Bugfix (defect introduced: Postfix 2.3, date 20051222): the
Dovecot auth client did not reset the 'reason' from a
previous Dovecot auth service response, before parsing the
- next Dovecot auth server response. Reported by Stephan
- Bosch, File: xsasl/xsasl_dovecot_server.c.
+ next Dovecot auth server response in the same SMTP session.
+ Reported by Stephan Bosch, File: xsasl/xsasl_dovecot_server.c.
20231105
Robustness: don't loop on an 'unfinished' queue file that
still has its all-zero SIZE record. File: postcat/postcat.c.
+
+20231126
+
+ Cleanup: implementation and documentation for the selection
+ of SMTP versus LMTP client protocol and parameters, based
+ on process name. Files: smtp/smtp.c, global/mail_proto.h,
+ proto/postconf.proto.
+
+ Cleanup: documented (in proxymap source code) the complexities
+ of determining the optimal proxywrite service process limit,
+ and make the 'invalid' proxymap service name error message
+ more similar to the error message for an invalid SMTP/LMTP
+ client process name. File: proxymap/proxymap.c.
+
+20231127
+
+ Documentation: in the stock main.cf file, mailbox_command
+ uses $default_privs, not $default_user. Vijay Sarvepalli,
+ Cert/CC. File: conf/main.cf.
+
+20231202
+
+ Bugfix: posttls-finger certificate match expectations for
+ opportunistic DANE incorrectly defaulted to ("nexthop",
+ "hostname") instead of ("nexthop", "dot-nexthop"), when no
+ TLSA records were found. Viktor Dukhovni. File: posttls-finger.c.
+
+20231204
+
+ Documentation: updated comments on address validation in
+ smtpd_check.c, making them consistent with the implementation.
+ File: smtpd/smtpd_check.c.
+
+20231208
+
+ Bugfix (defect introduced: Postfix 3.1, date: 20151128):
+ "postqueue -j" produced broken JSON when escaping a control
+ character as \uXXXX. Found during code maintenance. File:
+ postqueue/showq_json.c.
+
+20231209
+
+ Feature: the local(8) delivery agent exports an ENVID
+ environment variable with the RFC 3461 envelope ID if
+ available. Files: local/command.c, local/local.c,
+ proto/postconf.proto.
+
+ Feature: the pipe(8) delivery agent supports an ${envid}
+ command-line attribute that expands to the RFC 3461 envelope
+ ID if available. File: pipe/pipe.c.
postfix-install should mention makedefs.out.
- Propagate information about parsed daemon command-line
- options to service callback functions. With this, a proxywrite
- server can enforce a process limit of 1 without duplicating
- libmaster's command-line parsing code.
+ In documentation and configuration file examples, replace
+ IPv4 address prefixes from Cloud9 with 192.168.* from RFC
+ 1918, and replace IPv6 address prefixes with unique local
+ IPv6 address prefixes fd00:* from RFC 4193.
Add a pre-release check for '.' instead of ','. Generalize
from grep '[a-zA-Z0-9]\. *[a-z]' proto/*|egrep -v
# The mailbox_command parameter specifies the optional external
# command to use instead of mailbox delivery. The command is run as
# the recipient with proper HOME, SHELL and LOGNAME environment settings.
-# Exception: delivery for root is done as $default_user.
+# Exception: delivery for root is done as $default_privs.
#
# Other environment variables of interest: USER (recipient username),
# EXTENSION (address extension), DOMAIN (domain part of address),
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
-SMTP(8) SMTP(8)
+SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b>
- smtp - Postfix SMTP+LMTP client
+ smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX]
+ <b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
+
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
- to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
+ <b>lmtp</b>, controls the protocol, and the names of the configuration parame-
+ ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
- Before Postfix version 2.3, the LMTP client is a separate program that
- implements only a subset of the functionality available with SMTP:
- there is no support for TLS, and connections are cached in-process,
- making it ineffective when the client is used for multiple domains.
+ Postfix versions 2.3 and later implement the SMTP and LMTP client with
+ the same program, and choose the protocol and configuration parameters
+ based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
- eter for the equivalent LMTP feature. This document describes only
+ eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before sending
- ".<CR><LF>" in order to work around the PIX firewall
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
"<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for CISCO PIX
+ A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
+ Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP servers one
+ A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code (go away,
+ Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
- case insensitive lists of EHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelining, starttls,
+ A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewriting in the
- Postfix SMTP client, typically to transform a locally valid
- address into a globally valid address when sending mail across
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- When the remote SMTP servername is a DNS CNAME, replace the
- servername with the result from CNAME expansion for the purpose
- of logging, SASL password lookup, TLS policy decisions, or TLS
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server address, with
- case insensitive lists of LHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelining, starttls,
+ A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server with the
- default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth-
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal-
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
- When a remote destination resolves to a combination of IPv4 and
+ When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
- The DNS query type (default: "ns") and DNS query name (default:
+ The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
- <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
- Optional setting that avoids lookups in the <b>services</b>(5) data-
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
- Enables discovery for the specified service(s) using DNS SRV
+ Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
- When SRV record lookup fails, fall back to MX or IP address
+ When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
- When SRV record lookup fails or no SRV record exists, fall back
- to MX or IP address lookup as if SRV record lookup was not
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the Postfix SMTP
+ Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user-
- name:password entry per sender, remote hostname or next-hop
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen-
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the remote SMTP
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
- client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif-
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
- passes through to the SASL plug-in implementation that is
+ passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client should use
+ The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail-
- ures with the same remote SMTP server hostname, username and
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authentication request
- with a 535 reply code, defer mail delivery instead of returning
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
- The delimiter between username and password in sasl_passwd_maps
+ The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be found in the
+ Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
+ The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read operations
+ Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer-
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format Certification Authority certificates
+ Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev-
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that offers STARTTLS,
+ Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with manda-
+ TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS session cache
+ The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
- client uses for TLS encrypted SMTP sessions with a verified
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate fingerprints
- for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
- The message digest algorithm used to construct remote SMTP
+ The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with oppor-
+ TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for-
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for-
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali-
- cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the SUBMIS-
+ Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
- A workaround for implementations that hang Postfix while shut-
+ A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
- The prioritized list of finite-field Diffie-Hellman ephemeral
+ The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
- The application name passed by Postfix to OpenSSL library ini-
+ The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
- Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
+ Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
Victor Duchovni
Morgan Stanley
- SMTP(8)
+ 8 SMTP,(LMTP)
</pre> </body> </html>
replaced with underscores. The list of acceptable characters is speci-
fied with the <b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a></b> configuration parameter.
- <b>SHELL</b> The recipient user's login shell.
+ <b>SHELL</b> The envelope recipient user's login shell.
- <b>HOME</b> The recipient user's home directory.
+ <b>HOME</b> The envelope recipient user's home directory.
- <b>USER</b> The bare recipient name.
+ <b>USER</b> The bare envelope recipient name.
<b>EXTENSION</b>
- The optional recipient address extension.
+ The optional envelope recipient address extension.
- <b>DOMAIN</b> The recipient address domain part.
+ <b>DOMAIN</b> The envelope recipient address domain part.
<b>LOGNAME</b>
- The bare recipient name.
+ The bare envelope recipient name.
- <b>LOCAL</b> The entire recipient address localpart (text to the left of the
- rightmost @ character).
+ <b>LOCAL</b> The entire envelope recipient address localpart (text to the
+ left of the rightmost @ character).
<b>ORIGINAL_RECIPIENT</b>
- The entire recipient address, before any address rewriting or
- aliasing (Postfix 2.5 and later).
+ The entire envelope recipient address, before any address
+ rewriting or aliasing (Postfix 2.5 and later).
<b>RECIPIENT</b>
- The entire recipient address.
+ The entire envelope recipient address.
- <b>SENDER</b> The entire sender address.
+ <b>SENDER</b> The entire envelope sender address.
- Additional remote client information is made available via the follow-
+ <b>ENVID</b> The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available as of Postfix 3.9.
+
+ Additional remote client information is made available via the follow-
ing environment variables:
<b>CLIENT_ADDRESS</b>
Remote client network address. Available as of Postfix 2.2.
<b>CLIENT_HELO</b>
- Remote client EHLO command parameter. Available as of Postfix
+ Remote client EHLO command parameter. Available as of Postfix
2.2.
<b>CLIENT_HOSTNAME</b>
Remote client protocol. Available as of Postfix 2.2.
<b>SASL_METHOD</b>
- SASL authentication method specified in the remote client AUTH
+ SASL authentication method specified in the remote client AUTH
command. Available as of Postfix 2.2.
<b>SASL_SENDER</b>
- SASL sender address specified in the remote client MAIL FROM
+ SASL sender address specified in the remote client MAIL FROM
command. Available as of Postfix 2.2.
<b>SASL_USERNAME</b>
- SASL username specified in the remote client AUTH command.
+ SASL username specified in the remote client AUTH command.
Available as of Postfix 2.2.
- The <b>PATH</b> environment variable is always reset to a system-dependent
- default path, and environment variables whose names are blessed by the
+ The <b>PATH</b> environment variable is always reset to a system-dependent
+ default path, and environment variables whose names are blessed by the
<b><a href="postconf.5.html#export_environment">export_environment</a></b> configuration parameter are exported unchanged.
The current working directory is the mail queue directory.
The <a href="local.8.html"><b>local</b>(8)</a> daemon prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header
- to each message, prepends an <b>X-Original-To:</b> header with the recipient
- address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
- with the final recipient envelope address, prepends a <b>Return-Path:</b>
+ to each message, prepends an <b>X-Original-To:</b> header with the recipient
+ address as given to Postfix, prepends an optional <b>Delivered-To:</b> header
+ with the final recipient envelope address, prepends a <b>Return-Path:</b>
header with the sender envelope address, and appends no empty line.
<b>EXTERNAL FILE DELIVERY</b>
- The delivery format depends on the destination filename syntax. The
- default is to use UNIX-style mailbox format. Specify a name ending in
+ The delivery format depends on the destination filename syntax. The
+ default is to use UNIX-style mailbox format. Specify a name ending in
<b>/</b> for <b>qmail</b>-compatible <b>maildir</b> delivery.
- The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
- external files. The default setting (<b>alias, forward</b>) forbids file des-
+ The <b><a href="postconf.5.html#allow_mail_to_files">allow_mail_to_files</a></b> configuration parameter restricts delivery to
+ external files. The default setting (<b>alias, forward</b>) forbids file des-
tinations in <b>:include:</b> files.
- In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
- prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
- prepends an <b>X-Original-To:</b> header with the recipient address as given
- to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
- recipient envelope address, prepends a > character to lines beginning
- with "<b>From</b> ", and appends an empty line. The envelope sender address
- is available in the <b>Return-Path:</b> header. When the destination is a
- regular file, it is locked for exclusive access while delivery is in
+ In the case of UNIX-style mailbox delivery, the <a href="local.8.html"><b>local</b>(8)</a> daemon
+ prepends a "<b>From</b> <i>sender time</i><b>_</b><i>stamp</i>" envelope header to each message,
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix, prepends an optional <b>Delivered-To:</b> header with the final
+ recipient envelope address, prepends a > character to lines beginning
+ with "<b>From</b> ", and appends an empty line. The envelope sender address
+ is available in the <b>Return-Path:</b> header. When the destination is a
+ regular file, it is locked for exclusive access while delivery is in
progress. In case of problems, an attempt is made to truncate a regular
file to its original length.
- In the case of <b>maildir</b> delivery, the local daemon prepends an optional
- <b>Delivered-To:</b> header with the final envelope recipient address, and
- prepends an <b>X-Original-To:</b> header with the recipient address as given
- to Postfix. The envelope sender address is available in the
+ In the case of <b>maildir</b> delivery, the local daemon prepends an optional
+ <b>Delivered-To:</b> header with the final envelope recipient address, and
+ prepends an <b>X-Original-To:</b> header with the recipient address as given
+ to Postfix. The envelope sender address is available in the
<b>Return-Path:</b> header.
<b>ADDRESS EXTENSION</b>
- The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
+ The optional <b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a></b> configuration parameter specifies how
to separate address extensions from local recipient names.
- For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
- delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
+ For example, with "<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> = +</b>", mail for <i>name</i>+<i>foo</i> is
+ delivered to the alias <i>name</i>+<i>foo</i> or to the alias <i>name</i>, to the destina-
tions listed in ~<i>name</i>/.<b>forward</b>+<i>foo</i> or in ~<i>name</i>/.<b>forward</b>, to the mailbox
owned by the user <i>name</i>, or it is sent back as undeliverable.
<b>DELIVERY RIGHTS</b>
- Deliveries to external files and external commands are made with the
- rights of the receiving user on whose behalf the delivery is made. In
- the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
- rights of the <b>:include:</b> file or alias database. When those files are
+ Deliveries to external files and external commands are made with the
+ rights of the receiving user on whose behalf the delivery is made. In
+ the absence of a user context, the <a href="local.8.html"><b>local</b>(8)</a> daemon uses the owner
+ rights of the <b>:include:</b> file or alias database. When those files are
owned by the superuser, delivery is made with the rights specified with
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
- Corrupted message files are marked so that the queue manager can move
+ Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue afterwards.
- Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
+ Depending on the setting of the <b><a href="postconf.5.html#notify_classes">notify_classes</a></b> parameter, the postmas-
ter is notified of bounces and of other trouble.
<b>SECURITY</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent needs a dual personality 1) to access the
private Postfix queue and IPC mechanisms, 2) to impersonate the recipi-
- ent and deliver to recipient-specified files or commands. It is there-
+ ent and deliver to recipient-specified files or commands. It is there-
fore security sensitive.
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent disallows regular expression substitution
of $1 etc. in <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>, because that would open a security hole.
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
- <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent will silently ignore requests to use the
+ <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server within <b><a href="postconf.5.html#alias_maps">alias_maps</a></b>. Instead it will open the table
directly. Before Postfix version 2.2, the <a href="local.8.html"><b>local</b>(8)</a> delivery agent will
terminate with a fatal error.
<b>BUGS</b>
- For security reasons, the message delivery status of external commands
- or of external files is never checkpointed to file. As a result, the
- program may occasionally deliver more than once to a command or exter-
+ For security reasons, the message delivery status of external commands
+ or of external files is never checkpointed to file. As a result, the
+ program may occasionally deliver more than once to a command or exter-
nal file. Better safe than sorry.
- Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
- The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
+ Mutually-recursive aliases or ~/.<b>forward</b> files are not detected early.
+ The resulting mail forwarding loop is broken by the use of the <b>Deliv-</b>
<b>ered-To:</b> message header.
<b>CONFIGURATION PARAMETERS</b>
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="local.8.html"><b>local</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
Whether or not to use the local <a href="postconf.5.html#biff">biff</a> service.
<b><a href="postconf.5.html#expand_owner_alias">expand_owner_alias</a> (no)</b>
- When delivering to an alias "<i>aliasname</i>" that has an
+ When delivering to an alias "<i>aliasname</i>" that has an
"owner-<i>aliasname</i>" companion alias, set the envelope sender
address to the expansion of the "owner-<i>aliasname</i>" alias.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a> (yes)</b>
- Enable special treatment for owner-<i>listname</i> entries in the
+ Enable special treatment for owner-<i>listname</i> entries in the
<a href="aliases.5.html"><b>aliases</b>(5)</a> file, and don't split owner-<i>listname</i> and <i>list-</i>
- <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
+ <i>name</i>-request address localparts when the <a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> is
set to "-".
<b><a href="postconf.5.html#sun_mailtool_compatibility">sun_mailtool_compatibility</a> (no)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#frozen_delivered_to">frozen_delivered_to</a> (yes)</b>
- Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
- address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
- of a delivery attempt; do not update the Delivered-To: address
+ Update the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the Delivered-To:
+ address (see <a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a>) only once, at the start
+ of a delivery attempt; do not update the Delivered-To: address
while expanding aliases or .forward files.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by its recipi-
+ Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b><a href="postconf.5.html#reset_owner_alias">reset_owner_alias</a> (no)</b>
- Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
- attribute, when delivering mail to a child alias that does not
+ Reset the <a href="local.8.html"><b>local</b>(8)</a> delivery agent's idea of the owner-alias
+ attribute, when delivering mail to a child alias that does not
have its own owner alias.
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#local_delivery_status_filter">local_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="local.8.html"><b>local</b>(8)</a> delivery agent to change the
- status code or explanatory text of successful or unsuccessful
+ Optional filter for the <a href="local.8.html"><b>local</b>(8)</a> delivery agent to change the
+ status code or explanatory text of successful or unsuccessful
deliveries.
<b>DELIVERY METHOD CONTROLS</b>
- The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
+ The precedence of <a href="local.8.html"><b>local</b>(8)</a> delivery methods from high to low is:
aliases, .forward files, <a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a>, <a href="postconf.5.html#mailbox_transport">mailbox_transport</a>,
- <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>,
<a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
+ <a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a>,
<a href="postconf.5.html#mailbox_command">mailbox_command</a>, <a href="postconf.5.html#home_mailbox">home_mailbox</a>, <a href="postconf.5.html#mail_spool_directory">mail_spool_direc</a>-
<a href="postconf.5.html#mail_spool_directory">tory</a>, <a href="postconf.5.html#fallback_transport_maps">fallback_transport_maps</a>, <a href="postconf.5.html#fallback_transport">fallback_transport</a>, and <a href="postconf.5.html#luser_relay">luser_relay</a>.
<b><a href="postconf.5.html#alias_maps">alias_maps</a> (see 'postconf -d' output)</b>
- Optional
lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
- recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
+ Optional
lookup tables with aliases that apply only to <a href="local.8.html"><b>local</b>(8)</a>
+ recipients; this is unlike <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> that apply to all
recipients: <a href="local.8.html"><b>local</b>(8)</a>, virtual, and remote.
<b><a href="postconf.5.html#forward_path">forward_path</a> (see 'postconf -d' output)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent search list for finding a .forward
file with user-specified delivery methods.
<b><a href="postconf.5.html#mailbox_transport_maps">mailbox_transport_maps</a> (empty)</b>
Optional lookup tables with per-recipient message delivery
- transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
+ transports to use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery, whether or not
the recipients are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_transport">mailbox_transport</a> (empty)</b>
- Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent should use for mailbox delivery to all local recipients,
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent should use for mailbox delivery to all local recipients,
whether or not they are found in the UNIX passwd database.
<b><a href="postconf.5.html#mailbox_command_maps">mailbox_command_maps</a> (empty)</b>
- Optional lookup tables with per-recipient external commands to
+ Optional lookup tables with per-recipient external commands to
use for <a href="local.8.html"><b>local</b>(8)</a> mailbox delivery.
<b><a href="postconf.5.html#mailbox_command">mailbox_command</a> (empty)</b>
- Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
+ Optional external command that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent
should use for mailbox delivery.
<b><a href="postconf.5.html#home_mailbox">home_mailbox</a> (empty)</b>
- Optional
pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
+ Optional
pathname of a mailbox file relative to a <a href="local.8.html"><b>local</b>(8)</a>
user's home directory.
<b><a href="postconf.5.html#mail_spool_directory">mail_spool_directory</a> (see 'postconf -d' output)</b>
not find in the <a href="aliases.5.html"><b>aliases</b>(5)</a> or UNIX password database.
<b><a href="postconf.5.html#fallback_transport">fallback_transport</a> (empty)</b>
- Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
- agent
should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
+ Optional message delivery transport that the <a href="local.8.html"><b>local</b>(8)</a> delivery
+ agent
should use for names that are not found in the <a href="aliases.5.html"><b>aliases</b>(5)</a>
or UNIX password database.
<b><a href="postconf.5.html#luser_relay">luser_relay</a> (empty)</b>
- Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
+ Optional catch-all destination for unknown <a href="local.8.html"><b>local</b>(8)</a> recipients.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#command_execution_directory">command_execution_directory</a> (empty)</b>
- The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
+ The <a href="local.8.html"><b>local</b>(8)</a> delivery agent working directory for delivery to
external commands.
<b>MAILBOX LOCKING CONTROLS</b>
mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#deliver_lock_delay">deliver_lock_delay</a> (1s)</b>
- The time between attempts to acquire an exclusive lock on a
+ The time between attempts to acquire an exclusive lock on a
mailbox file or <a href="bounce.8.html"><b>bounce</b>(8)</a> logfile.
<b><a href="postconf.5.html#stale_lock_time">stale_lock_time</a> (500s)</b>
- The time after which a stale exclusive mailbox lockfile is
+ The time after which a stale exclusive mailbox lockfile is
removed.
<b><a href="postconf.5.html#mailbox_delivery_lock">mailbox_delivery_lock</a> (see 'postconf -d' output)</b>
- How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
+ How to lock a UNIX-style <a href="local.8.html"><b>local</b>(8)</a> mailbox before attempting
delivery.
<b>RESOURCE AND RATE CONTROLS</b>
<a href="showq.8.html"><b>showq</b>(8)</a> queue displays.
<b><a href="postconf.5.html#mailbox_size_limit">mailbox_size_limit</a> (51200000)</b>
- The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
+ The maximal size of any <a href="local.8.html"><b>local</b>(8)</a> individual mailbox or maildir
file, or zero (no limit).
Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
<b><a href="postconf.5.html#local_destination_concurrency_limit">local_destination_concurrency_limit</a> (2)</b>
- The maximal number of parallel deliveries via the local mail
- delivery
transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
- <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
+ The maximal number of parallel deliveries via the local mail
+ delivery
transport to the same recipient (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
+ <a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> = 1") or the maximal number of parallel
deliveries to the same local domain (when "<a href="postconf.5.html#local_destination_recipient_limit">local_destina</a>-
<a href="postconf.5.html#local_destination_recipient_limit">tion_recipient_limit</a> > 1").
<b><a href="postconf.5.html#local_destination_recipient_limit">local_destination_recipient_limit</a> (1)</b>
- The maximal number of recipients per message delivery via the
+ The maximal number of recipients per message delivery via the
local mail delivery transport.
<b>SECURITY CONTROLS</b>
Restrict <a href="local.8.html"><b>local</b>(8)</a> mail delivery to external files.
<b><a href="postconf.5.html#command_expansion_filter">command_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
- in
$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ in
$name expansions of $<a href="postconf.5.html#mailbox_command">mailbox_command</a> and $<a href="postconf.5.html#command_execution_directory">command_execu</a>-
<a href="postconf.5.html#command_execution_directory">tion_directory</a>.
<b><a href="postconf.5.html#default_privs">default_privs</a> (nobody)</b>
- The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
+ The default rights used by the <a href="local.8.html"><b>local</b>(8)</a> delivery agent for
delivery to an external file or command.
<b><a href="postconf.5.html#forward_expansion_filter">forward_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#forward_path">forward_path</a>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#execution_directory_expansion_filter">execution_directory_expansion_filter</a> (see 'postconf -d' output)</b>
- Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
+ Restrict the characters that the <a href="local.8.html"><b>local</b>(8)</a> delivery agent allows
in $name expansions of $<a href="postconf.5.html#command_execution_directory">command_execution_directory</a>.
Available in Postfix version 2.5.3 and later:
<b><a href="postconf.5.html#strict_mailbox_ownership">strict_mailbox_ownership</a> (yes)</b>
- Defer delivery when a mailbox file is not owned by its recipi-
+ Defer delivery when a mailbox file is not owned by its recipi-
ent.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix process will
+ The list of environment variables that a Postfix process will
export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#local_command_shell">local_command_shell</a> (empty)</b>
mands.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
process will service before terminating voluntarily.
<b><a href="postconf.5.html#prepend_delivered_header">prepend_delivered_header</a> (command, file, forward)</b>
- The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
- ery agent prepends a Delivered-To: message header with the
+ The message delivery contexts where the Postfix <a href="local.8.html"><b>local</b>(8)</a> deliv-
+ ery agent prepends a Delivered-To: message header with the
address that the mail was delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a> (canonical, virtual)</b>
- What address lookup tables copy an address extension from the
+ What address lookup tables copy an address extension from the
lookup key to the lookup result.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate an email address local-
+ The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a href="postconf.5.html#require_home_directory">require_home_directory</a> (no)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the original recipient address after an
- address is rewritten to a different address (for example with
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
aliasing or with canonical mapping).
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
<b>FILES</b>
The Secure Mailer license must be distributed with this software.
<b>HISTORY</b>
- The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
+ The <b>Delivered-To:</b> message header appears in the <b>qmail</b> system by Daniel
Bernstein.
- The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
+ The <i>maildir</i> structure appears in the <b>qmail</b> system by Daniel Bernstein.
<b>AUTHOR(S)</b>
Wietse Venema
This feature is available as of Postfix 2.5.
+ <b>${envid}</b>
+ This macro expands to the <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID if avail-
+ able, otherwise the empty string.
+
+ This feature is available as of Postfix 3.9.
+
<b>${extension}</b>
- This macro expands to the extension part of a recipient
- address. For example, with an address <i>user+foo@domain</i>
+ This macro expands to the extension part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
the extension is <i>foo</i>.
- A command-line argument that contains <b>${extension}</b>
- expands into as many command-line arguments as there are
+ A command-line argument that contains <b>${extension}</b>
+ expands into as many command-line arguments as there are
recipients.
This information is modified by the <b>u</b> flag for case fold-
<b>${mailbox}</b>
This macro expands to the complete local part of a recip-
- ient address. For example, with an address
+ ient address. For example, with an address
<i>user+foo@domain</i> the mailbox is <i>user+foo</i>.
- A command-line argument that contains <b>${mailbox}</b> expands
- to as many command-line arguments as there are recipi-
+ A command-line argument that contains <b>${mailbox}</b> expands
+ to as many command-line arguments as there are recipi-
ents.
This information is modified by the <b>u</b> flag for case fold-
ing.
<b>${original_recipient}</b>
- This macro expands to the complete recipient address
+ This macro expands to the complete recipient address
before any address rewriting or aliasing.
- A command-line argument that contains <b>${original_recipi-</b>
- <b>ent}</b> expands to as many command-line arguments as there
+ A command-line argument that contains <b>${original_recipi-</b>
+ <b>ent}</b> expands to as many command-line arguments as there
are recipients.
This information is modified by the <b>hqu</b> flags for quoting
<b>${recipient}</b>
This macro expands to the complete recipient address.
- A command-line argument that contains <b>${recipient}</b>
- expands to as many command-line arguments as there are
+ A command-line argument that contains <b>${recipient}</b>
+ expands to as many command-line arguments as there are
recipients.
This information is modified by the <b>hqu</b> flags for quoting
<b>${sasl_method}</b>
This macro expands to the name of the SASL authentication
- mechanism in the AUTH command when the Postfix SMTP
+ mechanism in the AUTH command when the Postfix SMTP
server received the message.
This feature is available as of Postfix 2.2.
<b>${sasl_sender}</b>
- This macro expands to the SASL sender name (i.e. the
+ This macro expands to the SASL sender name (i.e. the
original submitter as per <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
mand when the Postfix SMTP server received the message.
This feature is available as of Postfix 2.2.
<b>${sender}</b>
- This macro expands to the envelope sender address. By
- default, the null sender address expands to MAILER-DAE-
- MON; this can be changed with the <b>null_sender</b> attribute,
+ This macro expands to the envelope sender address. By
+ default, the null sender address expands to MAILER-DAE-
+ MON; this can be changed with the <b>null_sender</b> attribute,
as described above.
This information is modified by the <b>q</b> flag for quoting.
<b>${size}</b>
This macro expands to Postfix's idea of the message size,
- which is an approximation of the size of the message as
+ which is an approximation of the size of the message as
delivered.
<b>${user}</b>
- This macro expands to the username part of a recipient
- address. For example, with an address <i>user+foo@domain</i>
+ This macro expands to the username part of a recipient
+ address. For example, with an address <i>user+foo@domain</i>
the username part is <i>user</i>.
- A command-line argument that contains <b>${user}</b> expands
- into as many command-line arguments as there are recipi-
+ A command-line argument that contains <b>${user}</b> expands
+ into as many command-line arguments as there are recipi-
ents.
This information is modified by the <b>u</b> flag for case fold-
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
- Command exit status codes are expected to follow the conventions
+ Command exit status codes are expected to follow the conventions
defined in <<b>sysexits.h</b>>. Exit status 0 means normal successful comple-
tion.
In the case of a non-zero exit status, a limited amount of command out-
- put is logged, and reported in a delivery status notification. When
- the output begins with a 4.X.X or 5.X.X enhanced status code, the sta-
- tus code takes precedence over the non-zero exit status (Postfix ver-
+ put is logged, and reported in a delivery status notification. When
+ the output begins with a 4.X.X or 5.X.X enhanced status code, the sta-
+ tus code takes precedence over the non-zero exit status (Postfix ver-
sion 2.3 and later).
- After successful delivery (zero exit status) a limited amount of com-
- mand output is logged, and reported in "success" delivery status noti-
+ After successful delivery (zero exit status) a limited amount of com-
+ mand output is logged, and reported in "success" delivery status noti-
fications (Postfix 3.0 and later). This command output is not examined
for the presence of an enhanced status code.
- Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
- Corrupted message files are marked so that the queue manager can move
+ Problems
and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
+ Corrupted message files are marked so that the queue manager can move
them to the <b>corrupt</b> queue for further inspection.
<b>SECURITY</b>
- This program needs a dual personality 1) to access the private Postfix
- queue and IPC mechanisms, and 2) to execute external commands as the
+ This program needs a dual personality 1) to access the private Postfix
+ queue and IPC mechanisms, and 2) to execute external commands as the
specified user. It is therefore security sensitive.
<b>CONFIGURATION PARAMETERS</b>
Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically as <a href="pipe.8.html"><b>pipe</b>(8)</a> processes run
- for only a limited amount of time. Use the command "<b>postfix reload</b>" to
+ for only a limited amount of time. Use the command "<b>postfix reload</b>" to
speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#transport_time_limit">transport_time_limit</a> ($<a href="postconf.5.html#command_time_limit">command_time_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#command_time_limit">command_time_limit</a> parame-
- ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
+ ter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a> name of the message
delivery transport.
Implemented in the <a href="qmgr.8.html">qmgr(8)</a> daemon:
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
- The list of environment variables that a Postfix process will
+ The list of environment variables that a Postfix process will
export to non-Postfix processes.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate an email address local-
+ The set of characters that can separate an email address local-
part, user name, or a .forward file name from its extension.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#pipe_delivery_status_filter">pipe_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="pipe.8.html"><b>pipe</b>(8)</a> delivery agent to change the
+ Optional filter for the <a href="pipe.8.html"><b>pipe</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the original recipient address after an
- address is rewritten to a different address (for example with
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
aliasing or with canonical mapping).
<b><a href="postconf.5.html#service_name">service_name</a> (read-only)</b>
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
<b>SEE ALSO</b>
<dd>The domain part of the recipient address. </dd>
+<dt><b>ENVID</b></dt>
+
+<dd>The optional <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> envelope ID. Available in Postfix version
+3.9 and later</dd>
+
<dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd>
<b>o</b> To provide single-updater functionality for lookup tables that
do not reliably support multiple writers (i.e. all file-based
- tables).
+ tables that are not based on <b>lmdb</b>).
The <a href="proxymap.8.html"><b>proxymap</b>(8)</a> server implements the following requests:
<link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - smtp(8) </title>
</head> <body> <pre>
-SMTP(8) SMTP(8)
+SMTP,(LMTP) SMTP,(LMTP)
<b>NAME</b>
- smtp - Postfix SMTP+LMTP client
+ smtp, lmtp - Postfix SMTP+LMTP client
<b>SYNOPSIS</b>
<b>smtp</b> [generic Postfix daemon options] [flags=DORX]
+ <b>lmtp</b> [generic Postfix daemon options] [flags=DORX]
+
<b>DESCRIPTION</b>
The Postfix SMTP+LMTP client implements the SMTP and LMTP mail delivery
protocols. It processes message delivery requests from the queue man-
ager. Each request specifies a queue file, a sender address, a domain
or host to deliver to, and recipient information. This program expects
- to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
+ to be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager. The process name, <b>smtp</b> or
+ <b>lmtp</b>, controls the protocol, and the names of the configuration parame-
+ ters that will be used.
The SMTP+LMTP client updates the queue file and marks recipients as
finished, or it informs the queue manager that delivery should be tried
for all destinations that map onto the same IP address and TCP port.
<b>CONFIGURATION PARAMETERS</b>
- Before Postfix version 2.3, the LMTP client is a separate program that
- implements only a subset of the functionality available with SMTP:
- there is no support for TLS, and connections are cached in-process,
- making it ineffective when the client is used for multiple domains.
+ Postfix versions 2.3 and later implement the SMTP and LMTP client with
+ the same program, and choose the protocol and configuration parameters
+ based on the process name, <b>smtp</b> or <b>lmtp</b>.
Most smtp_<i>xxx</i> configuration parameters have an lmtp_<i>xxx</i> "mirror" param-
- eter for the equivalent LMTP feature. This document describes only
+ eter for the equivalent LMTP feature. This document describes only
those LMTP-related parameters that aren't simply "mirror" parameters.
- Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
+ Changes to <a href="postconf.5.html"><b>main.cf</b></a> are picked up automatically, as <a href="smtp.8.html"><b>smtp</b>(8)</a> processes
run for only a limited amount of time. Use the command "<b>postfix reload</b>"
to speed up a change.
- The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
+ The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
<b>COMPATIBILITY CONTROLS</b>
will send via SMTP.
<b><a href="postconf.5.html#smtp_pix_workaround_delay_time">smtp_pix_workaround_delay_time</a> (10s)</b>
- How long the Postfix SMTP client pauses before sending
- ".<CR><LF>" in order to work around the PIX firewall
+ How long the Postfix SMTP client pauses before sending
+ ".<CR><LF>" in order to work around the PIX firewall
"<CR><LF>.<CR><LF>" bug.
<b><a href="postconf.5.html#smtp_pix_workaround_threshold_time">smtp_pix_workaround_threshold_time</a> (500s)</b>
delivery through firewalls with "smtp fixup" mode turned on.
<b><a href="postconf.5.html#smtp_pix_workarounds">smtp_pix_workarounds</a> (disable_esmtp, delay_dotcrlf)</b>
- A list that specifies zero or more workarounds for CISCO PIX
+ A list that specifies zero or more workarounds for CISCO PIX
firewall bugs.
<b><a href="postconf.5.html#smtp_pix_workaround_maps">smtp_pix_workaround_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
+ Lookup tables, indexed by the remote SMTP server address, with
per-destination workarounds for CISCO PIX firewall bugs.
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
- Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
+ Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
- A mechanism to transform replies from remote SMTP servers one
+ A mechanism to transform replies from remote SMTP servers one
line at a time.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Available in Postfix version 2.0 and earlier:
<b><a href="postconf.5.html#smtp_skip_4xx_greeting">smtp_skip_4xx_greeting</a> (yes)</b>
- Skip SMTP servers that greet with a 4XX status code (go away,
+ Skip SMTP servers that greet with a 4XX status code (go away,
try again later).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_discard_ehlo_keyword_address_maps">smtp_discard_ehlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote SMTP server address, with
- case insensitive lists of EHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote SMTP server address, with
+ case insensitive lists of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
- A case insensitive list of EHLO keywords (pipelining, starttls,
+ A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
- Optional lookup tables that perform address rewriting in the
- Postfix SMTP client, typically to transform a locally valid
- address into a globally valid address when sending mail across
+ Optional lookup tables that perform address rewriting in the
+ Postfix SMTP client, typically to transform a locally valid
+ address into a globally valid address when sending mail across
the Internet.
Available in Postfix version 2.2.9 and later:
<b><a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> (version dependent)</b>
- When the remote SMTP servername is a DNS CNAME, replace the
- servername with the result from CNAME expansion for the purpose
- of logging, SASL password lookup, TLS policy decisions, or TLS
+ When the remote SMTP servername is a DNS CNAME, replace the
+ servername with the result from CNAME expansion for the purpose
+ of logging, SASL password lookup, TLS policy decisions, or TLS
certificate verification.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#lmtp_discard_lhlo_keyword_address_maps">lmtp_discard_lhlo_keyword_address_maps</a> (empty)</b>
- Lookup tables, indexed by the remote LMTP server address, with
- case insensitive lists of LHLO keywords (pipelining, starttls,
+ Lookup tables, indexed by the remote LMTP server address, with
+ case insensitive lists of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
<b><a href="postconf.5.html#lmtp_discard_lhlo_keywords">lmtp_discard_lhlo_keywords</a> (empty)</b>
- A case insensitive list of LHLO keywords (pipelining, starttls,
+ A case insensitive list of LHLO keywords (pipelining, starttls,
auth, etc.) that the Postfix LMTP client will ignore in the LHLO
response from a remote LMTP server.
Available in Postfix version 2.4.4 and later:
<b><a href="postconf.5.html#send_cyrus_sasl_authzid">send_cyrus_sasl_authzid</a> (no)</b>
- When authenticating to a remote SMTP or LMTP server with the
- default setting "no", send no SASL authoriZation ID (authzid);
- send only the SASL authentiCation ID (authcid) plus the auth-
+ When authenticating to a remote SMTP or LMTP server with the
+ default setting "no", send no SASL authoriZation ID (authzid);
+ send only the SASL authentiCation ID (authcid) plus the auth-
cid's password.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_header_checks">smtp_header_checks</a> (empty)</b>
- Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
+ Restricted <a href="header_checks.5.html"><b>header_checks</b>(5)</a> tables for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_mime_header_checks">smtp_mime_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#mime_header_checks">mime_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_nested_header_checks">smtp_nested_header_checks</a> (empty)</b>
- Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
+ Restricted <b><a href="postconf.5.html#nested_header_checks">nested_header_checks</a></b>(5) tables for the Postfix SMTP
client.
<b><a href="postconf.5.html#smtp_body_checks">smtp_body_checks</a> (empty)</b>
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#tcp_windowsize">tcp_windowsize</a> (0)</b>
- An optional workaround for routers that break TCP window scal-
+ An optional workaround for routers that break TCP window scal-
ing.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 2.11 and later:
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_delivery_status_filter">smtp_delivery_status_filter</a> ($<a href="postconf.5.html#default_delivery_status_filter">default_delivery_status_filter</a>)</b>
- Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
+ Optional filter for the <a href="smtp.8.html"><b>smtp</b>(8)</a> delivery agent to change the
delivery status code or explanatory text of successful or unsuc-
cessful deliveries.
Available in Postfix version 3.3 and later:
<b><a href="postconf.5.html#smtp_balance_inet_protocols">smtp_balance_inet_protocols</a> (yes)</b>
- When a remote destination resolves to a combination of IPv4 and
+ When a remote destination resolves to a combination of IPv4 and
IPv6 addresses, ensure that the Postfix SMTP client can try both
address types before it runs into the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a>.
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#dnssec_probe">dnssec_probe</a> (ns:.)</b>
- The DNS query type (default: "ns") and DNS query name (default:
+ The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
- <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
+ <b><a href="postconf.5.html#known_tcp_ports">known_tcp_ports</a> (lmtp=24, smtp=25, smtps=submissions=465, submis-</b>
<b>sion=587)</b>
- Optional setting that avoids lookups in the <b>services</b>(5) data-
+ Optional setting that avoids lookups in the <b>services</b>(5) data-
base.
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#use_srv_lookup">use_srv_lookup</a> (empty)</b>
- Enables discovery for the specified service(s) using DNS SRV
+ Enables discovery for the specified service(s) using DNS SRV
records.
<b><a href="postconf.5.html#ignore_srv_lookup_error">ignore_srv_lookup_error</a> (no)</b>
- When SRV record lookup fails, fall back to MX or IP address
+ When SRV record lookup fails, fall back to MX or IP address
lookup as if SRV record lookup was not enabled.
<b><a href="postconf.5.html#allow_srv_lookup_fallback">allow_srv_lookup_fallback</a> (no)</b>
- When SRV record lookup fails or no SRV record exists, fall back
- to MX or IP address lookup as if SRV record lookup was not
+ When SRV record lookup fails or no SRV record exists, fall back
+ to MX or IP address lookup as if SRV record lookup was not
enabled.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a> (no)</b>
- Send the non-standard XFORWARD command when the Postfix SMTP
+ Send the non-standard XFORWARD command when the Postfix SMTP
server EHLO response announces XFORWARD support.
<b>SASL AUTHENTICATION CONTROLS</b>
Enable SASL authentication in the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> (empty)</b>
- Optional Postfix SMTP client lookup tables with one user-
- name:password entry per sender, remote hostname or next-hop
+ Optional Postfix SMTP client lookup tables with one user-
+ name:password entry per sender, remote hostname or next-hop
domain.
<b><a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a> (noplaintext, noanonymous)</b>
Postfix SMTP client SASL security options; as of Postfix 2.3 the
- list of available features depends on the SASL client implemen-
+ list of available features depends on the SASL client implemen-
tation that is selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a> (empty)</b>
- If non-empty, a Postfix SMTP client filter for the remote SMTP
+ If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the Postfix SMTP
- client; this is available only with SASL authentication, and
- disables SMTP connection caching to ensure that mail from dif-
+ client; this is available only with SASL authentication, and
+ disables SMTP connection caching to ensure that mail from dif-
ferent senders will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that the Postfix SMTP client
- passes through to the SASL plug-in implementation that is
+ passes through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client should use
+ The SASL plug-in type that the Postfix SMTP client should use
for authentication.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> (empty)</b>
- An optional table to prevent repeated SASL authentication fail-
- ures with the same remote SMTP server hostname, username and
+ An optional table to prevent repeated SASL authentication fail-
+ ures with the same remote SMTP server hostname, username and
password.
<b><a href="postconf.5.html#smtp_sasl_auth_cache_time">smtp_sasl_auth_cache_time</a> (90d)</b>
- The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
+ The maximal age of an <a href="postconf.5.html#smtp_sasl_auth_cache_name">smtp_sasl_auth_cache_name</a> entry before it
is removed.
<b><a href="postconf.5.html#smtp_sasl_auth_soft_bounce">smtp_sasl_auth_soft_bounce</a> (yes)</b>
- When a remote SMTP server rejects a SASL authentication request
- with a 535 reply code, defer mail delivery instead of returning
+ When a remote SMTP server rejects a SASL authentication request
+ with a 535 reply code, defer mail delivery instead of returning
mail as undeliverable.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_send_dummy_mail_auth">smtp_send_dummy_mail_auth</a> (no)</b>
- Whether or not to append the "AUTH=<>" option to the MAIL FROM
+ Whether or not to append the "AUTH=<>" option to the MAIL FROM
command in SASL-authenticated SMTP sessions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_sasl_password_result_delimiter">smtp_sasl_password_result_delimiter</a> (:)</b>
- The delimiter between username and password in sasl_passwd_maps
+ The delimiter between username and password in sasl_passwd_maps
lookup results.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be found in the
+ Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix SMTP client.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_security_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
+ The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read operations
+ Time limit for Postfix SMTP client write and read operations
during TLS startup and shutdown handshake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- A file containing CA certificates of root CAs trusted to sign
- either remote SMTP server certificates or intermediate CA cer-
+ A file containing CA certificates of root CAs trusted to sign
+ either remote SMTP server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format Certification Authority certificates
+ Directory with PEM format Certification Authority certificates
that the Postfix SMTP client uses to verify a remote SMTP server
certificate.
File with the Postfix SMTP client RSA certificate in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
client cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- Additional list of ciphers or cipher types to exclude from the
- Postfix SMTP client cipher list at mandatory TLS security lev-
+ Additional list of ciphers or cipher types to exclude from the
+ Postfix SMTP client cipher list at mandatory TLS security lev-
els.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
Enable additional Postfix SMTP client logging of TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that offers STARTTLS,
+ Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
fied, this overrides the obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with manda-
+ TLS protocols that the Postfix SMTP client will use with manda-
tory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (9)</b>
The verification depth for remote SMTP server certificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
- The expiration time of Postfix SMTP client TLS session cache
+ The expiration time of Postfix SMTP client TLS session cache
information.
<b><a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> (hostname)</b>
- How the Postfix SMTP client verifies the server certificate
+ How the Postfix SMTP client verifies the server certificate
peername for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
- process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
internal pseudo random number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
The OpenSSL cipherlist for "medium" or higher grade ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
Available in in Postfix version 2.3..3.7:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a> ($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">rity_options</a>)</b>
- The SASL authentication security options that the Postfix SMTP
- client uses for TLS encrypted SMTP sessions with a verified
+ The SASL authentication security options that the Postfix SMTP
+ client uses for TLS encrypted SMTP sessions with a verified
server certificate.
Available in Postfix version 2.5 and later:
<b><a href="postconf.5.html#smtp_tls_fingerprint_cert_match">smtp_tls_fingerprint_cert_match</a> (empty)</b>
- List of acceptable remote SMTP server certificate fingerprints
- for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
+ List of acceptable remote SMTP server certificate fingerprints
+ for
the "fingerprint" TLS security level (<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_secu</a>-</b>
<b><a href="postconf.5.html#smtp_tls_security_level">rity_level</a></b> = fingerprint).
<b><a href="postconf.5.html#smtp_tls_fingerprint_digest">smtp_tls_fingerprint_digest</a> (see 'postconf -d' output)</b>
- The message digest algorithm used to construct remote SMTP
+ The message digest algorithm used to construct remote SMTP
server certificate fingerprints.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (see 'postconf -d' output)</b>
- TLS protocols that the Postfix SMTP client will use with oppor-
+ TLS protocols that the Postfix SMTP client will use with oppor-
tunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (medium)</b>
- The minimum TLS cipher grade that the Postfix SMTP client will
+ The minimum TLS cipher grade that the Postfix SMTP client will
use with opportunistic TLS encryption.
<b><a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> (empty)</b>
- File with the Postfix SMTP client ECDSA certificate in PEM for-
+ File with the Postfix SMTP client ECDSA certificate in PEM for-
mat.
<b><a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> ($<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b>
- File with the Postfix SMTP client ECDSA private key in PEM for-
+ File with the Postfix SMTP client ECDSA private key in PEM for-
mat.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
- Try to detect a mail hijacking attack based on a TLS protocol
- vulnerability (CVE-2009-3555), where an attacker prepends mali-
- cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
+ Try to detect a mail hijacking attack based on a TLS protocol
+ vulnerability (CVE-2009-3555), where an attacker prepends mali-
+ cious HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client
TLS session.
Available in Postfix version 2.8 and later:
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the SUBMIS-
+ Request that the Postfix SMTP client connects using the SUBMIS-
SIONS/SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (see 'postconf -d' output)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.2 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
<b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
- A workaround for implementations that hang Postfix while shut-
+ A workaround for implementations that hang Postfix while shut-
ting down a TLS session, until Postfix times out.
Available in Postfix version 3.8 and later:
<b><a href="postconf.5.html#tls_ffdhe_auto_groups">tls_ffdhe_auto_groups</a> (see 'postconf -d' output)</b>
- The prioritized list of finite-field Diffie-Hellman ephemeral
+ The prioritized list of finite-field Diffie-Hellman ephemeral
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
Optional configuration file with baseline OpenSSL settings.
<b><a href="postconf.5.html#tls_config_name">tls_config_name</a> (empty)</b>
- The application name passed by Postfix to OpenSSL library ini-
+ The application name passed by Postfix to OpenSSL library ini-
tialization functions.
Available in Postfix version 3.9 and later:
<b><a href="postconf.5.html#smtp_tls_enable_rpk">smtp_tls_enable_rpk</a> (no)</b>
- Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
+ Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b>SEE ALSO</b>
Victor Duchovni
Morgan Stanley
- SMTP(8)
+ 8 SMTP,(LMTP)
</pre> </body> </html>
.IP "\fBDOMAIN\fR"
The domain part of the recipient address.
.br
+.IP "\fBENVID\fR"
+The optional RFC 3461 envelope ID. Available in Postfix version
+3.9 and later
+.br
.IP "\fBEXTENSION\fR"
The optional address extension.
.br
is specified with the \fBcommand_expansion_filter\fR configuration
parameter.
.IP \fBSHELL\fR
-The recipient user's login shell.
+The envelope recipient user's login shell.
.IP \fBHOME\fR
-The recipient user's home directory.
+The envelope recipient user's home directory.
.IP \fBUSER\fR
-The bare recipient name.
+The bare envelope recipient name.
.IP \fBEXTENSION\fR
-The optional recipient address extension.
+The optional envelope recipient address extension.
.IP \fBDOMAIN\fR
-The recipient address domain part.
+The envelope recipient address domain part.
.IP \fBLOGNAME\fR
-The bare recipient name.
+The bare envelope recipient name.
.IP \fBLOCAL\fR
-The entire recipient address localpart (text to the left of the
-rightmost @ character).
+The entire envelope recipient address localpart (text to
+the left of the rightmost @ character).
.IP \fBORIGINAL_RECIPIENT\fR
-The entire recipient address, before any address rewriting
-or aliasing (Postfix 2.5 and later).
+The entire envelope recipient address, before any address
+rewriting or aliasing (Postfix 2.5 and later).
.IP \fBRECIPIENT\fR
-The entire recipient address.
+The entire envelope recipient address.
.IP \fBSENDER\fR
-The entire sender address.
+The entire envelope sender address.
+.IP \fBENVID\fR
+The optional RFC 3461 envelope ID. Available as of Postfix
+3.9.
.PP
Additional remote client information is made available via
the following environment variables:
This information is modified by the \fBh\fR flag for case folding.
.sp
This feature is available as of Postfix 2.5.
+.IP \fB${envid}\fR
+This macro expands to the RFC 3461 envelope ID if available,
+otherwise the empty string.
+.sp
+This feature is available as of Postfix 3.9.
.IP \fB${extension}\fR
This macro expands to the extension part of a recipient address.
For example, with an address \fIuser+foo@domain\fR the extension is
.IP \(bu
To provide single\-updater functionality for lookup tables
that do not reliably support multiple writers (i.e. all
-file\-based tables).
+file\-based tables that are not based on \fBlmdb\fR).
.PP
The \fBproxymap\fR(8) server implements the following requests:
.IP "\fBopen\fR \fImaptype:mapname flags\fR"
-.TH SMTP 8
+.TH SMTP, LMTP 8
.ad
.fi
.SH NAME
-smtp
+smtp, lmtp
\-
Postfix SMTP+LMTP client
.SH "SYNOPSIS"
.na
.nf
\fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
+
+\fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
.SH DESCRIPTION
.ad
.fi
the queue manager. Each request specifies a queue file, a sender
address, a domain or host to deliver to, and recipient information.
This program expects to be run from the \fBmaster\fR(8) process
-manager.
+manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
+the protocol, and the names of the configuration parameters
+that will be used.
The SMTP+LMTP client updates the queue file and marks recipients
as finished, or it informs the queue manager that delivery should
.nf
.ad
.fi
-Before Postfix version 2.3, the LMTP client is a separate
-program that implements only a subset of the functionality
-available with SMTP: there is no support for TLS, and
-connections are cached in\-process, making it ineffective
-when the client is used for multiple domains.
+Postfix versions 2.3 and later implement the SMTP and LMTP
+client with the same program, and choose the protocol and
+configuration parameters based on the process name, \fBsmtp\fR
+or \fBlmtp\fR.
Most smtp_\fIxxx\fR configuration parameters have an
lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
<dd>The domain part of the recipient address. </dd>
+<dt><b>ENVID</b></dt>
+
+<dd>The optional RFC 3461 envelope ID. Available in Postfix version
+3.9 and later</dd>
+
<dt><b>EXTENSION</b></dt>
<dd>The optional address extension. </dd>
sni
Amawalk
resychronization
+ENVID
src postalias postalias c src postmap postmap c
src postalias postalias c src postmap postmap c
src smtpd smtpd c src smtpd smtpd_check c
+ not proxymap or proxywrite File proxymap proxymap c
+ still has its all zero SIZE record File postcat postcat c
+ manpage text File smtp smtp c
+ manpage text Files smtp smtp c global mail_proto h
+ File proxymap proxymap c
+ on process name Files smtp smtp c global mail_proto h
+ client process name File proxymap proxymap c
+ available Files local command c local local c
+ ID if available File pipe pipe c
ep
inlined
stringz
+Sarvepalli
+uXXXX
Kinzler
smtpstone
spammy
+Birta
+Levente
+MariaDB
#define MAIL_SERVICE_TLSPROXY "tlsproxy"
#define MAIL_SERVICE_POSTLOG "postlog"
+ /*
+ * Process names: convention is to use the basename of an executable file,
+ * but there is nothing to enforce that.
+ */
+#define MAIL_PROC_NAME_SMTP "smtp"
+#define MAIL_PROC_NAME_LMTP "lmtp"
+
/*
* Mail source classes. Used to specify policy decisions for content
* inspection and SMTPUTF8 detection.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20231112"
+#define MAIL_RELEASE_DATE "20231210"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
/* Duplicate commands for the same recipient are suppressed.
/* A limited amount of information is exported via the environment:
/* HOME, SHELL, LOGNAME, USER, EXTENSION, DOMAIN, RECIPIENT (entire
-/* address) LOCAL (just the local part) and SENDER. The exported
+/* address) LOCAL (just the local part), SENDER, and ENVID
+/* (see RFC 3461). The exported
/* information is censored with var_cmd_filter.
/*
/* Arguments:
if (state.msg_attr.rcpt.orig_addr && state.msg_attr.rcpt.orig_addr[0])
argv_add(env, "ORIGINAL_RECIPIENT", state.msg_attr.rcpt.orig_addr,
ARGV_END);
+ if (state.request->dsn_envid[0])
+ argv_add(env, "ENVID", state.request->dsn_envid, ARGV_END);
#define EXPORT_REQUEST(name, value) \
if ((value)[0]) argv_add(env, (name), (value), ARGV_END);
/* is specified with the \fBcommand_expansion_filter\fR configuration
/* parameter.
/* .IP \fBSHELL\fR
-/* The recipient user's login shell.
+/* The envelope recipient user's login shell.
/* .IP \fBHOME\fR
-/* The recipient user's home directory.
+/* The envelope recipient user's home directory.
/* .IP \fBUSER\fR
-/* The bare recipient name.
+/* The bare envelope recipient name.
/* .IP \fBEXTENSION\fR
-/* The optional recipient address extension.
+/* The optional envelope recipient address extension.
/* .IP \fBDOMAIN\fR
-/* The recipient address domain part.
+/* The envelope recipient address domain part.
/* .IP \fBLOGNAME\fR
-/* The bare recipient name.
+/* The bare envelope recipient name.
/* .IP \fBLOCAL\fR
-/* The entire recipient address localpart (text to the left of the
-/* rightmost @ character).
+/* The entire envelope recipient address localpart (text to
+/* the left of the rightmost @ character).
/* .IP \fBORIGINAL_RECIPIENT\fR
-/* The entire recipient address, before any address rewriting
-/* or aliasing (Postfix 2.5 and later).
+/* The entire envelope recipient address, before any address
+/* rewriting or aliasing (Postfix 2.5 and later).
/* .IP \fBRECIPIENT\fR
-/* The entire recipient address.
+/* The entire envelope recipient address.
/* .IP \fBSENDER\fR
-/* The entire sender address.
+/* The entire envelope sender address.
+/* .IP \fBENVID\fR
+/* The optional RFC 3461 envelope ID. Available as of Postfix
+/* 3.9.
/* .PP
/* Additional remote client information is made available via
/* the following environment variables:
/* This information is modified by the \fBh\fR flag for case folding.
/* .sp
/* This feature is available as of Postfix 2.5.
+/* .IP \fB${envid}\fR
+/* This macro expands to the RFC 3461 envelope ID if available,
+/* otherwise the empty string.
+/* .sp
+/* This feature is available as of Postfix 3.9.
/* .IP \fB${extension}\fR
/* This macro expands to the extension part of a recipient address.
/* For example, with an address \fIuser+foo@domain\fR the extension is
#define PIPE_DICT_SASL_USERNAME "sasl_username" /* key */
#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
#define PIPE_DICT_QUEUE_ID "queue_id" /* key */
+#define PIPE_DICT_ENVID "envid" /* key */
/*
* Flags used to pass back the type of special parameter found by
PIPE_DICT_SASL_USERNAME, 0,
PIPE_DICT_SASL_SENDER, 0,
PIPE_DICT_QUEUE_ID, 0,
+ PIPE_DICT_ENVID, 0,
0, 0,
};
struct cmd_flags *p;
request->sasl_sender);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_QUEUE_ID,
request->queue_id);
+ dict_update(PIPE_DICT_TABLE, PIPE_DICT_ENVID,
+ request->dsn_envid);
vstring_free(buf);
if ((expanded_argv = expand_argv(service, attr.command,
VSTRING_ADDCH(result, 't');
break;
default:
- vstring_sprintf(result, "\\u%04X", ch);
+ vstring_sprintf_append(result, "\\u%04X", ch);
break;
}
} else {
#ifdef USE_TLS
int smtp_mode = 1;
+ /*
+ * DANE match names are configured late, once the TLSA records are in hand.
+ * For now, prepare to fall back to "secure".
+ */
switch (state->level) {
+ default:
+ state->match = 0;
+ break;
+ case TLS_LEV_DANE:
case TLS_LEV_SECURE:
state->match = argv_alloc(2);
while (*argv)
tls_dane_add_fpt_digests(state->dane, state->options.enable_rpk,
*argv++, "", smtp_mode);
break;
- case TLS_LEV_DANE:
- case TLS_LEV_DANE_ONLY:
- state->match = argv_alloc(2);
- argv_add(state->match, "nexthop", "hostname", ARGV_END);
- break;
}
#endif
}
/* .IP \(bu
/* To provide single-updater functionality for lookup tables
/* that do not reliably support multiple writers (i.e. all
-/* file-based tables).
+/* file-based tables that are not based on \fBlmdb\fR).
/* .PP
/* The \fBproxymap\fR(8) server implements the following requests:
/* .IP "\fBopen\fR \fImaptype:mapname flags\fR"
if (strcmp(service_name, MAIL_SERVICE_PROXYWRITE) == 0)
proxy_writer = 1;
else if (strcmp(service_name, MAIL_SERVICE_PROXYMAP) != 0)
- msg_fatal("service name must be one of %s or %s",
- MAIL_SERVICE_PROXYWRITE, MAIL_SERVICE_PROXYMAP);
+ msg_fatal("invalid service name: \"%s\" - "
+ "service name must be \"%s\" or \"%s\"",
+ service_name, MAIL_SERVICE_PROXYWRITE,
+ MAIL_SERVICE_PROXYMAP);
/*
* Pre-allocate buffers.
*/
MAIL_VERSION_STAMP_ALLOCATE;
+ /*
+ * XXX When invoked with the master.cf service name "proxywrite", the
+ * proxymap daemon will allow update requests. To update a table that is
+ * not multi-writer safe (for example, some versions of Berkeley DB), the
+ * "proxywrite" service should run as a single updater (i.e. a process
+ * limit of 1, which could be enforced below by requesting
+ * CA_MAIL_SERVER_SOLITARY).
+ *
+ * In the default master.cf file, the "proxywrite" service has a process
+ * limit of 1. Assuming that updates will be rare, this process limit
+ * will suffice. Latency-sensitive services such as postscreen must not
+ * use the proxywrite service (in fact, postscreen has a latency check
+ * built-in).
+ *
+ * Optimizing for multi-writer operation would suffer from all kinds of
+ * complexity that would make it hard to use:
+ *
+ * - The master daemon specifies the "proxywrite" service name with the -n
+ * command-line option. This information is not known here, before the
+ * multi_server_main() call. The multi_server_main() function could
+ * reveal process limit information to its call-back functions, and leave
+ * single-updater enforcement to its call-back functions.
+ *
+ * - If we really want multi-writer update support, the "proxywrite" service
+ * would have to parse the $proxy_write_maps value, and permit
+ * multi-writer operation only if all tables are multi-writer safe. That
+ * would require a new dict(3) method, to query each lookup table
+ * implementation if it is multi-writer safe, without instantiating a
+ * lookup table client.
+ */
multi_server_main(argc, argv, proxymap_service,
CA_MAIL_SERVER_STR_TABLE(str_table),
CA_MAIL_SERVER_POST_INIT(post_jail_init),
/*++
/* NAME
-/* smtp 8
+/* smtp, lmtp 8
/* SUMMARY
/* Postfix SMTP+LMTP client
/* SYNOPSIS
/* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
+/*
+/* \fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
/* DESCRIPTION
/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
/* delivery protocols. It processes message delivery requests from
/* the queue manager. Each request specifies a queue file, a sender
/* address, a domain or host to deliver to, and recipient information.
/* This program expects to be run from the \fBmaster\fR(8) process
-/* manager.
+/* manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
+/* the protocol, and the names of the configuration parameters
+/* that will be used.
/*
/* The SMTP+LMTP client updates the queue file and marks recipients
/* as finished, or it informs the queue manager that delivery should
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
-/* Before Postfix version 2.3, the LMTP client is a separate
-/* program that implements only a subset of the functionality
-/* available with SMTP: there is no support for TLS, and
-/* connections are cached in-process, making it ineffective
-/* when the client is used for multiple domains.
+/* Postfix versions 2.3 and later implement the SMTP and LMTP
+/* client with the same program, and choose the protocol and
+/* configuration parameters based on the process name, \fBsmtp\fR
+/* or \fBlmtp\fR.
/*
/* Most smtp_\fIxxx\fR configuration parameters have an
/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
0, -1,
};
+ /*
+ * The process name, "smtp" or "lmtp", determines the configuration
+ * parameters to use, protocol, DSN server reply type, SASL service
+ * information lookup, and more. We peeked at the name in the main()
+ * function before logging was initialized. Here, we detect and report an
+ * invalid process name.
+ */
+ if (strcmp(var_procname, MAIL_PROC_NAME_SMTP) != 0
+ && strcmp(var_procname, MAIL_PROC_NAME_LMTP) != 0)
+ msg_fatal("unexpected process name \"%s\" - "
+ "specify \"%s\" or \"%s\"", var_procname,
+ MAIL_PROC_NAME_SMTP, MAIL_PROC_NAME_LMTP);
+
/*
* Turn on per-peer debugging.
*/
MAIL_VERSION_STAMP_ALLOCATE;
/*
- * XXX At this point, var_procname etc. are not initialized.
- *
- * The process name, "smtp" or "lmtp", determines the protocol, the DSN
- * server reply type, SASL service information lookup, and more. Prepare
- * for the possibility there may be another personality.
+ * XXX The process name, "smtp" or "lmtp", determines what configuration
+ * parameter settings to use, and more. However, at this point, logging
+ * and var_procname are not initialized. Here, we peek at the process
+ * name to determine what configuration parameter settings to use. Later,
+ * we detect and report an invalid process name.
*/
sane_procname = sane_basename((VSTRING *) 0, argv[0]);
- if (strcmp(sane_procname, "smtp") == 0)
+ if (strcmp(sane_procname, MAIL_PROC_NAME_SMTP) == 0)
smtp_mode = 1;
- else if (strcmp(sane_procname, "lmtp") == 0)
- smtp_mode = 0;
- else
- /* TODO: logging is not initialized. */
- msg_fatal("unexpected process name \"%s\" - "
- "specify \"smtp\" or \"lmtp\"", var_procname);
/*
* Initialize with the LMTP or SMTP parameter name space.
{
/*
- * Duplicate suppression. There's an implicit check_recipient_maps
- * restriction at the end of all recipient restrictions.
+ * Duplicate suppression. With "smtpd_reject_unlisted_recipient = yes",
+ * there's an implicit reject_unlisted_recipient restriction at the end
+ * of all recipient restrictions.
*/
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0);
{
/*
- * Duplicate suppression. There's an implicit check_sender_maps
- * restriction at the end of all sender restrictions.
+ * Duplicate suppression. With "smtpd_reject_unlisted_sender = yes",
+ * there's an implicit reject_unlisted_sender restriction at the end of
+ * all sender restrictions.
*/
if (smtpd_input_transp_mask & INPUT_TRANSP_UNKNOWN_RCPT)
return (0);
projects / thirdparty / postfix.git / commitdiff
