
-TXSASL_SERVER_CREATE_ARGS
-TXSASL_SERVER_IMPL
-TXSASL_SERVER_IMPL_INFO
--Tbind_props
--Tcipher_probe_t
--Td2i_X509_t
--Tdane_digest
--Tfilter_ctx
--Tgeneral_name_stack_t
--Tiana_digest
--Toff_t
--Tpem_load_state_t
--Tregex_t
--Tregmatch_t
--Tsasl_conn_t
--Tsasl_secret_t
--Tsfsistat
--Tsigset_t
--Tsize_t
--Tsockaddr
--Tssize_t
--Tssl_cipher_stack_t
--Tssl_comp_stack_t
--Ttime_t
--Ttlsa_filter
--Tx509_stack_t
* FORWARD_SECRECY_README: TLS Forward Secrecy
* IPV6_README: IP Version 6 Support
* SMTPUTF8_README: SMTPUTF8 Support
+ * MAILLOG_README: Postfix logging to file or stdout
* COMPATIBILITY_README: Backwards-Compatibility Safety Net
* INSTALL: Installation from source code
L\bLo\boo\bok\bk f\bfo\bor\br o\bob\bbv\bvi\bio\bou\bus\bs s\bsi\big\bgn\bns\bs o\bof\bf t\btr\bro\bou\bub\bbl\ble\be
-Postfix logs all failed and successful deliveries to a logfile. The file is
-usually called /var/log/maillog or /var/log/mail; the exact pathname is defined
-in the /etc/syslog.conf file.
+Postfix logs all failed and successful deliveries to a logfile.
+
+ * When Postfix uses syslog logging (the default), the file is usually called
+ /var/log/maillog, /var/log/mail, or something similar; the exact pathname
+ is configured in a file called /etc/syslog.conf, /etc/rsyslog.conf, or
+ something similar.
+
+ * When Postfix uses its own logging system (see MAILLOG_README), the location
+ of the logfile is configured with the Postfix maillog_file parameter.
When Postfix does not receive or deliver mail, the first order of business is
to look for errors that prevent Postfix from working properly:
--- /dev/null
+P\bPo\bos\bst\btf\bfi\bix\bx l\blo\bog\bgg\bgi\bin\bng\bg t\bto\bo f\bfi\bil\ble\be o\bor\br s\bst\btd\bdo\bou\but\bt
+
+-------------------------------------------------------------------------------
+
+O\bOv\bve\ber\brv\bvi\bie\bew\bw
+
+Postfix supports it own logging system as an alternative to syslog (which
+remains the default). This is available with Postfix version 3.4 or later.
+
+Topics covered in this document:
+
+ * Configuring logging to file
+ * Configuring logging to stdout
+ * Rotating logs
+ * Limitations
+
+C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg l\blo\bog\bgg\bgi\bin\bng\bg t\bto\bo f\bfi\bil\ble\be
+
+Logging to file solves a usability problem for MacOS, and eliminates multiple
+problems for systemd-based systems.
+
+ 1. Add the following line to master.cf if not already present (note: there
+ must be no whitespace at the start of the line):
+
+ postlog unix-dgram n - n - 1 postlogd
+
+ Note: the service type "u\bun\bni\bix\bx-\b-d\bdg\bgr\bra\bam\bm" was introduced with Postfix 3.4. Remove
+ the above line before backing out to an older Postfix version.
+
+ 2. Configure Postfix to write logging, to, for example, /var/log/postfix.log.
+ See also the "Logfile rotation" section below for logfile management.
+
+ # postfix stop
+ # postconf maillog_file=/var/log/postfix.log
+ # postfix start
+
+ By default, the logfile name must start with "/var" or "/dev/stdout" (the
+ list of allowed prefixes is configured with the maillog_file_prefixes
+ parameter). This safety mechanism limits the damage from a single
+ configuration mistake.
+
+C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg l\blo\bog\bgg\bgi\bin\bng\bg t\bto\bo s\bst\btd\bdo\bou\but\bt
+
+Logging to stdout is useful when Postfix runs in a container, as it eliminates
+a syslogd dependency.
+
+ 1. Add the following line to master.cf if not already present (note: there
+ must be no whitespace at the start of the line):
+
+ postlog unix-dgram n - n - 1 postlogd
+
+ Note: the service type "u\bun\bni\bix\bx-\b-d\bdg\bgr\bra\bam\bm" was introduced with Postfix 3.4. Remove
+ the above line before backing out to an older Postfix version.
+
+ 2. Configure main.cf with "maillog_file = /dev/stdout".
+
+ 3. Start Postfix with "p\bpo\bos\bst\btf\bfi\bix\bx s\bst\bta\bar\brt\bt-\b-f\bfg\bg".
+
+R\bRo\bot\bta\bat\bti\bin\bng\bg l\blo\bog\bgs\bs
+
+The command "p\bpo\bos\bst\btf\bfi\bix\bx l\blo\bog\bgr\bro\bot\bta\bat\bte\be" may be run by hand or by a cronjob. It logs all
+errors, and reports errors to stderr if run from a terminal. This command
+implements the following steps:
+
+ * Rename the current logfile by appending a suffix that contains the date and
+ time. This suffix is configured with the maillog_file_rotate_suffix
+ parameter (default: %Y%M%d-%H%M%S).
+
+ * Reload Postfix so that postlogd(8) immediately closes the old logfile.
+
+ * After a brief pause, compress the old logfile. The compression program is
+ configured with the maillog_file_compressor parameter (default: gzip).
+
+Notes:
+
+ * This command will not rotate a logfile with pathname under the /dev
+ directory, such as /dev/stdout.
+
+ * This command does not (yet) remove old logfiles.
+
+L\bLi\bim\bmi\bit\bta\bat\bti\bio\bon\bns\bs
+
+Background:
+
+ * Postfix consists of a number of daemon programs, and non-daemon programs
+ some of which are used for local mail submission, and some for Postfix
+ management.
+
+ * Logging to Postfix logfile or stdout requires the Postfix postlogd(8)
+ service. This ensures that simultaneous logging from different programs
+ will not get mixed up.
+
+ * All Postfix programs can log to syslog, but not all programs have
+ sufficient privileges to use the Postfix logging service, and many non-
+ daemon programs must not log to stdout as that would corrupt their output.
+
+Limitations:
+
+ * Non-daemon Postfix programs will log errors to syslogd(8) before they have
+ processed command-line options and main.cf parameters.
+
+ * If Postfix is down, the non-daemon programs postfix(1), postsuper(1),
+ postmulti(1), and postlog(1), will log directly to $maillog_file. These
+ programs expect to run with root privileges, for example during Postfix
+ start-up, reload, or shutdown.
+
+ * Other non-daemon Postfix programs will never write directly to
+ $maillog_file (also, logging to stdout would interfere with the operation
+ of some of these programs). These programs can log to postlogd(8) if they
+ are run by the super-user, or if their executable file has set-gid
+ permission. Do not set this permission on programs other than postdrop(1)
+ and postqueue(1).
+
Incompatible changes with snapshot 20190126-nonprod
====================================================
-This introduces a new master.cf service type 'unix-dgram' that is
-used by the new postlogd(8) daemon. This type is not supported by
-older Postfix versions. Before backing out to an older version,
-edit the master.cf file and remove the postlog entry.
+This introduces a new master.cf service 'postlog' with type
+'unix-dgram' that is used by the new postlogd(8) daemon. The
+'unix-dgram' service type is not supported by older Postfix versions.
+Before backing out to an older version, edit the master.cf file and
+remove the postlog entry.
Major changes with snapshot 20190126-nonprod
============================================
-[TODO: move most of this text to MAILLOG_README file]
-
Support for logging to file or stdout, instead of using syslog.
- Logging to file solves a usability problem for MacOS, and
- Logging to stdout is useful when Postfix runs in a container, as
it eliminates a syslogd dependency.
-To enable Postfix logging to file or stdout:
---------------------------------------------
-
-Add the following line to master.cf if not already present (note:
-there must be no whitespace at the start of the line):
- postlog unix-dgram n - n - 1 postlogd
-
-To write logs to Postfix logfile (see below for logfile rotation):
- # postfix stop
- # postconf maillog_file=/var/log/postfix.log
- # postfix start
-
-To write logs to stdout, typically while Postfix runs in a container:
- # postconf maillog_file=/dev/stdout
- # postfix start-fg
-
-The maillog_file parameter must contain one of the prefixes that
-are specified with the maillog_file_prefixes parameter (default:
-/var, /dev/stdout). This limits the damage from a single configuration
-mistake.
-
-To rotate a Postfix logfile with a daily cronjob:
--------------------------------------------------
-
-The command "postfix logrotate" renames the logfile by appending a
-suffix that contains the date and time, reloads Postfix so that it
-closes the old logfile, and after a brief pause compresses the old
-logfile. This command will not rotate the log if it specifies a
-pathname under the /dev directory, such as /dev/stdout.
-
-The command "postfix logrotate" does not (yet) remove old logfiles.
-
-Configuration parameters:
-- maillog_file_compressor (gzip)
-- maillog_file_rotate_suffix (%Y%M%d-%H%M%S)
-
-See the postconf(5) manpage for detailed descriptions.
-
-Limitations of logging to Postfix logfile or stdout:
-----------------------------------------------------
-
-Background:
-
-- Logging to Postfix logfile or stdout requires the Postfix postlogd(8)
- service. This program ensures that simultaneous logging from
- different programs will not get mixed up.
-
-Limitations:
-
-- Non-daemon Postfix programs may log to syslogd(8) before they
- have processed command-line options and main.cf parameters.
-
-- If Postfix is down, the non-daemon programs postfix(1), postsuper(1),
- postmulti(1), and postlog(1), will log directly to $maillog_file.
- These programs expect to run with root privileges, for example
- during Postfix start-up, reload, or shutdown.
-
-- Other non-daemon Postfix programs will never write directly to
- $maillog_file (also, logging to stdout would interfere with the
- operation of some of these programs). These programs can log to
- postlogd(8) if they are run by the super-user, or if their
- executable file has set-gid permission. Do not set this permision
- on programs other than postdrop(1) and postqueue(1).
+See MAILLOG_README for configuration examples and logfile rotation.
Incompatible changes with snapshot 20190106
===========================================
====================================
SNI support in the Postfix SMTP server, the Postfix SMTP client,
-and in the tlsproxy daemon (both server and client roles).
+and in the tlsproxy daemon (both server and client roles). See the
+postconf(5) documentation for the new tls_server_sni_maps and
+smtp_tls_servername parameters.
-Support for files that combine multiple (key, certificate, trust
+Support for files that contain multiple (key, certificate, trust
chain) instances. This was required to implement server-side SNI
table lookups, but it also eliminates the need for separate cert/key
files for RSA, DSA, Elliptic Curve, and so on. The file format is
-documented in TLS_README sections [TODO] and in the postconf
-documentation for parameters [TODO].
+documented in the TLS_README sections "Server-side certificate and
+private key configuration" and "Client-side certificate and private
+key configuration", and in the postconf(5) documentation for the
+parameters smtp_tls_chain_files, smtpd_tls_chain_files,
+tlsproxy_client_chain_files, and tlsproxy_tls_chain_files.
+
+Note: the command "postfix tls" does not yet support the new
+consolidated certificate chain format. If you switch to the new
+format, you'll need to manage your keys and certificates directly,
+rather than via postfix-tls(1).
Major changes with snapshot 20180826
====================================
Wish list:
- Add maillog_file to postfix(1) exports?
+ In tlsproxy, include parameter names in the diffs between
+ expected and client properties. This requires a function
+ tls_proxy_client_init_with_names_to_string().
+
+ make tls_pre_jail_init() safe by design for use in programs
+ that implement both clients and servers.
postfix rotate-log command: mv postfix.log postfix.log.$(date
+%Y%M%d-%H%M%S) to avoid data loss if called repeatedly.
<h2><a name="logging">Look for obvious signs of trouble</a></h2>
-<p> Postfix logs all failed and successful deliveries to a logfile.
-The file is usually called /var/log/maillog or /var/log/mail; the
-exact pathname is defined in the /etc/syslog.conf file. </p>
+<p> Postfix logs all failed and successful deliveries to a logfile. </p>
+
+<ul>
+
+<li> <p> When Postfix uses syslog logging (the default), the file
+is usually called /var/log/maillog, /var/log/mail, or something
+similar; the exact pathname is configured in a file called
+/etc/syslog.conf, /etc/rsyslog.conf, or something similar. </p>
+
+<li> <p> When Postfix uses its own logging system (see <a href="MAILLOG_README.html">MAILLOG_README</a>),
+the location of the logfile is configured with the Postfix <a href="postconf.5.html#maillog_file">maillog_file</a>
+parameter. </p>
+
+</ul>
<p> When Postfix does not receive or deliver mail, the first order
of business is to look for errors that prevent Postfix from working
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix logging to file or stdout</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+logging to file or stdout</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix supports it own logging system as an alternative to
+syslog (which remains the default). This is available with Postfix
+version 3.4 or later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#log-to-file">Configuring logging to file</a>
+
+<li><a href="#log-to-stdout">Configuring logging to stdout</a>
+
+<li><a href="#logrotate">Rotating logs </a>
+
+<li><a href="#limitations">Limitations</a>
+
+</ul>
+
+<h2> <a name="log-to-file"> Configuring logging to file </a> </h2>
+
+<p> Logging to file solves a usability problem for MacOS, and
+eliminates multiple problems for systemd-based systems. </p>
+
+<ol>
+
+<li> <p> Add the following line to <a href="master.5.html">master.cf</a> if not already present
+(note: there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure Postfix to write logging, to, for example,
+/var/log/postfix.log. See also the "<a href="#logrotate">Logfile
+rotation</a>" section below for logfile management. </p>
+
+<blockquote>
+<pre>
+# postfix stop
+# postconf <a href="postconf.5.html#maillog_file">maillog_file</a>=/var/log/postfix.log
+# postfix start
+</pre>
+</blockquote>
+
+<p> By default, the logfile name must start with "/var" or "/dev/stdout"
+(the list of allowed prefixes is configured with the <a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a>
+parameter). This safety mechanism limits the damage from a single
+configuration mistake. </p>
+
+</ol>
+
+<h2> <a name="log-to-stdout"> Configuring logging to stdout </a> </h2>
+
+<p> Logging to stdout is useful when Postfix runs in a container,
+as it eliminates a syslogd dependency. </p>
+
+<ol>
+
+<li> <p> Add the following line to <a href="master.5.html">master.cf</a> if not already present (note:
+there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure <a href="postconf.5.html">main.cf</a> with "<a href="postconf.5.html#maillog_file">maillog_file</a> = /dev/stdout". </p>
+
+<li> <p> Start Postfix with "<b>postfix start-fg</b>". </p>
+
+</ol>
+
+<h2> <a name="logrotate"> Rotating logs </a> </h2>
+
+<p> The command "<b>postfix logrotate</b>" may be run by hand or
+by a cronjob. It logs all errors, and reports errors to stderr if
+run from a terminal. This command implements the following steps:
+</p>
+
+<ul>
+
+<li> <p> Rename the current logfile by appending a suffix that
+contains the date and time. This suffix is configured with the
+<a href="postconf.5.html#maillog_file_rotate_suffix">maillog_file_rotate_suffix</a> parameter (default: %Y%M%d-%H%M%S). </p>
+
+<li> <p> Reload Postfix so that <a href="postlogd.8.html">postlogd(8)</a> immediately closes the
+old logfile. </p>
+
+<li> <p> After a brief pause, compress the old logfile. The compression
+program is configured with the <a href="postconf.5.html#maillog_file_compressor">maillog_file_compressor</a> parameter
+(default: gzip). </p>
+
+</ul>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> This command will not rotate a logfile with pathname under
+the /dev directory, such as /dev/stdout. </p>
+
+<li> <p> This command does not (yet) remove old logfiles. </p>
+
+</ul>
+
+<h2> <a name="limitations">Limitations</a> </h2>
+
+<p> Background: </p>
+
+<ul>
+
+<li> <p> Postfix consists of a number of daemon programs, and
+non-daemon programs some of which are used for local mail submission,
+and some for Postfix management.
+
+<li> <p> Logging to Postfix logfile or stdout requires the Postfix
+<a href="postlogd.8.html">postlogd(8)</a> service. This ensures that simultaneous logging from
+different programs will not get mixed up. </p>
+
+<li> <p> All Postfix programs can log to syslog, but not all programs
+have sufficient privileges to use the Postfix logging service, and
+many non-daemon programs must not log to stdout as that would corrupt
+their output. </p>
+
+</ul>
+
+<p> Limitations: </p>
+
+<ul>
+
+<li> <p> Non-daemon Postfix programs will log errors to syslogd(8)
+before they have processed command-line options and <a href="postconf.5.html">main.cf</a> parameters.
+
+<li> <p> If Postfix is down, the non-daemon programs <a href="postfix.1.html">postfix(1)</a>,
+<a href="postsuper.1.html">postsuper(1)</a>, <a href="postmulti.1.html">postmulti(1)</a>, and <a href="postlog.1.html">postlog(1)</a>, will log directly to
+$<a href="postconf.5.html#maillog_file">maillog_file</a>. These programs expect to run with root privileges,
+for example during Postfix start-up, reload, or shutdown.
+
+<li> <p> Other non-daemon Postfix programs will never write directly
+to $<a href="postconf.5.html#maillog_file">maillog_file</a> (also, logging to stdout would interfere with the
+operation of some of these programs). These programs can log to
+<a href="postlogd.8.html">postlogd(8)</a> if they are run by the super-user, or if their executable
+file has set-gid permission. Do not set this permission on programs
+other than <a href="postdrop.1.html">postdrop(1)</a> and <a href="postqueue.1.html">postqueue(1)</a>.
+
+</ul>
+
+</body>
+
+</html>
is kept.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Upon exit, and every <b><a href="postconf.5.html#anvil_status_update_time">anvil_status_update_time</a></b> seconds, the server logs
the maximal count and rate values measured, together with (service,
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
<a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
Table-driven rewriting rules make it hard to express <b>if then else</b> and
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a> (empty)</b>
Optional list of user names that are not subjected to address
- masquerading, even when their address
matches $<a href="postconf.5.html#masquerade_domains">masquer</a>-
+ masquerading, even when their address
es match $<a href="postconf.5.html#masquerade_domains">masquer</a>-
<a href="postconf.5.html#masquerade_domains">ade_domains</a>.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
server closes the connection.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> processes
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
- syslogd(5), system logging
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
can run chrooted at fixed low privilege.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
Fast flush logfiles are truncated only after a "send" request, not when
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<li> <a href="SMTPUTF8_README.html"> SMTPUTF8 Support </a>
+<li> <a href="MAILLOG_README.html"> Postfix logging to file or stdout </a>
+
<li> <a href="COMPATIBILITY_README.html"> Backwards-Compatibility Safety Net</a>
<li> <a href="INSTALL.html"> Installation from source code </a>
<a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
- files are marked so that the queue manager can move them to the <b>corrupt</b>
- queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
<a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
- files are marked so that the queue manager can move them to the <b>corrupt</b>
- queue afterwards.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue afterwards.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<a href="aliases.5.html">aliases(5)</a>, format of alias database
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable debugging with an external command, as specified with the
<b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with messages that have
+ <b>NAME</b> The sender full name. This is used only with messages that have
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
<a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is sent in a
+ The maximal amount of original message text that is sent in a
non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter characters on
+ The characters Postfix accepts as VERP delimiter characters on
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of the message
+ The time after which the sender receives a copy of the message
headers of mail that is still queued.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients at all when
- this parameter is empty; otherwise, rewrite message headers and
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Postfix 3.2 and later:
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configuration directo-
- ries; these directories belong to additional Postfix instances
- that share the Postfix executable files and documentation with
- the default Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b>FILES</b>
<a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
<a href="postfix.1.html">postfix(1)</a>, mail system control
<a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README_FILES</b>
- Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
running processes to finish what they are doing.
<b>DIAGNOSTICS</b>
- Problems are reported to <b>syslogd</b>(8). The exit status is non-zero in
- case of problems, including problems while initializing as a master
- daemon process in the background.
+ Problems are reported to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. The exit status is
+ non-zero in case of problems, including problems while initializing as
+ a master daemon process in the background.
<b>ENVIRONMENT</b>
<b>MAIL_DEBUG</b>
<a href="verify.8.html">verify(8)</a>, address verification
<a href="master.5.html">master(5)</a>, <a href="master.5.html">master.cf</a> configuration file syntax
<a href="postconf.5.html">postconf(5)</a>, <a href="postconf.5.html">main.cf</a> configuration file syntax
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable debugging with an external command, as specified with the
<b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with messages that have
+ <b>NAME</b> The sender full name. This is used only with messages that have
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
<a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is sent in a
+ The maximal amount of original message text that is sent in a
non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter characters on
+ The characters Postfix accepts as VERP delimiter characters on
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of the message
+ The time after which the sender receives a copy of the message
headers of mail that is still queued.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients at all when
- this parameter is empty; otherwise, rewrite message headers and
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Postfix 3.2 and later:
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configuration directo-
- ries; these directories belong to additional Postfix instances
- that share the Postfix executable files and documentation with
- the default Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b>FILES</b>
<a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
<a href="postfix.1.html">postfix(1)</a>, mail system control
<a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README_FILES</b>
- Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the <b>syslog</b>(8) daemon. Cor-
- rupted message files are saved to the <b>corrupt</b> queue for further inspec-
- tion.
+ Problems and transactions are logged to the <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>
+ daemon. Corrupted message files are saved to the <b>corrupt</b> queue for
+ further inspection.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
The default amount of delay that is inserted between individual
- deliveries to the same destination; the resulting behavior
- depends on the value of the corresponding per-destination recip-
- ient limit.
+ message deliveries to the same destination and over the same
+ message delivery transport.
<b>transport_destination_rate_delay ($<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-
- <a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ <a href="postconf.5.html#default_destination_rate_delay">tion_rate_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
ter.cf</a> name of the message delivery transport.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a> (0s)</b>
- The default amount of delay that is inserted between individual
- deliveries over the same message delivery transport, regardless
- of destination.
+ The default amount of delay that is inserted between individual
+ message deliveries over the same message delivery transport,
+ regardless of destination.
<b>transport_transport_rate_delay ($<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_trans</a>-
- <a href="postconf.5.html#default_transport_rate_delay">port_rate_delay</a> parameter value, where the initial <i>transport</i> in
+ A
transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_trans</a>-
+ <a href="postconf.5.html#default_transport_rate_delay">port_rate_delay</a> parameter value, where the initial <i>transport</i> in
the parameter name is the <a href="master.5.html">master.cf</a> name of the message delivery
transport.
<b>SAFETY CONTROLS</b>
<b><a href="postconf.5.html#qmgr_daemon_timeout">qmgr_daemon_timeout</a> (1000s)</b>
How much time a Postfix queue manager process may take to handle
- a request before it is terminated by a built-in watchdog timer.
+ a request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#qmgr_ipc_timeout">qmgr_ipc_timeout</a> (60s)</b>
The time limit for the queue manager to send or receive informa-
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#address_verify_pending_request_limit">address_verify_pending_request_limit</a> (see 'postconf -d' output)</b>
- A safety limit that prevents address verification requests from
+ A safety limit that prevents address verification requests from
overwhelming the Postfix queue.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#defer_transports">defer_transports</a> (empty)</b>
mail unless someone issues "<b>sendmail -q</b>" or equivalent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#helpful_warnings">helpful_warnings</a> (yes)</b>
- Log warnings about problematic configuration settings, and pro-
+ Log warnings about problematic configuration settings, and pro-
vide helpful suggestions.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#confirm_delay_cleared">confirm_delay_cleared</a> (no)</b>
- After sending a "your message is delayed" notification, inform
+ After sending a "your message is delayed" notification, inform
the sender when the delay clears up.
Available in Postfix 3.3 and later:
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
public service endpoint.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
The <a href="pickup.8.html"><b>pickup</b>(8)</a> daemon copies mail from file to the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
fications (Postfix 3.0 and later). This command output is not examined
for the presence of an enhanced status code.
- Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
- files are marked so that the queue manager can move them to the <b>corrupt</b>
- queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
<b>SECURITY</b>
This program needs a dual personality 1) to access the private Postfix
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
base.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream and to <b>syslogd</b>(8). No
- output means that no problems were detected. Duplicate entries are
- skipped and are flagged with a warning.
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. No output means that no problems were detected. Duplicate
+ entries are skipped and are flagged with a warning.
<a href="postalias.1.html"><b>postalias</b>(1)</a> terminates with zero exit status in case of success
(including successful "<b>postalias -q</b>" lookup) and terminates with
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="postmap.1.html">postmap(1)</a>, create/update/query lookup tables
<a href="newaliases.1.html">newaliases(1)</a>, Sendmail compatibility interface.
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
(default: empty)</b></DT><DD>
<p> The name of an optional logfile that is written by the Postfix
-<a href="postlogd.8.html">postlogd(8)</a> service. A non-empty value disables logging to syslogd(8).
-Specify "/dev/stdout" for logging to standard output. Stdout logging
-requires that Postfix is started with "postfix start-fg". </p>
+<a href="postlogd.8.html">postlogd(8)</a> service. A non-empty value selects logging to syslogd(8).
+Specify "/dev/stdout" to select logging to standard output. Stdout
+logging requires that Postfix is started with "postfix start-fg".
+</p>
<p> Note 1: The <a href="postconf.5.html#maillog_file">maillog_file</a> parameter value must contain a prefix
that is specified with the <a href="postconf.5.html#maillog_file_prefixes">maillog_file_prefixes</a> parameter. </p>
(default: gzip)</b></DT><DD>
<p> The program to run after rotating $<a href="postconf.5.html#maillog_file">maillog_file</a> with "postfix
-logrotate". The command is run with the rotated file as its first
-argument. </p>
+logrotate". The command is run with the rotated logfile name as its
+first argument. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
<b>DIAGNOSTICS</b>
Fatal errors: malformed input, I/O error, out of memory. Problems are
- logged to <b>syslogd</b>(8) and to the standard error stream. When the input
- is incomplete, or when the process receives a HUP, INT, QUIT or TERM
- signal, the queue file is deleted.
+ logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a> and to the standard error stream.
+ When the input is incomplete, or when the process receives a HUP, INT,
+ QUIT or TERM signal, the queue file is deleted.
<b>ENVIRONMENT</b>
MAIL_CONFIG
<b>SEE ALSO</b>
<a href="sendmail.1.html">sendmail(1)</a>, compatibility interface
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
record. If no <i>text</i> is specified on the command line, <a href="postlog.1.html"><b>postlog</b>(1)</a> reads
from standard input and logs each input line as one record.
- By default, logging is sent to <b>syslogd</b>(8); when the standard error
- stream is connected to a terminal, logging is sent there as well.
+ By default, logging is sent to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>; when the
+ standard error stream is connected to a terminal, logging is sent there
+ as well.
The following options are implemented:
<b>-c</b> <i>config</i><b>_</b><i>dir</i>
- Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
+ Read the <a href="postconf.5.html"><b>main.cf</b></a> configuration file in the named directory
instead of the default configuration directory.
<b>-i</b> (obsolete)
- Include the process ID in the logging tag. This flag is ignored
+ Include the process ID in the logging tag. This flag is ignored
as of Postfix 3.4, where the PID is always included.
<b>-p</b> <i>priority</i> (default: <b>info</b>)
- Specifies the logging severity: <b>info</b>, <b>warn</b>, <b>error</b>, <b>fatal</b>, or
- <b>panic</b>. With Postfix 3.1 and later, the program will pause for 1
- second after reporting a <b>fatal</b> or <b>panic</b> condition, just like
+ Specifies the logging severity: <b>info</b>, <b>warn</b>, <b>error</b>, <b>fatal</b>, or
+ <b>panic</b>. With Postfix 3.1 and later, the program will pause for 1
+ second after reporting a <b>fatal</b> or <b>panic</b> condition, just like
other Postfix programs.
- <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
- appears at the beginning of each logging record. A default tag
+ <b>-t</b> <i>tag</i> Specifies the logging tag, that is, the identifying name that
+ appears at the beginning of each logging record. A default tag
is used when none is specified.
- <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
+ <b>-v</b> Enable verbose logging for debugging purposes. Multiple <b>-v</b>
options make the software increasingly verbose.
<b>ENVIRONMENT</b>
Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
gram.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.4 and later:
<b><a href="postconf.5.html#maillog_file">maillog_file</a> (empty)</b>
- The name of an optional logfile that is written by the Postfix
+ The name of an optional logfile that is written by the Postfix
<a href="postlogd.8.html"><b>postlogd</b>(8)</a> service.
<b><a href="postconf.5.html#postlog_service_name">postlog_service_name</a> (postlog)</b>
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
- syslogd(8), syslog daemon
- <a href="postlogd.8.html">postlogd(8)</a>, internal logging service
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
- syslogd(5), system logging
+ syslogd(8), system logging
+
+<b>README_FILES</b>
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ this information.
+ <a href="MAILLOG_README.html">MAILLOG_README</a>, Postfix logging to file or stdout
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
base.
<b>DIAGNOSTICS</b>
- Problems are logged to the standard error stream and to <b>syslogd</b>(8). No
- output means that no problems were detected. Duplicate entries are
- skipped and are flagged with a warning.
+ Problems are logged to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. No output means that no problems were detected. Duplicate
+ entries are skipped and are flagged with a warning.
<a href="postmap.1.html"><b>postmap</b>(1)</a> terminates with zero exit status in case of success (includ-
ing successful "<b>postmap -q</b>" lookup) and terminates with non-zero exit
<a href="postalias.1.html">postalias(1)</a>, create/update/query alias database
<a href="postconf.1.html">postconf(1)</a>, supported database types
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<a href="http://tools.ietf.org/html/rfc7159">RFC 7159</a> (JSON notation)
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
<b>ENVIRONMENT</b>
MAIL_CONFIG
- Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
- of set-group ID privileges, a non-standard directory is allowed
+ Directory with the <a href="postconf.5.html"><b>main.cf</b></a> file. In order to avoid exploitation
+ of set-group ID privileges, a non-standard directory is allowed
only if:
- <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
+ <b>o</b> The name is listed in the standard <a href="postconf.5.html"><b>main.cf</b></a> file with the
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b> configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
tion logfiles with mail that is queued to those destinations.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
- The time limit for sending a trigger to a Postfix daemon (for
+ The time limit for sending a trigger to a Postfix daemon (for
example, the <a href="pickup.8.html"><b>pickup</b>(8)</a> or <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon).
Available in Postfix version 2.2 and later:
<a href="flush.8.html">flush(8)</a>, fast flush service
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible user interface
<a href="postsuper.1.html">postsuper(1)</a>, privileged queue operations
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>README FILES</b>
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
The <a href="postscreen.8.html"><b>postscreen</b>(8)</a> built-in SMTP protocol engine currently does not
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
<a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
options make the software increasingly verbose.
<b>DIAGNOSTICS</b>
- Problems are reported to the standard error stream and to <b>syslogd</b>(8).
+ Problems are reported to the standard error stream and to <b>syslogd</b>(8) or
+ <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<a href="postsuper.1.html"><b>postsuper</b>(1)</a> reports the number of messages deleted with <b>-d</b>, the number
- of messages requeued with <b>-r</b>, and the number of messages whose queue
- file name was fixed with <b>-s</b>. The report is written to the standard
- error stream and to <b>syslogd</b>(8).
+ of messages requeued with <b>-r</b>, and the number of messages whose queue
+ file name was fixed with <b>-s</b>. The report is written to the standard
+ error stream and to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>ENVIRONMENT</b>
MAIL_CONFIG
cannot be placed "on hold".
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> (1)</b>
- The number of subdirectory levels for queue directories listed
+ The number of subdirectory levels for queue directories listed
with the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> parameter.
<b><a href="postconf.5.html#hash_queue_names">hash_queue_names</a> (deferred, defer)</b>
- The names of queue directories that are split across multiple
+ The names of queue directories that are split across multiple
subdirectory levels.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 2.9 and later:
<b>SEE ALSO</b>
<a href="sendmail.1.html">sendmail(1)</a>, Sendmail-compatible user interface
<a href="postqueue.1.html">postqueue(1)</a>, unprivileged queue operations
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
its content.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server provides service to multiple clients, and must
environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the syslog daemon. Corrupted
- message files are saved to the <b>corrupt</b> queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are saved to the <b>corrupt</b> queue for further
+ inspection.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>BUGS</b>
sistent process. Use the "<b>postfix reload</b>" command after a configuration
change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
In the text below, <i>transport</i> is the first field in a <a href="master.5.html"><b>master.cf</b></a> entry.
Available before Postfix version 2.5:
<b><a href="postconf.5.html#allow_min_user">allow_min_user</a> (no)</b>
- Allow a sender or recipient address to have `-' as the first
+ Allow a sender or recipient address to have `-' as the first
character.
Available with Postfix version 2.7 and later:
<b><a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> (empty)</b>
- When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
- next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
+ When a <a href="postconf.5.html#content_filter">content_filter</a> or FILTER request specifies no explicit
+ next-hop destination, use $<a href="postconf.5.html#default_filter_nexthop">default_filter_nexthop</a> instead; when
that value is empty, use the domain in the recipient address.
<b>ACTIVE QUEUE CONTROLS</b>
<b><a href="postconf.5.html#qmgr_clog_warn_time">qmgr_clog_warn_time</a> (300s)</b>
- The minimal delay between warnings that a specific destination
+ The minimal delay between warnings that a specific destination
is clogging up the Postfix <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_active_limit">qmgr_message_active_limit</a> (20000)</b>
The maximal number of messages in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#qmgr_message_recipient_limit">qmgr_message_recipient_limit</a> (20000)</b>
- The maximal number of recipients held in memory by the Postfix
+ The maximal number of recipients held in memory by the Postfix
queue manager, and the maximal size of the short-term, in-memory
"dead" destination status cache.
recipients.
<b>transport_recipient_limit ($<a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>
- parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ A
transport-specific override for the <a href="postconf.5.html#default_recipient_limit">default_recipient_limit</a>
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
message delivery transport.
<b><a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a> (1000)</b>
- The default value for the extra per-transport limit imposed on
+ The default value for the extra per-transport limit imposed on
the number of in-memory recipients.
<b>transport_extra_recipient_limit ($<a href="postconf.5.html#default_extra_recipient_limit">default_extra_recipient_limit</a>)</b>
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a> (100)</b>
- The default per-transport limit on the number of recipients
+ The default per-transport limit on the number of recipients
refilled at once.
<b>transport_recipient_refill_limit ($<a href="postconf.5.html#default_recipient_refill_limit">default_recipient_refill_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-
- <a href="postconf.5.html#default_recipient_refill_limit">ent_refill_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ A
transport-specific override for the <a href="postconf.5.html#default_recipient_refill_limit">default_recipi</a>-
+ <a href="postconf.5.html#default_recipient_refill_limit">ent_refill_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
ter.cf</a> name of the message delivery transport.
<b><a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a> (5s)</b>
refills.
<b>transport_recipient_refill_delay ($<a href="postconf.5.html#default_recipient_refill_delay">default_recipient_refill_delay</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-
- <a href="postconf.5.html#default_recipient_refill_delay">ent_refill_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
+ A
transport-specific override for the <a href="postconf.5.html#default_recipient_refill_delay">default_recipi</a>-
+ <a href="postconf.5.html#default_recipient_refill_delay">ent_refill_delay</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">mas-
ter.cf</a> name of the message delivery transport.
<b>DELIVERY CONCURRENCY CONTROLS</b>
delivery to the same destination.
<b><a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concurrency_limit</a> (20)</b>
- The default maximal number of parallel deliveries to the same
+ The default maximal number of parallel deliveries to the same
destination.
<b>transport_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A transport-specific override for the default_destination_con-
+ A transport-specific override for the default_destination_con-
currency_limit parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>transport_initial_destination_concurrency ($<a href="postconf.5.html#initial_destination_concurrency">initial_destination_concur</a>-</b>
<b><a href="postconf.5.html#initial_destination_concurrency">rency</a>)</b>
- A transport-specific override for the initial_destination_con-
- currency parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
+ A transport-specific override for the initial_destination_con-
+ currency parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
of the message delivery transport.
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_concurrency_failed_cohort_limit</a> (1)</b>
- How many pseudo-cohorts must suffer connection or handshake
- failure before a specific destination is considered unavailable
+ How many pseudo-cohorts must suffer connection or handshake
+ failure before a specific destination is considered unavailable
(and further delivery is suspended).
<b>transport_destination_concurrency_failed_cohort_limit ($<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_desti</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">nation_concurrency_failed_cohort_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_failed_cohort_limit">currency_failed_cohort_limit</a> parameter value, where <i>transport</i> is
the <a href="master.5.html">master.cf</a> name of the message delivery transport.
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destination_concurrency_negative_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency negative
- feedback, after a delivery completes with a connection or hand-
+ The per-destination amount of delivery concurrency negative
+ feedback, after a delivery completes with a connection or hand-
shake failure.
<b>transport_destination_concurrency_negative_feedback ($<a href="postconf.5.html#default_destination_concurrency_negative_feedback">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_negative_feedback">tion_concurrency_negative_feedback</a>)</b>
- A transport-specific override for the default_destination_con-
- currency_negative_feedback parameter value, where <i>transport</i> is
+ A transport-specific override for the default_destination_con-
+ currency_negative_feedback parameter value, where <i>transport</i> is
the <a href="master.5.html">master.cf</a> name of the message delivery transport.
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destination_concurrency_positive_feedback</a> (1)</b>
- The per-destination amount of delivery concurrency positive
+ The per-destination amount of delivery concurrency positive
feedback, after a delivery completes without connection or hand-
shake failure.
<b>transport_destination_concurrency_positive_feedback ($<a href="postconf.5.html#default_destination_concurrency_positive_feedback">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_positive_feedback">tion_concurrency_positive_feedback</a>)</b>
- A transport-specific override for the default_destination_con-
- currency_positive_feedback parameter value, where <i>transport</i> is
+ A transport-specific override for the default_destination_con-
+ currency_positive_feedback parameter value, where <i>transport</i> is
the <a href="master.5.html">master.cf</a> name of the message delivery transport.
<b><a href="postconf.5.html#destination_concurrency_feedback_debug">destination_concurrency_feedback_debug</a> (no)</b>
- Make the queue manager's feedback algorithm verbose for perfor-
+ Make the queue manager's feedback algorithm verbose for perfor-
mance analysis purposes.
<b>RECIPIENT SCHEDULING CONTROLS</b>
<b>transport_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>MESSAGE SCHEDULING CONTROLS</b>
<b><a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a> (5)</b>
- How often the Postfix queue manager's scheduler is allowed to
+ How often the Postfix queue manager's scheduler is allowed to
preempt delivery of one message with another.
<b>transport_delivery_slot_cost ($<a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_cost">default_delivery_slot_cost</a>
- parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
message delivery transport.
<b><a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a> (3)</b>
- How many recipients a message must have in order to invoke the
+ How many recipients a message must have in order to invoke the
Postfix queue manager's scheduling algorithm at all.
<b>transport_minimum_delivery_slots ($<a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_delivery_slots</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_minimum_delivery_slots">default_minimum_deliv</a>-
<a href="postconf.5.html#default_minimum_delivery_slots">ery_slots</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name
of the message delivery transport.
<b>transport_delivery_slot_discount ($<a href="postconf.5.html#default_delivery_slot_discount">default_delivery_slot_discount</a>)</b>
A transport-specific override for the default_delivery_slot_dis-
- count parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
+ count parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of
the message delivery transport.
<b><a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a> (3)</b>
- The default value for transport-specific _delivery_slot_loan
+ The default value for transport-specific _delivery_slot_loan
settings.
<b>transport_delivery_slot_loan ($<a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_delivery_slot_loan">default_delivery_slot_loan</a>
- parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
+ parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the
message delivery transport.
<b>OTHER RESOURCE AND RATE CONTROLS</b>
The maximal time between attempts to deliver a deferred message.
<b><a href="postconf.5.html#maximal_queue_lifetime">maximal_queue_lifetime</a> (5d)</b>
- Consider a message as undeliverable, when delivery fails with a
+ Consider a message as undeliverable, when delivery fails with a
temporary error, and the time in the queue has reached the <a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-
<a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a> limit.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b><a href="postconf.5.html#transport_retry_time">transport_retry_time</a> (60s)</b>
- The time between attempts by the Postfix queue manager to con-
+ The time between attempts by the Postfix queue manager to con-
tact a malfunctioning message delivery transport.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> (5d)</b>
- Consider a bounce message as undeliverable, when delivery fails
- with a temporary error, and the time in the queue has reached
+ Consider a bounce message as undeliverable, when delivery fails
+ with a temporary error, and the time in the queue has reached
the <a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a> limit.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a> (0s)</b>
- The default amount of delay that is inserted between individual
- deliveries to the same destination; the resulting behavior
- depends on the value of the corresponding per-destination recip-
- ient limit.
+ The default amount of delay that is inserted between individual
+ message deliveries to the same destination and over the same
+ message delivery transport.
<b>transport_destination_rate_delay ($<a href="postconf.5.html#default_destination_rate_delay">default_destination_rate_delay</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_rate_delay">default_destina</a>-
<b><a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a> (0s)</b>
The default amount of delay that is inserted between individual
- deliveries over the same message delivery transport, regardless
- of destination.
+ message deliveries over the same message delivery transport,
+ regardless of destination.
<b>transport_transport_rate_delay ($<a href="postconf.5.html#default_transport_rate_delay">default_transport_rate_delay</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_transport_rate_delay">default_trans</a>-
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
chrooted at fixed low privilege.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
The QMQP protocol provides only one server reply per message delivery.
<a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
store information that is security sensitive.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
The session cache cannot be shared among multiple machines.
<a href="smtp.8.html">smtp(8)</a>, SMTP client
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
precautions need to be taken against malicious inputs.
<b>DIAGNOSTICS</b>
- Problems are logged to <b>syslogd</b>(8) and to the standard error stream.
+ Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard
+ error stream.
<b>ENVIRONMENT</b>
<b>MAIL_CONFIG</b>
Enable debugging with an external command, as specified with the
<b><a href="postconf.5.html#debugger_command">debugger_command</a></b> configuration parameter.
- <b>NAME</b> The sender full name. This is used only with messages that have
+ <b>NAME</b> The sender full name. This is used only with messages that have
no <b>From:</b> message header. See also the <b>-F</b> option above.
<b>CONFIGURATION PARAMETERS</b>
- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
- gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
+ The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant to this pro-
+ gram.
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>post-</b></a>
<a href="postconf.5.html"><b>conf</b>(5)</a> for more details including examples.
<b>COMPATIBILITY CONTROLS</b>
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
invoked with the -D option.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
List of users who are authorized to view the queue.
<b><a href="postconf.5.html#authorized_submit_users">authorized_submit_users</a> (<a href="DATABASE_README.html#types">static</a>:anyone)</b>
- List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
+ List
of users who are authorized to submit mail with the <a href="sendmail.1.html"><b>send-</b></a>
<a href="sendmail.1.html"><b>mail</b>(1)</a> command (and with the privileged <a href="postdrop.1.html"><b>postdrop</b>(1)</a> helper com-
mand).
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#bounce_size_limit">bounce_size_limit</a> (50000)</b>
- The maximal amount of original message text that is sent in a
+ The maximal amount of original message text that is sent in a
non-delivery notification.
<b><a href="postconf.5.html#fork_attempts">fork_attempts</a> (5)</b>
in the primary message headers.
<b><a href="postconf.5.html#queue_run_delay">queue_run_delay</a> (300s)</b>
- The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
+ The time between <a href="QSHAPE_README.html#deferred_queue">deferred queue</a> scans by the queue manager;
prior to Postfix 2.4 the default value was 1000s.
<b>FAST FLUSH CONTROLS</b>
- The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
+ The <a href="ETRN_README.html">ETRN_README</a> file describes configuration and operation details for
the Postfix "fast flush" service.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
tion logfiles with mail that is queued to those destinations.
<b>VERP CONTROLS</b>
- The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
+ The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation details of
Postfix support for variable envelope return path addresses.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter characters on
+ The characters Postfix accepts as VERP delimiter characters on
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#alias_database">alias_database</a> (see 'postconf -d' output)</b>
- The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
+ The alias databases for <a href="local.8.html"><b>local</b>(8)</a> delivery that are updated with
"<b>newaliases</b>" or with "<b>sendmail -bi</b>".
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_directory">daemon_directory</a> (see 'postconf -d' output)</b>
and <a href="postmap.1.html"><b>postmap</b>(1)</a> commands.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of the message
+ The time after which the sender receives a copy of the message
headers of mail that is still queued.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
- The list of environment parameters that a privileged Postfix
- process will import from a non-Postfix parent process, or
+ The list of environment parameters that a privileged Postfix
+ process will import from a non-Postfix parent process, or
name=value environment overrides.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> (empty)</b>
- Don't rewrite message headers from remote clients at all when
- this parameter is empty; otherwise, rewrite message headers and
+ Don't rewrite message headers from remote clients at all when
+ this parameter is empty; otherwise, rewrite message headers and
append the specified domain name to incomplete addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Postfix 3.2 and later:
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration directories that may
- be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
- the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
+ be specified with "-c <a href="postconf.5.html#config_directory">config_directory</a>" on the command line (in
+ the case of <a href="sendmail.1.html"><b>sendmail</b>(1)</a>, with the "-C" option), or via the
MAIL_CONFIG environment parameter.
<b><a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> (empty)</b>
- An optional list of non-default Postfix configuration directo-
- ries; these directories belong to additional Postfix instances
- that share the Postfix executable files and documentation with
- the default Postfix instance, and that are started, stopped,
+ An optional list of non-default Postfix configuration directo-
+ ries; these directories belong to additional Postfix instances
+ that share the Postfix executable files and documentation with
+ the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance.
<b>FILES</b>
<a href="postdrop.1.html">postdrop(1)</a>, mail posting utility
<a href="postfix.1.html">postfix(1)</a>, mail system control
<a href="postqueue.1.html">postqueue(1)</a>, mail queue control
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README_FILES</b>
- Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
+ Use "<b>postconf <a href="postconf.5.html#readme_directory">readme_directory</a></b>" or "<b>postconf <a href="postconf.5.html#html_directory">html_directory</a></b>" to locate
this information.
<a href="DEBUG_README.html">DEBUG_README</a>, Postfix debugging howto
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
None. The <a href="showq.8.html"><b>showq</b>(8)</a> daemon does not interact with the outside world.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="showq.8.html"><b>showq</b>(8)</a> processes
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
<a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
- files are marked so that the queue manager can move them to the <b>corrupt</b>
- queue for further inspection.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue for further inspection.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, and of other trouble.
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
<a href="tlsmgr.8.html">tlsmgr(8)</a>, TLS session and PRNG management
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<a href="http://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces, protocol problems, policy violations, and
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
<b>DIAGNOSTICS</b>
The <a href="spawn.8.html"><b>spawn</b>(8)</a> daemon reports abnormal child exits. Problems are logged
- to <b>syslogd</b>(8).
+ to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>SECURITY</b>
This program needs root privilege in order to execute external commands
<b>SEE ALSO</b>
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
Postfix-owned <b><a href="postconf.5.html#data_directory">data_directory</a></b>, and a warning is logged.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to the syslog daemon.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
There is no automatic means to limit the number of entries in the TLS
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
fixed low privilege.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are not picked up automatically, as <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> pro-
<a href="postscreen.8.html">postscreen(8)</a>, Postfix zombie blocker
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
- syslogd(5), system logging
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this software.
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="bounce.8.html"><b>bounce</b>(8)</a> processes
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
<a href="master.5.html">master(5)</a>, generic daemon options
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>LICENSE</b>
fixed low privilege in a chrooted environment.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>CONFIGURATION PARAMETERS</b>
On busy mail systems a long time may pass before a <a href="postconf.5.html"><b>main.cf</b></a> change
<a href="transport.5.html">transport(5)</a>, transport table format
<a href="relocated.5.html">relocated(5)</a>, format of the "user has moved" table
<a href="master.8.html">master(8)</a>, process manager
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README FILES</b>
warning is logged.
<b>DIAGNOSTICS</b>
- Problems and transactions are logged to <b>syslogd</b>(8).
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
<b>BUGS</b>
Address verification probe messages add additional traffic to the mail
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="cleanup.8.html">cleanup(8)</a>, enqueue Postfix message
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
- syslogd(5), system logging
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
+ syslogd(8), system logging
<b>README FILES</b>
<a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a>, address verification howto
over disk quota. In all other cases, mail for an existing recipient is
deferred and a warning is logged.
- Problems and transactions are logged to <b>syslogd</b>(8). Corrupted message
- files are marked so that the queue manager can move them to the <b>corrupt</b>
- queue afterwards.
+ Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
+ them to the <b>corrupt</b> queue afterwards.
Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<a href="qmgr.8.html">qmgr(8)</a>, queue manager
<a href="bounce.8.html">bounce(8)</a>, delivery status reports
<a href="postconf.5.html">postconf(5)</a>, configuration parameters
+ <a href="postlogd.8.html">postlogd(8)</a>, Postfix logging
syslogd(8), system logging
<b>README_FILES</b>
# Non-production: needs thorough testing, or major changes are still
# needed before the code stabilizes.
-#CCARGS="$CCARGS -DNONPROD"
+CCARGS="$CCARGS -DNONPROD"
# Workaround: prepend Postfix include files before other include files.
CCARGS="-I. -I../../include $CCARGS"
.ad
.fi
Problems are logged to the standard error stream and to
-\fBsyslogd\fR(8). No output means that
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that
no problems were detected. Duplicate entries are skipped and are
flagged with a warning.
postconf(5), configuration parameters
postmap(1), create/update/query lookup tables
newaliases(1), Sendmail compatibility interface.
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.ad
.fi
Fatal errors: malformed input, I/O error, out of memory. Problems
-are logged to \fBsyslogd\fR(8) and to the standard error stream.
+are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to
+the standard error stream.
When the input is incomplete, or when the process receives a HUP,
INT, QUIT or TERM signal, the queue file is deleted.
.SH "ENVIRONMENT"
.nf
sendmail(1), compatibility interface
postconf(5), configuration parameters
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
line, \fBpostlog\fR(1) reads from standard input and logs each input
line as one record.
-By default, logging is sent to \fBsyslogd\fR(8); when the
+By default, logging is sent to \fBsyslogd\fR(8) or
+\fBpostlogd\fR(8); when the
standard error stream is connected to a terminal, logging
is sent there as well.
.na
.nf
postconf(5), configuration parameters
-syslogd(8), syslog daemon
-postlogd(8), internal logging service
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "LICENSE"
.na
.nf
.ad
.fi
Problems are logged to the standard error stream and to
-\fBsyslogd\fR(8).
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8).
No output means that no problems were detected. Duplicate entries are
skipped and are flagged with a warning.
postalias(1), create/update/query alias database
postconf(1), supported database types
postconf(5), configuration parameters
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems are logged to \fBsyslogd\fR(8) and to the standard error
-stream.
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+and to the standard error stream.
.SH "ENVIRONMENT"
.na
.nf
flush(8), fast flush service
sendmail(1), Sendmail\-compatible user interface
postsuper(1), privileged queue operations
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "README FILES"
.na
.nf
.ad
.fi
Problems are reported to the standard error stream and to
-\fBsyslogd\fR(8).
+\fBsyslogd\fR(8) or \fBpostlogd\fR(8).
\fBpostsuper\fR(1) reports the number of messages deleted with \fB\-d\fR,
the number of messages requeued with \fB\-r\fR, and the number of
messages whose queue file name was fixed with \fB\-s\fR. The report
-is written to the standard error stream and to \fBsyslogd\fR(8).
+is written to the standard error stream and to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "ENVIRONMENT"
.na
.nf
.nf
sendmail(1), Sendmail\-compatible user interface
postqueue(1), unprivileged queue operations
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "LICENSE"
.na
.nf
.SH DIAGNOSTICS
.ad
.fi
-Problems are logged to \fBsyslogd\fR(8) and to the standard error
-stream.
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+and to the standard error stream.
.SH "ENVIRONMENT"
.na
.nf
postdrop(1), mail posting utility
postfix(1), mail system control
postqueue(1), mail queue control
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README_FILES"
.na
This feature is available in Postfix 2.3 and later.
.SH maillog_file (default: empty)
The name of an optional logfile that is written by the Postfix
-\fBpostlogd\fR(8) service. A non\-empty value disables logging to \fBsyslogd\fR(8).
-Specify "/dev/stdout" for logging to standard output. Stdout logging
-requires that Postfix is started with "postfix start\-fg".
+\fBpostlogd\fR(8) service. A non\-empty value selects logging to \fBsyslogd\fR(8).
+Specify "/dev/stdout" to select logging to standard output. Stdout
+logging requires that Postfix is started with "postfix start\-fg".
.PP
Note 1: The maillog_file parameter value must contain a prefix
that is specified with the maillog_file_prefixes parameter.
This feature is available in Postfix 3.4 and later.
.SH maillog_file_compressor (default: gzip)
The program to run after rotating $maillog_file with "postfix
-logrotate". The command is run with the rotated file as its first
-argument.
+logrotate". The command is run with the rotated logfile name as its
+first argument.
.PP
This feature is available in Postfix 3.4 and later.
.SH maillog_file_prefixes (default: /var, /dev/stdout)
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Upon exit, and every \fBanvil_status_update_time\fR
seconds, the server logs the maximal count and rate values measured,
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "CONFIGURATION PARAMETERS"
.na
.nf
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
off in email addresses.
.IP "\fBmasquerade_exceptions (empty)\fR"
Optional list of user names that are not subjected to address
-masquerading, even when their address matches $masquerade_domains.
+masquerading, even when their addresses match $masquerade_domains.
.IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
What address lookup tables copy an address extension from the lookup
key to the lookup result.
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces and of other trouble.
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "CONFIGURATION PARAMETERS"
.na
.nf
.nf
smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
-syslogd(5), system logging
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "LICENSE"
.na
.nf
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces and of other trouble.
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Corrupted message files are marked so that the queue
manager can move them to the \fBcorrupt\fR queue afterwards.
aliases(5), format of alias database
postconf(5), configuration parameters
master(5), generic daemon options
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems are reported to \fBsyslogd\fR(8). The exit status
+Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+The exit status
is non\-zero in case of problems, including problems while
initializing as a master daemon process in the background.
.SH "ENVIRONMENT"
verify(8), address verification
master(5), master.cf configuration file syntax
postconf(5), main.cf configuration file syntax
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to the \fBsyslog\fR(8) daemon.
+Problems and transactions are logged to the \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8) daemon.
Corrupted message files are saved to the \fBcorrupt\fR queue
for further inspection.
Available in Postfix version 2.5 and later:
.IP "\fBdefault_destination_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
-deliveries to the same destination; the resulting behavior depends
-on the value of the corresponding per\-destination recipient limit.
+message deliveries to the same destination and over the same message
+delivery transport.
.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
A transport\-specific override for the default_destination_rate_delay
parameter value, where \fItransport\fR is the master.cf name of
Available in Postfix version 3.1 and later:
.IP "\fBdefault_transport_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
-deliveries over the same message delivery transport, regardless of
-destination.
+message deliveries over the same message delivery transport,
+regardless of destination.
.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
A transport\-specific override for the default_transport_rate_delay
parameter value, where the initial \fItransport\fR in the parameter
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
This command output is not examined for the presence of an
enhanced status code.
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Corrupted message files are marked so that the queue manager
can move them to the \fBcorrupt\fR queue for further inspection.
.SH "SECURITY"
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.na
.nf
postconf(5), configuration parameters
-syslogd(5), system logging
+syslogd(8), system logging
+.SH "README_FILES"
+.na
+.nf
+.ad
+.fi
+Use "\fBpostconf readme_directory\fR" or
+"\fBpostconf html_directory\fR" to locate this information.
+.na
+.nf
+MAILLOG_README, Postfix logging to file or stdout
.SH "LICENSE"
.na
.nf
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
smtpd(8), Postfix SMTP server
tlsproxy(8), Postfix TLS proxy server
dnsblog(8), DNS black/whitelist logger
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to the syslog daemon.
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Corrupted message files are saved to the \fBcorrupt\fR queue
for further inspection.
Available in Postfix version 2.5 and later:
.IP "\fBdefault_destination_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
-deliveries to the same destination; the resulting behavior depends
-on the value of the corresponding per\-destination recipient limit.
+message deliveries to the same destination and over the same message
+delivery transport.
.IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
A transport\-specific override for the default_destination_rate_delay
parameter value, where \fItransport\fR is the master.cf name of
Available in Postfix version 3.1 and later:
.IP "\fBdefault_transport_rate_delay (0s)\fR"
The default amount of delay that is inserted between individual
-deliveries over the same message delivery transport, regardless of
-destination.
+message deliveries over the same message delivery transport,
+regardless of destination.
.IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
A transport\-specific override for the default_transport_rate_delay
parameter value, where the initial \fItransport\fR in the parameter
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
http://cr.yp.to/proto/qmqp.html, QMQP protocol
cleanup(8), message canonicalization
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
smtp(8), SMTP client
postconf(5), configuration parameters
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "CONFIGURATION PARAMETERS"
.na
.nf
qmgr(8), queue manager
postconf(5), configuration parameters
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Corrupted message files are marked so that the queue manager can
move them to the \fBcorrupt\fR queue for further inspection.
master(5), generic daemon options
master(8), process manager
tlsmgr(8), TLS session and PRNG management
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces, protocol problems,
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.ad
.fi
The \fBspawn\fR(8) daemon reports abnormal child exits.
-Problems are logged to \fBsyslogd\fR(8).
+Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
.SH "SECURITY"
.na
.nf
.nf
postconf(5), configuration parameters
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "LICENSE"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to the syslog daemon.
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
postconf(5), configuration parameters
master(5), generic daemon options
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "CONFIGURATION PARAMETERS"
.na
.nf
postscreen(8), Postfix zombie blocker
smtpd(8), Postfix SMTP server
postconf(5), configuration parameters
-syslogd(5), system logging
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "LICENSE"
.na
.nf
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH "CONFIGURATION PARAMETERS"
.na
.nf
transport(5), transport table format
relocated(5), format of the "user has moved" table
master(8), process manager
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README FILES"
.na
.SH DIAGNOSTICS
.ad
.fi
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
.SH BUGS
.ad
.fi
smtpd(8), Postfix SMTP server
cleanup(8), enqueue Postfix message
postconf(5), configuration parameters
-syslogd(5), system logging
+postlogd(8), Postfix logging
+syslogd(8), system logging
.SH "README FILES"
.na
.nf
recipient is over disk quota. In all other cases, mail for
an existing recipient is deferred and a warning is logged.
-Problems and transactions are logged to \fBsyslogd\fR(8).
+Problems and transactions are logged to \fBsyslogd\fR(8)
+or \fBpostlogd\fR(8).
Corrupted message files are marked so that the queue
manager can move them to the \fBcorrupt\fR queue afterwards.
qmgr(8), queue manager
bounce(8), delivery status reports
postconf(5), configuration parameters
+postlogd(8), Postfix logging
syslogd(8), system logging
.SH "README_FILES"
.na
<h2><a name="logging">Look for obvious signs of trouble</a></h2>
-<p> Postfix logs all failed and successful deliveries to a logfile.
-The file is usually called /var/log/maillog or /var/log/mail; the
-exact pathname is defined in the /etc/syslog.conf file. </p>
+<p> Postfix logs all failed and successful deliveries to a logfile. </p>
+
+<ul>
+
+<li> <p> When Postfix uses syslog logging (the default), the file
+is usually called /var/log/maillog, /var/log/mail, or something
+similar; the exact pathname is configured in a file called
+/etc/syslog.conf, /etc/rsyslog.conf, or something similar. </p>
+
+<li> <p> When Postfix uses its own logging system (see MAILLOG_README),
+the location of the logfile is configured with the Postfix maillog_file
+parameter. </p>
+
+</ul>
<p> When Postfix does not receive or deliver mail, the first order
of business is to look for errors that prevent Postfix from working
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix logging to file or stdout</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+logging to file or stdout</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix supports it own logging system as an alternative to
+syslog (which remains the default). This is available with Postfix
+version 3.4 or later. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#log-to-file">Configuring logging to file</a>
+
+<li><a href="#log-to-stdout">Configuring logging to stdout</a>
+
+<li><a href="#logrotate">Rotating logs </a>
+
+<li><a href="#limitations">Limitations</a>
+
+</ul>
+
+<h2> <a name="log-to-file"> Configuring logging to file </a> </h2>
+
+<p> Logging to file solves a usability problem for MacOS, and
+eliminates multiple problems for systemd-based systems. </p>
+
+<ol>
+
+<li> <p> Add the following line to master.cf if not already present
+(note: there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure Postfix to write logging, to, for example,
+/var/log/postfix.log. See also the "<a href="#logrotate">Logfile
+rotation</a>" section below for logfile management. </p>
+
+<blockquote>
+<pre>
+# postfix stop
+# postconf maillog_file=/var/log/postfix.log
+# postfix start
+</pre>
+</blockquote>
+
+<p> By default, the logfile name must start with "/var" or "/dev/stdout"
+(the list of allowed prefixes is configured with the maillog_file_prefixes
+parameter). This safety mechanism limits the damage from a single
+configuration mistake. </p>
+
+</ol>
+
+<h2> <a name="log-to-stdout"> Configuring logging to stdout </a> </h2>
+
+<p> Logging to stdout is useful when Postfix runs in a container,
+as it eliminates a syslogd dependency. </p>
+
+<ol>
+
+<li> <p> Add the following line to master.cf if not already present (note:
+there must be no whitespace at the start of the line): </p>
+
+<blockquote>
+<pre>
+postlog unix-dgram n - n - 1 postlogd
+</pre>
+</blockquote>
+
+<p> Note: the service type "<b>unix-dgram</b>" was introduced with
+Postfix 3.4. Remove the above line before backing out to an older
+Postfix version. </p>
+
+<li> <p> Configure main.cf with "maillog_file = /dev/stdout". </p>
+
+<li> <p> Start Postfix with "<b>postfix start-fg</b>". </p>
+
+</ol>
+
+<h2> <a name="logrotate"> Rotating logs </a> </h2>
+
+<p> The command "<b>postfix logrotate</b>" may be run by hand or
+by a cronjob. It logs all errors, and reports errors to stderr if
+run from a terminal. This command implements the following steps:
+</p>
+
+<ul>
+
+<li> <p> Rename the current logfile by appending a suffix that
+contains the date and time. This suffix is configured with the
+maillog_file_rotate_suffix parameter (default: %Y%M%d-%H%M%S). </p>
+
+<li> <p> Reload Postfix so that postlogd(8) immediately closes the
+old logfile. </p>
+
+<li> <p> After a brief pause, compress the old logfile. The compression
+program is configured with the maillog_file_compressor parameter
+(default: gzip). </p>
+
+</ul>
+
+<p> Notes: </p>
+
+<ul>
+
+<li> <p> This command will not rotate a logfile with pathname under
+the /dev directory, such as /dev/stdout. </p>
+
+<li> <p> This command does not (yet) remove old logfiles. </p>
+
+</ul>
+
+<h2> <a name="limitations">Limitations</a> </h2>
+
+<p> Background: </p>
+
+<ul>
+
+<li> <p> Postfix consists of a number of daemon programs, and
+non-daemon programs some of which are used for local mail submission,
+and some for Postfix management.
+
+<li> <p> Logging to Postfix logfile or stdout requires the Postfix
+postlogd(8) service. This ensures that simultaneous logging from
+different programs will not get mixed up. </p>
+
+<li> <p> All Postfix programs can log to syslog, but not all programs
+have sufficient privileges to use the Postfix logging service, and
+many non-daemon programs must not log to stdout as that would corrupt
+their output. </p>
+
+</ul>
+
+<p> Limitations: </p>
+
+<ul>
+
+<li> <p> Non-daemon Postfix programs will log errors to syslogd(8)
+before they have processed command-line options and main.cf parameters.
+
+<li> <p> If Postfix is down, the non-daemon programs postfix(1),
+postsuper(1), postmulti(1), and postlog(1), will log directly to
+$maillog_file. These programs expect to run with root privileges,
+for example during Postfix start-up, reload, or shutdown.
+
+<li> <p> Other non-daemon Postfix programs will never write directly
+to $maillog_file (also, logging to stdout would interfere with the
+operation of some of these programs). These programs can log to
+postlogd(8) if they are run by the super-user, or if their executable
+file has set-gid permission. Do not set this permission on programs
+other than postdrop(1) and postqueue(1).
+
+</ul>
+
+</body>
+
+</html>
../html/LDAP_README.html \
../html/LINUX_README.html \
../html/LOCAL_RECIPIENT_README.html ../html/MAILDROP_README.html \
+ ../html/MAILLOG_README.html \
../html/LMDB_README.html \
../html/MEMCACHE_README.html \
../html/MILTER_README.html \
../README_FILES/LDAP_README \
../README_FILES/LINUX_README \
../README_FILES/LOCAL_RECIPIENT_README ../README_FILES/MAILDROP_README \
+ ../README_FILES/MAILLOG_README \
../README_FILES/LMDB_README \
../README_FILES/MEMCACHE_README \
../README_FILES/MILTER_README \
../html/MAILDROP_README.html: MAILDROP_README.html
$(DETAB) $? | $(POSTLINK) >$@
+../html/MAILLOG_README.html: MAILLOG_README.html
+ $(DETAB) $? | $(POSTLINK) >$@
+
../html/LMDB_README.html: LMDB_README.html
$(DETAB) $? | $(POSTLINK) >$@
../README_FILES/MAILDROP_README: MAILDROP_README.html
$(DETAB) $? | $(HT2READ) >$@
+../README_FILES/MAILLOG_README: MAILLOG_README.html
+ $(DETAB) $? | $(HT2READ) >$@
+
../README_FILES/LMDB_README: LMDB_README.html
$(DETAB) $? | $(HT2READ) >$@
%PARAM maillog_file
<p> The name of an optional logfile that is written by the Postfix
-postlogd(8) service. A non-empty value disables logging to syslogd(8).
-Specify "/dev/stdout" for logging to standard output. Stdout logging
-requires that Postfix is started with "postfix start-fg". </p>
+postlogd(8) service. A non-empty value selects logging to syslogd(8).
+Specify "/dev/stdout" to select logging to standard output. Stdout
+logging requires that Postfix is started with "postfix start-fg".
+</p>
<p> Note 1: The maillog_file parameter value must contain a prefix
that is specified with the maillog_file_prefixes parameter. </p>
%PARAM maillog_file_compressor gzip
<p> The program to run after rotating $maillog_file with "postfix
-logrotate". The command is run with the rotated file as its first
-argument. </p>
+logrotate". The command is run with the rotated logfile name as its
+first argument. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
/* from many remote clients. To reduce memory usage, reduce
/* the time unit over which state is kept.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/*
/* Upon exit, and every \fBanvil_status_update_time\fR
/* seconds, the server logs the maximal count and rate values measured,
/* RFC 6532 (Internationalized Message Format)
/* RFC 6533 (Internationalized Delivery Status Notifications)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* RFC 3464 (Delivery status notifications)
/* RFC 5322 (Internet Message Format)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* Table-driven rewriting rules make it hard to express \fBif then
/* else\fR and other logical relationships.
/* off in email addresses.
/* .IP "\fBmasquerade_exceptions (empty)\fR"
/* Optional list of user names that are not subjected to address
-/* masquerading, even when their address matches $masquerade_domains.
+/* masquerading, even when their addresses match $masquerade_domains.
/* .IP "\fBpropagate_unmatched_extensions (canonical, virtual)\fR"
/* What address lookup tables copy an address extension from the lookup
/* key to the lookup result.
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* Autodetection: request SMTPUTF8 support if the message
/* contains an UTF8 message header, sender, or recipient.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* SEE ALSO
/* cleanup(8) cleanup service description.
/* cleanup_init(8) cleanup callable interface, initialization
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/* System library. */
/* cleanup_sig() must be called in case of SIGTERM, in order
/* to remove an incomplete queue file.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* SEE ALSO
/* cleanup_api(3) cleanup callable interface, message processing
/* LICENSE
/* STANDARDS
/* RFC 3463 (Enhanced Status Codes)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/*
/* Depending on the setting of the \fBnotify_classes\fR parameter,
/* the postmaster is notified of bounces and of other trouble.
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* is no reply, or a negative reply that contains no SOA record.
/* Finally, the \fBdnsblog\fR(8) server closes the connection.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* SEE ALSO
/* smtpd(8), Postfix SMTP server
/* postconf(5), configuration parameters
-/* syslogd(5), system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* STANDARDS
/* RFC 3463 (Enhanced Status Codes)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/*
/* Depending on the setting of the \fBnotify_classes\fR parameter,
/* the postmaster is notified of bounces and of other trouble.
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* talk to the network, and it does not talk to local users.
/* The fast flush server can run chrooted at fixed low privilege.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* Fast flush logfiles are truncated only after a "send"
/* request, not when mail is actually delivered, and therefore can
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
#ifndef DEF_OPENSSL_PATH
#define DEF_OPENSSL_PATH "openssl"
#endif
+extern char *var_openssl_path;
#define VAR_MANPAGE_DIR "manpage_directory"
#ifndef DEF_MANPAGE_DIR
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190202"
+#define MAIL_RELEASE_DATE "20190207"
#define MAIL_VERSION_NUMBER "3.4"
#ifdef SNAPSHOT
/* RFC 822 (ARPA Internet Text Messages)
/* RFC 3463 (Enhanced status codes)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* Corrupted message files are marked so that the queue
/* manager can move them to the \fBcorrupt\fR queue afterwards.
/*
/* aliases(5), format of alias database
/* postconf(5), configuration parameters
/* master(5), generic daemon options
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* This value is taken from the global \fBmain.cf\fR configuration
/* file. Setting \fBvar_use_limit\fR to zero disables the idle limit.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* SEE ALSO
/* master(8), master process
-/* syslogd(8) system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* configuration file. Setting \fBvar_idle_limit\fR to zero
/* disables the idle limit.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* SEE ALSO
/* master(8), master process
-/* syslogd(8) system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* terminate only the master ("\fBpostfix stop\fR") and allow running
/* processes to finish what they are doing.
/* DIAGNOSTICS
-/* Problems are reported to \fBsyslogd\fR(8). The exit status
+/* Problems are reported to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
+/* The exit status
/* is non-zero in case of problems, including problems while
/* initializing as a master daemon process in the background.
/* ENVIRONMENT
/* verify(8), address verification
/* master(5), master.cf configuration file syntax
/* postconf(5), main.cf configuration file syntax
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/*
* Initialize logging and exit handler.
*/
- maillog_client_init(mail_task(var_procname),
+ maillog_client_init(mail_task(var_procname),
MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK);
/*
keep_stdout = 1;
break;
case 'D':
- debug_me = 1;
+ debug_me = 1;
break;
case 's':
keep_stdout = 1;
/*
* If started from a terminal, get rid of any tty association. This also
* means that all errors and warnings must go to the syslog daemon.
+ * Some new world has no terminals and prefers logging to stdout.
*/
if (master_detach)
for (fd = 0; fd < 3; fd++) {
master_config();
master_sigsetup();
master_flow_init();
- maillog_client_init(mail_task(var_procname),
+ maillog_client_init(mail_task(var_procname),
MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK);
msg_info("daemon started -- version %s, configuration %s",
var_mail_version, var_config_dir);
master_gotsighup = 0; /* this first */
master_vars_init(); /* then this */
master_refresh(); /* then this */
- maillog_client_init(mail_task(var_procname),
+ maillog_client_init(mail_task(var_procname),
MAILLOG_CLIENT_FLAG_LOGWRITER_FALLBACK);
}
if (master_gotsigchld) {
/* This value is taken from the global \fBmain.cf\fR configuration
/* file. Setting \fBvar_idle_limit\fR to zero disables the idle limit.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* SEE ALSO
/* master(8), master process
-/* syslogd(8) system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* This value is taken from the global \fBmain.cf\fR configuration
/* file. Setting \fBvar_idle_limit\fR to zero disables the idle limit.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* SEE ALSO
/* master(8), master process
-/* syslogd(8) system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* This value is taken from the global \fBmain.cf\fR configuration
/* file. Setting \fBvar_use_limit\fR to zero disables the idle limit.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* Works with FIFO-based services only.
/* SEE ALSO
/* master(8), master process
-/* syslogd(8) system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* does not talk to the outside world, and it can be run at fixed low
/* privilege in a chrooted environment.
/* DIAGNOSTICS
-/* Problems and transactions are logged to the \fBsyslog\fR(8) daemon.
+/* Problems and transactions are logged to the \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8) daemon.
/* Corrupted message files are saved to the \fBcorrupt\fR queue
/* for further inspection.
/*
/* Available in Postfix version 2.5 and later:
/* .IP "\fBdefault_destination_rate_delay (0s)\fR"
/* The default amount of delay that is inserted between individual
-/* deliveries to the same destination; the resulting behavior depends
-/* on the value of the corresponding per-destination recipient limit.
+/* message deliveries to the same destination and over the same message
+/* delivery transport.
/* .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
/* A transport-specific override for the default_destination_rate_delay
/* parameter value, where \fItransport\fR is the master.cf name of
/* Available in Postfix version 3.1 and later:
/* .IP "\fBdefault_transport_rate_delay (0s)\fR"
/* The default amount of delay that is inserted between individual
-/* deliveries over the same message delivery transport, regardless of
-/* destination.
+/* message deliveries over the same message delivery transport,
+/* regardless of destination.
/* .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
/* A transport-specific override for the default_transport_rate_delay
/* parameter value, where the initial \fItransport\fR in the parameter
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* what files it opens for reading, and does not actually touch any data
/* that is sent to its public service endpoint.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* The \fBpickup\fR(8) daemon copies mail from file to the \fBcleanup\fR(8)
/* daemon. It could avoid message copying overhead by sending a file
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* This command output is not examined for the presence of an
/* enhanced status code.
/*
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* Corrupted message files are marked so that the queue manager
/* can move them to the \fBcorrupt\fR queue for further inspection.
/* SECURITY
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* The name of the alias database source file when creating a database.
/* DIAGNOSTICS
/* Problems are logged to the standard error stream and to
-/* \fBsyslogd\fR(8). No output means that
+/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8). No output means that
/* no problems were detected. Duplicate entries are skipped and are
/* flagged with a warning.
/*
/* postconf(5), configuration parameters
/* postmap(1), create/update/query lookup tables
/* newaliases(1), Sendmail compatibility interface.
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* it can connect to Postfix daemon processes.
/* DIAGNOSTICS
/* Fatal errors: malformed input, I/O error, out of memory. Problems
-/* are logged to \fBsyslogd\fR(8) and to the standard error stream.
+/* are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8) and to
+/* the standard error stream.
/* When the input is incomplete, or when the process receives a HUP,
/* INT, QUIT or TERM signal, the queue file is deleted.
/* ENVIRONMENT
/* SEE ALSO
/* sendmail(1), compatibility interface
/* postconf(5), configuration parameters
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* line, \fBpostlog\fR(1) reads from standard input and logs each input
/* line as one record.
/*
-/* By default, logging is sent to \fBsyslogd\fR(8); when the
+/* By default, logging is sent to \fBsyslogd\fR(8) or
+/* \fBpostlogd\fR(8); when the
/* standard error stream is connected to a terminal, logging
/* is sent there as well.
/*
/* The name of the \fBpostlogd\fR(8) service entry in master.cf.
/* SEE ALSO
/* postconf(5), configuration parameters
-/* syslogd(8), syslog daemon
-/* postlogd(8), internal logging service
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
/* before it is terminated by a built-in watchdog timer.
/* SEE ALSO
/* postconf(5), configuration parameters
-/* syslogd(5), system logging
+/* syslogd(8), system logging
+/* README_FILES
+/* .ad
+/* .fi
+/* Use "\fBpostconf readme_directory\fR" or
+/* "\fBpostconf html_directory\fR" to locate this information.
+/* .na
+/* .nf
+/* MAILLOG_README, Postfix logging to file or stdout
/* LICENSE
/* .ad
/* .fi
/* The name of the lookup table source file when rebuilding a database.
/* DIAGNOSTICS
/* Problems are logged to the standard error stream and to
-/* \fBsyslogd\fR(8).
+/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
/* No output means that no problems were detected. Duplicate entries are
/* skipped and are flagged with a warning.
/*
/* postalias(1), create/update/query alias database
/* postconf(1), supported database types
/* postconf(5), configuration parameters
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* STANDARDS
/* RFC 7159 (JSON notation)
/* DIAGNOSTICS
-/* Problems are logged to \fBsyslogd\fR(8) and to the standard error
-/* stream.
+/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+/* and to the standard error stream.
/* ENVIRONMENT
/* .ad
/* .fi
/* flush(8), fast flush service
/* sendmail(1), Sendmail-compatible user interface
/* postsuper(1), privileged queue operations
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* README FILES
/* .ad
/* .fi
/* RFC 3463 (Enhanced Status Codes)
/* RFC 5321 (SMTP protocol, including multi-line 220 banners)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* The \fBpostscreen\fR(8) built-in SMTP protocol engine
/* currently does not announce support for AUTH, XCLIENT or
/* smtpd(8), Postfix SMTP server
/* tlsproxy(8), Postfix TLS proxy server
/* dnsblog(8), DNS black/whitelist logger
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* options make the software increasingly verbose.
/* DIAGNOSTICS
/* Problems are reported to the standard error stream and to
-/* \fBsyslogd\fR(8).
+/* \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
/*
/* \fBpostsuper\fR(1) reports the number of messages deleted with \fB-d\fR,
/* the number of messages requeued with \fB-r\fR, and the number of
/* messages whose queue file name was fixed with \fB-s\fR. The report
-/* is written to the standard error stream and to \fBsyslogd\fR(8).
+/* is written to the standard error stream and to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* ENVIRONMENT
/* .ad
/* .fi
/* SEE ALSO
/* sendmail(1), Sendmail-compatible user interface
/* postqueue(1), unprivileged queue operations
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
ADD_EXCLUDE(cipher_exclusions, "eNULL");
if (state->tlsproxy_mode) {
+ TLS_PARAMS tls_params;
/*
* Send all our wishes in one big request.
vstring_sprintf(port_buf, "%d", ntohs(state->port));
tlsproxy =
tls_proxy_open(DEF_TLSPROXY_SERVICE /* TODO */ , PROXY_OPEN_FLAGS,
- state->stream, state->paddr,
- STR(port_buf), smtp_tmout, smtp_tmout,
- state->addrport, &init_props, &start_props);
+ state->stream, state->paddr, STR(port_buf),
+ smtp_tmout, smtp_tmout, state->addrport,
+ tls_proxy_params_from_config(&tls_params),
+ &init_props, &start_props);
vstring_free(port_buf);
if (fchdir(cwd_fd) < 0)
msg_fatal("fchdir: %m");
/* type of security hole where ownership of a file or directory
/* does not match the provider of its content.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* The \fBproxymap\fR(8) server provides service to multiple clients,
/* and must therefore not be used for tables that have high-latency
/* does not talk to the outside world, and it can be run at fixed low
/* privilege in a chrooted environment.
/* DIAGNOSTICS
-/* Problems and transactions are logged to the syslog daemon.
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* Corrupted message files are saved to the \fBcorrupt\fR queue
/* for further inspection.
/*
/* Available in Postfix version 2.5 and later:
/* .IP "\fBdefault_destination_rate_delay (0s)\fR"
/* The default amount of delay that is inserted between individual
-/* deliveries to the same destination; the resulting behavior depends
-/* on the value of the corresponding per-destination recipient limit.
+/* message deliveries to the same destination and over the same message
+/* delivery transport.
/* .IP "\fBtransport_destination_rate_delay ($default_destination_rate_delay)\fR"
/* A transport-specific override for the default_destination_rate_delay
/* parameter value, where \fItransport\fR is the master.cf name of
/* Available in Postfix version 3.1 and later:
/* .IP "\fBdefault_transport_rate_delay (0s)\fR"
/* The default amount of delay that is inserted between individual
-/* deliveries over the same message delivery transport, regardless of
-/* destination.
+/* message deliveries over the same message delivery transport,
+/* regardless of destination.
/* .IP "\fBtransport_transport_rate_delay ($default_transport_rate_delay)\fR"
/* A transport-specific override for the default_transport_rate_delay
/* parameter value, where the initial \fItransport\fR in the parameter
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* clients and to DNS servers on the network. The QMQP server can be
/* run chrooted at fixed low privilege.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* The QMQP protocol provides only one server reply per message
/* delivery. It is therefore not possible to reject individual
/* http://cr.yp.to/proto/qmqp.html, QMQP protocol
/* cleanup(8), message canonicalization
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* The \fBscache\fR(8) server is not a trusted process. It must
/* not be used to store information that is security sensitive.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* The session cache cannot be shared among multiple machines.
/*
/* smtp(8), SMTP client
/* postconf(5), configuration parameters
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* Thus, the usual precautions need to be taken against malicious
/* inputs.
/* DIAGNOSTICS
-/* Problems are logged to \fBsyslogd\fR(8) and to the standard error
-/* stream.
+/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8),
+/* and to the standard error stream.
/* ENVIRONMENT
/* .ad
/* .fi
/* postdrop(1), mail posting utility
/* postfix(1), mail system control
/* postqueue(1), mail queue control
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README_FILES
/* .ad
/* None. The \fBshowq\fR(8) daemon does not interact with the
/* outside world.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* qmgr(8), queue manager
/* postconf(5), configuration parameters
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
/* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7672 (SMTP security via opportunistic DANE TLS)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* Corrupted message files are marked so that the queue manager can
/* move them to the \fBcorrupt\fR queue for further inspection.
/*
/* master(5), generic daemon options
/* master(8), process manager
/* tlsmgr(8), TLS session and PRNG management
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
| SMTP_KEY_FLAG_ADDR);
if (state->tls->conn_reuse) {
+ TLS_PARAMS tls_params;
/*
* Send all our wishes in one big request.
session->stream, STR(iter->addr),
STR(port_buf), var_smtp_starttls_tmout,
var_smtp_data2_tmout, state->service,
+ tls_proxy_params_from_config(&tls_params),
&init_props, &start_props);
vstring_free(port_buf);
/* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7505 ("Null MX" No Service Resource Record)
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/*
/* Depending on the setting of the \fBnotify_classes\fR parameter,
/* the postmaster is notified of bounces, protocol problems,
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* replaced by a more structural solution.
/* DIAGNOSTICS
/* The \fBspawn\fR(8) daemon reports abnormal child exits.
-/* Problems are logged to \fBsyslogd\fR(8).
+/* Problems are logged to \fBsyslogd\fR(8) or \fBpostlogd\fR(8).
/* SECURITY
/* .fi
/* .ad
/* SEE ALSO
/* postconf(5), configuration parameters
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* LICENSE
/* .ad
tls_proxy_client_init_print.c tls_proxy_client_init_scan.c \
tls_proxy_server_init_print.c tls_proxy_server_init_scan.c \
tls_proxy_client_start_print.c tls_proxy_client_start_scan.c \
- tls_proxy_server_start_print.c tls_proxy_server_start_scan.c
+ tls_proxy_server_start_print.c tls_proxy_server_start_scan.c \
+ tls_proxy_params_print.c tls_proxy_params_scan.c tls_proxy_params.c
OBJS = tls_prng_dev.o tls_prng_egd.o tls_prng_file.o tls_fprint.o \
tls_prng_exch.o tls_stream.o tls_bio_ops.o tls_misc.o tls_dh.o \
tls_rsa.o tls_verify.o tls_dane.o tls_certkey.o tls_session.o \
tls_level.o \
tls_proxy_clnt.o tls_proxy_context_print.o tls_proxy_context_scan.o \
tls_proxy_client_print.o tls_proxy_client_scan.o \
- tls_proxy_server_print.o tls_proxy_server_scan.o
+ tls_proxy_server_print.o tls_proxy_server_scan.o \
+ tls_proxy_params_print.o tls_proxy_params_scan.o tls_proxy_params.o
HDRS = tls.h tls_prng.h tls_scache.h tls_mgr.h tls_proxy.h
TESTSRC =
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
tls_proxy_context_scan.o: tls.h
tls_proxy_context_scan.o: tls_proxy.h
tls_proxy_context_scan.o: tls_proxy_context_scan.c
+tls_proxy_params.o: ../../include/argv.h
+tls_proxy_params.o: ../../include/attr.h
+tls_proxy_params.o: ../../include/check_arg.h
+tls_proxy_params.o: ../../include/dns.h
+tls_proxy_params.o: ../../include/htable.h
+tls_proxy_params.o: ../../include/mail_params.h
+tls_proxy_params.o: ../../include/msg.h
+tls_proxy_params.o: ../../include/myaddrinfo.h
+tls_proxy_params.o: ../../include/mymalloc.h
+tls_proxy_params.o: ../../include/name_code.h
+tls_proxy_params.o: ../../include/name_mask.h
+tls_proxy_params.o: ../../include/nvtable.h
+tls_proxy_params.o: ../../include/sock_addr.h
+tls_proxy_params.o: ../../include/sys_defs.h
+tls_proxy_params.o: ../../include/vbuf.h
+tls_proxy_params.o: ../../include/vstream.h
+tls_proxy_params.o: ../../include/vstring.h
+tls_proxy_params.o: tls.h
+tls_proxy_params.o: tls_proxy.h
+tls_proxy_params.o: tls_proxy_params.c
+tls_proxy_params_print.o: ../../include/argv.h
+tls_proxy_params_print.o: ../../include/attr.h
+tls_proxy_params_print.o: ../../include/check_arg.h
+tls_proxy_params_print.o: ../../include/dns.h
+tls_proxy_params_print.o: ../../include/htable.h
+tls_proxy_params_print.o: ../../include/mail_params.h
+tls_proxy_params_print.o: ../../include/msg.h
+tls_proxy_params_print.o: ../../include/myaddrinfo.h
+tls_proxy_params_print.o: ../../include/mymalloc.h
+tls_proxy_params_print.o: ../../include/name_code.h
+tls_proxy_params_print.o: ../../include/name_mask.h
+tls_proxy_params_print.o: ../../include/nvtable.h
+tls_proxy_params_print.o: ../../include/sock_addr.h
+tls_proxy_params_print.o: ../../include/sys_defs.h
+tls_proxy_params_print.o: ../../include/vbuf.h
+tls_proxy_params_print.o: ../../include/vstream.h
+tls_proxy_params_print.o: ../../include/vstring.h
+tls_proxy_params_print.o: tls.h
+tls_proxy_params_print.o: tls_proxy.h
+tls_proxy_params_print.o: tls_proxy_params_print.c
+tls_proxy_params_scan.o: ../../include/argv.h
+tls_proxy_params_scan.o: ../../include/argv_attr.h
+tls_proxy_params_scan.o: ../../include/attr.h
+tls_proxy_params_scan.o: ../../include/check_arg.h
+tls_proxy_params_scan.o: ../../include/dns.h
+tls_proxy_params_scan.o: ../../include/htable.h
+tls_proxy_params_scan.o: ../../include/mail_params.h
+tls_proxy_params_scan.o: ../../include/msg.h
+tls_proxy_params_scan.o: ../../include/myaddrinfo.h
+tls_proxy_params_scan.o: ../../include/mymalloc.h
+tls_proxy_params_scan.o: ../../include/name_code.h
+tls_proxy_params_scan.o: ../../include/name_mask.h
+tls_proxy_params_scan.o: ../../include/nvtable.h
+tls_proxy_params_scan.o: ../../include/sock_addr.h
+tls_proxy_params_scan.o: ../../include/sys_defs.h
+tls_proxy_params_scan.o: ../../include/vbuf.h
+tls_proxy_params_scan.o: ../../include/vstream.h
+tls_proxy_params_scan.o: ../../include/vstring.h
+tls_proxy_params_scan.o: tls.h
+tls_proxy_params_scan.o: tls_proxy.h
+tls_proxy_params_scan.o: tls_proxy_params_scan.c
tls_proxy_server_print.o: ../../include/argv.h
tls_proxy_server_print.o: ../../include/attr.h
tls_proxy_server_print.o: ../../include/check_arg.h
#ifdef USE_TLS
+ /*
+ * TLS_PARAMS structure. If this changes, update all functions in
+ * tls_proxy_params.c, tls_proxy_params_print.c, and
+ * tls_proxy_params_scan.c.
+ *
+ * In the serialization these attributes are identified by their configuration
+ * parameter names.
+ *
+ * TODO: add VAR_TLS_SERVER_SNI_MAPS, maybe as part of a server-only table.
+ */
+typedef struct TLS_PARAMS {
+ char *tls_high_clist;
+ char *tls_medium_clist;
+ char *tls_low_clist;
+ char *tls_export_clist;
+ char *tls_null_clist;
+ char *tls_eecdh_auto;
+ char *tls_eecdh_strong;
+ char *tls_eecdh_ultra;
+ char *tls_bug_tweaks;
+ char *tls_ssl_options;
+ char *tls_dane_agility;
+ char *tls_dane_digests;
+ char *tls_mgr_service;
+ char *tls_tkt_cipher;
+ char *openssl_path;
+ int tls_daemon_rand_bytes;
+ int tls_append_def_CA;
+ int tls_bc_pkey_fprint;
+ int tls_dane_taa_dgst;
+ int tls_preempt_clist;
+ int tls_multi_wildcard;
+} TLS_PARAMS;
+
+#define TLS_PROXY_PARAMS(params, a1, a2, a3, a4, a5, a6, a7, a8, \
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, a21) \
+ (((params)->a1), ((params)->a2), ((params)->a3), \
+ ((params)->a4), ((params)->a5), ((params)->a6), ((params)->a7), \
+ ((params)->a8), ((params)->a9), ((params)->a10), ((params)->a11), \
+ ((params)->a12), ((params)->a13), ((params)->a14), ((params)->a15), \
+ ((params)->a16), ((params)->a17), ((params)->a18), ((params)->a19), \
+ ((params)->a20), ((params)->a21))
+
+ /*
+ * tls_proxy_params.c, tls_proxy_params_print.c, and
+ * tls_proxy_params_scan.c.
+ */
+extern TLS_PARAMS *tls_proxy_params_from_config(TLS_PARAMS *);
+extern char *tls_proxy_params_to_string(VSTRING *, TLS_PARAMS *);
+extern char *tls_proxy_params_with_names_to_string(VSTRING *, TLS_PARAMS *);
+extern int tls_proxy_params_print(ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
+extern void tls_proxy_params_free(TLS_PARAMS *);
+extern int tls_proxy_params_scan(ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
+
+ /*
+ * Functions that handle TLS_XXX_INIT_PROPS and TLS_XXX_START_PROPS. These
+ * data structures are defined elsewhere, because they are also used in
+ * non-proxied requests.
+ */
#define tls_proxy_legacy_open(service, flags, peer_stream, peer_addr, \
peer_port, timeout, serverid) \
tls_proxy_open((service), (flags), (peer_stream), (peer_addr), \
- (peer_port), (timeout), (timeout), (serverid), (void *) 0, (void *) 0)
+ (peer_port), (timeout), (timeout), (serverid), \
+ (void *) 0, (void *) 0, (void *) 0)
extern VSTREAM *tls_proxy_open(const char *, int, VSTREAM *, const char *,
const char *, int, int, const char *,
- void *, void *);
+ TLS_PARAMS *, void *, void *);
#define TLS_PROXY_CLIENT_INIT_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \
a9, a10, a11, a12, a13, a14) \
(((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
- ((props)->a12), ((props)->a13), (props)->a14)
+ ((props)->a12), ((props)->a13), ((props)->a14))
#define TLS_PROXY_CLIENT_START_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \
a9, a10, a11, a12, a13, a14) \
/*
/* VSTREAM *tls_proxy_open(service, flags, peer_stream, peer_addr,
/* peer_port, handshake_timeout, session_timeout,
- serverid, init_props, start_props)
+/* serverid, tls_params, init_props, start_props)
/* const char *service;
/* int flags;
/* VSTREAM *peer_stream;
/* int handshake_timeout;
/* int session_timeout;
/* const char *serverid;
+/* TLS_PARAMS *tls_params;
/* void *init_props;
/* void *start_props;
/*
/* TLS handshake.
/* .IP serverid
/* Unique service identifier.
+/* .IP tls_params
+/* Pointer to TLS_PARAMS.
/* .IP init_props
/* Pointer to TLS_CLIENT_INIT_PROPS or TLS_SERVER_INIT_PROPS.
/* .IP start_props
int handshake_timeout,
int session_timeout,
const char *serverid,
+ TLS_PARAMS *tls_params,
void *init_props,
void *start_props)
{
switch (flags & (TLS_PROXY_FLAG_ROLE_CLIENT | TLS_PROXY_FLAG_ROLE_SERVER)) {
case TLS_PROXY_FLAG_ROLE_CLIENT:
attr_print(tlsproxy_stream, ATTR_FLAG_NONE,
+ SEND_ATTR_FUNC(tls_proxy_params_print, tls_params),
SEND_ATTR_FUNC(tls_proxy_client_init_print, init_props),
SEND_ATTR_FUNC(tls_proxy_client_start_print, start_props),
ATTR_TYPE_END);
case TLS_PROXY_FLAG_ROLE_SERVER:
#if 0
attr_print(tlsproxy_stream, ATTR_FLAG_NONE,
+ SEND_ATTR_FUNC(tls_proxy_params_print, tls_params),
SEND_ATTR_FUNC(tls_proxy_server_init_print, init_props),
SEND_ATTR_FUNC(tls_proxy_server_start_print, start_props),
ATTR_TYPE_END);
--- /dev/null
+/*++
+/* NAME
+/* tls_proxy_params 3
+/* SUMMARY
+/* TLS_PARAMS structure support
+/* SYNOPSIS
+/* #include <tls_proxy.h>
+/*
+/* TLS_PARAMS *tls_proxy_params_from_config(params)
+/* TLS_PARAMS *params;
+/*
+/* char *tls_proxy_params_to_string(buf, params)
+/* VSTRING *buf;
+/* TLS_PARAMS *params;
+/*
+/* char *tls_proxy_params_with_names_to_string(buf, params)
+/* VSTRING *buf;
+/* TLS_PARAMS *params;
+/* DESCRIPTION
+/* tls_proxy_params_from_config() initializes a TLS_PARAMS
+/* structure from configuration parameters and returns its
+/* argument. Strings are not copied. The result must therefore
+/* not be passed to tls_proxy_params_free().
+/*
+/* tls_proxy_params_to_string() produces a lookup key
+/* that is unique for the TLS_PARAMS member values.
+/*
+/* tls_proxy_params_with_names_to_string() TODO produces a
+/* string with "name = value\n" for each TLS_PARAMS member.
+/* This may be useful for reporting differences between
+/* TLS_PARAMS instances.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+#ifdef USE_TLS
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library */
+
+#include <attr.h>
+#include <msg.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+
+/* TLS library. */
+
+#include <tls.h>
+#include <tls_proxy.h>
+
+/* tls_proxy_params_from_config - initialize TLS_PARAMS from configuration */
+
+TLS_PARAMS *tls_proxy_params_from_config(TLS_PARAMS *params)
+{
+ TLS_PROXY_PARAMS(params,
+ tls_high_clist = var_tls_high_clist,
+ tls_medium_clist = var_tls_medium_clist,
+ tls_low_clist = var_tls_low_clist,
+ tls_export_clist = var_tls_export_clist,
+ tls_null_clist = var_tls_null_clist,
+ tls_eecdh_auto = var_tls_eecdh_auto,
+ tls_eecdh_strong = var_tls_eecdh_strong,
+ tls_eecdh_ultra = var_tls_eecdh_ultra,
+ tls_bug_tweaks = var_tls_bug_tweaks,
+ tls_ssl_options = var_tls_ssl_options,
+ tls_dane_agility = var_tls_dane_agility,
+ tls_dane_digests = var_tls_dane_digests,
+ tls_mgr_service = var_tls_mgr_service,
+ tls_tkt_cipher = var_tls_tkt_cipher,
+ openssl_path = var_openssl_path,
+ tls_daemon_rand_bytes = var_tls_daemon_rand_bytes,
+ tls_append_def_CA = var_tls_append_def_CA,
+ tls_bc_pkey_fprint = var_tls_bc_pkey_fprint,
+ tls_dane_taa_dgst = var_tls_dane_taa_dgst,
+ tls_preempt_clist = var_tls_preempt_clist,
+ tls_multi_wildcard = var_tls_multi_wildcard);
+ return (params);
+}
+
+/* tls_proxy_params_to_string - serialize TLS_PARAMS to string */
+
+char *tls_proxy_params_to_string(VSTRING *buf, TLS_PARAMS *params)
+{
+ vstring_sprintf(buf, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n"
+ "%s\n%s\n%s\n%s\n%d\n%d\n%d\n%d\n%d\n%d\n",
+ params->tls_high_clist, params->tls_medium_clist,
+ params->tls_low_clist, params->tls_export_clist,
+ params->tls_null_clist, params->tls_eecdh_auto,
+ params->tls_eecdh_strong, params->tls_eecdh_ultra,
+ params->tls_bug_tweaks, params->tls_ssl_options,
+ params->tls_dane_agility, params->tls_dane_digests,
+ params->tls_mgr_service, params->tls_tkt_cipher,
+ params->openssl_path, params->tls_daemon_rand_bytes,
+ params->tls_append_def_CA, params->tls_bc_pkey_fprint,
+ params->tls_dane_taa_dgst, params->tls_preempt_clist,
+ params->tls_multi_wildcard);
+ return (vstring_str(buf));
+}
+
+/* tls_proxy_params_with_names_to_string - serialize TLS_PARAMS to string */
+
+char *tls_proxy_params_with_names_to_string(VSTRING *buf, TLS_PARAMS *params)
+{
+ vstring_sprintf(buf, "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
+ "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
+ "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %d\n%s = %d\n"
+ "%s = %d\n%s = %d\n%s = %d\n%s = %d\n",
+ VAR_TLS_HIGH_CLIST, var_tls_high_clist,
+ VAR_TLS_MEDIUM_CLIST, var_tls_medium_clist,
+ VAR_TLS_LOW_CLIST, var_tls_low_clist,
+ VAR_TLS_EXPORT_CLIST, var_tls_export_clist,
+ VAR_TLS_NULL_CLIST, var_tls_null_clist,
+ VAR_TLS_EECDH_AUTO, var_tls_eecdh_auto,
+ VAR_TLS_EECDH_STRONG, var_tls_eecdh_strong,
+ VAR_TLS_EECDH_ULTRA, var_tls_eecdh_ultra,
+ VAR_TLS_BUG_TWEAKS, var_tls_bug_tweaks,
+ VAR_TLS_SSL_OPTIONS, var_tls_ssl_options,
+ VAR_TLS_DANE_AGILITY, var_tls_dane_agility,
+ VAR_TLS_DANE_DIGESTS, var_tls_dane_digests,
+ VAR_TLS_MGR_SERVICE, var_tls_mgr_service,
+ VAR_TLS_TKT_CIPHER, var_tls_tkt_cipher,
+ VAR_OPENSSL_PATH, var_openssl_path,
+ VAR_TLS_DAEMON_RAND_BYTES, var_tls_daemon_rand_bytes,
+ VAR_TLS_APPEND_DEF_CA, var_tls_append_def_CA,
+ VAR_TLS_BC_PKEY_FPRINT, var_tls_bc_pkey_fprint,
+ VAR_TLS_DANE_TAA_DGST, var_tls_dane_taa_dgst,
+ VAR_TLS_PREEMPT_CLIST, var_tls_preempt_clist,
+ VAR_TLS_MULTI_WILDCARD, var_tls_multi_wildcard);
+ return (vstring_str(buf));
+}
+
+#endif
--- /dev/null
+/*++
+/* NAME
+/* tls_proxy_params_print 3
+/* SUMMARY
+/* write TLS_PARAMS structures to stream
+/* SYNOPSIS
+/* #include <tls_proxy.h>
+/*
+/* int tls_proxy_params_print(print_fn, stream, flags, ptr)
+/* ATTR_PRINT_MASTER_FN print_fn;
+/* VSTREAM *stream;
+/* int flags;
+/* void *ptr;
+/* DESCRIPTION
+/* tls_proxy_params_print() writes a TLS_PARAMS structure to
+/* the named stream using the specified attribute print routine.
+/* tls_proxy_params_print() is meant to be passed as a call-back to
+/* attr_print(), thusly:
+/*
+/* SEND_ATTR_FUNC(tls_proxy_params_print, (void *) params), ...
+/* DIAGNOSTICS
+/* Fatal: out of memory.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+#ifdef USE_TLS
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library */
+
+#include <attr.h>
+#include <msg.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+
+/* TLS library. */
+
+#include <tls.h>
+#include <tls_proxy.h>
+
+/* tls_proxy_params_print - send TLS_PARAMS over stream */
+
+int tls_proxy_params_print(ATTR_PRINT_MASTER_FN print_fn, VSTREAM *fp,
+ int flags, void *ptr)
+{
+ TLS_PARAMS *params = (TLS_PARAMS *) ptr;
+ int ret;
+
+ if (msg_verbose)
+ msg_info("begin tls_proxy_params_print");
+
+ ret = print_fn(fp, flags | ATTR_FLAG_MORE,
+ SEND_ATTR_STR(VAR_TLS_HIGH_CLIST, params->tls_high_clist),
+ SEND_ATTR_STR(VAR_TLS_MEDIUM_CLIST,
+ params->tls_medium_clist),
+ SEND_ATTR_STR(VAR_TLS_LOW_CLIST, params->tls_low_clist),
+ SEND_ATTR_STR(VAR_TLS_EXPORT_CLIST,
+ params->tls_export_clist),
+ SEND_ATTR_STR(VAR_TLS_NULL_CLIST, params->tls_null_clist),
+ SEND_ATTR_STR(VAR_TLS_EECDH_AUTO, params->tls_eecdh_auto),
+ SEND_ATTR_STR(VAR_TLS_EECDH_STRONG,
+ params->tls_eecdh_strong),
+ SEND_ATTR_STR(VAR_TLS_EECDH_ULTRA,
+ params->tls_eecdh_ultra),
+ SEND_ATTR_STR(VAR_TLS_BUG_TWEAKS, params->tls_bug_tweaks),
+ SEND_ATTR_STR(VAR_TLS_SSL_OPTIONS,
+ params->tls_ssl_options),
+ SEND_ATTR_STR(VAR_TLS_DANE_AGILITY,
+ params->tls_dane_agility),
+ SEND_ATTR_STR(VAR_TLS_DANE_DIGESTS,
+ params->tls_dane_digests),
+ SEND_ATTR_STR(VAR_TLS_MGR_SERVICE,
+ params->tls_mgr_service),
+ SEND_ATTR_STR(VAR_TLS_TKT_CIPHER, params->tls_tkt_cipher),
+ SEND_ATTR_STR(VAR_OPENSSL_PATH, params->openssl_path),
+ SEND_ATTR_INT(VAR_TLS_DAEMON_RAND_BYTES,
+ params->tls_daemon_rand_bytes),
+ SEND_ATTR_INT(VAR_TLS_APPEND_DEF_CA,
+ params->tls_append_def_CA),
+ SEND_ATTR_INT(VAR_TLS_BC_PKEY_FPRINT,
+ params->tls_bc_pkey_fprint),
+ SEND_ATTR_INT(VAR_TLS_DANE_TAA_DGST,
+ params->tls_dane_taa_dgst),
+ SEND_ATTR_INT(VAR_TLS_PREEMPT_CLIST,
+ params->tls_preempt_clist),
+ SEND_ATTR_INT(VAR_TLS_MULTI_WILDCARD,
+ params->tls_multi_wildcard),
+ ATTR_TYPE_END);
+ /* Do not flush the stream. */
+ if (msg_verbose)
+ msg_info("tls_proxy_params_print ret=%d", ret);
+ return (ret);
+}
+
+#endif
--- /dev/null
+/*++
+/* NAME
+/* tls_proxy_params_scan 3
+/* SUMMARY
+/* read TLS_PARAMS structure from stream
+/* SYNOPSIS
+/* #include <tls_proxy.h>
+/*
+/* int tls_proxy_params_scan(scan_fn, stream, flags, ptr)
+/* ATTR_SCAN_MASTER_FN scan_fn;
+/* VSTREAM *stream;
+/* int flags;
+/* void *ptr;
+/*
+/* void tls_proxy_params_free(params)
+/* TLS_PARAMS *params;
+/* DESCRIPTION
+/* tls_proxy_params_scan() reads a TLS_PARAMS structure from
+/* the named stream using the specified attribute scan routine.
+/* tls_proxy_params_scan() is meant to be passed as a call-back
+/* function to attr_scan(), as shown below.
+/*
+/* tls_proxy_params_free() destroys a TLS_PARAMS structure
+/* that was created by tls_proxy_params_scan().
+/*
+/* TLS_PARAMS *params = 0;
+/* ...
+/* ... RECV_ATTR_FUNC(tls_proxy_params_scan, (void *) ¶ms)
+/* ...
+/* if (params != 0)
+/* tls_proxy_params_free(params);
+/* DIAGNOSTICS
+/* Fatal: out of memory.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
+/*--*/
+
+#ifdef USE_TLS
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library */
+
+#include <argv_attr.h>
+#include <attr.h>
+#include <msg.h>
+#include <vstring.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+
+/* TLS library. */
+
+#include <tls.h>
+#include <tls_proxy.h>
+
+#define STR(x) vstring_str(x)
+#define LEN(x) VSTRING_LEN(x)
+
+/* tls_proxy_params_free - destroy TLS_PARAMS structure */
+
+void tls_proxy_params_free(TLS_PARAMS * params)
+{
+ myfree(params->tls_high_clist);
+ myfree(params->tls_medium_clist);
+ myfree(params->tls_low_clist);
+ myfree(params->tls_export_clist);
+ myfree(params->tls_null_clist);
+ myfree(params->tls_eecdh_auto);
+ myfree(params->tls_eecdh_strong);
+ myfree(params->tls_eecdh_ultra);
+ myfree(params->tls_bug_tweaks);
+ myfree(params->tls_ssl_options);
+ myfree(params->tls_dane_agility);
+ myfree(params->tls_dane_digests);
+ myfree(params->tls_mgr_service);
+ myfree(params->tls_tkt_cipher);
+ myfree(params->openssl_path);
+ myfree((void *) params);
+}
+
+/* tls_proxy_params_scan - receive TLS_PARAMS from stream */
+
+int tls_proxy_params_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM * fp,
+ int flags, void *ptr)
+{
+ TLS_PARAMS *params
+ = (TLS_PARAMS *) mymalloc(sizeof(*params));
+ int ret;
+ VSTRING *tls_high_clist = vstring_alloc(25);
+ VSTRING *tls_medium_clist = vstring_alloc(25);
+ VSTRING *tls_low_clist = vstring_alloc(25);
+ VSTRING *tls_export_clist = vstring_alloc(25);
+ VSTRING *tls_null_clist = vstring_alloc(25);
+ VSTRING *tls_eecdh_auto = vstring_alloc(25);
+ VSTRING *tls_eecdh_strong = vstring_alloc(25);
+ VSTRING *tls_eecdh_ultra = vstring_alloc(25);
+ VSTRING *tls_bug_tweaks = vstring_alloc(25);
+ VSTRING *tls_ssl_options = vstring_alloc(25);
+ VSTRING *tls_dane_agility = vstring_alloc(25);
+ VSTRING *tls_dane_digests = vstring_alloc(25);
+ VSTRING *tls_mgr_service = vstring_alloc(25);
+ VSTRING *tls_tkt_cipher = vstring_alloc(25);
+ VSTRING *openssl_path = vstring_alloc(25);
+
+ if (msg_verbose)
+ msg_info("begin tls_proxy_params_scan");
+
+ /*
+ * Note: memset() is not a portable way to initialize non-integer types.
+ */
+ memset(params, 0, sizeof(*params));
+ ret = scan_fn(fp, flags | ATTR_FLAG_MORE,
+ RECV_ATTR_STR(VAR_TLS_HIGH_CLIST, tls_high_clist),
+ RECV_ATTR_STR(VAR_TLS_MEDIUM_CLIST, tls_medium_clist),
+ RECV_ATTR_STR(VAR_TLS_LOW_CLIST, tls_low_clist),
+ RECV_ATTR_STR(VAR_TLS_EXPORT_CLIST, tls_export_clist),
+ RECV_ATTR_STR(VAR_TLS_NULL_CLIST, tls_null_clist),
+ RECV_ATTR_STR(VAR_TLS_EECDH_AUTO, tls_eecdh_auto),
+ RECV_ATTR_STR(VAR_TLS_EECDH_STRONG, tls_eecdh_strong),
+ RECV_ATTR_STR(VAR_TLS_EECDH_ULTRA, tls_eecdh_ultra),
+ RECV_ATTR_STR(VAR_TLS_BUG_TWEAKS, tls_bug_tweaks),
+ RECV_ATTR_STR(VAR_TLS_SSL_OPTIONS, tls_ssl_options),
+ RECV_ATTR_STR(VAR_TLS_DANE_AGILITY, tls_dane_agility),
+ RECV_ATTR_STR(VAR_TLS_DANE_DIGESTS, tls_dane_digests),
+ RECV_ATTR_STR(VAR_TLS_MGR_SERVICE, tls_mgr_service),
+ RECV_ATTR_STR(VAR_TLS_TKT_CIPHER, tls_tkt_cipher),
+ RECV_ATTR_STR(VAR_OPENSSL_PATH, openssl_path),
+ RECV_ATTR_INT(VAR_TLS_DAEMON_RAND_BYTES,
+ ¶ms->tls_daemon_rand_bytes),
+ RECV_ATTR_INT(VAR_TLS_APPEND_DEF_CA,
+ ¶ms->tls_append_def_CA),
+ RECV_ATTR_INT(VAR_TLS_BC_PKEY_FPRINT,
+ ¶ms->tls_bc_pkey_fprint),
+ RECV_ATTR_INT(VAR_TLS_DANE_TAA_DGST,
+ ¶ms->tls_dane_taa_dgst),
+ RECV_ATTR_INT(VAR_TLS_PREEMPT_CLIST,
+ ¶ms->tls_preempt_clist),
+ RECV_ATTR_INT(VAR_TLS_MULTI_WILDCARD,
+ ¶ms->tls_multi_wildcard),
+ ATTR_TYPE_END);
+ /* Always construct a well-formed structure. */
+ params->tls_high_clist = vstring_export(tls_high_clist);
+ params->tls_medium_clist = vstring_export(tls_medium_clist);
+ params->tls_low_clist = vstring_export(tls_low_clist);
+ params->tls_export_clist = vstring_export(tls_export_clist);
+ params->tls_null_clist = vstring_export(tls_null_clist);
+ params->tls_eecdh_auto = vstring_export(tls_eecdh_auto);
+ params->tls_eecdh_strong = vstring_export(tls_eecdh_strong);
+ params->tls_eecdh_ultra = vstring_export(tls_eecdh_ultra);
+ params->tls_bug_tweaks = vstring_export(tls_bug_tweaks);
+ params->tls_ssl_options = vstring_export(tls_ssl_options);
+ params->tls_dane_agility = vstring_export(tls_dane_agility);
+ params->tls_dane_digests = vstring_export(tls_dane_digests);
+ params->tls_mgr_service = vstring_export(tls_mgr_service);
+ params->tls_tkt_cipher = vstring_export(tls_tkt_cipher);
+ params->openssl_path = vstring_export(openssl_path);
+
+ ret = (ret == 21 ? 1 : -1);
+ if (ret != 1) {
+ tls_proxy_params_free(params);
+ params = 0;
+ }
+ *(TLS_PARAMS **) ptr = params;
+ if (msg_verbose)
+ msg_info("tls_proxy_params_scan ret=%d", ret);
+ return (ret);
+}
+
+#endif
/* to the Postfix-owned \fBdata_directory\fR, and a warning
/* is logged.
/* DIAGNOSTICS
-/* Problems and transactions are logged to the syslog daemon.
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* There is no automatic means to limit the number of entries in the
/* TLS session caches and/or the size of the TLS cache files.
/* postconf(5), configuration parameters
/* master(5), generic daemon options
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
tlsproxy.o: ../../include/nbbio.h
tlsproxy.o: ../../include/nvtable.h
tlsproxy.o: ../../include/sock_addr.h
+tlsproxy.o: ../../include/split_at.h
tlsproxy.o: ../../include/sys_defs.h
tlsproxy.o: ../../include/tls.h
tlsproxy.o: ../../include/tls_proxy.h
/* It talks to untrusted clients on the network. The process
/* can be run chrooted at fixed low privilege.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* postscreen(8), Postfix zombie blocker
/* smtpd(8), Postfix SMTP server
/* postconf(5), configuration parameters
-/* syslogd(5), system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* LICENSE
/* .ad
/* .fi
#include <iostuff.h>
#include <nbbio.h>
#include <mymalloc.h>
+#include <split_at.h>
/*
* Global library.
* TLS per-client status.
*/
static HTABLE *tlsp_client_app_cache;
+static char *tlsp_pre_jail_tls_param_key;
static char *tlsp_pre_jail_client_props_key;
/*
* SLMs.
*/
#define STR(x) vstring_str(x)
+#define LEN(x) VSTRING_LEN(x)
/*
* The code that implements the TLS engine looks simpler than expected. That
/* At this point, state could be a dangling pointer. */
}
+/* tlsp_config_diff - report server-client config differences */
+
+static void tlsp_log_config_diff(const char *server_cfg, const char *client_cfg)
+{
+ VSTRING *diff_summary = vstring_alloc(100);
+ char *saved_server = mystrdup(server_cfg);
+ char *saved_client = mystrdup(client_cfg);
+ char *server_field;
+ char *client_field;
+ char *server_next;
+ char *client_next;
+
+ /*
+ * Not using argv_split(), because it would treat multiple consecutive
+ * newline characters as one.
+ */
+ for (server_field = saved_server, client_field = saved_client;
+ server_field && client_field;
+ server_field = server_next, client_field = client_next) {
+ server_next = split_at(server_field, '\n');
+ client_next = split_at(client_field, '\n');
+ if (strcmp(server_field, client_field) != 0) {
+ if (LEN(diff_summary) > 0)
+ vstring_sprintf_append(diff_summary, "; ");
+ vstring_sprintf_append(diff_summary, "server '%s' != client '%s'",
+ server_field, client_field);
+ }
+ }
+ msg_warn("%s", STR(diff_summary));
+
+ vstring_free(diff_summary);
+ myfree(saved_client);
+ myfree(saved_server);
+}
+
/*
* Macro for readability.
*/
-#define TLSP_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
+#define TLSP_CLIENT_INIT(params, props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
a10, a11, a12, a13, a14) \
- tlsp_client_init(TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \
+ tlsp_client_init(params, TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \
a5, a6, a7, a8, a9, a10, a11, a12, a13, a14))
/* tlsp_client_init - initialize a TLS client engine */
-static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props)
+static TLS_APPL_STATE *tlsp_client_init(TLS_PARAMS *tls_params,
+ TLS_CLIENT_INIT_PROPS *init_props)
{
TLS_APPL_STATE *appl_state;
- VSTRING *buf;
- char *key;
+ VSTRING *param_buf;
+ char *param_key;
+ VSTRING *init_buf;
+ char *init_key;
/*
* Use one TLS_APPL_STATE object for all requests that specify the same
* key that corresponds to the pre-jail internal request, which uses the
* tlsproxy_client_* settings.
*/
- buf = vstring_alloc(100);
- key = tls_proxy_client_init_to_string(buf, init_props);
+ param_buf = vstring_alloc(100);
+ param_key = tls_proxy_params_to_string(param_buf, tls_params);
+ init_buf = vstring_alloc(100);
+ init_key = tls_proxy_client_init_to_string(init_buf, init_props);
if (tlsp_pre_jail_done == 0) {
- if (tlsp_pre_jail_client_props_key != 0)
+ if (tlsp_pre_jail_tls_param_key != 0
+ || tlsp_pre_jail_client_props_key != 0)
msg_panic("tlsp_client_init: multiple pre-jail calls");
- tlsp_pre_jail_client_props_key = mystrdup(key);
+ tlsp_pre_jail_tls_param_key = mystrdup(param_key);
+ tlsp_pre_jail_client_props_key = mystrdup(init_key);
}
/*
* Log a warning if a post-jail request differs from the tlsproxy_client_*
- * settings AND the request specifies file/directory pathname arguments.
- * Those are problematic after chroot (pathname resolution) and after
- * dropping privileges (key files must be root read-only).
+ * or tls_mumble settings AND the request specifies file/directory
+ * pathname arguments. Pathname differences are problematic after chroot
+ * (pathname resolution) and after dropping privileges (key files must be
+ * root read-only).
*
* We can eliminate this complication by adding code that opens a cert/key
* lookup table at pre-jail time, and by reading cert/key info on-the-fly
*/
#define NOT_EMPTY(x) ((x) && *(x))
- else if ((tlsp_pre_jail_client_props_key == 0
- || strcmp(tlsp_pre_jail_client_props_key, key) != 0)
- && (NOT_EMPTY(init_props->chain_files)
- || NOT_EMPTY(init_props->cert_file)
- || NOT_EMPTY(init_props->key_file)
- || NOT_EMPTY(init_props->dcert_file)
- || NOT_EMPTY(init_props->dkey_file)
- || NOT_EMPTY(init_props->eccert_file)
- || NOT_EMPTY(init_props->eckey_file)
- || NOT_EMPTY(init_props->CAfile)
- || NOT_EMPTY(init_props->CApath))) {
- msg_warn("tls_client_init request with chain_files='%s' key_file='%s' "
- "dkey_file='%s' eckey_file='%s' differs from tlsproxy client "
- "settings", init_props->chain_files, init_props->key_file,
- init_props->dkey_file, init_props->eckey_file);
- msg_warn("to avoid this warning, 1) identify the SMTP client that is "
- "making this tls_client_init request, 2) configure a "
- "custom tlsproxy service with tlsproxy_client_* settings "
- "that match that SMTP client, and 3) configure that SMTP "
- "client with a tlsproxy_service_name setting that resolves "
- "to that custom tlsproxy service");
+ else {
+ int log_hints = 0;
+
+ if (tlsp_pre_jail_tls_param_key != 0
+ && strcmp(tlsp_pre_jail_tls_param_key, param_key) != 0) {
+ msg_warn("request from Postfix client with unexpected settings");
+ tlsp_log_config_diff(tlsp_pre_jail_tls_param_key, param_key);
+ log_hints = 1;
+ }
+ if (tlsp_pre_jail_client_props_key != 0
+ && strcmp(tlsp_pre_jail_client_props_key, init_key) != 0
+ && (NOT_EMPTY(init_props->chain_files)
+ || NOT_EMPTY(init_props->cert_file)
+ || NOT_EMPTY(init_props->key_file)
+ || NOT_EMPTY(init_props->dcert_file)
+ || NOT_EMPTY(init_props->dkey_file)
+ || NOT_EMPTY(init_props->eccert_file)
+ || NOT_EMPTY(init_props->eckey_file)
+ || NOT_EMPTY(init_props->CAfile)
+ || NOT_EMPTY(init_props->CApath))) {
+ msg_warn("request from tlsproxy client with unexpected settings");
+ tlsp_log_config_diff(tlsp_pre_jail_client_props_key, init_key);
+ log_hints = 1;
+ }
+ if (log_hints)
+ msg_warn("to avoid this warning, 1) identify the tlsproxy "
+ "client that is making this request, 2) configure "
+ "a custom tlsproxy service with settings that "
+ "match that tlsproxy client, and 3) configure "
+ "that tlsproxy client with a tlsproxy_service_name "
+ "setting that resolves to that custom tlsproxy "
+ "service");
}
/*
* suggestions.
*/
if ((appl_state = (TLS_APPL_STATE *)
- htable_find(tlsp_client_app_cache, key)) == 0
+ htable_find(tlsp_client_app_cache, init_key)) == 0
&& (appl_state = tls_client_init(init_props)) != 0) {
- (void) htable_enter(tlsp_client_app_cache, key, (void *) appl_state);
+ (void) htable_enter(tlsp_client_app_cache, init_key, (void *) appl_state);
/*
* To maintain sanity, allow partial SSL_write() operations, and
SSL_MODE_ENABLE_PARTIAL_WRITE
| SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
}
- vstring_free(buf);
+ vstring_free(init_buf);
+ vstring_free(param_buf);
return (appl_state);
}
case TLS_PROXY_FLAG_ROLE_CLIENT:
state->is_server_role = 0;
if (attr_scan(plaintext_stream, ATTR_FLAG_STRICT,
+ RECV_ATTR_FUNC(tls_proxy_params_scan,
+ (void *) &state->tls_params),
RECV_ATTR_FUNC(tls_proxy_client_init_scan,
(void *) &state->client_init_props),
RECV_ATTR_FUNC(tls_proxy_client_start_scan,
(void *) &state->client_start_props),
- ATTR_TYPE_END) != 2) {
+ ATTR_TYPE_END) != 3) {
msg_warn("%s: receive client TLS settings: %m", myname);
tlsp_state_free(state);
return;
}
- state->appl_state = tlsp_client_init(state->client_init_props);
+ state->appl_state = tlsp_client_init(state->tls_params,
+ state->client_init_props);
ready = state->appl_state != 0;
break;
case TLS_PROXY_FLAG_ROLE_SERVER:
* Initialize the TLS data before entering the chroot jail.
*/
if (clnt_use_tls || var_tlsp_clnt_per_site[0] || var_tlsp_clnt_policy[0]) {
- TLS_CLIENT_INIT_PROPS props;
+ TLS_PARAMS tls_params;
+ TLS_CLIENT_INIT_PROPS init_props;
tls_pre_jail_init(TLS_ROLE_CLIENT);
* feature that C does not have natively: named parameter lists.
*/
tlsp_client_ctx =
- TLSP_CLIENT_INIT(&props,
+ TLSP_CLIENT_INIT(tls_proxy_params_from_config(&tls_params),
+ &init_props,
log_param = var_tlsp_clnt_logparam,
log_level = var_tlsp_clnt_loglevel,
verifydepth = var_tlsp_clnt_scert_vd,
TLS_APPL_STATE *appl_state; /* libtls state */
TLS_SESS_STATE *tls_context; /* libtls state */
int ssl_last_err; /* TLS I/O state */
+ TLS_PARAMS *tls_params; /* globals not part of init_props */
TLS_SERVER_INIT_PROPS *server_init_props;
TLS_SERVER_START_PROPS *server_start_props;
TLS_CLIENT_INIT_PROPS *client_init_props;
state->remote_endpt = 0;
state->server_id = 0;
state->tls_context = 0;
+ state->tls_params = 0;
state->server_init_props = 0;
state->server_start_props = 0;
state->client_init_props = 0;
myfree(state->server_id);
if (state->tls_context)
tls_free_context(state->tls_context);
+ if (state->tls_params)
+ tls_proxy_params_free(state->tls_params);
if (state->server_init_props)
tls_proxy_server_init_free(state->server_init_props);
if (state->server_start_props)
/* nexthop, internalized recipient) triple.
/* STANDARDS
/* DIAGNOSTICS
-/* Problems and transactions are logged to the syslog daemon.
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* SEE ALSO
/* LICENSE
/* completing incomplete address forms.
/* STANDARDS
/* DIAGNOSTICS
-/* Problems and transactions are logged to the syslog daemon.
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* SEE ALSO
/* LICENSE
/* By default, this daemon does not talk to remote or local users.
/* It can run at a fixed low privilege in a chrooted environment.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
/* transport(5), transport table format
/* relocated(5), format of the "user has moved" table
/* master(8), process manager
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README FILES
/* .ad
/* non-Postfix directory is redirected to the Postfix-owned
/* \fBdata_directory\fR, and a warning is logged.
/* DIAGNOSTICS
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* BUGS
/* Address verification probe messages add additional traffic
/* to the mail queue.
/* smtpd(8), Postfix SMTP server
/* cleanup(8), enqueue Postfix message
/* postconf(5), configuration parameters
-/* syslogd(5), system logging
+/* postlogd(8), Postfix logging
+/* syslogd(8), system logging
/* README FILES
/* .ad
/* .fi
/* recipient is over disk quota. In all other cases, mail for
/* an existing recipient is deferred and a warning is logged.
/*
-/* Problems and transactions are logged to \fBsyslogd\fR(8).
+/* Problems and transactions are logged to \fBsyslogd\fR(8)
+/* or \fBpostlogd\fR(8).
/* Corrupted message files are marked so that the queue
/* manager can move them to the \fBcorrupt\fR queue afterwards.
/*
/* qmgr(8), queue manager
/* bounce(8), delivery status reports
/* postconf(5), configuration parameters
+/* postlogd(8), Postfix logging
/* syslogd(8), system logging
/* README_FILES
/* Use "\fBpostconf readme_directory\fR" or
projects / thirdparty / postfix.git / commitdiff
